panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 43828 5688 0 0 0x4000000 0 syz-executor.6 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560 namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244 vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140 doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127 syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd71deb529b0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560 namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244 vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140 doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127 syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd71deb529b0, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000217a8ce0 rbx 0 rdx 0xffff800000c35340 rcx 0 rax 0xffff800026642fc0 r8 0 r9 0x8080808080808080 r10 0xeb9cae81ed015f23 r11 0xf9450f070d0ced19 r12 0 r13 0xffff800000c2ed40 r14 0 r15 0x1 rip 0xffffffff81a514a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000217a8cd0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.6) pid=43828 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff800026642000,0xffff8000266437b0 process=0xffff800021712bd0 user=0xffff8000217a4000, vmspace=0xfffffd80728bb110 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 42184 381841 56817 0 2 0 syz-executor.4 60601 242918 18421 0 2 0 syz-executor.7 16474 187994 15471 0 2 0 syz-executor.1 16474 436117 15471 0 3 0x4000080 fsleep syz-executor.1 16474 36620 15471 0 3 0x4000080 fsleep syz-executor.1 16474 486366 15471 0 3 0x4000080 fsleep syz-executor.1 5688 9178 77888 0 2 0 syz-executor.6 * 5688 43828 77888 0 7 0x4000000 syz-executor.6 5688 215702 77888 0 3 0x4000080 fsleep syz-executor.6 234 92701 30101 0 2 0 syz-executor.5 234 297236 30101 0 3 0x4000080 fsleep syz-executor.5 234 378243 30101 0 3 0x4000080 fsleep syz-executor.5 31054 435451 59422 0 2 0x2 syz-executor.2 30101 318236 59422 0 3 0x82 nanoslp syz-executor.5 13308 217578 59422 0 3 0x82 nanoslp syz-executor.3 11204 464181 0 0 3 0x14200 acct acct 26264 434301 59422 0 2 0x2 syz-executor.0 15471 254037 59422 0 3 0x82 nanoslp syz-executor.1 18421 192899 59422 0 3 0x82 nanoslp syz-executor.7 15794 466390 1 0 3 0x100083 ttyin getty 77888 31758 59422 0 3 0x82 nanoslp syz-executor.6 58118 417291 0 0 3 0x14200 bored sosplice 26414 459099 0 0 3 0x14280 nfsidl nfsio 29046 141383 0 0 3 0x14280 nfsidl nfsio 25796 113424 0 0 3 0x14280 nfsidl nfsio 30562 124471 0 0 3 0x14280 nfsidl nfsio 70554 331887 0 0 3 0x14280 nfsidl nfsio 25943 451365 0 0 3 0x14280 nfsidl nfsio 54504 267172 0 0 3 0x14280 nfsidl nfsio 31759 174117 0 0 3 0x14280 nfsidl nfsio 34891 472023 0 0 3 0x14280 nfsidl nfsio 54407 213108 0 0 3 0x14280 nfsidl nfsio 78875 135734 0 0 3 0x14280 nfsidl nfsio 91345 137098 0 0 3 0x14280 nfsidl nfsio 20631 123125 0 0 3 0x14280 nfsidl nfsio 59874 284677 0 0 3 0x14280 nfsidl nfsio 78627 320173 0 0 3 0x14280 nfsidl nfsio 34903 378178 0 0 3 0x14280 nfsidl nfsio 66051 358328 0 0 3 0x14280 nfsidl nfsio 25847 116421 0 0 3 0x14280 nfsidl nfsio 97085 283230 0 0 3 0x14280 nfsidl nfsio 53436 142812 0 0 3 0x14280 nfsidl nfsio 56817 403463 59422 0 3 0x82 nanoslp syz-executor.4 59422 55010 26539 0 3 0x82 wait syz-fuzzer 59422 161383 26539 0 3 0x4000082 nanoslp syz-fuzzer 59422 171030 26539 0 3 0x4000082 wait syz-fuzzer 59422 77411 26539 0 3 0x4000082 thrsleep syz-fuzzer 59422 11034 26539 0 3 0x4000082 wait syz-fuzzer 59422 251115 26539 0 3 0x4000082 wait syz-fuzzer 59422 105322 26539 0 3 0x4000082 thrsleep syz-fuzzer 59422 119806 26539 0 3 0x4000082 wait syz-fuzzer 59422 204539 26539 0 3 0x4000082 thrsleep syz-fuzzer 59422 38746 26539 0 3 0x4000082 kqread syz-fuzzer 59422 4479 26539 0 3 0x4000082 wait syz-fuzzer 59422 117386 26539 0 3 0x4000082 thrsleep syz-fuzzer 59422 406830 26539 0 3 0x4000082 wait syz-fuzzer 59422 382371 26539 0 3 0x4000082 wait syz-fuzzer 26539 408107 74663 0 3 0x10008a sigsusp ksh 74663 301710 18433 0 3 0x9a kqread sshd 18433 118276 1 0 3 0x88 kqread sshd 25121 189703 4196 73 3 0x1100090 kqread syslogd 4196 352057 1 0 3 0x100082 netio syslogd 1289 479693 1 0 3 0x100080 kqread resolvd 61560 258414 0 0 3 0x14200 bored smr 87008 33018 0 0 2 0x14200 zerothread 50893 504858 0 0 3 0x14200 aiodoned aiodoned 94536 298213 0 0 3 0x14200 syncer update 49412 460325 0 0 3 0x14200 cleaner cleaner 13458 342629 0 0 3 0x14200 reaper reaper 92653 7818 0 0 3 0x14200 pgdaemon pagedaemon 34073 250643 0 0 3 0x14200 bored viomb 73152 88019 0 0 3 0x40014200 acpi0 acpi0 58583 193487 0 0 3 0x14200 bored softnet 50512 66125 0 0 3 0x14200 bored softnet 4342 293904 0 0 3 0x14200 bored softnet 40450 343236 0 0 3 0x14200 bored softnet 80021 404320 0 0 3 0x14200 bored systqmp 48884 259763 0 0 3 0x14200 bored systq 51539 499284 0 0 2 0x40014200 softclock 30760 159563 0 0 3 0x40014200 idle0 1 1862 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10208 6422K 6927K 78643K 13602 0 pcb 13 16K 18K 78643K 817 0 rtable 178 16K 18K 78643K 1642 0 ifaddr 115 25K 27K 78643K 861 0 sysctl 3 1K 1K 78643K 3 0 counters 25 17K 17K 78643K 353 0 ioctlops 0 0K 4K 78643K 1522 0 iov 0 0K 16K 78643K 1488 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1392 87K 88K 78643K 6577 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 65 0 VM map 2 0K 0K 78643K 2 0 sem 15 10K 20K 78643K 313 0 dirhash 75 13K 16K 78643K 5142 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 65K 78643K 11954 0 sigio 0 0K 0K 78643K 117 0 proc 56 51K 83K 78643K 2511 0 subproc 104 6K 6K 78643K 390 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1949 0 in_multi 57 3K 6K 78643K 1649 0 ether_multi 1 0K 0K 78643K 46 0 mrt 1 0K 0K 78643K 19 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 223 996K 996K 78643K 223 0 exec 0 0K 1K 78643K 1950 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 341 490K 502K 78643K 77181 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 217 0 NDP 13 0K 2K 78643K 222 0 temp 132 4694K 5718K 78643K 113729 0 kqueue 7 12K 26K 78643K 606 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 308 0 307 2 1 1 2 0 8 0 rtentry 112 469 0 402 4 1 3 4 0 8 0 unpcb 144 8711 0 8705 80 79 1 8 0 8 0 syncache 296 331 0 331 21 21 0 1 0 8 0 tcpqe 32 109 0 109 11 11 0 1 0 8 0 tcpcb 776 6386 0 6380 149 140 9 17 0 8 8 arp 88 65 0 53 1 0 1 1 0 8 0 ipq 40 14 0 14 6 6 0 1 0 8 0 ipqe 40 253 0 253 6 6 0 1 0 8 0 inpcb 336 12776 0 12770 136 127 9 15 0 8 8 nd6 48 101 0 85 1 0 1 1 0 8 0 pkpcb 40 79 0 79 4 4 0 1 0 8 0 kcovpl 48 30 0 22 1 0 1 1 0 8 0 mppekey 1024 13 0 13 4 4 0 1 0 8 0 ppxss 1160 222 0 222 13 13 0 1 0 8 0 pppxif 1608 176 0 176 10 10 0 1 0 8 0 pfstscr 40 173 0 169 1 0 1 1 0 8 0 pfosfp 40 9 0 7 1 0 1 1 0 8 0 pfosfpen 112 9 0 6 1 0 1 1 0 8 0 pfanchor 1280 990 887 478 47 4 43 43 0 8 0 pfqueue 264 3 0 3 1 1 0 1 0 8 0 pfstitem 24 34 0 30 1 0 1 1 0 8 0 pfstkey 120 180 0 178 1 0 1 1 0 8 0 pfstate 352 90 0 88 1 0 1 1 0 8 0 rttmr 136 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 5 0 4 5 4 1 2 0 8 0 art_heap4 256 2137 0 1867 41 20 21 29 0 8 0 art_table 32 2142 0 1871 4 0 4 4 0 8 0 art_node 16 468 0 411 1 0 1 1 0 8 0 sysvmsgpl 40 41 0 18 1 0 1 1 0 8 0 semapl 112 302 0 289 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 1727 0 1689 6 0 6 6 0 8 0 dino2pl 256 19855 0 18344 95 0 95 95 0 8 0 ffsino 240 19855 0 18344 90 0 90 90 0 8 0 nchpl 144 39009 0 38524 63 41 22 63 0 8 0 rtmask 32 5 0 5 2 2 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 146702 0 146699 4 2 2 2 0 8 1 vcpupl 2048 30 0 