Autoloading module: intpm.ko Starting background file system checks in 60 seconds. Tue Apr 7 03:58 FreeBSD/amd64 (ci-freebsd-i386-0.c.syzkaller.internal) (ttyu0) Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. 2020/04/07 03:58:25 fuzzer started 2020/04/07 03:58:25 dialing manager at 10.128.0.248:36376 2020/04/07 03:58:27 syscalls: 522 2020/04/07 03:58:27 code coverage: enabled 2020/04/07 03:58:27 comparison tracing: enabled 2020/04/07 03:58:27 extra coverage: support is not implemented in syzkaller 2020/04/07 03:58:27 setuid sandbox: support is not implemented in syzkaller 2020/04/07 03:58:27 namespace sandbox: support is not implemented in syzkaller 2020/04/07 03:58:27 Android sandbox: support is not implemented in syzkaller 2020/04/07 03:58:27 fault injection: support is not implemented in syzkaller 2020/04/07 03:58:27 leak checking: support is not implemented in syzkaller 2020/04/07 03:58:27 net packet injection: enabled 2020/04/07 03:58:27 net device setup: support is not implemented in syzkaller 2020/04/07 03:58:27 concurrency sanitizer: support is not implemented in syzkaller 2020/04/07 03:58:27 devlink PCI setup: support is not implemented in syzkaller 2020/04/07 03:58:27 USB emulation: support is not implemented in syzkaller login: Expensive timeout(9) function: 0xffffffff80e624f0(0) 0.002141892 s 03:58:46 executing program 0: pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write(r0, &(0x7f0000000d80)="827cdd78c443b24d44c586d37951c430bbbd631fe2719ca007eb084b3af7d021402a5b37356394be4f27df09410322143e8288b5820d044a7ee2fdda201404678a5ec1a2e52dc00ee8ad4bb1946ea0be61189f752845eeb89cb982bf7491277d7d0a3a93b9964da0e3dc8c3f9876b81b1ed3042d2de02305a4346a8e0ab245748277cdf2e0127c4412b319fe0007ac841303a862159e0998d4ca6d9cee94751f1a7885b4f59c948ea786cb90139c3acfc204671d18ca81d2a86fccc8f4141cdfeb61f399c2d5047f11a7f7ffd07d7315cc5599882fe80b58ce2835794e2fa744917b9104114b33fcffff7fc48d60841c64703ccb4ef8b5945308d39679661dc7742bc4fc855aec385f48c22e370cc3375c0149e4a70f2440a07c05e9d87fb12c865b2a64a811bfedbf86666c58f71ee8fcfc6b629b75fd890b93f5cd67d19c67d32e60a5cdf01fe1c8ed71960e780d385e59f5454e15fd4bfc000000c7c85e605adef08c9df5ebb66239e79b71b8d7d027a01e48d0a4c0f8a48e5ab6789254312772", 0xff86) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000140)={{0xffffffff284002a4}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000440)={{0xffffff7f284002a2}}) 03:58:46 executing program 1: r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x3, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff2840029d}}) 03:58:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, &(0x7f0000000340)=""/148, 0x94, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000000c0)={{0x284002a5}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000240)={{0xffffffff2840029d}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff2840029a}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000280)={{0xfffffeff284002ca, 0x0, 0x0, 0xffffffffffffffff}}) 03:58:47 executing program 3: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) r1 = dup(r0) accept4$inet(r1, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000140)={{0x284002a4}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0x284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000300)={{0xffffffff284002d1}}) 03:58:48 executing program 0: ppoll(0x0, 0x0, &(0x7f0000000280)={0x0, 0xa95372a}, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002ca}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff2840029f}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff28400299}}) 03:58:48 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002a6}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000140)={{0xffffffff284002cb}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000400)={{0xffffffff2840029a}}) 03:58:48 executing program 2: poll(0x0, 0x0, 0xff) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000000c0)={{0x284002a5}}) 03:58:48 executing program 1: r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x3, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff2840029d}}) 03:58:48 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x4000000000000005, 0x84) sendmsg$inet6_sctp(r0, &(0x7f0000000900)={&(0x7f0000000000)=@in={0x10, 0x2, 0x1, @local={0xac, 0x14, 0x0}}, 0x10, 0x0}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3, 0x0, @local={0xfe, 0x80, [], 0x0}}, 0x1c) getsockopt$inet6_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) getsockopt$inet6_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) sendmsg$inet6_sctp(r0, &(0x7f0000000640)={&(0x7f00000003c0)=@in6={0x1c, 0x1c, 0x0, 0x0, @remote={0xfe, 0x80, [], 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000580)=[@sndinfo={0x1c, 0x84, 0x4, {0x0, 0x2800, 0x0, 0x0, r3}}], 0x1c}, 0x0) 03:58:48 executing program 2: r0 = socket$inet6_udplite(0x1c, 0x2, 0x88) setsockopt$sock_int(r0, 0xffff, 0x1015, &(0x7f00000000c0), 0x5) 03:58:48 executing program 2: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept(r0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002de}}) 03:58:48 executing program 0: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write(r0, &(0x7f0000000d80)="827cdd78c443b24d44c586d37951c430bbbd631fe2719ca007eb084b3af7d021402a5b37356394be4f27df09410322143e8288b5820d044a7ee2fdda201404678a5ec1a2e52dc00ee8ad4bb1946ea0be61189f752845eeb89cb982bf7491277d7d0a3a93b9964da0e3dc8c3f9876b81b1ed3042d2de02305a4346a8e0ab245748277cdf2e0127c4412b319fe0007ac841303a862159e0998d4ca6d9cee94751f1a7885b4f59c948ea786cb90139c3acfc204671d18ca81d2a86fccc8f4141cdfeb61f399c2d5047f11a7f7ffd07d7315cc5599882fe80b58ce2835794e2fa744917b9104114b33fcffff7fc48d60841c64703ccb4ef8b5945308d39679661dc7742bc4fc855aec385f48c22e370cc3375c0149e4a70f2440a07c05e9d87fb12c865b2a64a811bfedbf86666c58f71ee8fcfc6b629b75fd890b93f5cd67d19c67d32e60a5cdf01fe1c8ed71960e780d385e59f5454e15fd4bfc000000c7c85e605adef08c9df5ebb66239e79b71b8d7d027a01e48d0a4c0f8a48e5ab6789254312772", 0xff86) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000300)={{0xffffffff284002af}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff2840029f}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000400)={{0xffffffff2840029a}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000300)={{0xffffffff28400299}}) execve(0x0, 0x0, 0x0) 03:58:48 executing program 0: pipe2(&(0x7f0000000500)={0xffffffffffffffff}, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/133, 0x85}], 0x1) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000300)={{0xffffffff284002b0}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002cb}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000a80)={{0xffffffff284002a1}}) execve(0x0, 0x0, 0x0) 03:58:49 executing program 0: select(0x4, 0x0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002cb}}) 03:58:49 executing program 3: r0 = socket(0x2, 0x1, 0x0) connect$unix(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="8202f3899c533e9e799bd721d1a10a5b4bd047ca99bc30f18e7cb0c528a08ee6c6a8a885825bdc5c170f4511cb8cdf69b0b9cd5559d83d18642cb4dd0c59ba140ee461cecf6c046aa1daa69a50f8a5bf52c263f148adb23e5b74d4d3e2774ee8ef926d3df63576609b83fabc0045d801388b7b9f821ef29ab21deb271dfd1c7e70c33640668b1d6ef0032344f5488fd5e0505e3e3588c05085ebebd77c62677806727183ea2bd4dfa2b7cf95cbc74787aef2aec3e01ff8a82cbdebc381d9a3de90c7e37af41ea5f8fb7bc0a278e7276c36bf059c5342ed3d0dc9508d9fb0237392c73ae6cdc265d8085e2402a4f6aa33b48ba75303a9d98bbf011a0f915c1c00cd3216a95739b8f1644afe7402bc1c4556ab654b877a2bd35dc596dc8d0dac7d64a8a44f3d9dcc2492a78d7d9d591d6d7961fa884aaa8bd97612d10a655a985d8f512cf3317a424c5649e1e0ac30a3995a06c0762ad45c358d221925e5409dbc26a67d39eaf0d8451a"], 0x10) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000280)={{0xfffffff7284002e4}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002e1}}) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, &(0x7f0000000340)=""/148, 0x94, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0x284002a3}}) shutdown(r0, 0x0) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 3: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0xffffffffffffffff, 0x0, @ipv4={[], [], @multicast2}}, &(0x7f0000000080)=0x1c) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000140)={{0x284002cf}}) 03:58:49 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000), 0x3) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 2: ppoll(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22763e60}, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002bd}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff28400396}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0x2840029b}}) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000), 0x3) 03:58:49 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:49 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000), 0x3) 03:58:50 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN(r0, 0x6, 0x401, &(0x7f0000000040)={0x80, "3bb339172cf55478d3e8f821ca5ef611"}, 0x14) listen(r0, 0x0) close(r0) 03:58:50 executing program 2: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x80000000000206, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x80000000000206, 0x0) ftruncate(r1, 0x7e2780df) ftruncate(r0, 0x8) 03:58:50 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000), 0x3) 03:58:50 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:50 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN(r0, 0x6, 0x401, &(0x7f0000000040)={0x80, "3bb339172cf55478d3e8f821ca5ef611"}, 0x14) listen(r0, 0x0) close(r0) 03:58:50 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN(r0, 0x6, 0x401, &(0x7f0000000040)={0x80, "3bb339172cf55478d3e8f821ca5ef611"}, 0x14) listen(r0, 0x0) close(r0) 03:58:50 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN(r0, 0x6, 0x401, &(0x7f0000000040)={0x80, "3bb339172cf55478d3e8f821ca5ef611"}, 0x14) listen(r0, 0x0) close(r0) 03:58:50 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:50 executing program 1: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0x220, 0x1c, 0xffffffffffffffff, 0x0, @mcast2}, 0x1c) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @rand_addr}}, 0x1c) 03:58:50 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN(r0, 0x6, 0x401, &(0x7f0000000040)={0x80, "3bb339172cf55478d3e8f821ca5ef611"}, 0x14) close(r0) panic: allocdirect_merge: old blkno 409736 != new 409736 || old size 4096 != new 32768 cpuid = 1 time = 1586231930 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ad63a0 vpanic() at vpanic+0x1c7/frame 0xfffffe0024ad6400 panic() at panic+0x43/frame 0xfffffe0024ad6460 allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0024ad64c0 merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0024ad6510 softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0024ad6570 ffs_update() at ffs_update+0x309/frame 0xfffffe0024ad6610 ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0024ad6800 ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0024ad68a0 VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0024ad68d0 vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0024ad69e0 vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0024ad6a60 kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0024ad6ab0 ia32_syscall() at ia32_syscall+0x24e/frame 0xfffffe0024ad6bf0 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8142924 KDB: enter: panic [ thread pid 849 tid 100197 ] Stopped at kdb_enter+0x67: movq $0,0x146ea36(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xfffffe0026a00000 rdx 0x3ffff rbx 0 rsp 0xfffffe0024ad6380 rbp 0xfffffe0024ad63a0 rsi 0x40001 rdi 0xffffffff810b3586 vprintf+0x176 r8 0 r9 0xffffffff r10 0x6 r11 0x31e4fe r12 0xffffffff82068e50 ddb_dbbe r13 0 r14 0xffffffff81932d2b r15 0xffffffff81932d2b rip 0xffffffff810a8847 kdb_enter+0x67 rflags 0x200082 kernphys+0x82 kdb_enter+0x67: movq $0,0x146ea36(%rip) db> show proc Process 849 (syz-executor.2) at 0xfffff80003d2c528: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 772 at 0xfffff80003d1c000 ABI: FreeBSD ELF32 arguments: /root/syz-executor.2 reaper: 0xfffff8000330c000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe0024965000 (map 0xfffffe0024965000) (map.pmap 0xfffffe00249650c0) (pmap 0xfffffe0024965120) threads: 3 100084 Run CPU 0 syz-executor.2 100188 S uwait 0xfffff80003a39a00 syz-executor.2 100197 Run CPU 1 syz-executor.2 db> ps pid ppid pgrp uid state wmesg wchan cmd 849 772 772 0 R (threaded) syz-executor.2 100084 Run CPU 0 syz-executor.2 100188 S uwait 0xfffff80003a39a00 syz-executor.2 100197 Run CPU 1 syz-executor.2 848 768 768 0 R (threaded) syz-executor.0 100090 RunQ syz-executor.0 100192 S uwait 0xfffff800037fc280 syz-executor.0 821 814 821 0 Ss select 0xfffff80003a50240 dhclient 818 1 818 0 Ss select 0xfffff80003a502c0 dhclient 814 800 422 65 S select 0xfffff80003a503c0 dhclient 800 422 422 0 S wait 0xfffff8000bb87000 sh 787 766 787 0 Ss piperd 0xfffff8000bab22f8 syz-executor.3 772 766 772 0 Rs syz-executor.2 769 766 769 0 Rs syz-executor.1 768 766 768 0 Ss nanslp 0xffffffff824ffe81 syz-executor.0 766 764 764 0 S (threaded) syz-fuzzer 100094 S uwait 0xfffff800037fb180 syz-fuzzer 100106 S uwait 0xfffff8000330fc00 syz-fuzzer 100107 S uwait 0xfffff8000330fd00 syz-fuzzer 100108 S uwait 0xfffff8000330fe00 syz-fuzzer 100109 S uwait 0xfffff80003a3c800 syz-fuzzer 100110 S uwait 0xfffff8000330ff00 syz-fuzzer 100111 S uwait 0xfffff80003a3c900 syz-fuzzer 100112 S kqread 0xfffff80003a3d600 syz-fuzzer 100113 S uwait 0xfffff800037fc800 syz-fuzzer 100114 S uwait 0xfffff8000330f600 syz-fuzzer 764 762 764 0 Ss pause 0xfffff80003d12af8 csh 762 680 762 0 Ss select 0xfffff800030eef40 sshd 746 1 746 0 Ss+ ttyin 0xfffff8000380dcb0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b1d0b0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003b1d4b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003b1d8b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003b1dcb0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003b200b0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003b204b0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003b208b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003b20cb0 getty 736 1 22 0 S+ piperd 0xfffff80003c7a8e8 logger 735 734 22 0 S+ nanslp 0xffffffff824ffe80 sleep 734 1 22 0 S+ wait 0xfffff8000b30a528 sh 684 1 684 0 Ss nanslp 0xffffffff824ffe81 cron 680 1 680 0 Ss select 0xfffff80003a4fd40 sshd 493 1 493 0 Ss select 0xfffff80003a4fcc0 syslogd 422 1 422 0 Ss wait 0xfffff80003d2c000 devd 421 1 421 65 Ss select 0xfffff80003a4fa40 dhclient 336 1 336 0 Ss select 0xfffff80003a4fb40 dhclient 333 1 333 0 Ss select 0xfffff80003a4fac0 dhclient 21 0 0 0 DL syncer 0xffffffff825d6318 [syncer] 20 0 0 0 DL vlruwt 0xfffff80003aef000 [vnlru] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d5818 [bufdaemon] 100070 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100081 D sdflush 0xfffff80003d09ce8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f1188 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261d058 [dom0] 100068 D launds 0xffffffff8261d064 [laundry: dom0] 100069 D umarcl 0xffffffff81536bb0 [uma] 16 0 0 0 DL - 0xffffffff8235a6b0 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d521c [soaiod4] 8 0 0 0 DL - 0xffffffff825d521c [soaiod3] 7 0 0 0 DL - 0xffffffff825d521c [soaiod2] 6 0 0 0 DL - 0xffffffff825d521c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82235ac0 [doneq0] 100062 D - 0xffffffff82235988 [scanner] 4 0 0 0 DL crypto_ 0xfffff8000320be90 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff8000320be30 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825eb250 [crypto] 14 0 0 0 DL seqstat 0xfffff80003364488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b688 [g_event] 100023 D - 0xffffffff8261b698 [g_up] 100024 D - 0xffffffff8261b690 [g_down] 12 0 0 0 WL (threaded) [intr] 100010 I [swi6: Giant taskq] 100012 I [swi5: fast taskq] 100016 I [swi6: task queue] 100017 I [swi3: vm] 100018 I [swi4: clock (0)] 100019 I [swi4: clock (1)] 100020 I [swi1: netisr 0] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff8000330c000 [init] 10 0 0 0 DL audit_w 0xffffffff826631a8 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8260ad08 [swapper] 100005 D - 0xfffff80003215b00 [if_config_tqg_0] 100006 D - 0xfffff80003215900 [softirq_0] 100007 D - 0xfffff80003215700 [softirq_1] 100008 D - 0xfffff80003215500 [if_io_tqg_0] 100009 D - 0xfffff80003215300 [if_io_tqg_1] 100011 D - 0xfffff800031fad00 [thread taskq] 100013 D - 0xfffff800031fab00 [in6m_free taskq] 100014 D - 0xfffff800031faa00 [aiod_kick taskq] 100015 D - 0xfffff800031fa900 [kqueue_ctx taskq] 100021 D - 0xfffff800031fa700 [firmware taskq] 100026 D - 0xfffff800031fa500 [crypto_0] 100027 D - 0xfffff800031fa500 [crypto_1] 100041 D - 0xfffff800031f7a00 [vtnet0 rxq 0] 100042 D - 0xfffff800031f7900 [vtnet0 txq 0] 100043 D - 0xfffff800031f7800 [vtnet0 rxq 1] 100044 D - 0xfffff800031f7700 [vtnet0 txq 1] 100046 D vtbslp 0xfffff800037f3800 [virtio_balloon] 100050 D - 0xfffff8000381e200 [mca taskq] 100055 D - 0xffffffff81cd6190 [deadlkres] 100057 D - 0xfffff80003b1c900 [acpi_task_0] 100058 D - 0xfffff80003b1c900 [acpi_task_1] 100059 D - 