panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *482162 79952 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e104a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8078a971e8,ffff80002a64d800,1,fffffd8078a97294,ffff80002ff4d800,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c37460,ffff80002ff4dc78,ffff80002ff4dca8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002ff4dc48) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80002ff4dc48) at namei+0x56a sys/kern/vfs_lookup.c:250 vn_open(ffff80002ff4dc48,201,0) at vn_open+0x180 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a6e0570,4,200001c0,200,0,ffff80002ff4dde0) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff80002ff4de90) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x262d2bed1b0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e104a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8078a971e8,ffff80002a64d800,1,fffffd8078a97294,ffff80002ff4d800,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c37460,ffff80002ff4dc78,ffff80002ff4dca8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002ff4dc48) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80002ff4dc48) at namei+0x56a sys/kern/vfs_lookup.c:250 vn_open(ffff80002ff4dc48,201,0) at vn_open+0x180 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a6e0570,4,200001c0,200,0,ffff80002ff4dde0) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff80002ff4de90) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x262d2bed1b0, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002ff4d620 rbx 0xffff800000e68290 rdx 0xffff800000ddfa00 rcx 0 rax 0xffff80002a6e0570 r8 0x101010101010101 r9 0x8080808080808080 r10 0xed61871bac35e72b r11 0x8107ecba393148fd r12 0 r13 0xffff800000f69e00 r14 0 r15 0x1 rip 0xffffffff8173299c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002ff4d610 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=482162 pid=79952 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a5f7aa0,0xffff80002a6e1818 process=0xffff8000ffff5930 user=0xffff80002ff48000, vmspace=0xfffffd806296f9c8 estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 79952 266302 61506 0 2 0 syz-executor.3 *79952 482162 61506 0 7 0x4000000 syz-executor.3 94299 439071 83207 0 2 0 syz-executor.0 94299 203369 83207 0 3 0x4000080 netio syz-executor.0 94299 399343 83207 0 3 0x4000080 netio syz-executor.0 94299 156477 83207 0 3 0x4000080 fsleep syz-executor.0 81592 385299 82838 0 3 0x80 nanoslp syz-executor.2 81592 368429 82838 0 3 0x4000080 netio syz-executor.2 81592 429671 82838 0 3 0x4000080 fsleep syz-executor.2 9194 62061 89915 0 3 0x82 nanoslp syz-executor.7 23507 421751 89915 0 3 0x82 nanoslp syz-executor.6 59406 112603 89915 0 3 0x2 biowait syz-executor.5 83207 450923 89915 0 3 0x82 nanoslp syz-executor.0 61506 145213 89915 0 3 0x82 nanoslp syz-executor.3 26600 247224 1 0 3 0x18100083 ttyin getty 82322 198898 89915 0 3 0x82 nanoslp syz-executor.1 66670 321440 89915 0 3 0x82 nanoslp syz-executor.4 4751 248752 0 0 3 0x14280 nfsidl nfsio 22269 449056 0 0 3 0x14280 nfsidl nfsio 57482 337331 0 0 3 0x14280 nfsidl nfsio 38736 152320 0 0 3 0x14280 nfsidl nfsio 66714 232520 0 0 3 0x14280 nfsidl nfsio 82823 395499 0 0 3 0x14280 nfsidl nfsio 67242 379800 0 0 3 0x14280 nfsidl nfsio 59671 173064 0 0 3 0x14280 nfsidl nfsio 39105 421590 0 0 3 0x14280 nfsidl nfsio 55239 252913 0 0 3 0x14280 nfsidl nfsio 13666 98846 0 0 3 0x14280 nfsidl nfsio 9957 324365 0 0 3 0x14280 nfsidl nfsio 56001 464826 0 0 3 0x14280 nfsidl nfsio 97998 9619 0 0 3 0x14280 nfsidl nfsio 3774 202472 0 0 3 0x14280 nfsidl nfsio 75889 14026 0 0 3 0x14280 nfsidl nfsio 16620 203605 0 0 3 0x14280 nfsidl nfsio 91292 464846 0 0 3 0x14280 nfsidl nfsio 49424 329617 0 0 3 0x14280 nfsidl nfsio 84332 231056 0 0 3 0x14280 nfsidl nfsio 82838 123 89915 0 3 0x82 nanoslp syz-executor.2 17616 390777 0 0 3 0x14200 bored sosplice 89915 458811 43730 0 3 0x1a000082 kqread syz-fuzzer 89915 248936 43730 0 3 0x1e000082 thrsleep syz-fuzzer 89915 197607 43730 0 3 0x1e000082 wait syz-fuzzer 89915 450807 43730 0 3 0x1e000082 thrsleep syz-fuzzer 89915 94308 43730 0 3 0x1e000082 wait syz-fuzzer 89915 278190 43730 0 3 0x1e000082 wait syz-fuzzer 89915 190719 43730 0 3 0x1e000082 thrsleep syz-fuzzer 89915 311261 43730 0 3 0x1e000082 thrsleep syz-fuzzer 89915 50348 43730 0 3 0x1e000082 wait syz-fuzzer 89915 109853 43730 0 3 0x1e000082 wait syz-fuzzer 89915 403003 43730 0 3 0x1e000082 thrsleep syz-fuzzer 89915 17797 43730 0 3 0x1e000082 wait syz-fuzzer 89915 517422 43730 0 3 0x1e000082 wait syz-fuzzer 89915 222371 43730 0 3 0x1e000082 wait syz-fuzzer 89915 216924 43730 0 3 0x1e000082 thrsleep syz-fuzzer 43730 105429 75615 0 3 0x810008a sigsusp ksh 75615 77516 65848 0 3 0x1800009a kqread sshd 65848 246891 1 0 3 0x18000088 kqread sshd 24288 138223 78681 73 3 0x19100090 kqread syslogd 78681 219335 1 0 3 0x18100082 netio syslogd 53899 235187 1 0 3 0x18100080 kqread resolvd 52173 325928 54985 77 3 0x18100092 kqread dhcpleased 71717 437125 54985 77 3 0x18100092 kqread dhcpleased 54985 43288 1 0 3 0x18000080 kqread dhcpleased 99324 288071 0 0 3 0x14200 bored smr 59479 209376 0 0 2 0x14200 zerothread 59369 95503 0 0 3 0x14200 aiodoned aiodoned 6792 191960 0 0 3 0x14200 syncer update 55898 507796 0 0 3 0x14200 cleaner cleaner 38113 478636 0 0 3 0x14200 reaper reaper 20083 163586 0 0 3 0x14200 pgdaemon pagedaemon 6991 507005 0 0 3 0x14200 bored viomb 47182 461298 0 0 3 0x40014200 acpi0 acpi0 25766 265078 0 0 3 0x14200 bored softnet3 59841 381033 0 0 3 0x14200 bored softnet2 27091 10208 0 0 3 0x14200 bored softnet1 70670 257648 0 0 3 0x14200 bored softnet0 28353 325377 0 0 3 0x14200 bored systqmp 88017 256291 0 0 3 0x14200 bored systq 12359 143769 0 0 3 0x40014200 tmoslp softclock 27872 250856 0 0 3 0x40014200 idle0 1 102587 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10210 6422K 14632K 166960K 49921 0 pcb 16 18K 20K 166960K 2282 0 rtable 218 8K 9K 166960K 3338 0 pf 30 9K 9K 166960K 367 0 ifaddr 45 13K 15K 166960K 442 0 ifgroup 51 2K 2K 166960K 622 0 sysctl 4 1K 3K 166960K 13 0 counters 30 17K 17K 166960K 197 0 ioctlops 0 0K 2K 166960K 1691 0 iov 1 2K 24K 166960K 