panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *260574 82937 0 0 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82916d40) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807478eb48,ffffffff828f0395,2,fffffd807478ebf4,ffff8000377fb638,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805b906628,ffff8000377fb7d8,ffff8000377fb778) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805b906628,ffff80002a68ed48) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a68ed48,ffff8000377fbb18,fffffd805b906628) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff8000377fbb18) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff8000377fbb18,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a68ed48,4,200003c0,200,0,ffff8000377fbcc0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377fbd70) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd991f1c75d0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82916d40) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807478eb48,ffffffff828f0395,2,fffffd807478ebf4,ffff8000377fb638,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805b906628,ffff8000377fb7d8,ffff8000377fb778) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805b906628,ffff80002a68ed48) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a68ed48,ffff8000377fbb18,fffffd805b906628) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff8000377fbb18) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff8000377fbb18,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a68ed48,4,200003c0,200,0,ffff8000377fbcc0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377fbd70) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd991f1c75d0, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000377fb460 rbx 0 rdx 0xffff800000da2d40 rcx 0 rax 0xffff80002a68ed48 r8 0x101010101010101 r9 0x8080808080808080 r10 0xaee7b12f358602df r11 0x1570869c76a73ef7 r12 0 r13 0xffff8000006baf60 r14 0 r15 0x1 rip 0xffffffff8145fcac db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000377fb450 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.4) tid=260574 pid=82937 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=85, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6432a8,0xffff80002a683aa8 process=0xffff8000ffff3260 user=0xffff8000377f6000, vmspace=0xfffffd805e4f86e8 estcpu=35, cpticks=0, pctcpu=0.1, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 82937 418385 27434 0 2 0 syz-executor.4 *82937 260574 27434 0 7 0x4000000 syz-executor.4 10177 414490 31998 0 3 0x80 nanoslp syz-executor.7 10177 311733 31998 0 3 0x4000080 kqread syz-executor.7 10177 331139 31998 0 3 0x4000080 kqread syz-executor.7 10177 231637 31998 0 3 0x4000080 fsleep syz-executor.7 37680 119292 74672 0 3 0x82 nanoslp syz-executor.5 52226 448781 74672 0 3 0x82 nanoslp syz-executor.1 21900 400464 74672 0 2 0x2 syz-executor.0 27434 40724 74672 0 3 0x82 nanoslp syz-executor.4 74489 52054 74672 0 3 0x82 nanoslp syz-executor.2 23644 268387 0 0 3 0x14280 nfsidl nfsio 54182 385665 0 0 3 0x14280 nfsidl nfsio 43282 148050 0 0 3 0x14280 nfsidl nfsio 24633 31599 0 0 3 0x14280 nfsidl nfsio 51495 427615 0 0 3 0x14280 nfsidl nfsio 13051 91075 0 0 3 0x14280 nfsidl nfsio 49007 107377 0 0 3 0x14280 nfsidl nfsio 419 261780 0 0 3 0x14280 nfsidl nfsio 14903 32069 0 0 3 0x14280 nfsidl nfsio 55933 58444 0 0 3 0x14280 nfsidl nfsio 16649 412046 0 0 3 0x14280 nfsidl nfsio 60042 256321 0 0 3 0x14280 nfsidl nfsio 59606 90136 0 0 3 0x14280 nfsidl nfsio 78770 236495 0 0 3 0x14280 nfsidl nfsio 42145 519017 0 0 3 0x14280 nfsidl nfsio 72782 481608 0 0 3 0x14280 nfsidl nfsio 95556 72897 0 0 3 0x14280 nfsidl nfsio 88186 236070 0 0 3 0x14280 nfsidl nfsio 65471 474660 0 0 3 0x14280 nfsidl nfsio 82309 496469 0 0 3 0x14280 nfsidl nfsio 17980 85761 74672 0 3 0x2 biowait syz-executor.6 31998 317563 74672 0 3 0x82 nanoslp syz-executor.7 11268 59555 74672 0 3 0x82 nanoslp syz-executor.3 4644 10804 0 0 3 0x14200 bored sosplice 74672 323378 40604 0 3 0x2000082 thrsleep syz-fuzzer 74672 376346 40604 0 3 0x6000082 nanoslp syz-fuzzer 74672 165326 40604 0 3 0x6000082 wait syz-fuzzer 74672 500719 40604 0 3 0x6000082 wait syz-fuzzer 74672 67396 40604 0 3 0x6000082 wait syz-fuzzer 74672 478467 40604 0 3 0x6000082 wait syz-fuzzer 74672 209384 40604 0 3 0x6000082 wait syz-fuzzer 74672 385297 40604 0 3 0x6000082 thrsleep syz-fuzzer 74672 74026 40604 0 3 0x6000082 kqread syz-fuzzer 74672 42448 40604 0 3 0x6000082 thrsleep syz-fuzzer 74672 333862 40604 0 3 0x6000082 wait syz-fuzzer 74672 77019 40604 0 3 0x6000082 thrsleep syz-fuzzer 74672 515476 40604 0 3 0x6000082 wait syz-fuzzer 74672 407828 40604 0 3 0x6000082 wait syz-fuzzer 40604 34313 81985 0 3 0x10008a sigsusp ksh 81985 192298 25320 0 3 0x9a kqread sshd 49898 136658 1 0 3 0x100083 ttyin getty 25320 110303 1 0 3 0x88 kqread sshd 23474 65290 88269 73 3 0x1100090 kqread syslogd 88269 6891 1 0 3 0x100082 netio syslogd 54384 239902 1 0 3 0x100080 kqread resolvd 25804 319862 97274 77 3 0x100092 kqread dhcpleased 74976 120703 97274 77 3 0x100092 kqread dhcpleased 97274 28158 1 0 3 0x80 kqread dhcpleased 6284 310869 0 0 3 0x14200 bored smr 80023 331631 0 0 2 0x14200 zerothread 12942 84716 0 0 3 0x14200 aiodoned aiodoned 9466 324332 0 0 3 0x14200 syncer update 53151 295427 0 0 3 0x14200 cleaner cleaner 11967 333821 0 0 3 0x14200 reaper reaper 68413 520475 0 0 3 0x14200 pgdaemon pagedaemon 77316 73097 0 0 3 0x14200 bored viomb 85882 233104 0 0 3 0x40014200 acpi0 acpi0 65636 239982 0 0 3 0x14200 bored softnet3 68497 249809 0 0 3 0x14200 bored softnet2 9437 386007 0 0 3 0x14200 bored softnet1 5070 274052 0 0 3 0x14200 bored softnet0 24869 179982 0 0 3 0x14200 bored systqmp 60785 448712 0 0 3 0x14200 bored systq 69660 25585 0 0 3 0x40014200 tmoslp softclock 80941 131871 0 0 3 0x40014200 idle0 1 195465 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10202 6430K 7400K 166960K 49186 0 pcb 15 22K 24K 166960K 2077 0 rtable 199 14K 15K 166960K 3037 0 pf 27 8K 10K 166960K 585 0 ifaddr 36 11K 13K 166960K 451 0 ifgroup 46 2K 2K 166960K 966 0 sysctl 4 1K 1K 166960K 12 0 counters 29 17K 17K 166960K 257 0 ioctlops 0 0K 2K 166960K 1160 0 iov 0 0K 32K 166960K 2352 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1485 93K 93K 166960K 16149 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 226 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 2972 0 dirhash 96 17K 17K 166960K 29733 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 12 41K 85K 166960K 23557 0 sigio 1 0K 0K 166960K 1232 0 proc 59 67K 92K 166960K 2579 0 subproc 104 6K 7K 166960K 832 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2375 0 in_multi 77 5K 7K 166960K 861 0 ether_multi 1 0K 0K 166960K 6 0 mrt 1 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 3473 0 pfkey data 0 0K 0K 166960K 11 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 499 600K 605K 166960K 218672 0 UVM aobj 131 4K 4K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 1082 0 NDP 10 0K 2K 166960K 367 0 temp 74 6700K 6932K 166960K 218290 0 kqueue 14 22K 26K 166960K 1377 0 SYN cache 2 1236K 1244K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 854 0 851 8 7 1 3 0 8 0 rtentry 112 852 0 763 5 1 4 4 0 8 0 unpcb 144 20477 0 20464 199 195 4 10 0 8 3 syncache 320 194 0 194 42 42 0 1 0 8 0 tcpqe 32 224 0 224 28 28 0 1 0 8 0 tcpcb 808 8899 0 8894 249 248 1 17 0 8 0 arp 88 152 0 138 1 0 1 1 0 8 0 ipq 40 12 0 11 7 6 1 1 0 8 0 ipqe 40 67 0 66 7 6 1 1 0 8 0 inpcb 344 20913 0 20905 363 361 2 20 0 8 1 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 4 0 4 1 1 0 1 0 8 0 nd6 104 240 0 221 1 0 1 1 0 8 0 pkpcb 40 228 0 228 13 13 0 2 0 8 0 kcovpl 48 64 0 56 1 0 1 1 0 8 0 ppxss 1072 48 0 48 15 15 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 3180 0 2800 75 49 26 30 0 8 0 art_table 32 3181 0 2800 5 1 4 4 0 8 0 art_node 16 841 0 760 1 0 1 1 0 8 0 sysvmsgpl 40 48 0 21 2 1 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 2969 0 2959 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 10057 0 10012 8 2 6 6 0 8 0 dino2pl 256 38256 0 36713 97 0 97 97 0 8 0 ffsino 240 38256 0 36713 92 1 91 92 0 8 0 nchpl 144 70344 0 68703 63 0 63 63 0 8 0 uvmvnodes 80 6934 0 0 142 0 142 142 0 8 0 vnodes 216 6934 0 0 386 0 386 386 0 8 0 namei 1024 263876 0 263873 30 29 1 3 0 8 0 vcpupl 2048 148 0 0 19 0 19 19 0 8 0 vmpool 664 227 0 79 13 0 13 13 0 8 0 kstatmem 264 476 0 456 2 0 2 2 0 8 0 scxspl 216 211110 0 211109 50 49 1 8 1 8 0 plimitpl 152 2348 0 2332 1 0 1 1 0 8 0 sigapl 424 24070 0 24006 11 3 8 9 0 8 0 futexpl 64 236557 0 236556 3 2 1 1 0 8 0 knotepl 120 209442 0 209358 71 68 3 11 0 8 0 kqueuepl 184 4438 0 4428 68 67 1 7 0 8 0 pipepl 288 4135 0 4107 93 90 3 11 0 8 0 fdescpl 432 23723 0 23700 4 0 4 4 0 8 0 filepl 120 154103 0 153865 148 137 11 17 0 8 0 lockfpl 104 6115 0 6113 11 10 1 2 0 8 0 lockfspl 48 2306 0 2304 1 0 1 1 0 8 0 sessionpl 144 79 0 63 1 0 1 1 0 8 0 pgrppl 48 876 0 860 1 0 1 1 0 8 0 ucredpl 104 19714 0 19697 1 0 1 1 0 8 0 zombiepl 144 24010 0 24006 2 1 1 1 0 8 0 processpl 1072 24070 0 24006 5 0 5 5 0 8 0 procpl 680 59948 0 59867 27 18 9 9 0 8 0 sosppl 168 297 0 297 39 39 0 1 0 8 0 sockpl 488 42494 0 42470 1001 990 11 38 0 8 8 mcl64k 65536 806 0 806 65 65 0 1 0 8 0 mcl16k 16384 467 0 467 66 66 0 1 0 8 0 mcl12k 12288 1579 0 1579 81 81 0 1 0 8 0 mcl9k 9216 582 0 582 65 65 0 1 0 8 0 mcl8k 8192 1800 0 1800 65 64 1 1 0 8 1 mcl4k 4096 2852 0 2852 34 33 1 1 0 8 1 mcl2k2 2112 222 0 222 60 60 0 1 0 8 0 mcl2k 2048 122570 0 122520 95 87 8 32 0 8 0 mtagpl 96 2395 0 2179 29 21 8 9 0 8 0 mbufpl 256 429539 0 429142 969 938 31 94 0 8 0 bufpl 280 44527 0 37593 496 0 496 496 0 8 0 anonpl 24 2173266 0 2158882 331 224 107 162 0 188 0 amapchunkpl 152 690932 0 690147 213 176 37 65 0 158 0 amappl16 200 41385 0 40894 216 189 27 39 0 8 0 amappl15 192 8 0 7 1 0 1 1 0 8 0 amappl14 184 316 0 306 2 1 1 2 0 8 0 amappl13 176 94 0 93 1 0 1 1 0 8 0 amappl12 168 25170 0 25144 2 0 2 2 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 90 0 79 2 1 1 1 0 8 0 amappl9 144 260 0 259 1 0 1 1 0 8 0 amappl8 136 828 0 724 4 0 4 4 0 8 0 amappl7 128 331 0 306 2 0 2 2 0 8 0 amappl6 120 1165 0 1154 1 0 1 1 0 8 0 amappl5 112 565 0 557 1 0 1 1 0 8 0 amappl4 104 978 0 952 2 1 1 2 0 8 0 amappl3 96 137012 0 136925 13 9 4 4 0 8 0 amappl2 88 25368 0 25301 3 1 2 3 0 8 0 amappl1 80 96298 0 95803 24 13 11 22 0 8 0 amappl 88 217231 0 216987 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 23950 0 23779 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 23950 0 23779 2 0 2 2 0 8 0 vmmpekpl 168 163417 0 163321 5 0 5 5 0 8 0 vmmpepl 168 1382579 0 1380332 491 363 128 143 0 357 0 vmsppl 352 23949 0 23779 17 0 17 17 0 8 0 rwobjpl 24 318845 0 310209 60 7 53 54 0 8 0 pdppl 4096 47906 0 47706 1519 1309 210 212 0 8 10 pvpl 32 6281706 0 6261882 804 619 185 334 0 265 0 pmappl 216 23949 0 23779 12 2 10 10 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3507 0 3001 17 0 17 17 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82916d40) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807478eb48,ffffffff828f0395,2,fffffd807478ebf4,ffff8000377fb638,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805b906628,ffff8000377fb7d8,ffff8000377fb778) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805b906628,ffff80002a68ed48) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a68ed48,ffff8000377fbb18,fffffd805b906628) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff8000377fbb18) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff8000377fbb18,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a68ed48,4,200003c0,200,0,ffff8000377fbcc0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377fbd70) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd991f1c75d0, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82916d40) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807478eb48,ffffffff828f0395,2,fffffd807478ebf4,ffff8000377fb638,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805b906628,ffff8000377fb7d8,ffff8000377fb778) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd805b906628,ffff80002a68ed48) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a68ed48,ffff8000377fbb18,fffffd805b906628) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff8000377fbb18) at namei+0x453 sys/kern/vfs_lookup.c:237 vn_open(ffff8000377fbb18,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a68ed48,4,200003c0,200,0,ffff8000377fbcc0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377fbd70) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd991f1c75d0, count: -12