panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *520920 28306 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e6e73) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806927c000,ffff80002a5f7800,1,fffffd806927c0ac,ffff8000321f9720,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8071354048,ffff8000321f9a70,ffff8000321f9aa0) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000321f9a40) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff8000321f9a40) at namei+0x56a sys/kern/vfs_lookup.c:250 domknodat(ffff80002a68aaa0,5,200001c0,8,1) at domknodat+0x95 sys/kern/vfs_syscalls.c:1579 syscall(ffff8000321f9c30) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x200fdfccf70, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e6e73) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806927c000,ffff80002a5f7800,1,fffffd806927c0ac,ffff8000321f9720,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8071354048,ffff8000321f9a70,ffff8000321f9aa0) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000321f9a40) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff8000321f9a40) at namei+0x56a sys/kern/vfs_lookup.c:250 domknodat(ffff80002a68aaa0,5,200001c0,8,1) at domknodat+0x95 sys/kern/vfs_syscalls.c:1579 syscall(ffff8000321f9c30) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x200fdfccf70, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000321f9540 rbx 0xffff800000e4d8a0 rdx 0xffff800000ecb200 rcx 0 rax 0xffff80002a68aaa0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xb53daf3d63a822d9 r11 0x4461e209d10c5b1b r12 0 r13 0xffff800000e37400 r14 0 r15 0x1 rip 0xffffffff8239b6ec db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000321f9530 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) tid=520920 pid=28306 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a5d6008,0xffffffff82dfc4b0 process=0xffff80002a63d510 user=0xffff8000321f4000, vmspace=0xfffffd8068ee1018 estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 28306 197967 67369 0 2 0 syz-executor.2 *28306 520920 67369 0 7 0x4000000 syz-executor.2 74447 196260 96083 0 3 0x80 nanoslp syz-executor.0 74447 251528 96083 0 3 0x4000080 netio syz-executor.0 74447 445767 96083 0 3 0x4000080 fsleep syz-executor.0 47266 402738 4759 0 3 0x82 piperd syz-executor.1 41973 324890 4759 0 3 0x82 nanoslp syz-executor.7 48808 158596 1 0 3 0x18100083 ttyin getty 73951 471711 4759 0 3 0x82 piperd syz-executor.4 73779 289903 4759 0 3 0x82 piperd syz-executor.6 67369 246195 4759 0 3 0x82 nanoslp syz-executor.2 96083 369444 4759 0 3 0x82 nanoslp syz-executor.0 61673 268668 4759 0 3 0x82 nanoslp syz-executor.3 60872 346866 4759 0 3 0x82 piperd syz-executor.5 59196 378681 70340 0 3 0x18100082 netio ndp 70340 238157 1 0 3 0x810008a sigsusp sh 98751 486025 0 0 3 0x14200 acct acct 98518 337031 0 0 3 0x14200 bored sosplice 4759 14579 27888 0 3 0x1a000082 wait syz-fuzzer 4759 193389 27888 0 3 0x1e000082 nanoslp syz-fuzzer 4759 358943 27888 0 3 0x1e000082 kqread syz-fuzzer 4759 489282 27888 0 3 0x1e000082 thrsleep syz-fuzzer 4759 97948 27888 0 3 0x1e000082 thrsleep syz-fuzzer 4759 508502 27888 0 3 0x1e000082 wait syz-fuzzer 4759 213163 27888 0 3 0x1e000082 thrsleep syz-fuzzer 4759 94528 27888 0 3 0x1e000082 wait syz-fuzzer 4759 111515 27888 0 3 0x1e000082 wait syz-fuzzer 4759 341942 27888 0 3 0x1e000082 thrsleep syz-fuzzer 4759 304905 27888 0 3 0x1e000082 wait syz-fuzzer 4759 491440 27888 0 3 0x1e000082 wait syz-fuzzer 4759 219533 27888 0 3 0x1e000082 wait syz-fuzzer 4759 380147 27888 0 3 0x1e000082 wait syz-fuzzer 27888 259306 66547 0 3 0x810008a sigsusp ksh 66547 255762 36505 0 3 0x1800009a kqread sshd 36505 56889 1 0 3 0x18000088 kqread sshd 