Tg3J6ɕPs QȌ׸uWLΆw@rGr/ ״m ;4`GxvMcI-} k:T |#?-"Tg3J6ɕPs QȌ׸uWLΆw@rGr/ ״m ;4`GxvMcI-} k:T |#?-"Tg3J6ɕPs QȌ׸uWLΆw@rGr/ ״m ;4`GxvMcI-} k:T |#?-"Tg3J6ɕPs QȌ׸uWLΆw@rGr/ ״m ;4`GxvMcI-} k:T |#?-"panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *268584 34487 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e005a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807bae2c40,ffff80002a5f7800,1,fffffd807bae2cec,ffff80003781d440,ffff80003781d458) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8063e166d0,ffff80003781d798,ffff80003781d7c8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003781d768) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003781d768) at namei+0x56a sys/kern/vfs_lookup.c:250 dorenameat(ffff80002c0eed58,4,200000c0,3,200001c0) at dorenameat+0x7f sys/kern/vfs_syscalls.c:2946 syscall(ffff80003781d950) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe34269e7ac0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e005a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807bae2c40,ffff80002a5f7800,1,fffffd807bae2cec,ffff80003781d440,ffff80003781d458) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8063e166d0,ffff80003781d798,ffff80003781d7c8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003781d768) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003781d768) at namei+0x56a sys/kern/vfs_lookup.c:250 dorenameat(ffff80002c0eed58,4,200000c0,3,200001c0) at dorenameat+0x7f sys/kern/vfs_syscalls.c:2946 syscall(ffff80003781d950) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe34269e7ac0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003781d260 rbx 0xffff800000e58890 rdx 0xffff800000e69180 rcx 0 rax 0xffff80002c0eed58 r8 0x101010101010101 r9 0x8080808080808080 r10 0xf5dbface5c1134f0 r11 0x89ba4d913284e633 r12 0 r13 0xffff800000e35a00 r14 0 r15 0x1 rip 0xffffffff822c0e2c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80003781d250 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) tid=268584 pid=34487 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002c0ee560,0xffff80002c0ef010 process=0xffff800037884020 user=0xffff800037818000, vmspace=0xfffffd806bc52700 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 82093 477453 0 0 3 0x14200 acct acct 32452 211114 4276 0 3 0x80 nanoslp syz-executor.6 32452 316839 4276 0 3 0x4000080 fsleep syz-executor.6 34487 200127 16315 0 2 0 syz-executor.1 *34487 268584 16315 0 7 0x4000000 syz-executor.1 18941 512708 37203 0 3 0x80 nanoslp syz-executor.7 18941 188153 37203 0 3 0x4000080 fsleep syz-executor.7 18941 33247 37203 0 3 0x4000080 fsleep syz-executor.7 18941 314091 37203 0 3 0x4000080 fsleep syz-executor.7 27470 23501 47712 0 3 0x80 nanoslp syz-executor.3 27470 372292 47712 0 3 0x4000080 netcon syz-executor.3 27470 474216 47712 0 3 0x4000080 fsleep syz-executor.3 11010 480128 11724 0 3 0x82 piperd syz-executor.2 16315 251802 11724 0 3 0x82 nanoslp syz-executor.1 98070 258634 11724 0 3 0x82 piperd syz-executor.4 77036 328100 11724 0 2 0x2 syz-executor.5 4276 210573 11724 0 3 0x82 nanoslp syz-executor.6 22080 86023 0 0 3 0x14200 bored sosplice 5248 172911 0 0 3 0x14280 nfsidl nfsio 41925 349567 0 0 3 0x14280 nfsidl nfsio 1830 167750 0 0 3 0x14280 nfsidl nfsio 28376 408248 0 0 3 0x14280 nfsidl nfsio 13838 114542 0 0 3 0x14280 nfsidl nfsio 69665 122559 0 0 3 0x14280 nfsidl nfsio 88505 311334 0 0 3 0x14280 nfsidl nfsio 82370 33559 0 0 3 0x14280 nfsidl nfsio 25150 10794 0 0 3 0x14280 nfsidl nfsio 62469 399973 0 0 3 0x14280 nfsidl nfsio 50636 139679 0 0 3 0x14280 nfsidl nfsio 37807 204791 0 0 3 0x14280 nfsidl nfsio 69641 205225 0 0 3 0x14280 nfsidl nfsio 50252 152489 0 0 3 0x14280 nfsidl nfsio 75538 494988 0 0 3 0x14280 nfsidl nfsio 91324 322078 0 0 3 0x14280 nfsidl nfsio 92488 309995 0 0 3 0x14280 nfsidl nfsio 37521 89 0 0 3 0x14280 nfsidl nfsio 69843 220216 0 0 3 0x14280 nfsidl nfsio 3611 281648 0 0 3 0x14280 nfsidl nfsio 37203 196560 11724 0 3 0x82 nanoslp syz-executor.7 47712 517544 11724 0 3 0x82 nanoslp syz-executor.3 22053 305411 11724 0 3 0x82 piperd syz-executor.0 11724 447621 35633 0 3 0x1a000082 kqread syz-fuzzer 11724 305029 35633 0 3 0x1e000082 thrsleep syz-fuzzer 11724 190995 35633 0 3 0x1e000082 wait syz-fuzzer 11724 255136 35633 0 3 0x1e000082 wait syz-fuzzer 11724 411266 35633 0 3 0x1e000082 thrsleep syz-fuzzer 11724 493535 35633 0 3 0x1e000082 thrsleep syz-fuzzer 11724 408089 35633 0 3 0x1e000082 thrsleep syz-fuzzer 11724 408588 35633 0 3 0x1e000082 wait syz-fuzzer 11724 44730 35633 0 3 0x1e000082 wait syz-fuzzer 11724 98440 35633 0 3 0x1e000082 wait syz-fuzzer 11724 262090 35633 0 3 0x1e000082 thrsleep syz-fuzzer 11724 45515 35633 0 3 0x1e000082 wait syz-fuzzer 11724 288440 35633 0 3 0x1e000082 wait syz-fuzzer 11724 129758 35633 0 3 0x1e000082 wait syz-fuzzer 35633 134966 97910 0 3 0x810008a sigsusp ksh 97910 200509 98710 0 3 0x1800009a kqread sshd 85215 281052 1 0 3 0x18100083 ttyin getty 98710 487352 1 0 3 0x18000088 kqread sshd 80421 132130 18102 73 3 0x19100090 kqread syslogd 18102 251002 1 0 3 0x18100082 netio syslogd 90899 282461 1 0 3 0x18100080 kqread resolvd 82175 451878 30496 77 3 0x18100092 kqread dhcpleased 39575 517950 30496 77 3 0x18100092 kqread dhcpleased 30496 234456 1 0 3 0x18000080 kqread dhcpleased 98284 350452 0 0 3 0x14200 bored smr 38728 356953 0 0 2 0x14200 zerothread 73840 516070 0 0 3 0x14200 aiodoned aiodoned 70440 175286 0 0 3 0x14200 syncer update 99182 178712 0 0 3 0x14200 cleaner cleaner 48451 67946 0 0 3 0x14200 reaper reaper 3374 459676 0 0 3 0x14200 pgdaemon pagedaemon 23459 303395 0 0 3 0x14200 bored viomb 39510 437570 0 0 3 0x40014200 acpi0 acpi0 15824 239709 0 0 3 0x14200 bored softnet3 74444 198614 0 0 3 0x14200 bored softnet2 87489 233830 0 0 3 0x14200 bored softnet1 80877 11482 0 0 3 0x14200 bored softnet0 12227 302718 0 0 3 0x14200 bored systqmp 99962 51610 0 0 3 0x14200 bored systq 71955 490952 0 0 3 0x40014200 tmoslp softclock 90003 51976 0 0 3 0x40014200 idle0 1 421701 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10168 6398K 6917K 166960K 14676 0 pcb 16 12K 14K 166960K 70 0 rtable 198 10K 11K 166960K 835 0 pf 30 9K 9K 166960K 66 0 ifaddr 37 10K 11K 166960K 84 0 ifgroup 51 2K 2K 166960K 113 0 sysctl 3 1K 1K 166960K 3 0 counters 30 17K 17K 166960K 46 0 ioctlops 0 0K 2K 166960K 69 0 iov 0 0K 12K 166960K 100 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1432 90K 90K 166960K 2498 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 27 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 246 0 dirhash 81 14K 16K 166960K 774 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 69K 166960K 1847 0 sigio 0 0K 0K 166960K 24 0 proc 57 59K 75K 166960K 742 0 subproc 104 6K 6K 166960K 195 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 117 0 in_multi 77 5K 7K 166960K 206 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 49 228K 228K 166960K 49 0 exec 0 0K 1K 166960K 822 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 354 175K 191K 166960K 18793 0 UVM aobj 44 2K 2K 166960K 47 0 pinsyscall 22 44K 100K 166960K 1427 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 74 0 NDP 11 0K 2K 166960K 57 0 temp 73 6800K 6864K 166960K 10186 0 kqueue 13 20K 22K 166960K 117 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 143 0 140 1 0 1 1 0 8 0 rtentry 112 215 0 126 4 0 4 4 0 8 0 unpcb 144 965 0 947 4 0 4 4 0 8 3 syncache 336 17 0 17 1 0 1 1 0 8 1 tcpqe 32 111 0 111 1 0 1 1 0 8 1 tcpcb 808 602 0 595 8 0 8 8 0 8 7 arp 88 40 0 25 1 0 1 1 0 8 0 ipq 40 2 0 2 1 0 1 1 0 8 1 ipqe 40 7 0 7 1 0 1 1 0 8 1 inpcb 360 1495 0 1484 11 2 9 11 0 8 7 nd6 104 47 0 29 1 0 1 1 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 ppxss 1072 3 0 3 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 784 0 413 29 0 29 29 0 8 5 art_table 32 785 0 413 4 0 4 4 0 8 0 art_node 16 207 0 126 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 1 0 1 1 0 8 1 semupl 112 7 0 7 1 0 1 1 0 8 1 semapl 112 243 0 233 1 0 1 1 0 8 0 shmpl 112 44 0 3 2 0 2 2 0 8 0 dirhash 1024 271 0 231 6 0 6 6 0 8 0 dino2pl 256 3860 0 2341 96 0 96 96 0 8 0 ffsino 240 3860 0 2341 90 0 90 90 0 8 0 nchpl 144 6325 0 4594 66 0 66 66 0 8 0 uvmvnodes 80 4738 0 0 97 0 97 97 0 8 0 vnodes 216 4738 0 0 264 0 264 264 0 8 0 namei 1024 20509 0 20508 2 0 2 2 0 8 1 vcpupl 2048 18 0 0 3 0 3 3 0 8 0 vmpool 664 18 0 0 2 0 2 2 0 8 0 kstatmem 264 54 0 32 2 0 2 2 0 8 0 scxspl 216 19318 0 19318 8 0 8 8 1 8 8 plimitpl 152 305 0 290 1 0 1 1 0 8 0 sigapl 424 2155 0 2092 8 0 8 8 0 8 0 futexpl 64 16552 0 16547 1 0 1 1 0 8 0 knotepl 120 18212 0 18129 6 0 6 6 0 8 2 kqueuepl 184 163 0 154 1 0 1 1 0 8 0 pipepl 288 252 0 224 3 0 3 3 0 8 0 fdescpl 432 2117 0 2092 4 0 4 4 0 8 0 filepl 120 10349 0 10099 13 0 13 13 0 8 2 lockfpl 104 437 0 434 1 0 1 1 0 8 0 lockfspl 48 172 0 169 1 0 1 1 0 8 0 sessionpl 144 30 0 14 1 0 1 1 0 8 0 pgrppl 48 65 0 49 1 0 1 1 0 8 0 ucredpl 104 1792 0 1781 1 0 1 1 0 8 0 zombiepl 144 2092 0 2092 1 0 1 1 0 8 1 processpl 1072 2155 0 2092 5 0 5 5 0 8 0 procpl 680 4607 0 4524 9 0 9 9 0 8 1 sosppl 168 14 0 14 1 0 1 1 0 8 1 