panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *110786 52657 0 0x2 0 0K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8349593d) at panic+0x1e5 sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806d060830,41ed,fffffd80097fd618,ffff80002a362a48) at ffs_inode_alloc+0x94e ufs_mkdir(ffff80002a362ab0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ced97d8,ffff80002a362c10,ffff80002a362c40,ffff80002a362b40) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a220fa8,ffffff9c,7a67792b2390,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3149 syscall(ffff80002a362dc0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a362dc0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a67792b2430, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: ffs_valloc: dup alloc ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8349593d) at panic+0x1e5 sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806d060830,41ed,fffffd80097fd618,ffff80002a362a48) at ffs_inode_alloc+0x94e ufs_mkdir(ffff80002a362ab0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ced97d8,ffff80002a362c10,ffff80002a362c40,ffff80002a362b40) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a220fa8,ffffff9c,7a67792b2390,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3149 syscall(ffff80002a362dc0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a362dc0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a67792b2430, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a3627c0 rbx 0xffffffff83992e07 cpu_info_full_primary+0x2e07 rdx 0 rcx 0xffff80002a220fa8 rax 0xffffffff83991ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x7b84400bdda75224 r11 0x6cdade5ddd13bcc1 r12 0xffffffff83992c08 cpu_info_full_primary+0x2c08 r13 0 r14 0 r15 0x1 rip 0xffffffff82e5bf15 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a3627b0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=110786 pid=52657 tcnt=1 stat=onproc flags process=2 proc=0 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a221240,0xffff80002a220d20 process=0xffff8000ffff5ce8 user=0xffff80002a35d000, vmspace=0xfffffd806f3a83d8 estcpu=36, cpticks=139, pctcpu=0.34, user=1, sys=137, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 5098 207573 1 0 3 0x100083 ttyin getty 46736 515569 0 0 3 0x14200 acct acct 26542 81709 49558 0 3 0x82 piperd syz-executor 38976 178286 0 0 3 0x14280 nfsidl nfsio 29727 513236 0 0 3 0x14280 nfsidl nfsio 42381 391195 0 0 3 0x14280 nfsidl nfsio 57146 306614 0 0 3 0x14280 nfsidl nfsio 69957 143308 0 0 3 0x14280 nfsidl nfsio 19777 343258 0 0 3 0x14280 nfsidl nfsio 76937 131687 0 0 3 0x14280 nfsidl nfsio 50374 419378 0 0 3 0x14280 nfsidl nfsio 56791 424089 0 0 3 0x14280 nfsidl nfsio 34276 56465 0 0 3 0x14280 nfsidl nfsio 53080 169544 0 0 3 0x14280 nfsidl nfsio 66435 387789 0 0 3 0x14280 nfsidl nfsio 65083 312016 0 0 3 0x14280 nfsidl nfsio 77900 92642 0 0 3 0x14280 nfsidl nfsio 76891 134226 0 0 3 0x14280 nfsidl nfsio 89540 97741 0 0 3 0x14280 nfsidl nfsio 3113 44860 0 0 3 0x14280 nfsidl nfsio 4255 317562 0 0 3 0x14280 nfsidl nfsio 33161 280250 0 0 3 0x14280 nfsidl nfsio 54903 305441 0 0 3 0x14280 nfsidl nfsio *52657 110786 49558 0 7 0x2 syz-executor 82515 301508 49558 0 3 0x82 piperd syz-executor 49558 492590 62646 0 3 0x82 wait syz-executor 62646 322308 62690 0 3 0x10008a sigsusp ksh 62690 255011 81229 0 3 0x98 kqread sshd-session 81229 72976 87508 0 3 0x92 kqread sshd-session 87508 400126 1 0 3 0x88 kqread sshd 72749 352825 54380 74 3 0x1100092 bpf pflogd 54380 104021 1 0 3 0x80 sbwait pflogd 44611 157904 68710 73 3 0x1100090 kqread syslogd 68710 158433 1 0 3 0x100082 sbwait syslogd 51851 103273 1 0 3 0x100080 kqread resolvd 78154 113760 52182 77 3 0x100092 kqread dhcpleased 8600 159114 52182 77 3 0x100092 kqread dhcpleased 52182 110497 1 0 3 0x80 kqread dhcpleased 98654 42108 0 0 3 0x14200 bored smr 91450 