panic: pool_do_get: sosppl: page empty
0 views
Skip to first unread message
syzbot
Nov 24, 2025, 10:38:28 PM (4 days ago) Nov 24
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 58395e5de74c relocate ghcb in machdep.c
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=170a2612580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=2a533468bed92f1f0586
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/730f271bd781/disk-58395e5d.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/30e5ba246f74/bsd-58395e5d.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/075a10c17d7d/kernel-58395e5d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a5334...@syzkaller.appspotmail.com
panic: pool_do_get: sosppl: page empty
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
370851 73165 0 0 0 1 syz-executor
*417814 7760 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8334a205) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839debd0,9,ffff8000347e1898) at pool_do_get+0x55a sys/kern/subr_pool.c:728
pool_get(ffffffff839debd0,9) at pool_get+0x162 sys/kern/subr_pool.c:-1
sosplice(ffff80000149d1b8,0,0,0) at sosplice+0x553 sys/kern/uipc_socket.c:1356
sys_setsockopt(ffff8000fffeea78,ffff8000347e1aa0,ffff8000347e19f0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff8000347e1aa0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000347e1aa0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9edb55f0f90, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: pool_do_get: sosppl: page empty
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8334a205) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839debd0,9,ffff8000347e1898) at pool_do_get+0x55a sys/kern/subr_pool.c:728
pool_get(ffffffff839debd0,9) at pool_get+0x162 sys/kern/subr_pool.c:-1
sosplice(ffff80000149d1b8,0,0,0) at sosplice+0x553 sys/kern/uipc_socket.c:1356
sys_setsockopt(ffff8000fffeea78,ffff8000347e1aa0,ffff8000347e19f0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff8000347e1aa0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000347e1aa0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9edb55f0f90, count: -8
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000347e16d0
rbx 0xffffffff83810e07 cpu_info_full_primary+0x2e07
rdx 0xffff800001480580
rcx 0xffff8000fffeea78
rax 0xffffffff8380fff0 cpu_info_full_primary+0x1ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xbaf6d0bd1c7255db
r11 0xc585bcf4433a0a93
r12 0xffffffff83810c08 cpu_info_full_primary+0x2c08
r13 0
r14 0
r15 0x1
rip 0xffffffff8321ae95 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff8000347e16c0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=417814 pid=7760 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffeefa8,0xffff8000fffef4e8
process=0xffff80002a3cf508 user=0xffff8000347dc000, vmspace=0xfffffd806ca957c0
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
73165 370851 67546 0 7 0 syz-executor
73165 180854 67546 0 2 0x4000080 syz-executor
7760 223812 26623 0 2 0 syz-executor
* 7760 417814 26623 0 7 0x4000000 syz-executor
84369 493179 38911 0 2 0 syz-executor
84369 407206 38911 0 3 0x4000080 fsleep syz-executor
34698 239069 68982 0 2 0 syz-executor
34698 389974 68982 0 3 0x4000080 fsleep syz-executor
87311 124976 78263 0 2 0 syz-executor
87311 70311 78263 0 3 0x4000080 fsleep syz-executor
38911 469918 26091 0 3 0x82 nanoslp syz-executor
89788 443094 26091 0 2 0x2 syz-executor
34866 326028 0 0 3 0x14200 acct acct
67546 322737 26091 0 3 0x82 nanoslp syz-executor
78568 118819 26091 0 3 0x82 nanoslp syz-executor
26623 125938 26091 0 3 0x82 nanoslp syz-executor
38280 399953 26091 0 3 0x82 wait syz-executor
68982 386712 26091 0 3 0x82 nanoslp syz-executor
78263 211747 26091 0 3 0x82 nanoslp syz-executor
26091 71803 32888 0 3 0x82 kqread syz-executor
32888 406340 87195 0 3 0x10008a sigsusp ksh
87195 246830 66648 0 3 0x98 kqread sshd-session
66648 393691 55865 0 3 0x92 kqread sshd-session
10874 102888 1 0 3 0x100083 ttyopn getty
55865 84936 1 0 3 0x88 kqread sshd
71833 282082 29103 74 3 0x1100092 bpf pflogd
29103 419910 1 0 3 0x80 sbwait pflogd
63365 122934 98602 73 3 0x1100090 kqread syslogd
98602 165567 1 0 3 0x100082 sbwait syslogd
40887 512892 1 0 3 0x100080 kqread resolvd
79697 381829 93764 77 3 0x100092 kqread dhcpleased
72811 404639 93764 77 3 0x100092 kqread dhcpleased
93764 109211 1 0 3 0x80 kqread dhcpleased
12162 35409 0 0 3 0x14200 bored smr
13611 161441 0 0 2 0x14200 zerothread
85176 322883 0 0 3 0x14200 aiodoned aiodoned
55124 45201 0 0 3 0x14200 syncer update
36861 164865 0 0 3 0x14200 cleaner cleaner
59836 306131 0 0 3 0x14200 reaper reaper
26568 457669 0 0 3 0x14200 pgdaemon pagedaemon
98147 374333 0 0 3 0x14200 bored viomb
52950 418525 0 0 3 0x40014200 acpi0 acpi0
36554 403527 0 0 3 0x40014200 idle1
14211 267776 0 0 3 0x14200 bored softnet1
83121 208916 0 0 3 0x14200 bored softnet0
9125 358755 0 0 3 0x14200 bored systqmp
42376 348470 0 0 3 0x14200 bored systq
69439 216112 0 0 3 0x14200 tmoslp softclockmp
89908 153654 0 0 3 0x40014200 tmoslp softclock
37333 363703 0 0 3 0x40014200 idle0
1 41152 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex sosppl r = 0 (0xffffffff839debe8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 pool_get+0x124 sys/kern/subr_pool.c:581
#4 sosplice+0x553 sys/kern/uipc_socket.c:1356
#5 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#7 Xsyscall+0x128
Process 7760 (syz-executor) thread 0xffff8000fffeea78 (417814)
exclusive rwlock inet46 r = 0 (0xffff80000149d1d8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 sosplice+0x35b sys/kern/uipc_socket.c:1341
#3 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#4 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#4 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#5 Xsyscall+0x128
exclusive rwlock inet46 r = 0 (0xffff80000149c908)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 solock_pair+0xd0 sys/kern/uipc_socket2.c:-1
#3 sosplice+0x35b sys/kern/uipc_socket.c:1341
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
shared rwlock netlock r = 0 (0xffffffff838489b0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 solock_pair+0x9d sys/kern/uipc_socket2.c:384
#3 sosplice+0x35b sys/kern/uipc_socket.c:1341
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff80000149cad0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 sblock+0xb6 sys/kern/uipc_socket2.c:536
#3 sosplice+0x312 sys/kern/uipc_socket.c:1335
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
exclusive rwlock sbufrcv r = 0 (0xffff80000149d2a8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 sblock+0xb6 sys/kern/uipc_socket2.c:536
#3 sosplice+0x28f sys/kern/uipc_socket.c:1333
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
exclusive mutex sosppl r = 0 (0xffffffff839debe8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 pool_get+0x124 sys/kern/subr_pool.c:581
#4 sosplice+0x553 sys/kern/uipc_socket.c:1356
#5 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10218 11070K 11668K 166960K 13106 0
pcb 18 16K 17K 166960K 374 0
rtable 239 13K 14K 166960K 742 0
pf 34 17K 19K 166960K 150 0
ifaddr 36 6K 7K 166960K 112 0
ifgroup 55 2K 2K 166960K 184 0
sysctl 4 1K 9K 166960K 13 0
counters 68 36K 38K 166960K 258 0
ioctlops 0 0K 4K 166960K 1779 0