sockpl 488 2603 0 2571 24 13 11 17 0 8 6 mcl64k 65536 143 0 143 1 0 1 1 0 8 1 mcl16k 16384 42 0 42 1 0 1 1 0 8 1 mcl12k 12288 56 0 56 1 0 1 1 0 8 1 mcl9k 9216 37 0 37 1 0 1 1 0 8 1 mcl8k 8192 103 0 103 1 0 1 1 0 8 1 mcl4k 4096 202 0 202 1 0 1 1 0 8 1 mcl2k2 2112 19 0 19 1 0 1 1 0 8 1 mcl2k 2048 72297 0 72250 29 16 13 29 0 8 5 mtagpl 96 307 0 109 7 0 7 7 0 8 1 mbufpl 256 130243 0 129971 95 63 32 69 0 8 8 bufpl 280 6836 0 493 454 0 454 454 0 8 0 anonpl 24 326367 0 312537 88 0 88 88 0 188 1 amapchunkpl 152 60552 0 59708 49 0 49 49 0 158 13 amappl16 200 7380 0 6939 25 0 25 25 0 8 1 amappl15 192 78 0 76 1 0 1 1 0 8 0 amappl14 184 181 0 167 2 0 2 2 0 8 1 amappl13 176 34 0 34 1 0 1 1 0 8 1 amappl12 168 2845 0 2819 2 0 2 2 0 8 0 amappl11 160 123 0 113 1 0 1 1 0 8 0 amappl10 152 49 0 41 1 0 1 1 0 8 0 amappl9 144 164 0 163 1 0 1 1 0 8 0 amappl8 136 181 0 124 2 0 2 2 0 8 0 amappl7 128 52 0 42 1 0 1 1 0 8 0 amappl6 120 416 0 400 2 0 2 2 0 8 1 amappl5 112 221 0 209 1 0 1 1 0 8 0 amappl4 104 608 0 575 2 0 2 2 0 8 0 amappl3 96 12285 0 12210 3 0 3 3 0 8 0 amappl2 88 2638 0 2571 4 0 4 4 0 8 2 amappl1 80 15998 0 15511 21 2 19 21 0 8 8 amappl 88 18137 0 17914 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 46 0 3 1 0 1 1 0 8 0 uaddrrnd 24 2135 0 2092 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2135 0 2092 1 0 1 1 0 8 0 vmmpekpl 168 18517 0 18453 4 0 4 4 0 8 0 vmmpepl 168 147439 0 145310 127 0 127 127 0 357 27 vmsppl 352 2134 0 2092 5 0 5 5 0 8 0 rwobjpl 24 45134 0 38920 38 0 38 38 0 8 0 pdppl 4096 4276 0 4202 214 132 82 82 0 8 8 pvpl 32 810956 0 791815 346 0 346 346 0 265 186 pmappl 216 2134 0 2092 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 593 0 211 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e005a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807bae2c40,ffff80002a5f7800,1,fffffd807bae2cec,ffff80003781d440,ffff80003781d458) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8063e166d0,ffff80003781d798,ffff80003781d7c8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003781d768) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003781d768) at namei+0x56a sys/kern/vfs_lookup.c:250 dorenameat(ffff80002c0eed58,4,200000c0,3,200001c0) at dorenameat+0x7f sys/kern/vfs_syscalls.c:2946 syscall(ffff80003781d950) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe34269e7ac0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e005a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd807bae2c40,ffff80002a5f7800,1,fffffd807bae2cec,ffff80003781d440,ffff80003781d458) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8063e166d0,ffff80003781d798,ffff80003781d7c8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003781d768) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80003781d768) at namei+0x56a sys/kern/vfs_lookup.c:250 dorenameat(ffff80002c0eed58,4,200000c0,3,200001c0) at dorenameat+0x7f sys/kern/vfs_syscalls.c:2946 syscall(ffff80003781d950) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe34269e7ac0, count: -10