panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *285335 20606 60928 0x10 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806acc95b0,4000,fffffd807f7d74e0,ffff800037669b18) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800037669b80) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd8077b4dcd8,ffff800037669ce0,ffff800037669d10,ffff800037669c10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80003762ef58,ffffff9c,20000500,0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800037669e90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x569e22d83a0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806acc95b0,4000,fffffd807f7d74e0,ffff800037669b18) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800037669b80) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd8077b4dcd8,ffff800037669ce0,ffff800037669d10,ffff800037669c10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80003762ef58,ffffff9c,20000500,0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800037669e90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x569e22d83a0, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000376698b0 rbx 0xfffffd806c693a00 rdx 0 rcx 0 rax 0xffff80003762ef58 r8 0x101010101010101 r9 0x8080808080808080 r10 0x50ee5881f3977586 r11 0x1766ae160f144a52 r12 0 r13 0xfffffd806acc9970 r14 0 r15 0x1 rip 0xffffffff81c57035 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000376698a0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=285335 pid=20606 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=17, usrpri=75, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003762ecd0,0xffff80003762f988 process=0xffff8000ffffaae0 user=0xffff800037664000, vmspace=0xfffffd806c26fd80 estcpu=25, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 54974 210657 18818 0 3 0x2 clonelk ifconfig 18818 123019 50706 0 3 0x10008a sigsusp sh 45296 209036 35293 0 2 0x10 syz-executor 45296 471016 35293 0 3 0x4000090 fsleep syz-executor 20606 76697 44419 60928 2 0x10 syz-executor *20606 285335 44419 60928 7 0x4000010 syz-executor 20606 230175 44419 60928 3 0x4000090 fsleep syz-executor 86948 273835 16826 0 2 0 syz-executor 86948 366510 16826 0 2 0x4000000 syz-executor 50706 482661 53503 0 3 0x82 wait syz-executor 74776 119229 53503 0 3 0x82 nanoslp syz-executor 48886 282952 53503 0 2 0x2 syz-executor 35293 415631 53503 0 2 0x482 syz-executor 46115 70433 53503 0 2 0x2 syz-executor 44419 31584 53503 0 3 0x82 nanoslp syz-executor 16826 308859 53503 0 2 0x482 syz-executor 76971 397045 0 0 3 0x14200 bored sosplice 53503 333582 50065 0 3 0x82 wait syz-executor 50065 4354 63718 0 3 0x10008a sigsusp ksh 63718 363078 45127 0 3 0x98 kqread sshd-session 45127 432070 173 0 3 0x92 kqread sshd-session 55433 153298 1 0 3 0x100083 ttyin getty 173 3753 1 0 3 0x88 kqread sshd 69158 466212 45641 73 3 0x1100090 kqread syslogd 45641 264338 1 0 3 0x100082 sbwait syslogd 72577 8419 1 0 3 0x100080 kqread resolvd 65762 138376 28549 77 3 0x100092 kqread dhcpleased 79545 150923 28549 77 3 0x100092 kqread dhcpleased 28549 213217 1 0 3 0x80 kqread dhcpleased 66488 65348 0 0 3 0x14200 bored smr 54216 134876 0 0 2 0x14200 zerothread 96901 155468 0 0 3 0x14200 aiodoned aiodoned 55586 346864 0 0 3 0x14200 syncer update 2757 63129 0 0 3 0x14200 cleaner cleaner 64297 263330 0 0 3 0x14200 reaper reaper 54518 184847 0 0 3 0x14200 pgdaemon pagedaemon 28613 408907 0 0 3 0x14200 bored viomb 26371 281629 0 0 3 0x40014200 acpi0 acpi0 85087 13772 0 0 3 0x14200 bored softnet3 92583 419539 0 0 3 0x14200 bored softnet2 62234 426876 0 0 3 0x14200 bored softnet1 46449 370266 0 0 3 0x14200 bored softnet0 48742 456011 0 0 3 0x14200 bored systqmp 629 83003 0 0 3 0x14200 bored systq 42678 433911 0 0 2 0x40014200 softclock 41239 301772 0 0 3 0x40014200 idle0 1 56960 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10172 10084K 10432K 166960K 11595 0 pcb 17 12K 12K 166960K 28 0 rtable 218 6K 7K 166960K 608 0 pf 31 13K 14K 166960K 58 0 ifaddr 39 6K 7K 166960K 82 0 ifgroup 51 2K 2K 166960K 98 0 counters 30 17K 17K 166960K 42 0 ioctlops 0 0K 4K 166960K 48 0 iov 0 0K 16K 166960K 5 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1369 86K 86K 166960K 1558 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 5 0K 0K 166960K 5 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 16 57K 97K 166960K 355 0 sigio 0 0K 0K 166960K 69 0 proc 64 67K 124K 166960K 715 0 subproc 104 6K 6K 166960K 221 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 13 0 in_multi 88 6K 7K 166960K 188 0 ether_multi 1 0K 0K 166960K 2 