panic: fifo_badop called Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *437617 87013 0 0x2 0 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 fifo_badop(ffff8000149102f8) at fifo_badop+0x14 sys/miscfs/fifofs/fifo_vnops.c:491 VOP_STRATEGY(fffffd8037d8c800) at VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:727 bwrite(fffffd8037d8c800) at bwrite+0x206 sys/kern/vfs_bio.c:738 VOP_BWRITE(fffffd8037d8c800) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:739 ufs_mkdir(ffff800014910580) at ufs_mkdir+0x6b7 sys/ufs/ufs/ufs_vnops.c:1250 VOP_MKDIR(fffffd8036b9b358,ffff8000149106e0,ffff800014910730,ffff800014910610) at VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450 domkdirat(ffff8000ffff84f8,ffffff9c,7f7ffffe0cc0,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:2983 syscall(ffff8000149108b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,88,7f7ffffe0cc0,88,0,7f7ffffe0ce4) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe0d30, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic fifo_badop called ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 fifo_badop(ffff8000149102f8) at fifo_badop+0x14 sys/miscfs/fifofs/fifo_vnops.c:491 VOP_STRATEGY(fffffd8037d8c800) at VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:727 bwrite(fffffd8037d8c800) at bwrite+0x206 sys/kern/vfs_bio.c:738 VOP_BWRITE(fffffd8037d8c800) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:739 ufs_mkdir(ffff800014910580) at ufs_mkdir+0x6b7 sys/ufs/ufs/ufs_vnops.c:1250 VOP_MKDIR(fffffd8036b9b358,ffff8000149106e0,ffff800014910730,ffff800014910610) at VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450 domkdirat(ffff8000ffff84f8,ffffff9c,7f7ffffe0cc0,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:2983 syscall(ffff8000149108b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,88,7f7ffffe0cc0,88,0,7f7ffffe0ce4) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe0d30, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014910220 rbx 0xffff8000149102d0 rdx 0x2 rcx 0 rax 0 r8 0xffff8000149101e0 r9 0x1 r10 0 r11 0xc8cccb201f6756b9 r12 0x3000000008 r13 0xffff800014910230 r14 0x100 r15 0x1 rip 0xffffffff8147e928 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014910210 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=437617 stat=onproc flags process=2 proc=0 pri=17, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800014914ee8,0xffff8000149142a0 process=0xffff8000ffff6a30 user=0xffff80001490b000, vmspace=0xfffffd803f013dd0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 69185 501861 62140 0 2 0 syz-executor.0 69185 432664 62140 0 2 0x4000000 syz-executor.0 *87013 437617 73318 0 7 0x2 syz-executor.1 16198 8195 0 0 3 0x14200 acct acct 62140 293369 73318 0 3 0x82 nanosleep syz-executor.0 36227 236903 1 0 3 0x100083 ttyin getty 11431 461943 0 0 3 0x14200 bored sosplice 73318 155565 38908 0 3 0x82 thrsleep syz-fuzzer 73318 53760 38908 0 3 0x4000082 nanosleep syz-fuzzer 73318 74843 38908 0 3 0x4000082 thrsleep syz-fuzzer 73318 402737 38908 0 3 0x4000082 thrsleep syz-fuzzer 73318 242409 38908 0 3 0x4000082 thrsleep syz-fuzzer 73318 317474 38908 0 3 0x4000082 kqread syz-fuzzer 73318 64110 38908 0 3 0x4000082 thrsleep syz-fuzzer 73318 315962 38908 0 3 0x4000082 thrsleep syz-fuzzer 38908 311666 57567 0 3 0x10008a pause ksh 57567 327632 55198 0 3 0x92 select sshd 55198 31928 1 0 3 0x80 select sshd 6539 513075 55061 73 3 0x100090 kqread syslogd 55061 506495 1 0 3 0x100082 netio syslogd 91645 12501 0 0 2 0x14200 zerothread 37362 204697 0 0 3 0x14200 aiodoned aiodoned 67813 510983 0 0 3 0x14200 syncer update 12756 381957 0 0 3 0x14200 cleaner cleaner 31424 228353 0 0 3 0x14200 reaper reaper 79976 215293 0 0 3 0x14200 pgdaemon pagedaemon 83960 38779 0 0 3 0x14200 bored crynlk 23988 477084 0 0 3 0x14200 bored crypto 37538 500639 0 0 3 0x40014200 acpi0 acpi0 82780 280358 0 0 3 0x14200 bored softnet 86663 485782 0 0 3 0x14200 bored systqmp 85929 432037 0 0 3 0x14200 bored systq 10210 66947 0 0 3 0x40014200 bored softclock 20529 132187 0 0 3 0x40014200 idle0 66270 59844 0 0 3 0x14200 bored smr 1 277521 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9546 7182K 8676K 78643K 17390 0 0 pcb 13 8K 9K 78643K 246 0 0 rtable 92 7K 8K 78643K 541 0 0 ifaddr 68 14K 15K 78643K 216 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 87 0 0 iov 0 0K 24K 78643K 296 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1228 77K 78K 78643K 3146 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 30 0 0 VM map 7 1K 1K 78643K 13 0 0 sem 12 1K 1K 78643K 179 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 1120 0 0 sigio 0 0K 0K 78643K 26 0 0 proc 44 30K 63K 78643K 668 0 0 subproc 32 2K 2K 78643K 123 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 86 0 0 in_multi 20 1K 2K 78643K 146 0 0 ether_multi 1 0K 0K 78643K 12 0 0 mrt 0 0K 0K 78643K 7 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 66 291K 291K 78643K 66 0 0 exec 0 0K 1K 78643K 406 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 107 70K 70K 78643K 3762 0 0 UVM aobj 90 3K 3K 78643K 97 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 248 0 0 NDP 16 0K 0K 78643K 66 0 0 temp 198 3540K 4179K 78643K 29719 0 0 kqueue 0 0K 0K 78643K 7 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 37 0 33 1 0 1 1 0 8 0 rtpcb 80 129 0 129 2 1 1 1 0 8 1 rtentry 112 157 0 124 2 0 2 2 0 8 0 unpcb 120 546 0 539 1 0 1 1 0 8 0 syncache 264 8 0 8 3 3 0 1 0 8 0 tcpqe 32 54 0 54 2 2 0 1 0 8 0 tcpcb 544 379 0 375 2 1 1 2 0 8 0 ipq 40 9 0 9 4 3 1 1 0 8 1 ipqe 40 321 0 321 4 3 1 1 0 8 1 inpcb 280 1551 0 1547 10 8 2 4 0 8 1 rttmr 72 3 0 2 3 2 1 1 0 8 0 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 6 0 6 1 1 0 1 0 8 0 nd6 48 17 0 16 2 1 1 1 0 8 0 ppxss 1128 25 0 25 6 5 1 1 0 8 1 art_heap8 4096 14 0 11 5 1 4 4 0 8 1 art_heap4 256 762 0 555 23 8 15 19 0 8 0 art_table 32 776 0 566 3 0 3 3 0 8 0 art_node 16 156 0 125 1 0 1 1 0 8 0 sysvmsgpl 40 32 0 22 1 0 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 177 0 167 1 0 1 1 0 8 0 shmpl 112 95 0 7 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 3296 0 1905 46 0 46 46 0 8 0 ffsino 240 3296 0 1905 83 0 83 83 0 8 0 nchpl 144 5192 0 3599 61 0 61 61 0 8 0 uvmvnodes 72 4921 0 0 90 0 90 90 0 8 0 vnodes 208 4921 0 0 259 0 259 259 0 8 0 namei 1024 17560 0 17557 1 0 1 1 0 8 0 vcpupl 1984 5 0 0 1 0 1 1 0 8 0 vmpool 520 11 0 6 1 0 1 1 0 8 0 scsiplug 64 2 0 2 1 1 0 1 0 8 0 scxspl 192 17201 0 17201 12 11 1 7 0 8 1 plimitpl 152 112 0 106 1 0 1 1 0 8 0 sigapl 432 1277 0 1266 2 0 2 2 0 8 0 futexpl 56 32430 0 32430 1 0 1 1 0 8 1 knotepl 112 296 0 277 1 0 1 1 0 8 0 kqueuepl 104 282 0 280 1 0 1 1 0 8 0 pipepl 112 722 0 703 1 0 1 1 0 8 0 fdescpl 424 1278 0 1266 2 0 2 2 0 8 0 filepl 120 11176 0 11091 7 3 4 5 0 8 1 lockfpl 104 482 0 482 1 0 1 1 0 8 1 lockfspl 48 158 0 158 1 0 1 1 0 8 1 sessionpl 112 23 0 15 1 0 1 1 0 8 0 pgrppl 48 82 0 74 1 0 1 1 0 8 0 ucredpl 96 1713 0 1707 1 0 1 1 0 8 0 zombiepl 144 1266 0 1266 1 0 1 1 0 8 1 processpl 864 1294 0 1266 4 0 4 4 0 8 0 procpl 632 2805 0 2769 4 0 4 4 0 8 0 sosppl 128 10 0 10 4 4 0 1 0 8 0 sockpl 384 2244 0 2233 15 11 4 6 0 8 2 mcl64k 65536 87 0 87 2 1 1 1 0 8 1 mcl16k 16384 11 0 11 6 5 1 1 0 8 1 mcl12k 12288 16 0 16 6 5 1 1 0 8 1 mcl9k 9216 15 0 15 7 6 1 1 0 8 1 mcl8k 8192 59 0 59 2 1 1 1 0 8 1 mcl4k 4096 146 0 146 2 1 1 1 0 8 1 mcl2k2 2112 8 0 8 5 4 1 1 0 8 1 mcl2k 2048 70696 0 70649 16 9 7 14 0 8 0 mtagpl 80 74 0 47 2 1 1 1 0 8 0 mbufpl 256 119563 0 119412 39 21 18 21 0 8 8 bufpl 256 12531 0 6105 402 0 402 402 0 8 0 anonpl 16 175033 0 156086 130 37 93 93 0 62 14 amapchunkpl 152 6834 0 6717 24 14 10 15 0 158 4 amappl16 192 7820 0 6739 104 41 63 67 0 8 8 amappl15 184 273 0 271 2 1 1 1 0 8 0 amappl14 176 291 0 287 1 0 1 1 0 8 0 amappl13 168 9 0 8 1 0 1 1 0 8 0 amappl12 160 341 0 340 2 1 1 1 0 8 0 amappl11 152 59 0 54 1 0 1 1 0 8 0 amappl10 144 15 0 14 1 0 1 1 0 8 0 amappl9 136 728 0 722 1 0 1 1 0 8 0 amappl8 128 310 0 277 2 0 2 2 0 8 0 amappl7 120 73 0 66 1 0 1 1 0 8 0 amappl6 112 77 0 67 1 0 1 1 0 8 0 amappl5 104 526 0 519 1 0 1 1 0 8 0 amappl4 96 1439 0 1413 1 0 1 1 0 8 0 amappl3 88 437 0 430 1 0 1 1 0 8 0 amappl2 80 9416 0 9355 3 1 2 3 0 8 0 amappl1 72 33048 0 32671 27 19 8 20 0 8 0 amappl 80 3112 0 3075 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 96 0 7 2 0 2 2 0 8 0 uaddrrnd 24 1289 0 1266 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1289 0 1266 1 0 1 1 0 8 0 vmmpekpl 168 12295 0 12264 2 0 2 2 0 8 0 vmmpepl 168 163683 0 161617 185 59 126 132 0 357 30 vmsppl 272 1277 0 1266 2 1 1 2 0 8 0 pdppl 4096 2584 0 2549 6 1 5 6 0 8 0 pvpl 32 504180 0 482224 291 75 216 282 0 265 36 pmappl 200 1288 0 1272 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 596 0 52 16 0 16 16 0 8 0