454203 0 0 3 0x14200 pgzero zerothread 85092 422939 0 0 3 0x14200 aiodoned aiodoned 3106 238710 0 0 3 0x14200 syncer update 40644 455612 0 0 3 0x14200 cleaner cleaner 13046 80924 0 0 3 0x14200 reaper reaper 74919 181573 0 0 3 0x14200 pgdaemon pagedaemon 22161 479474 0 0 3 0x14200 bored viomb 15487 510078 0 0 3 0x40014200 acpi0 acpi0 96221 230555 0 0 7 0x40014200 idle1 90232 355172 0 0 3 0x14200 bored softnet1 87248 232598 0 0 3 0x14200 bored softnet0 72250 390807 0 0 3 0x14200 smrbar systqmp 4792 523236 0 0 3 0x14200 bored systq 5897 466655 0 0 3 0x14200 tmoslp softclockmp 74930 412105 0 0 3 0x40014200 tmoslp softclock 34302 356969 0 0 3 0x40014200 idle0 1 403520 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 52657 (syz-executor) thread 0xffff80002a220fa8 (110786) exclusive rrwlock inode r = 0 (0xfffffd806e4e0dc0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline] #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232 #6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3149 #10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d0608d0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vfs_lookup+0x12b sys/kern/vfs_lookup.c:431 #6 namei+0x7c5 sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3134 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83aaab00) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] #1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783 #2 Xsyscall+0x128 Process 72250 (systqmp) thread 0xffff8000ffffe298 (390807) shared rwlock systqmp r = 0 (0xffffffff839414b8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11092 12108K 12490K 166960K 13317 0 pcb 17 18K 24K 166960K 350 0 rtable 264 10K 12K 166960K 503 0 pf 43 19K 25K 166960K 159 0 ifaddr 43 7K 8K 166960K 70 0 ifgroup 55 2K 2K 166960K 102 0 sysctl 3 1K 9K 166960K 9 0 counters 70 37K 37K 166960K 252 0 ioctlops 0 0K 4K 166960K 1800 0 iov 0 0K 16K 166960K 34 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1486 93K 94K 166960K 2480 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 25 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 198 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 10 33K 110K 166960K 919 0 sigio 0 0K 0K 166960K 15 0 proc 72 115K 163K 166960K 642 0 subproc 72 4K 4K 166960K 82 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 83 0 in_multi 100 7K 7K 166960K 129 0 ether_multi 1 0K 0K 166960K 4 0 mrt 1 0K 0K 166960K 31 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 638 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 183 150K 177K 166960K 10060 0 UVM aobj 29 2K 2K 166960K 34 0 pinsyscall 35 70K 106K 166960K 2151 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 28 0 NDP 12 0K 2K 166960K 50 0 temp 61 9119K 9245K 166960K 45450 0 kqueue 13 20K 33K 166960K 185 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 87 0 84 1 0 1 1 0 8 0 rtentry 176 149 0 38 6 0 6 6 0 8 0 unpcb 144 805 0 788 6 5 1 6 0 8 0 syncache 336 17 0 17 1 0 1 1 0 8 1 tcpcb 736 204 0 200 5 4 1 4 0 8 0 arp 136 24 0 4 1 0 1 1 0 8 0 inpcb 328 976 0 969 14 8 6 10 0 8 5 nd6 152 37 0 5 2 0 2 2 0 8 0 pkpcb 40 9 0 9 2 1 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 87 0 87 1 0 1 1 0 8 1 pppxif 1576 1 0 1 1 1 0 1 0 8 0 pfstscr 40 11 0 7 1 0 1 1 0 8 0 pffrag 232 10 0 1 1 0 1 1 0 482 0 pffrnode 88 9 0 1 1 0 1 1 0 8 0 pffrent 40 11 0 2 1 0 1 1 0 8 0 pfosfp 40 1428 0 1428 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 13 8 21 0 8 8 pfrktable 1344 4 0 4 1 1 0 1 0 8 0 pfsrclim 320 1 0 1 1 1 0 1 0 8 0 pfstlim 224 3 0 3 2 1 1 1 0 8 1 pfanchor 1288 12 0 1 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 83 0 23 1 0 1 1 0 8 0 pfstkey 128 94 0 34 3 0 3 3 0 8 1 pfstate 448 86 0 29 7 0 7 7 0 8 0 pfrule 1360 34 0 27 2 0 2 2 0 8 0 rttmr 136 4 0 4 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 719 0 112 39 0 39 39 0 8 0 art_table 40 720 0 112 7 0 7 7 0 