login: panic: pool_do_get: mcl2k free list modified: page 0xffffff00040b6000; item addr 0xffffff00040b6800; offset 0x0=0x999da37b978b69ca != 0x999da37bf87ddaef
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*341156 33589 0 0 0 0 syz-executor3031
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
pool_do_get(2,ffffffff81eb5100,ffffffff81eb5100) at pool_do_get+0x3ae sys/kern/subr_pool.c:752
pool_get(ffffff0036f5d100,2) at pool_get+0x77 sys/kern/subr_pool.c:587
m_clget(ffffff00360b5350,ffff800014a32268,ffffff0036f5d100) at m_clget+0x1e0 sys/kern/uipc_mbuf.c:394
sys_setsockopt(ffff800014a70e00,ffff800014a32268,ffff800014a15338) at sys_setsockopt+0x105 sys/kern/uipc_syscalls.c:957
syscall(0) at syscall+0x3e4
Xsyscall(6,0,0,0,0,7f7ffffde844) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffde830, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> show panic
pool_do_get: mcl2k free list modified: page 0xffffff00040b6000; item addr 0xffffff00040b6800; offset 0x0=0x999da37b978b69ca != 0x999da37bf87ddaef
ddb> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
pool_do_get(2,ffffffff81eb5100,ffffffff81eb5100) at pool_do_get+0x3ae sys/kern/subr_pool.c:752
pool_get(ffffff0036f5d100,2) at pool_get+0x77 sys/kern/subr_pool.c:587
m_clget(ffffff00360b5350,ffff800014a32268,ffffff0036f5d100) at m_clget+0x1e0 sys/kern/uipc_mbuf.c:394
sys_setsockopt(ffff800014a70e00,ffff800014a32268,ffff800014a15338) at sys_setsockopt+0x105 sys/kern/uipc_syscalls.c:957
syscall(0) at syscall+0x3e4
Xsyscall(6,0,0,0,0,7f7ffffde844) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffde830, count: -8
ddb> show registers
rdi 0xffffffff81e38b38 kprintf_mutex
rsi 0x5
rbp 0xffff800014a70b20
rbx 0xffff800014a70bc0
rdx 0x3fd
rcx 0
rax 0x1
r8 0xffff800014a70af0
r9 0x8080808080808080
r10 0x999da37b978b69ca
r11 0xffffffff81687d20 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff800014a70b30
r14 0x100
r15 0xffffffff81c47d22 cy_pio_rec+0xf15f
rip 0xffffffff814c7f1a db_enter+0xa
cs 0x8
rflags 0x202
rsp 0xffff800014a70b20
ss 0x10
db_enter+0xa: popq %rbp
ddb> show proc
PROC (syz-executor3031) pid=341156 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800014a324c0,0xffffffff81e92b98
process=0xffff800014a15338 user=0xffff800014a6b000, vmspace=0xffffff003f12b108
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*33589 341156 61777 0 7 0 syz-executor3031
61777 292124 89307 0 3 0x82 nanosleep syz-executor3031
89307 95530 8664 0 3 0x10008a pause ksh
8664 409694 89304 0 3 0x92 select sshd
84182 90455 1 0 3 0x100083 ttyin getty
89304 210066 1 0 3 0x80 select sshd
61081 495008 23702 73 3 0x100090 kqread syslogd
23702 175307 1 0 3 0x100082 netio syslogd
4684 231992 1 77 3 0x100090 poll dhclient
36182 341702 1 0 3 0x80 poll dhclient
10934 41642 0 0 2 0x14200 zerothread
11148 4773 0 0 3 0x14200 aiodoned aiodoned
29028 63812 0 0 3 0x14200 syncer update
67240 188355 0 0 3 0x14200 cleaner cleaner
92205 219826 0 0 3 0x14200 reaper reaper
40842 349776 0 0 3 0x14200 pgdaemon pagedaemon
84649 476393 0 0 3 0x14200 bored crynlk
15197 279130 0 0 3 0x14200 bored crypto
85725 27827 0 0 3 0x40014200 acpi0 acpi0
78372 404472 0 0 3 0x14200 bored softnet
63471 171491 0 0 3 0x14200 bored systqmp
72978 482 0 0 3 0x14200 bored systq
62287 309622 0 0 3 0x40014200 bored softclock
39694 256938 0 0 3 0x40014200 idle0
1 223189 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper