panic: inconsistent bufpage counts (2)
0 views
Skip to first unread message
syzbot
Feb 12, 2026, 2:59:41 PM (3 days ago) Feb 12
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 829f23bb157c very basic testing of multiple files in Revok..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17d442aa580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=af24313b23ecd2134be0
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/569b97572d83/disk-829f23bb.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/8ae067700896/bsd-829f23bb.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05f96b97955b/kernel-829f23bb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+af2431...@syzkaller.appspotmail.com
login: panic: inconsistent bufpage counts
Starting stack trace...
panic(ffffffff8335907f) at panic+0x1ba sys/kern/subr_prf.c:229
bufcache_release(fffffd806e5cb000) at bufcache_release+0x4c7
brelse(fffffd806e5cb000) at brelse+0x1b4 sys/kern/vfs_bio.c:915
bwrite(fffffd806e5cb000) at bwrite+0x2ef sys/kern/vfs_bio.c:760
ffs_write(ffff800038109050) at ffs_write+0x810 sys/ufs/ffs/ffs_vnops.c:377
VOP_WRITE(fffffd807e4bc708,ffff800038109208,7,fffffd8007bfd6e8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_write(fffffd806c9ac348,ffff800038109208,0) at vn_write+0x1c2 sys/kern/vfs_vnops.c:408
dofilewritev(ffff80003a91c028,5,ffff800038109208,0,ffff8000381092b0) at dofilewritev+0x242 sys/kern/sys_generic.c:380
sys_write(ffff80003a91c028,ffff800038109360,ffff8000381092b0) at sys_write+0xa2 sys/kern/sys_generic.c:300
syscall(ffff800038109360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038109360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfaab305f560, count: 246
End of stack trace.
panic: inconsistent bufpage counts
Starting stack trace...
panic(ffffffff8335907f) at panic+0x1ba sys/kern/subr_prf.c:229
bufcache_adjust() at bufcache_adjust+0x3c3
brelse(fffffd806f622470) at brelse+0x31f sys/kern/vfs_bio.c:928
bwrite(fffffd806f622470) at bwrite+0x2ef sys/kern/vfs_bio.c:760
ffs_update(fffffd806c98c400,1) at ffs_update+0x2fb sys/ufs/ffs/ffs_inode.c:111
ffs_truncate(fffffd806c98c400,0,0,ffffffffffffffff) at ffs_truncate+0xc9b sys/ufs/ffs/ffs_inode.c:-1
ufs_inactive(ffff800038108c30) at ufs_inactive+0x1ff sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd807a4d3cb8,ffff80003a91c028) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd807a4d3cb8) at vput+0xdc sys/kern/vfs_subr.c:789
vn_close(fffffd807a4d3cb8,2,ffffffffffffffff,ffff80003a91c028) at vn_close+0xb7 sys/kern/vfs_vnops.c:294
acct_shutdown() at acct_shutdown+0x81 sys/kern/kern_acct.c:361
vfs_shutdown(ffff80003a91c028) at vfs_shutdown+0x23 sys/kern/vfs_subr.c:1791
boot(100) at boot+0x166 sys/arch/amd64/amd64/machdep.c:927
reboot(100) at reboot+0xa8
panic(ffffffff8335907f) at panic+0x1e3
bufcache_release(fffffd806e5cb000) at bufcache_release+0x4c7
brelse(fffffd806e5cb000) at brelse+0x1b4 sys/kern/vfs_bio.c:915
bwrite(fffffd806e5cb000) at bwrite+0x2ef sys/kern/vfs_bio.c:760
ffs_write(ffff800038109050) at ffs_write+0x810 sys/ufs/ffs/ffs_vnops.c:377
VOP_WRITE(fffffd807e4bc708,ffff800038109208,7,fffffd8007bfd6e8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_write(fffffd806c9ac348,ffff800038109208,0) at vn_write+0x1c2 sys/kern/vfs_vnops.c:408
dofilewritev(ffff80003a91c028,5,ffff800038109208,0,ffff8000381092b0) at dofilewritev+0x242 sys/kern/sys_generic.c:380
sys_write(ffff80003a91c028,ffff800038109360,ffff8000381092b0) at sys_write+0xa2 sys/kern/sys_generic.c:300
syscall(ffff800038109360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038109360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfaab305f560, count: 232
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 9c8ab089-5fb3-144b-a4ba-2e178800b25c
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f26e0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $lines = 0
set: syntax error
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 829f23bb157c very basic testing of multiple files in Revok..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17d442aa580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=af24313b23ecd2134be0
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/569b97572d83/disk-829f23bb.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/8ae067700896/bsd-829f23bb.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05f96b97955b/kernel-829f23bb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+af2431...@syzkaller.appspotmail.com
login: panic: inconsistent bufpage counts
Starting stack trace...
