panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *397482 28681 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82955fe5) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8061a7de18,ffffffff82933187,2,fffffd8061a7dec4,ffff800032971178,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c9a520,ffff800032971318,ffff8000329712b8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd8067c9a520,ffff80002a6ebab0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a6ebab0,ffff800032971530,fffffd8067c9a520) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff800032971530) at namei+0x453 sys/kern/vfs_lookup.c:237 domkdirat(ffff80002a6ebab0,4,200001c0,0) at domkdirat+0x79 sys/kern/vfs_syscalls.c:3054 syscall(ffff800032971710) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7227b980cc0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82955fe5) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8061a7de18,ffffffff82933187,2,fffffd8061a7dec4,ffff800032971178,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c9a520,ffff800032971318,ffff8000329712b8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd8067c9a520,ffff80002a6ebab0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a6ebab0,ffff800032971530,fffffd8067c9a520) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff800032971530) at namei+0x453 sys/kern/vfs_lookup.c:237 domkdirat(ffff80002a6ebab0,4,200001c0,0) at domkdirat+0x79 sys/kern/vfs_syscalls.c:3054 syscall(ffff800032971710) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7227b980cc0, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800032970fa0 rbx 0 rdx 0 rcx 0 rax 0xffff80002a6ebab0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x14b579c4a6d08eab r11 0xa245b956e41501c4 r12 0 r13 0xffff8000006ba4c0 r14 0 r15 0x1 rip 0xffffffff81a0348c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800032970f90 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=397482 pid=28681 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6c9560,0xffff80002a6c8580 process=0xffff800037839510 user=0xffff80003296c000, vmspace=0xfffffd806c375dc0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 73312 296231 44976 0 2 0 syz-executor.0 56299 213383 94599 0 2 0 syz-executor.2 88182 468516 78828 0 2 0 syz-executor.7 88182 517424 78828 0 3 0x4000080 fsleep syz-executor.7 88336 44819 25787 0 2 0 syz-executor.6 88336 246898 25787 0 3 0x4000080 fsleep syz-executor.6 60010 319574 57980 60928 2 0x10 syz-executor.1 60010 502264 57980 60928 3 0x4000090 fsleep syz-executor.1 21820 322321 69670 0 2 0 syz-executor.4 21820 321186 69670 0 3 0x4000080 fsleep syz-executor.4 28681 204718 25655 0 2 0 syz-executor.3 *28681 397482 25655 0 7 0x4000000 syz-executor.3 78828 414609 2198 0 3 0x82 nanoslp syz-executor.7 57980 394130 2198 0 3 0x82 nanoslp syz-executor.1 35292 317885 0 0 3 0x14280 nfsidl nfsio 1287 326939 0 0 3 0x14280 nfsidl nfsio 9625 175631 0 0 3 0x14280 nfsidl nfsio 6374 233595 0 0 3 0x14280 nfsidl nfsio 34922 88024 0 0 3 0x14280 nfsidl nfsio 413 481692 0 0 3 0x14280 nfsidl nfsio 63250 377368 0 0 3 0x14280 nfsidl nfsio 