panic: ffs_blkfree: bad size
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*330129 36476 0 0x2 0 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8343492c) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_blkfree(fffffd806ea3f300,2000700070006,4000) at ffs_blkfree+0xd4c sys/ufs/ffs/ffs_alloc.c:1285
ffs_indirtrunc(fffffd806ea3f300,fffffffffffffff4,133160,ffffffffffffffff,0,ffff80003c933588) at ffs_indirtrunc+0x7ba sys/ufs/ffs/ffs_inode.c:-1
ffs_truncate(fffffd806ea3f300,0,0,ffffffffffffffff) at ffs_truncate+0x1036 sys/ufs/ffs/ffs_inode.c:297
ufs_inactive(ffff80003c9336e0) at ufs_inactive+0x1ff sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd806c7c37b8,ffff80002a78cd10) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd806c7c37b8) at vput+0xdc sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd806c7c3458,fffffd806c7c37b8,ffff80003c933848) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a78cd10,ffffff9c,7e7e662bb460,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1923
syscall(ffff80003c9339b0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9339b0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7e7e662bb910, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: ffs_blkfree: bad size
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8343492c) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_blkfree(fffffd806ea3f300,2000700070006,4000) at ffs_blkfree+0xd4c sys/ufs/ffs/ffs_alloc.c:1285
ffs_indirtrunc(fffffd806ea3f300,fffffffffffffff4,133160,ffffffffffffffff,0,ffff80003c933588) at ffs_indirtrunc+0x7ba sys/ufs/ffs/ffs_inode.c:-1
ffs_truncate(fffffd806ea3f300,0,0,ffffffffffffffff) at ffs_truncate+0x1036 sys/ufs/ffs/ffs_inode.c:297
ufs_inactive(ffff80003c9336e0) at ufs_inactive+0x1ff sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd806c7c37b8,ffff80002a78cd10) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd806c7c37b8) at vput+0xdc sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd806c7c3458,fffffd806c7c37b8,ffff80003c933848) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a78cd10,ffffff9c,7e7e662bb460,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1923
syscall(ffff80003c9339b0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9339b0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7e7e662bb910, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c933200
rbx 0x2000700070006
rdx 0
rcx 0
rax 0xffff80002a78cd10
r8 0x101010101010101
r9 0x8080808080808080
r10 0x9bc70cce8fe1c853
r11 0xc1f049421374cd40
r12 0
r13 0xffff800000c47800
r14 0
r15 0x1
rip 0xffffffff826638a5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c9331f0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=330129 pid=36476 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=17, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a746008,0xffff8000380ef4f0
process=0xffff8000ffff9f98 user=0xffff80003c92e000, vmspace=0xfffffd806cccc2f8
estcpu=36, cpticks=22, pctcpu=0.6, user=2, sys=18, intr=1
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90900 270448 28550 0 2 0xc80 syz-executor
90900 292584 28550 0 3 0x4000080 kqread syz-executor
