panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *177092 45904 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1ca1) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd80775600f8,202d,fffffd807f7d7410,ffff8000327f5330) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(202d,fffffd80773892b8,ffff8000327f5550,ffff8000327f5580) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_mknod(ffff8000327f53f0) at ufs_mknod+0x5b sys/ufs/ufs/ufs_vnops.c:167 VOP_MKNOD(fffffd80773892b8,ffff8000327f5550,ffff8000327f5580,ffff8000327f5480) at VOP_MKNOD+0x102 sys/kern/vfs_vops.c:121 domknodat(ffff8000376076f0,ffffff9c,20000000,4f7b202d,504) at domknodat+0x47e sys/kern/vfs_syscalls.c:1624 syscall(ffff8000327f5720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf20175e11d0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1ca1) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd80775600f8,202d,fffffd807f7d7410,ffff8000327f5330) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(202d,fffffd80773892b8,ffff8000327f5550,ffff8000327f5580) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_mknod(ffff8000327f53f0) at ufs_mknod+0x5b sys/ufs/ufs/ufs_vnops.c:167 VOP_MKNOD(fffffd80773892b8,ffff8000327f5550,ffff8000327f5580,ffff8000327f5480) at VOP_MKNOD+0x102 sys/kern/vfs_vops.c:121 domknodat(ffff8000376076f0,ffffff9c,20000000,4f7b202d,504) at domknodat+0x47e sys/kern/vfs_syscalls.c:1624 syscall(ffff8000327f5720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf20175e11d0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000327f50d0 rbx 0xfffffd807756f000 rdx 0xffff800001156540 rcx 0 rax 0xffff8000376076f0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x731195c2158d55e1 r11 0x31e78eb967d80bfc r12 0 r13 0xfffffd8077560e18 r14 0 r15 0x1 rip 0xffffffff810b2dc5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000327f50c0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=177092 pid=45904 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800037607468,0xffff8000376062c0 process=0xffff8000ffff59c8 user=0xffff8000327f0000, vmspace=0xfffffd8065fddc30 estcpu=28, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 70557 205251 94197 0 2 0x100000 sh 39591 330191 80437 0 3 0x2 clonelk ifconfig 94197 9427 49685 0 3 0x10008a sigsusp sh 80437 323849 20963 0 3 0x10008a sigsusp sh 45904 21150 97079 0 2 0 syz-executor *45904 177092 97079 0 7 0x4000000 syz-executor 81372 86653 7109 0 2 0 syz-executor 81372 139062 7109 0 3 0x4000080 fsleep syz-executor 81372 492138 7109 0 3 0x4000080 fsleep syz-executor 81372 258363 7109 0 3 0x4000080 fsleep syz-executor 88240 166366 69576 0 2 0 syz-executor 49685 339524 1079 0 3 0x82 wait syz-executor 80403 155747 71101 0 2 0 syz-executor 20963 374299 1079 0 3 0x82 wait syz-executor 61159 257712 1079 0 3 0x82 piperd syz-executor 7109 7983 1079 0 2 0x482 syz-executor 69576 3976 1079 0 2 0x482 syz-executor 97079 204550 1079 0 2 0x482 syz-executor 71101 71639 1079 0 3 0x82 nanoslp syz-executor 1079 513643 35453 0 3 0x82 wait syz-executor 35453 387872 42226 0 3 0x10008a sigsusp ksh 42226 300023 49982 0 3 0x98 kqread sshd-session 49982 2877 89018 0 3 0x92 kqread sshd-session 65696 458620 1 0 3 0x100083 ttyin getty 89018 