47218 131121 0 0 3 0x14280 nfsidl nfsio 95224 205492 0 0 3 0x14280 nfsidl nfsio 30778 323869 0 0 3 0x14280 nfsidl nfsio 67366 217041 0 0 3 0x14280 nfsidl nfsio 49592 184712 0 0 3 0x14280 nfsidl nfsio 36081 87052 0 0 3 0x14280 nfsidl nfsio 46344 315993 0 0 3 0x14280 nfsidl nfsio 4186 501125 0 0 3 0x14280 nfsidl nfsio 82131 265305 0 0 3 0x14280 nfsidl nfsio 26705 25693 0 0 3 0x14280 nfsidl nfsio 23697 281554 0 0 3 0x14280 nfsidl nfsio 18585 323562 0 0 3 0x14280 nfsidl nfsio 7005 521895 0 0 3 0x14280 nfsidl nfsio 69670 200975 2198 0 3 0x82 nanoslp syz-executor.4 25787 362418 2198 0 3 0x82 nanoslp syz-executor.6 24155 107840 2198 0 2 0x2 syz-executor.5 44976 160184 2198 0 3 0x82 nanoslp syz-executor.0 61570 4747 1 0 3 0x100083 ttyin getty 6333 456511 0 0 3 0x14200 acct acct 25655 390372 2198 0 3 0x82 nanoslp syz-executor.3 94599 368383 2198 0 3 0x82 nanoslp syz-executor.2 84445 421575 0 0 3 0x14200 bored sosplice 2198 228017 51569 0 3 0x2000082 wait syz-fuzzer 2198 87331 51569 0 3 0x6000082 nanoslp syz-fuzzer 2198 104130 51569 0 3 0x6000082 thrsleep syz-fuzzer 2198 289835 51569 0 3 0x6000082 wait syz-fuzzer 2198 247991 51569 0 3 0x6000082 thrsleep syz-fuzzer 2198 479224 51569 0 3 0x6000082 wait syz-fuzzer 2198 334422 51569 0 3 0x6000082 kqread syz-fuzzer 2198 262781 51569 0 3 0x6000082 thrsleep syz-fuzzer 2198 442637 51569 0 3 0x6000082 wait syz-fuzzer 2198 35424 51569 0 3 0x6000082 wait syz-fuzzer 2198 356213 51569 0 3 0x6000082 thrsleep syz-fuzzer 2198 510338 51569 0 3 0x6000082 wait syz-fuzzer 2198 379 51569 0 3 0x6000082 thrsleep syz-fuzzer 2198 332073 51569 0 3 0x6000082 wait syz-fuzzer 2198 292550 51569 0 3 0x6000082 wait syz-fuzzer 51569 376183 64624 0 3 0x10008a sigsusp ksh 64624 412653 74452 0 3 0x9a kqread sshd 74452 311645 1 0 3 0x88 kqread sshd 50078 478508 41491 73 3 0x1100090 kqread syslogd 41491 80518 1 0 3 0x100082 netio syslogd 95767 248386 1 0 3 0x100080 kqread resolvd 18828 42117 9434 77 3 0x100092 kqread dhcpleased 96088 2958 9434 77 3 0x100092 kqread dhcpleased 9434 270598 1 0 3 0x80 kqread dhcpleased 51810 345431 0 0 3 0x14200 bored smr 95955 517243 0 0 2 0x14200 zerothread 89130 401290 0 0 3 0x14200 aiodoned aiodoned 87988 159112 0 0 3 0x14200 syncer update 67618 485146 0 0 3 0x14200 cleaner cleaner 59977 133141 0 0 3 0x14200 reaper reaper 18418 37479 0 0 3 0x14200 pgdaemon pagedaemon 14795 52371 0 0 3 0x14200 bored viomb 61429 479986 0 0 3 0x40014200 acpi0 acpi0 93798 299587 0 0 3 0x14200 bored softnet3 56869 159835 0 0 3 0x14200 bored softnet2 15537 67062 0 0 3 0x14200 bored softnet1 4535 287856 0 0 3 0x14200 bored softnet0 76952 9103 0 0 3 0x14200 bored systqmp 50252 144044 0 0 3 0x14200 bored systq 98480 352575 0 0 3 0x40014200 tmoslp softclock 34942 215364 0 0 3 0x40014200 idle0 1 57406 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10185 6424K 8563K 166960K 53025 0 pcb 15 20K 23K 166960K 1329 0 rtable 201 14K 15K 166960K 2140 0 pf 32 9K 10K 166960K 1059 0 ifaddr 41 14K 16K 166960K 531 0 ifgroup 55 2K 2K 166960K 1768 0 sysctl 4 1K 1K 166960K 6 0 counters 31 17K 18K 166960K 419 0 ioctlops 0 0K 2K 166960K 1181 