90900 231935 28550 0 3 0x4000080 fsleep syz-executor
2889 439190 35064 0 3 0x80 nanoslp syz-executor
2889 128940 35064 0 3 0x4000080 piperd syz-executor
2889 273144 35064 0 3 0x4000080 fsleep syz-executor
29836 116001 64725 0 2 0xc80 syz-executor
29836 260427 64725 0 3 0x4000080 fsleep syz-executor
29836 338848 64725 0 3 0x4000080 ttyout syz-executor
58 34347 0 0 3 0x14200 acct acct
30770 402484 89109 0 2 0xc80 syz-executor
30770 474928 89109 0 3 0x4000080 rest syz-executor
30770 338721 89109 0 3 0x4000080 fsleep syz-executor
89104 291610 327 0 2 0xc80 syz-executor
89104 451960 327 0 3 0x4000080 ttyout syz-executor
89104 272450 327 0 3 0x4000080 fsleep syz-executor
28550 15822 1874 0 3 0x82 nanoslp syz-executor
22568 396649 1 0 3 0x100083 ttyopn getty
35064 82956 1874 0 2 0xc82 syz-executor
64725 212857 1874 0 2 0xc82 syz-executor
*36476 330129 1874 0 7 0x2 syz-executor
85548 362602 1874 0 2 0x2 syz-executor
15004 290026 1874 0 2 0xc82 syz-executor
327 25110 1874 0 2 0xc82 syz-executor
89109 492483 1874 0 2 0xc82 syz-executor
1874 446714 30891 0 3 0x82 kqread syz-executor
30891 109126 56261 0 3 0x10008a sigsusp ksh
56261 103738 1627 0 3 0x98 kqread sshd-session
1627 73424 6203 0 3 0x92 kqread sshd-session
6203 461635 1 0 3 0x88 kqread sshd
91072 492432 53388 73 3 0x1100090 kqread syslogd
53388 394211 1 0 3 0x100082 sbwait syslogd
51634 73685 1 0 3 0x100080 kqread resolvd
78748 106786 90020 77 3 0x100092 kqread dhcpleased
77762 403842 90020 77 3 0x100092 kqread dhcpleased
90020 83345 1 0 3 0x80 kqread dhcpleased
52190 463704 0 0 3 0x14200 bored smr
19910 340565 0 0 2 0x14200 zerothread
45199 92133 0 0 3 0x14200 aiodoned aiodoned
49343 258061 0 0 3 0x14200 syncer update
93007 174530 0 0 3 0x14200 cleaner cleaner
81685 121590 0 0 3 0x14200 reaper reaper
75658 226354 0 0 3 0x14200 pgdaemon pagedaemon
45378 60809 0 0 3 0x14200 bored viomb
9269 95467 0 0 3 0x40014200 acpi0 acpi0
14841 7257 0 0 2 0x14200 softnet0
52551 273302 0 0 3 0x14200 bored systqmp
4096 210809 0 0 3 0x14200 bored systq
22416 15375 0 0 3 0x40014200 tmoslp softclock
24488 42111 0 0 3 0x40014200 idle0
1 221060 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11074 12179K 12598K 166960K 14124 0
pcb 17 15K 16K 166960K 329 0
rtable 265 12K 12K 166960K 690 0
pf 34 13K 16K 166960K 134 0
ifaddr 43 7K 8K 166960K 106 0
ifgroup 52 2K 2K 166960K 172 0
sysctl 4 1K 9K 166960K 21 0
counters 34 17K 18K 166960K 95 0
ioctlops 0 0K 4K 166960K 469 0
iov 0 0K 16K 166960K 110 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1384 87K 88K 166960K 2864 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 20 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 118 0
dirhash 12 2K 2K 166960K 33 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 57K 236K 166960K 1253 0
sigio 0 0K 0K 166960K 24 0
proc 60 59K 91K 166960K 730 0
subproc 72 4K 4K 166960K 108 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 1 0K 0K 166960K 196 0
in_multi 95 6K 7K 166960K 184 0
ether_multi 1 0K 0K 166960K 11 0
mrt 2 0K 0K 166960K 27 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 241 1076K 1076K 166960K 241 0