0xfffff80003b1c900 [acpi_task_2] 100061 D - 0xfffff800031fa200 [CAM taskq] db> show all locks Process 849 (syz-executor.2) thread 0xfffffe0003d6d500 (100084) exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff825121b0) locked @ /syzkaller/managers/i386/kernel/sys/kern/kern_umtx.c:512 Process 849 (syz-executor.2) thread 0xfffffe0024947a00 (100197) exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003d09c00) locked @ /syzkaller/managers/i386/kernel/sys/ufs/ffs/ffs_softdep.c:12362 exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e454c0) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:3878 exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000bb73dc0) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_vnops.c:1318 db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4238 vtbuf 24 1968K 46 sysctloid 25931 1511K 25995 kobj 332 1328K 488 newblk 540 1159K 697 vfscache 4 1025K 4 inodedep 72 548K 132 pcb 25 539K 126 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 127 253K 930 acpica 1674 185K 52709 vnet_data 1 168K 1 pagedep 26 135K 67 tfo_ccache 1 128K 1 filedesc 17 117K 139 sem 4 106K 4 DEVFS1 105 105K 122 linker 222 89K 253 bus 988 79K 3374 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 494 62K 494 umtx 288 36K 288 BPF 22 36K 22 kdtrace 170 33K 1848 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 gtaskqueue 18 26K 18 ifaddr 71 24K 73 vmem 3 22K 4 kbdmux 6 22K 6 lltable 47 18K 47 temp 34 17K 1826 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 ether_multi 172 14K 177 bus-sc 30 14K 1431 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 in6_multi 89 11K 89 eventhandler 122 11K 122 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 bmsafemap 3 9K 103 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 routetbl 58 8K 62 audit_evclass 232 8K 290 diradd 50 7K 100 CAM DEV 3 6K 510 kqueue 56 6K 861 plimit 22 6K 348 cred 22 6K 201 vt 11 6K 11 sglist 5 6K 5 CAM queue 5 6K 1528 dirrem 20 5K 66 taskqueue 45 5K 45 ufs_dirhash 24 5K 24 DEVFSP 72 5K 76 memdesc 1 4K 1 MCA 32 4K 32 CAM CCB 2 4K 2034 evdev 4 4K 4 kcovinfo 64 4K 68 UMA 235 4K 235 session 26 4K 35 pgrp 26 4K 35 hhook 13 4K 13 indirdep 12 3K 56 select 23 3K 23 acpisem 22 3K 22 terminal 11 3K 11 mkdir 21 3K 112 proc-args 47 3K 538 uidinfo 3 3K 7 sctp_ifa 17 3K 17 local_apic 1 2K 1 io_apic 1 2K 1 newdirblk 16 2K 56 ipsec-saq 2 2K 2 lockf 19 2K 29 ip6ndp 12 2K 21 CAM XPT 22 2K 543 in_multi 6 2K 7 Unitno 25 2K 45 acpidev 20 2K 20 msi 9 2K 9 tun 7 2K 7 softdep 1 1K 1 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 mld 6 1K 6 sctp_timw 3 1K 3 sctp_ifn 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 crypto 3 1K 3 sctp_atcl 1 1K 15 pfil 4 1K 4 chacha20random 1 1K 1 CAM SIM 2 1K 2 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 osd 3 1K 9 inpcbpolicy 9 1K 193 freefile 2 1K 47 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 6 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 apmdev 1 1K 1 atkbddev 2 1K 2 CAM path 4 1K 1034 pmchooks 1 1K 1 prison 4 1K 4 filecaps 5 1K 72 soname 4 1K 5758 nexusdev 5 1K 5 entropy 2 1K 37 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 freework 1 1K 90 sctp_atky 1 1K 19 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 sctp_athm 1 1K 15 p1003.1b 1 1K 1 ath_hal 0 0K 0 athdev 0 0K 0 madt_table 0 0K 2 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 ag_tgt_map_t malloc 0 0K 0 UMAHash 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 65 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 65 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 8 sctp_iter 0 0K 9 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 9 sctp_aadr 0 0K 0 sctp_stro 0 0K 4 sctp_stri 0 0K 0 sctp_map 0 0K 8 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 statfs 0 0K 224 export_host 0 0K 0 cl_savebuf 0 0K 2 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 CAM ccb queue 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 MPSSAS 0 0K 0 mbuf_tag 0 0K 111 accf 0 0K 0 pts 0 0K 0 iov 0 0K 13538 ioctlops 0 0K 98 Witness 0 0K 0 stack 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 583 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 pwd 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 db> show ktr No such command; use "help" to list available commands