0 iov 0 0K 32K 166960K 1747 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1789 112K 112K 166960K 12619 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 173 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 11336 0 dirhash 108 19K 20K 166960K 16392 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 77K 166960K 21746 0 sigio 1 0K 0K 166960K 401 0 proc 60 67K 83K 166960K 2072 0 subproc 104 6K 10K 166960K 544 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 746 0 in_multi 77 5K 7K 166960K 497 0 ether_multi 1 0K 0K 166960K 6 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 2820 0 pfkey data 0 0K 0K 166960K 9 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 527 634K 635K 166960K 200383 0 UVM aobj 131 4K 4K 166960K 138 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 1129 0 NDP 12 0K 2K 166960K 471 0 temp 74 6764K 7152K 166960K 132121 0 kqueue 12 18K 28K 166960K 1297 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1277 0 1274 5 2 3 3 0 8 2 rtentry 112 504 0 415 4 0 4 4 0 8 1 unpcb 144 33132 0 33119 35 26 9 10 0 8 8 syncache 320 129 0 129 5 4 1 1 0 8 1 tcpqe 32 199 0 199 5 4 1 1 0 8 1 tcpcb 808 5058 0 5053 55 46 9 16 0 8 8 arp 88 88 0 74 1 0 1 1 0 8 0 ipq 40 70 0 70 1 0 1 1 0 8 1 ipqe 40 411 0 411 1 0 1 1 0 8 1 inpcb 344 18014 0 18005 70 61 9 16 0 8 8 nd6 104 117 0 98 1 0 1 1 0 8 0 pkpcb 40 156 0 156 3 2 1 1 0 8 1 kcovpl 48 36 0 28 1 0 1 1 0 8 0 ppxss 1072 45 0 45 3 2 1 1 0 8 1 art_heap8 4096 12 0 11 3 0 3 3 0 8 2 art_heap4 256 1906 0 1522 36 9 27 31 0 8 0 art_table 32 1918 0 1533 4 0 4 4 0 8 0 art_node 16 475 0 394 1 0 1 1 0 8 0 sysvmsgpl 40 41 0 1 1 0 1 1 0 8 0 semapl 112 11328 0 11318 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 5485 0 5435 7 0 7 7 0 8 0 dino2pl 256 31086 0 29420 105 0 105 105 0 8 0 ffsino 240 31086 0 29420 99 0 99 99 0 8 0 nchpl 144 64217 0 62534 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 217070 0 217069 8 6 2 2 0 8 1 vcpupl 2048 142 0 0 18 0 18 18 0 8 0 vmpool 664 152 0 10 12 0 12 12 0 8 0 kstatmem 264 800 0 776 3 0 3 3 0 8 0 scxspl 216 179084 0 179084 18 15 3 8 1 8 3 plimitpl 152 1136 0 1121 1 0 1 1 0 8 0 sigapl 424 22112 0 22046 8 0 8 8 0 8 0 futexpl 64 253059 0 253055 1 0 1 1 0 8 0 knotepl 120 191194 0 191111 62 50 12 24 0 8 8 kqueuepl 184 3456 0 3448 13 9 4 4 0 8 3 pipepl 288 3061 0 3033 24 17 7 7 0 8 4 fdescpl 432 21974 0 21946 4 0 4 4 0 8 0 filepl 120 136580 0 136341 44 25 19 19 0 8 10 lockfpl 104 4201 0 4199 2 0 2 2 0 8 1 lockfspl 48 1523 0 1521 1 0 1 1 0 8 0 sessionpl 144 52 0 36 1 0 1 1 0 8 0 pgrppl 48 487 0 471 1 0 1 1 0 8 0 ucredpl 104 15663 0 15652 1 0 1 1 0 8 0 zombiepl 144 22046 0 22046 2 1 1 1 0 8 1 processpl 1072 22112 0 22046 5 0 5 5 0 8 0 procpl 680 54129 0 54044 13 3 10 10 0 8 2 sosppl 168 94 0 94 3 2 1 1 0 8 1 sockpl 488 52729 0 52704 882 870 12 41 0 8 8 mcl64k 65536 664 0 664 5 4 1 1 0 8 1 mcl16k 16384 418 0 418 6 5 1 1 0 8 1 mcl12k 12288 1684 0 1684 5 4 1 1 0 8 1 mcl9k 9216 463 0 463 5 4 1 1 0 8 1 mcl8k 8192 3930 0 3930 6 5 1 1 0 8 1 mcl4k 4096 2399 0 2399 7 5 2 2 0 8 2 mcl2k2 2112 257 0 257 5 4 1 1 0 8 1 mcl2k 2048 123191 0 123141 