panic: bad dir Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 47105 718 0 0x8000000 0x4000000 0 syz-executor.6 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8286f975) at panic+0x165 sys/kern/subr_prf.c:198 ufs_lookup() at ufs_lookup+0x169a sys/ufs/ufs/ufs_lookup.c:600 VOP_LOOKUP(fffffd80624fd298,ffff8000349c0fc8,ffff8000349c0f68) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805fcbd100,ffff80002a6aca58) at unveil_find_cover+0x132 sys/kern/kern_unveil.c:277 unveil_add_vnode(ffff80002a6aca58,fffffd805fcbd100) at unveil_add_vnode+0xac sys/kern/kern_unveil.c:391 unveil_add(ffff80002a6aca58,ffff8000349c1168,ffff8000349c1223) at unveil_add+0x30b sys/kern/kern_unveil.c:494 sys_unveil(ffff80002a6aca58,ffff8000349c1350,ffff8000349c12a0) at sys_unveil+0x41b sys/kern/vfs_syscalls.c:1023 syscall(ffff8000349c1350) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x281cc98cd00, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: bad dir ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8286f975) at panic+0x165 sys/kern/subr_prf.c:198 ufs_lookup() at ufs_lookup+0x169a sys/ufs/ufs/ufs_lookup.c:600 VOP_LOOKUP(fffffd80624fd298,ffff8000349c0fc8,ffff8000349c0f68) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805fcbd100,ffff80002a6aca58) at unveil_find_cover+0x132 sys/kern/kern_unveil.c:277 unveil_add_vnode(ffff80002a6aca58,fffffd805fcbd100) at unveil_add_vnode+0xac sys/kern/kern_unveil.c:391 unveil_add(ffff80002a6aca58,ffff8000349c1168,ffff8000349c1223) at unveil_add+0x30b sys/kern/kern_unveil.c:494 sys_unveil(ffff80002a6aca58,ffff8000349c1350,ffff8000349c12a0) at sys_unveil+0x41b sys/kern/vfs_syscalls.c:1023 syscall(ffff8000349c1350) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x281cc98cd00, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000349c0d30 rbx 0 rdx 0xffff800000de65c0 rcx 0 rax 0xffff80002a6aca58 r8 0x101010101010101 r9 0x8080808080808080 r10 0xccd4df54236a18f8 r11 0x9d32b40e966fd187 r12 0 r13 0xfffffd8071dd6968 r14 0 r15 0x1 rip 0xffffffff821bdc7c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000349c0d20 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.6) tid=47105 pid=718 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6c5c50,0xffffffff82dee7e0 process=0xffff80002d911d70 user=0xffff8000349bc000, vmspace=0xfffffd806b420838 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 718 482684 62421 0 2 0x8000000 syz-executor.6 * 718 47105 62421 0 7 0xc000000 syz-executor.6 67772 36625 6585 0 2 0x8000000 syz-executor.4 67772 412929 6585 0 3 0xc000080 fsleep syz-executor.4 70897 13546 58387 0 3 0x8000082 piperd syz-executor.7 62421 72347 58387 0 3 0x8000082 nanoslp syz-executor.6 31754 47099 58387 0 2 0x8000002 syz-executor.2 32616 134746 58387 0 3 0x8000082 piperd syz-executor.1 6585 243549 58387 0 3 0x8000082 nanoslp syz-executor.4 39687 7158 58387 0 2 0x8000002 syz-executor.3 12104 428975 58387 0 3 0x8000082 nanoslp syz-executor.0 88348 236165 58387 0 3 0x8000082 nanoslp syz-executor.5 12522 396323 0 0 3 0x14200 acct acct 86146 415281 28294 0 3 0x18100082 netio arp 28294 54923 1 0 3 0x810008a sigsusp sh 