panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *458239 49758 0 0x2 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806f06c1f0,41c0,fffffd807f7d7618,ffff800034200fc8) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800034201030) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1c388,ffff800034201190,ffff8000342011c0,ffff8000342010c0) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff800037681468,ffffff9c,76c239739da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800034201340) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76c239739d60, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806f06c1f0,41c0,fffffd807f7d7618,ffff800034200fc8) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800034201030) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1c388,ffff800034201190,ffff8000342011c0,ffff8000342010c0) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff800037681468,ffffff9c,76c239739da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800034201340) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76c239739d60, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800034200d60 rbx 0xfffffd806c4ac700 rdx 0 rcx 0 rax 0xffff800037681468 r8 0x101010101010101 r9 0x8080808080808080 r10 0xf6c834c68609f9ab r11 0xd2faa206a1820e76 r12 0 r13 0xfffffd806c59ba60 r14 0 r15 0x1 rip 0xffffffff81c57035 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800034200d50 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=458239 pid=49758 tcnt=1 stat=onproc flags process=2 proc=0 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a48d6e0,0xffff800037680548 process=0xffff8000327f4cf0 user=0xffff8000341fc000, vmspace=0xfffffd806c259d80 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 58423 252636 58639 0 2 0 syz-executor *49758 458239 84655 0 7 0x2 syz-executor 47218 328306 84655 0 3 0x82 piperd syz-executor 14958 95318 12302 0 3 0x80 nanoslp syz-executor 14958 87634 12302 0 3 0x4000080 kqread syz-executor 50809 163528 84655 0 2 0x2 syz-executor 58069 152755 84655 0 3 0x82 piperd syz-executor 23998 168192 84655 0 3 0x82 piperd syz-executor 89564 278287 84655 0 3 0x82 piperd syz-executor 12302 26374 84655 0 3 0x82 nanoslp syz-executor 58639 125170 84655 0 3 0x82 nanoslp syz-executor 93515 124529 0 0 3 0x14200 acct acct 70170 269582 0 0 3 0x14200 bored sosplice 84655 335970 22492 0 2 0x2 syz-executor 22492 338198 42567 0 3 0x10008a sigsusp ksh 42567 133516 84835 0 3 0x98 kqread sshd-session 84835 455263 95538 0 3 0x92 kqread sshd-session 36204 509233 1 0 3 0x100083 ttyopn getty 95538 379353 1 0 3 0x88 kqread sshd 87919 69888 45414 73 3 0x1100090 kqread syslogd 45414 313554 1 0 3 0x100082 sbwait syslogd 77909 400350 1 0 3 0x100080 kqread resolvd 66916 155831 53607 77 3 0x100092 kqread dhcpleased 90262 363822 53607 77 3 0x100092 kqread dhcpleased 53607 380833 1 0 3 0x80 kqread dhcpleased 73157 225119 0 0 3 0x14200 bored smr 93874 73647 0 0 2 0x14200 zerothread 28337 472399 0 0 3 0x14200 aiodoned aiodoned 2086 41408 0 0 3 0x14200 syncer update 60033 43422 0 0 3 0x14200 cleaner cleaner 42281 443186 0 0 3 0x14200 reaper reaper 94963 251160 0 0 3 0x14200 pgdaemon pagedaemon 75441 520409 0 0 3 0x14200 bored viomb 23351 94492 0 0 3 0x40014200 acpi0 acpi0 41870 254711 0 0 3 0x14200 bored softnet3 22094 364560 0 0 3 0x14200 bored softnet2 90276 52077 0 0 3 0x14200 bored softnet1 56556 228134 0 0 3 0x14200 bored softnet0 57248 258955 0 0 3 0x14200 bored systqmp 34645 289680 0 0 3 0x14200 bored systq 59853 466435 0 0 3 0x40014200 tmoslp softclock 81601 448385 0 0 3 0x40014200 idle0 1 312460 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10172 10078K 10557K 166960K 11777 0 pcb 17 20K 25K 166960K 230 0 rtable 179 5K 7K 166960K 848 0 pf 30 12K 16K 166960K 92 0 ifaddr 36 6K 7K 166960K 119 0 ifgroup 48 2K 2K 166960K 143 0 sysctl 2 0K 0K 166960K 2 0 counters 30 17K 17K 166960K 55 0 ioctlops 0 0K 4K 166960K 152 0 iov 0 0K 20K 166960K 224 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1427 90K 90K 166960K 1979 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 16 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 17 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 12 38K 97K 166960K 724 0 sigio 0 0K 0K 166960K 12 0 proc 58 59K 124K 166960K 942 0 subproc 91 5K 6K 166960K 312 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 59 0 in_multi 77 5K 7K 166960K 282 0 ether_multi 1 0K 0K 166960K 5 0 mrt 0 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 583 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 167 62K 88K 166960K 7212 0 UVM aobj 21 2K 2K 166960K 22 0 pinsyscall 33 66K 100K 166960K 