panic: bad dir Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *474277 87407 0 0x2000 0x4000000 0K syz-executor 176055 78879 0 0x14000 0x200 1 reaper db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83395b0e) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff80003c45ba68,ffff80003c45ba68,907a5603f8946cff) at ufs_dirbadentry VOP_LOOKUP(fffffd800b0396c0,ffff80003c45bc38,ffff80003c45bc68) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003c45bc08) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80003c45bc08) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_unveil(ffff80002a2b27d0,ffff80003c45bdf0,ffff80003c45bd40) at sys_unveil+0x329 sys/kern/vfs_syscalls.c:1009 syscall(ffff80003c45bdf0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c45bdf0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xec79a479140, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: bad dir ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83395b0e) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff80003c45ba68,ffff80003c45ba68,907a5603f8946cff) at ufs_dirbadentry VOP_LOOKUP(fffffd800b0396c0,ffff80003c45bc38,ffff80003c45bc68) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003c45bc08) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80003c45bc08) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_unveil(ffff80002a2b27d0,ffff80003c45bdf0,ffff80003c45bd40) at sys_unveil+0x329 sys/kern/vfs_syscalls.c:1009 syscall(ffff80003c45bdf0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c45bdf0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xec79a479140, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c45b890 rbx 0xffffffff837ffdd7 cpu_info_full_primary+0x2dd7 rdx 0xffff800001482100 rcx 0xffff80002a2b27d0 rax 0xffffffff837feff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xd6d806084188a4a0 r11 0x43167eb47979ec8d r12 0xffffffff837ffbd8 cpu_info_full_primary+0x2bd8 r13 0 r14 0 r15 0x1 rip 0xffffffff81e67865 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c45b880 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=474277 pid=87407 tcnt=2 stat=onproc flags process=2000 proc=4000000 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a2b27d0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2b39c0,0xffff80002a2b3c60 process=0xffff800035813568 user=0xffff80003c456000, vmspace=0xfffffd805d6e87a8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 85886 423953 84425 0 2 0 syz-executor 85886 114620 84425 0 3 0x4000080 fsleep syz-executor 87407 147859 39695 0 4 0x82000 syz-executor *87407 474277 39695 0 7 0x4002000 syz-executor 31523 362511 12256 0 2 0xc90 syz-executor 31523 376810 12256 0 3 0x4000090 kqsel syz-executor 31523 61115 12256 0 3 0x4000090 fsleep syz-executor 31523 48242 12256 0 3 0x4000090 fsleep syz-executor 38954 389017 71192 0 2 0xc80 syz-executor 38954 254917 71192 0 3 0x4000080 kqpoll syz-executor 38954 453085 71192 0 3 0x4000080 fsleep syz-executor 80346 516595 41668 0 2 0xc80 syz-executor 80346 467631 41668 0 3 0x4000080 kqsel syz-executor 80346 394036 41668 0 3 0x4000080 fsleep syz-executor 84425 126697 59402 0 2 0xc82 syz-executor 41668 105408 59402 0 2 0xc82 syz-executor 46333 372994 0 0 3 0x14200 acct acct 12256 125233 59402 0 2 0xc82 syz-executor 75475 329768 1 0 3 0x100083 ttyopn getty 10745 426393 0 0 3 0x14200 bored sosplice 71192 126329 59402 0 2 0xc82 syz-executor 28088 162236 59402 0 2 0x2 syz-executor 24384 173887 59402 0 2 0x2 syz-executor 39695 67770 59402 0 2 0xc82 syz-executor 73998 238247 59402 0 2 0xc82 syz-executor 59402 220760 84346 0 3 0x82 kqread syz-executor 84346 126658 74321 0 3 0x10008a sigsusp ksh 74321 151234 64913 0 3 0x98 kqread sshd-session 64913 277556 37026 0 3 0x92 kqread sshd-session 37026 451989 1 0 3 0x88 kqread sshd 8239 57584 29032 74 3 0x1100092 bpf pflogd 29032 463455 1 0 3 0x80 sbwait pflogd 55006 76380 84671 73 3 0x1100090 kqread syslogd 84671 111226 1 0 3 0x100082 sbwait syslogd 51707 350087 1 0 3 0x100080 kqread resolvd 83175 502784 79570 77 3 0x100092 kqread dhcpleased 38717 209811 79570 77 3 0x100092 kqread dhcpleased 79570 497398 1 0 3 0x80 kqread dhcpleased 23977 239786 0 0 3 0x14200 bored smr 93309 41538 0 0 2 0x14200 zerothread 51191 350382 0 0 3 0x14200 aiodoned aiodoned 73830 335438 0 0 3 0x14200 syncer update 24572 505018 0 0 3 0x14200 cleaner cleaner 78879 176055 0 0 7 0x14200 reaper 42981 411497 0 0 3 0x14200 pgdaemon pagedaemon 21908 234426 0 0 3 0x14200 bored viomb 81999 159991 0 0 3 0x40014200 acpi0 acpi0 89717 378834 0 0 3 0x40014200 idle1 9183 299893 0 0 3 0x14200 bored softnet7 43431 193170 0 0 3 0x14200 bored softnet6 34830 6884 0 0 3 0x14200 bored softnet5 57932 275086 0 0 3 0x14200 bored softnet4 51973 190161 0 0 3 0x14200 bored softnet3 75084 482160 0 0 3 0x14200 bored softnet2 64398 318266 0 0 3 0x14200 bored softnet1 60319 36755 0 0 3 0x14200 bored softnet0 13188 347299 0 0 3 0x14200 bored systqmp 13008 486557 0 0 3 0x14200 bored systq 44652 403296 0 0 3 0x14200 tmoslp softclockmp 91578 213511 0 0 2 0x40014200 softclock 97328 239263 0 0 3 0x40014200 idle0 1 243722 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 87407 (syz-executor) thread 0xffff80002a2b27d0 (474277) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839a4f28) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 sleep_finish+0x2da sys/kern/kern_synch.c:366 #3 biowait+0xc1 sys/kern/vfs_bio.c:1242 #4 ffs_bufatoff+0x16f sys/ufs/ffs/ffs_subr.c:71 #5 ufs_lookup+0x548 sys/ufs/ufs/ufs_lookup.c:256 #6 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #7 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 #8 namei+0x7aa sys/kern/vfs_lookup.c:250 #9 sys_unveil+0x329 sys/kern/vfs_syscalls.c:1009 #10 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xb08 sys/arch/amd64/amd64/trap.c:748 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd807e451f40) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 sys_unveil+0x329 sys/kern/vfs_syscalls.c:1009 #8 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb08 sys/arch/amd64/amd64/trap.c:748 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10250 11075K 12357K 166960K 13583 0 pcb 17 16K 32K 166960K 376 0 rtable 242 19K 19K 166960K 710 0 pf 41 19K 67486K 166960K 173 0 ifaddr 41 7K 7K 166960K 123 0 ifgroup 59 2K 3K 166960K 206 0 sysctl 3 1K 9K 166960K 17 0 counters 70 37K 38K 166960K 214 0 ioctlops 0 0K 4K 166960K 1646 0 iov 0 0K 36K 166960K 279 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1526 96K 96K 166960K 2908 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 29 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 114 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 15 53K 236K 166960K 1542 0 sigio 0 0K 0K 166960K 22 0 proc 73 103K 140K 166960K 822 0 subproc 72 4K 4K 166960K 118 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 148 0 in_multi 78 5K 7K 166960K 204 0 ether_multi 1 0K 0K 166960K 4 0 mrt 2 0K 0K 166960K 18 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 1K 166960K 606 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 229 176K 191K 166960K 15455 0 UVM aobj 48 2K 2K 166960K 53 0 pinsyscall 40 80K 102K 166960K 2763 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 62 0 NDP 15 0K 2K 166960K 87 0 temp 75 8683K 8755K 166960K 63004 0 kqueue 17 24K 28K 166960K 258 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 391 0 388 5 4 1 5 0 8 0 rtentry 176 177 0 89 5 1 4 5 0 8 0 unpcb 144 1106 0 1086 8 6 2 4 0 8 1 syncache 336 6 0 6 2 2 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 417 0 412 7 2 5 7 0 8 4 arp 128 19 0 9 1 0 1 1 0 8 0 inpcb 328 1623 0 1614 15 10 5 7 0 8 4 nd6 144 34 0 20 1 0 1 1 0 8 0 pkpcb 40 32 0 32 4 3 1 1 0 8 1 kcovpl 48 13 0 5 1 0 1 1 0 8 0 mppekey 1024 4 0 4 2 1 1 1 0 8 1 ppxss 1192 52 0 52 1 0 1 1 0 8 1 pppxif 1504 8 0 8 2 2 0 1 0 8 0 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 7 0 3 1 0 1 1 0 482 0 pffrnode 88 6 0 2 1 0 1 1 0 8 0 pffrent 40 11 0 7 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pftag 88 4 0 0 1 0 1 1 0 8 0 pfstitem 24 87 0 31 1 0 1 1 0 8 0 pfstkey 128 92 0 36 2 0 2 2 0 8 0 pfstate 384 90 0 34 6 0 6 6 0 8 0 pfrule 1344 30 0 24 2 1 1 2 0 8 0 rttmr 136 5 0 5 2 1 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 709 0 332 31 7 24 28 0 8 0 art_table 40 712 0 332 5 0 5 5 0 8 0 art_node 32 175 0 97 1 0 1 1 0 8 0 sysvmsgpl 40 24 0 12 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 110 0 100 1 0 1 1 0 8 0 shmpl 112 50 0 5 2 0 2 2 0 8 0 dirhash 1024 33 0 16 3 0 3 3 0 8 0 dino2pl 256 4072 0 2555 97 1 96 96 0 8 0 ffsino 288 4072 0 2555 109 0 109 109 0 8 0 nchpl 144 6047 0 4340 64 0 64 64 0 8 0 rtmask 32 8 0 8 3 3 0 1 0 8 0 uvmvnodes 80 5181 0 0 106 0 106 106 0 8 0 vnodes 216 5181 0 0 288 0 288 288 0 8 0 namei 1024 22183 0 22181 1 0 1 1 0 8 0 percpumem 16 122 0 72 1 0 1 1 0 8 0 kstatmem 264 124 0 94 3 0 3 3 0 8 0 scsiplug 72 3 0 3 2 2 0 1 0 8 0 scxspl 216 37645 0 37645 10 9 1 8 1 8 1 plimitpl 152 337 0 320 1 0 1 1 0 8 0 sigapl 424 1829 0 1775 7 0 7 7 0 8 0 knotepl 120 586 0 0 17 0 17 17 0 8 0 kqueuepl 224 671 0 655 11 9 2 5 0 8 0 pipepl 336 301 0 274 3 0 3 3 0 8 0 fdescpl 520 1800 0 1771 3 0 3 3 0 8 0 filepl 160 12848 0 12629 23 10 13 19 0 8 2 lockfpl 104 1330 0 1327 5 3 2 2 0 8 1 lockfspl 48 382 0 379 1 0 1 1 0 8 0 sessionpl 144 32 0 23 1 0 1 1 0 8 0 pgrppl 48 61 0 44 1 0 1 1 0 8 0 ucredpl 104 1852 0 1837 1 0 1 1 0 8 0 zombiepl 144 1776 0 1775 1 0 1 1 0 8 0 processpl 1240 1829 0 1775 5 0 5 5 0 8 0 procpl 656 4173 0 4110 7 0 7 7 0 8 0 sosppl 168 15 0 15 3 2 1 1 0 8 1 sockpl 728 3254 0 3222 31 21 10 22 0 8 6 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 115 0 0 15 1 14 15 0 8 0 mcl2k 2048 56 0 0 6 0 6 6 0 8 0 mtagpl 96 33 0 0 1 0 1 1 0 8 0 mbufpl 256 381 0 0 23 0 23 23 0 8 0 bufpl 280 14808 0 8666 439 0 439 439 0 8 0 anonpl 32 10963 0 0 89 0 89 89 0 246 0 amapchunkpl 152 52094 0 51647 35 9 26 29 0 158 1 amappl16 200 6083 0 6052 38 23 15 25 0 8 8 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 154 0 142 1 0 1 1 0 8 0 amappl13 176 2 0 2 1 1 0 1 0 8 0 amappl12 168 2592 0 2563 4 1 3 3 0 8 0 amappl11 160 50 0 36 1 0 1 1 0 8 0 amappl10 152 7 0 7 1 1 0 1 0 8 0 amappl9 144 252 0 252 1 1 0 1 0 8 0 amappl8 136 54 0 51 1 0 1 1 0 8 0 amappl7 128 130 0 118 1 0 1 1 0 8 0 amappl6 120 249 0 245 1 0 1 1 0 8 0 amappl5 112 159 0 148 1 0 1 1 0 8 0 amappl4 104 345 0 325 1 0 1 1 0 8 0 amappl3 96 10595 0 10494 5 1 4 4 0 8 0 amappl2 88 736 0 673 2 0 2 2 0 8 0 amappl1 80 14838 0 14244 16 2 14 15 0 8 0 amappl 88 14429 0 14275 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 3 0 3 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 255 0 255 3 3 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 52 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1800 0 1771 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1800 0 1771 1 0 1 1 0 8 0 vmmpekpl 168 15720 0 15666 3 0 3 3 0 8 0 vmmpepl 168 118955 0 117076 108 7 101 103 0 357 2 vmsppl 480 1799 0 1771 6 1 5 5 0 8 0 rwobjpl 72 37681 0 31525 118 1 117 117 0 8 0 pdppl 4096 3608 0 3542 114 40 74 86 0 8 8 pvpl 32 18113 0 0 146 0 146 146 0 265 0 pmappl 256 1799 0 1771 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 428 0 60 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83395b0e) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff80003c45ba68,ffff80003c45ba68,907a5603f8946cff) at ufs_dirbadentry VOP_LOOKUP(fffffd800b0396c0,ffff80003c45bc38,ffff80003c45bc68) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003c45bc08) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80003c45bc08) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_unveil(ffff80002a2b27d0,ffff80003c45bdf0,ffff80003c45bd40) at sys_unveil+0x329 sys/kern/vfs_syscalls.c:1009 syscall(ffff80003c45bdf0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c45bdf0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xec79a479140, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff839a4d20) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff839a4d20) at __mp_lock+0x192 sys/kern/kern_lock.c:165 reaper(ffff8000ffffccd8) at reaper+0x218 sys/kern/kern_exit.c:505 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff839a4d20) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff839a4d20) at __mp_lock+0x192 sys/kern/kern_lock.c:165 reaper(ffff8000ffffccd8) at reaper+0x218 sys/kern/kern_exit.c:505 end trace frame: 0x0, count: -5