4327 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1560 98K 99K 166960K 23079 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 305 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 3179 0 dirhash 90 16K 18K 166960K 41376 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 13 45K 69K 166960K 41922 0 sigio 0 0K 0K 166960K 671 0 proc 58 59K 75K 166960K 3471 0 subproc 104 6K 6K 166960K 982 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2156 0 in_multi 88 6K 7K 166960K 1064 0 ether_multi 2 0K 0K 166960K 13 0 mrt 4 0K 0K 166960K 20 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 1K 166960K 11420 0 pfkey data 0 0K 0K 166960K 33 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 507 390K 392K 166960K 386587 0 UVM aobj 131 4K 4K 166960K 138 0 pinsyscall 22 44K 100K 166960K 3515 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 962 0 NDP 11 0K 2K 166960K 332 0 temp 74 6804K 7440K 166960K 534304 0 kqueue 13 20K 40K 166960K 2386 0 SYN cache 2 104K 112K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1067 0 1064 6 5 1 3 0 8 0 rtentry 112 996 0 897 5 1 4 4 0 8 0 unpcb 144 22381 0 22362 25 24 1 11 0 8 0 syncache 336 312 0 312 4 4 0 1 0 8 0 tcpqe 32 436 0 436 4 4 0 1 0 8 0 tcpcb 808 9790 0 9777 42 40 2 15 0 8 0 arp 88 186 0 170 1 0 1 1 0 8 0 ipq 40 17 0 17 3 3 0 1 0 8 0 ipqe 40 62 0 62 3 3 0 1 0 8 0 inpcb 360 23769 0 23752 72 70 2 15 0 8 0 nd6 104 249 0 228 1 0 1 1 0 8 0 pkpcb 40 145 0 145 5 4 1 1 0 8 1 kcovpl 48 75 0 67 1 0 1 1 0 8 0 ppxss 1072 50 0 50 3 3 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 3806 0 3390 38 12 26 31 0 8 0 art_table 32 3807 0 3390 4 0 4 4 0 8 0 art_node 16 973 0 883 1 0 1 1 0 8 0 sysvmsgpl 40 26 0 13 1 0 1 1 0 8 0 semapl 112 3177 0 3167 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 13806 0 13763 8 1 7 7 0 8 0 dino2pl 256 65457 0 63493 123 0 123 123 0 8 0 ffsino 240 65457 0 63493 116 0 116 116 0 8 0 nchpl 144 118275 0 116541 67 2 65 67 0 8 0 uvmvnodes 80 9977 0 0 204 0 204 204 0 8 0 vnodes 216 9977 0 0 555 0 555 555 0 8 0 namei 1024 451547 0 451545 5 4 1 2 0 8 0 vcpupl 2048 83 0 2 11 0 11 11 0 8 0 vmpool 664 136 0 55 7 0 7 7 0 8 0 kstatmem 264 356 0 334 2 0 2 2 0 8 0 scxspl 216 378407 0 378406 20 18 2 8 1 8 1 plimitpl 152 3276 0 3261 1 0 1 1 0 8 0 sigapl 424 42664 0 42599 8 0 8 8 0 8 0 futexpl 64 339848 0 339846 1 0 1 1 0 8 0 knotepl 120 339421 0 339338 53 50 3 19 0 8 0 kqueuepl 184 7720 0 7711 12 11 1 6 0 8 0 pipepl 288 5283 0 5254 24 17 7 10 0 8 4 fdescpl 432 42084 0 42060 4 0 4 4 0 8 0 filepl 120 197369 0 197123 36 24 12 19 0 8 2 lockfpl 104 8980 0 8978 6 5 1 4 0 8 0 lockfspl 48 2936 0 2934 1 0 1 1 0 8 0 sessionpl 144 102 0 86 1 0 1 1 0 8 0 pgrppl 48 494 0 478 1 0 1 1 0 8 0 ucredpl 104 22251 0 22232 1 0 1 1 0 8 0 zombiepl 144 42603 0 42599 1 0 1 1 0 8 0 processpl 1072 42664 0 42599 5 0 5 5 0 8 0 procpl 680 106157 0 106072 10 1 9 9 0 8 0 sosppl 168 343 0 343 2 2 0 1 0 8 0 sockpl 488 47390 0 47351 653 647 6 36 0 8 1 mcl64k 65536 1175 0 1175 5 4 1 1 0 8 1 mcl16k 16384 774 0 774 4 4 0 1 0 8 0 mcl12k 12288 1234 0 1234 5 4 1 1 0 8 1 mcl9k 9216 725 0 