iov 0 0K 16K 166960K 102 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1465 92K 92K 166960K 2595 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 53 0
dirhash 12 2K 2K 166960K 27 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 236K 166960K 1415 0
sigio 0 0K 0K 166960K 35 0
proc 72 115K 180K 166960K 718 0
subproc 72 4K 4K 166960K 99 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 143 0
in_multi 73 5K 7K 166960K 180 0
ether_multi 1 0K 0K 166960K 13 0
mrt 1 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 554 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 242 175K 191K 166960K 14350 0
UVM aobj 6 8K 10K 166960K 7 0
pinsyscall 42 84K 102K 166960K 2660 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 1K 166960K 91 0
NDP 12 0K 2K 166960K 79 0
temp 77 8679K 8787K 166960K 48795 0
kqueue 13 20K 30K 166960K 257 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 137 0 134 1 0 1 1 0 8 0
rtentry 176 195 0 108 6 0 6 6 0 8 0
unpcb 144 914 0 897 3 1 2 2 0 8 1
syncache 336 11 0 11 2 1 1 1 0 8 1
tcpqe 32 4 0 4 1 0 1 1 0 8 1
tcpcb 736 376 0 368 8 1 7 7 0 8 6
arp 136 33 0 18 1 0 1 1 0 8 0
inpcb 328 1345 0 1331 13 3 10 10 0 8 8
nd6 152 42 0 21 1 0 1 1 0 8 0
pkpcb 40 8 0 8 2 1 1 1 0 8 1
kcovpl 48 11 0 3 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 0 1 1 0 8 1
ppxss 1192 80 0 80 1 0 1 1 0 8 1
pppxif 1504 7 0 7 2 1 1 1 0 8 1
pffrag 232 6 0 1 1 0 1 1 0 482 0
pffrnode 88 4 0 0 1 0 1 1 0 8 0
pffrent 40 9 0 4 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 77 0 13 1 0 1 1 0 8 0
pfstkey 128 77 0 13 3 0 3 3 0 8 0
pfstate 448 77 0 13 8 0 8 8 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 2 0 2 1 1 0 1 0 8 0
art_heap8 4096 5 0 1 5 0 5 5 0 8 1
art_heap4 256 781 0 411 29 4 25 29 0 8 1
art_table 40 786 0 412 5 0 5 5 0 8 0
art_node 32 195 0 116 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 4 2 1 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 50 0 40 1 0 1 1 0 8 0
dirhash 1024 27 0 10 3 0 3 3 0 8 0
dino2pl 256 3936 0 2419 96 0 96 96 0 8 0
ffsino 296 3936 0 2419 118 1 117 118 0 8 0
nchpl 144 5901 0 4184 64 0 64 64 0 8 0
rtmask 32 19 0 19 1 0 1 1 0 8 1
vnodes 216 4724 0 0 263 0 263 263 0 8 0
namei 1024 19400 0 19400 1 0 1 1 0 8 1
percpumem 16 144 0 95 1 0 1 1 0 8 0
vcpupl 3968 4 0 1 1 0 1 1 0 8 0
vmpool 840 4 0 1 1 0 1 1 0 8 0
kstatmem 264 118 0 90 3 0 3 3 0 8 1
scsiplug 72 5 0 5 1 0 1 1 0 8 1
scxspl 216 33101 0 33101 8 5 3 4 1 8 3
plimitpl 152 276 0 258 1 0 1 1 0 8 0
sigapl 424 1713 0 1665 7 1 6 7 0 8 0
knotepl 120 569 0 0 17 0 17 17 0 8 0
kqueuepl 224 487 0 478 5 3 2 5 0 8 1
pipepl 344 250 0 223 3 0 3 3 0 8 0
fdescpl 528 1691 0 1660 3 0 3 3 0 8 0
filepl 160 9923 0 9699 15 0 15 15 0 8 3
lockfpl 104 456 0 453 1 0 1 1 0 8 0
lockfspl 48 202 0 199 1 0 1 1 0 8 0
sessionpl 144 33 0 24 1 0 1 1 0 8 0
pgrppl 48 82 0 65 1 0 1 1 0 8 0
ucredpl 104 1672 0 1659 1 0 1 1 0 8 0
zombiepl 144 1667 0 1665 1 0 1 1 0 8 0
processpl 1232 1713 0 1665 5 0 5 5 0 8 1
procpl 664 3760 0 3707 6 0 6 6 0 8 0
sosppl 176 7 0 7 2 1 1 1 0 8 1
sosppl: pool(0xffffffff839debd0:sosppl): page inconsistency: page 0x0; at page head addr 0xfffffd806c453f90 (p 0xfffffd806c453000)
sockpl 752 2476 0 2442 18 6 12 15 0 8 8
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 120 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 37 0 0 5 0 5 5 0 8 0
mtagpl 96 32 0 0 1 0 1 1 0 8 0
mbufpl 256 1218 0 0 76 0 76 76 0 8 0
bufpl 280 12838 0 6701 439 0 439 439 0 8 0
anonpl 32 10112 0 0 82 0 82 82 0 246 0
amapchunkpl 152 50644 0 50160 36 3 33 33 0 158 9
amappl16 200 4775 0 4738 23 8 15 21 0 8 5
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 6 0 6 1 1 0 1 0 8 0
amappl13 176 470 0 469 1 0 1 1 0 8 0
amappl12 168 2104 0 2061 3 0 3 3 0 8 0
