kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Feb 14 23:24:29 PST 2022 OpenBSD/amd64 (ci-openbsd-setuid-1.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts. 2022/02/14 23:31:07 parsed 1 programs 2022/02/14 23:31:10 executed programs: 0 2022/02/14 23:31:15 executed programs: 173 2022/02/14 23:31:20 executed programs: 383 2022/02/14 23:31:25 executed programs: 602 2022/02/14 23:31:30 executed programs: 816 2022/02/14 23:31:35 executed programs: 1025 2022/02/14 23:31:41 executed programs: 1250 2022/02/14 23:31:46 executed programs: 1466 2022/02/14 23:31:51 executed programs: 1685 2022/02/14 23:31:56 executed programs: 1901 2022/02/14 23:32:01 executed programs: 2113 2022/02/14 23:32:06 executed programs: 2330 2022/02/14 23:32:11 executed programs: 2549 2022/02/14 23:32:16 executed programs: 2756 2022/02/14 23:32:21 executed programs: 2974 2022/02/14 23:32:26 executed programs: 3192 2022/02/14 23:32:31 executed programs: 3403 2022/02/14 23:32:36 executed programs: 3617 2022/02/14 23:32:41 executed programs: 3828 2022/02/14 23:32:46 executed programs: 4039 2022/02/14 23:32:51 executed programs: 4251 2022/02/14 23:32:56 executed programs: 4471 2022/02/14 23:33:01 executed programs: 4684 2022/02/14 23:33:06 executed programs: 4906 2022/02/14 23:33:11 executed programs: 5126 2022/02/14 23:33:16 executed programs: 5347 2022/02/14 23:33:21 executed programs: 5560 login: panic: ufs_rename: lost dir entry Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 81330 53902 32767 0x10 0x4000000 0 syz-executor.4 * 94523 53902 32767 0x10 0x4000000 1K syz-executor.4 db_enter() at db_enter+0x18 panic(ffffffff825858e8) at panic+0x177 ufs_rename(ffff800021351238) at ufs_rename+0x1649 VOP_RENAME(fffffd807a9d2d38,fffffd80789af708,ffff800021351408,fffffd807a9d22b8,fffffd80789afe08,ffff800021351358) at VOP_RENAME+0xf0 dorenameat(ffff8000212677a8,4,200001c0,ffffff9c,20000200) at dorenameat+0x29c syscall(ffff8000213515a0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4502c0b9620, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: ufs_rename: lost dir entry ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff825858e8) at panic+0x177 ufs_rename(ffff800021351238) at ufs_rename+0x1649 VOP_RENAME(fffffd807a9d2d38,fffffd80789af708,ffff800021351408,fffffd807a9d22b8,fffffd80789afe08,ffff800021351358) at VOP_RENAME+0xf0 dorenameat(ffff8000212677a8,4,200001c0,ffffff9c,20000200) at dorenameat+0x29c syscall(ffff8000213515a0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4502c0b9620, count: -7 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800021350fc0 rbx 0xffff800020ce9bff rdx 0x3fd rcx 0 rax 0x22 r8 0x101010101010101 r9 0x8080808080808080 r10 0x18e6f4de7ff0ffc8 r11 0x5e0e0a3cfa88c30d r12 0xffff800020ce9a00 r13 0 r14 0 r15 0x1 rip 0xffffffff8126cb68 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021350fb0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.4) pid=94523 stat=onproc flags process=10 proc=4000000 pri=17, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff6010,0xffff8000212662b8 process=0xffff800021328448 user=0xffff80002134c000, vmspace=0xfffffd807bfa28b8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 53541 202192 48409 32767 2 0x10 syz-executor.7 93272 41209 73465 32767 2 0x10 syz-executor.1 57820 292711 14306 32767 2 0x10 syz-executor.6 32023 107318 64526 32767 2 0x10 syz-executor.5 32023 219837 64526 32767 3 0x4000010 biowait syz-executor.5 32023 226412 64526 32767 3 0x4000090 fsleep