panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 50399 97820 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd8074db2880,8000,fffffd807f7d7618,ffff800037433030) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd806a6a8608,ffff800037433368,ffff800037433398) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff8000374330e0) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd806a6a8608,ffff800037433368,ffff800037433398,ffff800037433168) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff800037433338,70f,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a49d968,ffffff9c,20000040,70e,0,ffff8000374334e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff800037433590) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x452e90da510, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd8074db2880,8000,fffffd807f7d7618,ffff800037433030) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd806a6a8608,ffff800037433368,ffff800037433398) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff8000374330e0) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd806a6a8608,ffff800037433368,ffff800037433398,ffff800037433168) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff800037433338,70f,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a49d968,ffffff9c,20000040,70e,0,ffff8000374334e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff800037433590) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x452e90da510, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800037432dd0 rbx 0xfffffd807773dc00 rdx 0 rcx 0 rax 0xffff80002a49d968 r8 0x101010101010101 r9 0x8080808080808080 r10 0xb55f4c81ddabe8f0 r11 0x6b3f3b58b64ece73 r12 0 r13 0xfffffd8074db2790 r14 0 r15 0x1 rip 0xffffffff81c57035 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800037432dc0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=50399 pid=97820 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a49dbf0,0xffffffff834bb3e8 process=0xffff8000327f5138 user=0xffff80003742e000, vmspace=0xfffffd806aaf22d0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 97820 202848 74218 0 2 0 syz-executor *97820 50399 74218 0 7 0x4000000 syz-executor 10018 237129 5573 0 2 0 syz-executor 10018 124396 5573 0 3 0x4000080 fsleep syz-executor 73912 257907 67289 0 2 0 syz-executor 73912 451640 67289 0 3 0x4000080 fsleep syz-executor 27644 81271 33035 0 3 0x80 nanoslp syz-executor 27644 407502 33035 0 3 0x4000080 sbwait syz-executor 27644 201 33035 0 3 0x4000080 fsleep syz-executor 5573 365381 96175 0 3 0x82 nanoslp syz-executor 68638 347227 96175 0 2 0x2 syz-executor 67289 190887 96175 0 3 0x82 nanoslp syz-executor 33035 96202 96175 0 3 0x82 nanoslp syz-executor 74218 310078 96175 0 3 0x82 nanoslp syz-executor 77161 110480 96175 0 3 0x82 nanoslp syz-executor 83846 152371 96175 0 2 0x2 syz-executor 53786 208773 0 0 3 0x14200 bored sosplice 47076 521602 0 0 3 0x14280 nfsidl nfsio 96340 510571 0 0 3 0x14280 nfsidl nfsio 58772 264670 0 0 3 0x14280 nfsidl nfsio 96034 45774 0 0 3 0x14280 nfsidl nfsio 81567 71805 0 0 3 0x14280 nfsidl nfsio 91106 51142 0 0 3 0x14280 nfsidl nfsio 15265 498732 0 0 3 0x14280 nfsidl nfsio 9365 405181 0 0 3 0x14280 nfsidl nfsio 75077 375495 0 0 3 0x14280 nfsidl nfsio 82362 515230 0 0 3 0x14280 nfsidl nfsio 25243 515350 0 0 3 0x14280 nfsidl nfsio 12066 249872 0 0 3 0x14280 nfsidl nfsio 93266 520950 0 0 3 0x14280 nfsidl nfsio 45741 46314 0 0 3 0x14280 nfsidl nfsio 24247 217460 0 0 3 0x14280 nfsidl nfsio 11333 370137 0 0 3 0x14280 nfsidl nfsio 12913 203544 0 0 3 0x14280 nfsidl nfsio 71163 498696 0 0 3 0x14280 nfsidl nfsio 59948 276256 0 0 3 0x14280 nfsidl nfsio 96793 441444 0 0 3 0x14280 nfsidl nfsio 96175 81429 54724 0 3 0x82 wait syz-executor 