8 0 art_node 32 149 0 39 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 9 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 72 156 0 146 1 0 1 1 0 8 0 shmpl 112 31 0 5 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 3036 0 1567 93 0 93 93 0 8 0 ffsino 296 3037 0 1568 114 0 114 114 0 8 0 nchpl 144 4321 0 2619 64 0 64 64 0 8 0 rtmask 32 5 0 5 2 1 1 1 0 8 1 vnodes 216 3909 0 0 218 0 218 218 0 8 0 namei 1024 14847 0 14846 1 0 1 1 0 8 0 percpumem 16 141 0 91 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 1 1 1 0 1 0 8 0 kstatmem 264 63 0 36 3 0 3 3 0 8 0 scsiplug 72 5 0 5 2 1 1 1 0 8 1 scxspl 216 13781 0 13781 11 10 1 8 1 8 1 plimitpl 152 170 0 153 1 0 1 1 0 8 0 sigapl 424 1256 0 1195 8 0 8 8 0 8 0 knotepl 120 536 0 0 17 0 17 17 0 8 0 kqueuepl 224 321 0 312 5 4 1 5 0 8 0 pipepl 344 178 0 151 3 0 3 3 0 8 0 fdescpl 528 1219 0 1195 3 0 3 3 0 8 0 filepl 160 7864 0 7661 24 9 15 21 0 8 5 lockfpl 104 412 0 410 3 0 3 3 0 8 2 lockfspl 48 184 0 182 1 0 1 1 0 8 0 sessionpl 144 63 0 54 1 0 1 1 0 8 0 pgrppl 48 77 0 60 1 0 1 1 0 8 0 ucredpl 104 1206 0 1193 1 0 1 1 0 8 0 zombiepl 144 1200 0 1195 1 0 1 1 0 8 0 processpl 1232 1256 0 1195 6 0 6 6 0 8 0 procpl 664 2514 0 2453 8 0 8 8 0 8 0 sosppl 176 3 0 3 2 1 1 1 0 8 1 sockpl 752 1929 0 1902 34 24 10 23 0 8 7 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl9k128 9344 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 130 0 0 17 0 17 17 0 8 0 mcl2k 2048 24 0 0 3 0 3 3 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 189 0 0 12 0 12 12 0 8 0 bufpl 280 4191 0 110 292 0 292 292 0 8 0 anonpl 32 12224 0 0 99 0 99 99 0 246 0 amapchunkpl 152 33142 0 32784 46 6 40 40 0 158 16 amappl16 200 4345 0 4234 27 14 13 25 0 8 1 amappl15 192 9 0 9 2 2 0 1 0 8 0 amappl14 184 450 0 449 1 0 1 1 0 8 0 amappl13 176 142 0 130 1 0 1 1 0 8 0 amappl12 168 1480 0 1457 2 0 2 2 0 8 0 amappl11 160 4 0 4 2 2 0 1 0 8 0 amappl10 152 64 0 50 1 0 1 1 0 8 0 amappl9 144 292 0 292 2 2 0 1 0 8 0 amappl8 136 105 0 102 1 0 1 1 0 8 0 amappl7 128 161 0 147 1 0 1 1 0 8 0 amappl6 120 164 0 162 1 0 1 1 0 8 0 amappl5 112 113 0 101 1 0 1 1 0 8 0 amappl4 104 326 0 305 1 0 1 1 0 8 0 amappl3 96 6696 0 6628 4 0 4 4 0 8 0 amappl2 88 634 0 572 2 0 2 2 0 8 0 amappl1 80 15849 0 15270 19 2 17 18 0 8 0 amappl 88 9131 0 9018 5 0 5 5 0 92 0 uvmvnodes 80 113 0 0 3 0 3 3 0 8 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 255 0 255 3 2 1 1 0 8 1 dma64 64 9 0 9 3 2 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 33 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1219 0 1195 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1219 0 1195 1 0 1 1 0 8 0 vmmpekpl 168 11943 0 11894 3 0 3 3 0 8 0 vmmpepl 168 87714 0 86083 107 9 98 105 0 357 3 vmsppl 488 1218 0 1195 5 1 4 5 0 8 0 rwobjpl 80 27066 0 25964 33 3 30 32 0 8 0 pdppl 4096 2445 0 2390 113 50 63 85 0 8 8 pvpl 32 18815 0 0 152 0 152 152 0 265 0 pmappl 256 1218 0 1195 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 309 0 58 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8349593d) at panic+0x1e5 sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806d060830,41ed,fffffd80097fd618,ffff80002a362a48) at ffs_inode_alloc+0x94e ufs_mkdir(ffff80002a362ab0) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ced97d8,ffff80002a362c10,ffff80002a362c40,ffff80002a362b40) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a220fa8,ffffff9c,7a67792b2390,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3149 syscall(ffff80002a362dc0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a362dc0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a67792b2430, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff80002999dff0) at sched_idle+0x371 sys/kern/kern_sched.c:192 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff80002999dff0) at sched_idle+0x371 sys/kern/kern_sched.c:192 end trace frame: 0x0, count: -5