panic: bad dir (3)
2 views
Skip to first unread message
syzbot
Apr 19, 2022, 6:50:19 AM4/19/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 501fda025ec2 regen
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15391110f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=b10779f9ce6ca094b752
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b10779...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*368778 38573 0 0 0x4000000 0 syz-executor.6
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: bad dir
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000231c6f90
rbx 0
rdx 0
rcx 0
rax 0xffff8000230b8d28
r8 0x101010101010101
r9 0x8080808080808080
r10 0x10d007e858b533b0
r11 0xc6b5fa5858c71d9c
r12 0
r13 0xfffffd80709a5b50
r14 0
r15 0x1
rip 0xffffffff81b399a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000231c6f80
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.6) pid=368778 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000230b82a8,0xffff800027f3afd8
process=0xffff80002b37afc8 user=0xffff8000231c2000, vmspace=0xfffffd806c67d560
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
38573 37755 80189 0 2 0 syz-executor.6
*38573 368778 80189 0 7 0x4000000 syz-executor.6
38573 132535 80189 0 3 0x4000080 fsleep syz-executor.6
38573 283801 80189 0 2 0x4000000 syz-executor.6
86603 463344 59092 0 2 0 syz-executor.7
86603 356723 59092 0 3 0x4000080 fsleep syz-executor.7
59092 172423 48376 0 2 0x482 syz-executor.7
53636 333612 48376 0 2 0x2 syz-executor.0
7572 70562 48376 0 2 0x2 syz-executor.4
55362 219753 0 0 3 0x14200 bored sosplice
7804 227213 48376 0 2 0x2 syz-executor.2
89292 120076 0 0 3 0x14280 nfsidl nfsio
5378 115302 0 0 3 0x14280 nfsidl nfsio
33325 378066 0 0 3 0x14280 nfsidl nfsio
62926 309571 0 0 3 0x14280 nfsidl nfsio
5218 13554 0 0 3 0x14280 nfsidl nfsio
89786 319637 0 0 3 0x14280 nfsidl nfsio
20378 320200 0 0 3 0x14280 nfsidl nfsio
57397 55816 0 0 3 0x14280 nfsidl nfsio
99946 262644 0 0 3 0x14280 nfsidl nfsio
74200 353182 0 0 3 0x14280 nfsidl nfsio
49079 501135 0 0 3 0x14280 nfsidl nfsio
43901 72137 0 0 3 0x14280 nfsidl nfsio
87411 419251 0 0 3 0x14280 nfsidl nfsio
41412 453234 0 0 3 0x14280 nfsidl nfsio
70816 92974 0 0 3 0x14280 nfsidl nfsio
294 463389 0 0 3 0x14280 nfsidl nfsio
35383 66241 0 0 3 0x14280 nfsidl nfsio
9237 463900 0 0 3 0x14280 nfsidl nfsio
37810 28215 0 0 3 0x14280 nfsidl nfsio
98426 45057 0 0 3 0x14280 nfsidl nfsio
31084 487679 48376 0 2 0x2 syz-executor.3
37774 428191 48376 0 3 0x82 nanoslp syz-executor.1
80189 97795 48376 0 2 0x482 syz-executor.6
63220 264597 48376 0 2 0x2 syz-executor.5
48376 326604 14013 0 3 0x82 thrsleep syz-fuzzer
48376 82170 14013 0 2 0x4000482 syz-fuzzer
48376 63061 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 76961 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 439606 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 456932 14013 0 3 0x4000082 kqread syz-fuzzer
48376 384319 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 144507 14013 0 3 0x4000082 thrsleep syz-fuzzer
14013 167666 78856 0 3 0x10008a sigsusp ksh
78856 512924 21301 0 3 0x9a kqread sshd
31346 202307 1 0 3 0x100083 ttyin getty
21301 435208 1 0 3 0x88 kqread sshd
69675 223676 9383 73 3 0x1100090 kqread syslogd
9383 273936 1 0 3 0x100082 netio syslogd
66627 51528 1 0 3 0x100080 kqread resolvd
12944 256340 35055 77 3 0x100092 kqread dhcpleased
5602 403476 35055 77 3 0x100092 kqread dhcpleased
35055 157566 1 0 3 0x80 kqread dhcpleased
4882 419916 0 0 3 0x14200 bored smr
8995 452886 0 0 2 0x14200 zerothread
49357 264799 0 0 3 0x14200 aiodoned aiodoned
37814 193099 0 0 3 0x14200 syncer update
56966 105769 0 0 3 0x14200 cleaner cleaner
20169 244138 0 0 3 0x14200 reaper reaper
22627 335576 0 0 3 0x14200 pgdaemon pagedaemon
40400 384152 0 0 3 0x14200 bored viomb
19536 492641 0 0 3 0x40014200 acpi0 acpi0
94998 18632 0 0 3 0x14200 bored softnet
69709 98126 0 0 3 0x14200 bored systqmp
60666 305460 0 0 3 0x14200 bored systq
80913 354987 0 0 2 0x40014200 softclock
52026 90882 0 0 3 0x40014200 idle0
1 185323 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10173 6418K 6935K 78643K 18161 0
pcb 13 15K 17K 78643K 360 0
rtable 252 19K 19K 78643K 1770 0
ifaddr 98 27K 28K 78643K 5078 0
sysctl 2 0K 0K 78643K 6 0
counters 28 17K 17K 78643K 429 0
ioctlops 0 0K 12K 78643K 27037 0
iov 0 0K 16K 78643K 2382 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1397 87K 87K 78643K 3867 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 669 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 4670 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 12 41K 73K 78643K 19682 0
sigio 0 0K 0K 78643K 51 0
proc 58 59K 75K 78643K 1555 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 236 0
in_multi 75 5K 7K 78643K 242 0
ether_multi 1 0K 0K 78643K 15 0
mrt 0 0K 0K 78643K 10 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 67 307K 307K 78643K 67 0
exec 0 0K 2K 78643K 5754 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 316 298K 343K 78643K 105595 0
UVM aobj 131 7K 7K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 94 0
NDP 13 0K 1K 78643K 448 0
temp 169 4796K 4860K 78643K 89634 0
kqueue 12 18K 24K 78643K 543 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1994 0 1991 27 26 1 3 0 8 0
rtentry 112 368 0 280 4 0 4 4 0 8 0
unpcb 136 4104 0 4091 52 51 1 8 0 8 0
syncache 296 83 0 83 9 9 0 1 0 8 0
tcpqe 32 111 0 111 9 9 0 1 0 8 0
tcpcb 736 8726 0 8710 172 162 10 18 0 8 8
arp 88 39 0 23 1 0 1 1 0 8 0
ipq 40 21 0 19 6 5 1 1 0 8 0
ipqe 40 915 0 913 6 5 1 1 0 8 0
inpcb 312 10037 0 10030 135 129 6 15 0 8 5
rttmr 72 2 0 2 1 1 0 1 0 8 0
nd6 48 64 0 39 1 0 1 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
ppxss 1152 17 0 17 2 2 0 1 0 8 0
pfosfp 40 13 0 12 2 1 1 1 0 8 0
pfosfpen 112 13 0 12 2 1 1 1 0 8 0
pfrktable 1344 390 0 363 4 1 3 3 0 8 0
pftag 88 27 0 10 1 0 1 1 0 8 0
pfqueue 264 6 0 6 3 3 0 1 0 8 0
pfrule 1360 7507 0 5597 164 4 160 160 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1016 0 645 36 12 24 29 0 8 0
art_table 32 1017 0 645 4 0 4 4 0 8 0
art_node 16 365 0 287 1 0 1 1 0 8 0
sysvmsgpl 40 40 0 32 1 0 1 1 0 8 0
semapl 112 4668 0 4658 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 28102 0 26635 92 0 92 92 0 8 0
ffsino 240 28102 0 26635 87 0 87 87 0 8 0
nchpl 144 54920 0 53287 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 176599 0 176595 3 2 1 2 0 8 0
vcpupl 1984 24 0 3 3 0 3 3 0 8 0
vmpool 528 34 0 13 2 0 2 2 0 8 0
pfiaddrpl 120 448 0 8 15 1 14 14 0 8 0
kstatmem 264 828 0 802 3 1 2 3 0 8 0
scsiplug 72 7 0 7 2 2 0 1 0 8 0
scxspl 216 162526 0 162526 16 15 1 8 0 8 1
plimitpl 152 201 0 187 1 0 1 1 0 8 0
sigapl 424 19971 0 19913 8 0 8 8 0 8 0
futexpl 64 210437 0 210435 1 0 1 1 0 8 0
knotepl 120 174898 0 174818 26 23 3 7 0 8 0
kqueuepl 184 1580 0 1572 19 18 1 4 0 8 0
pipepl 304 2358 0 2330 71 68 3 10 0 8 0
fdescpl 432 19936 0 19913 4 0 4 4 0 8 0
filepl 120 100041 0 99800 125 113 12 21 0 8 4
lockfpl 104 4004 0 4002 8 7 1 2 0 8 0
lockfspl 48 800 0 798 1 0 1 1 0 8 0
sessionpl 144 32 0 16 1 0 1 1 0 8 0
pgrppl 48 122 0 106 1 0 1 1 0 8 0
ucredpl 96 2963 0 2953 1 0 1 1 0 8 0
zombiepl 144 19914 0 19913 2 1 1 1 0 8 0
processpl 1000 19971 0 19913 9 1 8 9 0 8 0
procpl 672 49868 0 49799 28 20 8 9 0 8 1
sosppl 168 4 0 4 1 1 0 1 0 8 0
sockpl 448 16139 0 16116 268 257 11 25 0 8 8
mcl64k 65536 331 0 331 23 22 1 1 0 8 1
mcl16k 16384 125 0 125 28 27 1 1 0 8 1
mcl12k 12288 416 0 416 26 25 1 1 0 8 1
mcl9k 9216 251 0 251 26 25 1 1 0 8 1
mcl8k 8192 1147 0 1147 20 19 1 1 0 8 1
mcl4k 4096 3507 0 3507 9 8 1 1 0 8 1
mcl2k2 2112 120 0 120 31 30 1 1 0 8 1
mcl2k 2048 105177 0 105129 41 33 8 11 0 8 0
mtagpl 96 505 0 424 9 6 3 4 0 8 0
mbufpl 256 271635 0 271343 121 98 23 60 0 8 1
bufpl 288 31828 0 25424 458 0 458 458 0 8 0
anonpl 24 3335197 0 3317349 154 39 115 131 0 188 0
amapchunkpl 152 302411 0 301800 56 28 28 32 0 158 0
amappl16 200 40320 0 39699 56 22 34 46 0 8 0
amappl15 192 3673 0 3669 1 0 1 1 0 8 0
amappl14 184 4388 0 4385 1 0 1 1 0 8 0
amappl13 176 4114 0 4113 1 0 1 1 0 8 0
amappl12 168 1038 0 1037 3 2 1 1 0 8 0
amappl11 160 2871 0 2856 1 0 1 1 0 8 0
amappl10 152 2511 0 2504 1 0 1 1 0 8 0
amappl9 144 574 0 570 1 0 1 1 0 8 0
amappl8 136 2087 0 1980 5 1 4 4 0 8 0
amappl7 128 1272 0 1260 1 0 1 1 0 8 0
amappl6 120 389 0 370 2 1 1 2 0 8 0
amappl5 112 20575 0 20562 1 0 1 1 0 8 0
amappl4 104 4236 0 4201 2 0 2 2 0 8 0
amappl3 96 58875 0 58839 2 0 2 2 0 8 0
amappl2 88 24925 0 24865 3 1 2 3 0 8 0
amappl1 80 464445 0 463900 43 28 15 19 0 8 1
amappl 88 104316 0 104159 7 2 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 19970 0 19926 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 19970 0 19926 1 0 1 1 0 8 0
vmmpekpl 168 123635 0 123576 4 1 3 3 0 8 0
vmmpepl 168 1874023 0 1871707 212 87 125 138 0 357 2
vmsppl 272 19969 0 19926 5 1 4 4 0 8 0
rwobjpl 24 433104 0 425462 48 0 48 48 0 8 0
pdppl 4096 39946 0 39873 516 431 85 88 0 8 12
pvpl 32 6432308 0 6411119 322 137 185 230 0 265 3
pmappl 216 19969 0 19926 3 0 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 2185 0 1207 29 0 29 29 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 501fda025ec2 regen
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15391110f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=b10779f9ce6ca094b752
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b10779...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*368778 38573 0 0 0x4000000 0 syz-executor.6
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: bad dir
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000231c6f90
rbx 0
rdx 0
rcx 0
rax 0xffff8000230b8d28
r8 0x101010101010101
r9 0x8080808080808080
r10 0x10d007e858b533b0
r11 0xc6b5fa5858c71d9c
r12 0
r13 0xfffffd80709a5b50
r14 0
r15 0x1
rip 0xffffffff81b399a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000231c6f80
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.6) pid=368778 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000230b82a8,0xffff800027f3afd8
process=0xffff80002b37afc8 user=0xffff8000231c2000, vmspace=0xfffffd806c67d560
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
38573 37755 80189 0 2 0 syz-executor.6
*38573 368778 80189 0 7 0x4000000 syz-executor.6
38573 132535 80189 0 3 0x4000080 fsleep syz-executor.6
38573 283801 80189 0 2 0x4000000 syz-executor.6
86603 463344 59092 0 2 0 syz-executor.7
86603 356723 59092 0 3 0x4000080 fsleep syz-executor.7
59092 172423 48376 0 2 0x482 syz-executor.7
53636 333612 48376 0 2 0x2 syz-executor.0
7572 70562 48376 0 2 0x2 syz-executor.4
55362 219753 0 0 3 0x14200 bored sosplice
7804 227213 48376 0 2 0x2 syz-executor.2
89292 120076 0 0 3 0x14280 nfsidl nfsio
5378 115302 0 0 3 0x14280 nfsidl nfsio
33325 378066 0 0 3 0x14280 nfsidl nfsio
62926 309571 0 0 3 0x14280 nfsidl nfsio
5218 13554 0 0 3 0x14280 nfsidl nfsio
89786 319637 0 0 3 0x14280 nfsidl nfsio
20378 320200 0 0 3 0x14280 nfsidl nfsio
57397 55816 0 0 3 0x14280 nfsidl nfsio
99946 262644 0 0 3 0x14280 nfsidl nfsio
74200 353182 0 0 3 0x14280 nfsidl nfsio
49079 501135 0 0 3 0x14280 nfsidl nfsio
43901 72137 0 0 3 0x14280 nfsidl nfsio
87411 419251 0 0 3 0x14280 nfsidl nfsio
41412 453234 0 0 3 0x14280 nfsidl nfsio
70816 92974 0 0 3 0x14280 nfsidl nfsio
294 463389 0 0 3 0x14280 nfsidl nfsio
35383 66241 0 0 3 0x14280 nfsidl nfsio
9237 463900 0 0 3 0x14280 nfsidl nfsio
37810 28215 0 0 3 0x14280 nfsidl nfsio
98426 45057 0 0 3 0x14280 nfsidl nfsio
31084 487679 48376 0 2 0x2 syz-executor.3
37774 428191 48376 0 3 0x82 nanoslp syz-executor.1
80189 97795 48376 0 2 0x482 syz-executor.6
63220 264597 48376 0 2 0x2 syz-executor.5
48376 326604 14013 0 3 0x82 thrsleep syz-fuzzer
48376 82170 14013 0 2 0x4000482 syz-fuzzer
48376 63061 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 76961 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 439606 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 456932 14013 0 3 0x4000082 kqread syz-fuzzer
48376 384319 14013 0 3 0x4000082 thrsleep syz-fuzzer
48376 144507 14013 0 3 0x4000082 thrsleep syz-fuzzer
14013 167666 78856 0 3 0x10008a sigsusp ksh
78856 512924 21301 0 3 0x9a kqread sshd
31346 202307 1 0 3 0x100083 ttyin getty
21301 435208 1 0 3 0x88 kqread sshd
69675 223676 9383 73 3 0x1100090 kqread syslogd
9383 273936 1 0 3 0x100082 netio syslogd
66627 51528 1 0 3 0x100080 kqread resolvd
12944 256340 35055 77 3 0x100092 kqread dhcpleased
5602 403476 35055 77 3 0x100092 kqread dhcpleased
35055 157566 1 0 3 0x80 kqread dhcpleased
4882 419916 0 0 3 0x14200 bored smr
8995 452886 0 0 2 0x14200 zerothread
49357 264799 0 0 3 0x14200 aiodoned aiodoned
37814 193099 0 0 3 0x14200 syncer update
56966 105769 0 0 3 0x14200 cleaner cleaner
20169 244138 0 0 3 0x14200 reaper reaper
22627 335576 0 0 3 0x14200 pgdaemon pagedaemon
40400 384152 0 0 3 0x14200 bored viomb
19536 492641 0 0 3 0x40014200 acpi0 acpi0
94998 18632 0 0 3 0x14200 bored softnet
69709 98126 0 0 3 0x14200 bored systqmp
60666 305460 0 0 3 0x14200 bored systq
80913 354987 0 0 2 0x40014200 softclock
52026 90882 0 0 3 0x40014200 idle0
1 185323 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10173 6418K 6935K 78643K 18161 0
pcb 13 15K 17K 78643K 360 0
rtable 252 19K 19K 78643K 1770 0
ifaddr 98 27K 28K 78643K 5078 0
sysctl 2 0K 0K 78643K 6 0
counters 28 17K 17K 78643K 429 0
ioctlops 0 0K 12K 78643K 27037 0
iov 0 0K 16K 78643K 2382 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1397 87K 87K 78643K 3867 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 669 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 4670 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 12 41K 73K 78643K 19682 0
sigio 0 0K 0K 78643K 51 0
proc 58 59K 75K 78643K 1555 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 236 0
in_multi 75 5K 7K 78643K 242 0
ether_multi 1 0K 0K 78643K 15 0
mrt 0 0K 0K 78643K 10 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 67 307K 307K 78643K 67 0
exec 0 0K 2K 78643K 5754 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 316 298K 343K 78643K 105595 0
UVM aobj 131 7K 7K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 94 0
NDP 13 0K 1K 78643K 448 0
temp 169 4796K 4860K 78643K 89634 0
kqueue 12 18K 24K 78643K 543 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1994 0 1991 27 26 1 3 0 8 0
rtentry 112 368 0 280 4 0 4 4 0 8 0
unpcb 136 4104 0 4091 52 51 1 8 0 8 0
syncache 296 83 0 83 9 9 0 1 0 8 0
tcpqe 32 111 0 111 9 9 0 1 0 8 0
tcpcb 736 8726 0 8710 172 162 10 18 0 8 8
arp 88 39 0 23 1 0 1 1 0 8 0
ipq 40 21 0 19 6 5 1 1 0 8 0
ipqe 40 915 0 913 6 5 1 1 0 8 0
inpcb 312 10037 0 10030 135 129 6 15 0 8 5
rttmr 72 2 0 2 1 1 0 1 0 8 0
nd6 48 64 0 39 1 0 1 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
ppxss 1152 17 0 17 2 2 0 1 0 8 0
pfosfp 40 13 0 12 2 1 1 1 0 8 0
pfosfpen 112 13 0 12 2 1 1 1 0 8 0
pfrktable 1344 390 0 363 4 1 3 3 0 8 0
pftag 88 27 0 10 1 0 1 1 0 8 0
pfqueue 264 6 0 6 3 3 0 1 0 8 0
pfrule 1360 7507 0 5597 164 4 160 160 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1016 0 645 36 12 24 29 0 8 0
art_table 32 1017 0 645 4 0 4 4 0 8 0
art_node 16 365 0 287 1 0 1 1 0 8 0
sysvmsgpl 40 40 0 32 1 0 1 1 0 8 0
semapl 112 4668 0 4658 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 28102 0 26635 92 0 92 92 0 8 0
ffsino 240 28102 0 26635 87 0 87 87 0 8 0
