panic: pool_do_get: vnodes: page empty
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 61775 73228 0 0x8000000 0x4000000 0 syz-executor.2
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292050d) at panic+0x165 sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d60a60,9,ffff800030f7491c) at pool_do_get+0x400 sys/kern/subr_pool.c:726
pool_get(ffffffff82d60a60,9) at pool_get+0xba sys/kern/subr_pool.c:582
getnewvnode(0,0,ffffffff82b8e1f0,ffff800030f749f0) at getnewvnode+0xe4 sys/kern/vfs_subr.c:409
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 getdevvp sys/kern/vfs_subr.c:526 [inline]
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 sys/kern/vfs_subr.c:507
spec_open_clone(ffff800030f74b38) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711
spec_open(ffff800030f74b38) at spec_open+0x242 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd807e648b28,1,fffffd807f7d7680,ffff8000329a82c8) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800030f74d88,1,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff8000329a82c8,ffffff9c,20000000,0,0,ffff800030f74f30) at doopenat+0x269 sys/kern/vfs_syscalls.c:1127
syscall(ffff800030f74fe0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf9981d6d410, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pool_do_get: vnodes: page empty
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292050d) at panic+0x165 sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d60a60,9,ffff800030f7491c) at pool_do_get+0x400 sys/kern/subr_pool.c:726
pool_get(ffffffff82d60a60,9) at pool_get+0xba sys/kern/subr_pool.c:582
getnewvnode(0,0,ffffffff82b8e1f0,ffff800030f749f0) at getnewvnode+0xe4 sys/kern/vfs_subr.c:409
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 getdevvp sys/kern/vfs_subr.c:526 [inline]
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 sys/kern/vfs_subr.c:507
spec_open_clone(ffff800030f74b38) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711
spec_open(ffff800030f74b38) at spec_open+0x242 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd807e648b28,1,fffffd807f7d7680,ffff8000329a82c8) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800030f74d88,1,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff8000329a82c8,ffffff9c,20000000,0,0,ffff800030f74f30) at doopenat+0x269 sys/kern/vfs_syscalls.c:1127
syscall(ffff800030f74fe0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf9981d6d410, count: -13
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800030f747a0
rbx 0
rdx 0xffff800000dcacc0
rcx 0
rax 0xffff8000329a82c8
r8 0x101010101010101
r9 0x8080808080808080
r10 0xe26749b2df2a3017
r11 0xf9ee73901a220ff3
r12 0
r13 0xfffffd807c2b2f90
r14 0
r15 0x1
rip 0xffffffff8210581c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff800030f74790
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.2) tid=61775 pid=73228 tcnt=2 stat=onproc
flags process=8000000 proc=4000000<THREAD>
runpri=32, usrpri=51, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff8000329a9228,0xffffffff82db4bf0
process=0xffff8000ffff69f0 user=0xffff800030f70000, vmspace=0xfffffd806cd9a170
estcpu=6, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
73228 242144 16625 0 2 0x8000000 syz-executor.2
*73228 61775 16625 0 7 0xc000000 syz-executor.2
15827 348266 11124 0 2 0x8000000 syz-executor.6
15827 444345 11124 0 2 0xc000000 syz-executor.6
17376 418209 64830 0 2 0x8000000 syz-executor.0
17376 355216 64830 0 3 0xc000080 bell syz-executor.0
91253 261253 81022 0 3 0x8000080 nanoslp syz-executor.1
91253 436293 81022 0 3 0xc000080 kqread syz-executor.1
91253 25583 81022 0 3 0xc000080 fsleep syz-executor.1
6144 503263 64706 0 2 0x8000002 syz-executor.3
52790 149769 64706 0 2 0x8000002 syz-executor.5
16625 310351 64706 0 3 0x8000082 nanoslp syz-executor.2
57357 504780 64706 0 2 0x8000002 syz-executor.4
81022 18765 64706 0 3 0x8000082 nanoslp syz-executor.1
11124 471954 64706 0 3 0x8000082 nanoslp syz-executor.6
64830 251912 64706 0 3 0x8000082 nanoslp syz-executor.0
15566 331527 64706 0 2 0x8000002 syz-executor.7
39514 60727 1 0 3 0x18100083 ttyin getty
84650 381472 0 0 3 0x14200 bored sosplice
64706 55280 55086 0 3 0x1a000082 wait syz-fuzzer
64706 57667 55086 0 3 0x1e000082 nanoslp syz-fuzzer
64706 16989 55086 0 2 0x1e000002 syz-fuzzer
64706 304975 55086 0 3 0x1e000082 wait syz-fuzzer
64706 275812 55086 0 3 0x1e000082 thrsleep syz-fuzzer
64706 91565 55086 0 3 0x1e000082 thrsleep syz-fuzzer
64706 181287 55086 0 3 0x1e000082 wait syz-fuzzer
64706 296952 55086 0 3 0x1e000082 thrsleep syz-fuzzer
64706 349882 55086 0 3 0x1e000082 wait syz-fuzzer
64706 274586 55086 0 3 0x1e000082 thrsleep syz-fuzzer
64706 354332 55086 0 3 0x1e000082 wait syz-fuzzer
64706 401382 55086 0 3 0x1e000082 wait syz-fuzzer
64706 477245 55086 0 3 0x1e000082 wait syz-fuzzer
64706 41122 55086 0 3 0x1e000082 wait syz-fuzzer
55086 511394 16817 0 3 0x810008a sigsusp ksh
16817 519172 37328 0 3 0x1800009a kqread sshd
37328 101430 1 0 3 0x18000088 kqread sshd
46705 147527 48112 73 2 0x19100010 syslogd
48112 64085 1 0 3 0x18100082 sbwait syslogd
11583 490734 1 0 3 0x18100080 kqread resolvd
12423 260663 93215 77 3 0x18100092 kqread dhcpleased
34114 212838 93215 77 3 0x18100092 kqread dhcpleased
93215 410149 1 0 3 0x18000080 kqread dhcpleased
22698 340695 0 0 3 0x14200 bored smr
1655 82249 0 0 2 0x14200 zerothread
47750 327786 0 0 3 0x14200 aiodoned aiodoned
57417 66532 0 0 3 0x14200 syncer update
30900 248126 0 0 3 0x14200 cleaner cleaner
59673 369450 0 0 3 0x14200 reaper reaper
56232 8836 0 0 3 0x14200 pgdaemon pagedaemon
91147 35013 0 0 3 0x14200 bored viomb
69143 349521 0 0 3 0x40014200 acpi0 acpi0
52400 314508 0 0 3 0x14200 bored softnet3
55671 4343 0 0 3 0x14200 bored softnet2
38366 216218 0 0 3 0x14200 bored softnet1
11175 386936 0 0 3 0x14200 bored softnet0
75788 419304 0 0 3 0x14200 bored systqmp
99769 311951 0 0 3 0x14200 bored systq
60349 70630 0 0 3 0x40014200 tmoslp softclock
65793 138694 0 0 3 0x40014200 idle0
1 370167 0 0 3 0x8000082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10195 6554K 7009K 166960K 13040 0
pcb 17 12K 12K 166960K 137 0
rtable 179 13K 15K 166960K 1469 0
pf 31 9K 9K 166960K 132 0
ifaddr 39 10K 11K 166960K 196 0
ifgroup 54 2K 2K 166960K 241 0
sysctl 3 1K 1K 166960K 3 0
counters 31 17K 17K 166960K 76 0
ioctlops 0 0K 2K 166960K 110 0
iov 0 0K 16K 166960K 57 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1377 87K 87K 166960K 2605 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 19 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 57 0
dirhash 12 2K 2K 166960K 39 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 14 49K 89K 166960K 1360 0
sigio 0 0K 0K 166960K 12 0
proc 58 59K 116K 166960K 1447 0
subproc 104 6K 7K 166960K 539 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 106 0
in_multi 81 6K 7K 166960K 476 0
ether_multi 1 0K 0K 166960K 7 0
mrt 1 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 892 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 263 96K 101K 166960K 12299 0
UVM aobj 32 6K 6K 166960K 35 0
pinsyscall 34 68K 100K 166960K 3384 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 59 0
NDP 12 0K 2K 166960K 139 0
temp 76 6812K 6876K 166960K 28193 0
kqueue 12 18K 24K 166960K 142 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 210 0 207 1 0 1 1 0 8 0
rtentry 112 507 0 429 4 0 4 4 0 8 1
unpcb 144 782 0 769 4 0 4 4 0 8 3
syncache 336 5 0 5 1 0 1 1 0 8 1
tcpqe 32 40 0 40 1 0 1 1 0 8 1
tcpcb 808 277 0 272 2 0 2 2 0 8 1
arp 88 93 0 77 1 0 1 1 0 8 0
ipq 40 3 0 2 1 0 1 1 0 8 0
ipqe 40 8 0 7 1 0 1 1 0 8 0
inpcb 352 1054 0 1046 3 0 3 3 0 8 2
nd6 104 128 0 109 1 0 1 1 0 8 0
pkpcb 40 5 0 5 1 0 1 1 0 8 1
kcovpl 48 41 0 33 1 0 1 1 0 8 0
ppxss 1072 3 0 3 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2051 0 1694 59 32 27 29 0 8 0
art_table 32 2052 0 1694 4 0 4 4 0 8 0
art_node 16 500 0 430 1 0 1 1 0 8 0
sysvmsgpl 40 17 0 7 1 0 1 1 0 8 0
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 112 55 0 45 1 0 1 1 0 8 0
shmpl 112 32 0 3 1 0 1 1 0 8 0
dirhash 1024 35 0 18 3 0 3 3 0 8 0
dino2pl 256 3053 0 1549 96 0 96 96 0 8 1
ffsino 240 3053 0 1549 90 0 90 90 0 8 0
nchpl 144 4749 0 4189 67 0 67 67 0 8 41
uvmvnodes 80 4143 0 0 85 0 85 85 0 8 0
vnodes 216 4143 0 0 231 0 231 231 0 8 0
vnodes: pool(0xffffffff82d60a60:vnodes): page inconsistency: page 0x0; at page head addr 0xfffffd807c2b2f90 (p 0xfffffd807c2b2000)
namei 1024 19116 0 19116 3 0 3 3 0 8 3
vcpupl 3904 6 0 1 1 0 1 1 0 8 0
vmpool 664 9 0 4 1 0 1 1 0 8 0
kstatmem 264 114 0 90 2 0 2 2 0 8 0
scxspl 216 34998 0 34998 8 0 8 8 1 8 8
plimitpl 152 192 0 177 1 0 1 1 0 8 0
sigapl 424 1615 0 1573 9 0 9 9 0 8 2
futexpl 64 16756 0 16755 1 0 1 1 0 8 0
knotepl 120 7005 0 6923 11 0 11 11 0 8 7
kqueuepl 184 264 0 255 1 0 1 1 0 8 0
pipepl 288 350 0 322 3 0 3 3 0 8 0
fdescpl 432 1578 0 1553 4 0 4 4 0 8 0
filepl 120 8606 0 8361 10 0 10 10 0 8 2
lockfpl 104 262 0 259 1 0 1 1 0 8 0
lockfspl 48 121 0 118 1 0 1 1 0 8 0
sessionpl 144 57 0 41 1 0 1 1 0 8 0
pgrppl 48 68 0 52 1 0 1 1 0 8 0
ucredpl 104 1024 0 1014 1 0 1 1 0 8 0
zombiepl 144 1573 0 1573 1 0 1 1 0 8 1
processpl 1072 1615 0 1573 5 0 5 5 0 8 0
procpl 656 2539 0 2479 9 0 9 9 0 8 2
sosppl 168 2 0 2 1 0 1 1 0 8 1
sockpl 504 2071 0 2047 13 2 11 13 0 8 8
mcl64k 65536 2 0 2 1 0 1 1 0 8 1
mcl8k 8192 46 0 46 1 0 1 1 0 8 1
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 22410 0 22311 51 30 21 48 0 8 6
mtagpl 96 36 0 34 1 0 1 1 0 8 0
mbufpl 256 47584 0 47375 74 54 20 60 0 8 2
bufpl 280 9547 0 1670 563 0 563 563 0 8 0
anonpl 24 332133 0 326519 93 0 93 93 0 188 42
amapchunkpl 152 41054 0 40476 47 0 47 47 0 158 21
amappl16 200 7554 0 7426 33 16 17 20 0 8 7
amappl15 192 33 0 33 1 0 1 1 0 8 1
amappl14 184 272 0 260 2 0 2 2 0 8 1
amappl13 176 8 0 8 1 0 1 1 0 8 1
amappl12 168 2696 0 2670 2 0 2 2 0 8 0
amappl11 160 86 0 76 1 0 1 1 0 8 0
amappl10 152 75 0 65 1 0 1 1 0 8 0
amappl9 144 159 0 159 1 0 1 1 0 8 1
amappl8 136 163 0 131 2 0 2 2 0 8 0
amappl7 128 88 0 73 1 0 1 1 0 8 0
amappl6 120 751 0 737 2 0 2 2 0 8 1
amappl5 112 292 0 279 1 0 1 1 0 8 0
amappl4 104 692 0 661 2 0 2 2 0 8 1
amappl3 96 8029 0 7962 3 0 3 3 0 8 0
amappl2 88 2117 0 2045 4 0 4 4 0 8 2
amappl1 80 15447 0 14960 22 3 19 22 0 8 8
amappl 88 11459 0 11288 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 34 0 3 1 0 1 1 0 8 0
uaddrrnd 24 1587 0 1557 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1587 0 1557 1 0 1 1 0 8 0
vmmpekpl 168 16149 0 16093 4 0 4 4 0 8 0
vmmpepl 168 124099 0 122371 118 0 118 118 0 357 38
vmsppl 344 1586 0 1557 4 0 4 4 0 8 0
rwobjpl 24 39767 0 34550 33 0 33 33 0 8 1
pdppl 4096 3180 0 3119 163 96 67 80 0 8 6
pvpl 32 853805 0 842315 398 45 353 398 0 265 231
pmappl 216 1586 0 1557 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 565 0 214 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292050d) at panic+0x165 sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d60a60,9,ffff800030f7491c) at pool_do_get+0x400 sys/kern/subr_pool.c:726
pool_get(ffffffff82d60a60,9) at pool_get+0xba sys/kern/subr_pool.c:582
getnewvnode(0,0,ffffffff82b8e1f0,ffff800030f749f0) at getnewvnode+0xe4 sys/kern/vfs_subr.c:409
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 getdevvp sys/kern/vfs_subr.c:526 [inline]
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 sys/kern/vfs_subr.c:507
spec_open_clone(ffff800030f74b38) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711
spec_open(ffff800030f74b38) at spec_open+0x242 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd807e648b28,1,fffffd807f7d7680,ffff8000329a82c8) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800030f74d88,1,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff8000329a82c8,ffffff9c,20000000,0,0,ffff800030f74f30) at doopenat+0x269 sys/kern/vfs_syscalls.c:1127
syscall(ffff800030f74fe0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf9981d6d410, count: -13
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292050d) at panic+0x165 sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d60a60,9,ffff800030f7491c) at pool_do_get+0x400 sys/kern/subr_pool.c:726
pool_get(ffffffff82d60a60,9) at pool_get+0xba sys/kern/subr_pool.c:582
getnewvnode(0,0,ffffffff82b8e1f0,ffff800030f749f0) at getnewvnode+0xe4 sys/kern/vfs_subr.c:409
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 getdevvp sys/kern/vfs_subr.c:526 [inline]
cdevvp(51700,ffff800030f74a60) at cdevvp+0x58 sys/kern/vfs_subr.c:507
spec_open_clone(ffff800030f74b38) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711
spec_open(ffff800030f74b38) at spec_open+0x242 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd807e648b28,1,fffffd807f7d7680,ffff8000329a82c8) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800030f74d88,1,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff8000329a82c8,ffffff9c,20000000,0,0,ffff800030f74f30) at doopenat+0x269 sys/kern/vfs_syscalls.c:1127
syscall(ffff800030f74fe0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf9981d6d410, count: -13