30298 1 0 3 0x88 kqread sshd 85295 250216 68631 73 3 0x1100090 kqread syslogd 68631 96806 1 0 3 0x100082 sbwait syslogd 4238 330997 1 0 3 0x100080 kqread resolvd 90530 444600 2632 77 3 0x100092 kqread dhcpleased 66204 240819 2632 77 3 0x100092 kqread dhcpleased 2632 359743 1 0 3 0x80 kqread dhcpleased 98993 187220 0 0 3 0x14200 bored smr 78699 196272 0 0 2 0x14200 zerothread 33824 453658 0 0 3 0x14200 aiodoned aiodoned 30940 17758 0 0 3 0x14200 syncer update 81640 428083 0 0 3 0x14200 cleaner cleaner 83186 419736 0 0 3 0x14200 reaper reaper 86843 341414 0 0 3 0x14200 pgdaemon pagedaemon 78283 78046 0 0 3 0x14200 bored viomb 72677 474443 0 0 3 0x40014200 acpi0 acpi0 86544 196390 0 0 3 0x14200 bored softnet3 47082 379339 0 0 3 0x14200 bored softnet2 39969 482291 0 0 3 0x14200 bored softnet1 44196 115908 0 0 2 0x14200 softnet0 71705 288293 0 0 3 0x14200 bored systqmp 8676 410889 0 0 3 0x14200 bored systq 98031 185346 0 0 3 0x40014200 tmoslp softclock 43018 298012 0 0 3 0x40014200 idle0 1 78752 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10165 10012K 10412K 166960K 11295 0 pcb 17 12K 12K 166960K 26 0 rtable 190 5K 6K 166960K 382 0 pf 26 12K 12K 166960K 32 0 ifaddr 34 6K 7K 166960K 48 0 ifgroup 42 1K 2K 166960K 54 0 counters 28 17K 17K 166960K 31 0 ioctlops 0 0K 2K 166960K 65 0 iov 0 0K 16K 166960K 7 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1365 86K 86K 166960K 1445 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 4 0K 0K 166960K 4 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 97K 166960K 194 0 proc 64 67K 124K 166960K 509 0 subproc 104 6K 6K 166960K 143 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 5 0 in_multi 77 5K 7K 166960K 110 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 43 201K 201K 166960K 43 0 exec 0 0K 1K 166960K 362 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 191 71K 73K 166960K 3083 0 UVM aobj 5 2K 2K 166960K 5 0 pinsyscall 39 78K 96K 166960K 1239 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 3 0 NDP 9 0K 2K 166960K 30 0 temp 34 6802K 6866K 166960K 3977 0 kqueue 13 20K 26K 166960K 30 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 40 0 37 1 0 1 1 0 8 0 rtentry 112 122 0 34 4 0 4 4 0 8 0 unpcb 144 57 0 42 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 20 0 16 2 0 2 2 0 8 1 arp 88 20 0 6 1 0 1 1 0 8 0 inpcb 336 95 0 87 2 0 2 2 0 8 1 nd6 104 27 0 9 1 0 1 1 0 8 0 kcovpl 48 11 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 497 0 132 29 0 29 29 0 8 3 art_table 32 498 0 132 4 0 4 4 0 8 0 art_node 16 121 0 41 1 0 1 1 0 8 0 semapl 112 2 0 0 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1612 0 109 95 0 95 95 0 8 0 ffsino 240 1615 0 112 89 0 89 89 0 8 0 nchpl 144 1841 0 158 63 0 63 63 0 8 0 uvmvnodes 80 1783 0 0 37 0 37 37 0 8 0 vnodes 216 1783 0 0 100 0 100 100 0 8 0 namei 1024 5723 0 5722 2 0 2 2 0 8 1 kstatmem 264 24 0 6 2 0 2 2 0 8 0 scxspl 216 5247 0 5247 3 0 3 3 1 8 3 plimitpl 152 36 0 20 1 0 1 1 0 8 0 sigapl 424 465 0 419 7 0 7 7 0 8 1 futexpl 64 627 0 624 1 0 1 1 0 8 0 knotepl 120 3922 0 3875 2 0 2 2 0 8 0 kqueuepl 184 34 0 25 1 0 1 1 0 8 0 pipepl 288 114 0 87 3 0 3 3 0 8 0 fdescpl 432 449 0 419 5 0 5 5 0 8 1 filepl 120 1644 0 1375 9 0 9 9 0 8 0 lockfpl 104 12 0 10 1 0 1 1 0 8 0 lockfspl 48 7 0 5 1 0 1 1 0 8 0 sessionpl 144 24 0 16 1 0 1 1 0 8 0 pgrppl 48 35 0 19 1 0 1 1 0 8 0 ucredpl 104 79 0 68 1 0 1 1 0 8 0 zombiepl 144 420 0 419 1 0 1 1 0 8 0 processpl 1096 465 0 419 4 0 4 4 0 8 0 procpl 648 524 0 474 6 0 6 6 0 8 1 sockpl 504 193 0 167 6 0 6 6 0 8 2 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 8 0 8 1 0 1 1 0 8 1 mcl4k 4096 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 4955 0 4854 25 5 20 25 0 8 6 mtagpl 96 4 0 4 1 0 1 1 0 8 1 mbufpl 256 6939 0 6776 17 0 17 17 0 8 2 bufpl 280 2222 0 89 153 0 153 153 0 8 0 anonpl 24 174455 0 171459 24 0 24 24 0 187 3 amapchunkpl 152 10580 0 10214 22 0 22 22 0 158 7 amappl16 200 5070 0 5058 5 0 5 5 0 8 4 amappl15 192 6 0 6 1 0 1 1 0 8 1 amappl14 184 112 0 102 1 0 1 1 0 8 0 amappl13 176 12 0 12 1 0 1 1 0 8 1 amappl12 168 1089 0 1061 3 0 3 3 0 8 1 amappl11 160 51 0 41 1 0 1 1 0 8 0 amappl10 152 13 0 13 1 0 1 1 0 8 1 amappl9 144 127 0 127 1 0 1 1 0 8 1 amappl8 136 20 0 19 1 0 1 1 0 8 0 amappl7 128 100 0 90 1 0 1 1 0 8 0 amappl6 120 176 0 171 1 0 1 1 0 8 0 amappl5 112 137 0 128 1 0 1 1 0 8 0 amappl4 104 295 0 278 1 0 1 1 0 8 0 amappl3 96 1902 0 1831 3 0 3 3 0 8 0 amappl2 88 656 0 589 2 0 2 2 0 8 0 amappl1 80 7621 0 7077 13 0 13 13 0 8 0 amappl 88 2736 0 2600 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 449 0 419 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 449 0 419 1 0 1 1 0 8 0 vmmpekpl 168 5654 0 5613 3 0 3 3 0 8 0 vmmpepl 168 37645 0 36006 82 0 82 82 0 357 10 vmsppl 344 448 0 419 4 0 4 4 0 8 1 rwobjpl 24 17860 0 15238 17 0 17 17 0 8 0 pdppl 4096 905 0 838 105 38 67 83 0 8 0 pvpl 32 296120 0 288341 76 0 76 76 0 265 5 pmappl 216 448 0 419 3 0 3 3 0 8 1 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 386 0 43 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1ca1) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd80775600f8,202d,fffffd807f7d7410,ffff8000327f5330) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(202d,fffffd80773892b8,ffff8000327f5550,ffff8000327f5580) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_mknod(ffff8000327f53f0) at ufs_mknod+0x5b sys/ufs/ufs/ufs_vnops.c:167 VOP_MKNOD(fffffd80773892b8,ffff8000327f5550,ffff8000327f5580,ffff8000327f5480) at VOP_MKNOD+0x102 sys/kern/vfs_vops.c:121 domknodat(ffff8000376076f0,ffffff9c,20000000,4f7b202d,504) at domknodat+0x47e sys/kern/vfs_syscalls.c:1624 syscall(ffff8000327f5720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf20175e11d0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1ca1) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd80775600f8,202d,fffffd807f7d7410,ffff8000327f5330) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(202d,fffffd80773892b8,ffff8000327f5550,ffff8000327f5580) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_mknod(ffff8000327f53f0) at ufs_mknod+0x5b sys/ufs/ufs/ufs_vnops.c:167 VOP_MKNOD(fffffd80773892b8,ffff8000327f5550,ffff8000327f5580,ffff8000327f5480) at VOP_MKNOD+0x102 sys/kern/vfs_vops.c:121 domknodat(ffff8000376076f0,ffffff9c,20000000,4f7b202d,504) at domknodat+0x47e sys/kern/vfs_syscalls.c:1624 syscall(ffff8000327f5720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf20175e11d0, count: -9