panic: ffs_valloc: dup alloc
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*153220 68767 0 0x2 0 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83463449) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd806f75af00,41c0,fffffd8007ffd680,ffff80003c903858) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c9038c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806f7587c0,ffff80003c903a20,ffff80003c903a50,ffff80003c903950) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80003c8e3248,ffffff9c,74795b8aa7f0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3149
syscall(ffff80003c903bc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c903bc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74795b8aa7b0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: ffs_valloc: dup alloc
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83463449) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd806f75af00,41c0,fffffd8007ffd680,ffff80003c903858) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c9038c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806f7587c0,ffff80003c903a20,ffff80003c903a50,ffff80003c903950) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80003c8e3248,ffffff9c,74795b8aa7f0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3149
syscall(ffff80003c903bc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c903bc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74795b8aa7b0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c9035e0
rbx 0x665f __ALIGN_SIZE+0x565f
rdx 0
rcx 0
rax 0xffff80003c8e3248
r8 0x101010101010101
r9 0x8080808080808080
r10 0x203b9c340aeb6383
r11 0x10c50a9e39c82669
r12 0
r13 0xfffffd806ca8c200
r14 0
r15 0x1
rip 0xffffffff827072e5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c9035d0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=153220 pid=68767 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=17, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c8e2550,0xffff80002a7367e0
process=0xffff8000ffff8498 user=0xffff80003c8fe000, vmspace=0xfffffd8073827d08
estcpu=1, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*68767 153220 57106 0 7 0x2 syz-executor
83736 342165 48958 0 2 0 syz-executor
83736 416751 48958 0 2 0x4000000 syz-executor
83736 80996 48958 0 2 0x4000000 syz-executor
9260 439921 83055 0 2 0 syz-executor
9260 453868 83055 0 2 0x4000000 syz-executor
15645 301129 29543 0 2 0 syz-executor
15645 500119 29543 0 3 0x4000080 fsleep syz-executor
3035 499297 89894 0 2 0 syz-executor
3035 191350 89894 0 3 0x4000080 fsleep syz-executor
61698 384976 31421 0 2 0 syz-executor
61698 119929 31421 0 3 0x4000080 fsleep syz-executor
2739 33350 15798 0 2 0 syz-executor
2739 303638 15798 0 3 0x4000080 fsleep syz-executor
48958 9041 57106 0 3 0x82 nanoslp syz-executor
83055 207027 57106 0 3 0x82 nanoslp syz-executor
29543 178782 57106 0 3 0x82 nanoslp syz-executor
89894 261072 57106 0 3 0x82 nanoslp syz-executor
31421 179083 57106 0 3 0x82 nanoslp syz-executor
42902 89059 57106 0 2 0x2 syz-executor
15798 252826 57106 0 3 0x82 nanoslp syz-executor
57106 118732 93248 0 2 0x2 syz-executor
93248 17490 83114 0 3 0x10008a sigsusp ksh
83114 25554 79216 0 3 0x98 kqread sshd-session
79216 265373 19031 0 3 0x92 kqread sshd-session
20215 28451 1 0 3 0x100083 ttyin getty
19031 126139 1 0 3 0x88 kqread sshd
17877 442301 13422 73 3 0x1100090 kqread syslogd
13422 380932 1 0 3 0x100082 sbwait syslogd
82930 68437 1 0 3 0x100080 kqread resolvd
71469 20283 37200 77 3 0x100092 kqread dhcpleased
45202 31153 37200 77 3 0x100092 kqread dhcpleased
37200 500572 1 0 3 0x80 kqread dhcpleased
28895 58857 0 0 3 0x14200 bored smr
49531 73681 0 0 2 0x14200 zerothread
67484 263415 0 0 3 0x14200 aiodoned aiodoned
1081 403444 0 0 3 0x14200 syncer update
24740 26251 0 0 3 0x14200 cleaner cleaner
43387 318085 0 0 3 0x14200 reaper reaper
27040 458158 0 0 3 0x14200 pgdaemon pagedaemon
81220 120886 0 0 3 0x14200 bored viomb
90153 348276 0 0 3 0x40014200 acpi0 acpi0
6217 71574 0 0 2 0x14200 softnet0
3105 427156 0 0 3 0x14200 smrbar systqmp
9089 193976 0 0 3 0x14200 bored systq
94589 276432 0 0 3 0x40014200 tmoslp softclock
53021 37939 0 0 3 0x40014200 idle0
1 284581 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11039 12166K 12381K 166960K 12415 0
pcb 17 12K 12K 166960K 32 0
rtable 220 7K 8K 166960K 364 0
pf 28 12K 16K 166960K 38 0
ifaddr 38 6K 7K 166960K 47 0
ifgroup 46 2K 2K 166960K 54 0
sysctl 1 1K 9K 166960K 6 0
counters 32 17K 18K 166960K 39 0
ioctlops 0 0K 4K 166960K 52 0
iov 0 0K 0K 166960K 3 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1296 82K 82K 166960K 1487 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 4 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 6 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 54K 93K 166960K 220 0
proc 60 59K 91K 166960K 508 0
subproc 63 3K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 10 0
in_multi 88 6K 7K 166960K 103 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 2 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 378 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 200 150K 167K 166960K 3603 0
UVM aobj 6 2K 2K 166960K 6 0
pinsyscall 37 74K 94K 166960K 1332 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 6 0
NDP 10 0K 2K 166960K 29 0
temp 70 9115K 9192K 166960K 5496 0
kqueue 13 20K 24K 166960K 47 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 44 0 41 1 0 1 1 0 8 0
rtentry 136 111 0 12 4 0 4 4 0 8 0
unpcb 144 126 0 110 4 0 4 4 0 8 3
syncache 336 4 0 4 1 0 1 1 0 8 1
tcpcb 736 18 0 11 1 0 1 1 0 8 0
arp 96 18 0 2 1 0 1 1 0 8 0
inpcb 328 108 0 97 2 0 2 2 0 8 1
nd6 112 24 0 3 1 0 1 1 0 8 0
kcovpl 48 9 0 2 1 0 1 1 0 8 0
ppxss 1072 6 0 6 1 0 1 1 0 8 1
pffrag 232 1 0 0 1 0 1 1 0 482 0
pffrnode 88 1 0 0 1 0 1 1 0 8 0
pffrent 40 3 0 2 1 0 1 1 0 8 0
pfsrclim 320 1 0 1 1 0 1 1 0 8 1
pfrule 1360 4 0 4 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 452 0 0 29 0 29 29 0 8 0
art_table 40 453 0 0 5 0 5 5 0 8 0
art_node 32 111 0 21 1 0 1 1 0 8 0
semapl 72 4 0 0 1 0 1 1 0 8 0
shmpl 112 3 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1761 0 299 92 0 92 92 0 8 0
ffsino 256 1761 0 299 92 0 92 92 0 8 0
nchpl 144 2079 0 389 64 0 64 64 0 8 0
rtmask 32 4 0 4 1 0 1 1 0 8 1
vnodes 216 1890 0 0 105 0 105 105 0 8 0
namei 1024 6471 0 6469 2 0 2 2 0 8 1
kstatmem 264 27 0 6 2 0 2 2 0 8 0
scxspl 216 8494 0 8494 3 0 3 3 1 8 3
plimitpl 152 171 0 155 1 0 1 1 0 8 0
sigapl 424 516 0 475 6 0 6 6 0 8 1
knotepl 120 5079 0 5032 8 0 8 8 0 8 6
kqueuepl 184 50 0 41 1 0 1 1 0 8 0
