panic: ffs_blkfree: bad size (6)
0 views
Skip to first unread message
syzbot
Jan 8, 2026, 6:36:22 PM (3 days ago) Jan 8
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: b9d9e3fc96bc Reduce request timeout to 500 milliseconds to..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1455119a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=354f9e7b763606ac8c86
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9393e5d56e6a/disk-b9d9e3fc.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/7ff423e52480/bsd-b9d9e3fc.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/482782b74b7e/kernel-b9d9e3fc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+354f9e...@syzkaller.appspotmail.com
panic: ffs_blkfree: bad size
Starting stack trace...
panic(ffffffff833cf22b) at panic+0x1d0 sys/kern/subr_prf.c:229
ffs_blkfree(fffffd8079ba4ab0,4,4000) at ffs_blkfree+0xd4c sys/ufs/ffs/ffs_alloc.c:1285
ffs_indirtrunc(fffffd8079ba4ab0,fffffffffffffff4,16db40,ffffffffffffffff,0,ffff80003c460c38) at ffs_indirtrunc+0x7ca sys/ufs/ffs/ffs_inode.c:-1
ffs_truncate(fffffd8079ba4ab0,0,0,ffffffffffffffff) at ffs_truncate+0x103f sys/ufs/ffs/ffs_inode.c:297
ufs_inactive(ffff80003c460d90) at ufs_inactive+0x202 sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd805bc42a20,ffff8000ffffd9f8) at VOP_INACTIVE+0x104 sys/kern/vfs_vops.c:498
vrele(fffffd805bc42a20) at vrele+0x129 sys/kern/vfs_subr.c:837
ktrsettrace(ffff80002a265820,80001a2c,fffffd8071040e60,fffffd80097fd478) at ktrsettrace+0xe7 sys/kern/kern_ktrace.c:122
ktrops(ffff8000ffffd9f8,ffff80002a265820,0,80001a2c,fffffd8071040e60,fffffd80097fd478) at ktrops+0x26c sys/kern/kern_ktrace.c:573
doktrace(fffffd8071040e60,4,1a2c,0,ffff8000ffffd9f8) at doktrace+0x6bd ktrsetchildren sys/kern/kern_ktrace.c:595 [inline]
doktrace(fffffd8071040e60,4,1a2c,0,ffff8000ffffd9f8) at doktrace+0x6bd sys/kern/kern_ktrace.c:517
sys_ktrace(ffff8000ffffd9f8,ffff80003c461200,ffff80003c461150) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:558
syscall(ffff80003c461200) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c461200) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfcec122d750, count: 244
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: b9d9e3fc96bc Reduce request timeout to 500 milliseconds to..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1455119a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=354f9e7b763606ac8c86
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9393e5d56e6a/disk-b9d9e3fc.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/7ff423e52480/bsd-b9d9e3fc.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/482782b74b7e/kernel-b9d9e3fc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+354f9e...@syzkaller.appspotmail.com
panic: ffs_blkfree: bad size
Starting stack trace...
panic(ffffffff833cf22b) at panic+0x1d0 sys/kern/subr_prf.c:229
ffs_blkfree(fffffd8079ba4ab0,4,4000) at ffs_blkfree+0xd4c sys/ufs/ffs/ffs_alloc.c:1285
ffs_indirtrunc(fffffd8079ba4ab0,fffffffffffffff4,16db40,ffffffffffffffff,0,ffff80003c460c38) at ffs_indirtrunc+0x7ca sys/ufs/ffs/ffs_inode.c:-1
ffs_truncate(fffffd8079ba4ab0,0,0,ffffffffffffffff) at ffs_truncate+0x103f sys/ufs/ffs/ffs_inode.c:297
ufs_inactive(ffff80003c460d90) at ufs_inactive+0x202 sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd805bc42a20,ffff8000ffffd9f8) at VOP_INACTIVE+0x104 sys/kern/vfs_vops.c:498
vrele(fffffd805bc42a20) at vrele+0x129 sys/kern/vfs_subr.c:837
ktrsettrace(ffff80002a265820,80001a2c,fffffd8071040e60,fffffd80097fd478) at ktrsettrace+0xe7 sys/kern/kern_ktrace.c:122
ktrops(ffff8000ffffd9f8,ffff80002a265820,0,80001a2c,fffffd8071040e60,fffffd80097fd478) at ktrops+0x26c sys/kern/kern_ktrace.c:573
doktrace(fffffd8071040e60,4,1a2c,0,ffff8000ffffd9f8) at doktrace+0x6bd ktrsetchildren sys/kern/kern_ktrace.c:595 [inline]
doktrace(fffffd8071040e60,4,1a2c,0,ffff8000ffffd9f8) at doktrace+0x6bd sys/kern/kern_ktrace.c:517
sys_ktrace(ffff8000ffffd9f8,ffff80003c461200,ffff80003c461150) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:558
syscall(ffff80003c461200) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c461200) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfcec122d750, count: 244
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages