panic: ufsdirhash_lookup: bad offset in hash array
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 43828 5688 0 0 0x4000000 0 syz-executor.6
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198
ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343
ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216
VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244
vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140
doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd71deb529b0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: ufsdirhash_lookup: bad offset in hash array
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198
ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343
ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216
VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244
vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140
doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd71deb529b0, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000217a8ce0
rbx 0
rdx 0xffff800000c35340
rcx 0
rax 0xffff800026642fc0
r8 0
r9 0x8080808080808080
r10 0xeb9cae81ed015f23
r11 0xf9450f070d0ced19
r12 0
r13 0xffff800000c2ed40
r14 0
r15 0x1
rip 0xffffffff81a514a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000217a8cd0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.6) pid=43828 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=83, nice=20
forw=0xffffffffffffffff, list=0xffff800026642000,0xffff8000266437b0
process=0xffff800021712bd0 user=0xffff8000217a4000, vmspace=0xfffffd80728bb110
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
42184 381841 56817 0 2 0 syz-executor.4
60601 242918 18421 0 2 0 syz-executor.7
16474 187994 15471 0 2 0 syz-executor.1
16474 436117 15471 0 3 0x4000080 fsleep syz-executor.1
16474 36620 15471 0 3 0x4000080 fsleep syz-executor.1
16474 486366 15471 0 3 0x4000080 fsleep syz-executor.1
5688 9178 77888 0 2 0 syz-executor.6
* 5688 43828 77888 0 7 0x4000000 syz-executor.6
5688 215702 77888 0 3 0x4000080 fsleep syz-executor.6
234 92701 30101 0 2 0 syz-executor.5
234 297236 30101 0 3 0x4000080 fsleep syz-executor.5
234 378243 30101 0 3 0x4000080 fsleep syz-executor.5
31054 435451 59422 0 2 0x2 syz-executor.2
30101 318236 59422 0 3 0x82 nanoslp syz-executor.5
13308 217578 59422 0 3 0x82 nanoslp syz-executor.3
11204 464181 0 0 3 0x14200 acct acct
26264 434301 59422 0 2 0x2 syz-executor.0
15471 254037 59422 0 3 0x82 nanoslp syz-executor.1
18421 192899 59422 0 3 0x82 nanoslp syz-executor.7
15794 466390 1 0 3 0x100083 ttyin getty
77888 31758 59422 0 3 0x82 nanoslp syz-executor.6
58118 417291 0 0 3 0x14200 bored sosplice
26414 459099 0 0 3 0x14280 nfsidl nfsio
29046 141383 0 0 3 0x14280 nfsidl nfsio
25796 113424 0 0 3 0x14280 nfsidl nfsio
30562 124471 0 0 3 0x14280 nfsidl nfsio
70554 331887 0 0 3 0x14280 nfsidl nfsio
25943 451365 0 0 3 0x14280 nfsidl nfsio
54504 267172 0 0 3 0x14280 nfsidl nfsio
31759 174117 0 0 3 0x14280 nfsidl nfsio
34891 472023 0 0 3 0x14280 nfsidl nfsio
54407 213108 0 0 3 0x14280 nfsidl nfsio
78875 135734 0 0 3 0x14280 nfsidl nfsio
91345 137098 0 0 3 0x14280 nfsidl nfsio
20631 123125 0 0 3 0x14280 nfsidl nfsio
59874 284677 0 0 3 0x14280 nfsidl nfsio
78627 320173 0 0 3 0x14280 nfsidl nfsio
34903 378178 0 0 3 0x14280 nfsidl nfsio
66051 358328 0 0 3 0x14280 nfsidl nfsio
25847 116421 0 0 3 0x14280 nfsidl nfsio
97085 283230 0 0 3 0x14280 nfsidl nfsio
53436 142812 0 0 3 0x14280 nfsidl nfsio
56817 403463 59422 0 3 0x82 nanoslp syz-executor.4
59422 55010 26539 0 3 0x82 wait syz-fuzzer
59422 161383 26539 0 3 0x4000082 nanoslp syz-fuzzer
59422 171030 26539 0 3 0x4000082 wait syz-fuzzer
59422 77411 26539 0 3 0x4000082 thrsleep syz-fuzzer
59422 11034 26539 0 3 0x4000082 wait syz-fuzzer
59422 251115 26539 0 3 0x4000082 wait syz-fuzzer
59422 105322 26539 0 3 0x4000082 thrsleep syz-fuzzer
59422 119806 26539 0 3 0x4000082 wait syz-fuzzer
59422 204539 26539 0 3 0x4000082 thrsleep syz-fuzzer
59422 38746 26539 0 3 0x4000082 kqread syz-fuzzer
59422 4479 26539 0 3 0x4000082 wait syz-fuzzer
59422 117386 26539 0 3 0x4000082 thrsleep syz-fuzzer
59422 406830 26539 0 3 0x4000082 wait syz-fuzzer
59422 382371 26539 0 3 0x4000082 wait syz-fuzzer
26539 408107 74663 0 3 0x10008a sigsusp ksh
74663 301710 18433 0 3 0x9a kqread sshd
18433 118276 1 0 3 0x88 kqread sshd
25121 189703 4196 73 3 0x1100090 kqread syslogd
4196 352057 1 0 3 0x100082 netio syslogd
1289 479693 1 0 3 0x100080 kqread resolvd
61560 258414 0 0 3 0x14200 bored smr
87008 33018 0 0 2 0x14200 zerothread
50893 504858 0 0 3 0x14200 aiodoned aiodoned
94536 298213 0 0 3 0x14200 syncer update
49412 460325 0 0 3 0x14200 cleaner cleaner
13458 342629 0 0 3 0x14200 reaper reaper
92653 7818 0 0 3 0x14200 pgdaemon pagedaemon
34073 250643 0 0 3 0x14200 bored viomb
73152 88019 0 0 3 0x40014200 acpi0 acpi0
58583 193487 0 0 3 0x14200 bored softnet
50512 66125 0 0 3 0x14200 bored softnet
4342 293904 0 0 3 0x14200 bored softnet
40450 343236 0 0 3 0x14200 bored softnet
80021 404320 0 0 3 0x14200 bored systqmp
48884 259763 0 0 3 0x14200 bored systq
51539 499284 0 0 2 0x40014200 softclock
30760 159563 0 0 3 0x40014200 idle0
1 1862 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10208 6422K 6927K 78643K 13602 0
pcb 13 16K 18K 78643K 817 0
rtable 178 16K 18K 78643K 1642 0
ifaddr 115 25K 27K 78643K 861 0
sysctl 3 1K 1K 78643K 3 0
counters 25 17K 17K 78643K 353 0
ioctlops 0 0K 4K 78643K 1522 0
iov 0 0K 16K 78643K 1488 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1392 87K 88K 78643K 6577 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 65 0
VM map 2 0K 0K 78643K 2 0
sem 15 10K 20K 78643K 313 0
dirhash 75 13K 16K 78643K 5142 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 65K 78643K 11954 0
sigio 0 0K 0K 78643K 117 0
proc 56 51K 83K 78643K 2511 0
subproc 104 6K 6K 78643K 390 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1949 0
in_multi 57 3K 6K 78643K 1649 0
ether_multi 1 0K 0K 78643K 46 0
mrt 1 0K 0K 78643K 19 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 223 996K 996K 78643K 223 0
exec 0 0K 1K 78643K 1950 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 341 490K 502K 78643K 77181 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 217 0
NDP 13 0K 2K 78643K 222 0
temp 132 4694K 5718K 78643K 113729 0
kqueue 7 12K 26K 78643K 606 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 308 0 307 2 1 1 2 0 8 0
rtentry 112 469 0 402 4 1 3 4 0 8 0
unpcb 144 8711 0 8705 80 79 1 8 0 8 0
syncache 296 331 0 331 21 21 0 1 0 8 0
tcpqe 32 109 0 109 11 11 0 1 0 8 0
tcpcb 776 6386 0 6380 149 140 9 17 0 8 8
arp 88 65 0 53 1 0 1 1 0 8 0
ipq 40 14 0 14 6 6 0 1 0 8 0
ipqe 40 253 0 253 6 6 0 1 0 8 0
inpcb 336 12776 0 12770 136 127 9 15 0 8 8
nd6 48 101 0 85 1 0 1 1 0 8 0
pkpcb 40 79 0 79 4 4 0 1 0 8 0
kcovpl 48 30 0 22 1 0 1 1 0 8 0
mppekey 1024 13 0 13 4 4 0 1 0 8 0
ppxss 1160 222 0 222 13 13 0 1 0 8 0
pppxif 1608 176 0 176 10 10 0 1 0 8 0
pfstscr 40 173 0 169 1 0 1 1 0 8 0
pfosfp 40 9 0 7 1 0 1 1 0 8 0
pfosfpen 112 9 0 6 1 0 1 1 0 8 0
pfanchor 1280 990 887 478 47 4 43 43 0 8 0
pfqueue 264 3 0 3 1 1 0 1 0 8 0
pfstitem 24 34 0 30 1 0 1 1 0 8 0
pfstkey 120 180 0 178 1 0 1 1 0 8 0
pfstate 352 90 0 88 1 0 1 1 0 8 0
rttmr 136 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 5 0 4 5 4 1 2 0 8 0
art_heap4 256 2137 0 1867 41 20 21 29 0 8 0
art_table 32 2142 0 1871 4 0 4 4 0 8 0
art_node 16 468 0 411 1 0 1 1 0 8 0
sysvmsgpl 40 41 0 18 1 0 1 1 0 8 0
