panic: fifo_badop called
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*437617 87013 0 0x2 0 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
fifo_badop(ffff8000149102f8) at fifo_badop+0x14 sys/miscfs/fifofs/fifo_vnops.c:491
VOP_STRATEGY(fffffd8037d8c800) at VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:727
bwrite(fffffd8037d8c800) at bwrite+0x206 sys/kern/vfs_bio.c:738
VOP_BWRITE(fffffd8037d8c800) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:739
ufs_mkdir(ffff800014910580) at ufs_mkdir+0x6b7 sys/ufs/ufs/ufs_vnops.c:1250
VOP_MKDIR(fffffd8036b9b358,ffff8000149106e0,ffff800014910730,ffff800014910610) at VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450
domkdirat(ffff8000ffff84f8,ffffff9c,7f7ffffe0cc0,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:2983
syscall(ffff8000149108b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,88,7f7ffffe0cc0,88,0,7f7ffffe0ce4) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0d30, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
fifo_badop called
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
fifo_badop(ffff8000149102f8) at fifo_badop+0x14 sys/miscfs/fifofs/fifo_vnops.c:491
VOP_STRATEGY(fffffd8037d8c800) at VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:727
bwrite(fffffd8037d8c800) at bwrite+0x206 sys/kern/vfs_bio.c:738
VOP_BWRITE(fffffd8037d8c800) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:739
ufs_mkdir(ffff800014910580) at ufs_mkdir+0x6b7 sys/ufs/ufs/ufs_vnops.c:1250
VOP_MKDIR(fffffd8036b9b358,ffff8000149106e0,ffff800014910730,ffff800014910610) at VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450
domkdirat(ffff8000ffff84f8,ffffff9c,7f7ffffe0cc0,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:2983
syscall(ffff8000149108b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,88,7f7ffffe0cc0,88,0,7f7ffffe0ce4) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0d30, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800014910220
rbx 0xffff8000149102d0
rdx 0x2
rcx 0
rax 0
r8 0xffff8000149101e0
r9 0x1
r10 0
r11 0xc8cccb201f6756b9
r12 0x3000000008
r13 0xffff800014910230
r14 0x100
r15 0x1
rip 0xffffffff8147e928 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014910210
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.1) pid=437617 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800014914ee8,0xffff8000149142a0
process=0xffff8000ffff6a30 user=0xffff80001490b000, vmspace=0xfffffd803f013dd0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69185 501861 62140 0 2 0 syz-executor.0
69185 432664 62140 0 2 0x4000000 syz-executor.0
*87013 437617 73318 0 7 0x2 syz-executor.1
16198 8195 0 0 3 0x14200 acct acct
62140 293369 73318 0 3 0x82 nanosleep syz-executor.0
36227 236903 1 0 3 0x100083 ttyin getty
11431 461943 0 0 3 0x14200 bored sosplice
73318 155565 38908 0 3 0x82 thrsleep syz-fuzzer
73318 53760 38908 0 3 0x4000082 nanosleep syz-fuzzer