amappl11 160 6 0 6 1 1 0 1 0 8 0
amappl10 152 49 0 35 1 0 1 1 0 8 0
amappl9 144 257 0 257 1 1 0 1 0 8 0
amappl8 136 28 0 25 1 0 1 1 0 8 0
amappl7 128 110 0 109 1 0 1 1 0 8 0
amappl6 120 322 0 307 1 0 1 1 0 8 0
amappl5 112 78 0 67 1 0 1 1 0 8 0
amappl4 104 476 0 445 1 0 1 1 0 8 0
amappl3 96 8420 0 8330 3 0 3 3 0 8 0
amappl2 88 1859 0 1780 2 0 2 2 0 8 0
amappl1 80 16715 0 16109 16 0 16 16 0 8 0
amappl 88 13277 0 13113 5 0 5 5 0 92 0
uvmvnodes 80 147 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 1 1 1 0 8 1
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 10 0 10 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 6 0 1 1 0 1 1 0 8 0
uaddrrnd 24 1691 0 1660 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1691 0 1660 1 0 1 1 0 8 0
vmmpekpl 168 15350 0 15312 3 0 3 3 0 8 0
vmmpepl 168 113766 0 111825 103 4 99 103 0 357 4
vmsppl 488 1690 0 1660 5 0 5 5 0 8 0
rwobjpl 80 31567 0 30476 30 2 28 30 0 8 0
pdppl 4096 3397 0 3325 111 35 76 83 0 8 4
pvpl 32 17801 0 0 145 1 144 144 0 265 0
pmappl 256 1694 0 1661 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 370 0 43 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8334a205) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839debd0,9,ffff8000347e1898) at pool_do_get+0x55a sys/kern/subr_pool.c:728
pool_get(ffffffff839debd0,9) at pool_get+0x162 sys/kern/subr_pool.c:-1
sosplice(ffff80000149d1b8,0,0,0) at sosplice+0x553 sys/kern/uipc_socket.c:1356
sys_setsockopt(ffff8000fffeea78,ffff8000347e1aa0,ffff8000347e19f0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff8000347e1aa0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000347e1aa0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9edb55f0f90, count: -8
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x7f4e39d795b0, count: 12
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x7f4e39d795b0, count: -3
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 58395e5de74c relocate ghcb in machdep.c
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=170a2612580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=2a533468bed92f1f0586
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/730f271bd781/disk-58395e5d.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/30e5ba246f74/bsd-58395e5d.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/075a10c17d7d/kernel-58395e5d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a5334...@syzkaller.appspotmail.com
panic: pool_do_get: sosppl: page empty
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
370851 73165 0 0 0 1 syz-executor
*417814 7760 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8334a205) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839debd0,9,ffff8000347e1898) at pool_do_get+0x55a sys/kern/subr_pool.c:728
pool_get(ffffffff839debd0,9) at pool_get+0x162 sys/kern/subr_pool.c:-1
sosplice(ffff80000149d1b8,0,0,0) at sosplice+0x553 sys/kern/uipc_socket.c:1356
sys_setsockopt(ffff8000fffeea78,ffff8000347e1aa0,ffff8000347e19f0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff8000347e1aa0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000347e1aa0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9edb55f0f90, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: pool_do_get: sosppl: page empty
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8334a205) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839debd0,9,ffff8000347e1898) at pool_do_get+0x55a sys/kern/subr_pool.c:728
pool_get(ffffffff839debd0,9) at pool_get+0x162 sys/kern/subr_pool.c:-1
sosplice(ffff80000149d1b8,0,0,0) at sosplice+0x553 sys/kern/uipc_socket.c:1356
