panic: handle_written_inodeblock: live inodedep 0xfffffe0058663180 cpuid = 1 time = 1753782721 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056b021d0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056b02330 vpanic() at vpanic+0x257/frame 0xfffffe0056b024f0 panic() at panic+0xb5/frame 0xfffffe0056b025b0 handle_written_inodeblock() at handle_written_inodeblock+0xf69/frame 0xfffffe0056b026f0 softdep_disk_write_complete() at softdep_disk_write_complete+0x87b/frame 0xfffffe0056b02800 bufdone() at bufdone+0x69c/frame 0xfffffe0056b028b0 g_io_deliver() at g_io_deliver+0x6ac/frame 0xfffffe0056b029b0 g_io_deliver() at g_io_deliver+0x6ac/frame 0xfffffe0056b02ab0 g_io_deliver() at g_io_deliver+0x6ac/frame 0xfffffe0056b02bb0 g_disk_done() at g_disk_done+0x26d/frame 0xfffffe0056b02c70 dadone() at dadone+0xda8/frame 0xfffffe0056b02da0 xpt_done_process() at xpt_done_process+0x8e2/frame 0xfffffe0056b02e10 xpt_done_td() at xpt_done_td+0x2bc/frame 0xfffffe0056b02ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056b02f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056b02f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 4 tid 100045 ] Stopped at kdb_enter+0x6e: movq $0,0x25c45c7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff827cb4c0 .str.27 rsp 0xfffffe0056b02310 rbp 0xfffffe0056b02330 rsi 0 rdi 0xffffffff81614a99 printf+0x149 r8 0 r9 0xffffffff r10 0x30d4aa8c6f6f96b3 r11 0x17 r12 0xfffffe0007824000 r13 0xfffffffffffffffd r14 0xffffffff827cb4c0 .str.27 r15 0 rip 0xffffffff815fe5ce kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25c45c7(%rip) db> show proc Process 4 (cam) at 0xfffffe0007807000: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b4d060 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b4d060 reapsubtree: 4 sigparent: 20 vmspace: 0xffffffff83b4e040 (map 0xffffffff83b4e040) (map.pmap 0xffffffff83b4e0e0) (pmap 0xffffffff83b4e150) threads: 3 100045 Run CPU 1 [doneq0] 100046 D - 0xffffffff838e62c0 [async] 100075 D - 0xffffffff838e6140 [scanner] db> ps pid ppid pgrp uid state wmesg wchan cmd 1094 764 764 0 R (threaded) syz-executor 100377 RunQ syz-executor 100405 D biowr 0xfffffe0007c028c8 syz-executor 100407 RunQ syz-executor 1093 763 763 0 R (threaded) syz-executor 100109 Run CPU 0 syz-executor 100404 S accept 0xfffffe00599e2a10 syz-executor 1092 765 765 0 R (threaded) syz-executor 100091 RunQ syz-executor 100406 RunQ syz-executor 1091 1090 766 0 S uwait 0xfffffe0058258680 syz-executor 1090 766 766 0 R (threaded) syz-executor 100098 RunQ syz-executor 100403 S uwait 0xfffffe005825a500 syz-executor 1077 1 1077 0 Ss+ ttyin 0xfffffe00582904b0 getty 1074 1 1074 0 Ss+ ttyin 0xfffffe00585cc8b0 getty 1073 1 1073 0 Ss+ ttyin 0xfffffe00585cccb0 getty 1072 1 1072 0 Ss+ ttyin 0xfffffe005828dcb0 getty 1071 1 1071 0 Ss+ ttyin 0xfffffe00585cd0b0 getty 1070 1 1070 0 Ss+ ttyin 0xfffffe00585cd4b0 getty 1069 1 1069 0 Ss+ ttyin 0xfffffe00585cd8b0 getty 1068 1 1068 0 Ss+ ttyin 0xfffffe00585cdcb0 getty 1067 1 1067 0 Ss+ ttyin 0xfffffe00585ce0b0 getty 1066 1 763 0 S uwait 0xfffffe005825a280 syz-executor 1035 1 765 0 S umtxn 0xfffffe006e507100 syz-executor 1024 1 764 0 S uwait 0xfffffe006e507800 syz-executor 1018 1 764 0 S uwait 0xfffffe006e507f00 syz-executor 1004 1 765 0 S uwait 0xfffffe00584ec080 syz-executor 999 1 763 0 S uwait 