39 25 14 29 0 8 6 mtagpl 96 4317 0 4127 29 11 18 25 0 8 8 mbufpl 256 378518 0 378202 293 248 45 106 0 8 8 bufpl 280 35146 0 28757 457 0 457 457 0 8 0 anonpl 24 1848770 0 1834292 161 36 125 125 0 188 24 amapchunkpl 152 634200 0 633309 66 16 50 50 0 158 13 amappl16 200 34138 0 33666 87 52 35 50 0 8 8 amappl15 192 28 0 28 1 1 0 1 0 8 0 amappl14 184 239 0 225 2 1 1 2 0 8 0 amappl13 176 35 0 35 3 2 1 1 0 8 1 amappl12 168 23043 0 23013 2 0 2 2 0 8 0 amappl11 160 69 0 59 1 0 1 1 0 8 0 amappl10 152 70 0 60 1 0 1 1 0 8 0 amappl9 144 221 0 221 1 0 1 1 0 8 1 amappl8 136 617 0 499 5 0 5 5 0 8 0 amappl7 128 282 0 257 2 0 2 2 0 8 0 amappl6 120 785 0 773 1 0 1 1 0 8 0 amappl5 112 439 0 431 1 0 1 1 0 8 0 amappl4 104 787 0 759 2 1 1 2 0 8 0 amappl3 96 125994 0 125900 3 0 3 3 0 8 0 amappl2 88 25632 0 25561 3 1 2 3 0 8 0 amappl1 80 87093 0 86583 22 10 12 22 0 8 0 amappl 88 199316 0 199029 8 0 8 8 0 92 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 137 0 7 3 0 3 3 0 8 0 uaddrrnd 24 22126 0 21956 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 22126 0 21956 2 0 2 2 0 8 0 vmmpekpl 168 143902 0 143817 5 0 5 5 0 8 0 vmmpepl 168 1255555 0 1253054 210 74 136 136 0 357 17 vmsppl 352 22125 0 21956 16 0 16 16 0 8 0 rwobjpl 24 285656 0 278005 49 0 49 49 0 8 1 pdppl 4096 44258 0 44054 1001 797 204 207 0 8 0 pvpl 32 5299724 0 5279521 450 232 218 362 0 265 44 pmappl 216 22125 0 21956 10 0 10 10 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1728 0 1172 17 0 17 17 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82955fe5) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8061a7de18,ffffffff82933187,2,fffffd8061a7dec4,ffff800032971178,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c9a520,ffff800032971318,ffff8000329712b8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd8067c9a520,ffff80002a6ebab0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a6ebab0,ffff800032971530,fffffd8067c9a520) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff800032971530) at namei+0x453 sys/kern/vfs_lookup.c:237 domkdirat(ffff80002a6ebab0,4,200001c0,0) at domkdirat+0x79 sys/kern/vfs_syscalls.c:3054 syscall(ffff800032971710) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7227b980cc0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82955fe5) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8061a7de18,ffffffff82933187,2,fffffd8061a7dec4,ffff800032971178,0) at ufsdirhash_lookup+0x8b8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xbb6 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8067c9a520,ffff800032971318,ffff8000329712b8) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd8067c9a520,ffff80002a6ebab0) at unveil_find_cover+0x130 sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a6ebab0,ffff800032971530,fffffd8067c9a520) at unveil_start_relative+0xf6 sys/kern/kern_unveil.c:606 namei(ffff800032971530) at namei+0x453 sys/kern/vfs_lookup.c:237 domkdirat(ffff80002a6ebab0,4,200001c0,0) at domkdirat+0x79 sys/kern/vfs_syscalls.c:3054 syscall(ffff800032971710) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7227b980cc0, count: -11