panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *297732 35244 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82959b3a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806d7a4790,ffff80002a6c7400,1,fffffd806d7a483c,ffff80003436cc78,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805f983018,ffff80003436d0f8,ffff80003436d128) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003436d0c8) at vfs_lookup+0x6dc sys/kern/vfs_lookup.c:566 namei(ffff80003436d0c8) at namei+0x55a sys/kern/vfs_lookup.c:250 vn_open(ffff80003436d0c8,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a5e6818,4,200000c0,200,10,ffff80003436d270) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff80003436d320) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e6895ebfe0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82959b3a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806d7a4790,ffff80002a6c7400,1,fffffd806d7a483c,ffff80003436cc78,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805f983018,ffff80003436d0f8,ffff80003436d128) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003436d0c8) at vfs_lookup+0x6dc sys/kern/vfs_lookup.c:566 namei(ffff80003436d0c8) at namei+0x55a sys/kern/vfs_lookup.c:250 vn_open(ffff80003436d0c8,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a5e6818,4,200000c0,200,10,ffff80003436d270) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff80003436d320) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e6895ebfe0, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003436caa0 rbx 0 rdx 0xffff800000dc3bc0 rcx 0 rax 0xffff80002a5e6818 r8 0x101010101010101 r9 0x8080808080808080 r10 0xeb2d7b5047a98ee2 r11 0xc2edc1100fb8a7e0 r12 0 r13 0xffff800000e028a0 r14 0 r15 0x1 rip 0xffffffff814f129c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80003436ca90 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=297732 pid=35244 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a5e6020,0xffff80002a5e6d78 process=0xffff8000343a10d8 user=0xffff800034368000, vmspace=0xfffffd8068acb880 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 57153 83866 52370 0 2 0 syz-executor.7 92859 400136 30119 0 2 0 syz-executor.1 92859 442344 30119 0 2 0x4000000 syz-executor.1 43589 241244 58691 60928 2 0x10 syz-executor.2 43589 290123 58691 60928 3 0x4000090 fsleep syz-executor.2 3396 313720 61961 0 2 0 syz-executor.0 3396 114517 61961 0 3 0x4000080 fsleep syz-executor.0 35244 39228 48464 0 2 0 syz-executor.3 *35244 297732 48464 0 7 0x4000000 syz-executor.3 26721 484631 0 0 3 0x14280 nfsidl nfsio 3375 154224 0 0 3 0x14280 nfsidl nfsio 59034 174490 0 0 3 0x14280 nfsidl nfsio 99502 204467 0 0 3 0x14280 nfsidl nfsio 25254 310815 0 0 3 0x14280 nfsidl nfsio 56896 292989 0 0 3 0x14280 nfsidl nfsio 56435 141774 0 0 3 0x14280 nfsidl nfsio 7742 159065 0 0 3 0x14280 nfsidl nfsio 74678 447743 0 0 3 0x14280 nfsidl nfsio 52982 350555 0 0 3 0x14280 nfsidl nfsio 69150 138833 0 0 3 0x14280 nfsidl nfsio 5972 221292 0 0 3 0x14280 nfsidl