73318 74843 38908 0 3 0x4000082 thrsleep syz-fuzzer
73318 402737 38908 0 3 0x4000082 thrsleep syz-fuzzer
73318 242409 38908 0 3 0x4000082 thrsleep syz-fuzzer
73318 317474 38908 0 3 0x4000082 kqread syz-fuzzer
73318 64110 38908 0 3 0x4000082 thrsleep syz-fuzzer
73318 315962 38908 0 3 0x4000082 thrsleep syz-fuzzer
38908 311666 57567 0 3 0x10008a pause ksh
57567 327632 55198 0 3 0x92 select sshd
55198 31928 1 0 3 0x80 select sshd
6539 513075 55061 73 3 0x100090 kqread syslogd
55061 506495 1 0 3 0x100082 netio syslogd
91645 12501 0 0 2 0x14200 zerothread
37362 204697 0 0 3 0x14200 aiodoned aiodoned
67813 510983 0 0 3 0x14200 syncer update
12756 381957 0 0 3 0x14200 cleaner cleaner
31424 228353 0 0 3 0x14200 reaper reaper
79976 215293 0 0 3 0x14200 pgdaemon pagedaemon
83960 38779 0 0 3 0x14200 bored crynlk
23988 477084 0 0 3 0x14200 bored crypto
37538 500639 0 0 3 0x40014200 acpi0 acpi0
82780 280358 0 0 3 0x14200 bored softnet
86663 485782 0 0 3 0x14200 bored systqmp
85929 432037 0 0 3 0x14200 bored systq
10210 66947 0 0 3 0x40014200 bored softclock
20529 132187 0 0 3 0x40014200 idle0
66270 59844 0 0 3 0x14200 bored smr
1 277521 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9546 7182K 8676K 78643K 17390 0 0
pcb 13 8K 9K 78643K 246 0 0
rtable 92 7K 8K 78643K 541 0 0
ifaddr 68 14K 15K 78643K 216 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 87 0 0
iov 0 0K 24K 78643K 296 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1228 77K 78K 78643K 3146 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 30 0 0
VM map 7 1K 1K 78643K 13 0 0
sem 12 1K 1K 78643K 179 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 1120 0 0
sigio 0 0K 0K 78643K 26 0 0
proc 44 30K 63K 78643K 668 0 0
subproc 32 2K 2K 78643K 123 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 86 0 0
in_multi 20 1K 2K 78643K 146 0 0
ether_multi 1 0K 0K 78643K 12 0 0
mrt 0 0K 0K 78643K 7 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 66 291K 291K 78643K 66 0 0
exec 0 0K 1K 78643K 406 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 107 70K 70K 78643K 3762 0 0
UVM aobj 90 3K 3K 78643K 97 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 248 0 0
NDP 16 0K 0K 78643K 66 0 0
temp 198 3540K 4179K 78643K 29719 0 0
kqueue 0 0K 0K 78643K 7 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 37 0 33 1 0 1 1 0 8 0
rtpcb 80 129 0 129 2 1 1 1 0 8 1
rtentry 112 157 0 124 2 0 2 2 0 8 0
unpcb 120 546 0 539 1 0 1 1 0 8 0
syncache 264 8 0 8 3 3 0 1 0 8 0
tcpqe 32 54 0 54 2 2 0 1 0 8 0
tcpcb 544 379 0 375 2 1 1 2 0 8 0
ipq 40 9 0 9 4 3 1 1 0 8 1
ipqe 40 321 0 321 4 3 1 1 0 8 1
inpcb 280 1551 0 1547 10 8 2 4 0 8 1
rttmr 72 3 0 2 3 2 1 1 0 8 0
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 6 0 6 1 1 0 1 0 8 0
nd6 48 17 0 16 2 1 1 1 0 8 0
ppxss 1128 25 0 25 6 5 1 1 0 8 1
art_heap8 4096 14 0 11 5 1 4 4 0 8 1
art_heap4 256 762 0 555 23 8 15 19 0 8 0