sys_setsockopt(ffff8000fffeea78,ffff8000347e1aa0,ffff8000347e19f0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff8000347e1aa0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000347e1aa0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9edb55f0f90, count: -8
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000347e16d0
rbx 0xffffffff83810e07 cpu_info_full_primary+0x2e07
rdx 0xffff800001480580
rcx 0xffff8000fffeea78
rax 0xffffffff8380fff0 cpu_info_full_primary+0x1ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xbaf6d0bd1c7255db
r11 0xc585bcf4433a0a93
r12 0xffffffff83810c08 cpu_info_full_primary+0x2c08
r13 0
r14 0
r15 0x1
rip 0xffffffff8321ae95 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff8000347e16c0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=417814 pid=7760 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffeefa8,0xffff8000fffef4e8
process=0xffff80002a3cf508 user=0xffff8000347dc000, vmspace=0xfffffd806ca957c0
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
73165 370851 67546 0 7 0 syz-executor
73165 180854 67546 0 2 0x4000080 syz-executor
7760 223812 26623 0 2 0 syz-executor
* 7760 417814 26623 0 7 0x4000000 syz-executor
84369 493179 38911 0 2 0 syz-executor
84369 407206 38911 0 3 0x4000080 fsleep syz-executor
34698 239069 68982 0 2 0 syz-executor
34698 389974 68982 0 3 0x4000080 fsleep syz-executor
87311 124976 78263 0 2 0 syz-executor
87311 70311 78263 0 3 0x4000080 fsleep syz-executor
38911 469918 26091 0 3 0x82 nanoslp syz-executor
89788 443094 26091 0 2 0x2 syz-executor
34866 326028 0 0 3 0x14200 acct acct
67546 322737 26091 0 3 0x82 nanoslp syz-executor
78568 118819 26091 0 3 0x82 nanoslp syz-executor
26623 125938 26091 0 3 0x82 nanoslp syz-executor
38280 399953 26091 0 3 0x82 wait syz-executor
68982 386712 26091 0 3 0x82 nanoslp syz-executor
78263 211747 26091 0 3 0x82 nanoslp syz-executor
26091 71803 32888 0 3 0x82 kqread syz-executor
32888 406340 87195 0 3 0x10008a sigsusp ksh
87195 246830 66648 0 3 0x98 kqread sshd-session
66648 393691 55865 0 3 0x92 kqread sshd-session
10874 102888 1 0 3 0x100083 ttyopn getty
55865 84936 1 0 3 0x88 kqread sshd
71833 282082 29103 74 3 0x1100092 bpf pflogd
29103 419910 1 0 3 0x80 sbwait pflogd
63365 122934 98602 73 3 0x1100090 kqread syslogd
98602 165567 1 0 3 0x100082 sbwait syslogd
40887 512892 1 0 3 0x100080 kqread resolvd
79697 381829 93764 77 3 0x100092 kqread dhcpleased
72811 404639 93764 77 3 0x100092 kqread dhcpleased
93764 109211 1 0 3 0x80 kqread dhcpleased
12162 35409 0 0 3 0x14200 bored smr
13611 161441 0 0 2 0x14200 zerothread
85176 322883 0 0 3 0x14200 aiodoned aiodoned
55124 45201 0 0 3 0x14200 syncer update
36861 164865 0 0 3 0x14200 cleaner cleaner
59836 306131 0 0 3 0x14200 reaper reaper
26568 457669 0 0 3 0x14200 pgdaemon pagedaemon
98147 374333 0 0 3 0x14200 bored viomb
52950 418525 0 0 3 0x40014200 acpi0 acpi0
36554 403527 0 0 3 0x40014200 idle1
14211 267776 0 0 3 0x14200 bored softnet1
83121 208916 0 0 3 0x14200 bored softnet0
9125 358755 0 0 3 0x14200 bored systqmp
42376 348470 0 0 3 0x14200 bored systq
69439 216112 0 0 3 0x14200 tmoslp softclockmp
89908 153654 0 0 3 0x40014200 tmoslp softclock
37333 363703 0 0 3 0x40014200 idle0
1 41152 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex sosppl r = 0 (0xffffffff839debe8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 pool_get+0x124 sys/kern/subr_pool.c:581
#4 sosplice+0x553 sys/kern/uipc_socket.c:1356
#5 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#7 Xsyscall+0x128
Process 7760 (syz-executor) thread 0xffff8000fffeea78 (417814)
exclusive rwlock inet46 r = 0 (0xffff80000149d1d8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 sosplice+0x35b sys/kern/uipc_socket.c:1341
#3 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#4 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#4 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#5 Xsyscall+0x128
exclusive rwlock inet46 r = 0 (0xffff80000149c908)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 solock_pair+0xd0 sys/kern/uipc_socket2.c:-1
#3 sosplice+0x35b sys/kern/uipc_socket.c:1341
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
shared rwlock netlock r = 0 (0xffffffff838489b0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 solock_pair+0x9d sys/kern/uipc_socket2.c:384
#3 sosplice+0x35b sys/kern/uipc_socket.c:1341
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff80000149cad0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 sblock+0xb6 sys/kern/uipc_socket2.c:536
#3 sosplice+0x312 sys/kern/uipc_socket.c:1335
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
exclusive rwlock sbufrcv r = 0 (0xffff80000149d2a8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 sblock+0xb6 sys/kern/uipc_socket2.c:536
#3 sosplice+0x28f sys/kern/uipc_socket.c:1333
#4 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
exclusive mutex sosppl r = 0 (0xffffffff839debe8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 pool_get+0x124 sys/kern/subr_pool.c:581
#4 sosplice+0x553 sys/kern/uipc_socket.c:1356
#5 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10218 11070K 11668K 166960K 13106 0
pcb 18 16K 17K 166960K 374 0
rtable 239 13K 14K 166960K 742 0
pf 34 17K 19K 166960K 150 0
ifaddr 36 6K 7K 166960K 112 0
ifgroup 55 2K 2K 166960K 184 0
sysctl 4 1K 9K 166960K 13 0
counters 68 36K 38K 166960K 258 0
ioctlops 0 0K 4K 166960K 1779 0
iov 0 0K 16K 166960K 102 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1465 92K 92K 166960K 2595 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 53 0
dirhash 12 2K 2K 166960K 27 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 236K 166960K 1415 0
sigio 0 0K 0K 166960K 35 0
proc 72 115K 180K 166960K 718 0
subproc 72 4K 4K 166960K 99 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 143 0
in_multi 73 5K 7K 166960K 180 0
ether_multi 1 0K 0K 166960K 13 0
mrt 1 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 554 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 242 175K 191K 166960K 14350 0
UVM aobj 6 8K 10K 166960K 7 0
pinsyscall 42 84K 102K 166960K 2660 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 1K 166960K 91 0
NDP 12 0K 2K 166960K 79 0
temp 77 8679K 8787K 166960K 48795 0
kqueue 13 20K 30K 166960K 257 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 137 0 134 1 0 1 1 0 8 0
rtentry 176 195 0 108 6 0 6 6 0 8 0
unpcb 144 914 0 897 3 1 2 2 0 8 1
syncache 336 11 0 11 2 1 1 1 0 8 1
tcpqe 32 4 0 4 1 0 1 1 0 8 1
tcpcb 736 376 0 368 8 1 7 7 0 8 6
arp 136 33 0 18 1 0 1 1 0 8 0
inpcb 328 1345 0 1331 13 3 10 10 0 8 8
nd6 152 42 0 21 1 0 1 1 0 8 0
pkpcb 40 8 0 8 2 1 1 1 0 8 1
kcovpl 48 11 0 3 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 0 1 1 0 8 1
ppxss 1192 80 0 80 1 0 1 1 0 8 1
pppxif 1504 7 0 7 2 1 1 1 0 8 1
pffrag 232 6 0 1 1 0 1 1 0 482 0
pffrnode 88 4 0 0 1 0 1 1 0 8 0
pffrent 40 9 0 4 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 77 0 13 1 0 1 1 0 8 0
pfstkey 128 77 0 13 3 0 3 3 0 8 0
pfstate 448 77 0 13 8 0 8 8 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 2 0 2 1 1 0 1 0 8 0
art_heap8 4096 5 0 1 5 0 5 5 0 8 1
art_heap4 256 781 0 411 29 4 25 29 0 8 1
art_table 40 786 0 412 5 0 5 5 0 8 0
art_node 32 195 0 116 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 4 2 1 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 50 0 40 1 0 1 1 0 8 0
dirhash 1024 27 0 10 3 0 3 3 0 8 0
dino2pl 256 3936 0 2419 96 0 96 96 0 8 0
ffsino 296 3936 0 2419 118 1 117 118 0 8 0
nchpl 144 5901 0 4184 64 0 64 64 0 8 0
rtmask 32 19 0 19 1 0 1 1 0 8 1
vnodes 216 4724 0 0 263 0 263 263 0 8 0
namei 1024 19400 0 19400 1 0 1 1 0 8 1
percpumem 16 144 0 95 1 0 1 1 0 8 0
vcpupl 3968 4 0 1 1 0 1 1 0 8 0
vmpool 840 4 0 1 1 0 1 1 0 8 0
kstatmem 264 118 0 90 3 0 3 3 0 8 1
scsiplug 72 5 0 5 1 0 1 1 0 8 1
scxspl 216 33101 0 33101 8 5 3 4 1 8 3
plimitpl 152 276 0 258 1 0 1 1 0 8 0
sigapl 424 1713 0 1665 7 1 6 7 0 8 0
knotepl 120 569 0 0 17 0 17 17 0 8 0
kqueuepl 224 487 0 478 5 3 2 5 0 8 1
pipepl 344 250 0 223 3 0 3 3 0 8 0
fdescpl 528 1691 0 1660 3 0 3 3 0 8 0
filepl 160 9923 0 9699 15 0 15 15 0 8 3
lockfpl 104 456 0 453 1 0 1 1 0 8 0
lockfspl 48 202 0 199 1 0 1 1 0 8 0
sessionpl 144 33 0 24 1 0 1 1 0 8 0
pgrppl 48 82 0 65 1 0 1 1 0 8 0
ucredpl 104 1672 0 1659 1 0 1 1 0 8 0
zombiepl 144 1667 0 1665 1 0 1 1 0 8 0
processpl 1232 1713 0 1665 5 0 5 5 0 8 1
procpl 664 3760 0 3707 6 0 6 6 0 8 0
sosppl 176 7 0 7 2 1 1 1 0 8 1
sosppl: pool(0xffffffff839debd0:sosppl): page inconsistency: page 0x0; at page head addr 0xfffffd806c453f90 (p 0xfffffd806c453000)
sockpl 752 2476 0 2442 18 6 12 15 0 8 8
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 120 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 37 0 0 5 0 5 5 0 8 0
mtagpl 96 32 0 0 1 0 1 1 0 8 0
mbufpl 256 1218 0 0 76 0 76 76 0 8 0
bufpl 280 12838 0 6701 439 0 439 439 0 8 0
anonpl 32 10112 0 0 82 0 82 82 0 246 0
amapchunkpl 152 50644 0 50160 36 3 33 33 0 158 9
amappl16 200 4775 0 4738 23 8 15 21 0 8 5
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 6 0 6 1 1 0 1 0 8 0
amappl13 176 470 0 469 1 0 1 1 0 8 0
amappl12 168 2104 0 2061 3 0 3 3 0 8 0
amappl11 160 6 0 6 1 1 0 1 0 8 0
amappl10 152 49 0 35 1 0 1 1 0 8 0
amappl9 144 257 0 257 1 1 0 1 0 8 0
amappl8 136 28 0 25 1 0 1 1 0 8 0
amappl7 128 110 0 109 1 0 1 1 0 8 0
amappl6 120 322 0 307 1 0 1 1 0 8 0
amappl5 112 78 0 67 1 0 1 1 0 8 0
amappl4 104 476 0 445 1 0 1 1 0 8 0
amappl3 96 8420 0 8330 3 0 3 3 0 8 0
amappl2 88 1859 0 1780 2 0 2 2 0 8 0
amappl1 80 16715 0 16109 16 0 16 16 0 8 0
amappl 88 13277 0 13113 5 0 5 5 0 92 0
uvmvnodes 80 147 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 1 1 1 0 8 1
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 10 0 10 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 6 0 1 1 0 1 1 0 8 0
uaddrrnd 24 1691 0 1660 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1691 0 1660 1 0 1 1 0 8 0
vmmpekpl 168 15350 0 15312 3 0 3 3 0 8 0
vmmpepl 168 113766 0 111825 103 4 99 103 0 357 4
vmsppl 488 1690 0 1660 5 0 5 5 0 8 0
rwobjpl 80 31567 0 30476 30 2 28 30 0 8 0
pdppl 4096 3397 0 3325 111 35 76 83 0 8 4
pvpl 32 17801 0 0 145 1 144 144 0 265 0
pmappl 256 1694 0 1661 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 370 0 43 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8334a205) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839debd0,9,ffff8000347e1898) at pool_do_get+0x55a sys/kern/subr_pool.c:728
pool_get(ffffffff839debd0,9) at pool_get+0x162 sys/kern/subr_pool.c:-1
sosplice(ffff80000149d1b8,0,0,0) at sosplice+0x553 sys/kern/uipc_socket.c:1356
sys_setsockopt(ffff8000fffeea78,ffff8000347e1aa0,ffff8000347e19f0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff8000347e1aa0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000347e1aa0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9edb55f0f90, count: -8
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x7f4e39d795b0, count: 12
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x7f4e39d795b0, count: -3
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages