panic: ffs_valloc: dup alloc
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*411857 56283 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ffs_inode_alloc() at ffs_inode_alloc+0x778 sys/ufs/ffs/ffs_alloc.c:403
ufs_makeinode(8000,fffffd803aada0f0,ffff800015723e88,ffff800015723ed8) at ufs_makeinode+0xaa sys/ufs/ufs/ufs_vnops.c:1832
ufs_create(ffff800015723c00) at ufs_create+0x41 sys/ufs/ufs/ufs_vnops.c:152
VOP_CREATE(fffffd803aada0f0,ffff800015723e88,ffff800015723ed8,ffff800015723c80) at VOP_CREATE+0xc0 sys/kern/vfs_vops.c:113
vn_open(ffff800015723e58,207,0) at vn_open+0x2b4 sys/kern/vfs_vnops.c:125
doopenat(ffff8000ffff3650,ffffff9c,20000480,206,0,ffff800015724050) at doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff8000157240d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff9f,0,3,9b1f58b4010) at Xsyscall+0x128
end of kernel
end trace frame: 0x9b40e3fcae0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
ffs_valloc: dup alloc
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ffs_inode_alloc() at ffs_inode_alloc+0x778 sys/ufs/ffs/ffs_alloc.c:403
ufs_makeinode(8000,fffffd803aada0f0,ffff800015723e88,ffff800015723ed8) at ufs_makeinode+0xaa sys/ufs/ufs/ufs_vnops.c:1832
ufs_create(ffff800015723c00) at ufs_create+0x41 sys/ufs/ufs/ufs_vnops.c:152
VOP_CREATE(fffffd803aada0f0,ffff800015723e88,ffff800015723ed8,ffff800015723c80) at VOP_CREATE+0xc0 sys/kern/vfs_vops.c:113
vn_open(ffff800015723e58,207,0) at vn_open+0x2b4 sys/kern/vfs_vnops.c:125
doopenat(ffff8000ffff3650,ffffff9c,20000480,206,0,ffff800015724050) at doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff8000157240d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff9f,0,3,9b1f58b4010) at Xsyscall+0x128
end of kernel
end trace frame: 0x9b40e3fcae0, count: -10
ddb> show registers
rdi 0xffffffff81b0e927 db_enter+0x17
rsi 0x280e __ALIGN_SIZE+0x180e
rbp 0xffff8000157238e0
rbx 0xffff800015723990
rdx 0x280f __ALIGN_SIZE+0x180f
rcx 0xffff800015b78000
rax 0xffff800015b78000
r8 0xffff8000157238a0
r9 0x1
r10 0xffff800000b90a00
r11 0xde913bbf808ee358
r12 0x3000000008
r13 0xffff8000157238f0
r14 0x100
r15 0x1
rip 0xffffffff81b0e928 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000157238d0
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=411857 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=17, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff33d8,0xffff8000ffff3b50
process=0xffff8000ffff66d0 user=0xffff80001571f000, vmspace=0xfffffd803f014220
estcpu=30, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
56283 297653 37999 0 2 0 syz-executor.0
*56283 411857 37999 0 7 0x4000000 syz-executor.0
56283 129316 37999 0 3 0x4000000 inode syz-executor.0
50248 315669 82465 0 3 0x3000 suspend syz-executor.1
50248 45707 82465 0 2 0x4081000 syz-executor.1
37999 317272 94329 0 3 0x82 nanosleep syz-executor.0
82465 275692 94329 0 2 0x482 syz-executor.1
78944 385635 0 0 3 0x14200 acct acct
72719 512765 1 0 3 0x100083 ttyin getty
34611 65864 0 0 3 0x14200 bored sosplice
94329 508245 61789 0 3 0x82 thrsleep syz-fuzzer
94329 119664 61789 0 3 0x4000082 thrsleep syz-fuzzer
94329 510633 61789 0 3 0x4000082 thrsleep syz-fuzzer
94329 482700 61789 0 3 0x4000082 thrsleep syz-fuzzer
94329 338898 61789 0 3 0x4000082 kqread syz-fuzzer
94329 135853 61789 0 3 0x4000082 thrsleep syz-fuzzer
94329 452416 61789 0 3 0x4000082 thrsleep syz-fuzzer
94329 481476 61789 0 3 0x4000082 thrsleep syz-fuzzer
61789 283140 28379 0 3 0x10008a pause ksh
28379 189437 3606 0 3 0x92 select sshd
3606 332231 1 0 3 0x80 select sshd
83814 495200 81261 73 3 0x100090 kqread syslogd
81261 217398 1 0 3 0x100082 netio syslogd
99084 158858 0 0 2 0x14200 zerothread
95023 497054 0 0 3 0x14200 aiodoned aiodoned
35210 437205 0 0 3 0x14200 syncer update
25713 291570 0 0 3 0x14200 cleaner cleaner
61933 358487 0 0 3 0x14200 reaper reaper
11536 330623 0 0 3 0x14200 pgdaemon pagedaemon
30322 96820 0 0 3 0x14200 bored crynlk
89576 313622 0 0 3 0x14200 bored crypto
36344 436548 0 0 3 0x40014200 acpi0 acpi0
23098 252397 0 0 3 0x14200 bored softnet
46829 117132 0 0 3 0x14200 bored systqmp
32385 395643 0 0 3 0x14200 bored systq
36086 467833 0 0 3 0x40014200 bored softclock
42654 32607 0 0 3 0x40014200 idle0
51549 508484 0 0 3 0x14200 bored smr
1 203155 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9647 6358K 14870K 78643K 175644 0 0
pcb 13 13K 14K 78643K 7492 0 0
rtable 224 19K 19K 78643K 17480 0 0
ifaddr 149 48K 55K 78643K 6473 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 3164 0 0
iov 0 0K 44K 78643K 11463 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1218 76K 78K 78643K 60182 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 521 0 0
VM map 281 70K 70K 78643K 438 0 0
sem 12 1K 1K 78643K 18 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 42265 0 0
sigio 0 0K 0K 78643K 600 0 0
proc 45 30K 63K 78643K 10907 0 0
subproc 32 2K 2K 78643K 3280 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 4K 78643K 78883 0 0
in_multi 64 4K 4K 78643K 11852 0 0
ether_multi 1 0K 0K 78643K 277 0 0
mrt 3 0K 0K 78643K 195 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 168 742K 742K 78643K 168 0 0
exec 0 0K 1K 78643K 6726 0 0
pfkey data 0 0K 4K 78643K 14 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 579 2291K 2291K 78643K 103593 0 0
UVM aobj 130 4K 4K 78643K 140 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 8893 0 0
NDP 28 0K 1K 78643K 2108 0 0
temp 282 3546K 4191K 78643K 1148862 0 0
kqueue 0 0K 0K 78643K 3556 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 559 0 553 1 0 1 1 0 8 0
rtpcb 80 7206 0 7204 24 23 1 1 0 8 0
rtentry 112 3900 0 3807 3 0 3 3 0 8 0
unpcb 120 72040 0 72012 68 66 2 3 0 8 1
syncache 264 170 0 170 66 66 0 1 0 8 0
sackhl 24 14 0 14 11 11 0 1 0 8 0
tcpqe 32 136 0 136 29 29 0 1 0 8 0
tcpcb 544 24568 0 24564 245 244 1 16 0 8 0
ipq 40 446 0 446 94 93 1 1 0 8 1
ipqe 40 14378 0 14378 94 93 1 1 0 8 1
inpcb 280 95121 0 95117 275 273 2 13 0 8 1
rttmr 72 58 0 57 31 30 1 1 0 8 0
ip6q 72 23 0 23 13 13 0 1 0 8 0
ip6af 40 61 0 61 13 13 0 1 0 8 0
nd6 48 672 0 669 21 20 1 1 0 8 0
pkpcb 40 96 0 96 38 38 0 1 0 8 0
swfcl 56 19 0 0 1 0 1 1 0 8 0
ppxss 1128 982 0 982 124 123 1 1 0 8 1
art_heap8 4096 89 0 83 47 41 6 7 0 8 0
art_heap4 256 18372 0 17912 150 121 29 35 0 8 0
art_table 32 18461 0 17995 11 7 4 5 0 8 0
art_node 16 3897 0 3828 1 0 1 1 0 8 0
sysvmsgpl 40 121 0 82 1 0 1 1 0 8 0
semupl 112 5 0 5 2 2 0 1 0 8 0
semapl 112 12 0 2 1 0 1 1 0 8 0
shmpl 112 138 0 10 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 70871 0 69292 52 1 51 51 0 8 0
ffsino 240 70871 0 69292 96 3 93 93 0 8 0
nchpl 144 135297 0 134825 62 42 20 61 0 8 0
uvmvnodes 72 12372 0 0 225 0 225 225 0 8 0
vnodes 208 12372 0 0 652 0 652 652 0 8 0
namei 1024 509526 0 509524 17 16 1 1 0 8 0
vcpupl 1984 285 0 6 36 0 36 36 0 8 0
vmpool 520 436 0 157 26 7 19 19 0 8 0
scsiplug 64 22 0 22 15 15 0 1 0 8 0
scxspl 192 436959 0 436959 148 147 1 7 0 8 1
plimitpl 152 3495 0 3489 1 0 1 1 0 8 0
sigapl 432 41867 0 41855 2 0 2 2 0 8 0
futexpl 56 1620323 0 1620323 18 17 1 1 0 8 1
knotepl 112 19387 0 19368 28 27 1 3 0 8 0
kqueuepl 104 26254 0 26252 52 51 1 4 0 8 0
pipepl 112 20992 0 20973 63 62 1 2 0 8 0
fdescpl 424 41868 0 41855 2 0 2 2 0 8 0
filepl 120 498964 0 498873 249 245 4 11 0 8 1
lockfpl 104 14577 0 14577 11 10 1 1 0 8 1
lockfspl 48 5139 0 5139 11 10 1 1 0 8 1
sessionpl 112 208 0 200 1 0 1 1 0 8 0
pgrppl 48 605 0 597 1 0 1 1 0 8 0
ucredpl 96 73584 0 73568 1 0 1 1 0 8 0
zombiepl 144 41888 0 41887 1 0 1 1 0 8 0
processpl 864 41916 0 41887 4 0 4 4 0 8 0
procpl 632 91872 0 91833 11 7 4 5 0 8 0
sosppl 128 638 0 638 114 114 0 1 0 8 0
sockpl 384 175226 0 175192 436 430 6 23 0 8 1
mcl64k 65536 13319 0 13319 943 942 1 64 0 8 1
mcl16k 16384 540 0 540 121 121 0 1 0 8 0
mcl12k 12288 1182 0 1182 81 80 1 1 0 8 1
mcl9k 9216 867 0 867 115 114 1 1 0 8 1
mcl8k 8192 6917 0 6917 54 53 1 1 0 8 1
mcl4k 4096 6183 0 6183 27 26 1 1 0 8 1
mcl2k2 2112 322 0 322 128 128 0 1 0 8 0
mcl2k 2048 159929 0 159886 132 126 6 14 0 8 0
mtagpl 80 4993 0 4976 59 58 1 6 0 8 0
mbufpl 256 784529 0 784342 1191 1170 21 56 0 8 8
bufpl 256 129292 0 116921 775 1 774 774 0 8 0
anonpl 16 4201547 0 4174359 931 818 113 140 0 62 0
amapchunkpl 152 195069 0 194882 385 376 9 21 0 158 0
amappl16 192 233621 0 231958 1207 1123 84 105 0 8 0
amappl15 184 5895 0 5895 22 22 0 1 0 8 0
amappl14 176 6879 0 6875 1 0 1 1 0 8 0
amappl13 168 6304 0 6300 1 0 1 1 0 8 0
amappl12 160 4586 0 4583 2 1 1 1 0 8 0
amappl11 152 8437 0 8433 1 0 1 1 0 8 0
amappl10 144 4642 0 4640 1 0 1 1 0 8 0
amappl9 136 8264 0 8257 1 0 1 1 0 8 0
amappl8 128 7597 0 7473 9 4 5 5 0 8 0
amappl7 120 5368 0 5361 1 0 1 1 0 8 0
amappl6 112 8039 0 8015 1 0 1 1 0 8 0
amappl5 104 6308 0 6301 1 0 1 1 0 8 0
amappl4 96 41533 0 41498 1 0 1 1 0 8 0
amappl3 88 8533 0 8508 1 0 1 1 0 8 0
amappl2 80 334816 0 334701 4 1 3 3 0 8 0
amappl1 72 756071 0 755661 27 18 9 20 0 8 0
amappl 80 95441 0 95249 6 2 4 5 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 139 0 10 3 0 3 3 0 8 0
uaddrrnd 24 42304 0 41855 3 0 3 3 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 42304 0 41855 3 0 3 3 0 8 0
vmmpekpl 168 193632 0 193571 5 1 4 4 0 8 0
vmmpepl 168 5032567 0 5028735 1946 1740 206 216 0 357 36
vmsppl 272 41867 0 41855 16 15 1 2 0 8 0
pdppl 4096 84614 0 84303 50 10 40 40 0 8 0
pvpl 32 12489685 0 12466114 2228 2024 204 366 0 265 9
pmappl 200 42303 0 42012 18 2 16 16 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 3869 0 2891 32 2 30 31 0 8 0
ddb>