exec 0 0K 1K 166960K 593 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 5 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 228 159K 181K 166960K 12473 0
UVM aobj 49 32K 32K 166960K 54 0
pinsyscall 37 74K 90K 166960K 2439 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 85 0
NDP 12 0K 2K 166960K 75 0
temp 85 9076K 9145K 166960K 35466 0
kqueue 14 22K 32K 166960K 212 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 136 0 133 1 0 1 1 0 8 0
rtentry 136 181 0 78 4 0 4 4 0 8 0
unpcb 144 1036 0 1020 10 1 9 9 0 8 8
syncache 336 4 0 4 2 1 1 1 0 8 1
tcpcb 736 573 0 568 13 6 7 7 0 8 6
arp 96 31 0 10 1 0 1 1 0 8 0
ipq 40 1 0 0 1 0 1 1 0 8 0
ipqe 40 1 0 0 1 0 1 1 0 8 0
inpcb 328 1550 0 1538 16 7 9 9 0 8 8
ip6q 72 2 0 0 1 0 1 1 0 8 0
ip6af 40 2 0 0 1 0 1 1 0 8 0
nd6 112 37 0 15 1 0 1 1 0 8 0
pkpcb 40 12 0 12 3 2 1 1 0 8 1
kcovpl 48 12 0 4 1 0 1 1 0 8 0
ppxss 1072 47 0 47 3 2 1 1 0 8 1
pppxif 1416 1 0 1 1 1 0 1 0 8 0
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pffrag 232 7 0 0 1 0 1 1 0 482 0
pffrnode 88 7 0 0 1 0 1 1 0 8 0
pffrent 40 8 0 1 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstkey 128 1 0 1 1 1 0 1 0 8 0
pfstate 384 1 0 1 1 1 0 1 0 8 0
pfrule 1360 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 6 0 0 6 0 6 6 0 8 0
art_heap4 256 716 0 292 32 5 27 29 0 8 0
art_table 40 722 0 292 5 0 5 5 0 8 0
art_node 32 178 0 85 1 0 1 1 0 8 0
sysvmsgpl 40 6 0 4 3 2 1 1 0 8 0
semapl 112 113 0 103 1 0 1 1 0 8 0
shmpl 112 38 0 4 1 0 1 1 0 8 0
dirhash 1024 31 0 14 3 0 3 3 0 8 0
dino2pl 256 3954 0 2496 92 0 92 92 0 8 0
ffsino 256 3954 0 2496 92 0 92 92 0 8 0
nchpl 144 5631 0 3929 64 0 64 64 0 8 0
rtmask 32 13 0 13 2 1 1 1 0 8 1
vnodes 216 4770 0 0 265 0 265 265 0 8 0
namei 1024 20359 0 20359 4 3 1 2 0 8 1
vcpupl 3904 13 0 1 2 0 2 2 0 8 0
vmpool 808 13 0 1 2 0 2 2 0 8 0
kstatmem 264 102 0 78 2 0 2 2 0 8 0
scsiplug 72 4 0 4 2 1 1 1 0 8 1
scxspl 216 17644 0 17644 11 3 8 8 1 8 8
plimitpl 152 461 0 441 1 0 1 1 0 8 0
sigapl 424 1534 0 1492 7 1 6 6 0 8 1
knotepl 120 48288 0 48234 35 21 14 17 0 8 8
kqueuepl 184 404 0 393 1 0 1 1 0 8 0
pipepl 304 368 0 340 10 0 10 10 0 8 7
fdescpl 448 1512 0 1484 4 0 4 4 0 8 0
filepl 120 11331 0 11099 18 3 15 15 0 8 7
lockfpl 104 944 0 942 3 1 2 2 0 8 1
lockfspl 48 383 0 381 1 0 1 1 0 8 0
sessionpl 144 27 0 19 1 0 1 1 0 8 0
pgrppl 48 85 0 69 1 0 1 1 0 8 0
ucredpl 104 2515 0 2503 1 0 1 1 0 8 0
zombiepl 144 1493 0 1492 1 0 1 1 0 8 0
processpl 1152 1534 0 1492 4 0 4 4 0 8 0
procpl 664 3131 0 3079 7 1 6 6 0 8 0
sosppl 176 6 0 6 2 1 1 1 0 8 1
sockpl 552 2909 0 2878 24 13 11 19 0 8 8
mcl64k 65536 319 0 319 3 2 1 1 0 8 1
mcl12k 12288 2 0 2 1 0 1 1 0 8 1
mcl8k 8192 16 0 16 3 2 1 1 0 8 1
mcl4k 4096 3887 0 3828 17 8 9 16 0 8 1
mcl2k 2048 1345 0 1339 6 4 2 4 0 8 1
mtagpl 96 65 0 15 2 0 2 2 0 8 0
mbufpl 256 22193 0 21982 91 63 28 74 0 8 8
bufpl 280 5113 0 108 358 0 358 358 0 8 0
anonpl 24 218037 0 214751 67 20 47 47 0 187 17
amapchunkpl 152 42454 0 41964 46 17 29 31 0 158 5
amappl16 200 3617 0 3584 28 16 12 16 0 8 8
amappl15 192 11 0 11 1 1 0 1 0 8 0
amappl14 184 461 0 460 1 0 1 1 0 8 0
amappl13 176 121 0 111 1 0 1 1 0 8 0
amappl12 168 1767 0 1740 2 0 2 2 0 8 0
amappl11 160 7 0 7 1 1 0 1 0 8 0
amappl10 152 71 0 61 1 0 1 1 0 8 0
amappl9 144 259 0 259 1 1 0 1 0 8 0
amappl8 136 116 0 114 1 0 1 1 0 8 0
amappl7 128 157 0 146 1 0 1 1 0 8 0
amappl6 120 191 0 189 1 0 1 1 0 8 0
amappl5 112 104 0 96 1 0 1 1 0 8 0
amappl4 104 283 0 268 1 0 1 1 0 8 0
amappl3 96 8472 0 8361 5 1 4 4 0 8 0
amappl2 88 552 0 498 2 0 2 2 0 8 0
amappl1 80 14329 0 13785 16 1 15 15 0 8 2
amappl 88 11521 0 11358 5 0 5 5 0 92 0
uvmvnodes 80 127 0 0 3 0 3 3 0 8 0
dma32768 32768 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 53 0 5 1 0 1 1 0 8 0
uaddrrnd 24 1512 0 1484 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1512 0 1484 1 0 1 1 0 8 0
vmmpekpl 168 12968 0 12917 3 0 3 3 0 8 0
vmmpepl 168 99203 0 97453 104 12 92 92 0 357 8
vmsppl 368 1511 0 1484 4 1 3 4 0 8 0
rwobjpl 40 26662 0 25628 15 2 13 13 0 8 2
pdppl 4096 3056 0 2982 115 36 79 79 0 8 5
pvpl 32 648259 0 638426 152 35 117 117 0 265 29
pmappl 216 1524 0 1485 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 494 0 135 14 2 12 12 0 8 1
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8343492c) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_blkfree(fffffd806ea3f300,2000700070006,4000) at ffs_blkfree+0xd4c sys/ufs/ffs/ffs_alloc.c:1285
ffs_indirtrunc(fffffd806ea3f300,fffffffffffffff4,133160,ffffffffffffffff,0,ffff80003c933588) at ffs_indirtrunc+0x7ba sys/ufs/ffs/ffs_inode.c:-1
ffs_truncate(fffffd806ea3f300,0,0,ffffffffffffffff) at ffs_truncate+0x1036 sys/ufs/ffs/ffs_inode.c:297
ufs_inactive(ffff80003c9336e0) at ufs_inactive+0x1ff sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd806c7c37b8,ffff80002a78cd10) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd806c7c37b8) at vput+0xdc sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd806c7c3458,fffffd806c7c37b8,ffff80003c933848) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a78cd10,ffffff9c,7e7e662bb460,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1923
syscall(ffff80003c9339b0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9339b0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7e7e662bb910, count: -12
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8343492c) at panic+0x1cf sys/kern/subr_prf.c:198
ffs_blkfree(fffffd806ea3f300,2000700070006,4000) at ffs_blkfree+0xd4c sys/ufs/ffs/ffs_alloc.c:1285
ffs_indirtrunc(fffffd806ea3f300,fffffffffffffff4,133160,ffffffffffffffff,0,ffff80003c933588) at ffs_indirtrunc+0x7ba sys/ufs/ffs/ffs_inode.c:-1
ffs_truncate(fffffd806ea3f300,0,0,ffffffffffffffff) at ffs_truncate+0x1036 sys/ufs/ffs/ffs_inode.c:297
ufs_inactive(ffff80003c9336e0) at ufs_inactive+0x1ff sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd806c7c37b8,ffff80002a78cd10) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd806c7c37b8) at vput+0xdc sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd806c7c3458,fffffd806c7c37b8,ffff80003c933848) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a78cd10,ffffff9c,7e7e662bb460,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1923
syscall(ffff80003c9339b0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9339b0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7e7e662bb910, count: -12