panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 99849 59596 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e4a03) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80685f9000,ffff80002a6c1400,1,fffffd80685f90ac,ffff80003120d1b0,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067aec710,ffff80003120d460,ffff80003120d490) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003120d430) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003120d430) at namei+0x56a sys/kern/vfs_lookup.c:250 doreadlinkat(ffff80002f550d50,5,200001c0,20000200,89,ffff80003120d5b0) at doreadlinkat+0x81 sys/kern/vfs_syscalls.c:2164 syscall(ffff80003120d660) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1bea3658d30, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e4a03) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80685f9000,ffff80002a6c1400,1,fffffd80685f90ac,ffff80003120d1b0,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067aec710,ffff80003120d460,ffff80003120d490) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003120d430) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003120d430) at namei+0x56a sys/kern/vfs_lookup.c:250 doreadlinkat(ffff80002f550d50,5,200001c0,20000200,89,ffff80003120d5b0) at doreadlinkat+0x81 sys/kern/vfs_syscalls.c:2164 syscall(ffff80003120d660) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1bea3658d30, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003120cfd0 rbx 0xffff8000006bad60 rdx 0xffff80000007da00 rcx 0 rax 0xffff80002f550d50 r8 0 r9 0x8080808080808080 r10 0x1c15b8c795af8ebe r11 0x9f18f5bdab1d3b2e r12 0 r13 0xffff800000e22000 r14 0 r15 0x1 rip 0xffffffff821623bc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80003120cfc0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) tid=99849 pid=59596 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=84, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002f5222b8,0xffff80002a603568 process=0xffff8000311dc880 user=0xffff800031208000, vmspace=0xfffffd80697d56f0 estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 34028 450330 6439 0 2 0 syz-executor.5 34028 373254 6439 0 2 0x4000000 syz-executor.5 34028 309187 6439 0 2 0x4000000 syz-executor.5 86208 233743 33325 0 2 0 syz-executor.1 86208 452187 33325 0 3 0x4000080 fsleep syz-executor.1 86208 169113 33325 0 3 0x4000080 fsleep syz-executor.1 59596 341319 26915 0 2 0 syz-executor.0 *59596 99849 26915 0 7 0x4000000 syz-executor.0 59596 152499 26915 0 3 0x4000080 fsleep syz-executor.0 66073 233990 37845 60928 3 0x90 nanoslp syz-executor.2 66073 491902 37845 60928 3 0x4000090 netio syz-executor.2 66073 220547 37845 60928 3 0x4000090 fsleep syz-executor.2 48809 326665 0 0 3 0x14280 nfsidl nfsio 94426 514802 0 0 3 0x14280 nfsidl nfsio 1482 225212 0 0 3 0x14280 nfsidl nfsio 78502 246465 0 0 3 0x14280 nfsidl nfsio 81586 317807 0 0 3 0x14280 nfsidl nfsio 3249 82789 0 0 3 0x14280 nfsidl nfsio 25171 216725 0 0 3 0x14280 nfsidl nfsio 87061 250104 0 0 3 0x14280 nfsidl nfsio 38434 300738 0 0 3 0x14280 nfsidl nfsio 99931 312293 0 0 3 0x14280 nfsidl nfsio 92400 123880 0 0 3 0x14280 nfsidl nfsio 21677 285677 0 0 3 0x14280 nfsidl nfsio 60795 372978 0 0 3 0x14280 nfsidl nfsio 17479 407345 0 0 3 0x14280 nfsidl nfsio 94789 421082 0 0 3 0x14280 nfsidl nfsio 12355 379698 0 0 3 0x14280 nfsidl nfsio 87539 290897 0 0 3 0x14280 nfsidl nfsio 44397 462170 0 0 3 0x14280 nfsidl nfsio 56925 352999 0 0 3 0x14280 nfsidl nfsio 90857 234414 0 0 3 0x14280 nfsidl nfsio 37845 166692 5599 0 3 0x82 nanoslp syz-executor.2 33325 36229 5599 0 2 0x482 syz-executor.1 69077 411147 0 0 3 0x14200 acct acct 49556 506149 5599 0 2 0x482 syz-executor.3 92060 318002 5599 0 2 0x2 syz-executor.6 75805 94511 5599 0 2 0x2 syz-executor.7 6439 513710 5599 0 2 0x482 syz-executor.5 87282 399209 5599 0 3 0x82 nanoslp syz-executor.4 26915 511355 5599 0 3 0x82 nanoslp syz-executor.0 74394 212194 1 0 3 0x18100083 ttyin getty 1420 136006 0 0 3 0x14200 bored sosplice 5599 302188 90784 0 3 0x1a000082 thrsleep syz-fuzzer 5599 23852 90784 0 3 0x1e000082 nanoslp syz-fuzzer 5599 345374 90784 0 3 0x1e000082 wait syz-fuzzer 5599 62115 90784 0 3 0x1e000082 thrsleep syz-fuzzer 5599 103354 90784 0 3 0x1e000082 wait syz-fuzzer 5599 247492 90784 0 3 0x1e000082 wait syz-fuzzer 5599 210598 90784 0 3 0x1e000082 wait syz-fuzzer 5599 85063 90784 0 3 0x1e000082 wait syz-fuzzer 5599 329590 90784 0 3 0x1e000082 thrsleep syz-fuzzer 5599 449147 90784 0 3 0x1e000082 thrsleep syz-fuzzer 5599 27765 90784 0 3 0x1e000082 wait syz-fuzzer 5599 305391 90784 0 3 0x1e000082 kqread syz-fuzzer 5599 521108 90784 0 3 0x1e000082 wait syz-fuzzer 5599 140090 90784 0 3 0x1e000082 wait syz-fuzzer 90784 118980 78341 0 3 0x810008a sigsusp ksh 78341 3605 35478 0 3 0x1800009a kqread sshd 35478 19600 1 0 3 0x18000088 kqread sshd 12406 388059 40515 73 3 0x19100090 kqread syslogd 40515 71951 1 0 3 0x18100082 netio syslogd 92179 518666 1 0 3 0x18100080 kqread resolvd 35046 455453 23309 77 3 0x18100092 kqread dhcpleased 95168 356888 23309 77 3 0x18100092 kqread dhcpleased 23309 228470 1 0 3 0x18000080 kqread dhcpleased 72868 118843 0 0 3 0x14200 bored smr 43492 408142 0 0 2 0x14200 zerothread 27443 81192 0 0 3 0x14200 aiodoned aiodoned 99959 451221 0 0 3 0x14200 syncer update 33071 138585 0 0 3 0x14200 cleaner cleaner 1535 524130 0 0 3 0x14200 reaper reaper 20269 61671 0 0 3 0x14200 pgdaemon pagedaemon 82904 20176 0 0 3 0x14200 bored viomb 98598 493977 0 0 3 0x40014200 acpi0 acpi0 12919 68327 0 0 3 0x14200 bored softnet3 23808 120930 0 0 3 0x14200 bored softnet2 85954 369455 0 0 3 0x14200 bored softnet1 14565 339981 0 0 3 0x14200 bored softnet0 62591 428808 0 0 3 0x14200 bored systqmp 11518 215736 0 0 3 0x14200 bored systq 2826 280316 0 0 2 0x40014200 softclock 18928 3736 0 0 3 0x40014200 idle0 1 461774 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10172 6404K 7510K 166960K 23914 0 pcb 15 15K 16K 166960K 507 0 rtable 222 8K 9K 166960K 1346 0 pf 29 8K 9K 166960K 233 0 ifaddr 40 11K 12K 166960K 213 0 ifgroup 50 2K 2K 166960K 370 0 sysctl 2 0K 0K 166960K 2 0 counters 30 17K 17K 166960K 117 0 ioctlops 0 0K 2K 166960K 745 0 iov 1 2K 24K 166960K 716 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1680 106K 106K 166960K 5979 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 93 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 805 0 dirhash 93 16K 16K 166960K 4644 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 85K 166960K 6879 0 sigio 0 0K 0K 166960K 213 0 proc 58 59K 83K 166960K 1471 0 subproc 104 6K 6K 166960K 419 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 379 0 in_multi 88 6K 7K 166960K 452 0 ether_multi 1 0K 0K 166960K 10 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 1975 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 416 496K 497K 166960K 65512 0 UVM aobj 131 5K 5K 166960K 143 0 pinsyscall 22 44K 100K 166960K 2009 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 191 0 NDP 11 0K 2K 166960K 162 0 temp 74 6804K 6932K 166960K 74044 0 kqueue 12 18K 26K 166960K 451 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 419 0 416 5 2 3 3 0 8 2 rtentry 112 432 0 331 4 0 4 4 0 8 0 unpcb 144 6739 0 6724 13 7 6 8 0 8 5 syncache 336 56 0 56 3 2 1 1 0 8 1 tcpqe 32 394 22 394 3 2 1 1 0 8 1 tcpcb 808 2325 0 2310 29 19 10 15 0 8 7 arp 88 81 0 64 1 0 1 1 0 8 0 ipq 40 42 0 42 2 1 1 1 0 8 1 ipqe 40 91 0 91 2 1 1 1 0 8 1 inpcb 360 5456 0 5437 29 20 9 14 0 8 7 nd6 104 106 0 84 1 0 1 1 0 8 0 pkpcb 40 96 0 96 3 2 1 1 0 8 1 kcovpl 48 32 0 24 1 0 1 1 0 8 0 ppxss 1072 29 0 29 3 2 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1617 0 1183 30 0 30 30 0 8 2 art_table 32 1618 0 1183 4 0 4 4 0 8 0 art_node 16 423 0 331 1 0 1 1 0 8 0 sysvmsgpl 40 81 0 74 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 763 0 753 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 1568 0 1524 6 0 6 6 0 8 0 dino2pl 256 11238 0 9694 97 0 97 97 0 8 0 ffsino 240 11238 0 9694 92 0 92 92 0 8 0 nchpl 144 20489 0 18756 66 0 66 66 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 72758 0 72755 5 3 2 3 0 8 1 vcpupl 2048 37 0 0 5 0 5 5 0 8 0 vmpool 664 57 0 20 4 0 4 4 0 8 0 kstatmem 264 196 0 174 2 0 2 2 0 8 0 scxspl 216 58275 0 58275 14 10 4 8 1 8 4 plimitpl 152 848 0 833 1 0 1 1 0 8 0 sigapl 424 7330 0 7265 8 0 8 8 0 8 0 futexpl 64 63348 0 63344 1 0 1 1 0 8 0 knotepl 120 60107 0 60025 11 8 3 11 0 8 0 kqueuepl 184 1143 0 1135 9 5 4 4 0 8 3 pipepl 288 1297 0 1269 16 11 5 9 0 8 2 fdescpl 432 7112 0 7087 4 0 4 4 0 8 0 filepl 120 46131 0 45887 25 11 14 18 0 8 4 lockfpl 104 1850 0 1848 2 1 1 2 0 8 0 lockfspl 48 725 0 723 1 0 1 1 0 8 0 sessionpl 144 48 0 32 1 0 1 1 0 8 0 pgrppl 48 372 0 356 1 0 1 1 0 8 0 ucredpl 104 8058 0 8045 1 0 1 1 0 8 0 zombiepl 144 7267 0 7265 1 0 1 1 0 8 0 processpl 1072 7330 0 7265 5 0 5 5 0 8 0 procpl 680 17703 0 17617 10 1 9 9 0 8 1 sosppl 168 34 0 33 3 2 1 1 0 8 0 sockpl 488 12713 0 12676 245 232 13 30 0 8 7 mcl64k 65536 400 0 400 3 2 1 1 0 8 1 mcl16k 16384 148 0 148 3 2 1 1 0 8 1 mcl12k 12288 265 0 265 3 2 1 1 0 8 1 mcl9k 9216 194 0 194 3 2 1 1 0 8 1 mcl8k 8192 522 0 521 3 2 1 1 0 8 0 mcl4k 4096 748 0 748 3 2 1 1 0 8 1 mcl2k2 2112 114 0 114 3 2 1 1 0 8 1 mcl2k 2048 84197 0 84136 34 23 11 31 0 8 2 mtagpl 96 1201 0 974 11 5 6 9 0 8 0 mbufpl 256 199139 0 198808 152 124 28 72 0 8 3 bufpl 280 14832 0 8496 453 0 453 453 0 8 0 anonpl 24 797915 0 784383 135 23 112 112 0 188 9 amapchunkpl 152 210034 0 209188 55 13 42 50 0 158 4 amappl16 200 18433 0 18000 87 55 32 36 0 8 8 amappl15 192 48 0 47 1 0 1 1 0 8 0 amappl14 184 217 0 207 2 1 1 2 0 8 0 amappl13 176 24 0 24 3 2 1 1 0 8 1 amappl12 168 8102 0 8077 2 0 2 2 0 8 0 amappl11 160 53 0 42 1 0 1 1 0 8 0 amappl10 152 62 0 52 1 0 1 1 0 8 0 amappl9 144 235 0 234 1 0 1 1 0 8 0 amappl8 136 360 0 283 3 0 3 3 0 8 0 amappl7 128 103 0 89 1 0 1 1 0 8 0 amappl6 120 670 0 651 2 1 1 2 0 8 0 amappl5 112 413 0 400 1 0 1 1 0 8 0 amappl4 104 836 0 799 2 0 2 2 0 8 0 amappl3 96 40920 0 40842 3 0 3 3 0 8 0 amappl2 88 7823 0 7750 4 2 2 4 0 8 0 amappl1 80 35080 0 34587 22 10 12 22 0 8 0 amappl 88 64535 0 64287 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 7169 0 7107 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7169 0 7107 1 0 1 1 0 8 0 vmmpekpl 168 53074 0 52996 4 0 4 4 0 8 0 vmmpepl 168 442123 0 439936 172 44 128 128 0 357 16 vmsppl 352 7168 0 7107 7 0 7 7 0 8 1 rwobjpl 24 113375 0 105840 47 0 47 47 0 8 0 pdppl 4096 14344 0 14251 479 378 101 103 0 8 8 pvpl 32 2073411 0 2054379 441 243 198 388 0 265 20 pmappl 216 7168 0 7107 4 0 4 4 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 974 0 571 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e4a03) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80685f9000,ffff80002a6c1400,1,fffffd80685f90ac,ffff80003120d1b0,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067aec710,ffff80003120d460,ffff80003120d490) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003120d430) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003120d430) at namei+0x56a sys/kern/vfs_lookup.c:250 doreadlinkat(ffff80002f550d50,5,200001c0,20000200,89,ffff80003120d5b0) at doreadlinkat+0x81 sys/kern/vfs_syscalls.c:2164 syscall(ffff80003120d660) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1bea3658d30, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e4a03) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80685f9000,ffff80002a6c1400,1,fffffd80685f90ac,ffff80003120d1b0,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067aec710,ffff80003120d460,ffff80003120d490) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003120d430) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003120d430) at namei+0x56a sys/kern/vfs_lookup.c:250 doreadlinkat(ffff80002f550d50,5,200001c0,20000200,89,ffff80003120d5b0) at doreadlinkat+0x81 sys/kern/vfs_syscalls.c:2164 syscall(ffff80003120d660) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1bea3658d30, count: -10