panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *407015 77904 0 0x2 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830af72c) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807e419100,41c0,fffffd807f7d75b0,ffff80002a507918) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a507980) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1d6e8,ffff80002a507ae0,ffff80002a507b10,ffff80002a507a10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4b0010,ffffff9c,76e0bd175da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 syscall(ffff80002a507c90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76e0bd175d60, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830af72c) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807e419100,41c0,fffffd807f7d75b0,ffff80002a507918) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a507980) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1d6e8,ffff80002a507ae0,ffff80002a507b10,ffff80002a507a10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4b0010,ffffff9c,76e0bd175da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 syscall(ffff80002a507c90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76e0bd175d60, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a5076b0 rbx 0xfffffd806cc48600 rdx 0 rcx 0 rax 0xffff80002a4b0010 r8 0x101010101010101 r9 0x8080808080808080 r10 0x5171f3127c8eb2bb r11 0xaebe1fbebcc8403f r12 0 r13 0xfffffd805d177c30 r14 0 r15 0x1 rip 0xffffffff821d2a15 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a5076a0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=407015 pid=77904 tcnt=1 stat=onproc flags process=2 proc=0 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4a22a0,0xffff80002a4b0cc8 process=0xffff8000327f4cf0 user=0xffff80002a502000, vmspace=0xfffffd806f04f568 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 91800 126970 2030 0 2 0 syz-executor *77904 407015 74610 0 7 0x2 syz-executor 49568 523290 74610 0 3 0x82 piperd syz-executor 31556 325802 74610 0 3 0x82 piperd syz-executor 57893 43640 74610 0 3 0x82 piperd syz-executor 54678 490936 74610 0 3 0x82 piperd syz-executor 85269 304464 74610 0 3 0x82 piperd syz-executor 2030 104266 74610 0 3 0x82 nanoslp syz-executor 75512 502682 0 0 3 0x14200 bored sosplice 74610 114778 68778 0 2 0x2 syz-executor 68778 152664 90578 0 3 0x10008a sigsusp ksh 90578 252534 89177 0 3 0x98 kqread sshd-session 89177 461901 24511 0 3 0x92 kqread sshd-session 95125 63974 1 0 3 0x100083 ttyin getty 24511 517525 1 0 3 0x88 kqread sshd 63763 400324 26681 73 3 0x1100090 kqread syslogd 26681 53790 1 0 3 0x100082 sbwait syslogd 17048 178883 1 0 3 0x100080 kqread resolvd 95409 22877 90112 77 3 0x100092 kqread dhcpleased 63521 8355 90112 77 3 0x100092 kqread dhcpleased 90112 233330 1 0 3 0x80 kqread dhcpleased 59314 443300 0 0 3 0x14200 bored smr 73563 144372 0 0 2 0x14200 zerothread 43916 372237 0 0 3 0x14200 aiodoned aiodoned 25253 360842 0 0 3 0x14200 syncer update 29133 167597 0 0 3 0x14200 cleaner cleaner 34215 50542 0 0 3 0x14200 reaper reaper 26823 370071 0 0 3 0x14200 pgdaemon pagedaemon 9039 211752 0 0 3 0x14200 bored viomb 80800 318084 0 0 3 0x40014200 acpi0 acpi0 50314 138926 0 0 3 0x14200 bored softnet3 2674 360016 0 0 3 0x14200 bored softnet2 39000 447424 0 0 3 0x14200 bored softnet1 18948 333050 0 0 2 0x14200 softnet0 28044 388338 0 0 3 0x14200 bored systqmp 95607 432977 0 0 3 0x14200 bored systq 65225 209521 0 0 3 0x40014200 tmoslp softclock 44951 242215 0 0 3 0x40014200 idle0 1 212265 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10201 10031K 10295K 166960K 12375 0 pcb 17 13K 14K 166960K 152 0 rtable 220 7K 8K 166960K 1642 0 pf 31 13K 21K 166960K 149 0 ifaddr 39 7K 8K 166960K 225 0 ifgroup 50 2K 2K 166960K 251 0 sysctl 3 0K 0K 166960K 3 0 counters 30 17K 17K 166960K 83 0 ioctlops 0 0K 4K 166960K 113 0 iov 0 0K 16K 166960K 35 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1434 90K 91K 166960K 2446 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 10 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 22 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 11 34K 97K 166960K 1342 0 sigio 0 0K 0K 166960K 18 0 proc 58 59K 124K 166960K 1647 0 subproc 91 5K 7K 166960K 637 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 103 0 in_multi 88 6K 7K 166960K 585 0 ether_multi 1 0K 0K 166960K 8 0 mrt 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 1021 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 159 62K 97K 166960K 11372 0 UVM aobj 12 2K 2K 166960K 16 0 pinsyscall 32 64K 98K 166960K 3397 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 34 0 NDP 11 0K 2K 166960K 161 0 temp 52 6811K 6875K 166960K 60498 0 kqueue 13 20K 26K 166960K 115 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 248 0 245 3 2 1 3 0 8 0 rtentry 112 568 0 468 4 0 4 4 0 8 0 unpcb 144 831 0 816 6 5 1 6 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 409 0 405 8 7 1 8 0 8 0 arp 88 101 0 85 1 0 1 1 0 8 0 ipq 40 6 0 4 1 0 1 1 0 8 0 ipqe 40 57 0 54 1 0 1 1 0 8 0 inpcb 336 1526 0 1519 15 13 2 12 0 8 1 nd6 104 148 0 126 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 kcovpl 48 49 0 42 1 0 1 1 0 8 0 ppxss 1072 7 0 7 1 1 0 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 3 0 1 1 0 1 1 0 8 0 pfstate 344 2 0 1 1 0 1 1 0 8 0 pfrule 1344 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 2254 0 1838 29 0 29 29 0 8 0 art_table 32 2256 0 1838 4 0 4 4 0 8 0 art_node 16 566 0 475 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 4 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 20 0 10 1 0 1 1 0 8 0 shmpl 112 13 0 4 1 0 1 1 0 8 0 dirhash 1024 31 0 14 3 0 3 3 0 8 0 dino2pl 256 2829 0 1255 99 0 99 99 0 8 0 ffsino 240 2832 0 1258 94 0 94 94 0 8 0 nchpl 144 3956 0 2234 65 0 65 65 0 8 0 uvmvnodes 80 3744 0 0 77 0 77 77 0 8 0 vnodes 216 3744 0 0 208 0 208 208 0 8 0 namei 1024 16788 0 16787 2 1 1 2 0 8 0 kstatmem 264 128 0 106 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 26516 0 26516 8 7 1 8 1 8 1 plimitpl 152 227 0 211 1 0 1 1 0 8 0 sigapl 424 1538 0 1498 7 1 6 7 0 8 0 futexpl 64 10107 0 10107 1 0 1 1 0 8 1 knotepl 120 30074 0 30027 17 15 2 17 0 8 0 kqueuepl 184 194 0 185 1 0 1 1 0 8 0 pipepl 288 312 0 285 5 2 3 5 0 8 0 fdescpl 432 1521 0 1498 5 1 4 5 0 8 0 filepl 120 8417 0 8199 13 4 9 13 0 8 0 lockfpl 104 396 0 394 2 1 1 2 0 8 0 lockfspl 48 98 0 96 1 0 1 1 0 8 0 sessionpl 144 61 0 53 1 0 1 1 0 8 0 pgrppl 48 116 0 100 1 0 1 1 0 8 0 ucredpl 104 1197 0 1185 1 0 1 1 0 8 0 zombiepl 144 1499 0 1498 1 0 1 1 0 8 0 processpl 1096 1538 0 1498 4 0 4 4 0 8 0 procpl 648 2485 0 2445 6 1 5 6 0 8 0 sosppl 168 9 0 9 1 1 0 1 0 8 0 sockpl 504 2616 0 2591 60 55 5 24 0 8 1 mcl64k 65536 37 0 37 1 1 0 1 0 8 0 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 4 0 4 1 1 0 1 0 8 0 mcl8k 8192 16 0 16 1 1 0 1 0 8 0 mcl4k 4096 12 0 12 1 1 0 1 0 8 0 mcl2k 2048 7514 0 7416 26 11 15 26 0 8 0 mtagpl 96 10 0 10 1 1 0 1 0 8 0 mbufpl 256 18732 0 18552 60 39 21 60 0 8 0 bufpl 280 8002 0 1478 467 0 467 467 0 8 0 anonpl 24 254472 0 251698 79 51 28 79 0 187 0 amapchunkpl 152 37142 0 36862 42 23 19 42 0 158 3 amappl16 200 4369 0 4350 14 12 2 14 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 193 0 182 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 2764 0 2742 3 1 2 3 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 28 0 28 1 1 0 1 0 8 0 amappl9 144 136 0 136 1 1 0 1 0 8 0 amappl8 136 19 0 18 1 0 1 1 0 8 0 amappl7 128 195 0 185 1 0 1 1 0 8 0 amappl6 120 562 0 561 1 0 1 1 0 8 0 amappl5 112 288 0 279 1 0 1 1 0 8 0 amappl4 104 396 0 381 1 0 1 1 0 8 0 amappl3 96 6379 0 6324 3 0 3 3 0 8 0 amappl2 88 1814 0 1748 2 0 2 2 0 8 0 amappl1 80 13461 0 12943 14 2 12 14 0 8 0 amappl 88 10704 0 10598 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 15 0 4 1 0 1 1 0 8 0 uaddrrnd 24 1521 0 1498 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1521 0 1498 1 0 1 1 0 8 0 vmmpekpl 168 13301 0 13265 3 0 3 3 0 8 0 vmmpepl 168 98264 0 96864 87 7 80 87 0 357 3 vmsppl 344 1520 0 1498 4 1 3 4 0 8 0 rwobjpl 24 32924 0 28390 28 0 28 28 0 8 0 pdppl 4096 3048 0 2996 154 88 66 82 0 8 14 pvpl 32 791964 0 784441 360 272 88 355 0 265 0 pmappl 216 1520 0 1498 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 565 0 223 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830af72c) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807e419100,41c0,fffffd807f7d75b0,ffff80002a507918) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a507980) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1d6e8,ffff80002a507ae0,ffff80002a507b10,ffff80002a507a10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4b0010,ffffff9c,76e0bd175da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 syscall(ffff80002a507c90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76e0bd175d60, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830af72c) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807e419100,41c0,fffffd807f7d75b0,ffff80002a507918) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a507980) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1d6e8,ffff80002a507ae0,ffff80002a507b10,ffff80002a507a10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4b0010,ffffff9c,76e0bd175da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 syscall(ffff80002a507c90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76e0bd175d60, count: -8