2133 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 22 0 NDP 15 0K 2K 166960K 82 0 temp 70 6815K 6904K 166960K 15345 0 kqueue 13 20K 26K 166960K 77 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 89 0 86 1 0 1 1 0 8 0 rtentry 112 289 0 208 4 0 4 4 0 8 0 unpcb 144 599 0 584 6 0 6 6 0 8 5 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 195 0 191 7 0 7 7 0 8 6 arp 88 49 0 35 1 0 1 1 0 8 0 inpcb 336 951 0 944 20 11 9 20 0 8 8 nd6 104 73 0 54 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 0 1 1 0 8 1 kcovpl 48 24 0 17 1 0 1 1 0 8 0 ppxss 1072 6 0 5 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pfrule 1344 5 0 3 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1202 0 827 29 0 29 29 0 8 2 art_table 32 1204 0 827 4 0 4 4 0 8 0 art_node 16 287 0 215 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0 semapl 112 15 0 5 1 0 1 1 0 8 0 shmpl 112 19 0 1 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 2307 0 782 96 0 96 96 0 8 0 ffsino 240 2307 0 782 91 0 91 91 0 8 1 nchpl 144 3045 0 1355 64 0 64 64 0 8 0 uvmvnodes 80 2884 0 0 59 0 59 59 0 8 0 vnodes 216 2884 0 0 161 0 161 161 0 8 0 namei 1024 11460 0 11459 2 0 2 2 0 8 1 vcpupl 3904 3 0 1 1 0 1 1 0 8 0 vmpool 664 5 0 3 1 0 1 1 0 8 0 kstatmem 264 72 0 50 2 0 2 2 0 8 0 scxspl 216 12142 0 12142 8 0 8 8 1 8 8 plimitpl 152 120 0 104 1 0 1 1 0 8 0 sigapl 424 971 0 929 7 0 7 7 0 8 1 futexpl 64 6384 0 6384 1 0 1 1 0 8 1 knotepl 120 15524 0 15477 10 0 10 10 0 8 8 kqueuepl 184 254 0 244 4 0 4 4 0 8 3 pipepl 288 198 0 171 3 0 3 3 0 8 0 fdescpl 432 953 0 929 5 0 5 5 0 8 1 filepl 120 5531 0 5310 17 2 15 17 0 8 7 lockfpl 104 163 0 161 1 0 1 1 0 8 0 lockfspl 48 71 0 69 1 0 1 1 0 8 0 sessionpl 144 37 0 29 1 0 1 1 0 8 0 pgrppl 48 67 0 51 1 0 1 1 0 8 0 ucredpl 104 644 0 633 1 0 1 1 0 8 0 zombiepl 144 929 0 929 1 0 1 1 0 8 1 processpl 1096 971 0 929 4 0 4 4 0 8 0 procpl 648 1534 0 1491 6 0 6 6 0 8 1 sosppl 168 5 0 5 1 0 1 1 0 8 1 sockpl 504 1645 0 1620 33 21 12 33 0 8 8 mcl64k 65536 5 0 5 1 0 1 1 0 8 1 mcl8k 8192 12 0 12 1 0 1 1 0 8 1 mcl4k 4096 6 0 6 1 0 1 1 0 8 1 mcl2k 2048 6198 0 6099 26 5 21 26 0 8 6 mtagpl 96 8 0 8 1 0 1 1 0 8 1 mbufpl 256 12247 0 12072 20 1 19 20 0 8 5 bufpl 280 6614 0 369 447 0 447 447 0 8 0 anonpl 24 191543 0 188766 80 0 80 80 0 187 52 amapchunkpl 152 24611 0 24312 41 0 41 41 0 158 24 amappl16 200 3929 0 3922 15 6 9 15 0 8 8 amappl15 192 3 0 3 1 0 1 1 0 8 1 amappl14 184 134 0 124 1 0 1 1 0 8 0 amappl13 176 10 0 10 1 0 1 1 0 8 1 amappl12 168 1803 0 1781 3 0 3 3 0 8 1 amappl11 160 66 0 56 1 0 1 1 0 8 0 amappl10 152 14 0 14 1 0 1 1 0 8 1 amappl9 144 137 0 137 1 0 1 1 0 8 1 amappl8 136 41 0 40 1 0 1 1 0 8 0 amappl7 128 126 0 116 1 0 1 1 0 8 0 amappl6 120 325 0 324 1 0 1 1 0 8 0 amappl5 112 195 0 186 1 0 1 1 0 8 0 amappl4 104 327 0 310 1 0 1 1 0 8 0 amappl3 96 4622 0 4553 4 0 4 4 0 8 1 amappl2 88 804 0 747 2 0 2 2 0 8 0 amappl1 80 10104 0 9582 14 0 14 14 0 8 2 amappl 88 6728 0 6616 5 0 5 5 0 92 1 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 7 0 7 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 21 0 1 1 0 1 1 0 8 0 uaddrrnd 24 958 0 932 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 958 0 932 1 0 1 1 0 8 0 vmmpekpl 168 8885 0 8836 3 0 3 3 0 8 0 vmmpepl 168 65600 0 64160 91 0 91 91 0 357 18 vmsppl 344 957 0 932 4 0 4 4 0 8 1 rwobjpl 24 24039 0 20358 23 0 23 23 0 8 0 pdppl 4096 1922 0 1866 119 49 70 82 0 8 14 pvpl 32 499575 0 491952 356 10 346 356 0 265 263 pmappl 216 957 0 932 3 0 3 3 0 8 1 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 458 0 87 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806f06c1f0,41c0,fffffd807f7d7618,ffff800034200fc8) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800034201030) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1c388,ffff800034201190,ffff8000342011c0,ffff8000342010c0) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff800037681468,ffffff9c,76c239739da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800034201340) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76c239739d60, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ab318) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806f06c1f0,41c0,fffffd807f7d7618,ffff800034200fc8) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff800034201030) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806ef1c388,ffff800034201190,ffff8000342011c0,ffff8000342010c0) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff800037681468,ffffff9c,76c239739da0,1c0) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 syscall(ffff800034201340) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76c239739d60, count: -8