31766 508469 0 0 3 0x14280 nfsidl nfsio 97135 108581 0 0 3 0x14280 nfsidl nfsio 42684 454256 0 0 3 0x14280 nfsidl nfsio 40804 387192 0 0 3 0x14280 nfsidl nfsio 62800 442927 0 0 3 0x14280 nfsidl nfsio 85655 385837 0 0 3 0x14280 nfsidl nfsio 67062 465649 0 0 3 0x14280 nfsidl nfsio 67545 394221 0 0 3 0x14280 nfsidl nfsio 26509 139645 0 0 3 0x14280 nfsidl nfsio 60012 434983 0 0 3 0x14280 nfsidl nfsio 31911 55111 0 0 3 0x14280 nfsidl nfsio 23892 78724 0 0 3 0x14280 nfsidl nfsio 40160 247950 0 0 3 0x14280 nfsidl nfsio 59144 373176 0 0 3 0x14280 nfsidl nfsio 66505 127443 0 0 3 0x14280 nfsidl nfsio 22708 369431 0 0 3 0x14280 nfsidl nfsio 18207 446109 0 0 3 0x14280 nfsidl nfsio 76668 25075 0 0 3 0x14280 nfsidl nfsio 13398 399611 0 0 3 0x14280 nfsidl nfsio 48742 434139 0 0 3 0x14280 nfsidl nfsio 63049 345226 1 0 3 0x18100083 ttyin getty 61666 386247 0 0 3 0x14200 bored sosplice 58387 230422 65862 0 3 0x1a000082 thrsleep syz-fuzzer 58387 163647 65862 0 3 0x1e000082 nanoslp syz-fuzzer 58387 204690 65862 0 3 0x1e000082 wait syz-fuzzer 58387 225039 65862 0 3 0x1e000082 thrsleep syz-fuzzer 58387 446973 65862 0 3 0x1e000082 kqread syz-fuzzer 58387 78250 65862 0 3 0x1e000082 wait syz-fuzzer 58387 249056 65862 0 3 0x1e000082 wait syz-fuzzer 58387 311472 65862 0 3 0x1e000082 wait syz-fuzzer 58387 388367 65862 0 3 0x1e000082 wait syz-fuzzer 58387 255779 65862 0 3 0x1e000082 wait syz-fuzzer 58387 393942 65862 0 3 0x1e000082 thrsleep syz-fuzzer 58387 286346 65862 0 3 0x1e000082 wait syz-fuzzer 58387 445130 65862 0 3 0x1e000082 wait syz-fuzzer 58387 17828 65862 0 3 0x1e000082 thrsleep syz-fuzzer 58387 317924 65862 0 3 0x1e000082 thrsleep syz-fuzzer 65862 160056 12512 0 3 0x810008a sigsusp ksh 12512 304615 28850 0 3 0x1800009a kqread sshd 28850 102227 1 0 3 0x18000088 kqread sshd 85512 358531 32491 73 3 0x19100090 kqread syslogd 32491 219724 1 0 3 0x18100082 sbwait syslogd 85996 106267 1 0 3 0x18100080 kqread resolvd 93401 396967 62326 77 3 0x18100092 kqread dhcpleased 37441 58194 62326 77 3 0x18100092 kqread dhcpleased 62326 98001 1 0 3 0x18000080 kqread dhcpleased 21431 293620 0 0 3 0x14200 bored smr 54562 442890 0 0 2 0x14200 zerothread 95492 110046 0 0 3 0x14200 aiodoned aiodoned 96378 145845 0 0 3 0x14200 syncer update 83657 491281 0 0 3 0x14200 cleaner cleaner 8788 267539 0 0 3 0x14200 reaper reaper 71177 518388 0 0 3 0x14200 pgdaemon pagedaemon 42532 188943 0 0 3 0x14200 bored viomb 40855 18560 0 0 3 0x40014200 acpi0 acpi0 25966 162974 0 0 3 0x14200 bored softnet3 20547 55260 0 0 3 0x14200 bored softnet2 67028 511594 0 0 3 0x14200 bored softnet1 29882 85427 0 0 3 0x14200 bored softnet0 20252 198749 0 0 3 0x14200 bored systqmp 65617 436688 0 0 3 0x14200 bored systq 41845 120618 0 0 2 0x40014200 softclock 57064 504858 0 0 3 0x40014200 idle0 1 45648 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10183 6421K 6932K 166960K 18886 0 pcb 17 16K 17K 166960K 708 0 rtable 225 9K 10K 166960K 5654 0 pf 35 9K 10K 166960K 512 0 ifaddr 44 13K 13K 166960K 755 0 ifgroup 62 2K 2K 166960K 955 0 sysctl 4 1K 2K 166960K 14 0 counters 33 17K 18K 166960K 253 0 ioctlops 0 0K 2K 166960K 