panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *448809 80380 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828314bd) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80710fd4c0,ffffffff8280ada5,2,fffffd80710fd56c,ffff80002656bca8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd805aba8378,ffff80002656be48,ffff80002656bde8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805aba8378,ffff80002b40a5d0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002b40a5d0,ffff80002656c188,fffffd805aba8378) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff80002656c188) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff80002656c188,1,0) at vn_open+0x109 sys/kern/vfs_vnops.c:140 doopenat(ffff80002b40a5d0,3,200001c0,0,0,ffff80002656c360) at doopenat+0x26e sys/kern/vfs_syscalls.c:1127 syscall(ffff80002656c3e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xaeddcb545a0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828314bd) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80710fd4c0,ffffffff8280ada5,2,fffffd80710fd56c,ffff80002656bca8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd805aba8378,ffff80002656be48,ffff80002656bde8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805aba8378,ffff80002b40a5d0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002b40a5d0,ffff80002656c188,fffffd805aba8378) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff80002656c188) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff80002656c188,1,0) at vn_open+0x109 sys/kern/vfs_vnops.c:140 doopenat(ffff80002b40a5d0,3,200001c0,0,0,ffff80002656c360) at doopenat+0x26e sys/kern/vfs_syscalls.c:1127 syscall(ffff80002656c3e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xaeddcb545a0, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002656bad0 rbx 0 rdx 0 rcx 0 rax 0xffff80002b40a5d0 r8 0 r9 0x8080808080808080 r10 0xec10f555c53f5ab4 r11 0x58be126856ae1dcc r12 0 r13 0xffff800000d72fa0 r14 0 r15 0x1 rip 0xffffffff812e102c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002656bac0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) pid=448809 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002b40adf8,0xffff80002b40b630 process=0xffff800021682008 user=0xffff800026567000, vmspace=0xfffffd8069d2fe20 estcpu=36, cpticks=20, pctcpu=0.0 user=0, sys=20, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 45278 397544 95126 0 2 0 syz-executor.0 80257 468163 86812 0 2 0 syz-executor.1 80257 344525 86812 0 2 0x4000000 syz-executor.1 58681 362020 13005 0 2 0 syz-executor.6 58681 366713 13005 0 3 0x4000080 fsleep syz-executor.6 42420 380888 41720 0 2 0 syz-executor.5 42420 244328 41720 0 3 0x4000080 fsleep syz-executor.5 20317 304928 26419 0 2 0x10 syz-executor.3 20317 418284 26419 0 3 0x4000090 fsleep syz-executor.3 11505 295337 37411 0 2 0 syz-executor.4 11505 130340 37411 0 3 0x4000080 netcon syz-executor.4 80380 360894 9880 0 2 0 syz-executor.2 *80380 448809 9880 0 7 0x4000000 syz-executor.2 80380 45293 9880 0 3 0x4000080 fsleep syz-executor.2 37411 77374 92507 0 2 0x482 syz-executor.4 41720 42303 92507 0 2 0x482 syz-executor.5 13005 371425 92507 0 2 0x482 syz-executor.6 95126 229425 92507 0 2 0x482 syz-executor.0 86812 157920 92507 0 2 0x482 syz-executor.1 26419 498829 92507 0 2 0x482 syz-executor.3 9880 464304 92507 0 2 0x482 syz-executor.2 37143 87973 0 0 3 0x14280 nfsidl nfsio 33245 176635 0 0 3 0x14280 nfsidl nfsio 94555 299047 0 0 3 0x14280 nfsidl nfsio 17012 491846 0 0 3 0x14280 nfsidl nfsio 60850 119621 0 0 3 0x14280 nfsidl nfsio 81111 283548 0 0 3 0x14280 nfsidl nfsio 74343 21938 0 0 3 0x14280 nfsidl nfsio 2513 316523 0 0 3 0x14280 nfsidl nfsio 56357 244839 0 0 3 0x14280 nfsidl nfsio 25816 256369 0 0 3 0x14280 nfsidl nfsio 99182 521271 0 0 3 0x14280 nfsidl nfsio 14943 227658 0 0 3 0x14280 nfsidl nfsio 70798 31159 0 0 3 0x14280 nfsidl nfsio 36436 428113 0 0 3 0x14280 nfsidl nfsio 34822 461697 0 0 3 0x14280 nfsidl nfsio 60035 71400 0 0 3 0x14280 nfsidl nfsio 63242 349467 0 0 3 0x14280 nfsidl nfsio 57399 454107 0 0 3 0x14280 nfsidl nfsio 9698 189818 0 0 3 0x14280 nfsidl nfsio 49543 45550 0 0 3 0x14280 nfsidl nfsio 70980 74661 0 0 3 0x14200 bored sosplice 3475 117120 92507 0 2 0x2 syz-executor.7 92507 211622 81417 0 3 0x82 kqread syz-fuzzer 92507 515630 81417 0 3 0x4000082 thrsleep syz-fuzzer 92507 396546 81417 0 3 0x4000082 thrsleep syz-fuzzer 92507 95195 81417 0 3 0x4000082 thrsleep syz-fuzzer 92507 39948 81417 0 3 0x4000082 wait syz-fuzzer 92507 244861 81417 0 3 0x4000082 wait syz-fuzzer 92507 56455 81417 0 3 0x4000082 thrsleep syz-fuzzer 92507 235254 81417 0 3 0x4000082 wait syz-fuzzer 92507 353845 81417 0 3 0x4000082 wait syz-fuzzer 92507 517122 81417 0 3 0x4000082 wait syz-fuzzer 92507 334174 81417 0 3 0x4000082 thrsleep syz-fuzzer 92507 141291 81417 0 3 0x4000082 wait syz-fuzzer 92507 202688 81417 0 3 0x4000082 wait syz-fuzzer 92507 508639 81417 0 3 0x4000082 wait syz-fuzzer 81417 378703 33979 0 3 0x10008a sigsusp ksh 33979 358593 76769 0 3 0x9a kqread sshd 52384 146305 1 0 3 0x100083 ttyin getty 76769 88009 1 0 3 0x88 kqread sshd 83521 315432 65627 73 3 0x1100090 kqread syslogd 65627 88068 1 0 3 0x100082 netio syslogd 24671 10671 1 0 3 0x100080 kqread resolvd 92805 345266 87855 77 3 0x100092 kqread dhcpleased 69155 311397 87855 77 3 0x100092 kqread dhcpleased 87855 491911 1 0 3 0x80 kqread dhcpleased 12478 25836 0 0 2 0x14200 smr 15407 157136 0 0 2 0x14200 zerothread 44818 306389 0 0 3 0x14200 aiodoned aiodoned 81529 123664 0 0 3 0x14200 syncer update 96820 36623 0 0 3 0x14200 cleaner cleaner 68722 410975 0 0 3 0x14200 reaper reaper 88133 231947 0 0 3 0x14200 pgdaemon pagedaemon 15694 11260 0 0 3 0x14200 bored viomb 92789 28404 0 0 3 0x40014200 acpi0 acpi0 70181 13549 0 0 3 0x14200 bored softnet 81266 61062 0 0 3 0x14200 bored softnet 49115 383063 0 0 3 0x14200 bored softnet 75374 285214 0 0 3 0x14200 bored softnet 14102 422466 0 0 3 0x14200 bored systqmp 32898 232734 0 0 3 0x14200 bored systq 3852 5395 0 0 2 0x40014200 softclock 82795 194286 0 0 3 0x40014200 idle0 1 448129 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10205 6480K 6871K 78643K 15272 0 pcb 14 14K 15K 78643K 652 0 rtable 184 15K 16K 78643K 1309 0 ifaddr 68 19K 22K 78643K 354 0 sysctl 3 1K 1K 78643K 3 0 counters 27 17K 17K 78643K 123 0 ioctlops 0 0K 2K 78643K 