panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *150986 31708 0 0x2 0 0 syz-executor 116923 28057 0 0x2 0 1 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830e1d58) at panic+0x1e5 sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806dcadcd0,41ed,fffffd807f7d32d8,ffff80002a0b6368) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a0b63d0) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd807b117980,ffff80002a0b6530,ffff80002a0b6560,ffff80002a0b6460) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff8000359ac538,ffffff9c,7de2e37c31c0,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff80002a0b66e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a0b66e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7de2e37c3250, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: ffs_valloc: dup alloc ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830e1d58) at panic+0x1e5 sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806dcadcd0,41ed,fffffd807f7d32d8,ffff80002a0b6368) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a0b63d0) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd807b117980,ffff80002a0b6530,ffff80002a0b6560,ffff80002a0b6460) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff8000359ac538,ffffff9c,7de2e37c31c0,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff80002a0b66e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a0b66e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7de2e37c3250, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a0b60f0 rbx 0xffffffff83418d87 cpu_info_full_primary+0x2d87 rdx 0 rcx 0xffff8000359ac538 rax 0xffffffff83417ff0 cpu_info_full_primary+0x1ff0 r8 0 r9 0x8080808080808080 r10 0xfa9ea36cffc4f70d r11 0x18c99793d212b3c8 r12 0xffffffff83418b88 cpu_info_full_primary+0x2b88 r13 0 r14 0 r15 0x1 rip 0xffffffff814db415 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a0b60e0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=150986 pid=31708 tcnt=1 stat=onproc flags process=2 proc=0 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000359ac2b0,0xffff8000359ad1f0 process=0xffff8000ffff5fd0 user=0xffff80002a0b1000, vmspace=0xfffffd806bf2ec08 estcpu=36, cpticks=1, pctcpu=0.94, user=0, sys=112, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 96385 293799 28057 0 3 0x80 nanoslp syz-executor 96385 487775 28057 0 3 0x4000080 kqread syz-executor 96385 473674 28057 0 3 0x4000080 ttyout syz-executor 96385 24503 28057 0 3 0x4000080 fsleep syz-executor 13578 176782 0 0 3 0x14280 nfsidl nfsio 11158 513940 0 0 3 0x14280 nfsidl nfsio 96811 34333 0 0 3 0x14280 nfsidl nfsio 15946 207651 0 0 3 0x14280 nfsidl nfsio 26639 196736 0 0 3 0x14280 nfsidl nfsio 43188 452939 0 0 3 0x14280 nfsidl nfsio 59057 255599 0 0 3 0x14280 nfsidl nfsio 8860 203203 0 0 3 0x14280 nfsidl nfsio 74994 219608 0 0 3 0x14280 nfsidl nfsio 35524 508894 0 0 3 0x14280 nfsidl nfsio 60703 112849 0 0 3 0x14280 nfsidl nfsio 60252 303781 0 0 3 0x14280 nfsidl nfsio 53173 336855 0 0 3 0x14280 nfsidl nfsio 5861 43590 0 0 3 0x14280 nfsidl nfsio 94520 211898 0 0 3 0x14280 nfsidl nfsio 79602 231173 0 0 3 0x14280 nfsidl nfsio 74496 268380 0 0 3 0x14280 nfsidl nfsio 36153 49748 0 0 3 0x14280 nfsidl nfsio 70041 362027 0 0 3 0x14280 nfsidl nfsio 73675 198180 0 0 3 0x14280 nfsidl nfsio 6178 126089 33861 0 3 0x82 wait syz-executor *31708 150986 33861 0 7 0x2 syz-executor 28057 116923 33861 0 7 0x2 syz-executor 65896 502258 0 0 3 0x14200 bored sosplice 33861 458498 70054 0 3 0x82 wait syz-executor 70054 145859 3461 0 3 0x10008a sigsusp ksh 3461 167412 73812 0 3 0x98 kqread sshd-session 73812 258916 93 0 3 0x92 kqread sshd-session 60725 96747 1 0 3 0x100083 ttyin getty 93 97376 1 0 3 0x88 kqread sshd 74618 263255 1829 74 3 0x1100092 bpf pflogd 1829 158804 1 0 3 0x80 sbwait pflogd 71321 226023 21288 73 3 0x1100090 kqread syslogd 21288 305499 1 0 3 0x100082 sbwait syslogd 93673 90519 1 0 3 0x100080 kqread resolvd 15238 126091 3535 77 3 0x100092 kqread dhcpleased 92026 418770 3535 77 3 0x100092 kqread dhcpleased 3535 40698 1 0 3 0x80 kqread dhcpleased 44874 45070 0 0 3 0x14200 pause smr 53115 418202 0 0 3 0x14200 pgzero zerothread 30190 236467 0 0 3 0x14200 aiodoned aiodoned 96239 45848 0 0 3 0x14200 syncer update 88174 310570 0 0 3 0x14200 cleaner cleaner 30344 365713 0 0 3 0x14200 reaper reaper 5678 130642 0 0 3 0x14200 pgdaemon pagedaemon 52932 103014 0 0 3 0x14200 bored viomb 71085 435286 0 0 3 0x40014200 acpi0 acpi0 42175 220957 0 0 3 0x40014200 idle1 84005 391751 0 0 3 0x14200 bored softnet3 67278 359606 0 0 3 0x14200 bored softnet2 27297 257704 0 0 3 0x14200 bored softnet1 10035 293284 0 0 3 0x14200 bored softnet0 14218 338782 0 0 3 0x14200 bored systqmp 19578 47350 0 0 3 0x14200 bored systq 43164 458825 0 0 3 0x14200 tmoslp softclockmp 23349 467986 0 0 2 0x40014200 softclock 1298 61928 0 0 3 0x40014200 idle0 1 176490 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 31708 (syz-executor) thread 0xffff8000359ac538 (150986) exclusive rrwlock inode r = 0 (0xfffffd806bd2ce70) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:120 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 #10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806dcadd68) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3085 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff835b9590) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #1 syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10199 10176K 10451K 166960K 11630 0 pcb 17 12K 12K 166960K 92 0 rtable 214 16K 16K 166960K 709 0 pf 38 18K 22K 166960K 112 0 ifaddr 40 6K 7K 166960K 91 0 ifgroup 59 2K 2K 166960K 119 0 sysctl 2 0K 1K 166960K 3 0 counters 66 36K 37K 166960K 96 0 ioctlops 0 0K 4K 166960K 1563 0 iov 0 0K 28K 166960K 55 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1429 90K 90K 166960K 1858 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 9 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 16 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 12 41K 93K 166960K 648 0 sigio 0 0K 0K 166960K 2 0 proc 70 91K 140K 166960K 813 0 subproc 104 6K 6K 166960K 221 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 38 0 in_multi 85 6K 7K 166960K 215 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 563 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 202 75K 94K 166960K 7199 0 UVM aobj 13 2K 2K 166960K 16 0 pinsyscall 37 74K 104K 166960K 1988 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 22 0 NDP 13 0K 2K 166960K 63 0 temp 55 6818K 6886K 166960K 23224 0 kqueue 14 22K 28K 166960K 87 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 76 0 73 1 0 1 1 0 8 0 rtentry 112 229 0 137 4 0 4 4 0 8 0 unpcb 144 620 0 603 8 2 6 6 0 8 5 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpqe 32 2 0 2 1 0 1 1 0 8 1 tcpcb 808 154 0 148 5 4 1 5 0 8 0 arp 120 41 0 24 1 0 1 1 0 8 0 inpcb 336 582 0 573 7 3 4 5 0 8 3 nd6 136 55 0 30 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 kcovpl 48 17 0 9 1 0 1 1 0 8 0 ppxss 1168 2 0 2 1 0 1 1 0 8 1 pffrag 232 4 0 0 1 0 1 1 0 482 0 pffrnode 88 4 0 0 1 0 1 1 0 8 0 pffrent 40 4 0 0 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 4 0 1 1 0 1 1 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pfstitem 24 72 