54724 297823 60736 0 3 0x10008a sigsusp ksh 60736 457093 10421 0 3 0x98 kqread sshd-session 10421 130003 67676 0 3 0x92 kqread sshd-session 64375 518219 1 0 3 0x100083 ttyin getty 67676 359052 1 0 3 0x88 kqread sshd 34963 8590 96598 73 3 0x1100090 kqread syslogd 96598 441731 1 0 3 0x100082 sbwait syslogd 38583 37321 1 0 3 0x100080 kqread resolvd 60676 437266 52908 77 3 0x100092 kqread dhcpleased 3030 203391 52908 77 3 0x100092 kqread dhcpleased 52908 206079 1 0 3 0x80 kqread dhcpleased 45248 335776 0 0 3 0x14200 bored smr 57114 77183 0 0 2 0x14200 zerothread 73428 12667 0 0 3 0x14200 aiodoned aiodoned 59270 107735 0 0 3 0x14200 syncer update 61625 444530 0 0 3 0x14200 cleaner cleaner 62014 69267 0 0 3 0x14200 reaper reaper 36756 174722 0 0 3 0x14200 pgdaemon pagedaemon 50283 145641 0 0 3 0x14200 bored viomb 59878 492230 0 0 3 0x40014200 acpi0 acpi0 51853 250943 0 0 3 0x14200 bored softnet3 65300 184432 0 0 3 0x14200 bored softnet2 21365 171759 0 0 3 0x14200 bored softnet1 98805 337095 0 0 3 0x14200 bored softnet0 84008 457765 0 0 3 0x14200 bored systqmp 21523 72326 0 0 3 0x14200 bored systq 3317 296077 0 0 3 0x40014200 tmoslp softclock 91437 180086 0 0 3 0x40014200 idle0 1 55525 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10186 10217K 10414K 166960K 11855 0 pcb 18 12K 12K 166960K 68 0 rtable 240 9K 10K 166960K 639 0 pf 38 14K 17K 166960K 406 0 ifaddr 44 7K 7K 166960K 87 0 ifgroup 59 2K 2K 166960K 109 0 sysctl 2 0K 0K 166960K 2 0 counters 32 17K 17K 166960K 46 0 ioctlops 0 0K 4K 166960K 145 0 iov 1 2K 26K 166960K 34 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1458 92K 92K 166960K 1891 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 19 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 97K 166960K 581 0 sigio 0 0K 0K 166960K 7 0 proc 58 59K 124K 166960K 743 0 subproc 104 6K 6K 166960K 209 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 30 0 in_multi 99 7K 7K 166960K 198 0 ether_multi 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 549 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 209 78K 114K 166960K 6299 0 UVM aobj 15 2K 2K 166960K 16 0 pinsyscall 36 72K 96K 166960K 1792 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 21 0 NDP 21 1K 2K 166960K 59 0 temp 51 6810K 6882K 166960K 23354 0 kqueue 13 20K 26K 166960K 72 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 129 0 126 3 0 3 3 0 8 2 rtentry 112 206 0 98 4 0 4 4 0 8 0 unpcb 144 427 0 410 5 1 4 4 0 8 3 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 113 0 108 4 0 4 4 0 8 3 arp 88 35 0 17 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 44 0 44 1 1 0 1 0 8 0 inpcb 336 526 0 515 13 6 7 7 0 8 6 nd6 104 49 0 25 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 16 0 8 1 0 1 1 0 8 0 ppxss 1072 4 0 4 1 0 1 1 0 8 1 pfstscr 40 3 0 1 1 0 1 1 0 8 0 pfrktable 1344 1 0 1 1 0 1 1 0 8 1 pfanchor 1288 131 0 130 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 128 6 0 2 1 0 1 1 0 8 0 pfstate 344 3 0 1 1 0 1 1 0 8 0 pfrule 1344 69 0 68 2 1 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 817 0 361 29 0 29 29 0 8 0 art_table 32 818 0 361 4 0 4 4 0 8 0 art_node 16 203 0 105 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 4 1 0 1 1 0 8 0 semapl 112 16 0 6 1 0 1 1 0 8 0 shmpl 112 13 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2214 0 698 95 0 95 95 0 8 0 ffsino 240 2215 0 699 90 0 90 90 0 8 0 nchpl 144 2911 0 1217 63 0 63 63 0 8 0 uvmvnodes 80 2669 0 0 55 0 55 55 0 8 0 vnodes 216 2669 0 0 149 0 149 149 0 8 0 namei 1024 10345 0 10344 3 2 1 2 0 8 0 vcpupl 3904 2 0 0 1 0 1 1 0 8 0 vmpool 664 2 0 0 1 0 1 1 0 8 0 kstatmem 264 54 0 28 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 0 1 1 0 8 1 scxspl 216 10112 0 10112 10 2 8 8 1 8 8 plimitpl 152 113 0 97 1 0 1 1 0 8 0 sigapl 424 860 0 796 9 1 8 8 0 8 0 futexpl 64 5099 0 5096 1 0 1 1 0 8 0 knotepl 120 14297 0 14250 8 0 8 8 0 8 6 kqueuepl 184 140 0 130 3 0 3 3 0 8 2 pipepl 288 217 0 190 7 0 7 7 0 8 4 fdescpl 432 823 0 796 5 1 4 5 0 8 0 filepl 120 4550 0 4296 16 4 12 13 0 8 4 lockfpl 104 206 0 204 1 0 1 1 0 8 0 lockfspl 48 99 0 97 1 0 1 1 0 8 0 sessionpl 144 29 0 21 1 0 1 1 0 8 0 pgrppl 48 47 0 31 1 0 1 1 0 8 0 ucredpl 104 627 0 616 1 0 1 1 0 8 0 zombiepl 144 798 0 796 1 0 1 1 0 8 0 processpl 1096 860 0 796 5 0 5 5 0 8 0 procpl 648 1368 0 1299 8 0 8 8 0 8 1 sosppl 168 1 0 1 1 0 1 1 0 8 1 sockpl 504 1089 0 1058 26 14 12 16 0 8 7 mcl64k 65536 8 0 8 2 1 1 1 0 8 1 mcl16k 16384 2 0 2 2 1 1 1 0 8 1 mcl12k 12288 3 0 3 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 21 0 20 2 1 1 1 0 8 0 mcl4k 4096 8 0 8 2 1 1 1 0 8 1 mcl2k 2048 5818 0 5718 27 12 15 25 0 8 1 mtagpl 96 41 0 41 2 1 1 1 0 8 1 mbufpl 256 10743 0 10565 29 10 19 23 0 8 2 bufpl 280 5881 0 90 414 0 414 414 0 8 0 anonpl 24 186327 0 174974 76 3 73 73 0 187 3 amapchunkpl 152 21333 0 20878 39 0 39 39 0 158 18 amappl16 200 4274 0 3781 35 8 27 27 0 8 0 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 124 0 114 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 1561 0 1534 3 1 2 3 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 21 0 21 1 1 0 1 0 8 0 amappl9 144 128 0 128 1 1 0 1 0 8 0 amappl8 136 43 0 42 1 0 1 1 0 8 0 amappl7 128 120 0 110 1 0 1 1 0 8 0 amappl6 120 236 0 234 1 0 1 1 0 8 0 amappl5 112 166 0 157 1 0 1 1 0 8 0 amappl4 104 303 0 288 1 0 1 1 0 8 0 amappl3 96 4139 0 4042 4 0 4 4 0 8 1 amappl2 88 692 0 636 2 0 2 2 0 8 0 amappl1 80 9250 0 8724 14 1 13 14 0 8 1 amappl 88 5886 0 5732 5 0 5 5 0 92 0 dma65536 65536 2 0 2 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 15 0 1 1 0 1 1 0 8 0 uaddrrnd 24 825 0 796 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 825 0 796 1 0 1 1 0 8 0 vmmpekpl 168 8140 0 8087 3 0 3 3 0 8 0 vmmpepl 168 57737 0 55630 98 1 97 97 0 357 0 vmsppl 344 824 0 796 5 1 4 4 0 8 0 rwobjpl 24 22240 0 18251 25 0 25 25 0 8 0 pdppl 4096 1656 0 1594 115 43 72 82 0 8 10 pvpl 32 438395 0 420582 348 2 346 348 0 265 192 pmappl 216 824 0 796 3 0 3 3 0 8 1 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 456 0 95 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd8074db2880,8000,fffffd807f7d7618,ffff800037433030) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd806a6a8608,ffff800037433368,ffff800037433398) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff8000374330e0) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd806a6a8608,ffff800037433368,ffff800037433398,ffff800037433168) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff800037433338,70f,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a49d968,ffffff9c,20000040,70e,0,ffff8000374334e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff800037433590) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x452e90da510, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd8074db2880,8000,fffffd807f7d7618,ffff800037433030) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd806a6a8608,ffff800037433368,ffff800037433398) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff8000374330e0) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd806a6a8608,ffff800037433368,ffff800037433398,ffff800037433168) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff800037433338,70f,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a49d968,ffffff9c,20000040,70e,0,ffff8000374334e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff800037433590) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x452e90da510, count: -10