panic: pool_do_get: rttmr free list modified: page 0xfffffd806843e000; item addr 0xfffffd806843eee0; offset 0x20=0xb08528
Starting stack trace...
panic(ffffffff83391dac) at panic+0x1ba sys/kern/subr_prf.c:229
pool_do_get(ffffffff8396bab0,a,ffff80002a738f88) at pool_do_get+0x5be sys/kern/subr_pool.c:-1
pool_get(ffffffff8396bab0,a) at pool_get+0x103 sys/kern/subr_pool.c:-1
rt_timer_add(fffffd807458f990,ffffffff83937c88,0) at rt_timer_add+0x4e sys/net/route.c:-1
icmp_mtudisc_clone(100007f,0,0) at icmp_mtudisc_clone+0x2ea sys/netinet/ip_icmp.c:992
tcp_timer_rexmt(fffffd806b0c82d0) at tcp_timer_rexmt+0x9c2 sys/netinet/tcp_timer.c:-1
timeout_run(ffff800001445338) at timeout_run+0xc0 sys/kern/kern_timeout.c:-1
softclock_thread(ffff80002a72c7b0) at softclock_thread+0xe3 sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: 249
End of stack trace.
syncing disks...35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 giving up
WARNING: SPL NOT LOWERED ON SYSCALL 72 9 EXIT 0 9
Stopped at savectx+0xae: movl $0,%gs:0x680
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*474323 25896 73 0x1100010 0 0 syslogd
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7735d901e760, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pool_do_get: rttmr free list modified: page 0xfffffd806843e000; item addr 0xfffffd806843eee0; offset 0x20=0xb08528
ddb> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7735d901e760, count: -1
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002a7ff2b0
rbx 0
rdx 0
rcx 0
rax 0x32
r8 0xffff80002a7ff1e0
r9 0
r10 0x2cbd3863fd26a8e4
r11 0x426e525f62942e66
r12 0
r13 0
r14 0xffff80002a7d1c40
r15 0
rip 0xffffffff820fa3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a7ff230
ss 0x10
savectx+0xae: movl $0,%gs:0x680
ddb> show proc
PROC (syslogd) tid=474323 pid=25896 tcnt=1 stat=onproc
flags process=1100010<SUGID,PLEDGE,CHROOT> proc=0
runpri=24, usrpri=50, slppri=24, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a7d19b0,0xffff80002a7d0020
process=0xffff8000ffff8d18 user=0xffff80002a7fa000, vmspace=0xfffffd807450a878
estcpu=0, cpticks=0, pctcpu=0.0, user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
78936 403176 50991 0 2 0 syz-executor
78936 257231 50991 0 3 0x4000080 fsleep syz-executor
1016 187348 36652 0 2 0 syz-executor
1016 44480 36652 0 2 0x4000000 syz-executor
52333 461375 73701 0 2 0 syz-executor
52333 45209 73701 0 3 0x4000080 fsleep syz-executor
52333 358756 73701 0 3 0x4000080 fsleep syz-executor
52333 119959 73701 0 3 0x4000080 fsleep syz-executor
97467 434438 72941 0 2 0 syz-executor
97467 35910 72941 0 2 0x4000080 syz-executor
68447 319566 61184 0 2 0 syz-executor
68447 435427 61184 0 3 0x4000080 kqsel syz-executor
68447 396454 61184 0 3 0x4000080 fsleep syz-executor
81464 455490 0 0 3 0x14200 acct acct
49738 151246 7077 0 3 0x82 wait syz-executor
30095 80110 7077 0 2 0x10000c82 syz-executor
73701 126794 7077 0 2 0xc82 syz-executor
50991 171268 7077 0 2 0xc82 syz-executor
72941 127931 7077 0 2 0xc82 syz-executor
638 232689 0 0 3 0x14200 bored sosplice
36652 441439 7077 0 2 0xc82 syz-executor
61184 284019 7077 0 2 0xc82 syz-executor
74127 344819 7077 0 2 0x2 syz-executor
7077 179580 94665 0 2 0x2 syz-executor
94665 442096 57348 0 3 0x10008a sigsusp ksh
57348 440372 32404 0 3 0x98 kqread sshd-session
32404 331538 17215 0 3 0x92 kqread sshd-session
55086 104537 1 0 2 0x100083 getty
17215 1609 1 0 3 0x88 kqread sshd
*25896 474323 27566 73 7 0x1100010 syslogd
27566 21831 1 0 3 0x100082 sbwait syslogd
74462 353563 1 0 3 0x100080 kqread resolvd
3948 121785 44177 77 2 0x100012 dhcpleased
74086 141541 44177 77 3 0x100092 kqread dhcpleased
44177 199009 1 0 3 0x80 kqread dhcpleased
84448 463728 0 0 3 0x14200 bored smr
66169 110329 0 0 2 0x14200 zerothread
94456 287081 0 0 3 0x14200 aiodoned aiodoned
14699 264386 0 0 3 0x14200 syncer update
22860 187659 0 0 3 0x14200 cleaner cleaner
87512 295623 0 0 3 0x14200 reaper reaper
83041 51433 0 0 3 0x14200 pgdaemon pagedaemon
92613 154644 0 0 3 0x14200 bored viomb
17676 394585 0 0 3 0x40014200 acpi0 acpi0
16555 388241 0 0 3 0x14200 bored softnet3
52308 22354 0 0 3 0x14200 bored softnet2
82989 415656 0 0 3 0x14200 bored softnet1
73998 395709 0 0 2 0x14200 softnet0
70759 55507 0 0 3 0x14200 bored systqmp
35889 431771 0 0 3 0x14200 bored systq
7674 518700 0 0 3 0x40014200 netlock softclock
32125 21092 0 0 3 0x40014200 idle0
1 277900 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10214 11140K 12222K 166960K 17033 0
pcb 18 18K 20K 166960K 725 0
rtable 208 12K 13K 166960K 1644 0
pf 36 14K 22K 166960K 439 0
ifaddr 36 7K 9K 166960K 236 0
ifgroup 61 2K 3K 166960K 493 0
sysctl 4 1K 3K 166960K 17 0
counters 32 17K 18K 166960K 268 0
ioctlops 0 0K 4K 166960K 891 0
iov 0 0K 18K 166960K 369 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1549 97K 98K 166960K 4874 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 9K 166960K 73 0
VM map 2 1K 1K 166960K 2 0
sem 27 73K 73K 166960K 216 0
dirhash 12 2K 2K 166960K 93 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 57K 244K 166960K 3894 0
sigio 0 0K 0K 166960K 286 0
proc 61 59K 124K 166960K 993 0
subproc 72 4K 4K 166960K 195 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 635 0
in_multi 66 5K 7K 166960K 306 0
ether_multi 1 0K 0K 166960K 32 0
mrt 1 0K 0K 166960K 22 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 247 1102K 1102K 166960K 247 0
exec 0 0K 1K 166960K 1035 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 8 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 219 151K 180K 166960K 35908 0
UVM aobj 131 11K 11K 166960K 140 0
pinsyscall 37 74K 96K 166960K 5061 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 240 0
NDP 13 0K 2K 166960K 177 0
temp 76 8684K 8939K 166960K 99043 0
kqueue 13 20K 31K 166960K 656 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 495 0 492 4 1 3 3 0 8 2
rtentry 136 477 0 397 4 0 4 4 0 8 0
unpcb 144 3253 0 3236 22 13 9 9 0 8 8
syncache 336 6 0 6 2 2 0 1 0 8 0
tcpcb 808 1176 0 1170 23 14 9 14 0 8 8
arp 88 77 0 61 1 0 1 1 0 8 0
ipq 40 10 0 8 3 2 1 1 0 8 0
ipqe 40 14 0 12 3 2 1 1 0 8 0
inpcb 344 3993 0 3983 40 30 10 13 0 8 8
nd6 104 69 0 51 1 0 1 1 0 8 0
pkpcb 40 101 0 101 5 4 1 1 0 8 1
kcovpl 48 14 0 6 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1072 177 0 177 5 4 1 1 0 8 1
pppxif 1384 56 0 56 4 3 1 1 0 8 1
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pfrktable 1344 1 0 1 1 0 1 1 0 8 1
pfstkey 128 2 0 2 1 1 0 1 0 8 0
pfstate 384 1 0 1 1 1 0 1 0 8 0
rttmr 136 6 0 6 1 0 1 1 0 8 1
pool(0xffffffff8396bab0:rttmr): page inconsistency: page 0xfffffd806843e000; 28 on list, 0 missing, 29 items per page
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 1336 0 1007 35 6 29 31 0 8 2
art_table 32 1340 0 1007 4 0 4 4 0 8 0
art_node 16 386 0 314 1 0 1 1 0 8 0
sysvmsgpl 40 18 0 13 1 0 1 1 0 8 0
semupl 112 4 0 4 2 2 0 1 0 8 0
semapl 112 209 0 184 1 0 1 1 0 8 0
shmpl 112 137 0 9 4 0 4 4 0 8 0
dirhash 1024 72 0 55 3 0 3 3 0 8 0
dino2pl 256 8698 0 7201 95 0 95 95 0 8 0
ffsino 248 8698 0 7201 95 0 95 95 0 8 0
nchpl 144 14302 0 12594 64 0 64 64 0 8 0
rtmask 32 35 0 35 4 3 1 1 0 8 1
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 49457 0 49457 8 6 2 2 0 8 2
kstatmem 264 290 0 264 5 2 3 3 0 8 1
acpiwqpl 32 2 0 2 1 0 1 1 1 8 1
scsiplug 72 13 0 13 5 4 1 1 0 8 1
scxspl 216 43249 0 43215 18 13 5 8 1 8 2
plimitpl 152 1011 0 995 1 0 1 1 0 8 0
sigapl 424 4172 0 4125 9 2 7 8 0 8 0
futexpl 64 58017 0 58012 1 0 1 1 0 8 0
knotepl 120 198408 0 198361 64 52 12 17 0 8 8
kqueuepl 184 1619 0 1609 12 11 1 7 0 8 0
pipepl 296 691 0 664 18 10 8 8 0 8 5
fdescpl 440 4121 0 4093 5 1 4 5 0 8 0
filepl 120 28624 0 28344 30 17 13 17 0 8 2
lockfpl 104 1315 0 1312 2 1 1 2 0 8 0
lockfspl 48 472 0 469 1 0 1 1 0 8 0
sessionpl 144 28 0 20 1 0 1 1 0 8 0
pgrppl 48 224 0 208 1 0 1 1 0 8 0
ucredpl 104 4943 0 4930 1 0 1 1 0 8 0
zombiepl 144 4892 0 4890 4 3 1 1 0 8 0
processpl 1112 4172 0 4125 5 1 4 5 0 8 0
procpl 656 9961 0 9906 8 2 6 7 0 8 0
sosppl 168 21 0 21 3 2 1 1 0 8 1
sockpl 528 7932 0 7902 48 37 11 16 0 8 8
mcl64k 65536 156 0 156 4 3 1 1 0 8 1
mcl16k 16384 43 0 43 5 4 1 1 0 8 1
mcl12k 12288 7 0 7 3 2 1 1 0 8 1
mcl9k 9216 76 0 76 3 2 1 1 0 8 1
mcl8k 8192 90 0 90 5 4 1 1 0 8 1
mcl4k 4096 8193 0 8138 17 9 8 13 0 8 1
mcl2k2 2112 6 0 6 3 2 1 1 0 8 1
mcl2k 2048 4078 0 4070 8 5 3 3 0 8 1
mtagpl 96 185 0 79 3 0 3 3 0 8 0
mbufpl 256 45866 0 45624 45 16 29 29 0 8 4
bufpl 280 10469 0 4242 446 0 446 446 0 8 0
anonpl 24 538838 0 534451 148 94 54 71 0 187 18
amapchunkpl 152 124703 0 124192 77 36 41 41 0 158 16
amappl16 200 11305 0 11258 94 81 13 27 0 8 8
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 126 0 116 1 0 1 1 0 8 0
amappl13 176 7 0 7 2 1 1 1 0 8 1
amappl12 168 4824 0 4796 3 1 2 3 0 8 0
amappl11 160 45 0 35 1 0 1 1 0 8 0
amappl10 152 5 0 4 2 1 1 1 0 8 0
amappl9 144 244 0 242 1 0 1 1 0 8 0
amappl8 136 22 0 20 1 0 1 1 0 8 0
amappl7 128 115 0 104 1 0 1 1 0 8 0
amappl6 120 235 0 231 1 0 1 1 0 8 0
amappl5 112 146 0 139 1 0 1 1 0 8 0
amappl4 104 319 0 305 1 0 1 1 0 8 0
amappl3 96 25760 0 25661 4 0 4 4 0 8 0
amappl2 88 721 0 665 2 0 2 2 0 8 0
amappl1 80 23762 0 23217 17 3 14 15 0 8 0
amappl 88 34238 0 34081 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma16384 16384 3 0 3 2 2 0 1 0 8 0
dma4096 4096 2 0 2 2 1 1 1 0 8 1
dma2048 2048 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 0 1 1 0 8 1
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 258 0 258 3 2 1 1 0 8 1
dma64 64 9 0 9 4 3 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 139 0 9 4 1 3 3 0 8 0
uaddrrnd 24 4121 0 4093 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4121 0 4093 1 0 1 1 0 8 0
vmmpekpl 168 28813 0 28762 3 0 3 3 0 8 0
vmmpepl 168 256335 0 254487 137 40 97 111 0 357 7
vmsppl 360 4120 0 4093 4 1 3 4 0 8 0
rwobjpl 32 65275 0 58352 60 2 58 58 0 8 0
pdppl 4096 8249 0 8186 144 77 67 83 0 8 4
pvpl 32 1679600 0 1669734 269 138 131 154 0 265 33
pmappl 216 4120 0 4093 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 408 0 153 8 0 8 8 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7735d901e760, count: -1
ddb> machine ddbcpu 1
No such command
ddb> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7735d901e760, count: -1