panic(ffffffff8335907f) at panic+0x1ba sys/kern/subr_prf.c:229
bufcache_release(fffffd806e5cb000) at bufcache_release+0x4c7
brelse(fffffd806e5cb000) at brelse+0x1b4 sys/kern/vfs_bio.c:915
bwrite(fffffd806e5cb000) at bwrite+0x2ef sys/kern/vfs_bio.c:760
ffs_write(ffff800038109050) at ffs_write+0x810 sys/ufs/ffs/ffs_vnops.c:377
VOP_WRITE(fffffd807e4bc708,ffff800038109208,7,fffffd8007bfd6e8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_write(fffffd806c9ac348,ffff800038109208,0) at vn_write+0x1c2 sys/kern/vfs_vnops.c:408
dofilewritev(ffff80003a91c028,5,ffff800038109208,0,ffff8000381092b0) at dofilewritev+0x242 sys/kern/sys_generic.c:380
sys_write(ffff80003a91c028,ffff800038109360,ffff8000381092b0) at sys_write+0xa2 sys/kern/sys_generic.c:300
syscall(ffff800038109360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038109360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfaab305f560, count: 246
End of stack trace.
panic: inconsistent bufpage counts
Starting stack trace...
panic(ffffffff8335907f) at panic+0x1ba sys/kern/subr_prf.c:229
bufcache_adjust() at bufcache_adjust+0x3c3
brelse(fffffd806f622470) at brelse+0x31f sys/kern/vfs_bio.c:928
bwrite(fffffd806f622470) at bwrite+0x2ef sys/kern/vfs_bio.c:760
ffs_update(fffffd806c98c400,1) at ffs_update+0x2fb sys/ufs/ffs/ffs_inode.c:111
ffs_truncate(fffffd806c98c400,0,0,ffffffffffffffff) at ffs_truncate+0xc9b sys/ufs/ffs/ffs_inode.c:-1
ufs_inactive(ffff800038108c30) at ufs_inactive+0x1ff sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd807a4d3cb8,ffff80003a91c028) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd807a4d3cb8) at vput+0xdc sys/kern/vfs_subr.c:789
vn_close(fffffd807a4d3cb8,2,ffffffffffffffff,ffff80003a91c028) at vn_close+0xb7 sys/kern/vfs_vnops.c:294
acct_shutdown() at acct_shutdown+0x81 sys/kern/kern_acct.c:361
vfs_shutdown(ffff80003a91c028) at vfs_shutdown+0x23 sys/kern/vfs_subr.c:1791
boot(100) at boot+0x166 sys/arch/amd64/amd64/machdep.c:927
reboot(100) at reboot+0xa8
panic(ffffffff8335907f) at panic+0x1e3
bufcache_release(fffffd806e5cb000) at bufcache_release+0x4c7
brelse(fffffd806e5cb000) at brelse+0x1b4 sys/kern/vfs_bio.c:915
bwrite(fffffd806e5cb000) at bwrite+0x2ef sys/kern/vfs_bio.c:760
ffs_write(ffff800038109050) at ffs_write+0x810 sys/ufs/ffs/ffs_vnops.c:377
VOP_WRITE(fffffd807e4bc708,ffff800038109208,7,fffffd8007bfd6e8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_write(fffffd806c9ac348,ffff800038109208,0) at vn_write+0x1c2 sys/kern/vfs_vnops.c:408
dofilewritev(ffff80003a91c028,5,ffff800038109208,0,ffff8000381092b0) at dofilewritev+0x242 sys/kern/sys_generic.c:380
sys_write(ffff80003a91c028,ffff800038109360,ffff8000381092b0) at sys_write+0xa2 sys/kern/sys_generic.c:300
syscall(ffff800038109360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038109360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfaab305f560, count: 232
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 9c8ab089-5fb3-144b-a4ba-2e178800b25c
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f26e0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $lines = 0
set: syntax error
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages