panic: ffs2_balloc: unwind failed
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*230582 62929 0 0 0x4000000 0K syz-executor
82615 68176 0 0x2 0 1 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8344130c) at panic+0x1e5 sys/kern/subr_prf.c:198
ffs2_balloc(fffffd806c051150,40000000006,1,fffffd80097fd410,1,ffff80003c3f46e0) at ffs2_balloc+0x1961
ffs_truncate(fffffd806c051150,40000000007,0,fffffd80097fd410) at ffs_truncate+0x410 sys/ufs/ffs/ffs_inode.c:185
ufs_setattr(ffff80003c3f4800) at ufs_setattr+0x8e9 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806c664a60,ffff80003c3f4888,fffffd80097fd410,ffff80002a220018) at VOP_SETATTR+0x11b sys/kern/vfs_vops.c:210
dotruncate(ffff80002a220018,fffffd806c664a60,40000000007) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2898
sys_ftruncate(ffff80002a220018,ffff80003c3f4ab0,ffff80003c3f4a00) at sys_ftruncate+0x20a sys/kern/vfs_syscalls.c:2952
syscall(ffff80003c3f4ab0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c3f4ab0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb4d8f67f130, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: ffs2_balloc: unwind failed
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8344130c) at panic+0x1e5 sys/kern/subr_prf.c:198
ffs2_balloc(fffffd806c051150,40000000006,1,fffffd80097fd410,1,ffff80003c3f46e0) at ffs2_balloc+0x1961
ffs_truncate(fffffd806c051150,40000000007,0,fffffd80097fd410) at ffs_truncate+0x410 sys/ufs/ffs/ffs_inode.c:185
ufs_setattr(ffff80003c3f4800) at ufs_setattr+0x8e9 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806c664a60,ffff80003c3f4888,fffffd80097fd410,ffff80002a220018) at VOP_SETATTR+0x11b sys/kern/vfs_vops.c:210
dotruncate(ffff80002a220018,fffffd806c664a60,40000000007) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2898
sys_ftruncate(ffff80002a220018,ffff80003c3f4ab0,ffff80003c3f4a00) at sys_ftruncate+0x20a sys/kern/vfs_syscalls.c:2952
syscall(ffff80003c3f4ab0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c3f4ab0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb4d8f67f130, count: -10
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c3f4340
rbx 0xffffffff8399ee07 cpu_info_full_primary+0x2e07
rdx 0
rcx 0xffff80002a220018
rax 0xffffffff8399dff0 cpu_info_full_primary+0x1ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xd8f43f233a7dd7cc
r11 0x91d22799c5799828
r12 0xffffffff8399ec08 cpu_info_full_primary+0x2c08
r13 0
r14 0
r15 0x1
rip 0xffffffff82536425 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c3f4330
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=230582 pid=62929 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=17, usrpri=86, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a221770,0xffffffff83a421e0
process=0xffff8000fffe4020 user=0xffff80003c3ef000, vmspace=0xfffffd806c6b67b8
estcpu=36, cpticks=1, pctcpu=0.0, user=1, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
62929 41988 7378 0 2 0xc80 syz-executor
62929 311050 7378 0 3 0x4000080 fsleep syz-executor
62929 41051 7378 0 2 0x4000000 syz-executor
*62929 230582 7378 0 7 0x4000000 syz-executor
22643 429769 61036 0 3 0x3000 suspend syz-executor
22643 437110 61036 0 2 0x4081000 syz-executor
7435 111671 68176 0 2 0 syz-executor
7435 37949 68176 0 3 0x4000080 msgwait syz-executor
8767 457184 54771 0 2 0 syz-executor
8767 398543 54771 0 2 0x4000000 syz-executor
29794 491562 88560 0 2 0 syz-executor
29794 289609 88560 0 3 0x4000080 fsleep syz-executor
665 348628 98103 60929 2 0x10 syz-executor
665 100011 98103 60929 3 0x4000090 fsleep syz-executor
46597 238122 58112 0 2 0 syz-executor
46597 392021 58112 0 3 0x4000080 fsleep syz-executor
46597 97794 58112 0 3 0x4000080 fsleep syz-executor
39914 248018 99381 -1 2 0xc90 syz-executor
39914 272754 99381 -1 3 0x4000098 kqread syz-executor
39914 476693 99381 -1 3 0x4000090 fsleep syz-executor
88560 260249 84249 0 2 0xc82 syz-executor
99381 325424 84249 0 2 0xc82 syz-executor
7378 269057 84249 0 2 0xc82 syz-executor
54771 369363 84249 0 2 0xc82 syz-executor
61036 88940 84249 0 2 0xc82 syz-executor
68176 82615 84249 0 7 0x2 syz-executor
98103 34845 84249 0 2 0xc82 syz-executor
58112 8539 84249 0 2 0xc82 syz-executor
84249 146520 22712 0 2 0x2 syz-executor
22712 204336 78901 0 3 0x10008a sigsusp ksh
78901 109694 33075 0 3 0x98 kqread sshd-session
33075 358834 71042 0 3 0x92 kqread sshd-session
91627 440634 1 0 3 0x100083 ttyin getty
71042 374525 1 0 3 0x88 kqread sshd
10171 107093 70318 74 2 0x1100012 pflogd
70318 56318 1 0 3 0x80 sbwait pflogd
46418 22175 1542 73 3 0x1100090 kqread syslogd
1542 341936 1 0 3 0x100082 sbwait syslogd
63973 300349 1 0 3 0x100080 kqread resolvd
44967 227545 8405 77 3 0x100092 kqread dhcpleased
23923 305099 8405 77 3 0x100092 kqread dhcpleased
8405 278673 1 0 3 0x80 kqread dhcpleased
73835 469567 0 0 3 0x14200 bored smr
69467 216259 0 0 2 0x14200 zerothread
50338 82660 0 0 3 0x14200 aiodoned aiodoned
95627 305118 0 0 3 0x14200 syncer update
50667 517046 0 0 3 0x14200 cleaner cleaner
25444 384551 0 0 3 0x14200 reaper reaper
20321 292996 0 0 3 0x14200 pgdaemon pagedaemon
13295 515467 0 0 3 0x14200 bored viomb
13445 246506 0 0 3 0x40014200 acpi0 acpi0
61701 352863 0 0 3 0x40014200 idle1
32084 346974 0 0 3 0x14200 bored softnet1
47344 497466 0 0 3 0x14200 bored softnet0
76522 228827 0 0 3 0x14200 smrbar systqmp
87661 472796 0 0 3 0x14200 bored systq
92323 514080 0 0 3 0x14200 tmoslp softclockmp
8242 470801 0 0 3 0x40014200 tmoslp softclock
65930 258154 0 0 3 0x40014200 idle0
1 491302 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 62929 (syz-executor) thread 0xffff80002a220018 (230582)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839ffcc0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
#2 sleep_finish+0x2d8 sys/kern/kern_synch.c:369
#3 biowait+0xc6 sys/kern/vfs_bio.c:1242
#4 bwrite+0x2e7 sys/kern/vfs_bio.c:754
#5 ffs2_balloc+0xc24 sys/ufs/ffs/ffs_balloc.c:646
#6 ffs_truncate+0x410 sys/ufs/ffs/ffs_inode.c:185
#7 ufs_setattr+0x8e9 sys/ufs/ufs/ufs_vnops.c:403
#8 VOP_SETATTR+0x11b sys/kern/vfs_vops.c:210
#9 dotruncate+0x1da sys/kern/vfs_syscalls.c:2898
#10 sys_ftruncate+0x20a sys/kern/vfs_syscalls.c:2952
#11 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#11 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806c0511f0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5 sys_ftruncate+0x1f1 sys/kern/vfs_syscalls.c:2952
#6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#7 Xsyscall+0x128
Process 76522 (systqmp) thread 0xffff8000ffffe530 (228827)
shared rwlock systqmp r = 0 (0xffffffff8397cc78)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11056 12085K 12223K 166960K 12274 0
pcb 17 13K 14K 166960K 65 0
rtable 237 6K 7K 166960K 351 0
pf 34 17K 19K 166960K 49 0
ifaddr 43 7K 7K 166960K 46 0
ifgroup 55 2K 2K 166960K 60 0
sysctl 1 1K 9K 166960K 5 0
counters 70 37K 37K 166960K 72 0
ioctlops 0 0K 4K 166960K 1488 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1401 88K 88K 166960K 1476 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 3 0K 0K 166960K 3 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 97K 166960K 148 0
proc 72 115K 147K 166960K 554 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 2 0
in_multi 99 7K 7K 166960K 99 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 2 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 37 175K 175K 166960K 37 0
exec 0 0K 1K 166960K 383 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 244 159K 169K 166960K 3135 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 43 86K 108K 166960K 1304 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 28 2K 2K 166960K 29 0
temp 35 9110K 9174K 166960K 4318 0
kqueue 14 22K 26K 166960K 28 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 33 0 30 1 0 1 1 0 8 0
rtentry 176 111 0 1 5 0 5 5 0 8 0
unpcb 144 45 0 28 1 0 1 1 0 8 0
syncache 336 4 0 4 1 0 1 1 0 8 1
tcpcb 736 13 0 5 1 0 1 1 0 8 0
arp 136 18 0 0 1 0 1 1 0 8 0
inpcb 328 110 0 97 4 0 4 4 0 8 2
nd6 152 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
pffrag 232 1 0 0 1 0 1 1 0 482 0
pffrnode 88 1 0 0 1 0 1 1 0 8 0
pffrent 40 1 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 18 0 0 1 0 1 1 0 8 0
pfstkey 128 18 0 0 1 0 1 1 0 8 0
pfstate 448 18 0 0 2 0 2 2 0 8 0
pfrule 1360 22 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 453 0 0 29 0 29 29 0 8 0
art_table 40 454 0 0 5 0 5 5 0 8 0
art_node 32 111 0 10 1 0 1 1 0 8 0
semapl 72 1 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1589 0 116 93 0 93 93 0 8 0
ffsino 296 1589 0 116 114 0 114 114 0 8 0
nchpl 144 1804 0 89 64 0 64 64 0 8 0
vnodes 216 1790 0 0 100 0 100 100 0 8 0
namei 1024 5838 0 5838 1 0 1 1 0 8 1
percpumem 16 51 0 1 1 0 1 1 0 8 0
kstatmem 264 29 0 2 2 0 2 2 0 8 0
scxspl 216 6332 0 6332 4 1 3 3 1 8 3
plimitpl 152 31 0 13 1 0 1 1 0 8 0
sigapl 424 465 0 417 7 0 7 7 0 8 1
knotepl 120 66 0 0 2 0 2 2 0 8 0
kqueuepl 224 25 0 15 1 0 1 1 0 8 0
pipepl 344 126 0 99 3 0 3 3 0 8 0
fdescpl 528 449 0 417 3 0 3 3 0 8 0
filepl 160 1894 0 1673 20 0 20 20 0 8 10
lockfpl 104 13 0 9 1 0 1 1 0 8 0
lockfspl 48 8 0 4 1 0 1 1 0 8 0
sessionpl 144 24 0 15 1 0 1 1 0 8 0
pgrppl 48 33 0 16 1 0 1 1 0 8 0
ucredpl 104 91 0 76 1 0 1 1 0 8 0
zombiepl 144 418 0 417 1 0 1 1 0 8 0
processpl 1232 465 0 417 5 0 5 5 0 8 0
procpl 664 502 0 442 6 0 6 6 0 8 0
sosppl 176 2 0 2 1 0 1 1 0 8 1