329 0 iov 0 0K 32K 78643K 162 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1470 92K 92K 78643K 4493 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 23 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 218 0 dirhash 84 15K 16K 78643K 2409 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 81K 78643K 2370 0 sigio 0 0K 0K 78643K 83 0 proc 60 67K 100K 78643K 1077 0 subproc 104 6K 6K 78643K 338 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 208 0 in_multi 70 4K 6K 78643K 345 0 ether_multi 1 0K 0K 78643K 8 0 mrt 1 0K 0K 78643K 8 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 1K 78643K 906 0 pfkey data 0 0K 0K 78643K 5 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 339 85K 100K 78643K 22963 0 UVM aobj 131 10K 10K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 145 0 NDP 12 0K 1K 78643K 125 0 temp 128 5854K 6874K 78643K 25696 0 kqueue 12 18K 26K 78643K 173 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 302 0 299 6 5 1 3 0 8 0 rtentry 112 436 0 357 4 1 3 4 0 8 0 unpcb 144 2243 0 2226 28 27 1 10 0 8 0 syncache 296 9 0 9 3 3 0 1 0 8 0 tcpqe 32 195 0 195 3 3 0 1 0 8 0 tcpcb 776 617 0 609 25 23 2 8 0 8 0 arp 88 65 0 54 1 0 1 1 0 8 0 inpcb 336 2446 0 2434 42 35 7 10 0 8 5 ip6q 72 3 0 3 1 1 0 1 0 8 0 ip6af 40 9 0 9 1 1 0 1 0 8 0 nd6 104 82 0 66 1 0 1 1 0 8 0 pkpcb 40 40 0 40 3 3 0 1 0 8 0 kcovpl 48 26 0 18 1 0 1 1 0 8 0 mppekey 1024 23 0 23 4 4 0 1 0 8 0 ppxss 1160 57 0 57 7 6 1 1 0 8 1 pppxif 1360 23 0 23 3 3 0 1 0 8 0 pfstscr 40 4 0 4 1 1 0 1 0 8 0 pfosfp 40 165 0 161 1 0 1 1 0 8 0 pfosfpen 112 165 0 158 1 0 1 1 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pfstkey 128 8 0 8 1 1 0 1 0 8 0 pfstate 352 4 0 4 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1884 0 1549 36 9 27 30 0 8 1 art_table 32 1885 0 1549 4 0 4 4 0 8 0 art_node 16 435 0 366 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 7 2 1 1 1 0 8 0 semapl 112 214 0 204 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 816 0 775 10 4 6 6 0 8 0 dino2pl 256 4774 0 3338 92 1 91 91 0 8 0 ffsino 240 4774 0 3338 85 0 85 85 0 8 0 nchpl 144 8042 0 6396 63 0 63 63 0 8 0 rtmask 32 7 0 7 2 2 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 31348 0 31347 7 5 2 3 0 8 1 kstatmem 264 142 0 118 2 0 2 2 0 8 0 scxspl 216 29880 0 29880 14 12 2 8 0 8 2 plimitpl 152 359 0 344 1 0 1 1 0 8 0 sigapl 424 2646 0 2581 8 0 8 8 0 8 0 futexpl 64 23800 0 23796 4 3 1 1 0 8 0 knotepl 120 42340 0 42260 28 19 9 9 0 8 5 kqueuepl 184 793 0 785 10 9 1 4 0 8 0 pipepl 288 802 0 774 18 15 3 7 0 8 0 fdescpl 432 2609 0 2581 4 0 4 4 0 8 0 filepl 120 20838 0 20593 40 30 10 15 0 8 2 lockfpl 104 751 0 749 3 2 1 2 0 8 0 lockfspl 48 184 0 182 1 0 1 1 0 8 0 sessionpl 144 41 0 25 1 0 1 1 0 8 0 pgrppl 48 46 0 30 1 0 1 1 0 8 0 ucredpl 104 2817 0 2806 1 0 1 1 0 8 0 zombiepl 144 2581 0 2581 1 0 1 1 0 8 1 processpl 1008 2646 0 2581 9 0 9 9 0 8 0 procpl 696 5843 0 5758 13 4 9 10 0 8 0 sosppl 168 18 0 18 3 3 0 1 0 8 0 sockpl 456 5031 0 4999 130 117 13 34 0 8 8 mcl64k 65536 105 0 105 6 5 1 1 0 8 1 mcl16k 16384 54 0 54 8 7 1 1 0 8 1 mcl12k 12288 104 0 104 7 6 1 1 0 8 1 mcl9k 9216 38 0 38 6 5 1 1 0 8 1 mcl8k 8192 88 0 88 10 9 1 1 0 8 1 mcl4k 4096 262 0 262 7 6 1 1 0 8 1 mcl2k2 2112 10 0 10 7 6 1 1 0 8 1 mcl2k 2048 79327 0 79222 49 34 15 27 0 8 1 mtagpl 96 305 0 106 8 1 7 7 0 8 0 mbufpl 256 153054 0 152769 281 256 25 173 0 8 1 bufpl 288 10691 0 4306 457 0 457 457 0 8 0 anonpl 24 433675 0 417642 175 20 155 173 0 188 56 amapchunkpl 152 78136 0 77232 92 48 44 65 0 158 9 amappl16 200 9389 0 8893 32 4 28 28 0 8 1 amappl15 192 13 0 13 1 1 0 1 0 8 0 amappl14 184 205 0 194 2 1 1 2 0 8 0 amappl13 176 10 0 10 1 1 0 1 0 8 0 amappl12 168 3495 0 3467 3 1 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 40 0 30 2 1 1 1 0 8 0 amappl9 144 189 0 189 8 8 0 2 0 8 0 amappl8 136 226 0 166 3 0 3 3 0 8 0 amappl7 128 61 0 44 1 0 1 1 0 8 0 amappl6 120 374 0 357 2 1 1 2 0 8 0 amappl5 112 268 0 260 1 0 1 1 0 8 0 amappl4 104 843 0 810 2 0 2 2 0 8 0 amappl3 96 14661 0 14574 3 0 3 3 0 8 0 amappl2 88 2781 0 2721 4 2 2 3 0 8 0 amappl1 80 19025 0 18522 23 12 11 22 0 8 0 amappl 88 22271 0 22047 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 2609 0 2581 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2609 0 2581 1 0 1 1 0 8 0 vmmpekpl 168 25121 0 25069 3 0 3 3 0 8 0 vmmpepl 168 183399 0 181092 176 71 105 128 0 357 0 vmsppl 360 2608 0 2581 3 0 3 3 0 8 0 rwobjpl 24 54345 0 46791 47 1 46 46 0 8 0 pdppl 4096 5224 0 5162 273 209 64 72 0 8 2 pvpl 32 1044214 0 1022668 429 152 277 308 0 265 97 pmappl 216 2608 0 2581 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1392 0 604 25 1 24 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828314bd) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80710fd4c0,ffffffff8280ada5,2,fffffd80710fd56c,ffff80002656bca8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd805aba8378,ffff80002656be48,ffff80002656bde8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805aba8378,ffff80002b40a5d0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002b40a5d0,ffff80002656c188,fffffd805aba8378) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff80002656c188) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff80002656c188,1,0) at vn_open+0x109 sys/kern/vfs_vnops.c:140 doopenat(ffff80002b40a5d0,3,200001c0,0,0,ffff80002656c360) at doopenat+0x26e sys/kern/vfs_syscalls.c:1127 syscall(ffff80002656c3e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xaeddcb545a0, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828314bd) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80710fd4c0,ffffffff8280ada5,2,fffffd80710fd56c,ffff80002656bca8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd805aba8378,ffff80002656be48,ffff80002656bde8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805aba8378,ffff80002b40a5d0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002b40a5d0,ffff80002656c188,fffffd805aba8378) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff80002656c188) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff80002656c188,1,0) at vn_open+0x109 sys/kern/vfs_vnops.c:140 doopenat(ffff80002b40a5d0,3,200001c0,0,0,ffff80002656c360) at doopenat+0x26e sys/kern/vfs_syscalls.c:1127 syscall(ffff80002656c3e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xaeddcb545a0, count: -12