0xfffffe006e507c00 syz-executor 992 1 765 0 S uwait 0xfffffe006e507000 syz-executor 987 1 765 0 S uwait 0xfffffe00584ed000 syz-executor 983 982 766 0 S uwait 0xfffffe005825a480 syz-executor 982 1 766 0 SV wait 0xfffffe005410e040 syz-executor 963 1 764 0 SV uwait 0xfffffe00584ec180 syz-executor 958 1 951 0 S uwait 0xfffffe0058259880 syz-executor 957 1 951 0 S uwait 0xfffffe006e508380 syz-executor 942 1 763 0 S uwait 0xfffffe006e507700 syz-executor 940 1 763 0 S uwait 0xfffffe006e507200 syz-executor 939 1 763 0 S uwait 0xfffffe00584ece80 syz-executor 935 1 763 0 S uwait 0xfffffe005825a780 syz-executor 916 1 763 0 S uwait 0xfffffe006e507e00 syz-executor 912 1 764 0 SV uwait 0xfffffe005825a380 syz-executor 904 1 764 0 S uwait 0xfffffe006e507d00 syz-executor 902 901 766 0 S uwait 0xfffffe006e507b00 syz-executor 901 1 766 0 SV wait 0xfffffe0054130ae0 syz-executor 897 1 765 0 T uwait 0xfffffe00584ec280 syz-executor 879 780 423 0 S kqread 0xfffffe006dde5d00 rtsol 848 1 763 0 S uwait 0xfffffe0058258d00 syz-executor 839 1 763 0 S uwait 0xfffffe006e508280 syz-executor 824 1 765 0 S uwait 0xfffffe0058259680 syz-executor 820 0 0 0 DL aiordy 0xfffffe00540f3040 [aiod4] 819 0 0 0 DL aiordy 0xfffffe00540f35a0 [aiod3] 818 0 0 0 DL aiordy 0xfffffe00540f45c0 [aiod2] 817 0 0 0 DL aiordy 0xfffffe00540f3b00 [aiod1] 780 1 423 0 S wait 0xfffffe005410c000 sh 766 762 766 0 S nanslp 0xffffffff83ba3c40 syz-executor 765 762 765 0 S nanslp 0xffffffff83ba3c40 syz-executor 764 762 764 0 S nanslp 0xffffffff83ba3c41 syz-executor 763 762 763 0 S nanslp 0xffffffff83ba3c41 syz-executor 762 760 760 0 S select 0xfffffe0053ffb9c0 syz-executor 760 1 760 0 Ss sigsusp 0xfffffe00540db610 csh 16 0 0 0 DL syncer 0xffffffff83cc1820 [syncer] 15 0 0 0 DL vlruwt 0xfffffe000780a060 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cbfd60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100093 D sdflush 0xfffffe005828d4e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d0acc0 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83cf0d88 [dom0] 100080 D launds 0xffffffff83cf0d94 [laundry: dom0] 100081 D umarcl 0xffffffff81de0e10 [uma] 7 0 0 0 DL - 0xffffffff8391c5d8 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff846639e0 [pf purge] 5 0 0 0 DL waiting 0xffffffff8449b700 [sctp_iterator] 4 0 0 0 RL (threaded) [cam] 100045 Run CPU 1 [doneq0] 100046 D - 0xffffffff838e62c0 [async] 100075 D - 0xffffffff838e6140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cec640 [crypto] 100043 D crypto_ 0xfffffe0057d43030 [crypto returns 0] 100044 D crypto_ 0xfffffe0057d43080 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b4c620 [g_event] 100038 D - 0xffffffff83b4c640 [g_up] 100039 D - 0xffffffff83b4c660 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83ced0e0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c3dff0 [swapper] 100005 D - 0xfffffe000776cd00 [softirq_0] 100006 D - 0xfffffe000776cb00 [softirq_1] 100007 D - 0xfffffe000776c900 [if_io_tqg_0] 100008 D - 0xfffffe000776c700 [if_io_tqg_1] 100009 D - 0xfffffe000776c500 [if_config_tqg_0] 100010 D - 0xfffffe00083db100 [kqueue_ctx taskq] 100011 D - 0xfffffe00083db000 [jail_remove taskq] 100012 D - 0xfffffe00083dae00 [bus taskq] 100015 D - 0xfffffe00083da900 [thread taskq] 100017 D - 0xfffffe00083da600 [aiod_kick taskq] 100018 D - 0xfffffe00083da500 [deferred_unmount ta] 100019 D - 0xfffffe00083da400 [inm_free taskq] 100020 D - 0xfffffe00083da300 [in6m_free taskq] 100021 D - 0xfffffe00083da200 [linuxkpi_irq_wq] 100022 D - 0xfffffe00083da100 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00083da100 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00083da100 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00083da100 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00083da000 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00083da000 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00083da000 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00083da000 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00083d9900 [firmware taskq] 100040 D - 0xfffffe0057d47300 [crypto_0] 100041 D - 0xfffffe0057d47300 [crypto_1] 100056 D - 0xfffffe00083dd200 [vtnet0 rxq 0] 100057 D - 0xfffffe0058145500 [vtnet0 txq 0] 100058 D - 0xfffffe0058145400 [vtnet0 rxq 1] 100059 D - 0xfffffe0058145300 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057d67400 [virtio_balloon] 100065 D - 0xffffffff827cfba0 [deadlkres] 100069 D - 0xfffffe0057d46e00 [acpi_task_0] 100070 D - 0xfffffe0057d46e00 [acpi_task_1] 100071 D - 0xfffffe0057d46e00 [acpi_task_2] 100073 D - 0xfffffe00083dca00 [mca taskq] 100074 D - 0xfffffe0057d46b00 [CAM taskq] 100076 D - 0xfffffe0057d47000 [ipsec_offload] db> show all locks Process 1094 (syz-executor) thread 0xfffffe005413f780 (100405) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007c02948) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4022 exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006df82598) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1243 Process 4 (cam) thread 0xfffffe0007824000 (100045) exclusive rw SUrw (SUrw) r = 0 (0xfffffe005828d400) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:11283 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 376 5079K 486 tcp_hpts 7 4801K 7 devbuf 4187 4323K 4212 sysctloid 34891 2055K 34966 vtbuf 24 1968K 46 kobj 330 1320K 494 newblk 11 1027K 1029 vfscache 3 1025K 3 pcb 29 673K 91 filedesc 64 566K 496 inodedep 16 518K 458 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 subproc 158 310K 1187 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 100 200K 103 acpica 1674 184K 54426 vmem 5 144K 6 tidhash 3 141K 3 pagedep 13 131K 252 tfo_ccache 1 128K 1 IP reass 1 128K 1 sem 4 106K 4 DEVFS1 106 106K 123 gtaskqueue 18 98K 18 bus 997 82K 5063 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 521 66K 521 ddb_capture 1 64K 1 umtx 352 44K 352 kdtrace 225 44K 1505 hostcache 1 32K 1 shm 1 32K 2 DEVFS3 125 32K 135 msg 4 30K 4 kbdmux 6 28K 6 temp 31 21K 1956 DEVFS_RULE 56 20K 56 ifaddr 66 19K 68 ufs_mount 4 17K 5 proc 3 17K 3 LRO 16 17K 16 tty 16 16K 16 routetbl 124 16K 395 ithread 90 15K 90 bus-sc 34 15K 1647 eventhandler 163 14K 163 lltable 43 14K 43 ifnet 7 13K 7 ether_multi 152 13K 162 kenv 95 12K 95 shmfd 7 11K 8 GEOM 49 11K 431 CAM queue 5 11K 1528 rman 82 10K 437 rpc 8 9K 8 in6_multi 65 9K 65 bmsafemap 2 9K 392 devstat 4 9K 4 UART 12 9K 12 ksem 1 8K 1 pfs_vncache 1 8K 1 audit_evclass 240 8K 303 plimit 20 8K 613 taskqueue 69 8K 93 kqueue 73 7K 1152 sglist 6 7K 6 CAM DEV 3 6K 510 pfs_nodes 22 6K 22 ufs_dirhash 24 5K 24 UMA 266 5K 266 pwddesc 69 5K 1121 pf_ifnet 10 5K 19 cred 17 5K 211 