semapl 112 302 0 289 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 1727 0 1689 6 0 6 6 0 8 0
dino2pl 256 19855 0 18344 95 0 95 95 0 8 0
ffsino 240 19855 0 18344 90 0 90 90 0 8 0
nchpl 144 39009 0 38524 63 41 22 63 0 8 0
rtmask 32 5 0 5 2 2 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 146702 0 146699 4 2 2 2 0 8 1
vcpupl 2048 30 0 0 4 0 4 4 0 8 0
vmpool 536 41 0 11 3 1 2 2 0 8 0
kstatmem 264 308 0 282 3 0 3 3 0 8 0
scsiplug 72 3 0 3 1 1 0 1 0 8 0
scxspl 216 103072 0 103072 19 18 1 8 0 8 1
plimitpl 152 938 0 924 1 0 1 1 0 8 0
sigapl 424 12227 0 12165 8 0 8 8 0 8 0
futexpl 64 132723 0 132717 1 0 1 1 0 8 0
knotepl 120 121928 0 121863 32 27 5 10 0 8 0
kqueuepl 184 1421 0 1415 16 15 1 4 0 8 0
pipepl 288 2262 0 2233 60 55 5 11 0 8 2
fdescpl 432 12188 0 12165 4 0 4 4 0 8 0
filepl 120 95468 0 95242 127 114 13 17 0 8 5
lockfpl 104 3515 0 3514 9 8 1 2 0 8 0
lockfspl 48 744 0 743 1 0 1 1 0 8 0
sessionpl 144 46 0 31 1 0 1 1 0 8 0
pgrppl 48 63 0 48 1 0 1 1 0 8 0
ucredpl 104 6184 0 6177 1 0 1 1 0 8 0
zombiepl 144 12166 0 12165 2 1 1 1 0 8 0
processpl 1000 12227 0 12165 9 0 9 9 0 8 0
procpl 672 30136 0 30054 17 9 8 9 0 8 0
sosppl 168 246 0 246 15 14 1 1 0 8 1
sockpl 456 21885 0 21872 403 393 10 28 0 8 8
mcl64k 65536 460 0 460 16 15 1 1 0 8 1
mcl16k 16384 100 0 100 17 16 1 1 0 8 1
mcl12k 12288 516 0 516 17 16 1 1 0 8 1
mcl9k 9216 90 0 90 25 24 1 1 0 8 1
mcl8k 8192 708 0 708 12 11 1 1 0 8 1
mcl4k 4096 2204 0 2204 8 7 1 1 0 8 1
mcl2k2 2112 69 0 69 26 26 0 1 0 8 0
mcl2k 2048 93374 0 93328 55 47 8 31 0 8 1
mtagpl 96 109 0 109 4 4 0 3 0 8 0
mbufpl 256 275554 0 275455 343 327 16 159 0 8 0
bufpl 288 21931 0 15529 458 0 458 458 0 8 0
anonpl 24 2216416 0 2200441 200 89 111 126 0 188 4
amapchunkpl 152 240382 0 239711 94 65 29 42 0 158 0
amappl16 200 18943 0 18418 108 80 28 40 0 8 0
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 238 0 227 2 1 1 2 0 8 0
amappl13 176 11 0 10 1 0 1 1 0 8 0
amappl12 168 662 0 658 1 0 1 1 0 8 0
amappl11 160 41 0 37 1 0 1 1 0 8 0
amappl10 152 54 0 44 1 0 1 1 0 8 0
amappl9 144 997 0 995 1 0 1 1 0 8 0
amappl8 136 391 0 305 3 0 3 3 0 8 0
amappl7 128 68 0 51 1 0 1 1 0 8 0
amappl6 120 568 0 555 2 1 1 2 0 8 0
amappl5 112 191 0 186 1 0 1 1 0 8 0
amappl4 104 1004 0 981 2 1 1 2 0 8 0
amappl3 96 34376 0 34339 2 0 2 2 0 8 0
amappl2 88 12937 0 12888 3 1 2 3 0 8 0
amappl1 80 271520 0 270974 22 8 14 21 0 8 0
amappl 88 76530 0 76349 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 12229 0 12176 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 12229 0 12176 1 0 1 1 0 8 0
vmmpekpl 168 82442 0 82379 4 0 4 4 0 8 0
vmmpepl 168 1085364 0 1083106 234 119 115 133 0 357 0
vmsppl 272 12228 0 12176 4 0 4 4 0 8 0
rwobjpl 24 279503 0 271988 50 3 47 48 0 8 0
pdppl 4096 24464 0 24382 557 469 88 88 0 8 6
pvpl 32 4247332 0 4227079 360 170 190 232 0 265 15
pmappl 216 12228 0 12176 5 1 4 4 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1918 0 1106 29 5 24 27 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198
ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343
ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216
VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244
vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140
doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd71deb529b0, count: -11
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198
ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343
ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216
VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560
namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244
vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140
doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd71deb529b0, count: -11