panic: bad dir Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 462860 19034 0 0 0 1 syz-executor * 58294 19034 0 0 0x4000000 0K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83032d54) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff8000ffff7698,ffff8000ffff7698,90c8c81b8f698974) at ufs_dirbadentry VOP_LOOKUP(fffffd805ec1e2c0,ffff8000ffff7a38,ffff8000ffff7a68) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000ffff7a08) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff8000ffff7a08) at namei+0x7aa sys/kern/vfs_lookup.c:250 vn_open(ffff8000ffff7a08,1,0) at vn_open+0x13f sys/kern/vfs_vnops.c:140 doopenat(ffff80003722ece0,ffffff9c,20000040,0,0,ffff8000ffff7bb0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff8000ffff7c60) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff8000ffff7c60) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x60cc494e080, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: bad dir ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83032d54) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff8000ffff7698,ffff8000ffff7698,90c8c81b8f698974) at ufs_dirbadentry VOP_LOOKUP(fffffd805ec1e2c0,ffff8000ffff7a38,ffff8000ffff7a68) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000ffff7a08) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff8000ffff7a08) at namei+0x7aa sys/kern/vfs_lookup.c:250 vn_open(ffff8000ffff7a08,1,0) at vn_open+0x13f sys/kern/vfs_vnops.c:140 doopenat(ffff80003722ece0,ffffff9c,20000040,0,0,ffff8000ffff7bb0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff8000ffff7c60) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff8000ffff7c60) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x60cc494e080, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000ffff74c0 rbx 0xffffffff834c2dbf cpu_info_full_primary+0x2dbf rdx 0 rcx 0xffff80003722ece0 rax 0xffffffff834c1ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x1bf9cbae74db15c4 r11 0x4d43c41084d488ca r12 0xffffffff834c2bc0 cpu_info_full_primary+0x2bc0 r13 0 r14 0 r15 0x1 rip 0xffffffff82500785 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000ffff74b0 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=58294 pid=19034 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=82, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003722ef68,0xffff8000ffff0548 process=0xffff80003725d228 user=0xffff8000ffff2000, vmspace=0xfffffd806cfc9c58 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 19034 462860 12725 0 7 0 syz-executor *19034 58294 12725 0 7 0x4000000 syz-executor 19034 420535 12725 0 3 0x4000080 fsleep syz-executor 19034 409817 12725 0 3 0x4000080 fsleep syz-executor 79211 405669 36884 0 2 0 syz-executor 79211 235190 36884 0 3 0x4000080 kqread syz-executor 58633 192017 0 0 3 0x14280 nfsidl nfsio 64514 272418 0 0 3 0x14280 nfsidl nfsio 53579 197840 0 0 3 0x14280 nfsidl nfsio 56292 432422 0 0 3 0x14280 nfsidl nfsio 82230 302090 0 0 3 0x14280 nfsidl nfsio 69457 22363 0 0 3 0x14280 nfsidl nfsio 85344 437478 0 0 3 0x14280 nfsidl nfsio 99882 64750 0 0 3 0x14280 nfsidl nfsio 89483 485548 0 0 3 0x14280 nfsidl nfsio 96955 285158 0 0 3 0x14280 nfsidl nfsio 77059 168139 0 0 3 0x14280 nfsidl nfsio 47064 169445 0 0 3 0x14280 nfsidl nfsio 27524 221197 0 0 3 0x14280 nfsidl nfsio 14573 52153 0 0 3 0x14280 nfsidl nfsio 49320 484414 0 0 3 0x14280 nfsidl nfsio 92081 369748 0 0 3 0x14280 nfsidl nfsio 67399 308244 0 0 3 0x14280 nfsidl nfsio 40462 484369 0 0 3 0x14280 nfsidl nfsio 6188 180358 0 0 3 0x14280 nfsidl nfsio 20180 261542 0 0 3 0x14280 nfsidl nfsio 7585 366282 1 0 3 0x80 nanoslp init 51825 161664 0 0 3 0x14200 bored sosplice 12725 264364 44833 0 3 0x82 nanoslp