725 4 4 0 1 0 8 0 mcl8k 8192 2828 0 2827 6 5 1 3 0 8 0 mcl4k 4096 5815 0 5815 5 4 1 1 0 8 1 mcl2k2 2112 358 0 358 4 4 0 1 0 8 0 mcl2k 2048 139283 0 139164 62 45 17 36 0 8 1 mtagpl 96 4059 0 3849 22 8 14 19 0 8 0 mbufpl 256 528944 0 528629 686 634 52 412 0 8 1 bufpl 280 65271 0 55294 713 0 713 713 0 8 0 anonpl 24 3696506 0 3683406 176 80 96 120 0 188 0 amapchunkpl 152 1214861 0 1214096 78 42 36 47 0 158 0 amappl16 200 82045 0 81594 163 136 27 44 0 8 0 amappl15 192 108 0 107 1 0 1 1 0 8 0 amappl14 184 394 0 378 2 1 1 2 0 8 0 amappl13 176 11 0 11 2 2 0 1 0 8 0 amappl12 168 43746 0 43715 2 0 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 111 0 99 1 0 1 1 0 8 0 amappl9 144 342 0 341 1 0 1 1 0 8 0 amappl8 136 1138 0 959 7 0 7 7 0 8 0 amappl7 128 158 0 142 1 0 1 1 0 8 0 amappl6 120 1369 0 1340 2 0 2 2 0 8 0 amappl5 112 959 0 947 1 0 1 1 0 8 0 amappl4 104 1548 0 1501 3 1 2 2 0 8 0 amappl3 96 241212 0 241124 4 1 3 4 0 8 0 amappl2 88 44606 0 44526 4 2 2 4 0 8 0 amappl1 80 160674 0 160184 22 11 11 22 0 8 0 amappl 88 384521 0 384288 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 137 0 7 3 0 3 3 0 8 0 uaddrrnd 24 42220 0 42115 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 42220 0 42115 1 0 1 1 0 8 0 vmmpekpl 168 269466 0 269388 6 1 5 5 0 8 0 vmmpepl 168 2414104 0 2411760 211 71 140 147 0 357 8 vmsppl 352 42219 0 42115 11 1 10 10 0 8 0 rwobjpl 24 555077 0 543360 72 0 72 72 0 8 0 pdppl 4096 84446 0 84311 1733 1590 143 145 0 8 8 pvpl 32 10935198 0 10916443 534 356 178 359 0 265 0 pmappl 216 42219 0 42115 7 0 7 7 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2886 0 2367 24 7 17 24 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e104a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8078a971e8,ffff80002a64d800,1,fffffd8078a97294,ffff80002ff4d800,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c37460,ffff80002ff4dc78,ffff80002ff4dca8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002ff4dc48) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80002ff4dc48) at namei+0x56a sys/kern/vfs_lookup.c:250 vn_open(ffff80002ff4dc48,201,0) at vn_open+0x180 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a6e0570,4,200001c0,200,0,ffff80002ff4dde0) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff80002ff4de90) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x262d2bed1b0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e104a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8078a971e8,ffff80002a64d800,1,fffffd8078a97294,ffff80002ff4d800,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c37460,ffff80002ff4dc78,ffff80002ff4dca8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002ff4dc48) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff80002ff4dc48) at namei+0x56a sys/kern/vfs_lookup.c:250 vn_open(ffff80002ff4dc48,201,0) at vn_open+0x180 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a6e0570,4,200001c0,200,0,ffff80002ff4dde0) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff80002ff4de90) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x262d2bed1b0, count: -11