panic: ufsdirhash_lookup: bad offset in hash array Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *319570 56540 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830d1824) at panic+0x1cf sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8069493c30,ffffffff830193f2,2,fffffd8069493cdc,ffff80002a52d050,0) at ufsdirhash_lookup+0xb9a sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xf58 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd806b413cf0,ffff80002a52d1f8,ffff80002a52d198) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd806b413cf0,ffff80002a47c018) at unveil_find_cover+0x16d sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a47c018,ffff80002a52d538,fffffd806b413cf0) at unveil_start_relative+0x14b sys/kern/kern_unveil.c:606 namei(ffff80002a52d538) at namei+0x62e sys/kern/vfs_lookup.c:237 vn_open(ffff80002a52d538,201,0) at vn_open+0x1f4 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a47c018,4,20000240,200,0,ffff80002a52d6e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a52d790) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b50befff10, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ufsdirhash_lookup: bad offset in hash array ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830d1824) at panic+0x1cf sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8069493c30,ffffffff830193f2,2,fffffd8069493cdc,ffff80002a52d050,0) at ufsdirhash_lookup+0xb9a sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xf58 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd806b413cf0,ffff80002a52d1f8,ffff80002a52d198) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd806b413cf0,ffff80002a47c018) at unveil_find_cover+0x16d sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a47c018,ffff80002a52d538,fffffd806b413cf0) at unveil_start_relative+0x14b sys/kern/kern_unveil.c:606 namei(ffff80002a52d538) at namei+0x62e sys/kern/vfs_lookup.c:237 vn_open(ffff80002a52d538,201,0) at vn_open+0x1f4 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a47c018,4,20000240,200,0,ffff80002a52d6e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a52d790) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b50befff10, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a52ce70 rbx 0xffff800000b49b20 rdx 0x3fd rcx 0 rax 0x33 r8 0x101010101010101 r9 0x8080808080808080 r10 0x490b0ecfd7d85bdf r11 0xc9e9f50a7118ac8f r12 0 r13 0xffff80000126ba00 r14 0 r15 0x1 rip 0xffffffff8215ac45 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a52ce60 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) tid=319570 pid=56540 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a47cf48,0xffffffff8362a6a8 process=0xffff80002a454898 user=0xffff80002a528000, vmspace=0xfffffd807eb93160 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 56540 64809 74607 0 2 0 syz-executor.0 *56540 319570 74607 0 7 0x4000000 syz-executor.0 74607 130445 79339 0 3 0x82 nanoslp syz-executor.0 79339 480216 31110 0 3 0x82 kqread syz-execprog 79339 88358 31110 0 3 0x4000082 thrsleep syz-execprog 79339 434262 31110 0 3 0x4000082 wait syz-execprog 79339 120067 31110 0 3 0x4000082 thrsleep syz-execprog 79339 338496 31110 0 3 0x4000082 thrsleep syz-execprog 79339 434179 31110 0 3 0x4000082 thrsleep syz-execprog 79339 28012 31110 0 3 0x4000082 thrsleep syz-execprog 79339 123924 31110 0 3 0x4000082 thrsleep syz-execprog 79339 254539 31110 0 3 0x4000082 thrsleep syz-execprog 31110 420542 84743 0 3 0x10008a