panic: bad dir Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *352835 8178 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:212 ufs_dirbadentry(ffff8000149f62f8,ffff8000149f62f8,ab48c461571f8230) at ufs_dirbadentry VOP_LOOKUP(fffffd803efda4b0,ffff8000149f65b8,ffff8000149f6608) at VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90 vfs_lookup(ffff8000149f6588) at vfs_lookup+0x55d sys/kern/vfs_lookup.c:523 namei(ffff8000149f6588) at namei+0x45f sys/kern/vfs_lookup.c:224 dorenameat(ffff800014a04270,3,20000040,ffffffff,0) at dorenameat+0x7b sys/kern/vfs_syscalls.c:2758 syscall(ffff8000149f67b0) at syscall+0x511 Xsyscall(6,0,ffffffffffffffc3,0,4,50049e590d8) at Xsyscall+0x128 end of kernel end trace frame: 0x2df, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic bad dir ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:212 ufs_dirbadentry(ffff8000149f62f8,ffff8000149f62f8,ab48c461571f8230) at ufs_dirbadentry VOP_LOOKUP(fffffd803efda4b0,ffff8000149f65b8,ffff8000149f6608) at VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90 vfs_lookup(ffff8000149f6588) at vfs_lookup+0x55d sys/kern/vfs_lookup.c:523 namei(ffff8000149f6588) at namei+0x45f sys/kern/vfs_lookup.c:224 dorenameat(ffff800014a04270,3,20000040,ffffffff,0) at dorenameat+0x7b sys/kern/vfs_syscalls.c:2758 syscall(ffff8000149f67b0) at syscall+0x511 Xsyscall(6,0,ffffffffffffffc3,0,4,50049e590d8) at Xsyscall+0x128 end of kernel end trace frame: 0x2df, count: -9 ddb> show registers rdi 0xffffffff81a73677 db_enter+0x17 rsi 0x276e __ALIGN_SIZE+0x176e rbp 0xffff8000149f6110 rbx 0xffff8000149f61c0 rdx 0x276f __ALIGN_SIZE+0x176f rcx 0xffff800000993000 rax 0xffff800000993000 r8 0xffff8000149f60d0 r9 0x1 r10 0xffff800004396400 r11 0xde9a4a1a65d4414e r12 0x3000000008 r13 0xffff8000149f6120 r14 0x100 r15 0x1 rip 0xffffffff81a73678 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000149f6100 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=352835 stat=onproc flags process=0 proc=4000000 pri=17, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800014a05080,0xffffffff822b78f0 process=0xffff8000ffff6d30 user=0xffff8000149f1000, vmspace=0xfffffd803f014c60 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 66578 4377 895 0 2 0 syz-executor.1 66578 34068 895 0 3 0x4000080 fsleep syz-executor.1 8178 126687 86125 0 2 0 syz-executor.0 8178 495351 86125 0 3 0x4000000 inode syz-executor.0 * 8178 352835 86125 0 7 0x4000000 syz-executor.0 86125 393667 22988 0 2 0x482 syz-executor.0 56957 321383 1 0 3 0x100083 ttyin getty 75608 344141 0 0 3 0x14200 bored sosplice 895 182022 22988 0 2 0x482 syz-executor.1 22988 101919 58680 0 3 0x82 thrsleep syz-fuzzer 22988 116405 58680 0 3 0x4000082 thrsleep syz-fuzzer 22988 198842 58680 0 3 0x4000082 kqread syz-fuzzer 22988 330238 58680 0 3 0x4000082 thrsleep syz-fuzzer 22988 219514 58680 0 3 0x4000082 thrsleep syz-fuzzer 22988 472024 58680 0 3 0x4000082 thrsleep syz-fuzzer 22988 504533 58680 0 3 0x4000082 thrsleep syz-fuzzer 22988 355518 58680 0 3 0x4000082 thrsleep syz-fuzzer 58680 57027 78876 0 3 0x10008a pause ksh 78876 429078 72208 0 3 0x92 select sshd 72208 103283 1 0 3 0x80 select sshd 26551 306992 41665 73 2 0x100090 syslogd 41665 507513 1 0 3 0x100082 netio syslogd 44729 139480 1 77 3 0x100090 poll dhclient 49859 276276 1 0 3 0x80 poll dhclient 31093 135214 0 0 2 0x14200 zerothread 8290 454394 0 0 3 0x14200 aiodoned aiodoned 7641 151957 0 0 3 0x14200 syncer update 96208 431490 0 0 3 0x14200 cleaner cleaner 59767 254771 0 0 3 0x14200 reaper reaper 80510 224676 0 0 3 0x14200 pgdaemon pagedaemon 72689 443694 0 0 3 0x14200 bored crynlk 63781 507252 0 0 3 0x14200 bored crypto 8482 335653 0 0 3 0x40014200 acpi0 acpi0 7234 189392 0 0 3 0x14200 bored softnet 95737 282994 0 0 3 0x14200 bored systqmp 84993 140537 0 0 3 0x14200 bored systq 50758 45032 0 0 3 0x40014200 bored softclock 57337 391995 0 0 3 0x40014200 idle0 23606 408444 0 0 3 0x14200 bored smr 1 514915 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9512 6346K 14668K 78643K 16144 0 0 pcb 23 9K 11K 78643K 916 0 0 rtable 108 3K 4K 78643K 1062 0 0 ifaddr 60 15K 16K 78643K 284 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 91 0 0 iov 0 0K 16K 78643K 281 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1195 75K 76K 78643K 3198 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 24 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 264 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 6 17K 25K 78643K 4016 0 0 sigio 0 0K 0K 78643K 52 0 0 proc 45 46K 62K 78643K 955 0 0 subproc 64 65538K 69634K 78643K 482 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 167 0 0 in_multi 33 2K 2K 78643K 247 0 0 ether_multi 1 0K 0K 78643K 12 0 0 mrt 0 0K 0K 78643K 3 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 102 450K 450K 78643K 102 0 0 exec 0 0K 1K 78643K 457 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 84 20K 30K 78643K 10066 0 0 UVM aobj 104 3K 3K 78643K 112 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 81 0 0 NDP 12 0K 0K 78643K 98 0 0 temp 172 2711K 2839K 78643K 16980 0 0 kqueue 0 0K 0K 78643K 19 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 30 0 24 1 0 1 1 0 8 0 inpcbpl 280 937 0 930 1 0 1 1 0 8 0 plimitpl 152 1991 0 1983 1 0 1 1 0 8 0 rtentry 112 177 0 133 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 351 0 347 1 0 1 1 0 8 0 nd6 48 42 0 36 1 0 1 1 0 8 0 ppxss 1128 41 0 40 5 4 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 752 0 561 12 0 12 12 0 8 0 art_table 32 753 0 561 2 0 2 2 0 8 0 art_node 16 176 0 136 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 5 1 0 1 1 0 8 0 semapl 112 262 0 252 1 0 1 1 0 8 0 shmpl 112 110 0 8 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 6473 0 5031 47 0 47 47 0 8 0 ffsino 240 6473 0 5031 85 0 85 85 0 8 0 nchpl 144 11328 0 9693 62 0 62 62 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 50218 0 50216 3 2 1 1 0 8 0 scsiplug 64 3 0 3 2 2 0 1 0 8 0 scxspl 192 66840 0 66840 16 15 1 6 0 8 1 sigapl 432 4151 0 4137 2 0 2 2 0 8 0 futexpl 56 61069 0 61068 3 2 1 1 0 8 0 knotepl 112 683 0 664 1 0 1 1 0 8 0 kqueuepl 104 449 0 447 1 0 1 1 0 8 0 pipepl 112 1510 0 1491 6 5 1 2 0 8 0 fdescpl 424 4152 0 4137 2 0 2 2 0 8 0 filepl 120 31470 0 31372 9 5 4 5 0 8 1 lockfpl 104 777 0 777 5 4 1 1 0 8 1 lockfspl 48 286 0 286 5 4 1 1 0 8 1 sessionpl 112 30 0 20 1 0 1 1 0 8 0 pgrppl 48 42 0 32 1 0 1 1 0 8 0 ucredpl 96 13417 0 13410 1 0 1 1 0 8 0 zombiepl 144 4137 0 4137 2 1 1 1 0 8 1 processpl 840 4167 0 4137 4 0 4 4 0 8 0 procpl 600 8818 0 8778 4 0 4 4 0 8 0 sosppl 128 26 0 26 6 6 0 1 0 8 0 sockpl 384 1706 0 1689 14 11 3 4 0 8 1 mcl64k 65536 2144 0 2144 191 139 52 65 0 8 52 mcl16k 16384 1839 0 1839 3 2 1 1 0 8 1 mcl12k 12288 41 0 41 13 13 0 1 0 8 0 mcl9k 9216 45 0 45 15 15 0 1 0 8 0 mcl8k 8192 28 0 28 11 10 1 1 0 8 1 mcl4k 4096 122 0 122 16 15 1 1 0 8 1 mcl2k2 2112 16 0 16 10 10 0 1 0 8 0 mcl2k 2048 73951 0 73908 24 17 7 12 0 8 1 mtagpl 80 4 0 4 2 2 0 1 0 8 0 mbufpl 256 169465 0 169379 108 99 9 38 0 8 0 bufpl 256 50577 0 47470 198 1 197 198 0 8 0 anonpl 16 408593 0 397088 146 94 52 64 0 62 1 amapchunkpl 152 17492 0 17387 33 28 5 14 0 158 0 amappl16 192 22819 0 22163 158 121 37 45 0 8 4 amappl15 184 166 0 165 2 1 1 1 0 8 0 amappl14 176 109 0 107 2 1 1 1 0 8 0 amappl13 168 16 0 15 2 1 1 1 0 8 0 amappl12 160 375 0 372 1 0 1 1 0 8 0 amappl11 152 634 0 620 1 0 1 1 0 8 0 amappl10 144 589 0 586 2 1 1 1 0 8 0 amappl9 136 2965 0 2960 1 0 1 1 0 8 0 amappl8 128 2537 0 2517 1 0 1 1 0 8 0 amappl7 120 579 0 571 1 0 1 1 0 8 0 amappl6 112 608 0 601 1 0 1 1 0 8 0 amappl5 104 652 0 641 1 0 1 1 0 8 0 amappl4 96 5851 0 5819 2 1 1 2 0 8 0 amappl3 88 538 0 533 1 0 1 1 0 8 0 amappl2 80 35409 0 35346 2 0 2 2 0 8 0 amappl1 72 77452 0 77021 24 15 9 19 0 8 0 amappl 72 9271 0 9234 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 111 0 8 2 0 2 2 0 8 0 uaddrrnd 24 4152 0 4137 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4152 0 4137 1 0 1 1 0 8 0 vmmpekpl 168 26437 0 26418 2 0 2 2 0 8 0 vmmpepl 168 418893 0 417212 217 134 83 93 0 357 9 vmsppl 264 4151 0 4137 2 1 1 2 0 8 0 pdppl 4096 8310 0 8274 6 1 5 6 0 8 0 pvpl 32 2053778 0 2038555 357 207 150 245 0 265 26 pmappl 200 4151 0 4137 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 664 0 288 13 1 12 12 0 8 0