panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *150523 89820 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b3a1b) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807629ab40,8000,fffffd807f7d72d8,ffff80002a5acce0) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff80002a5acd90) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048,ffff80002a5ace18) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff80002a5acfe8,216,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a4b07a8,ffffff9c,200000c0,615,0,ffff80002a5ad190) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a5ad240) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8f491b424e0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b3a1b) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807629ab40,8000,fffffd807f7d72d8,ffff80002a5acce0) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff80002a5acd90) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048,ffff80002a5ace18) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff80002a5acfe8,216,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a4b07a8,ffffff9c,200000c0,615,0,ffff80002a5ad190) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a5ad240) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8f491b424e0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a5aca80 rbx 0xfffffd806c7b2900 rdx 0xffff8000011859c0 rcx 0 rax 0xffff80002a4b07a8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xb1441dcf58922a13 r11 0x732f06c8ded56394 r12 0 r13 0xfffffd807629ad20 r14 0 r15 0x1 rip 0xffffffff8201afa5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a5aca70 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=150523 pid=89820 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=86, slppri=16, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4b0298,0xffffffff83574290 process=0xffff80002f3f6f30 user=0xffff80002a5a8000, vmspace=0xfffffd807546a6d0 estcpu=36, cpticks=20, pctcpu=0.0, user=0, sys=20, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89820 105675 34474 0 2 0 syz-executor *89820 150523 34474 0 7 0x4000000 syz-executor 20409 349075 83647 0 3 0x2004 inode syz-executor 23378 27494 83647 0 2 0x2 syz-executor 24574 478615 83647 0 3 0x2 inode syz-executor 45975 388039 83647 0 2 0x2 syz-executor 82665 106103 83647 0 3 0x82 piperd syz-executor 60360 168691 83647 0 3 0x82 piperd syz-executor 34474 22821 83647 0 2 0x482 syz-executor 66316 136068 0 0 3 0x14200 bored sosplice 83647 350478 72992 0 2 0x2 syz-executor 72992 471859 99204 0 3 0x10008a sigsusp ksh 99204 408820 98088 0 3 0x98 kqread sshd-session 98088 212792 94972 0 3 0x92 kqread sshd-session 80562 248429 1 0 3 0x100083 ttyin getty 94972 412137 1 0 3 0x88 kqread sshd 54906 109126 96593 73 2 0x1100090 syslogd 96593 107245 1 0 3 0x100082 sbwait syslogd 41891 233605 1 0 3 0x100080 kqread resolvd 64124 399519 29616 77 3 0x100092 kqread dhcpleased 13986 122242 29616 77 3 0x100092 kqread dhcpleased 29616 462567 1 0 3 0x80 kqread dhcpleased 53660 502137 0 0 2 0x14200 smr 69775 490918 0 0 2 0x14200 zerothread 53883 516183 0 0 3 0x14200 aiodoned aiodoned 16339 304037 0 0 3 0x14200 syncer update 14585 357093 0 0 3 0x14200 cleaner cleaner 91404 269640 0 0 3 0x14200 reaper reaper 81775 329141 0 0 3 0x14200 pgdaemon pagedaemon 68460 456934 0 0 3 0x14200 bored viomb 41667 26532 0 0 3 0x40014200 acpi0 acpi0 90874 93432 0 0 3 0x14200 bored softnet3 5445 404980 0 0 3 0x14200 bored softnet2 38840 260028 0 0 3 0x14200 bored softnet1 29215 70084 0 0 2 0x14200 softnet0 3015 238851 0 0 3 0x14200 bored systqmp 28986 480679 0 0 3 0x14200 bored systq 83750 5741 0 0 2 0x40014200 softclock 97112 424883 0 0 3 0x40014200 idle0 1 445654 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10159 10008K 10225K 166960K 11891 0 pcb 17 12K 12K 166960K 95 0 rtable 124 4K 6K 166960K 933 0 pf 24 12K 16K 166960K 98 0 ifaddr 25 4K 7K 166960K 121 0 ifgroup 34 1K 2K 166960K 140 0 sysctl 2 1K 2K 166960K 3 0 counters 26 17K 17K 166960K 54 0 ioctlops 0 0K 4K 166960K 84 0 iov 0 0K 16K 166960K 38 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1435 90K 90K 166960K 2020 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 76K 166960K 20 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 134 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 11 28K 81K 166960K 897 0 sigio 0 0K 0K 166960K 6 0 proc 58 59K 91K 166960K 984 0 subproc 61 3K 6K 166960K 323 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 92 0 in_multi 52 3K 7K 166960K 298 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 1 0K 1K 166960K 728 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 153 38K 91K 166960K 9049 0 UVM aobj 27 5K 5K 166960K 32 0 pinsyscall 32 64K 88K 166960K 2335 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 24 0 NDP 7 0K 2K 166960K 84 0 temp 33 6808K 6875K 166960K 11541 0 kqueue 13 20K 26K 166960K 85 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 123 0 120 1 0 1 1 0 8 0 rtentry 112 292 0 239 4 0 4 4 0 8 1 unpcb 144 747 0 732 4 0 4 4 0 8 3 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 808 351 0 346 14 6 8 8 0 8 7 arp 88 50 0 40 1 0 1 1 0 8 0 ipq 40 3 0 3 1 0 1 1 0 8 1 ipqe 40 5 0 5 1 0 1 1 0 8 1 inpcb 336 930 0 922 15 6 9 10 0 8 8 nd6 104 74 0 62 1 0 1 1 0 8 0 pkpcb 40 3 0 3 2 1 1 1 0 8 1 kcovpl 48 24 0 20 1 0 1 1 0 8 0 ppxss 1072 5 0 5 2 1 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pfstkey 128 2 0 2 1 1 0 1 0 8 0 pfstate 344 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1198 0 952 29 2 27 29 0 8 4 art_table 32 1199 0 952 4 0 4 4 0 8 0 art_node 16 289 0 242 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 5 1 0 1 1 0 8 0 semapl 112 132 0 122 1 0 1 1 0 8 0 shmpl 112 29 0 5 1 0 1 1 0 8 0 dirhash 1024 31 0 14 3 0 3 3 0 8 0 dino2pl 256 2520 0 993 96 0 96 96 0 8 0 ffsino 240 2523 0 996 91 0 91 91 0 8 0 nchpl 144 3468 0 1777 64 0 64 64 0 8 0 uvmvnodes 80 3123 0 0 64 0 64 64 0 8 0 vnodes 216 3124 0 0 174 0 174 174 0 8 0 namei 1024 13398 0 13394 1 0 1 1 0 8 0 kstatmem 264 70 0 56 2 0 2 2 0 8 0 scxspl 216 18484 0 18484 9 7 2 8 1 8 2 plimitpl 152 280 0 265 1 0 1 1 0 8 0 sigapl 424 1142 0 1102 6 0 6 6 0 8 0 futexpl 64 8738 0 8738 1 0 1 1 0 8 1 knotepl 120 20852 0 20805 15 5 10 15 0 8 8 kqueuepl 184 194 0 185 4 0 4 4 0 8 3 pipepl 288 241 0 214 5 0 5 5 0 8 2 fdescpl 432 1125 0 1102 4 0 4 4 0 8 0 filepl 120 6424 0 6236 18 2 16 16 0 8 6 lockfpl 104 260 0 258 2 0 2 2 0 8 1 lockfspl 48 59 0 57 1 0 1 1 0 8 0 sessionpl 144 38 0 30 1 0 1 1 0 8 0 pgrppl 48 74 0 58 1 0 1 1 0 8 0 ucredpl 104 956 0 945 1 0 1 1 0 8 0 zombiepl 144 1452 0 1451 2 1 1 1 0 8 0 processpl 1096 1142 0 1102 4 0 4 4 0 8 0 procpl 648 2135 0 2094 6 0 6 6 0 8 1 sosppl 168 2 0 2 1 0 1 1 0 8 1 sockpl 504 1815 0 1789 33 19 14 21 0 8 9 mcl64k 65536 2 0 2 2 1 1 1 0 8 1 mcl9k 9216 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 15 0 15 2 1 1 1 0 8 1 mcl4k 4096 8 0 8 2 1 1 1 0 8 1 mcl2k 2048 6781 0 6679 31 16 15 30 0 8 2 mtagpl 96 8 0 8 2 1 1 1 0 8 1 mbufpl 256 14787 0 14629 64 43 21 62 0 8 5 bufpl 280 6127 0 95 431 0 431 431 0 8 0 anonpl 24 189575 0 186847 76 24 52 52 0 187 25 amapchunkpl 152 28809 0 28523 37 5 32 32 0 158 15 amappl16 200 3746 0 3737 26 18 8 14 0 8 6 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 142 0 132 1 0 1 1 0 8 0 amappl13 176 41 0 41 1 1 0 1 0 8 0 amappl12 168 1995 0 1974 2 0 2 2 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 11 0 11 1 1 0 1 0 8 0 amappl9 144 169 0 169 1 1 0 1 0 8 0 amappl8 136 44 0 43 1 0 1 1 0 8 0 amappl7 128 139 0 129 1 0 1 1 0 8 0 amappl6 120 317 0 315 1 0 1 1 0 8 0 amappl5 112 186 0 176 1 0 1 1 0 8 0 amappl4 104 333 0 317 1 0 1 1 0 8 0 amappl3 96 5298 0 5242 3 0 3 3 0 8 0 amappl2 88 1367 0 1302 2 0 2 2 0 8 0 amappl1 80 10926 0 10416 13 0 13 13 0 8 1 amappl 88 8559 0 8456 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 31 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1125 0 1102 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1125 0 1102 1 0 1 1 0 8 0 vmmpekpl 168 11014 0 10968 3 0 3 3 0 8 0 vmmpepl 168 75514 0 74122 103 14 89 91 0 357 15 vmsppl 344 1124 0 1102 4 1 3 4 0 8 0 rwobjpl 24 26573 0 22682 26 1 25 25 0 8 0 pdppl 4096 2256 0 2204 116 60 56 74 0 8 4 pvpl 32 539055 0 531833 252 32 220 220 0 265 132 pmappl 216 1124 0 1102 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 510 0 158 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b3a1b) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807629ab40,8000,fffffd807f7d72d8,ffff80002a5acce0) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff80002a5acd90) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048,ffff80002a5ace18) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff80002a5acfe8,216,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a4b07a8,ffffff9c,200000c0,615,0,ffff80002a5ad190) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a5ad240) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8f491b424e0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b3a1b) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd807629ab40,8000,fffffd807f7d72d8,ffff80002a5acce0) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_makeinode(8000,fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048) at ufs_makeinode+0xcb sys/ufs/ufs/ufs_vnops.c:1728 ufs_create(ffff80002a5acd90) at ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147 VOP_CREATE(fffffd807b1b5be8,ffff80002a5ad018,ffff80002a5ad048,ffff80002a5ace18) at VOP_CREATE+0xff sys/kern/vfs_vops.c:103 vn_open(ffff80002a5acfe8,216,0) at vn_open+0x491 sys/kern/vfs_vnops.c:116 doopenat(ffff80002a4b07a8,ffffff9c,200000c0,615,0,ffff80002a5ad190) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a5ad240) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8f491b424e0, count: -10