panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *259364 87097 0 0x2 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830aec08) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806c4b33c0,41ed,fffffd807f7d7820,ffff80002a5d5238) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a5d52a0) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806c4886f8,ffff80002a5d5400,ffff80002a5d5430,ffff80002a5d5330) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4a2cc0,ffffff9c,71c107930fa0,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3101 syscall(ffff80002a5d55b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x71c107931030, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830aec08) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806c4b33c0,41ed,fffffd807f7d7820,ffff80002a5d5238) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a5d52a0) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806c4886f8,ffff80002a5d5400,ffff80002a5d5430,ffff80002a5d5330) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4a2cc0,ffffff9c,71c107930fa0,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3101 syscall(ffff80002a5d55b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x71c107931030, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a5d4fd0 rbx 0xfffffd8073dbe700 rdx 0 rcx 0 rax 0xffff80002a4a2cc0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x2a9b9b488cc35d4b r11 0xb7a4a91cce8ea7fe r12 0 r13 0xfffffd80786684b8 r14 0 r15 0x1 rip 0xffffffff81b323e5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a5d4fc0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=259364 pid=87097 tcnt=1 stat=onproc flags process=2 proc=0 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4a31d0,0xffff80002a4a27c0 process=0xffff80002a465570 user=0xffff80002a5d0000, vmspace=0xfffffd807454e160 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=3, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 81013 310880 4519 0 2 0x480 syz-executor 81013 506842 4519 0 3 0x4000080 kqsel syz-executor 81013 271215 4519 0 3 0x4000080 fsleep syz-executor 25048 399063 0 0 3 0x14280 nfsidl nfsio 76870 314020 0 0 3 0x14280 nfsidl nfsio 97904 196874 0 0 3 0x14280 nfsidl nfsio 70297 394446 0 0 3 0x14280 nfsidl nfsio 34344 441740 0 0 3 0x14280 nfsidl nfsio 60548 22862 0 0 3 0x14280 nfsidl nfsio 38716 344084 0 0 3 0x14280 nfsidl nfsio 28593 389999 0 0 3 0x14280 nfsidl nfsio 42438 238804 0 0 3 0x14280 nfsidl nfsio 89694 356284 0 0 3 0x14280 nfsidl nfsio 40687 427123 0 0 3 0x14280 nfsidl nfsio 78680 460992 0 0 3 0x14280 nfsidl nfsio 67448 171071 0 0 3 0x14280 nfsidl nfsio 5848 152576 0 0 3 0x14280 nfsidl nfsio 77059 406671 0 0 3 0x14280 nfsidl nfsio 60361 459416 0 0 3 0x14280 nfsidl nfsio 19672 120886 0 0 3 0x14280 nfsidl nfsio 88305 277403 0 0 3 0x14280 nfsidl nfsio 26759 6210 0 0 3 0x14280 nfsidl nfsio 95654 19902 0 0 3 0x14280 nfsidl nfsio 30434 135300 27184 60929 2 0x490 syz-executor 30434 151909 27184 60929 3 0x4000090 bell syz-executor 30434 128112 27184 60929 3 0x4000090 fsleep syz-executor 73384 401461 91592 0 2 0x480 syz-executor 73384 144365 91592 0 3 0x4000080 nanoslp syz-executor 73384 490601 91592 0 3 0x4000080 fsleep syz-executor 63368 294440 22779 0 3 0x80 nanoslp syz-executor 63368 413303 22779 0 3 0x4000080 kqpoll syz-executor 63368 483293 22779 0 3 0x4000080 fsleep syz-executor 63368 463470 22779 0 3 0x4000080 fsleep syz-executor 83768 219633 0 0 3 0x14200 bored sosplice *87097 259364 57469 0 7 0x2 syz-executor 27184 155692 57469 0 3 0x82 nanoslp syz-executor 22779 198214 57469 0 3 0x82 nanoslp syz-executor 81367 360084 57469 0 2 0x482 syz-executor 91592 389004 57469 0 3 0x82 nanoslp syz-executor 43476 123160 57469 0 3 0x82 nanoslp syz-executor 4519 198163 57469 0 2 0x482 syz-executor 57469 148283 65574 0 3 0x82 wait syz-executor 65574 211587 57039 0 3 0x10008a sigsusp ksh 57039 87478 73771 0 3 0x98 kqread sshd-session 73771 470923 79840 0 3 0x92 kqread sshd-session 25042 370085 1 0 3 0x100083 ttyin getty 79840 347450 1 0 3 0x88 kqread sshd 46063 383828 82834 73 3 0x1100090 kqread syslogd 82834 173742 1 0 3 0x100082 sbwait syslogd 77614 45300 1 0 3 0x100080 kqread resolvd 9729 317420 45060 77 3 0x100092 kqread dhcpleased 89293 78938 45060 77 3 0x100092 kqread dhcpleased 45060 222186 1 0 3 0x80 kqread dhcpleased 62610 226446 0 0 3 0x14200 bored smr 35176 151407 0 0 2 0x14200 zerothread 85422 203337 0 0 3 0x14200 aiodoned aiodoned 49335 380580 0 0 3 0x14200 syncer update 76808 496895 0 0 3 0x14200 cleaner cleaner 54132 358259 0 0 3 0x14200 reaper reaper 90047 444369 0 0 3 0x14200 pgdaemon pagedaemon 73844 110611 0 0 3 0x14200 bored viomb 50695 208788 0 0 3 0x40014200 acpi0 acpi0 37618 308502 0 0 3 0x14200 bored softnet3 79357 278856 0 0 3 0x14200 bored softnet2 38810 46557 0 0 3 0x14200 bored softnet1 22461 58118 0 0 3 0x14200 bored softnet0 69309 26222 0 0 3 0x14200 bored systqmp 26604 202473 0 0 3 0x14200 bored systq 28055 505068 0 0 3 0x40014200 tmoslp softclock 76923 47957 0 0 3 0x40014200 idle0 1 469303 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10175 10021K 10212K 166960K 11305 0 pcb 44 13K 14K 166960K 108 0 rtable 239 7K 7K 166960K 365 0 pf 33 13K 15K 166960K 37 0 ifaddr 43 7K 7K 166960K 45 0 ifgroup 52 2K 2K 166960K 55 0 counters 31 17K 17K 166960K 31 0 ioctlops 0 0K 4K 166960K 43 0 iov 0 0K 4K 166960K 4 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1372 86K 86K 166960K 1417 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 3 0K 0K 166960K 3 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 16 57K 85K 166960K 189 0 sigio 0 0K 0K 166960K 1 0 proc 57 59K 83K 166960K 477 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 9 0 in_multi 99 7K 7K 166960K 100 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 345 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 216 72K 72K 166960K 3063 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 37 74K 88K 166960K 1202 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 4 0 NDP 12 0K 2K 166960K 28 0 temp 37 6802K 6882K 166960K 3860 0 kqueue 17 24K 26K 166960K 33 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 40 0 35 1 0 1 1 0 8 0 rtentry 112 112 0 1 4 0 4 4 0 8 0 unpcb 144 233 0 177 7 0 7 7 0 8 4 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 16 0 11 1 0 1 1 0 8 0 arp 88 18 0 0 1 0 1 1 0 8 0 inpcb 336 241 0 206 7 0 7 7 0 8 3 nd6 104 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 1 0 0 1 0 1 1 0 8 0 pfrule 1344 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 454 0 0 4 0 4 4 0 8 0 art_node 16 111 0 10 1 0 1 1 0 8 0 semapl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1625 0 126 94 0 94 94 0 8 0 ffsino 240 1628 0 129 89 0 89 89 0 8 0 nchpl 144 1891 0 218 63 0 63 63 0 8 0 uvmvnodes 80 1771 0 0 37 0 37 37 0 8 0 vnodes 216 1771 0 0 99 0 99 99 0 8 0 namei 