panic: bad dir Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *518512 88429 0 0x2 0 1K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8302e260) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff80002a0baad8,ffff80002a0baad8,9878a953c6638377) at ufs_dirbadentry VOP_LOOKUP(fffffd8061e367f8,ffff80002a0baca8,ffff80002a0bacd8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a0bac78) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a0bac78) at namei+0x7aa sys/kern/vfs_lookup.c:250 dofstatat(ffff80002a03ea38,ffffff9c,735e246bae00,735e246bb200,2) at dofstatat+0xd2 sys/kern/vfs_syscalls.c:2069 syscall(ffff80002a0baef0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a0baef0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x735e246bb2b0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: bad dir ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8302e260) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff80002a0baad8,ffff80002a0baad8,9878a953c6638377) at ufs_dirbadentry VOP_LOOKUP(fffffd8061e367f8,ffff80002a0baca8,ffff80002a0bacd8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a0bac78) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a0bac78) at namei+0x7aa sys/kern/vfs_lookup.c:250 dofstatat(ffff80002a03ea38,ffffff9c,735e246bae00,735e246bb200,2) at dofstatat+0xd2 sys/kern/vfs_syscalls.c:2069 syscall(ffff80002a0baef0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a0baef0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x735e246bb2b0, count: -9 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a0ba900 rbx 0xffff800029b7cdbf rdx 0 rcx 0xffff80002a03ea38 rax 0xffff800029b7bff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x210e1f97dcf17c5 r11 0xa158f6a25051ad1 r12 0xffff800029b7cbc0 r13 0 r14 0 r15 0x1 rip 0xffffffff823851f5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a0ba8f0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=518512 pid=88429 tcnt=1 stat=onproc flags process=2 proc=0 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a03e528,0xffff80002a03ef58 process=0xffff8000ffffb1e8 user=0xffff80002a0b5000, vmspace=0xfffffd807eb771c0 estcpu=36, cpticks=2, pctcpu=0.7, user=2, sys=21, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 78354 191501 67782 0 3 0x80 fsleep syz-executor 78354 256462 67782 0 3 0x4000080 ttyout syz-executor 89614 73480 16866 0 3 0x80 fsleep syz-executor 89614 479240 16866 0 3 0x4000080 netcon syz-executor 57739 410524 19298 0 3 0x80 fsleep syz-executor 57739 283994 19298 0 3 0x4000080 rest syz-executor 50443 333737 44336 0 3 0x80 fsleep syz-executor 50443 285085 44336 0 3 0x4000080 netcon syz-executor 83249 327731 17000 0 3 0x80 fsleep syz-executor 83249 500430 17000 0 3 0x4000080 kqsel syz-executor 82127 60810 1 0 3 0x100083 ttyin getty 57609 395554 47144 0 3 0x82 wait syz-executor 10855 415431 0 0 3 0x14200 bored sosplice 19298 489542 47144 0 3 0x82 nanoslp syz-executor 67782 347121 47144 0 3 0x82 nanoslp syz-executor 44336 392376 47144 0 3 0x82 nanoslp syz-executor 49812 510300 47144 0 3 0x82 wait syz-executor 16866 330381 47144 0 3 0x82 nanoslp syz-executor 17000 111855 47144 0 3 0x82 nanoslp syz-executor *88429 518512 47144 0 7 0x2 syz-executor 47144 206850 76439 0 3 0x82 kqread syz-executor 76439 226074 33724 0 3 0x10008a sigsusp ksh 33724 160101 32066 0 3 0x98 kqread sshd-session 32066 127349 3424 0 3 0x92 kqread sshd-session 3424 458912 1 0 3 0x88 kqread sshd 14730 267526 44930 74 3 0x1100092 bpf pflogd 44930 19090 1 0 3 0x80 sbwait pflogd 64054 392837 10083 73 3 0x1100090 kqread syslogd 10083 457456 1 0 3 0x100082 sbwait syslogd 6416 338290 1 0 3 0x100080 kqread resolvd 47001 33905 35662 77 3 0x100092 kqread dhcpleased 84843 192626 35662 77 3 0x100092 kqread dhcpleased 35662 258526 1 0 3 0x80 kqread dhcpleased 71578 15367 0 0 3 0x14200 bored smr 74290 47146 0 0 3 0x14200 pgzero zerothread 27830 367413 0 0 3 0x14200 aiodoned aiodoned 62106 512033 0 0 3 0x14200 syncer update 26273 153286 0 0 3 0x14200 cleaner cleaner 59995 389097 0 0 3 0x14200 reaper reaper 16955 286508 0 0 3 0x14200 pgdaemon