pipepl 304 132 0 105 3 0 3 3 0 8 0
fdescpl 448 503 0 475 5 0 5 5 0 8 1
filepl 120 2316 0 2114 11 0 11 11 0 8 4
lockfpl 104 32 0 30 1 0 1 1 0 8 0
lockfspl 48 17 0 15 1 0 1 1 0 8 0
sessionpl 144 29 0 21 1 0 1 1 0 8 0
pgrppl 48 39 0 23 1 0 1 1 0 8 0
ucredpl 104 406 0 395 1 0 1 1 0 8 0
zombiepl 144 475 0 475 1 0 1 1 0 8 1
processpl 1152 516 0 475 4 0 4 4 0 8 0
procpl 664 650 0 602 6 0 6 6 0 8 1
sockpl 552 282 0 252 7 0 7 7 0 8 4
mcl64k 65536 9 0 9 1 0 1 1 0 8 1
mcl16k 16384 2 0 2 1 0 1 1 0 8 1
mcl8k 8192 70 0 70 1 0 1 1 0 8 1
mcl4k 4096 2662 0 2612 15 0 15 15 0 8 8
mcl2k 2048 190 0 189 2 0 2 2 0 8 1
mtagpl 96 5 0 4 1 0 1 1 0 8 0
mbufpl 256 5212 0 5069 11 0 11 11 0 8 0
bufpl 280 3340 0 102 232 0 232 232 0 8 0
anonpl 24 89567 0 86558 51 0 51 51 0 186 15
amapchunkpl 152 10324 0 9919 27 0 27 27 0 158 10
amappl16 200 1291 0 1266 13 0 13 13 0 8 7
amappl15 192 7 0 7 1 0 1 1 0 8 1
amappl14 184 410 0 409 1 0 1 1 0 8 0
amappl13 176 119 0 109 1 0 1 1 0 8 0
amappl12 168 739 0 713 2 0 2 2 0 8 0
amappl11 160 4 0 4 1 0 1 1 0 8 1
amappl10 152 62 0 52 1 0 1 1 0 8 0
amappl9 144 274 0 274 1 0 1 1 0 8 1
amappl8 136 102 0 101 1 0 1 1 0 8 0
amappl7 128 144 0 131 1 0 1 1 0 8 0
amappl6 120 165 0 164 1 0 1 1 0 8 0
amappl5 112 91 0 83 1 0 1 1 0 8 0
amappl4 104 267 0 249 1 0 1 1 0 8 0
amappl3 96 1943 0 1848 4 0 4 4 0 8 1
amappl2 88 533 0 477 2 0 2 2 0 8 0
amappl1 80 10454 0 9914 13 0 13 13 0 8 1
amappl 88 2886 0 2748 5 0 5 5 0 92 1
uvmvnodes 80 101 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 5 0 0 1 0 1 1 0 8 0
uaddrrnd 24 503 0 475 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 503 0 475 1 0 1 1 0 8 0
vmmpekpl 168 6031 0 5992 2 0 2 2 0 8 0
vmmpepl 168 40552 0 38863 90 0 90 90 0 357 13
vmsppl 368 502 0 475 4 0 4 4 0 8 1
rwobjpl 40 14549 0 13634 12 0 12 12 0 8 0
pdppl 4096 1012 0 950 94 28 66 80 0 8 4
pvpl 32 234299 0 226013 121 0 121 121 0 265 32
pmappl 216 502 0 475 3 0 3 3 0 8 1
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 359 0 28 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83463449) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd806f75af00,41c0,fffffd8007ffd680,ffff80003c903858) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c9038c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806f7587c0,ffff80003c903a20,ffff80003c903a50,ffff80003c903950) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80003c8e3248,ffffff9c,74795b8aa7f0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3149
syscall(ffff80003c903bc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c903bc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74795b8aa7b0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83463449) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_inode_alloc(fffffd806f75af00,41c0,fffffd8007ffd680,ffff80003c903858) at ffs_inode_alloc+0x94e
ufs_mkdir(ffff80003c9038c0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806f7587c0,ffff80003c903a20,ffff80003c903a50,ffff80003c903950) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80003c8e3248,ffffff9c,74795b8aa7f0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3149
syscall(ffff80003c903bc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c903bc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74795b8aa7b0, count: -8