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 459 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 197 71K 75K 166960K 4193 0 UVM aobj 6 2K 4K 166960K 7 0 pinsyscall 37 74K 96K 166960K 1590 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 28 0 NDP 11 0K 1K 166960K 55 0 temp 34 6802K 6866K 166960K 5328 0 kqueue 13 20K 28K 166960K 35 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 59 0 56 1 0 1 1 0 8 0 rtentry 112 201 0 101 4 0 4 4 0 8 0 unpcb 144 76 0 59 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 74 0 70 5 0 5 5 0 8 4 arp 88 34 0 18 1 0 1 1 0 8 0 inpcb 336 215 0 207 5 0 5 5 0 8 3 nd6 104 49 0 27 1 0 1 1 0 8 0 kcovpl 48 17 0 9 1 0 1 1 0 8 0 ppxss 1072 1 0 1 1 0 1 1 0 8 1 pfrule 1344 2 0 2 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 810 0 396 30 1 29 29 0 8 1 art_table 32 811 0 396 4 0 4 4 0 8 0 art_node 16 199 0 108 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 3 0 0 1 0 1 1 0 8 0 shmpl 112 4 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1715 0 199 95 0 95 95 0 8 0 ffsino 240 1715 0 199 90 0 90 90 0 8 0 nchpl 144 2055 0 368 63 0 63 63 0 8 0 uvmvnodes 80 1986 0 0 41 0 41 41 0 8 0 vnodes 216 1986 0 0 111 0 111 111 0 8 0 namei 1024 7106 0 7103 1 0 1 1 0 8 0 kstatmem 264 46 0 24 2 0 2 2 0 8 0 scxspl 216 8219 0 8219 3 0 3 3 1 8 3 plimitpl 152 55 0 39 1 0 1 1 0 8 0 sigapl 424 619 0 574 7 0 7 7 0 8 1 futexpl 64 1613 0 1611 1 0 1 1 0 8 0 knotepl 120 5825 0 5778 2 0 2 2 0 8 0 kqueuepl 184 44 0 35 1 0 1 1 0 8 0 pipepl 288 168 0 141 5 0 5 5 0 8 2 fdescpl 432 601 0 573 5 0 5 5 0 8 1 filepl 120 2327 0 2089 10 0 10 10 0 8 2 lockfpl 104 50 0 48 1 0 1 1 0 8 0 lockfspl 48 24 0 22 1 0 1 1 0 8 0 sessionpl 144 30 0 22 1 0 1 1 0 8 0 pgrppl 48 48 0 32 1 0 1 1 0 8 0 ucredpl 104 191 0 178 1 0 1 1 0 8 0 zombiepl 144 576 0 574 1 0 1 1 0 8 0 processpl 1096 619 0 574 4 0 4 4 0 8 0 procpl 648 759 0 710 6 0 6 6 0 8 1 sosppl 168 3 0 3 1 0 1 1 0 8 1 sockpl 504 352 0 324 9 0 9 9 0 8 4 mcl64k 65536 7 0 7 1 0 1 1 0 8 1 mcl16k 16384 6 0 6 1 0 1 1 0 8 1 mcl8k 8192 8 0 8 1 0 1 1 0 8 1 mcl4k 4096 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 5348 0 5245 27 6 21 27 0 8 7 mtagpl 96 10 0 8 1 0 1 1 0 8 0 mbufpl 256 8483 0 8307 16 0 16 16 0 8 2 bufpl 280 4900 0 92 344 0 344 344 0 8 0 anonpl 24 186618 0 183480 49 0 49 49 0 187 28 amapchunkpl 152 13820 0 13427 32 0 32 32 0 158 13 amappl16 200 5106 0 5093 5 0 5 5 0 8 3 amappl15 192 10 0 10 1 0 1 1 0 8 1 amappl14 184 121 0 111 1 0 1 1 0 8 0 amappl13 176 41 0 41 1 0 1 1 0 8 1 amappl12 168 1364 0 1336 2 0 2 2 0 8 0 amappl11 160 57 0 47 1 0 1 1 0 8 0 amappl10 152 11 0 11 1 0 1 1 0 8 1 amappl9 144 124 0 124 1 0 1 1 0 8 1 amappl8 136 25 0 24 1 0 1 1 0 8 0 amappl7 128 117 0 107 1 0 1 1 0 8 0 amappl6 120 271 0 268 1 0 1 1 0 8 0 amappl5 112 161 0 152 1 0 1 1 0 8 0 amappl4 104 306 0 291 1 0 1 1 0 8 0 amappl3 96 2613 0 2522 4 0 4 4 0 8 0 amappl2 88 727 0 670 2 0 2 2 0 8 0 amappl1 80 8632 0 8091 14 0 14 14 0 8 2 amappl 88 3789 0 3647 5 0 5 5 0 92 1 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 7 0 7 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 1 1 0 1 1 0 8 0 uaddrrnd 24 601 0 573 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 601 0 573 1 0 1 1 0 8 0 vmmpekpl 168 6830 0 6781 3 0 3 3 0 8 0 vmmpepl 168 46838 0 45212 80 0 80 80 0 357 5 vmsppl 344 600 0 573 4 0 4 4 0 8 1 rwobjpl 24 20249 0 17420 18 0 18 18 0 8 0 pdppl 4096 1208 0 1146 104 34 70 82 0 8 8 pvpl 32 364265 0 355335 214 0 214 214 0 265 129 pmappl 216 600 0 573 3 0 3 3 0 8 1 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 399 0 41 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806acc95b0,4000,fffffd807f7d74e0,ffff800037669b18) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800037669b80) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd8077b4dcd8,ffff800037669ce0,ffff800037669d10,ffff800037669c10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80003762ef58,ffffff9c,20000500,0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800037669e90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x569e22d83a0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806acc95b0,4000,fffffd807f7d74e0,ffff800037669b18) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800037669b80) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd8077b4dcd8,ffff800037669ce0,ffff800037669d10,ffff800037669c10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80003762ef58,ffffff9c,20000500,0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800037669e90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x569e22d83a0, count: -8