pagedaemon 1139 210534 0 0 3 0x14200 bored viomb 24359 28871 0 0 3 0x40014200 acpi0 acpi0 62206 408353 0 0 3 0x40014200 idle1 82406 41110 0 0 3 0x14200 bored softnet3 704 256449 0 0 3 0x14200 bored softnet2 75358 204729 0 0 3 0x14200 bored softnet1 66451 58513 0 0 3 0x14200 bored softnet0 68492 246684 0 0 3 0x14200 bored systqmp 31785 368629 0 0 3 0x14200 bored systq 51371 174968 0 0 3 0x14200 tmoslp softclockmp 27905 318004 0 0 3 0x40014200 tmoslp softclock 58413 411449 0 0 7 0x40014200 idle0 1 192673 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 88429 (syz-executor) thread 0xffff80002a03ea38 (518512) exclusive rrwlock inode r = 0 (0xfffffd806dfafc50) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vget+0x2bd sys/kern/vfs_subr.c:678 #6 cache_lookup+0x36e sys/kern/vfs_cache.c:222 #7 ufs_lookup+0x218 sys/ufs/ufs/ufs_lookup.c:160 #8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #9 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 #10 namei+0x7aa sys/kern/vfs_lookup.c:250 #11 dofstatat+0xd2 sys/kern/vfs_syscalls.c:2069 #12 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] #12 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #13 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8358f6c8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:178 [inline] #1 syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10216 11328K 11492K 166960K 12034 0 pcb 17 14K 16K 166960K 185 0 rtable 210 6K 7K 166960K 461 0 pf 38 18K 19K 166960K 128 0 ifaddr 40 6K 7K 166960K 63 0 ifgroup 61 2K 2K 166960K 81 0 sysctl 3 1K 1K 166960K 3 0 counters 68 36K 37K 166960K 78 0 ioctlops 0 0K 4K 166960K 1577 0 iov 0 0K 28K 166960K 15 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1433 90K 90K 166960K 1864 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 22 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 17 61K 93K 166960K 570 0 sigio 0 0K 0K 166960K 5 0 proc 72 91K 128K 166960K 611 0 subproc 104 6K 6K 166960K 117 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 187 0 in_multi 80 6K 6K 166960K 155 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 460 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 241 73K 86K 166960K 6860 0 UVM aobj 84 3K 3K 166960K 84 0 pinsyscall 42 84K 105K 166960K 1684 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 63 0 NDP 14 0K 1K 166960K 41 0 temp 47 6820K 7076K 166960K 16859 0 kqueue 13 20K 30K 166960K 98 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 192 0 189 3 2 1 3 0 8 0 rtentry 112 145 0 50 3 0 3 3 0 8 0 unpcb 144 479 0 462 4 0 4 4 0 8 3 syncache 336 7 0 7 4 3 1 1 0 8 1 tcpqe 32 2 0 2 2 1 1 1 0 8 1 tcpcb 808 295 0 287 10 8 2 6 0 8 0 arp 120 22 0 4 1 0 1 1 0 8 0 inpcb 336 832 0 820 13 6 7 7 0 8 5 nd6 136 33 0 15 1 0 1 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1168 3 0 2 1 0 1 1 0 8 0 pffrag 232 4 0 1 1 0 1 1 0 482 0 pffrnode 88 4 0 1 1 0 1 1 0 8 0 pffrent 40 5 0 2 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 48 0 3 1 0 1 1 0 8 0 pfstkey 128 48 0 3 2 0 2 2 0 8 0 pfstate 376 48 0 3 5 0 5 5 0 8 0 pfrule 1344 87 0 81 2 0 2 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 654 0 276 29 2 27 27 0 8 1 art_table 32 656 0 276 4 0 4 4 0 8 0 art_node 16 144 0 57 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 3 1 0 1 1 0 8 0 semapl 112 20 0 10 1 0 1 1 0 8 0 shmpl 112 81 0 0 3 0 3 3 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 2362 0 859 95 0 95 95 0 8 0 ffsino 272 2362 0 859 102 1 101 102 0 8 0 nchpl 144 3153 0 1467 63 0 63 63 0 8 0 uvmvnodes 80 2808 0 0 58 0 58 58 0 8 0 vnodes 216 2808 0 0 156 0 156 156 0 8 0 namei 1024 11099 0 11098 2 1 1 1 0 8 0 percpumem 16 53 0 5 1 0 1 1 0 8 0 kstatmem 264 38 0 10 3 0 3 3 0 8 1 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 9418 0 9418 10 2 8 8 1 8 8 plimitpl 152 230 0 213 1 0 1 1 0 8 0 sigapl 424 872 0 822 7 1 6 7 0 8 0 futexpl 64 7661 0 7656 1 0 1 1 0 8 0 knotepl 120 533 0 0 17 0 17 17 0 8 0 kqueuepl 216 143 0 132 2 1 1 2 0 8 0 pipepl 320 151 0 124 3 0 3 3 0 8 0 fdescpl 496 852 0 821 6 1 5 5 0 8 0 filepl 152 5613 0 5354 19 2 17 17 0 