0 18 1 0 1 1 0 8 0 pfstkey 128 74 0 20 2 0 2 2 0 8 0 pfstate 376 71 0 19 6 0 6 6 0 8 0 pfrule 1344 30 0 20 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 924 0 512 32 2 30 30 0 8 3 art_table 32 925 0 512 4 0 4 4 0 8 0 art_node 16 227 0 146 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 2 1 0 1 1 0 8 0 semapl 112 14 0 4 1 0 1 1 0 8 0 shmpl 112 13 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2258 0 738 96 0 96 96 0 8 0 ffsino 272 2259 0 739 102 0 102 102 0 8 0 nchpl 144 3044 0 1350 64 0 64 64 0 8 0 uvmvnodes 80 2712 0 0 56 0 56 56 0 8 0 vnodes 216 2712 0 0 151 0 151 151 0 8 0 namei 1024 10933 0 10932 2 1 1 2 0 8 0 percpumem 16 62 0 15 1 0 1 1 0 8 0 vcpupl 3904 2 0 0 1 0 1 1 0 8 0 vmpool 696 2 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 56 0 30 3 0 3 3 0 8 0 scxspl 216 12883 0 12883 10 2 8 8 1 8 8 plimitpl 152 197 0 179 1 0 1 1 0 8 0 sigapl 424 960 0 895 10 1 9 9 0 8 0 futexpl 64 6254 0 6253 2 1 1 1 0 8 0 knotepl 120 567 0 0 17 0 17 17 0 8 0 kqueuepl 216 123 0 113 1 0 1 1 0 8 0 pipepl 320 159 0 132 3 0 3 3 0 8 0 fdescpl 496 921 0 895 6 1 5 5 0 8 0 filepl 152 4851 0 4610 18 3 15 15 0 8 4 lockfpl 104 144 0 142 1 0 1 1 0 8 0 lockfspl 48 65 0 63 1 0 1 1 0 8 0 sessionpl 144 31 0 22 1 0 1 1 0 8 0 pgrppl 48 53 0 36 1 0 1 1 0 8 0 ucredpl 104 782 0 769 1 0 1 1 0 8 0 zombiepl 144 901 0 895 1 0 1 1 0 8 0 processpl 1160 960 0 895 7 1 6 6 0 8 0 procpl 648 1590 0 1522 8 0 8 8 0 8 0 srpgc 96 4 0 4 1 0 1 1 0 8 1 sosppl 168 1 0 1 1 1 0 1 0 8 0 sockpl 664 1322 0 1293 17 3 14 14 0 8 10 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 258 0 0 33 0 33 33 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 381 0 0 23 0 23 23 0 8 0 bufpl 280 5425 0 101 381 0 381 381 0 8 0 anonpl 24 151986 0 148757 54 6 48 52 0 185 21 amapchunkpl 152 23211 0 22833 34 5 29 34 0 158 9 amappl16 200 2673 0 2653 8 3 5 6 0 8 2 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 207 0 195 1 0 1 1 0 8 0 amappl13 176 9 0 9 1 1 0 1 0 8 0 amappl12 168 1756 0 1729 3 1 2 2 0 8 0 amappl11 160 55 0 41 1 0 1 1 0 8 0 amappl10 152 11 0 11 1 1 0 1 0 8 0 amappl9 144 198 0 198 1 1 0 1 0 8 0 amappl8 136 38 0 34 1 0 1 1 0 8 0 amappl7 128 149 0 137 1 0 1 1 0 8 0 amappl6 120 281 0 280 1 0 1 1 0 8 0 amappl5 112 171 0 158 1 0 1 1 0 8 0 amappl4 104 354 0 334 1 0 1 1 0 8 0 amappl3 96 4435 0 4344 4 0 4 4 0 8 0 amappl2 88 743 0 678 2 0 2 2 0 8 0 amappl1 80 9935 0 9368 14 1 13 14 0 8 0 amappl 88 6723 0 6585 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 15 0 3 1 0 1 1 0 8 0 uaddrrnd 24 923 0 895 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 923 0 895 1 0 1 1 0 8 0 vmmpekpl 168 9355 0 9300 3 0 3 3 0 8 0 vmmpepl 168 61878 0 60242 90 3 87 88 0 357 1 vmsppl 440 922 0 895 6 2 4 5 0 8 0 rwobjpl 56 21957 0 18324 52 0 52 52 0 8 0 pdppl 4096 1853 0 1792 114 41 73 85 0 8 12 pvpl 32 27582 0 0 223 0 223 223 0 265 0 pmappl 248 922 0 895 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 429 0 54 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830e1d58) at panic+0x1e5 sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806dcadcd0,41ed,fffffd807f7d32d8,ffff80002a0b6368) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a0b63d0) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd807b117980,ffff80002a0b6530,ffff80002a0b6560,ffff80002a0b6460) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff8000359ac538,ffffff9c,7de2e37c31c0,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff80002a0b66e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a0b66e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7de2e37c3250, count: -8 ddb{0}> machine ddbcpu 1