nchpl 144 54920 0 53287 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 176599 0 176595 3 2 1 2 0 8 0
vcpupl 1984 24 0 3 3 0 3 3 0 8 0
vmpool 528 34 0 13 2 0 2 2 0 8 0
pfiaddrpl 120 448 0 8 15 1 14 14 0 8 0
kstatmem 264 828 0 802 3 1 2 3 0 8 0
scsiplug 72 7 0 7 2 2 0 1 0 8 0
scxspl 216 162526 0 162526 16 15 1 8 0 8 1
plimitpl 152 201 0 187 1 0 1 1 0 8 0
sigapl 424 19971 0 19913 8 0 8 8 0 8 0
futexpl 64 210437 0 210435 1 0 1 1 0 8 0
knotepl 120 174898 0 174818 26 23 3 7 0 8 0
kqueuepl 184 1580 0 1572 19 18 1 4 0 8 0
pipepl 304 2358 0 2330 71 68 3 10 0 8 0
fdescpl 432 19936 0 19913 4 0 4 4 0 8 0
filepl 120 100041 0 99800 125 113 12 21 0 8 4
lockfpl 104 4004 0 4002 8 7 1 2 0 8 0
lockfspl 48 800 0 798 1 0 1 1 0 8 0
sessionpl 144 32 0 16 1 0 1 1 0 8 0
pgrppl 48 122 0 106 1 0 1 1 0 8 0
ucredpl 96 2963 0 2953 1 0 1 1 0 8 0
zombiepl 144 19914 0 19913 2 1 1 1 0 8 0
processpl 1000 19971 0 19913 9 1 8 9 0 8 0
procpl 672 49868 0 49799 28 20 8 9 0 8 1
sosppl 168 4 0 4 1 1 0 1 0 8 0
sockpl 448 16139 0 16116 268 257 11 25 0 8 8
mcl64k 65536 331 0 331 23 22 1 1 0 8 1
mcl16k 16384 125 0 125 28 27 1 1 0 8 1
mcl12k 12288 416 0 416 26 25 1 1 0 8 1
mcl9k 9216 251 0 251 26 25 1 1 0 8 1
mcl8k 8192 1147 0 1147 20 19 1 1 0 8 1
mcl4k 4096 3507 0 3507 9 8 1 1 0 8 1
mcl2k2 2112 120 0 120 31 30 1 1 0 8 1
mcl2k 2048 105177 0 105129 41 33 8 11 0 8 0
mtagpl 96 505 0 424 9 6 3 4 0 8 0
mbufpl 256 271635 0 271343 121 98 23 60 0 8 1
bufpl 288 31828 0 25424 458 0 458 458 0 8 0
anonpl 24 3335197 0 3317349 154 39 115 131 0 188 0
amapchunkpl 152 302411 0 301800 56 28 28 32 0 158 0
amappl16 200 40320 0 39699 56 22 34 46 0 8 0
amappl15 192 3673 0 3669 1 0 1 1 0 8 0
amappl14 184 4388 0 4385 1 0 1 1 0 8 0
amappl13 176 4114 0 4113 1 0 1 1 0 8 0
amappl12 168 1038 0 1037 3 2 1 1 0 8 0
amappl11 160 2871 0 2856 1 0 1 1 0 8 0
amappl10 152 2511 0 2504 1 0 1 1 0 8 0
amappl9 144 574 0 570 1 0 1 1 0 8 0
amappl8 136 2087 0 1980 5 1 4 4 0 8 0
amappl7 128 1272 0 1260 1 0 1 1 0 8 0
amappl6 120 389 0 370 2 1 1 2 0 8 0
amappl5 112 20575 0 20562 1 0 1 1 0 8 0
amappl4 104 4236 0 4201 2 0 2 2 0 8 0
amappl3 96 58875 0 58839 2 0 2 2 0 8 0
amappl2 88 24925 0 24865 3 1 2 3 0 8 0
amappl1 80 464445 0 463900 43 28 15 19 0 8 1
amappl 88 104316 0 104159 7 2 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 19970 0 19926 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 19970 0 19926 1 0 1 1 0 8 0
vmmpekpl 168 123635 0 123576 4 1 3 3 0 8 0
vmmpepl 168 1874023 0 1871707 212 87 125 138 0 357 2
vmsppl 272 19969 0 19926 5 1 4 4 0 8 0
rwobjpl 24 433104 0 425462 48 0 48 48 0 8 0
pdppl 4096 39946 0 39873 516 431 85 88 0 8 12
pvpl 32 6432308 0 6411119 322 137 185 230 0 265 3
pmappl 216 19969 0 19926 3 0 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 2185 0 1207 29 0 29 29 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82599f7f) at panic+0x161 sys/kern/subr_prf.c:202
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806ec9ccc8,ffff8000231c74f8,ffff8000231c7528) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000231c74c8) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561
namei(ffff8000231c74c8) at namei+0x36a sys/kern/vfs_lookup.c:245
vn_open(ffff8000231c74c8,70f,0) at vn_open+0x188 sys/kern/vfs_vnops.c:113
doopenat(ffff8000230b8d28,ffffff9c,20000000,70e,0,ffff8000231c76b0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129
syscall(ffff8000231c7720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd50ce6456f0, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 23, 2022, 10:28:41 PM9/23/22
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 7dd170e2d888 merge unbound 1.16.3
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1115cc50880000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=b10779f9ce6ca094b752
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10e96640880000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b10779...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*500301 25786 0 0 0 0 syz-executor.0
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
rbx 0
rdx 0x3fd
rcx 0
rax 0xf
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5216294108b2b486
r11 0x83383589633c5ea3
r12 0
r13 0xfffffd8069c3ca50
r14 0
r15 0x1
rip 0xffffffff81eab2d8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021875020
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800021789268,0xffff8000217057c0
process=0xffff80002179cfc8 user=0xffff800021870000, vmspace=0xfffffd806c643cd0
94988 103109 34232 0 2 0x100000 sh
*25786 500301 13997 0 7 0 syz-executor.0
72044 424317 90148 0 2 0 syz-executor.2
34232 347500 44759 0 3 0x10008a sigsusp sh
76595 120178 91644 0 2 0 syz-executor.5
87252 331945 5370 0 3 0x80 dklk syz-executor.7
27298 341504 94200 0 3 0x80 dklk syz-executor.4
44759 143501 31098 0 3 0x82 wait syz-executor.6
5370 325122 31098 0 2 0x482 syz-executor.7
91644 465941 31098 0 2 0x482 syz-executor.5
94200 232367 31098 0 2 0x482 syz-executor.4
40805 306563 31098 0 2 0x2 syz-executor.3
90148 394457 31098 0 3 0x82 nanoslp syz-executor.2
54761 282866 31098 0 2 0x2 syz-executor.1
13997 337897 31098 0 3 0x82 nanoslp syz-executor.0
31098 160100 26373 0 3 0x82 thrsleep syz-execprog
31098 49191 26373 0 3 0x4000082 nanoslp syz-execprog
31098 198235 26373 0 3 0x4000082 wait syz-execprog
31098 438963 26373 0 3 0x4000082 wait syz-execprog
31098 263768 26373 0 3 0x4000082 thrsleep syz-execprog
31098 506339 26373 0 3 0x4000082 wait syz-execprog
31098 324095 26373 0 3 0x4000082 wait syz-execprog
31098 182237 26373 0 3 0x4000082 wait syz-execprog
31098 329991 26373 0 3 0x4000082 thrsleep syz-execprog
31098 226734 26373 0 3 0x4000082 wait syz-execprog
31098 368521 26373 0 3 0x4000082 wait syz-execprog
31098 16732 26373 0 3 0x4000082 wait syz-execprog
31098 142887 26373 0 3 0x4000082 kqread syz-execprog
26373 472903 41773 0 3 0x10008a sigsusp ksh
41773 409251 75932 0 3 0x9a kqread sshd
15139 87819 1 0 3 0x100083 ttyin getty
75932 396478 1 0 3 0x88 kqread sshd
44179 112278 62412 73 3 0x1100090 kqread syslogd
62412 361728 1 0 3 0x100082 netio syslogd
56840 196698 1 0 3 0x100080 kqread resolvd
48 264114 69875 77 3 0x100092 kqread dhcpleased
36384 215297 69875 77 3 0x100092 kqread dhcpleased
69875 56476 1 0 3 0x80 kqread dhcpleased
32431 147128 0 0 3 0x14200 bored smr
71558 278872 0 0 2 0x14200 zerothread
89119 447312 0 0 3 0x14200 aiodoned aiodoned
95167 309454 0 0 3 0x14200 syncer update
45637 411505 0 0 3 0x14200 cleaner cleaner
66004 423111 0 0 3 0x14200 reaper reaper
99025 478654 0 0 3 0x14200 pgdaemon pagedaemon
41739 106994 0 0 3 0x14200 bored viomb
10293 14983 0 0 3 0x40014200 acpi0 acpi0
21113 95844 0 0 3 0x14200 bored softnet
35047 297849 0 0 3 0x14200 bored softnet
2512 267373 0 0 3 0x14200 bored softnet
26939 191328 0 0 3 0x14200 bored softnet
2327 98830 0 0 3 0x14200 bored systqmp
18800 90536 0 0 3 0x14200 bored systq
32169 305055 0 0 3 0x40014200 bored softclock
35004 196671 0 0 3 0x40014200 idle0
1 511152 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0
rtable 212 6K 6K 78643K 321 0
ifaddr 79 16K 16K 78643K 81 0
counters 27 17K 17K 78643K 27 0
ioctlops 0 0K 2K 78643K 41 0
iov 0 0K 12K 78643K 7 0
proc 55 58K 83K 78643K 429 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 2K 78643K 612 0
UVM amap 148 72K 72K 78643K 1951 0
UVM aobj 3 2K 2K 78643K 3 0
temp 53 4718K 4782K 78643K 3311 0
kqueue 12 18K 18K 78643K 25 0
rtentry 112 100 0 1 3 0 3 3 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 2 1 1 1 0 8 1
tcpcb 768 8 0 5 1 0 1 1 0 8 0
arp 88 16 0 0 1 0 1 1 0 8 0
inpcb 336 54 0 48 1 0 1 1 0 8 0
nd6 48 21 0 0 1 0 1 1 0 8 0
art_table 32 409 0 0 4 0 4 4 0 8 0