91668 75513 69957 73 3 0x19100090 kqread syslogd 69957 357111 1 0 3 0x18100082 netio syslogd 23016 120968 1 0 3 0x18100080 kqread resolvd 68597 492955 71481 77 3 0x18100092 kqread dhcpleased 45851 155056 71481 77 3 0x18100092 kqread dhcpleased 71481 50826 1 0 3 0x18000080 kqread dhcpleased 66139 209968 0 0 3 0x14200 bored smr 45707 285097 0 0 2 0x14200 zerothread 51199 88737 0 0 3 0x14200 aiodoned aiodoned 84401 434988 0 0 3 0x14200 syncer update 32365 74559 0 0 3 0x14200 cleaner cleaner 24001 407999 0 0 3 0x14200 reaper reaper 34126 363364 0 0 3 0x14200 pgdaemon pagedaemon 15623 426108 0 0 3 0x14200 bored viomb 18919 47788 0 0 3 0x40014200 acpi0 acpi0 66711 194236 0 0 3 0x14200 bored softnet3 51321 91794 0 0 3 0x14200 bored softnet2 80429 210650 0 0 3 0x14200 bored softnet1 75859 270741 0 0 3 0x14200 bored softnet0 61151 441869 0 0 3 0x14200 bored systqmp 1983 365603 0 0 3 0x14200 bored systq 30912 263536 0 0 3 0x40014200 tmoslp softclock 3387 38802 0 0 3 0x40014200 idle0 1 17989 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10183 6417K 7023K 166960K 26975 0 pcb 15 20K 22K 166960K 3060 0 rtable 181 5K 7K 166960K 3237 0 pf 25 8K 9K 166960K 310 0 ifaddr 35 11K 14K 166960K 419 0 ifgroup 42 1K 2K 166960K 527 0 sysctl 3 0K 0K 166960K 7 0 counters 28 17K 17K 166960K 157 0 ioctlops 0 0K 2K 166960K 714 0 iov 0 0K 40K 166960K 1599 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1698 107K 107K 166960K 9115 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 166 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 2043 0 dirhash 87 15K 17K 166960K 14103 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 81K 166960K 18884 0 sigio 0 0K 0K 166960K 621 0 proc 61 59K 83K 166960K 2896 0 subproc 117 7K 7K 166960K 1183 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 924 0 in_multi 69 5K 7K 166960K 1011 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 163 731K 731K 166960K 163 0 exec 0 0K 1K 166960K 3125 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 386 143K 144K 166960K 166470 0 UVM aobj 131 4K 5K 166960K 140 0 pinsyscall 25 50K 100K 166960K 3850 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 262 0 NDP 9 0K 1K 166960K 309 0 temp 74 6804K 6932K 166960K 71608 0 kqueue 12 18K 26K 166960K 1188 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 670 0 666 4 1 3 3 0 8 2 rtentry 112 1177 0 1095 4 0 4 4 0 8 0 unpcb 144 16501 0 16484 20 11 9 10 0 8 8 syncache 336 77 0 77 2 1 1 1 0 8 1 sackhl 24 4 0 4 1 0 1 1 0 8 1 tcpqe 32 151 239 151 2 1 1 1 0 8 1 tcpcb 808 2756 0 2751 18 9 9 11 0 8 8 arp 88 180 0 166 1 0 1 1 0 8 0 ipq 40 10 0 10 1 0 1 1 0 8 1 ipqe 40 156 0 156 1 0 1 1 0 8 1 inpcb 360 20548 0 20540 60 51 9 16 0 8 8 nd6 104 258 0 244 1 0 1 1 0 8 0 pkpcb 40 15 0 15 1 0 1 1 0 8 1 kcovpl 48 91 0 82 1 0 1 1 0 8 0 ppxss 1072 29 0 29 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4514 0 4176 79 50 29 29 0 8 7 art_table 32 4515 0 4176 4 0 4 4 0 8 1 art_node 16 1160 0 1084 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 9 1 0 1 1 0 8 0 semapl 112 2041 0 2031 1 0 1 1 0 8 0 shmpl 112 137 0 9 4 0 4 4 0 8 0 dirhash 1024 4720 0 4678 6 0 6 6 0 8 0 dino2pl 256 24746 0 23207 97 0 97 97 0 8 0 ffsino 240 24746 0 23207 91 0 91 91 0 8 0 nchpl 144 49831 0 48107 66 0 66 66 0 8 0 uvmvnodes 80 6273 0 0 129 0 129 129 0 8 0 vnodes 216 6273 0 0 349 0 349 349 0 8 0 namei 1024 154048 0 154047 4 2 2 3 0 8 1 vcpupl 2048 12 0 0 2 0 2 2 0 8 0 vmpool 664 15 0 3 1 0 1 1 0 8 0 kstatmem 264 276 0 258 2 0 2 2 0 8 0 scxspl 216 157168 0 157168 11 7 4 8 1 8 4 plimitpl 152 882 0 866 1 0 1 1 0 8 0 sigapl 424 19028 0 18983 8 0 8 8 0 8 2 futexpl 64 142351 0 142350 1 0 1 1 0 8 0 knotepl 120 148879 0 148797 14 3 11 13 0 8 8 kqueuepl 184 2775 0 2767 9 3 6 6 0 8 5 pipepl 288 2277 0 2246 16 5 11 12 0 8 8 fdescpl 432 18970 0 18945 4 0 4 4 0 8 0 filepl 120 108467 0 108207 32 15 17 20 0 8 8 lockfpl 104 8091 0 8089 4 1 3 3 0 8 2 lockfspl 48 1507 0 1505 1 0 1 1 0 8 0 sessionpl 144 106 0 89 1 0 1 1 0 8 0 pgrppl 48 384 0 367 1 0 1 1 0 8 0 ucredpl 104 12105 0 12093 1 0 1 1 0 8 0 zombiepl 144 18985 0 18983 1 0 1 1 0 8 0 processpl 1072 19028 0 18983 5 0 5 5 0 8 1 procpl 680 43096 0 43035 9 1 8 9 0 8 1 sosppl 168 97 0 97 2 1 1 1 0 8 1 sockpl 488 37747 0 37718 517 505 12 37 0 8 7 mcl64k 65536 577 0 577 2 1 1 1 0 8 1 mcl16k 16384 287 0 287 2 1 1 1 0 8 1 mcl12k 12288 684 0 684 2 1 1 1 0 8 1 mcl9k 9216 323 0 323 2 1 1 1 0 8 1 mcl8k 8192 1074 0 1074 2 1 1 1 0 8 1 mcl4k 4096 1442 0 1442 2 1 1 1 0 8 1 mcl2k2 2112 81 0 81 2 1 1 1 0 8 1 mcl2k 2048 104530 0 104479 38 24 14 26 0 8 6 mtagpl 96 1583 0 1202 12 1 11 11 0 8 0 mbufpl 256 382740 0 382223 832 750 82 88 0 8 36 bufpl 280 30218 0 23882 453 0 453 453 0 8 0 anonpl 24 1617720 0 1603281 117 1 116 116 0 188 12 amapchunkpl 152 522664 0 521877 55 7 48 48 0 158 10 amappl16 200 30297 0 29838 72 39 33 38 0 8 8 amappl15 192 118 0 116 1 0 1 1 0 8 0 amappl14 184 393 0 381 2 1 1 2 0 8 0 amappl13 176 18 0 17 1 0 1 1 0 8 0 amappl12 168 20840 0 20813 2 0 2 2 0 8 0 amappl11 160 51 0 40 1 0 1 1 0 8 0 amappl10 152 162 0 153 1 0 1 1 0 8 0 amappl9 144 226 0 225 1 0 1 1 0 8 0 amappl8 136 608 0 508 4 0 4 4 0 8 0 amappl7 128 127 0 113 1 0 1 1 0 8 0 amappl6 120 1409 0 1387 2 1 1 2 0 8 0 amappl5 112 721 0 709 1 0 1 1 0 8 0 amappl4 104 1284 0 1245 3 1 2 2 0 8 0 amappl3 96 103912 0 103841 3 0 3 3 0 8 0 amappl2 88 20057 0 19985 4 2 2 4 0 8 0 amappl1 80 78967 0 78456 22 10 12 21 0 8 0 amappl 88 164661 0 164451 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 139 0 9 3 0 3 3 0 8 0 uaddrrnd 24 18985 0 18948 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 18985 0 18948 1 0 1 1 0 8 0 vmmpekpl 168 124898 0 124834 3 0 3 3 0 8 0 vmmpepl 168 1113092 0 1110907 157 20 137 137 0 357 23 vmsppl 352 18984 0 18948 4 0 4 4 0 8 0 rwobjpl 24 243606 0 235675 50 0 50 50 0 8 1 pdppl 4096 37976 0 37908 880 802 78 81 0 8 10 pvpl 32 4876045 0 4855884 462 227 235 388 0 265 50 pmappl 216 18984 0 18948 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2086 0 1650 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e6e73) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806927c000,ffff80002a5f7800,1,fffffd806927c0ac,ffff8000321f9720,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8071354048,ffff8000321f9a70,ffff8000321f9aa0) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000321f9a40) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff8000321f9a40) at namei+0x56a sys/kern/vfs_lookup.c:250 domknodat(ffff80002a68aaa0,5,200001c0,8,1) at domknodat+0x95 sys/kern/vfs_syscalls.c:1579 syscall(ffff8000321f9c30) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x200fdfccf70, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828e6e73) at panic+0x165 sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd806927c000,ffff80002a5f7800,1,fffffd806927c0ac,ffff8000321f9720,0) at ufsdirhash_lookup+0x8a8 sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xba0 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd8071354048,ffff8000321f9a70,ffff8000321f9aa0) at VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 vfs_lookup(ffff8000321f9a40) at vfs_lookup+0x6df sys/kern/vfs_lookup.c:566 namei(ffff8000321f9a40) at namei+0x56a sys/kern/vfs_lookup.c:250 domknodat(ffff80002a68aaa0,5,200001c0,8,1) at domknodat+0x95 sys/kern/vfs_syscalls.c:1579 syscall(ffff8000321f9c30) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x200fdfccf70, count: -10