nfsio 2616 387742 0 0 3 0x14280 nfsidl nfsio 98623 165294 0 0 3 0x14280 nfsidl nfsio 34048 323438 0 0 3 0x14280 nfsidl nfsio 38466 343296 0 0 3 0x14280 nfsidl nfsio 35977 353042 0 0 3 0x14280 nfsidl nfsio 21807 497659 0 0 3 0x14280 nfsidl nfsio 9798 302095 0 0 3 0x14280 nfsidl nfsio 96396 451946 0 0 3 0x14280 nfsidl nfsio 11355 371312 10846 0 3 0x82 nanoslp syz-executor.6 61961 175665 10846 0 3 0x82 nanoslp syz-executor.0 9778 108873 10846 0 2 0x2 syz-executor.4 58691 401171 10846 0 3 0x82 nanoslp syz-executor.2 69154 386622 10846 0 3 0x82 nanoslp syz-executor.5 7042 432568 1 0 3 0x100083 ttyin getty 30119 146355 10846 0 3 0x82 nanoslp syz-executor.1 48464 236140 10846 0 3 0x82 nanoslp syz-executor.3 42129 291154 0 0 3 0x14200 acct acct 52370 88060 10846 0 3 0x82 nanoslp syz-executor.7 84197 286594 0 0 3 0x14200 bored sosplice 10846 342376 44469 0 3 0x2000082 thrsleep syz-fuzzer 10846 300440 44469 0 3 0x6000082 nanoslp syz-fuzzer 10846 41973 44469 0 3 0x6000082 kqread syz-fuzzer 10846 503028 44469 0 3 0x6000082 wait syz-fuzzer 10846 383113 44469 0 3 0x6000082 wait syz-fuzzer 10846 520148 44469 0 3 0x6000082 wait syz-fuzzer 10846 136268 44469 0 3 0x6000082 wait syz-fuzzer 10846 396227 44469 0 3 0x6000082 thrsleep syz-fuzzer 10846 305368 44469 0 3 0x6000082 thrsleep syz-fuzzer 10846 298170 44469 0 3 0x6000082 wait syz-fuzzer 10846 476040 44469 0 3 0x6000082 thrsleep syz-fuzzer 10846 324936 44469 0 3 0x6000082 wait syz-fuzzer 10846 70096 44469 0 3 0x6000082 wait syz-fuzzer 10846 213026 44469 0 3 0x6000082 wait syz-fuzzer 44469 414767 96828 0 3 0x10008a sigsusp ksh 96828 396131 44571 0 3 0x9a kqread sshd 44571 13415 1 0 3 0x88 kqread sshd 43806 499492 48695 73 3 0x1100090 kqread syslogd 48695 48518 1 0 3 0x100082 netio syslogd 77651 107476 1 0 3 0x100080 kqread resolvd 94365 287011 7524 77 3 0x100092 kqread dhcpleased 6143 215193 7524 77 3 0x100092 kqread dhcpleased 7524 476003 1 0 3 0x80 kqread dhcpleased 43462 31969 0 0 3 0x14200 bored smr 52991 395698 0 0 2 0x14200 zerothread 14177 58571 0 0 3 0x14200 aiodoned aiodoned 37999 207164 0 0 3 0x14200 syncer update 37752 446906 0 0 3 0x14200 cleaner cleaner 50522 22720 0 0 3 0x14200 reaper reaper 95007 206373 0 0 3 0x14200 pgdaemon pagedaemon 48019 77676 0 0 3 0x14200 bored viomb 13124 35416 0 0 3 0x40014200 acpi0 acpi0 54053 24583 0 0 3 0x14200 bored softnet3 17023 274245 0 0 3 0x14200 bored softnet2 52328 404221 0 0 3 0x14200 bored softnet1 5683 306242 0 0 3 0x14200 bored softnet0 39070 354681 0 0 3 0x14200 bored systqmp 77723 363829 0 0 3 0x14200 bored systq 86852 500551 0 0 3 0x40014200 tmoslp softclock 45114 142471 0 0 3 0x40014200 idle0 1 411926 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10217 6499K 7474K 166960K 37272 0 pcb 15 20K 22K 166960K 1547 0 rtable 184 14K 17K 166960K 4411 0 pf 36 10K 10K 166960K 399 0 ifaddr 37 11K 15K 166960K 305 0 ifgroup 63 2K 2K 166960K 616 0 sysctl 3 0K 0K 166960K 15 0 counters 33 17K 18K 166960K 185 0 ioctlops 0 0K 2K 166960K 972 0 iov 0 0K 48K 