syz-executor 36884 66215 44833 0 3 0x82 nanoslp syz-executor 44833 381899 5848 0 3 0x82 wait syz-executor 5848 135715 14464 0 3 0x10008a sigsusp ksh 14464 360330 62951 0 3 0x98 kqread sshd-session 62951 91256 6126 0 3 0x92 kqread sshd-session 6126 194906 1 0 3 0x88 kqread sshd 97187 339823 93260 74 3 0x1100092 bpf pflogd 93260 364359 1 0 3 0x80 sbwait pflogd 77939 410000 17200 73 3 0x1100090 kqread syslogd 17200 483829 1 0 3 0x100082 sbwait syslogd 54746 375956 1 0 3 0x100080 kqread resolvd 58116 219428 13192 77 3 0x100092 kqread dhcpleased 92373 80455 13192 77 3 0x100092 kqread dhcpleased 13192 258904 1 0 3 0x80 kqread dhcpleased 5450 416626 0 0 3 0x14200 bored smr 71682 124999 0 0 2 0x14200 zerothread 86399 106430 0 0 3 0x14200 aiodoned aiodoned 18921 366679 0 0 3 0x14200 syncer update 29819 442338 0 0 3 0x14200 cleaner cleaner 75955 210622 0 0 3 0x14200 reaper reaper 19683 41275 0 0 3 0x14200 pgdaemon pagedaemon 79259 84262 0 0 3 0x14200 bored viomb 31274 523037 0 0 3 0x40014200 acpi0 acpi0 73656 117393 0 0 3 0x40014200 idle1 17232 273080 0 0 3 0x14200 bored softnet3 19780 167133 0 0 3 0x14200 bored softnet2 63650 215277 0 0 3 0x14200 bored softnet1 67164 25957 0 0 3 0x14200 bored softnet0 3417 291525 0 0 3 0x14200 bored systqmp 31077 226624 0 0 3 0x14200 bored systq 18382 84312 0 0 3 0x14200 tmoslp softclockmp 80803 150350 0 0 2 0x40014200 softclock 41198 467865 0 0 3 0x40014200 idle0 1 233152 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 19034 (syz-executor) thread 0xffff80003722ece0 (58294) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10239 11380K 11700K 166960K 12924 0 pcb 17 12K 12K 166960K 149 0 rtable 220 6K 7K 166960K 391 0 pf 39 18K 19K 166960K 75 0 ifaddr 44 7K 8K 166960K 62 0 ifgroup 59 2K 2K 166960K 83 0 sysctl 3 1K 1K 166960K 3 0 counters 66 36K 37K 166960K 84 0 ioctlops 0 0K 4K 166960K 1600 0 iov 0 0K 16K 166960K 82 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1423 89K 90K 166960K 2092 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 12 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 167 0 dirhash 12 2K 2K 166960K 45 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 12 41K 93K 166960K 800 0 sigio 0 0K 0K 166960K 10 0 proc 63 79K 140K 166960K 576 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 77 0 in_multi 96 7K 7K 166960K 114 0 ether_multi 1 0K 0K 166960K 2 0 mrt 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 440 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 188 71K 74K 166960K 9217 0 UVM aobj 89 7K 7K 166960K 91 0 pinsyscall 36 72K 104K 166960K 1914 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 44 0 NDP 13 0K 2K 166960K 39 0 temp 55 6823K 6888K 166960K 38276 0 kqueue 14 22K 30K 166960K 135 0 SYN cache 2 10K 18K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 57 0 54 1 0 1 1 0 8 0 rtentry 112 121 0 20 4 0 4 4 0 8 0 unpcb 144 487 0 468 4 2 2 4 0 8 1 syncache 336 11 0 11 2 1 1 1 0 8 1 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 808 228 0 222 8 1 7 8 0 8 6 arp 120 20 0 0 1 0 1 1 0 8 0 ipq 40 2 0 2 1 0 1 1 0 8 1 ipqe 40 6 0 6 1 0 1 1 0 8 1 inpcb 336 718 0 706 8 2 6 7 0 8 4 nd6 136 25 0 0 1 0 1 1 0 8 0 pkpcb 40 6 0 6 1 1 0 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1168 7 0 7 1 0 1 1 0 8 1 pfstscr 40 3 0 2 1 0 1 1 0 8 0 pffrag 232 6 0 0 1 0 1 1 0 482 0 pffrnode 88 4 0 0 1 0 1 1 0 8 0 pffrent 40 11 0 4 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 53 0 13 1 0 1 1 0 8 0 pfstkey 128 54 0 14 2 0 2 2 0 8 0 pfstate 376 54 0 14 6 0 6 6 0 8 0 pfrule 1344 23 0 18 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 492 0 71 29 2 27 29 0 8 0 art_table 32 493 0 71 4 0 4 4 0 8 0 art_node 16 116 0 28 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 10 2 2 0 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 164 0 154 1 0 1 1 0 8 0 shmpl 112 88 0 2 3 0 3 3 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 2887 0 1392 95 0 95 95 0 8 0 ffsino 272 2887 0 1392 101 0 101 101 0 8 0 nchpl 144 4019 0 2336 63 0 63 63 0 8 0 uvmvnodes 80 3428 0 0 70 0 70 70 0 8 0 vnodes 216 3428 0 0 191 0 191 191 0 8 0 namei 1024 13629 0 13628 2 0 2 2 0 8 1 percpumem 16 56 0 9 1 0 1 1 0 8 0 kstatmem 264 44 0 18 3 0 3 3 0 8 1 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 13868 0 13868 10 7 3 8 1 8 3 plimitpl 152 107 0 90 1 0 1 1 0 8 0 sigapl 424 1129 0 1064 9 1 8 8 0 8 0 futexpl 64 10904 0 10902 1 0 1 1 0 8 0 knotepl 120 569 0 0 17 0 17 17 0 8 0 kqueuepl 216 574 0 564 9 1 8 8 0 8 7 pipepl 320 232 0 205 6 1 5 6 0 8 2 fdescpl 496 1090 0 1064 6 1 5 5 0 8 0 filepl 152 6500 0 6257 16 1 15 16 0 8 4 lockfpl 104 239 0 237 1 0 1 1 0 8 0 lockfspl 48 104 0 102 1 0 1 1 0 8 0 sessionpl 144 31 0 23 1 0 1 1 0 8 0 pgrppl 48 48 0 32 1 0 1 1 0 8 0 ucredpl 104 976 0 963 1 0 1 1 0 8 0 zombiepl 144 1070 0 1064 2 1 1 1 0 8 0 processpl 1160 1129 0 1064 7 1 6 6 0 8 0 procpl 648 2256 0 2187 8 1 7 7 0 8 0 srpgc 96 7 0 7 1 0 1 1 0 8 1 sosppl 168 7 0 7 1 1 0 1 0 8 0 sockpl 664 1277 0 1243 9 1 8 9 0 8 4 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 145 0 0 19 0 19 19 0 8 0 mcl2k 2048 20 0 0 3 0 3 3 0 8 0 mtagpl 96 12 0 0 1 0 1 1 0 8 0 mbufpl 256 182 0 0 11 0 11 11 0 8 0 bufpl 280 4618 0 101 323 0 323 323 0 8 0 anonpl 24 211856 0 208806 55 6 49 52 0 185 15 amapchunkpl 152 29854 0 29495 29 2 27 27 0 158 8 amappl16 200 5329 0 5302 26 15 11 15 0 8 8 amappl15 192 21 0 20 2 1 1 1 0 8 0 amappl14 184 130 0 119 1 0 1 1 0 8 0 amappl13 176 19 0 18 1 0 1 1 0 8 0 amappl12 168 1739 0 1713 4 2 2 3 0 8 0 amappl11 160 56 0 42 1 0 1 1 0 8 0 amappl10 152 11 0 11 1 1 0 1 0 8 0 amappl9 144 130 0 130 1 1 0 1 0 8 0 amappl8 136 18 0 16 1 0 1 1 0 8 0 amappl7 128 130 0 118 1 0 1 1 0 8 0 amappl6 120 165 0 163 1 0 1 1 0 8 0 amappl5 112 145 0 132 1 0 1 1 0 8 0 amappl4 104 349 0 331 1 0 1 1 0 8 0 amappl3 96 5647 0 5578 3 0 3 3 0 8 0 amappl2 88 1438 0 1361 3 0 3 3 0 8 0 amappl1 80 11489 0 10962 15 1 14 14 0 8 1 amappl 88 8739 0 8609 5 0 5 5 0 92 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 90 0 2 2 0 2 2 0 8 0 uaddrrnd 24 1090 0 1064 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1090 0 1064 1 0 1 1 0 8 0 vmmpekpl 168 10978 0 10934 3 0 3 3 0 8 0 vmmpepl 168 76049 0 74489 101 6 95 97 0 357 13 vmsppl 448 1089 0 1064 6 2 4 5 0 8 0 rwobjpl 56 28190 0 23820 64 1 63 63 0 8 0 pdppl 4096 2187 0 2128 117 46 71 85 0 8 12 pvpl 32 15843 0 0 128 0 128 128 0 265 0 pmappl 248 1089 0 1064 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 413 0 57 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83032d54) at panic+0x1e5 sys/kern/subr_prf.c:198 ufs_dirbadentry(ffff8000ffff7698,ffff8000ffff7698,90c8c81b8f698974) at ufs_dirbadentry VOP_LOOKUP(fffffd805ec1e2c0,ffff8000ffff7a38,ffff8000ffff7a68) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000ffff7a08) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff8000ffff7a08) at namei+0x7aa sys/kern/vfs_lookup.c:250 vn_open(ffff8000ffff7a08,1,0) at vn_open+0x13f sys/kern/vfs_vnops.c:140 doopenat(ffff80003722ece0,ffffff9c,20000040,0,0,ffff8000ffff7bb0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff8000ffff7c60) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff8000ffff7c60) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x60cc494e080, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x70a750591ef0, count: 12 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x70a750591ef0, count: -3