8 4 lockfpl 104 281 0 279 2 0 2 2 0 8 1 lockfspl 48 70 0 68 1 0 1 1 0 8 0 sessionpl 144 27 0 18 1 0 1 1 0 8 0 pgrppl 48 45 0 28 1 0 1 1 0 8 0 ucredpl 104 612 0 599 1 0 1 1 0 8 0 zombiepl 144 824 0 822 2 1 1 1 0 8 0 processpl 1160 872 0 822 5 1 4 5 0 8 0 procpl 648 1589 0 1534 6 0 6 6 0 8 0 srpgc 96 5 0 5 2 2 0 1 0 8 0 sosppl 168 1 0 1 1 1 0 1 0 8 0 sockpl 664 1513 0 1481 21 11 10 15 0 8 6 mcl64k 65536 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 165 0 0 21 1 20 21 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 18 0 0 3 0 3 3 0 8 0 mtagpl 96 44 0 0 2 0 2 2 0 8 0 mbufpl 256 875 0 0 55 0 55 55 0 8 0 bufpl 280 4032 0 112 280 0 280 280 0 8 0 anonpl 24 195835 0 192143 70 22 48 48 0 185 17 amapchunkpl 152 22764 0 22238 35 3 32 32 0 158 8 amappl16 200 5390 0 5363 32 22 10 15 0 8 8 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 125 0 113 1 0 1 1 0 8 0 amappl13 176 15 0 14 1 0 1 1 0 8 0 amappl12 168 1512 0 1481 3 1 2 2 0 8 0 amappl11 160 60 0 46 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 213 0 213 1 1 0 1 0 8 0 amappl8 136 41 0 38 1 0 1 1 0 8 0 amappl7 128 117 0 104 1 0 1 1 0 8 0 amappl6 120 172 0 171 1 0 1 1 0 8 0 amappl5 112 148 0 135 1 0 1 1 0 8 0 amappl4 104 321 0 302 1 0 1 1 0 8 0 amappl3 96 4095 0 3994 3 0 3 3 0 8 0 amappl2 88 1149 0 1065 3 0 3 3 0 8 0 amappl1 80 9572 0 9006 15 1 14 14 0 8 0 amappl 88 6414 0 6234 5 0 5 5 0 92 0 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 83 0 0 2 0 2 2 0 8 0 uaddrrnd 24 852 0 821 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 852 0 821 1 0 1 1 0 8 0 vmmpekpl 168 8299 0 8257 3 0 3 3 0 8 0 vmmpepl 168 61170 0 59301 107 12 95 95 0 357 6 vmsppl 448 851 0 821 6 2 4 5 0 8 0 rwobjpl 56 23917 0 20086 56 1 55 55 0 8 0 pdppl 4096 1711 0 1642 109 36 73 85 0 8 4 pvpl 32 15345 0 0 125 1 124 124 0 265 0 pmappl 248 851 0 821 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 461 0 62 12 0 12 12 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83504ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8358f4c0) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8358f4c0) at __mp_lock+0x199 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x5b sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218 sched_idle(ffffffff83504ff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: 7 ddb{0}> trace x86_ipi_db(ffffffff83504ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8358f4c0) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8358f4c0) at __mp_lock+0x199 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x5b sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218 sched_idle(ffffffff83504ff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x25: addq $0x8,%rsp db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8302e260) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff80002a0baad8,ffff80002a0baad8,9878a953c6638377) at ufs_dirbadentry VOP_LOOKUP(fffffd8061e367f8,ffff80002a0baca8,ffff80002a0bacd8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a0bac78) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a0bac78) at namei+0x7aa sys/kern/vfs_lookup.c:250 dofstatat(ffff80002a03ea38,ffffff9c,735e246bae00,735e246bb200,2) at dofstatat+0xd2 sys/kern/vfs_syscalls.c:2069 syscall(ffff80002a0baef0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a0baef0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x735e246bb2b0, count: 6 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8302e260) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff80002a0baad8,ffff80002a0baad8,9878a953c6638377) at ufs_dirbadentry VOP_LOOKUP(fffffd8061e367f8,ffff80002a0baca8,ffff80002a0bacd8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a0bac78) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a0bac78) at namei+0x7aa sys/kern/vfs_lookup.c:250 dofstatat(ffff80002a03ea38,ffffff9c,735e246bae00,735e246bb200,2) at dofstatat+0xd2 sys/kern/vfs_syscalls.c:2069 syscall(ffff80002a0baef0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a0baef0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x735e246bb2b0, count: -9