panic: ffs_valloc: dup alloc
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*141851 40123 0 0x2 0 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833f46ff) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd807eafff00,41c0,fffffd8007ffd5b0,ffff80003c4e3958) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c4e39c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd807eafd538,ffff80003c4e3b20,ffff80003c4e3b50,ffff80003c4e3a50) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a78c2b8,ffffff9c,79c62cc90220,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80003c4e3cc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c4e3cc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x79c62cc901e0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: ffs_valloc: dup alloc
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833f46ff) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd807eafff00,41c0,fffffd8007ffd5b0,ffff80003c4e3958) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c4e39c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd807eafd538,ffff80003c4e3b20,ffff80003c4e3b50,ffff80003c4e3a50) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a78c2b8,ffffff9c,79c62cc90220,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80003c4e3cc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c4e3cc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x79c62cc901e0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c4e36e0
rbx 0x665c __ALIGN_SIZE+0x565c
rdx 0
rcx 0
rax 0xffff80002a78c2b8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x86d994bd9f0be1d8
r11 0xb6cddadf2f349f54
r12 0
r13 0xfffffd806fb78c00
r14 0
r15 0x1
rip 0xffffffff81af05b5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c4e36d0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=141851 pid=40123 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a774a78,0xffff80002a78d4f0
process=0xffff8000ffff9698 user=0xffff80003c4de000, vmspace=0xfffffd806cce68b0
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
62174 12686 97024 0 2 0 syz-executor
*40123 141851 71379 0 7 0x2 syz-executor
59907 88104 5857 0 2 0xc80 syz-executor
59907 50056 5857 0 3 0x4000080 netacc syz-executor
59907 282428 5857 0 3 0x4000080 fsleep syz-executor
59907 159102 5857 0 3 0x4000080 fsleep syz-executor
48944 64963 49744 0 2 0xc90 syz-executor
48944 381768 49744 0 3 0x4000090 piperd syz-executor
48944 111856 49744 0 3 0x4000090 fsleep syz-executor
75207 395082 12774 0 2 0xc80 syz-executor
75207 49855 12774 0 3 0x4000080 piperd syz-executor
75207 68424 12774 0 3 0x4000080 fsleep syz-executor
77419 332222 0 0 3 0x14200 acct acct
10497 441973 71379 0 3 0x82 piperd syz-executor
49744 119301 71379 0 3 0x82 nanoslp syz-executor
12774 298807 71379 0 2 0xc82 syz-executor
91667 360579 71379 0 3 0x82 piperd syz-executor
97024 331863 71379 0 3 0x82 nanoslp syz-executor
5857 513406 71379 0 3 0x82 nanoslp syz-executor
71379 80109 57529 0 2 0x2 syz-executor
57529 178423 36087 0 3 0x10008a sigsusp ksh
36087 408143 26589 0 3 0x98 kqread sshd-session
26589 364293 66669 0 3 0x92 kqread sshd-session
49255 53024 1 0 3 0x100083 ttyin getty
66669 374464 1 0 3 0x88 kqread sshd
62968 278860 8741 73 3 0x1100090 kqread syslogd
8741 267044 1 0 3 0x100082 sbwait syslogd
47235 365346 1 0 3 0x100080 kqread resolvd
40751 13512 42829 77 3 0x100092 kqread dhcpleased
71485 88553 42829 77 3 0x100092 kqread dhcpleased
42829 102918 1 0 3 0x80 kqread dhcpleased
93664 479771 0 0 3 0x14200 bored smr
76513 386587 0 0 2 0x14200 zerothread
58104 503785 0 0 3 0x14200 aiodoned aiodoned
89322 128108 0 0 3 0x14200 syncer update
50652 347676 0 0 3 0x14200 cleaner cleaner
14322 310799 0 0 3 0x14200 reaper reaper
46014 5507 0 0 3 0x14200 pgdaemon pagedaemon
77114 334624 0 0 3 0x14200 bored viomb
79694 173433 0 0 3 0x40014200 acpi0 acpi0
89663 484992 0 0 3 0x14200 bored softnet0
54252 126478 0 0 3 0x14200 smrbar systqmp
22895 116066 0 0 3 0x14200 bored systq
2884 506003 0 0 3 0x40014200 tmoslp softclock
71439 98104 0 0 3 0x40014200 idle0
1 389324 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11038 12109K 12308K 166960K 12289 0
pcb 17 12K 12K 166960K 48 0
rtable 228 7K 8K 166960K 387 0
pf 28 12K 17K 166960K 172 0
ifaddr 38 6K 7K 166960K 45 0
ifgroup 46 2K 2K 166960K 52 0
sysctl 1 1K 9K 166960K 5 0
counters 32 17K 18K 166960K 35 0
ioctlops 0 0K 4K 166960K 191 0
iov 1 1K 12K 166960K 6 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1325 83K 84K 166960K 1490 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 3 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 71 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 14 46K 232K 166960K 266 0
sigio 0 0K 0K 166960K 1 0
proc 60 59K 124K 166960K 519 0
subproc 63 3K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 17 0
in_multi 88 6K 7K 166960K 103 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 4 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 73 334K 334K 166960K 73 0
exec 0 0K 1K 166960K 368 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 180 127K 159K 166960K 4052 0
UVM aobj 5 4K 4K 166960K 5 0
pinsyscall 35 70K 96K 166960K 1336 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 6 0
NDP 10 0K 1K 166960K 28 0
temp 36 9063K 9127K 166960K 8253 0
kqueue 13 20K 30K 166960K 56 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 45 0 42 1 0 1 1 0 8 0
rtentry 136 115 0 14 4 0 4 4 0 8 0
unpcb 144 89 0 72 1 0 1 1 0 8 0
syncache 336 3 0 3 1 0 1 1 0 8 1
tcpcb 736 50 0 43 1 0 1 1 0 8 0
arp 96 18 0 2 1 0 1 1 0 8 0
inpcb 328 149 0 139 2 0 2 2 0 8 0
ip6q 72 1 0 0 1 0 1 1 0 8 0
ip6af 40 1 0 0 1 0 1 1 0 8 0
nd6 112 25 0 4 1 0 1 1 0 8 0
pkpcb 40 1 0 1 1 0 1 1 0 8 1
kcovpl 48 8 0 1 1 0 1 1 0 8 0
ppxss 1072 2 0 2 1 0 1 1 0 8 1
pftag 88 2 0 0 1 0 1 1 0 8 0
pfrule 1360 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 506 0 21 31 0 31 31 0 8 0
art_table 40 507 0 21 5 0 5 5 0 8 0
art_node 32 115 0 24 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 1 1 0 1 1 0 8 0
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 112 69 0 59 1 0 1 1 0 8 0
shmpl 112 2 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1789 0 331 92 0 92 92 0 8 0
ffsino 256 1790 0 332 92 0 92 92 0 8 0
nchpl 144 2153 0 467 64 0 64 64 0 8 0
rtmask 32 1 0 1 1 0 1 1 0 8 1
vnodes 216 1966 0 0 110 0 110 110 0 8 0
namei 1024 6313 0 6312 2 0 2 2 0 8 1
kstatmem 264 24 0 4 2 0 2 2 0 8 0
scxspl 216 7673 0 7673 2 0 2 2 1 8 2
plimitpl 152 49 0 33 1 0 1 1 0 8 0
sigapl 424 544 0 504 6 0 6 6 0 8 1
knotepl 120 6603 0 6556 2 0 2 2 0 8 0
kqueuepl 184 50 0 41 1 0 1 1 0 8 0
pipepl 304 128 0 99 3 0 3 3 0 8 0
fdescpl 448 530 0 504 5 0 5 5 0 8 1
filepl 120 2075 0 1870 8 0 8 8 0 8 0
lockfpl 104 56 0 54 1 0 1 1 0 8 0
lockfspl 48 25 0 23 1 0 1 1 0 8 0
sessionpl 144 29 0 21 1 0 1 1 0 8 0
pgrppl 48 39 0 23 1 0 1 1 0 8 0
ucredpl 104 206 0 194 1 0 1 1 0 8 0
zombiepl 144 505 0 504 1 0 1 1 0 8 0
processpl 1152 544 0 504 4 0 4 4 0 8 0
procpl 664 726 0 679 5 0 5 5 0 8 0
sockpl 552 288 0 258 4 0 4 4 0 8 1
mcl64k 65536 5 0 5 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 6 0 6 1 0 1 1 0 8 1
mcl4k 4096 2611 0 2556 14 0 14 14 0 8 6
mcl2k 2048 236 0 234 2 0 2 2 0 8 1
mtagpl 96 7 0 4 1 0 1 1 0 8 0
mbufpl 256 5156 0 5013 12 0 12 12 0 8 0
bufpl 280 2817 0 102 194 0 194 194 0 8 0
anonpl 24 112991 0 108116 33 0 33 33 0 187 0
amapchunkpl 152 12639 0 12178 31 0 31 31 0 158 8
amappl16 200 2044 0 2017 5 0 5 5 0 8 2
amappl15 192 16 0 16 1 0 1 1 0 8 1
amappl14 184 413 0 412 1 0 1 1 0 8 0
amappl13 176 116 0 106 1 0 1 1 0 8 0
amappl12 168 769 0 746 2 0 2 2 0 8 0
amappl11 160 4 0 4 1 0 1 1 0 8 1
amappl10 152 58 0 48 1 0 1 1 0 8 0
amappl9 144 255 0 255 1 0 1 1 0 8 1
amappl8 136 98 0 97 1 0 1 1 0 8 0
amappl7 128 145 0 132 1 0 1 1 0 8 0
amappl6 120 152 0 151 1 0 1 1 0 8 0
amappl5 112 91 0 84 1 0 1 1 0 8 0
amappl4 104 250 0 235 1 0 1 1 0 8 0
amappl3 96 2163 0 2088 3 0 3 3 0 8 0
amappl2 88 499 0 445 2 0 2 2 0 8 0
amappl1 80 9360 0 8829 13 0 13 13 0 8 1
amappl 88 3349 0 3228 4 0 4 4 0 92 0
uvmvnodes 80 102 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 4 0 0 1 0 1 1 0 8 0
uaddrrnd 24 530 0 504 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 530 0 504 1 0 1 1 0 8 0
vmmpekpl 168 5785 0 5744 2 0 2 2 0 8 0
vmmpepl 168 41331 0 39765 83 0 83 83 0 357 3
vmsppl 368 529 0 504 4 0 4 4 0 8 1
rwobjpl 40 14509 0 13621 11 0 11 11 0 8 0
pdppl 4096 1066 0 1008 100 34 66 82 0 8 8
pvpl 32 264329 0 254812 99 0 99 99 0 265 7
pmappl 216 529 0 504 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 366 0 34 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833f46ff) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd807eafff00,41c0,fffffd8007ffd5b0,ffff80003c4e3958) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c4e39c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd807eafd538,ffff80003c4e3b20,ffff80003c4e3b50,ffff80003c4e3a50) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a78c2b8,ffffff9c,79c62cc90220,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80003c4e3cc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c4e3cc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x79c62cc901e0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833f46ff) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd807eafff00,41c0,fffffd8007ffd5b0,ffff80003c4e3958) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c4e39c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd807eafd538,ffff80003c4e3b20,ffff80003c4e3b50,ffff80003c4e3a50) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a78c2b8,ffffff9c,79c62cc90220,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80003c4e3cc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c4e3cc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x79c62cc901e0, count: -8