tcp_fsb_rack 2 5K 8 vt 11 5K 11 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 acpisem 28 4K 28 terminal 11 3K 11 DEVFSP 40 3K 54 acpidev 20 3K 20 hhook 8 3K 10 clone 9 3K 9 kcovinfo 36 3K 36 proc-args 83 3K 2169 uidinfo 2 3K 13 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 ip6ndp 12 2K 14 Unitno 28 2K 52 sctp_ifa 13 2K 14 CAM XPT 22 2K 543 sctp_atcl 4 2K 15 in_multi 6 2K 8 tun 4 2K 4 toponodes 6 2K 6 session 12 2K 53 ipsecpolicy 2 2K 2 lockf 11 2K 140 msi 9 2K 9 netlink 2 2K 72 selfd 18 2K 93488 sctp_stro 1 1K 2 softdep 1 1K 1 newdirblk 8 1K 227 sahead 1 1K 1 secasvar 1 1K 1 nhops 6 1K 8 vnodemarker 2 1K 22 NFSD session 1 1K 1 diradd 7 1K 380 CAM periph 4 1K 271 ipsec 3 1K 3 sctp_ifn 6 1K 14 mld 6 1K 6 igmp 6 1K 6 pfil 6 1K 6 BPF 6 1K 16 isadev 6 1K 6 mount 16 1K 265 pci_link 10 1K 10 crypto 4 1K 4 encap_export_host 12 1K 12 osd 7 1K 55 sctp_stri 1 1K 4 mkdir 4 1K 454 freefile 4 1K 301 cdev 2 1K 2 lkpikmalloc 8 1K 9 counter_rate 13 1K 13 chacha20random 1 1K 1 biobuf 1 1K 1 select 3 1K 45 ip6_msource 5 1K 9 ip_msource 5 1K 8 ip6opt 2 1K 10 tcp_pcm_rack 1 1K 4 sctp_timw 1 1K 1 dirrem 1 1K 363 inpcbpolicy 8 1K 236 CC Mem 2 1K 38 vnodes 1 1K 6 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 CAM SIM 2 1K 2 sctp_atky 5 1K 19 feeder 7 1K 7 tcpfunc 3 1K 3 loginclass 3 1K 5 prison 6 1K 6 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 aio 4 1K 4 iov 2 1K 13893 pmchooks 1 1K 1 filedesc_to_leader 2 1K 4 CAM path 4 1K 1034 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 sctp_vrf 1 1K 1 sctp_athm 4 1K 17 vnet 1 1K 1 pmc 1 1K 1 entropy 2 1K 33 acpiintr 1 1K 1 sctp_map 2 1K 4 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 freework 1 1K 324 soname 1 1K 3382 p1003.1b 1 1K 1 tcp_do_rack 0 0K 0 mqdata 0 0K 0 cryptodev 0 0K 39 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_krule_item 0 0K 0 pf_temp 0 0K 0 filemon 0 0K 1 ipcomp 0 0K 0 esp 0 0K 0 ah 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 1 sctp_iter 0 0K 12 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 12 sctp_aadr 0 0K 0 madt_table 0 0K 2 smartpqi 0 0K 0 ixl 0 0K 0 ice-resmgr 0 0K 0 ice-osdep 0 0K 0 ice 0 0K 0 iavf 0 0K 0 axgbe 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 NMI handlers 0 0K 0 bounce 0 0K 0 busdma 0 0K 0 qpidrv 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 amdiommu_dom 0 0K 0 amdiommu_ctx 0 0K 0 isci 0 0K 0 iommu_dmamap 0 0K 0 hyperv_socket 0 0K 0 bxe_ilt 0 0K 0 aesni_data 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 122 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 9 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 258 freefrag 0 0K 66 allocindir 0 0K 0 indirdep 0 0K 64 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 ktls_ocf 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS_RX 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EN 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5DUMP 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 simple_attr 0 0K 0 seq_file 0 0K 0 lkpiskb 0 0K 0 radix 0 0K 0 idr 0 0K 0 lkpindev 0 0K 0 lkpimhi 0 0K 0 lkpifw 0 0K 0 lkpi80211 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6_moptions 0 0K 3 in6_mfilter 0 0K 11 frag6 0 0K 0 tcplog 0 0K 0 tcp_hwpace 0 0K 0 ip_moptions 0 0K 4 in_mfilter 0 0K 15 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K