art_node 16 99 0 9 1 0 1 1 0 8 0
ffsino 240 1492 0 61 85 0 85 85 0 8 0
nchpl 144 1749 0 76 63 0 63 63 0 8 0
uvmvnodes 80 1502 0 0 31 0 31 31 0 8 0
vnodes 216 1502 0 0 84 0 84 84 0 8 0
namei 1024 5737 0 5734 3 1 2 2 0 8 1
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 5425 0 5425 10 9 1 8 0 8 1
plimitpl 152 24 0 9 1 0 1 1 0 8 0
sigapl 424 425 0 380 6 0 6 6 0 8 1
knotepl 120 5610 0 5530 4 1 3 3 0 8 0
kqueuepl 184 21 0 13 1 0 1 1 0 8 0
pipepl 288 131 0 103 4 1 3 3 0 8 1
fdescpl 432 409 0 380 4 0 4 4 0 8 0
filepl 120 1498 0 1362 5 0 5 5 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 25 0 9 1 0 1 1 0 8 0
pgrppl 48 25 0 9 1 0 1 1 0 8 0
ucredpl 104 65 0 54 1 0 1 1 0 8 0
zombiepl 144 380 0 380 2 1 1 1 0 8 1
processpl 1000 425 0 380 8 1 7 7 0 8 1
procpl 672 437 0 380 5 0 5 5 0 8 0
sockpl 456 122 0 100 4 0 4 4 0 8 1
mcl8k 8192 9 0 9 2 1 1 1 0 8 1
mcl4k 4096 5 0 5 2 1 1 1 0 8 1
mcl2k 2048 5386 0 5334 8 1 7 7 0 8 0
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 10290 0 10092 14 1 13 13 0 8 0
bufpl 288 3529 0 126 244 0 244 244 0 8 0
anonpl 24 50828 0 46758 43 3 40 40 0 188 14
amapchunkpl 152 4165 0 3846 16 1 15 15 0 158 1
amappl16 200 302 0 213 5 0 5 5 0 8 0
amappl15 192 9 0 7 1 0 1 1 0 8 0
amappl14 184 25 0 21 1 0 1 1 0 8 0
amappl13 176 78 0 74 1 0 1 1 0 8 0
amappl12 168 29 0 19 2 1 1 1 0 8 0
amappl11 160 92 0 74 1 0 1 1 0 8 0
amappl10 152 21 0 18 2 1 1 1 0 8 0
amappl9 144 500 0 487 2 1 1 1 0 8 0
amappl8 136 500 0 477 2 1 1 1 0 8 0
amappl7 128 111 0 100 1 0 1 1 0 8 0
amappl6 120 177 0 166 2 0 2 2 0 8 1
amappl5 112 87 0 76 1 0 1 1 0 8 0
amappl4 104 837 0 803 2 0 2 2 0 8 1
amappl3 96 562 0 519 2 0 2 2 0 8 0
amappl2 88 450 0 390 3 1 2 2 0 8 0
amappl1 80 12131 0 11474 24 3 21 21 0 8 7
amappl 88 1536 0 1440 3 0 3 3 0 92 0
uaddrrnd 24 409 0 380 1 0 1 1 0 8 0
vmmpekpl 168 9031 0 9008 2 0 2 2 0 8 0
vmmpepl 168 39489 0 37662 98 2 96 96 0 357 16
vmsppl 272 408 0 380 4 1 3 3 0 8 1
rwobjpl 24 12715 0 10234 18 0 18 18 0 8 1
pdppl 4096 824 0 760 96 26 70 70 0 8 6
pvpl 32 224887 0 216647 265 7 258 258 0 265 191
pmappl 216 408 0 380 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 586 0 35 16 0 16 16 0 8 0
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
ddb>
HEAD commit: 7dd170e2d888 merge unbound 1.16.3
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1115cc50880000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=b10779f9ce6ca094b752
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10e96640880000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b10779...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825a2ff5) at panic+0x161 sys/kern/subr_prf.c:198
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806825b970,ffff800021875470,ffff8000218754a0) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff3600, count: 6
end of kernel
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: bad dir
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825a2ff5) at panic+0x161 sys/kern/subr_prf.c:198
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: bad dir
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806825b970,ffff800021875470,ffff8000218754a0) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff3600, count: -9
end of kernel
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800021875030
rdi 0
rsi 0x1
rbx 0
rdx 0x3fd
rcx 0
rax 0xf
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5216294108b2b486
r11 0x83383589633c5ea3
r12 0
r13 0xfffffd8069c3ca50
r14 0
r15 0x1
rip 0xffffffff81eab2d8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021875020
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=500301 stat=onproc
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800021789268,0xffff8000217057c0
process=0xffff80002179cfc8 user=0xffff800021870000, vmspace=0xfffffd806c643cd0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
48295 437789 54761 0 2 0 syz-executor.1
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
94988 103109 34232 0 2 0x100000 sh
*25786 500301 13997 0 7 0 syz-executor.0
72044 424317 90148 0 2 0 syz-executor.2
34232 347500 44759 0 3 0x10008a sigsusp sh
76595 120178 91644 0 2 0 syz-executor.5
87252 331945 5370 0 3 0x80 dklk syz-executor.7
27298 341504 94200 0 3 0x80 dklk syz-executor.4
44759 143501 31098 0 3 0x82 wait syz-executor.6
5370 325122 31098 0 2 0x482 syz-executor.7
91644 465941 31098 0 2 0x482 syz-executor.5
94200 232367 31098 0 2 0x482 syz-executor.4
40805 306563 31098 0 2 0x2 syz-executor.3
90148 394457 31098 0 3 0x82 nanoslp syz-executor.2
54761 282866 31098 0 2 0x2 syz-executor.1
13997 337897 31098 0 3 0x82 nanoslp syz-executor.0
31098 160100 26373 0 3 0x82 thrsleep syz-execprog
31098 49191 26373 0 3 0x4000082 nanoslp syz-execprog
31098 198235 26373 0 3 0x4000082 wait syz-execprog
31098 438963 26373 0 3 0x4000082 wait syz-execprog
31098 263768 26373 0 3 0x4000082 thrsleep syz-execprog
31098 506339 26373 0 3 0x4000082 wait syz-execprog
31098 324095 26373 0 3 0x4000082 wait syz-execprog
31098 182237 26373 0 3 0x4000082 wait syz-execprog
31098 329991 26373 0 3 0x4000082 thrsleep syz-execprog
31098 226734 26373 0 3 0x4000082 wait syz-execprog
31098 368521 26373 0 3 0x4000082 wait syz-execprog
31098 16732 26373 0 3 0x4000082 wait syz-execprog
31098 142887 26373 0 3 0x4000082 kqread syz-execprog
26373 472903 41773 0 3 0x10008a sigsusp ksh
41773 409251 75932 0 3 0x9a kqread sshd
15139 87819 1 0 3 0x100083 ttyin getty
75932 396478 1 0 3 0x88 kqread sshd
44179 112278 62412 73 3 0x1100090 kqread syslogd
62412 361728 1 0 3 0x100082 netio syslogd
56840 196698 1 0 3 0x100080 kqread resolvd
48 264114 69875 77 3 0x100092 kqread dhcpleased
36384 215297 69875 77 3 0x100092 kqread dhcpleased
69875 56476 1 0 3 0x80 kqread dhcpleased
32431 147128 0 0 3 0x14200 bored smr
71558 278872 0 0 2 0x14200 zerothread
89119 447312 0 0 3 0x14200 aiodoned aiodoned
95167 309454 0 0 3 0x14200 syncer update
45637 411505 0 0 3 0x14200 cleaner cleaner
66004 423111 0 0 3 0x14200 reaper reaper
99025 478654 0 0 3 0x14200 pgdaemon pagedaemon
41739 106994 0 0 3 0x14200 bored viomb
10293 14983 0 0 3 0x40014200 acpi0 acpi0
21113 95844 0 0 3 0x14200 bored softnet
35047 297849 0 0 3 0x14200 bored softnet
2512 267373 0 0 3 0x14200 bored softnet
26939 191328 0 0 3 0x14200 bored softnet
2327 98830 0 0 3 0x14200 bored systqmp
18800 90536 0 0 3 0x14200 bored systq
32169 305055 0 0 3 0x40014200 bored softclock
35004 196671 0 0 3 0x40014200 idle0
1 511152 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10168 6401K 6413K 78643K 11258 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
pcb 13 8K 8K 78643K 13 0
rtable 212 6K 6K 78643K 321 0
ifaddr 79 16K 16K 78643K 81 0
counters 27 17K 17K 78643K 27 0
ioctlops 0 0K 2K 78643K 41 0
iov 0 0K 12K 78643K 7 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1167 73K 73K 78643K 1184 0
log 0 0K 0K 78643K 4 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 18 65K 77K 78643K 131 0
ACPI 1697 195K 286K 78643K 12548 0
proc 55 58K 83K 78643K 429 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 88 5K 5K 78643K 88 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 2K 78643K 612 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
UVM amap 148 72K 72K 78643K 1951 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 25 2K 2K 78643K 25 0
crypto data 1 1K 1K 78643K 1 0
temp 53 4718K 4782K 78643K 3311 0
kqueue 12 18K 18K 78643K 25 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 35 0 32 1 0 1 1 0 8 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtentry 112 100 0 1 3 0 3 3 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 2 1 1 1 0 8 1
tcpcb 768 8 0 5 1 0 1 1 0 8 0
arp 88 16 0 0 1 0 1 1 0 8 0
inpcb 336 54 0 48 1 0 1 1 0 8 0
nd6 48 21 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 408 0 0 26 0 26 26 0 8 0
art_table 32 409 0 0 4 0 4 4 0 8 0
art_node 16 99 0 9 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1492 0 61 90 0 90 90 0 8 0
ffsino 240 1492 0 61 85 0 85 85 0 8 0
nchpl 144 1749 0 76 63 0 63 63 0 8 0
uvmvnodes 80 1502 0 0 31 0 31 31 0 8 0
vnodes 216 1502 0 0 84 0 84 84 0 8 0
namei 1024 5737 0 5734 3 1 2 2 0 8 1
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 5425 0 5425 10 9 1 8 0 8 1
plimitpl 152 24 0 9 1 0 1 1 0 8 0
sigapl 424 425 0 380 6 0 6 6 0 8 1
knotepl 120 5610 0 5530 4 1 3 3 0 8 0
kqueuepl 184 21 0 13 1 0 1 1 0 8 0
pipepl 288 131 0 103 4 1 3 3 0 8 1
fdescpl 432 409 0 380 4 0 4 4 0 8 0
filepl 120 1498 0 1362 5 0 5 5 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 25 0 9 1 0 1 1 0 8 0
pgrppl 48 25 0 9 1 0 1 1 0 8 0
ucredpl 104 65 0 54 1 0 1 1 0 8 0
zombiepl 144 380 0 380 2 1 1 1 0 8 1
processpl 1000 425 0 380 8 1 7 7 0 8 1
procpl 672 437 0 380 5 0 5 5 0 8 0
sockpl 456 122 0 100 4 0 4 4 0 8 1
mcl8k 8192 9 0 9 2 1 1 1 0 8 1
mcl4k 4096 5 0 5 2 1 1 1 0 8 1
mcl2k 2048 5386 0 5334 8 1 7 7 0 8 0
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 10290 0 10092 14 1 13 13 0 8 0
bufpl 288 3529 0 126 244 0 244 244 0 8 0
anonpl 24 50828 0 46758 43 3 40 40 0 188 14
amapchunkpl 152 4165 0 3846 16 1 15 15 0 158 1
amappl16 200 302 0 213 5 0 5 5 0 8 0
amappl15 192 9 0 7 1 0 1 1 0 8 0
amappl14 184 25 0 21 1 0 1 1 0 8 0
amappl13 176 78 0 74 1 0 1 1 0 8 0
amappl12 168 29 0 19 2 1 1 1 0 8 0
amappl11 160 92 0 74 1 0 1 1 0 8 0
amappl10 152 21 0 18 2 1 1 1 0 8 0
amappl9 144 500 0 487 2 1 1 1 0 8 0
amappl8 136 500 0 477 2 1 1 1 0 8 0
amappl7 128 111 0 100 1 0 1 1 0 8 0
amappl6 120 177 0 166 2 0 2 2 0 8 1
amappl5 112 87 0 76 1 0 1 1 0 8 0
amappl4 104 837 0 803 2 0 2 2 0 8 1
amappl3 96 562 0 519 2 0 2 2 0 8 0
amappl2 88 450 0 390 3 1 2 2 0 8 0
amappl1 80 12131 0 11474 24 3 21 21 0 8 7
amappl 88 1536 0 1440 3 0 3 3 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 409 0 380 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 409 0 380 1 0 1 1 0 8 0
vmmpekpl 168 9031 0 9008 2 0 2 2 0 8 0
vmmpepl 168 39489 0 37662 98 2 96 96 0 357 16
vmsppl 272 408 0 380 4 1 3 3 0 8 1
rwobjpl 24 12715 0 10234 18 0 18 18 0 8 1
pdppl 4096 824 0 760 96 26 70 70 0 8 6
pvpl 32 224887 0 216647 265 7 258 258 0 265 191
pmappl 216 408 0 380 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 586 0 35 16 0 16 16 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825a2ff5) at panic+0x161 sys/kern/subr_prf.c:198
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806825b970,ffff800021875470,ffff8000218754a0) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff3600, count: -9
end of kernel
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825a2ff5) at panic+0x161 sys/kern/subr_prf.c:198
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
ufs_lookup() at ufs_lookup+0x1749 ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806825b970,ffff800021875470,ffff8000218754a0) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
ufs_lookup() at ufs_lookup+0x1749 sys/ufs/ufs/ufs_lookup.c:444
vfs_lookup(ffff800021875440) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff800021875440) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff800021789a48,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff800021875640) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff3600, count: -9
end of kernel
ddb>
syzbot
Oct 8, 2022, 10:44:35 AM10/8/22
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 5cb1d9dce18f Fix some error output, replacing some silly '..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15c73a34880000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=b10779f9ce6ca094b752
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13f0f51c880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15ae052a880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f0a3428fe6c0/disk-5cb1d9dc.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/03f728a726dd/bsd-5cb1d9dc.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fdd9b36eb2e0/kernel-5cb1d9dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b10779...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*462243 81009 0 0 0 0K syz-executor1831808981
141565 22777 0 0 0 1 syz-executor1831808981
ufs_lookup() at ufs_lookup+0x174c ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x174c sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806c6a9e68,ffff8000213061f0,ffff800021306220) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000213061c0) at vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
namei(ffff8000213061c0) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff8000ffff5cf0,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff8000213063c0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213063c0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: bad dir
ddb{0}> trace
ufs_lookup() at ufs_lookup+0x174c ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x174c sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806c6a9e68,ffff8000213061f0,ffff800021306220) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000213061c0) at vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
namei(ffff8000213061c0) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff8000ffff5cf0,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff8000213063c0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213063c0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800021305da0
rbx 0xffffffff829e2b8f cpu_info_full_primary+0x2b8f
r9 0x8080808080808080
r10 0x64bf8e866db68894
r11 0x3a0bdd498322f300
r12 0xffffffff829e2990 cpu_info_full_primary+0x2990
r13 0
r14 0
r15 0x1
rip 0xffffffff81768868 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021305d90
PROC (syz-executor1831808981) pid=462243 stat=onproc
process=0xffff8000ffff14e0 user=0xffff800021301000, vmspace=0xfffffd806c668d00
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
24794 94493 11916 0 3 0x80 dklk syz-executor1831808981
57199 77948 58981 0 2 0 syz-executor1831808981
51232 305471 93069 0 3 0x80 dklk syz-executor1831808981
86609 164015 11079 0 2 0 syz-executor1831808981
22777 141565 58601 0 7 0 syz-executor1831808981
94353 415273 5637 0 3 0x80 dklk syz-executor1831808981
83765 434663 60671 0 3 0x80 dklk syz-executor1831808981
93069 282367 98959 0 3 0x80 nanoslp syz-executor1831808981
11079 228824 98959 0 3 0x80 nanoslp syz-executor1831808981
89348 514967 98959 0 3 0x80 nanoslp syz-executor1831808981
58601 87797 98959 0 3 0x80 nanoslp syz-executor1831808981
58981 219417 98959 0 3 0x80 nanoslp syz-executor1831808981
60671 380644 98959 0 3 0x80 nanoslp syz-executor1831808981
11916 31129 98959 0 3 0x80 nanoslp syz-executor1831808981
5637 147876 98959 0 3 0x80 nanoslp syz-executor1831808981
98959 69854 36429 0 3 0x82 nanoslp syz-executor1831808981
36429 464878 22465 0 3 0x10008a sigsusp ksh
22465 4300 12425 0 3 0x9a kqread sshd
11264 38183 1 0 3 0x100083 ttyin getty
12425 24830 1 0 3 0x88 kqread sshd
65885 513033 4174 74 3 0x1100092 bpf pflogd
4174 90547 1 0 3 0x80 netio pflogd
95443 329947 92057 73 3 0x1100090 kqread syslogd
92057 266929 1 0 3 0x100082 netio syslogd
71450 12902 1 0 3 0x100080 kqread resolvd
75458 256065 28794 77 3 0x100092 kqread dhcpleased
80871 170608 28794 77 3 0x100092 kqread dhcpleased
28794 117797 1 0 3 0x80 kqread dhcpleased
59747 522978 0 0 3 0x14200 bored smr
33467 9374 0 0 2 0x14200 zerothread
36374 98796 0 0 3 0x14200 aiodoned aiodoned
81469 18624 0 0 3 0x14200 syncer update
1695 27765 0 0 3 0x14200 cleaner cleaner
32878 390846 0 0 3 0x14200 reaper reaper
17137 129859 0 0 3 0x14200 pgdaemon pagedaemon
21241 475480 0 0 3 0x14200 bored viomb
20110 437271 0 0 3 0x40014200 acpi0 acpi0
13427 57522 0 0 3 0x40014200 idle1
60802 144933 0 0 3 0x14200 bored softnet
40779 432065 0 0 3 0x14200 bored softnet
81360 518498 0 0 3 0x14200 bored softnet
15842 154734 0 0 3 0x14200 bored softnet
56058 192771 0 0 3 0x14200 bored systqmp
41438 349950 0 0 2 0x14200 systq
20766 402798 0 0 3 0x40014200 bored softclock
34430 484235 0 0 3 0x40014200 idle0
1 506500 0 0 3 0x82 wait init
Process 81009 (syz-executor1831808981) thread 0xffff8000ffff5cf0 (462243)
exclusive rrwlock inode r = 0 (0xfffffd806c68ae68)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82bad6e8)
#0 witness_lock+0x44d
#1 syscall+0x41d mi_syscall sys/sys/syscall_mi.h:100 [inline]
#1 syscall+0x41d sys/arch/amd64/amd64/trap.c:585
#2 Xsyscall+0x128
Process 57199 (syz-executor1831808981) thread 0xffff8000212b0a88 (77948)
exclusive rrwlock inode r = 0 (0xfffffd806c68a918)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_makeinode+0xae sys/ufs/ufs/ufs_vnops.c:1818
#8 ufs_mknod+0x4e sys/ufs/ufs/ufs_vnops.c:171
#9 VOP_MKNOD+0xbf sys/kern/vfs_vops.c:121
#10 domknodat+0x326 sys/kern/vfs_syscalls.c:1628
#11 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#11 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806c68a808)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 86609 (syz-executor1831808981) thread 0xffff8000212b0008 (164015)
exclusive rrwlock inode r = 0 (0xfffffd806c68a6f8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_makeinode+0xae sys/ufs/ufs/ufs_vnops.c:1818
#8 ufs_mknod+0x4e sys/ufs/ufs/ufs_vnops.c:171
#9 VOP_MKNOD+0xbf sys/kern/vfs_vops.c:121
#10 domknodat+0x326 sys/kern/vfs_syscalls.c:1628
#11 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#11 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806c68a1a8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 22777 (syz-executor1831808981) thread 0xffff8000212b02a8 (141565)
exclusive rrwlock inode r = 0 (0xfffffd806c68a5e8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 41438 (systq) thread 0xffff8000211e87e0 (349950)
exclusive rwlock dklk r = 0 (0xffff8000006b6068)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 vndopen+0x8d sys/dev/vnd.c:186
#3 spec_open+0x3df sys/kern/spec_vnops.c:150
#4 VOP_OPEN+0x75 sys/kern/vfs_vops.c:138
#5 disk_readlabel+0xc5 sys/kern/subr_disk.c:1719
#6 disk_attach_callback+0x7c sys/kern/subr_disk.c:1127
#7 taskq_thread+0xe5 sys/kern/kern_task.c:449
#8 proc_trampoline+0x1c
shared rwlock systq r = 0 (0xffffffff829a1020)
#0 witness_lock+0x44d
#1 taskq_thread+0xca sys/kern/kern_task.c:445
#2 proc_trampoline+0x1c
ddb{0}> show malloc
ifaddr 30 8K 8K 78643K 33 0
counters 40 33K 33K 78643K 40 0
ioctlops 0 0K 4K 78643K 1479 0
sem 2 0K 0K 78643K 2 0
proc 67 91K 91K 78643K 282 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 2K 78643K 430 0
UVM aobj 3 2K 2K 78643K 3 0
temp 25 4725K 4789K 78643K 2774 0
kqueue 11 16K 18K 78643K 24 0
rtpcb 120 17 0 14 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 35 0 20 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 368 32 0 26 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 9 0 2 1 0 1 1 0 8 0
pfstkey 120 9 0 2 1 0 1 1 0 8 0
pfstate 336 9 0 2 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
ffsino 272 1452 0 45 94 0 94 94 0 8 0
nchpl 144 1644 0 54 59 0 59 59 0 8 0
uvmvnodes 80 1463 0 0 30 0 30 30 0 8 0
vnodes 216 1463 0 0 82 0 82 82 0 8 0
namei 1024 4492 0 4489 3 1 2 2 0 8 1
percpumem 16 32 0 0 1 0 1 1 0 8 0
kstatmem 264 8 0 0 1 0 1 1 0 8 0
scxspl 216 4607 0 4607 10 7 3 8 0 8 3
plimitpl 152 24 0 9 1 0 1 1 0 8 0
sigapl 424 340 0 292 7 1 6 6 0 8 0
knotepl 120 43 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 320 86 0 83 2 1 1 1 0 8 0
fdescpl 496 323 0 292 4 0 4 4 0 8 0
filepl 152 1229 0 1167 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 26 0 9 1 0 1 1 0 8 0
pgrppl 48 26 0 9 1 0 1 1 0 8 0
ucredpl 104 70 0 57 1 0 1 1 0 8 0
zombiepl 144 292 0 292 2 1 1 1 0 8 1
processpl 1064 340 0 292 4 0 4 4 0 8 0
procpl 672 340 0 292 6 1 5 5 0 8 0
sockpl 488 84 0 60 5 1 4 4 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 74 0 0 9 0 9 9 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 133 0 0 8 0 8 8 0 8 0
bufpl 288 2440 0 86 169 0 169 169 0 8 0
anonpl 24 43829 0 40929 21 3 18 18 0 186 0
amapchunkpl 152 2888 0 2739 8 2 6 6 0 158 0
amappl16 200 40 0 31 2 1 1 1 0 8 0
amappl15 192 74 0 66 1 0 1 1 0 8 0
amappl13 176 34 0 33 2 1 1 1 0 8 0
amappl12 168 3 0 3 2 1 1 1 0 8 1
amappl11 160 45 0 31 1 0 1 1 0 8 0
amappl9 144 936 0 936 3 2 1 1 0 8 1
amappl8 136 382 0 377 1 0 1 1 0 8 0
amappl7 128 69 0 61 1 0 1 1 0 8 0
amappl6 120 137 0 105 1 0 1 1 0 8 0
amappl5 112 88 0 78 1 0 1 1 0 8 0
amappl4 104 632 0 609 1 0 1 1 0 8 0
amappl3 96 454 0 418 1 0 1 1 0 8 0
amappl2 88 349 0 301 3 1 2 2 0 8 0
amappl1 80 9907 0 9268 16 2 14 14 0 8 0
amappl 88 1293 0 1221 3 1 2 2 0 92 0
uaddrrnd 24 324 0 293 1 0 1 1 0 8 0
vmmpekpl 168 7043 0 7027 1 0 1 1 0 8 0
vmmpepl 168 29064 0 27573 70 5 65 65 0 357 0
vmsppl 368 323 0 293 3 0 3 3 0 8 0
rwobjpl 56 10556 0 8302 32 0 32 32 0 8 0
pdppl 4096 655 0 586 89 20 69 69 0 8 0
pvpl 32 135972 0 129918 56 7 49 49 0 265 0
pmappl 248 323 0 293 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 482 0 24 14 0 14 14 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
ufs_lookup() at ufs_lookup+0x174c ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x174c sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806c6a9e68,ffff8000213061f0,ffff800021306220) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000213061c0) at vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
namei(ffff8000213061c0) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff8000ffff5cf0,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff8000213063c0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213063c0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82bad4e0,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3bb sys/kern/sched_bsd.c:415
sleep_finish(ffff800021317bc0,1) at sleep_finish+0x180 sys/kern/kern_synch.c:417
tsleep(fffffd806d440008,11,ffffffff82672c46,0) at tsleep+0x12c sys/kern/kern_synch.c:155
getblk(fffffd807efb41b0,1fa7a0,4000,0,ffffffffffffffff) at getblk+0x13c sys/kern/vfs_bio.c:1028
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a bio_doread sys/kern/vfs_bio.c:433 [inline]
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a sys/kern/vfs_bio.c:478
ffs_update(fffffd806c68aaa0,0) at ffs_update+0x14b sys/ufs/ffs/ffs_inode.c:91
ufs_reclaim(fffffd806c567b10) at ufs_reclaim+0xb9 sys/ufs/ufs/ufs_inode.c:152
ffs_reclaim(ffff800021317f68) at ffs_reclaim+0x36 sys/ufs/ffs/ffs_vnops.c:533
VOP_RECLAIM(fffffd806c567b10,ffff8000212b02a8) at VOP_RECLAIM+0x61 sys/kern/vfs_vops.c:503
end trace frame: 0xffff800021318000, count: 0
ddb{1}> trace
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82bad4e0,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3bb sys/kern/sched_bsd.c:415
sleep_finish(ffff800021317bc0,1) at sleep_finish+0x180 sys/kern/kern_synch.c:417
tsleep(fffffd806d440008,11,ffffffff82672c46,0) at tsleep+0x12c sys/kern/kern_synch.c:155
getblk(fffffd807efb41b0,1fa7a0,4000,0,ffffffffffffffff) at getblk+0x13c sys/kern/vfs_bio.c:1028
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a bio_doread sys/kern/vfs_bio.c:433 [inline]
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a sys/kern/vfs_bio.c:478
ffs_update(fffffd806c68aaa0,0) at ffs_update+0x14b sys/ufs/ffs/ffs_inode.c:91
ufs_reclaim(fffffd806c567b10) at ufs_reclaim+0xb9 sys/ufs/ufs/ufs_inode.c:152
ffs_reclaim(ffff800021317f68) at ffs_reclaim+0x36 sys/ufs/ffs/ffs_vnops.c:533
VOP_RECLAIM(fffffd806c567b10,ffff8000212b02a8) at VOP_RECLAIM+0x61 sys/kern/vfs_vops.c:503
vclean(fffffd806c567b10,8,ffff8000212b02a8) at vclean+0x220 sys/kern/vfs_subr.c:1085
vgonel(fffffd806c567b10,ffff8000212b02a8) at vgonel+0x79 sys/kern/vfs_subr.c:1175
ufs_mknod(ffff8000213180c0) at ufs_mknod+0x11b sys/ufs/ufs/ufs_vnops.c:192
VOP_MKNOD(fffffd806c6a9298,ffff800021318220,ffff800021318250,ffff800021318150) at VOP_MKNOD+0xbf sys/kern/vfs_vops.c:121
domknodat(ffff8000212b02a8,ffffff9c,20000000,80002005,2d94) at domknodat+0x326 sys/kern/vfs_syscalls.c:1628
syscall(ffff8000213183f0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213183f0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
ddb{1}>
HEAD commit: 5cb1d9dce18f Fix some error output, replacing some silly '..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15c73a34880000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=b10779f9ce6ca094b752
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13f0f51c880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15ae052a880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f0a3428fe6c0/disk-5cb1d9dc.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/03f728a726dd/bsd-5cb1d9dc.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fdd9b36eb2e0/kernel-5cb1d9dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b10779...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
141565 22777 0 0 0 1 syz-executor1831808981
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825e34ee) at panic+0x177 sys/kern/subr_prf.c:198
ufs_lookup() at ufs_lookup+0x174c ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x174c sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806c6a9e68,ffff8000213061f0,ffff800021306220) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000213061c0) at vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
namei(ffff8000213061c0) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff8000ffff5cf0,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff8000213063c0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213063c0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffde640, count: 6
end of kernel
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: bad dir
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825e34ee) at panic+0x177 sys/kern/subr_prf.c:198
ufs_lookup() at ufs_lookup+0x174c ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x174c sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806c6a9e68,ffff8000213061f0,ffff800021306220) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000213061c0) at vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
namei(ffff8000213061c0) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff8000ffff5cf0,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff8000213063c0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213063c0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffde640, count: -9
end of kernel
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800021305da0
rbx 0xffffffff829e2b8f cpu_info_full_primary+0x2b8f
rdx 0x3fd
rcx 0
rax 0xf
r8 0x101010101010101
rcx 0
rax 0xf
r9 0x8080808080808080
r10 0x64bf8e866db68894
r11 0x3a0bdd498322f300
r12 0xffffffff829e2990 cpu_info_full_primary+0x2990
r13 0
r14 0
r15 0x1
rip 0xffffffff81768868 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021305d90
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
db_enter+0x18: addq $0x8,%rsp
PROC (syz-executor1831808981) pid=462243 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000212b1268,0xffffffff82a5e258
pri=50, usrpri=50, nice=20
process=0xffff8000ffff14e0 user=0xffff800021301000, vmspace=0xfffffd806c668d00
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*81009 462243 89348 0 7 0 syz-executor1831808981
24794 94493 11916 0 3 0x80 dklk syz-executor1831808981
57199 77948 58981 0 2 0 syz-executor1831808981
51232 305471 93069 0 3 0x80 dklk syz-executor1831808981
86609 164015 11079 0 2 0 syz-executor1831808981
22777 141565 58601 0 7 0 syz-executor1831808981
94353 415273 5637 0 3 0x80 dklk syz-executor1831808981
83765 434663 60671 0 3 0x80 dklk syz-executor1831808981
93069 282367 98959 0 3 0x80 nanoslp syz-executor1831808981
11079 228824 98959 0 3 0x80 nanoslp syz-executor1831808981
89348 514967 98959 0 3 0x80 nanoslp syz-executor1831808981
58601 87797 98959 0 3 0x80 nanoslp syz-executor1831808981
58981 219417 98959 0 3 0x80 nanoslp syz-executor1831808981
60671 380644 98959 0 3 0x80 nanoslp syz-executor1831808981
11916 31129 98959 0 3 0x80 nanoslp syz-executor1831808981
5637 147876 98959 0 3 0x80 nanoslp syz-executor1831808981
98959 69854 36429 0 3 0x82 nanoslp syz-executor1831808981
36429 464878 22465 0 3 0x10008a sigsusp ksh
22465 4300 12425 0 3 0x9a kqread sshd
11264 38183 1 0 3 0x100083 ttyin getty
12425 24830 1 0 3 0x88 kqread sshd
65885 513033 4174 74 3 0x1100092 bpf pflogd
4174 90547 1 0 3 0x80 netio pflogd
95443 329947 92057 73 3 0x1100090 kqread syslogd
92057 266929 1 0 3 0x100082 netio syslogd
71450 12902 1 0 3 0x100080 kqread resolvd
75458 256065 28794 77 3 0x100092 kqread dhcpleased
80871 170608 28794 77 3 0x100092 kqread dhcpleased
28794 117797 1 0 3 0x80 kqread dhcpleased
59747 522978 0 0 3 0x14200 bored smr
33467 9374 0 0 2 0x14200 zerothread
36374 98796 0 0 3 0x14200 aiodoned aiodoned
81469 18624 0 0 3 0x14200 syncer update
1695 27765 0 0 3 0x14200 cleaner cleaner
32878 390846 0 0 3 0x14200 reaper reaper
17137 129859 0 0 3 0x14200 pgdaemon pagedaemon
21241 475480 0 0 3 0x14200 bored viomb
20110 437271 0 0 3 0x40014200 acpi0 acpi0
13427 57522 0 0 3 0x40014200 idle1
60802 144933 0 0 3 0x14200 bored softnet
40779 432065 0 0 3 0x14200 bored softnet
81360 518498 0 0 3 0x14200 bored softnet
15842 154734 0 0 3 0x14200 bored softnet
56058 192771 0 0 3 0x14200 bored systqmp
41438 349950 0 0 2 0x14200 systq
20766 402798 0 0 3 0x40014200 bored softclock
34430 484235 0 0 3 0x40014200 idle0
1 506500 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 81009 (syz-executor1831808981) thread 0xffff8000ffff5cf0 (462243)
exclusive rrwlock inode r = 0 (0xfffffd806c68ae68)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82bad6e8)
#0 witness_lock+0x44d
#1 syscall+0x41d mi_syscall sys/sys/syscall_mi.h:100 [inline]
#1 syscall+0x41d sys/arch/amd64/amd64/trap.c:585
#2 Xsyscall+0x128
Process 57199 (syz-executor1831808981) thread 0xffff8000212b0a88 (77948)
exclusive rrwlock inode r = 0 (0xfffffd806c68a918)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_makeinode+0xae sys/ufs/ufs/ufs_vnops.c:1818
#8 ufs_mknod+0x4e sys/ufs/ufs/ufs_vnops.c:171
#9 VOP_MKNOD+0xbf sys/kern/vfs_vops.c:121
#10 domknodat+0x326 sys/kern/vfs_syscalls.c:1628
#11 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#11 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806c68a808)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 86609 (syz-executor1831808981) thread 0xffff8000212b0008 (164015)
exclusive rrwlock inode r = 0 (0xfffffd806c68a6f8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_makeinode+0xae sys/ufs/ufs/ufs_vnops.c:1818
#8 ufs_mknod+0x4e sys/ufs/ufs/ufs_vnops.c:171
#9 VOP_MKNOD+0xbf sys/kern/vfs_vops.c:121
#10 domknodat+0x326 sys/kern/vfs_syscalls.c:1628
#11 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#11 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806c68a1a8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 22777 (syz-executor1831808981) thread 0xffff8000212b02a8 (141565)
exclusive rrwlock inode r = 0 (0xfffffd806c68a5e8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domknodat+0x92 sys/kern/vfs_syscalls.c:1580
#8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 41438 (systq) thread 0xffff8000211e87e0 (349950)
exclusive rwlock dklk r = 0 (0xffff8000006b6068)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 vndopen+0x8d sys/dev/vnd.c:186
#3 spec_open+0x3df sys/kern/spec_vnops.c:150
#4 VOP_OPEN+0x75 sys/kern/vfs_vops.c:138
#5 disk_readlabel+0xc5 sys/kern/subr_disk.c:1719
#6 disk_attach_callback+0x7c sys/kern/subr_disk.c:1127
#7 taskq_thread+0xe5 sys/kern/kern_task.c:449
#8 proc_trampoline+0x1c
shared rwlock systq r = 0 (0xffffffff829a1020)
#0 witness_lock+0x44d
#1 taskq_thread+0xca sys/kern/kern_task.c:445
#2 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10165 6456K 6457K 78643K 11255 0
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 107 0
ifaddr 30 8K 8K 78643K 33 0
counters 40 33K 33K 78643K 40 0
ioctlops 0 0K 4K 78643K 1479 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1169 73K 73K 78643K 1183 0
log 0 0K 0K 78643K 4 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 1 0K 0K 78643K 1 0
ACPI 1697 195K 286K 78643K 12548 0
proc 67 91K 91K 78643K 282 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 2K 78643K 430 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 111 69K 69K 78643K 1599 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 4 0K 0K 78643K 4 0
crypto data 1 1K 1K 78643K 1 0
temp 25 4725K 4789K 78643K 2774 0
kqueue 11 16K 18K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 17 0 14 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 35 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 2 1 1 1 0 8 1
tcpcb 768 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 368 32 0 26 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 9 0 2 1 0 1 1 0 8 0
pfstkey 120 9 0 2 1 0 1 1 0 8 0
pfstate 336 9 0 2 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1451 0 45 88 0 88 88 0 8 0
ffsino 272 1452 0 45 94 0 94 94 0 8 0
nchpl 144 1644 0 54 59 0 59 59 0 8 0
uvmvnodes 80 1463 0 0 30 0 30 30 0 8 0
vnodes 216 1463 0 0 82 0 82 82 0 8 0
namei 1024 4492 0 4489 3 1 2 2 0 8 1
percpumem 16 32 0 0 1 0 1 1 0 8 0
kstatmem 264 8 0 0 1 0 1 1 0 8 0
scxspl 216 4607 0 4607 10 7 3 8 0 8 3
plimitpl 152 24 0 9 1 0 1 1 0 8 0
sigapl 424 340 0 292 7 1 6 6 0 8 0
knotepl 120 43 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 320 86 0 83 2 1 1 1 0 8 0
fdescpl 496 323 0 292 4 0 4 4 0 8 0
filepl 152 1229 0 1167 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 26 0 9 1 0 1 1 0 8 0
pgrppl 48 26 0 9 1 0 1 1 0 8 0
ucredpl 104 70 0 57 1 0 1 1 0 8 0
zombiepl 144 292 0 292 2 1 1 1 0 8 1
processpl 1064 340 0 292 4 0 4 4 0 8 0
procpl 672 340 0 292 6 1 5 5 0 8 0
sockpl 488 84 0 60 5 1 4 4 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 74 0 0 9 0 9 9 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 133 0 0 8 0 8 8 0 8 0
bufpl 288 2440 0 86 169 0 169 169 0 8 0
anonpl 24 43829 0 40929 21 3 18 18 0 186 0
amapchunkpl 152 2888 0 2739 8 2 6 6 0 158 0
amappl16 200 40 0 31 2 1 1 1 0 8 0
amappl15 192 74 0 66 1 0 1 1 0 8 0
amappl13 176 34 0 33 2 1 1 1 0 8 0
amappl12 168 3 0 3 2 1 1 1 0 8 1
amappl11 160 45 0 31 1 0 1 1 0 8 0
amappl9 144 936 0 936 3 2 1 1 0 8 1
amappl8 136 382 0 377 1 0 1 1 0 8 0
amappl7 128 69 0 61 1 0 1 1 0 8 0
amappl6 120 137 0 105 1 0 1 1 0 8 0
amappl5 112 88 0 78 1 0 1 1 0 8 0
amappl4 104 632 0 609 1 0 1 1 0 8 0
amappl3 96 454 0 418 1 0 1 1 0 8 0
amappl2 88 349 0 301 3 1 2 2 0 8 0
amappl1 80 9907 0 9268 16 2 14 14 0 8 0
amappl 88 1293 0 1221 3 1 2 2 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 324 0 293 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 324 0 293 1 0 1 1 0 8 0
vmmpekpl 168 7043 0 7027 1 0 1 1 0 8 0
vmmpepl 168 29064 0 27573 70 5 65 65 0 357 0
vmsppl 368 323 0 293 3 0 3 3 0 8 0
rwobjpl 56 10556 0 8302 32 0 32 32 0 8 0
pdppl 4096 655 0 586 89 20 69 69 0 8 0
pvpl 32 135972 0 129918 56 7 49 49 0 265 0
pmappl 248 323 0 293 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 482 0 24 14 0 14 14 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825e34ee) at panic+0x177 sys/kern/subr_prf.c:198
ufs_lookup() at ufs_lookup+0x174c ufs_dirbad sys/ufs/ufs/ufs_lookup.c:609 [inline]
ufs_lookup() at ufs_lookup+0x174c sys/ufs/ufs/ufs_lookup.c:444
VOP_LOOKUP(fffffd806c6a9e68,ffff8000213061f0,ffff800021306220) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000213061c0) at vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
namei(ffff8000213061c0) at namei+0x36a sys/kern/vfs_lookup.c:244
domknodat(ffff8000ffff5cf0,ffffff9c,20000000,80002005,2d94) at domknodat+0x92 sys/kern/vfs_syscalls.c:1580
syscall(ffff8000213063c0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213063c0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffde640, count: -9
end of kernel
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82bad4e0,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3bb sys/kern/sched_bsd.c:415
sleep_finish(ffff800021317bc0,1) at sleep_finish+0x180 sys/kern/kern_synch.c:417
tsleep(fffffd806d440008,11,ffffffff82672c46,0) at tsleep+0x12c sys/kern/kern_synch.c:155
getblk(fffffd807efb41b0,1fa7a0,4000,0,ffffffffffffffff) at getblk+0x13c sys/kern/vfs_bio.c:1028
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a bio_doread sys/kern/vfs_bio.c:433 [inline]
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a sys/kern/vfs_bio.c:478
ffs_update(fffffd806c68aaa0,0) at ffs_update+0x14b sys/ufs/ffs/ffs_inode.c:91
ufs_reclaim(fffffd806c567b10) at ufs_reclaim+0xb9 sys/ufs/ufs/ufs_inode.c:152
ffs_reclaim(ffff800021317f68) at ffs_reclaim+0x36 sys/ufs/ffs/ffs_vnops.c:533
VOP_RECLAIM(fffffd806c567b10,ffff8000212b02a8) at VOP_RECLAIM+0x61 sys/kern/vfs_vops.c:503
end trace frame: 0xffff800021318000, count: 0
ddb{1}> trace
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bad4e0) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82bad4e0,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3bb sys/kern/sched_bsd.c:415
sleep_finish(ffff800021317bc0,1) at sleep_finish+0x180 sys/kern/kern_synch.c:417
tsleep(fffffd806d440008,11,ffffffff82672c46,0) at tsleep+0x12c sys/kern/kern_synch.c:155
getblk(fffffd807efb41b0,1fa7a0,4000,0,ffffffffffffffff) at getblk+0x13c sys/kern/vfs_bio.c:1028
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a bio_doread sys/kern/vfs_bio.c:433 [inline]
bread(fffffd807efb41b0,1fa7a0,4000,ffff800021317e68) at bread+0x3a sys/kern/vfs_bio.c:478
ffs_update(fffffd806c68aaa0,0) at ffs_update+0x14b sys/ufs/ffs/ffs_inode.c:91
ufs_reclaim(fffffd806c567b10) at ufs_reclaim+0xb9 sys/ufs/ufs/ufs_inode.c:152
ffs_reclaim(ffff800021317f68) at ffs_reclaim+0x36 sys/ufs/ffs/ffs_vnops.c:533
VOP_RECLAIM(fffffd806c567b10,ffff8000212b02a8) at VOP_RECLAIM+0x61 sys/kern/vfs_vops.c:503
vclean(fffffd806c567b10,8,ffff8000212b02a8) at vclean+0x220 sys/kern/vfs_subr.c:1085
vgonel(fffffd806c567b10,ffff8000212b02a8) at vgonel+0x79 sys/kern/vfs_subr.c:1175
ufs_mknod(ffff8000213180c0) at ufs_mknod+0x11b sys/ufs/ufs/ufs_vnops.c:192
VOP_MKNOD(fffffd806c6a9298,ffff800021318220,ffff800021318250,ffff800021318150) at VOP_MKNOD+0xbf sys/kern/vfs_vops.c:121
domknodat(ffff8000212b02a8,ffffff9c,20000000,80002005,2d94) at domknodat+0x326 sys/kern/vfs_syscalls.c:1628
syscall(ffff8000213183f0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000213183f0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffde640, count: -21
end of kernel
ddb{1}>
Reply all
Reply to author
Forward
0 new messages