art_table 32 776 0 566 3 0 3 3 0 8 0
art_node 16 156 0 125 1 0 1 1 0 8 0
sysvmsgpl 40 32 0 22 1 0 1 1 0 8 0
semupl 112 3 0 3 2 2 0 1 0 8 0
semapl 112 177 0 167 1 0 1 1 0 8 0
shmpl 112 95 0 7 3 0 3 3 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 3296 0 1905 46 0 46 46 0 8 0
ffsino 240 3296 0 1905 83 0 83 83 0 8 0
nchpl 144 5192 0 3599 61 0 61 61 0 8 0
uvmvnodes 72 4921 0 0 90 0 90 90 0 8 0
vnodes 208 4921 0 0 259 0 259 259 0 8 0
namei 1024 17560 0 17557 1 0 1 1 0 8 0
vcpupl 1984 5 0 0 1 0 1 1 0 8 0
vmpool 520 11 0 6 1 0 1 1 0 8 0
scsiplug 64 2 0 2 1 1 0 1 0 8 0
scxspl 192 17201 0 17201 12 11 1 7 0 8 1
plimitpl 152 112 0 106 1 0 1 1 0 8 0
sigapl 432 1277 0 1266 2 0 2 2 0 8 0
futexpl 56 32430 0 32430 1 0 1 1 0 8 1
knotepl 112 296 0 277 1 0 1 1 0 8 0
kqueuepl 104 282 0 280 1 0 1 1 0 8 0
pipepl 112 722 0 703 1 0 1 1 0 8 0
fdescpl 424 1278 0 1266 2 0 2 2 0 8 0
filepl 120 11176 0 11091 7 3 4 5 0 8 1
lockfpl 104 482 0 482 1 0 1 1 0 8 1
lockfspl 48 158 0 158 1 0 1 1 0 8 1
sessionpl 112 23 0 15 1 0 1 1 0 8 0
pgrppl 48 82 0 74 1 0 1 1 0 8 0
ucredpl 96 1713 0 1707 1 0 1 1 0 8 0
zombiepl 144 1266 0 1266 1 0 1 1 0 8 1
processpl 864 1294 0 1266 4 0 4 4 0 8 0
procpl 632 2805 0 2769 4 0 4 4 0 8 0
sosppl 128 10 0 10 4 4 0 1 0 8 0
sockpl 384 2244 0 2233 15 11 4 6 0 8 2
mcl64k 65536 87 0 87 2 1 1 1 0 8 1
mcl16k 16384 11 0 11 6 5 1 1 0 8 1
mcl12k 12288 16 0 16 6 5 1 1 0 8 1
mcl9k 9216 15 0 15 7 6 1 1 0 8 1
mcl8k 8192 59 0 59 2 1 1 1 0 8 1
mcl4k 4096 146 0 146 2 1 1 1 0 8 1
mcl2k2 2112 8 0 8 5 4 1 1 0 8 1
mcl2k 2048 70696 0 70649 16 9 7 14 0 8 0
mtagpl 80 74 0 47 2 1 1 1 0 8 0
mbufpl 256 119563 0 119412 39 21 18 21 0 8 8
bufpl 256 12531 0 6105 402 0 402 402 0 8 0
anonpl 16 175033 0 156086 130 37 93 93 0 62 14
amapchunkpl 152 6834 0 6717 24 14 10 15 0 158 4
amappl16 192 7820 0 6739 104 41 63 67 0 8 8
amappl15 184 273 0 271 2 1 1 1 0 8 0
amappl14 176 291 0 287 1 0 1 1 0 8 0
amappl13 168 9 0 8 1 0 1 1 0 8 0
amappl12 160 341 0 340 2 1 1 1 0 8 0
amappl11 152 59 0 54 1 0 1 1 0 8 0
amappl10 144 15 0 14 1 0 1 1 0 8 0
amappl9 136 728 0 722 1 0 1 1 0 8 0
amappl8 128 310 0 277 2 0 2 2 0 8 0
amappl7 120 73 0 66 1 0 1 1 0 8 0
amappl6 112 77 0 67 1 0 1 1 0 8 0
amappl5 104 526 0 519 1 0 1 1 0 8 0
amappl4 96 1439 0 1413 1 0 1 1 0 8 0
amappl3 88 437 0 430 1 0 1 1 0 8 0
amappl2 80 9416 0 9355 3 1 2 3 0 8 0
amappl1 72 33048 0 32671 27 19 8 20 0 8 0
amappl 80 3112 0 3075 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 96 0 7 2 0 2 2 0 8 0
uaddrrnd 24 1289 0 1266 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1289 0 1266 1 0 1 1 0 8 0
vmmpekpl 168 12295 0 12264 2 0 2 2 0 8 0
vmmpepl 168 163683 0 161617 185 59 126 132 0 357 30
vmsppl 272 1277 0 1266 2 1 1 2 0 8 0
pdppl 4096 2584 0 2549 6 1 5 6 0 8 0
pvpl 32 504180 0 482224 291 75 216 282 0 265 36
pmappl 200 1288 0 1272 1 0 1 1 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 596 0 52 16 0 16 16 0 8 0