syz-executor.5 36229 437292 6063 32767 2 0x10 syz-executor.2 36229 179064 6063 32767 2 0x4000010 syz-executor.2 36229 387179 6063 32767 3 0x4000010 inode syz-executor.2 83110 500489 64383 32767 2 0x10 syz-executor.3 83110 902 64383 32767 3 0x4000010 biowait syz-executor.3 83110 244841 64383 32767 3 0x4000090 fsleep syz-executor.3 90002 233985 32640 32767 2 0x10 syz-executor.0 90002 123931 32640 32767 2 0x4000010 syz-executor.0 90002 490389 32640 32767 3 0x4000090 fsleep syz-executor.0 53902 139222 32645 32767 2 0x10 syz-executor.4 53902 95922 32645 32767 2 0x4000010 syz-executor.4 53902 81330 32645 32767 7 0x4000010 syz-executor.4 *53902 94523 32645 32767 7 0x4000010 syz-executor.4 48409 3274 64539 32767 3 0x90 nanoslp syz-executor.7 64539 523392 5073 0 3 0x82 wait syz-executor.7 6063 479565 32700 32767 3 0x90 nanoslp syz-executor.2 32645 241418 3282 32767 3 0x90 nanoslp syz-executor.4 32700 112385 5073 0 3 0x82 wait syz-executor.2 64383 381078 24338 32767 3 0x90 nanoslp syz-executor.3 3282 151577 5073 0 3 0x82 wait syz-executor.4 64526 142585 52585 32767 3 0x90 nanoslp syz-executor.5 24338 429797 5073 0 3 0x82 wait syz-executor.3 52585 157025 5073 0 3 0x82 wait syz-executor.5 73465 222904 75165 32767 3 0x90 nanoslp syz-executor.1 14306 279536 75759 32767 3 0x90 nanoslp syz-executor.6 75165 449162 5073 0 3 0x82 wait syz-executor.1 75759 293476 5073 0 3 0x82 wait syz-executor.6 32640 53390 11581 32767 3 0x90 nanoslp syz-executor.0 11581 454959 5073 0 3 0x82 wait syz-executor.0 5073 522053 23125 0 3 0x82 thrsleep syz-execprog 5073 502603 23125 0 3 0x4000082 thrsleep syz-execprog 5073 452713 23125 0 3 0x4000082 thrsleep syz-execprog 5073 278245 23125 0 3 0x4000082 kqread syz-execprog 5073 496685 23125 0 3 0x4000082 thrsleep syz-execprog 5073 50384 23125 0 3 0x4000082 thrsleep syz-execprog 5073 86572 23125 0 3 0x4000082 thrsleep syz-execprog 5073 40245 23125 0 3 0x4000082 thrsleep syz-execprog 5073 332214 23125 0 3 0x4000082 thrsleep syz-execprog 23125 372477 66526 0 3 0x10008a sigsusp ksh 66526 417452 16062 0 3 0x9a kqread sshd 16527 268704 1 0 3 0x100083 ttyin getty 16062 479732 1 0 3 0x88 kqread sshd 87489 241907 13214 73 3 0x100090 kqread syslogd 13214 320110 1 0 3 0x100082 netio syslogd 30142 39603 1 0 3 0x100080 kqread resolvd 87074 507895 45307 77 3 0x100092 kqread dhcpleased 60967 487809 45307 77 3 0x100092 kqread dhcpleased 45307 263836 1 0 3 0x80 kqread dhcpleased 71573 96797 0 0 3 0x14200 bored smr 12957 405946 0 0 2 0x14200 zerothread 16784 420704 0 0 3 0x14200 aiodoned aiodoned 7231 245529 0 0 3 0x14200 syncer update 22512 252281 0 0 3 0x14200 cleaner cleaner 17216 35592 0 0 3 0x14200 reaper reaper 66367 419159 0 0 3 0x14200 pgdaemon pagedaemon 61589 4621 0 0 3 0x14200 bored viomb 30293 234122 0 0 3 0x40014200 acpi0 acpi0 28161 472484 0 0 3 0x40014200 idle1 95701 38075 0 0 3 0x14200 bored softnet 7188 432468 0 0 3 0x14200 bored systqmp 26826 83453 0 0 3 0x14200 bored systq 29799 324437 0 0 3 0x40014200 bored softclock 96194 30816 0 0 3 0x40014200 idle0 1 44187 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 32023 (syz-executor.5) thread 0xffff80002130c7e0 (219837) exclusive rrwlock inode r = 0 (0xfffffd8074e074d8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 ufs_rename+0x18b #6 VOP_RENAME+0xf0 #7 dorenameat+0x29c #8 syscall+0x489 #9 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806a052f88) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x122c #9 VOP_LOOKUP+0x58 #10 