sockpl 752 191 0 158 7 0 7 7 0 8 3
mcl64k 65536 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 128 0 0 16 0 16 16 0 8 0
mcl2k 2048 14 0 0 2 0 2 2 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 133 0 0 9 0 9 9 0 8 0
bufpl 280 2443 0 105 167 0 167 167 0 8 0
anonpl 32 3871 0 0 32 0 32 32 0 246 0
amapchunkpl 152 8582 0 8059 21 0 21 21 0 158 0
amappl16 200 2030 0 1996 5 0 5 5 0 8 3
amappl15 192 75 0 75 1 0 1 1 0 8 1
amappl14 184 431 0 430 1 0 1 1 0 8 0
amappl13 176 126 0 114 1 0 1 1 0 8 0
amappl12 168 697 0 666 2 0 2 2 0 8 0
amappl11 160 42 0 42 1 0 1 1 0 8 1
amappl10 152 75 0 61 1 0 1 1 0 8 0
amappl9 144 276 0 276 1 0 1 1 0 8 1
amappl8 136 102 0 100 1 0 1 1 0 8 0
amappl7 128 146 0 132 1 0 1 1 0 8 0
amappl6 120 152 0 151 1 0 1 1 0 8 0
amappl5 112 100 0 90 1 0 1 1 0 8 0
amappl4 104 294 0 273 1 0 1 1 0 8 0
amappl3 96 1551 0 1429 3 0 3 3 0 8 0
amappl2 88 536 0 477 2 0 2 2 0 8 0
amappl1 80 10493 0 9889 15 0 15 15 0 8 0
amappl 88 2408 0 2235 4 0 4 4 0 92 0
uvmvnodes 80 100 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 449 0 417 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 449 0 417 1 0 1 1 0 8 0
vmmpekpl 168 5745 0 5713 2 0 2 2 0 8 0
vmmpepl 168 38641 0 36675 89 0 89 89 0 357 1
vmsppl 488 448 0 417 5 0 5 5 0 8 0
rwobjpl 80 14872 0 13829 24 0 24 24 0 8 0
pdppl 4096 905 0 834 99 12 87 87 0 8 16
pvpl 32 10055 0 0 82 0 82 82 0 265 0
pmappl 256 448 0 417 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 267 0 15 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8344130c) at panic+0x1e5 sys/kern/subr_prf.c:198
ffs2_balloc(fffffd806c051150,40000000006,1,fffffd80097fd410,1,ffff80003c3f46e0) at ffs2_balloc+0x1961
ffs_truncate(fffffd806c051150,40000000007,0,fffffd80097fd410) at ffs_truncate+0x410 sys/ufs/ffs/ffs_inode.c:185
ufs_setattr(ffff80003c3f4800) at ufs_setattr+0x8e9 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806c664a60,ffff80003c3f4888,fffffd80097fd410,ffff80002a220018) at VOP_SETATTR+0x11b sys/kern/vfs_vops.c:210
dotruncate(ffff80002a220018,fffffd806c664a60,40000000007) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2898
sys_ftruncate(ffff80002a220018,ffff80003c3f4ab0,ffff80003c3f4a00) at sys_ftruncate+0x20a sys/kern/vfs_syscalls.c:2952
syscall(ffff80003c3f4ab0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c3f4ab0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb4d8f67f130, count: -10
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839ff4c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839ff4c0) at __mp_lock+0x192 sys/kern/kern_lock.c:173
syscall(ffff80002a2e6720) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
syscall(ffff80002a2e6720) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74f2ac37e7a0, count: 9
ddb{1}> trace
x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839ff4c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839ff4c0) at __mp_lock+0x192 sys/kern/kern_lock.c:173
syscall(ffff80002a2e6720) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
syscall(ffff80002a2e6720) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74f2ac37e7a0, count: -6