sigsusp ksh 84743 61881 57887 0 3 0x98 kqread sshd-session 57887 316463 98795 0 3 0x92 kqread sshd-session 19822 364777 1 0 3 0x100083 ttyin getty 98795 492519 1 0 3 0x88 kqread sshd 59420 218748 3028 73 3 0x1100090 kqread syslogd 3028 33530 1 0 3 0x100082 sbwait syslogd 98192 227047 1 0 3 0x100080 kqread resolvd 37668 475276 9736 77 3 0x100092 kqread dhcpleased 44914 520222 9736 77 3 0x100092 kqread dhcpleased 9736 176799 1 0 3 0x80 kqread dhcpleased 84153 505256 0 0 3 0x14200 bored smr 95228 58174 0 0 2 0x14200 zerothread 67993 415533 0 0 3 0x14200 aiodoned aiodoned 4691 132802 0 0 3 0x14200 syncer update 33234 500488 0 0 3 0x14200 cleaner cleaner 99541 268869 0 0 3 0x14200 reaper reaper 20654 179899 0 0 3 0x14200 pgdaemon pagedaemon 77092 285759 0 0 3 0x14200 bored viomb 125 4253 0 0 3 0x40014200 acpi0 acpi0 48559 349152 0 0 3 0x14200 bored softnet3 58951 152174 0 0 3 0x14200 bored softnet2 55473 152384 0 0 3 0x14200 bored softnet1 74466 457674 0 0 3 0x14200 bored softnet0 31812 415806 0 0 3 0x14200 bored systqmp 16973 29310 0 0 3 0x14200 bored systq 27437 124792 0 0 3 0x40014200 tmoslp softclock 4367 425909 0 0 3 0x40014200 idle0 1 73014 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10144 11023K 11052K 166960K 11225 0 pcb 17 12K 12K 166960K 17 0 rtable 80 2K 2K 166960K 170 0 pf 16 10K 10K 166960K 19 0 ifaddr 14 2K 2K 166960K 18 0 ifgroup 22 1K 1K 166960K 27 0 counters 23 16K 16K 166960K 24 0 ioctlops 0 0K 2K 166960K 23 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1260 79K 79K 166960K 1276 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 30 5K 5K 166960K 30 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 3 8K 13K 166960K 40 0 proc 58 66K 67K 166960K 305 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 22 1K 1K 166960K 33 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 324 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 146 15K 16K 166960K 3400 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 26 52K 104K 166960K 1199 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 6 0K 0K 166960K 9 0 temp 1 6860K 6924K 166960K 3871 0 kqueue 13 20K 20K 166960K 46 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 24 0 21 1 0 1 1 0 8 0 rtentry 112 45 0 12 1 0 1 1 0 8 0 unpcb 144 67 0 52 1 0 1 1 0 8 0 syncache 336 9 0 9 1 0 1 1 0 8 1 tcpcb 808 12 0 9 1 0 1 1 0 8 0 arp 88 6 0 2 1 0 1 1 0 8 0 inpcb 336 38 0 32 1 0 1 1 0 8 0 nd6 104 6 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 192 0 48 9 0 9 9 0 8 0 art_table 32 193 0 48 2 0 2 2 0 8 0 art_node 16 44 0 14 1 0 1 1 0 8 0 dirhash 1024 23 0 0 3 0 3 3 0 8 0 dino2pl 256 1561 0 73 94 0 94 94 0 8 1 ffsino 240 1561 0 73 88 0 88 88 0 8 0 nchpl 144 1824 0 100 64 0 64 64 0 8 0 uvmvnodes 80 1570 0 0 33 0 33 33 0 8 0 vnodes 216 1570 0 0 88 0 88 88 0 8 0 namei 1024 6692 0 6691 3 0 3 3 0 8 2 kstatmem 264 10 0 2 1 0 1 1 0 8 0 scxspl 216 8152 0 8152 8 0 8 8 1 8 8 plimitpl 152 51 0 42 1 0 1 1 0 8 0 sigapl 424 395 0 363 5 0 5 5 0 8 1 futexpl 64 13 0 13 1 0 1 1 0 8 1 knotepl 120 6831 0 6794 2 0 2 2 0 8 0 kqueuepl 184 42 0 33 1 0 1 1 0 8 0 pipepl 288 155 0 148 2 0 2 2 0 8 1 fdescpl 432 379 0 363 4 0 4 4 0 8 2 filepl 120 1908 0 1836 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 27 0 18 1 0 1 1 0 8 0 pgrppl 48 27 0 18 1 0 1 1 0 8 0 ucredpl 104 147 0 136 1 0 1 1 0 8 0 zombiepl 144 363 0 363 1 0 1 1 0 8 1 processpl 1096 395 0 363 4 0 4 4 0 8 1 procpl 648 415 0 374 5 0 5 5 0 8 1 sockpl 504 129 0 105 4 0 4 