1024 5753 0 5752 1 0 1 1 0 8 0 kstatmem 264 24 0 0 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 5465 0 5465 3 0 3 3 1 8 3 plimitpl 152 39 0 20 1 0 1 1 0 8 0 sigapl 424 487 0 422 8 0 8 8 0 8 0 futexpl 64 990 0 985 1 0 1 1 0 8 0 knotepl 120 4116 0 4046 3 0 3 3 0 8 0 kqueuepl 184 67 0 21 3 0 3 3 0 8 0 pipepl 288 106 0 79 3 0 3 3 0 8 1 fdescpl 432 450 0 422 4 0 4 4 0 8 0 filepl 120 1997 0 1641 15 0 15 15 0 8 4 lockfpl 104 24 0 22 1 0 1 1 0 8 0 lockfspl 48 13 0 11 1 0 1 1 0 8 0 sessionpl 144 21 0 13 1 0 1 1 0 8 0 pgrppl 48 29 0 13 1 0 1 1 0 8 0 ucredpl 104 202 0 189 1 0 1 1 0 8 0 zombiepl 144 425 0 422 1 0 1 1 0 8 0 processpl 1096 487 0 422 5 0 5 5 0 8 0 procpl 648 569 0 495 7 0 7 7 0 8 0 sosppl 168 3 0 3 1 0 1 1 0 8 1 sockpl 504 515 0 419 29 1 28 28 0 8 15 mcl8k 8192 9 0 9 1 0 1 1 0 8 1 mcl4k 4096 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 4996 0 4898 32 11 21 32 0 8 8 mtagpl 96 4 0 4 1 0 1 1 0 8 1 mbufpl 256 6877 0 6693 17 2 15 17 0 8 2 bufpl 280 2359 0 89 163 0 163 163 0 8 0 anonpl 24 112790 0 109418 23 0 23 23 0 187 2 amapchunkpl 152 9542 0 9089 20 0 20 20 0 158 0 amappl16 200 2506 0 2472 5 0 5 5 0 8 3 amappl15 192 5 0 5 1 0 1 1 0 8 1 amappl14 184 128 0 118 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 0 1 1 0 8 1 amappl12 168 1058 0 1030 2 0 2 2 0 8 0 amappl11 160 53 0 43 1 0 1 1 0 8 0 amappl10 152 10 0 10 1 0 1 1 0 8 1 amappl9 144 139 0 139 1 0 1 1 0 8 1 amappl8 136 15 0 14 1 0 1 1 0 8 0 amappl7 128 93 0 83 1 0 1 1 0 8 0 amappl6 120 176 0 174 1 0 1 1 0 8 0 amappl5 112 121 0 113 1 0 1 1 0 8 0 amappl4 104 281 0 266 1 0 1 1 0 8 0 amappl3 96 1897 0 1810 3 0 3 3 0 8 0 amappl2 88 654 0 585 2 0 2 2 0 8 0 amappl1 80 7615 0 7084 12 0 12 12 0 8 0 amappl 88 2725 0 2564 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 450 0 422 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 450 0 422 1 0 1 1 0 8 0 vmmpekpl 168 5571 0 5531 2 0 2 2 0 8 0 vmmpepl 168 34982 0 33275 79 0 79 79 0 357 1 vmsppl 344 449 0 422 4 0 4 4 0 8 1 rwobjpl 24 15074 0 12448 16 0 16 16 0 8 0 pdppl 4096 907 0 844 91 22 69 77 0 8 6 pvpl 32 238390 0 229734 79 0 79 79 0 265 3 pmappl 216 449 0 422 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 404 0 36 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830aec08) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806c4b33c0,41ed,fffffd807f7d7820,ffff80002a5d5238) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a5d52a0) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806c4886f8,ffff80002a5d5400,ffff80002a5d5430,ffff80002a5d5330) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4a2cc0,ffffff9c,71c107930fa0,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3101 syscall(ffff80002a5d55b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x71c107931030, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830aec08) at panic+0x1cf sys/kern/subr_prf.c:198 ffs_inode_alloc(fffffd806c4b33c0,41ed,fffffd807f7d7820,ffff80002a5d5238) at ffs_inode_alloc+0x96c sys/ufs/ffs/ffs_alloc.c:404 ufs_mkdir(ffff80002a5d52a0) at ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 VOP_MKDIR(fffffd806c4886f8,ffff80002a5d5400,ffff80002a5d5430,ffff80002a5d5330) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff80002a4a2cc0,ffffff9c,71c107930fa0,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3101 syscall(ffff80002a5d55b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x71c107931030, count: -8