0 4 0 4 4 0 8 0 vmpool 536 41 0 11 3 1 2 2 0 8 0 kstatmem 264 308 0 282 3 0 3 3 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 103072 0 103072 19 18 1 8 0 8 1 plimitpl 152 938 0 924 1 0 1 1 0 8 0 sigapl 424 12227 0 12165 8 0 8 8 0 8 0 futexpl 64 132723 0 132717 1 0 1 1 0 8 0 knotepl 120 121928 0 121863 32 27 5 10 0 8 0 kqueuepl 184 1421 0 1415 16 15 1 4 0 8 0 pipepl 288 2262 0 2233 60 55 5 11 0 8 2 fdescpl 432 12188 0 12165 4 0 4 4 0 8 0 filepl 120 95468 0 95242 127 114 13 17 0 8 5 lockfpl 104 3515 0 3514 9 8 1 2 0 8 0 lockfspl 48 744 0 743 1 0 1 1 0 8 0 sessionpl 144 46 0 31 1 0 1 1 0 8 0 pgrppl 48 63 0 48 1 0 1 1 0 8 0 ucredpl 104 6184 0 6177 1 0 1 1 0 8 0 zombiepl 144 12166 0 12165 2 1 1 1 0 8 0 processpl 1000 12227 0 12165 9 0 9 9 0 8 0 procpl 672 30136 0 30054 17 9 8 9 0 8 0 sosppl 168 246 0 246 15 14 1 1 0 8 1 sockpl 456 21885 0 21872 403 393 10 28 0 8 8 mcl64k 65536 460 0 460 16 15 1 1 0 8 1 mcl16k 16384 100 0 100 17 16 1 1 0 8 1 mcl12k 12288 516 0 516 17 16 1 1 0 8 1 mcl9k 9216 90 0 90 25 24 1 1 0 8 1 mcl8k 8192 708 0 708 12 11 1 1 0 8 1 mcl4k 4096 2204 0 2204 8 7 1 1 0 8 1 mcl2k2 2112 69 0 69 26 26 0 1 0 8 0 mcl2k 2048 93374 0 93328 55 47 8 31 0 8 1 mtagpl 96 109 0 109 4 4 0 3 0 8 0 mbufpl 256 275554 0 275455 343 327 16 159 0 8 0 bufpl 288 21931 0 15529 458 0 458 458 0 8 0 anonpl 24 2216416 0 2200441 200 89 111 126 0 188 4 amapchunkpl 152 240382 0 239711 94 65 29 42 0 158 0 amappl16 200 18943 0 18418 108 80 28 40 0 8 0 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 238 0 227 2 1 1 2 0 8 0 amappl13 176 11 0 10 1 0 1 1 0 8 0 amappl12 168 662 0 658 1 0 1 1 0 8 0 amappl11 160 41 0 37 1 0 1 1 0 8 0 amappl10 152 54 0 44 1 0 1 1 0 8 0 amappl9 144 997 0 995 1 0 1 1 0 8 0 amappl8 136 391 0 305 3 0 3 3 0 8 0 amappl7 128 68 0 51 1 0 1 1 0 8 0 amappl6 120 568 0 555 2 1 1 2 0 8 0 amappl5 112 191 0 186 1 0 1 1 0 8 0 amappl4 104 1004 0 981 2 1 1 2 0 8 0 amappl3 96 34376 0 34339 2 0 2 2 0 8 0 amappl2 88 12937 0 12888 3 1 2 3 0 8 0 amappl1 80 271520 0 270974 22 8 14 21 0 8 0 amappl 88 76530 0 76349 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 12229 0 12176 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12229 0 12176 1 0 1 1 0 8 0 vmmpekpl 168 82442 0 82379 4 0 4 4 0 8 0 vmmpepl 168 1085364 0 1083106 234 119 115 133 0 357 0 vmsppl 272 12228 0 12176 4 0 4 4 0 8 0 rwobjpl 24 279503 0 271988 50 3 47 48 0 8 0 pdppl 4096 24464 0 24382 557 469 88 88 0 8 6 pvpl 32 4247332 0 4227079 360 170 190 232 0 265 15 pmappl 216 12228 0 12176 5 1 4 4 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1918 0 1106 29 5 24 27 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560 namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244 vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140 doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127 syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd71deb529b0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8263a30f) at panic+0x161 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd80700502e0,ffff800021784000,1,fffffd807005038c,ffff8000217a8eb8,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:343 ufs_lookup() at ufs_lookup+0xc15 sys/ufs/ufs/ufs_lookup.c:216 VOP_LOOKUP(fffffd806817b8d0,ffff8000217a9338,ffff8000217a9368) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000217a9308) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:560 namei(ffff8000217a9308) at namei+0x36a sys/kern/vfs_lookup.c:244 vn_open(ffff8000217a9308,1,0) at vn_open+0x105 sys/kern/vfs_vnops.c:140 doopenat(ffff800026642fc0,3,20000040,0,0,ffff8000217a94e0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127 syscall(ffff8000217a9560) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd71deb529b0, count: -11