4 0 8 1 mcl8k 8192 13 0 13 1 0 1 1 0 8 1 mcl4k 4096 8529 0 8471 18 2 16 18 0 8 8 mcl2k 2048 91 0 91 1 0 1 1 0 8 1 mtagpl 96 4 0 4 1 0 1 1 0 8 1 mbufpl 256 11561 0 11489 10 0 10 10 0 8 5 bufpl 280 4310 0 213 293 0 293 293 0 8 0 anonpl 24 188258 0 184925 53 0 53 53 0 187 22 amapchunkpl 152 11507 0 11188 26 0 26 26 0 158 11 amappl16 200 3868 0 3798 5 0 5 5 0 8 0 amappl15 192 12 0 11 1 0 1 1 0 8 0 amappl14 184 190 0 178 2 0 2 2 0 8 1 amappl13 176 12 0 11 1 0 1 1 0 8 0 amappl12 168 949 0 932 2 0 2 2 0 8 1 amappl11 160 73 0 63 1 0 1 1 0 8 0 amappl10 152 71 0 68 1 0 1 1 0 8 0 amappl9 144 939 0 938 1 0 1 1 0 8 0 amappl8 136 179 0 161 1 0 1 1 0 8 0 amappl7 128 209 0 196 2 0 2 2 0 8 1 amappl6 120 234 0 230 2 0 2 2 0 8 1 amappl5 112 135 0 129 1 0 1 1 0 8 0 amappl4 104 498 0 481 2 0 2 2 0 8 1 amappl3 96 1171 0 1126 2 0 2 2 0 8 0 amappl2 88 962 0 905 4 0 4 4 0 8 1 amappl1 80 14489 0 14002 27 8 19 23 0 8 8 amappl 88 2700 0 2618 4 0 4 4 0 92 1 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 379 0 363 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 379 0 363 1 0 1 1 0 8 0 vmmpekpl 168 11167 0 11145 2 0 2 2 0 8 0 vmmpepl 168 52652 0 51376 119 0 119 119 0 357 57 vmsppl 352 378 0 363 3 0 3 3 0 8 1 rwobjpl 24 23251 0 20927 20 0 20 20 0 8 2 pdppl 4096 764 0 726 96 42 54 62 0 8 16 pvpl 32 507851 0 499876 395 101 294 395 0 265 218 pmappl 216 378 0 363 2 0 2 2 0 8 1 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 336 0 44 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830d1824) at panic+0x1cf sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8069493c30,ffffffff830193f2,2,fffffd8069493cdc,ffff80002a52d050,0) at ufsdirhash_lookup+0xb9a sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xf58 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd806b413cf0,ffff80002a52d1f8,ffff80002a52d198) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd806b413cf0,ffff80002a47c018) at unveil_find_cover+0x16d sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a47c018,ffff80002a52d538,fffffd806b413cf0) at unveil_start_relative+0x14b sys/kern/kern_unveil.c:606 namei(ffff80002a52d538) at namei+0x62e sys/kern/vfs_lookup.c:237 vn_open(ffff80002a52d538,201,0) at vn_open+0x1f4 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a47c018,4,20000240,200,0,ffff80002a52d6e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a52d790) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b50befff10, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830d1824) at panic+0x1cf sys/kern/subr_prf.c:198 ufsdirhash_lookup(fffffd8069493c30,ffffffff830193f2,2,fffffd8069493cdc,ffff80002a52d050,0) at ufsdirhash_lookup+0xb9a sys/ufs/ufs/ufs_dirhash.c:342 ufs_lookup() at ufs_lookup+0xf58 sys/ufs/ufs/ufs_lookup.c:214 VOP_LOOKUP(fffffd806b413cf0,ffff80002a52d1f8,ffff80002a52d198) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 unveil_find_cover(fffffd806b413cf0,ffff80002a47c018) at unveil_find_cover+0x16d sys/kern/kern_unveil.c:277 unveil_start_relative(ffff80002a47c018,ffff80002a52d538,fffffd806b413cf0) at unveil_start_relative+0x14b sys/kern/kern_unveil.c:606 namei(ffff80002a52d538) at namei+0x62e sys/kern/vfs_lookup.c:237 vn_open(ffff80002a52d538,201,0) at vn_open+0x1f4 sys/kern/vfs_vnops.c:107 doopenat(ffff80002a47c018,4,20000240,200,0,ffff80002a52d6e0) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123 syscall(ffff80002a52d790) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b50befff10, count: -12