166960K 1991 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1524 95K 96K 166960K 11535 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 718 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 486 0 dirhash 93 16K 18K 166960K 5076 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 69K 166960K 23201 0 sigio 1 0K 0K 166960K 852 0 proc 58 59K 83K 166960K 1720 0 subproc 104 6K 6K 166960K 511 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1223 0 in_multi 66 4K 7K 166960K 530 0 ether_multi 1 0K 0K 166960K 7 0 mrt 1 0K 0K 166960K 13 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 3018 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 473 683K 685K 166960K 210788 0 UVM aobj 131 4K 4K 166960K 230 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 600 0 NDP 14 0K 2K 166960K 246 0 temp 74 6764K 7040K 166960K 124317 0 kqueue 12 18K 30K 166960K 1984 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1345 0 1342 5 2 3 3 0 8 2 rtentry 112 1111 0 1034 4 0 4 4 0 8 0 unpcb 144 19561 0 19546 17 9 8 10 0 8 7 syncache 320 310 0 310 2 1 1 1 0 8 1 tcpqe 32 257 0 257 2 1 1 1 0 8 1 tcpcb 808 7489 0 7475 29 20 9 15 0 8 6 arp 88 104 0 92 1 0 1 1 0 8 0 ipq 40 11 0 11 2 1 1 1 0 8 1 ipqe 40 93 0 93 2 1 1 1 0 8 1 inpcb 344 18475 0 18458 67 58 9 18 0 8 5 nd6 104 131 0 116 1 0 1 1 0 8 0 pkpcb 40 124 0 124 2 1 1 1 0 8 1 kcovpl 48 39 0 31 1 0 1 1 0 8 0 ppxss 1072 57 0 57 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2047 0 1718 38 7 31 31 0 8 7 art_table 32 2048 0 1718 4 0 4 4 0 8 0 art_node 16 531 0 461 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 3 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 481 0 471 1 0 1 1 0 8 0 shmpl 112 227 0 99 4 0 4 4 0 8 0 dirhash 1024 1706 0 1662 6 0 6 6 0 8 0 dino2pl 256 32143 0 30659 94 0 94 94 0 8 0 ffsino 240 32143 0 30659 88 0 88 88 0 8 0 nchpl 144 62581 0 60928 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 187416 0 187415 4 2 2 3 0 8 1 vcpupl 2048 123 0 0 16 0 16 16 0 8 0 vmpool 664 178 0 55 11 0 11 11 0 8 0 kstatmem 264 332 0 304 3 0 3 3 0 8 0 scxspl 216 172860 0 172860 11 7 4 8 1 8 4 plimitpl 152 1759 0 1744 1 0 1 1 0 8 0 sigapl 424 23629 0 23563 8 0 8 8 0 8 0 futexpl 64 194099 0 194097 1 0 1 1 0 8 0 knotepl 120 209737 0 209655 17 6 11 11 0 8 6 kqueuepl 184 4204 0 4196 7 3 4 4 0 8 3 pipepl 288 2785 0 2757 12 5 7 7 0 8 4 fdescpl 432 23424 0 23398 4 0 4 4 0 8 0 filepl 120 126284 0 126044 28 10 18 18 0 8 8 lockfpl 104 9802 0 9800 3 1 2 2 0 8 1 lockfspl 48 3056 0 3054 1 0 1 1 0 8 0 sessionpl 144 58 0 42 1 0 1 1 0 8 0 pgrppl 48 1106 0 1090 1 0 1 1 0 8 0 ucredpl 104 15642 0 15631 1 0 1 1 0 8 0 zombiepl 144 23565 0 23563 1 0 1 1 0 8 0 processpl 1072 23629 0 23563 5 0 5 5 0 8 0 procpl 680 56537 0 56454 10 1 9 9 0 8 1 sosppl 168 211 0 208 2 1 1 1 0 8 0 sockpl 488 39600 0 39565 640 627 13 34 0 8 7 mcl64k 65536 725 0 725 2 1 1 1 0 8 1 mcl16k 16384 389 0 389 2 1 1 1 0 8 1 mcl12k 12288 830 0 830 2 1 1 1 0 8 1 mcl9k 9216 361 0 361 2 1 1 1 0 8 1 mcl8k 8192 1518 0 1518 2 1 1 1 0 8 1 mcl4k 