653 0 iov 0 0K 24K 166960K 427 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1451 91K 92K 166960K 7165 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 76K 166960K 135 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 62 0 dirhash 12 2K 3K 166960K 186 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 101K 166960K 10166 0 sigio 0 0K 0K 166960K 125 0 proc 59 67K 124K 166960K 5300 0 subproc 117 7K 8K 166960K 2564 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 872 0 in_multi 90 6K 7K 166960K 1991 0 ether_multi 3 0K 0K 166960K 61 0 mrt 5 0K 0K 166960K 27 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 3154 0 pfkey data 0 0K 0K 166960K 7 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 305 198K 230K 166960K 81597 0 UVM aobj 246 8K 8K 166960K 291 0 pinsyscall 36 72K 100K 166960K 15622 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 300 0 NDP 14 0K 2K 166960K 562 0 temp 83 6812K 6940K 166960K 306449 0 kqueue 13 20K 28K 166960K 762 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1008 0 1002 3 0 3 3 0 8 2 rtentry 112 2017 0 1920 3 0 3 3 0 8 0 unpcb 144 4269 0 4253 6 0 6 6 0 8 5 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 55 0 55 2 1 1 1 0 8 1 tcpcb 808 1897 0 1889 8 0 8 8 0 8 7 arp 88 394 0 378 1 0 1 1 0 8 0 ipq 40 30 0 30 1 0 1 1 0 8 1 ipqe 40 76 0 76 1 0 1 1 0 8 1 inpcb 360 6748 0 6735 14 5 9 13 0 8 7 nd6 104 525 0 494 1 0 1 1 0 8 0 pkpcb 40 156 0 156 2 1 1 1 0 8 1 kcovpl 48 197 0 188 1 0 1 1 0 8 0 ppxss 1072 13 0 13 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 7789 0 7397 134 109 25 25 0 8 0 art_table 32 7790 0 7397 4 0 4 4 0 8 0 art_node 16 1997 0 1910 1 0 1 1 0 8 0 sysvmsgpl 40 32 0 10 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 60 0 50 1 0 1 1 0 8 0 shmpl 112 288 0 45 7 0 7 7 0 8 0 dirhash 1024 133 0 116 3 0 3 3 0 8 0 dino2pl 256 13499 0 11945 98 0 98 98 0 8 0 ffsino 240 13499 0 11945 92 0 92 92 0 8 0 nchpl 144 25066 0 23349 66 1 65 66 0 8 0 uvmvnodes 80 10634 0 0 218 0 218 218 0 8 0 vnodes 216 10634 0 0 591 0 591 591 0 8 0 namei 1024 92387 0 92384 3 1 2 2 0 8 1 vcpupl 3904 30 0 2 4 0 4 4 0 8 0 vmpool 664 47 0 19 3 0 3 3 0 8 0 kstatmem 264 468 0 440 3 0 3 3 0 8 1 scsiplug 72 7 0 7 2 1 1 1 0 8 1 scxspl 216 139388 0 139388 10 7 3 8 1 8 3 plimitpl 152 814 0 798 1 0 1 1 0 8 0 sigapl 424 10133 0 10068 9 0 9 9 0 8 0 futexpl 64 85442 0 85441 1 0 1 1 0 8 0 knotepl 120 23600 0 23514 27 15 12 16 0 8 8 kqueuepl 184 1496 0 1487 2 0 2 2 0 8 1 pipepl 288 1521 0 1490 7 0 7 7 0 8 4 fdescpl 432 10073 0 10047 6 1 5 5 0 8 1 filepl 120 47632 0 47367 15 1 14 14 0 8 3 lockfpl 104 1868 0 1866 2 0 2 2 0 8 1 lockfspl 48 703 0 701 1 0 1 1 0 8 0 sessionpl 144 190 0 173 1 0 1 1 0 8 0 pgrppl 48 260 0 243 1 0 1 1 0 8 0 ucredpl 104 7399 0 7386 1 0 1 1 0 8 0 zombiepl 144 10070 0 10068 1 0 1 1 0 8 0 processpl 1072 10133 0 10068 5 0 5 5 0 8 0 procpl 656 19433 0 19352 10 1 9 9 0 8 1 sosppl 168 50 0 50 2 1 1 1 0 8 1 sockpl 504 12220 0 12185 89 77 12 30 0 8 7 mcl64k 65536 1 0 1 1 1 0 1 0 8 0 mcl16k 16384 6 0 6 1 0 1 1 0 8 1 mcl12k 12288 11 0 11 2 1 1 1 0 8 1 mcl9k 9216 13 0 13 1 0 1 1 0 8 1 mcl8k 8192 121 0 121 2 1 1 1 0 8 1 mcl4k 4096 12 0 12 2 1 1 1 0 8 1 mcl2k2 2112 2 0 2 1 0 1 1 0 8 1 mcl2k 2048 87959 0 87831 75 51 24 49 0 8 6 mtagpl 96 246 0 246 3 1 2 2 0 8 2 mbufpl 256 383340 0 383104 260 232 28 71 0 8 8 bufpl 280 22886 0 12252 760 0 760 760 0 8 0 anonpl 24 1053653 0 1047477 151 82 69 129 0 188 12 amapchunkpl 152 261005 0 260402 74 34 40 62 0 158 11 amappl16 200 18759 0 18622 68 52 16 21 0 8 8 amappl15 192 28 0 28 1 1 0 1 0 8 0 amappl14 184 713 0 699 2 1 1 2 0 8 0 amappl13 176 14 0 14 2 1 1 1 0 8 1 amappl12 168 13236 0 13207 2 0 2 2 0 8 0 amappl11 160 58 0 47 1 0 1 1 0 8 0 amappl10 152 352 0 339 1 0 1 1 0 8 0 amappl9 144 352 0 352 1 1 0 1 0 8 0 amappl8 136 349 0 314 2 0 2 2 0 8 0 amappl7 128 61 0 46 1 0 1 1 0 8 0 amappl6 120 2602 0 2584 3 1 2 2 0 8 0 amappl5 112 811 0 799 1 0 1 1 0 8 0 amappl4 104 1689 0 1657 3 1 2 2 0 8 1 amappl3 96 48461 0 48391 3 0 3 3 0 8 0 amappl2 88 10899 0 10826 4 2 2 4 0 8 0 amappl1 80 49981 0 49476 24 11 13 22 0 8 0 amappl 88 79631 0 79446 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 290 0 45 5 0 5 5 0 8 0 uaddrrnd 24 10120 0 10066 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10120 0 10066 1 0 1 1 0 8 0 vmmpekpl 168 70221 0 70147 4 0 4 4 0 8 0 vmmpepl 168 630046 0 628263 122 23 99 111 0 357 8 vmsppl 344 10119 0 10066 6 0 6 6 0 8 0 rwobjpl 24 145546 0 133552 74 0 74 74 0 8 0 pdppl 4096 20246 0 20160 685 589 96 106 0 8 10 pvpl 32 3343229 0 3331013 453 268 185 368 0 265 50 pmappl 216 10119 0 10066 4 0 4 4 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1465 0 1065 14 1 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8286f975) at panic+0x165 sys/kern/subr_prf.c:198 ufs_lookup() at ufs_lookup+0x169a sys/ufs/ufs/ufs_lookup.c:600 VOP_LOOKUP(fffffd80624fd298,ffff8000349c0fc8,ffff8000349c0f68) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805fcbd100,ffff80002a6aca58) at unveil_find_cover+0x132 sys/kern/kern_unveil.c:277 unveil_add_vnode(ffff80002a6aca58,fffffd805fcbd100) at unveil_add_vnode+0xac sys/kern/kern_unveil.c:391 unveil_add(ffff80002a6aca58,ffff8000349c1168,ffff8000349c1223) at unveil_add+0x30b sys/kern/kern_unveil.c:494 sys_unveil(ffff80002a6aca58,ffff8000349c1350,ffff8000349c12a0) at sys_unveil+0x41b sys/kern/vfs_syscalls.c:1023 syscall(ffff8000349c1350) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x281cc98cd00, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8286f975) at panic+0x165 sys/kern/subr_prf.c:198 ufs_lookup() at ufs_lookup+0x169a sys/ufs/ufs/ufs_lookup.c:600 VOP_LOOKUP(fffffd80624fd298,ffff8000349c0fc8,ffff8000349c0f68) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805fcbd100,ffff80002a6aca58) at unveil_find_cover+0x132 sys/kern/kern_unveil.c:277 unveil_add_vnode(ffff80002a6aca58,fffffd805fcbd100) at unveil_add_vnode+0xac sys/kern/kern_unveil.c:391 unveil_add(ffff80002a6aca58,ffff8000349c1168,ffff8000349c1223) at unveil_add+0x30b sys/kern/kern_unveil.c:494 sys_unveil(ffff80002a6aca58,ffff8000349c1350,ffff8000349c12a0) at sys_unveil+0x41b sys/kern/vfs_syscalls.c:1023 syscall(ffff8000349c1350) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x281cc98cd00, count: -10