vfs_lookup+0x6e5 #11 namei+0x36a #12 dorenameat+0x100 #13 syscall+0x489 #14 Xsyscall+0x128 Process 36229 (syz-executor.2) thread 0xffff80002130da40 (179064) exclusive rrwlock inode r = 0 (0xfffffd806a052b48) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 ufs_ihashins+0x42 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1be #7 ufs_mkdir+0xf4 #8 VOP_MKDIR+0xbf #9 domkdirat+0x121 #10 syscall+0x489 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8074e07c48) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_lookup+0xd1 #6 namei+0x36a #7 domkdirat+0x75 #8 syscall+0x489 #9 Xsyscall+0x128 Process 83110 (syz-executor.3) thread 0xffff80002130cfc0 (902) exclusive rrwlock inode r = 0 (0xfffffd8074e071a8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x13ba #9 VOP_LOOKUP+0x58 #10 vfs_relookup+0xb0 #11 ufs_rename+0x1446 #12 VOP_RENAME+0xf0 #13 dorenameat+0x29c #14 syscall+0x489 #15 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806a052d68) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_relookup+0x53 #6 ufs_rename+0x1446 #7 VOP_RENAME+0xf0 #8 dorenameat+0x29c #9 syscall+0x489 #10 Xsyscall+0x128 Process 90002 (syz-executor.0) thread 0xffff80002130d260 (123931) exclusive rrwlock inode r = 0 (0xfffffd806a052708) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 ufs_rename+0x18b #6 VOP_RENAME+0xf0 #7 dorenameat+0x29c #8 syscall+0x489 #9 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8074e07918) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x1351 #9 VOP_LOOKUP+0x58 #10 vfs_lookup+0x6e5 #11 namei+0x36a #12 dorenameat+0x100 #13 syscall+0x489 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8074e07a28) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x122c #9 VOP_LOOKUP+0x58 #10 vfs_lookup+0x6e5 #11 namei+0x36a #12 dorenameat+0x100 #13 syscall+0x489 #14 Xsyscall+0x128 Process 53902 (syz-executor.4) thread 0xffff8000212677a8 (94523) exclusive rrwlock inode r = 0 (0xfffffd8074e07098) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x13ba #9 VOP_LOOKUP+0x58 #10 vfs_relookup+0xb0 #11 ufs_rename+0x1446 #12 VOP_RENAME+0xf0 #13 dorenameat+0x29c #14 syscall+0x489 #15 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8074e073c8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_relookup+0x53 #6 ufs_rename+0x1446 #7 VOP_RENAME+0xf0 #8 dorenameat+0x29c #9 syscall+0x489 #10 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829aeaf8) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 #2 mi_switch+0x3d3 #3 sleep_finish+0x1b2 #4 tsleep+0x12c #5 biowait+0x91 #6 bwrite+0x21b #7 ffs_update+0x27d #8 ffs_truncate+0xcec #9 ufs_rename+0x1360 #10 VOP_RENAME+0xf0 #11 dorenameat+0x29c #12 syscall+0x489 #13 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10168 6406K 6419K 78643K 11258 0 pcb 13 8K 8K 78643K 13 0 rtable 238 6K 7K 78643K 348 0 ifaddr 81 16K 16K 78643K 82 0 counters 56 35K 35K 78643K 56 0 ioctlops 0 0K 2K 78643K 33 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1166 73K 73K 78643K 1179 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 26 97K 125K 78643K 5916 0 proc 56 74K 123K 78643K 451 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 6K 6K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 608 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 288 76K 76K 78643K 79752 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 11 0K 2K 78643K 27 0 temp 52 4687K 4751K 78643K 39855 0 kqueue 12 18K 18K 78643K 25 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}>