4096 2280 0 2280 8 4 4 4 0 8 4 mcl2k2 2112 142 0 142 2 1 1 1 0 8 1 mcl2k 2048 111730 0 111679 37 23 14 28 0 8 6 mtagpl 96 3425 0 3152 25 10 15 21 0 8 8 mbufpl 256 357464 0 357071 380 338 42 73 0 8 8 bufpl 280 37687 0 31300 457 0 457 457 0 8 0 anonpl 24 1936647 0 1923299 129 16 113 113 0 188 14 amapchunkpl 152 664178 0 663374 46 6 40 46 0 158 1 amappl16 200 36466 0 35999 92 58 34 39 0 8 7 amappl15 192 20 0 20 1 1 0 1 0 8 0 amappl14 184 284 0 269 2 1 1 2 0 8 0 amappl13 176 27 0 27 1 1 0 1 0 8 0 amappl12 168 24548 0 24516 2 0 2 2 0 8 0 amappl11 160 55 0 44 1 0 1 1 0 8 0 amappl10 152 78 0 66 1 0 1 1 0 8 0 amappl9 144 226 0 226 2 1 1 1 0 8 1 amappl8 136 751 0 639 5 0 5 5 0 8 0 amappl7 128 282 0 257 2 0 2 2 0 8 0 amappl6 120 844 0 827 1 0 1 1 0 8 0 amappl5 112 474 0 466 1 0 1 1 0 8 0 amappl4 104 850 0 819 2 1 1 2 0 8 0 amappl3 96 132803 0 132711 4 0 4 4 0 8 1 amappl2 88 24644 0 24567 3 1 2 3 0 8 0 amappl1 80 92111 0 91604 23 11 12 22 0 8 1 amappl 88 209657 0 209402 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 229 0 99 3 0 3 3 0 8 0 uaddrrnd 24 23602 0 23453 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 23602 0 23453 1 0 1 1 0 8 0 vmmpekpl 168 150792 0 150719 4 0 4 4 0 8 0 vmmpepl 168 1322558 0 1320169 161 19 142 142 0 357 15 vmsppl 352 23601 0 23453 14 0 14 14 0 8 0 rwobjpl 24 296820 0 289177 48 0 48 48 0 8 0 pdppl 4096 47210 0 47029 1436 1251 185 185 0 8 4 pvpl 32 5528066 0 5509169 393 189 204 362 0 265 30 pmappl 216 23601 0 23453 9 0 9 9 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2168 0 1656 16 0 16 16 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82959b3a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806d7a4790,ffff80002a6c7400,1,fffffd806d7a483c,ffff80003436cc78,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805f983018,ffff80003436d0f8,ffff80003436d128) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003436d0c8) at vfs_lookup+0x6dc sys/kern/vfs_lookup.c:566 namei(ffff80003436d0c8) at namei+0x55a sys/kern/vfs_lookup.c:250 vn_open(ffff80003436d0c8,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a5e6818,4,200000c0,200,10,ffff80003436d270) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff80003436d320) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e6895ebfe0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82959b3a) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806d7a4790,ffff80002a6c7400,1,fffffd806d7a483c,ffff80003436cc78,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd805f983018,ffff80003436d0f8,ffff80003436d128) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff80003436d0c8) at vfs_lookup+0x6dc sys/kern/vfs_lookup.c:566 namei(ffff80003436d0c8) at namei+0x55a sys/kern/vfs_lookup.c:250 vn_open(ffff80003436d0c8,201,0) at vn_open+0x17b sys/kern/vfs_vnops.c:107 doopenat(ffff80002a5e6818,4,200000c0,200,10,ffff80003436d270) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff80003436d320) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e6895ebfe0, count: -11