login: panic: pool_do_get: vnodes free list modified: page 0xfffffd805fa07000; item addr 0xfffffd805fa07000; offset 0x0=0x0 != 0xd1acf8a029b8068e
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*122197 8351 0 0x2 0 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8224330e) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff825b67b8,9,ffff80001d427878) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff825b67b8,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
getnewvnode(1,ffff8000006b0800,ffffffff8243bed8,ffff80001d427978) at getnewvnode+0x101 sys/kern/vfs_subr.c:408
ffs_vget(ffff8000006b0800,11b9b,ffff80001d427bc8) at ffs_vget+0xa2 sys/ufs/ffs/ffs_vfsops.c:1333
ffs_inode_alloc(fffffd80571caf08,41ed,fffffd806c3bfba0,ffff80001d427bc8) at ffs_inode_alloc+0x1cf sys/ufs/ffs/ffs_alloc.c:392
ufs_mkdir(ffff80001d427c20) at ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
VOP_MKDIR(fffffd805709f4e0,ffff80001d427d80,ffff80001d427dd0,ffff80001d427cb0) at VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:449
domkdirat(ffff80001d33a388,ffffff9c,7f7ffffe6da0,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3058
syscall(ffff80001d427f50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe6e10, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: vnodes free list modified: page 0xfffffd805fa07000; item addr 0xfffffd805fa07000; offset 0x0=0x0 != 0xd1acf8a029b8068e
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8224330e) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff825b67b8,9,ffff80001d427878) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff825b67b8,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
getnewvnode(1,ffff8000006b0800,ffffffff8243bed8,ffff80001d427978) at getnewvnode+0x101 sys/kern/vfs_subr.c:408
ffs_vget(ffff8000006b0800,11b9b,ffff80001d427bc8) at ffs_vget+0xa2 sys/ufs/ffs/ffs_vfsops.c:1333
ffs_inode_alloc(fffffd80571caf08,41ed,fffffd806c3bfba0,ffff80001d427bc8) at ffs_inode_alloc+0x1cf sys/ufs/ffs/ffs_alloc.c:392
ufs_mkdir(ffff80001d427c20) at ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
VOP_MKDIR(fffffd805709f4e0,ffff80001d427d80,ffff80001d427dd0,ffff80001d427cb0) at VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:449
domkdirat(ffff80001d33a388,ffffff9c,7f7ffffe6da0,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3058
syscall(ffff80001d427f50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe6e10, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001d4276e0
rbx 0xffff80001d427790
rdx 0x2
rcx 0
rax 0
r8 0xffff80001d4276a0
r9 0x1
r10 0
r11 0x8ff7ebf47db80c16
r12 0x3000000008
r13 0xffff80001d4276f0
r14 0x100
r15 0x1
rip 0xffffffff81284e38 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001d4276d0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=122197 stat=onproc
flags process=2<EXEC,8ORPHAN> proc=0
pri=17, usrpri=65, nice=20
forw=0xffffffffffffffff, list=0xffff80001d33a118,0xffff80001d339288
process=0xffff8000ffffb5a0 user=0xffff80001d423000, vmspace=0xfffffd806bc0a880
estcpu=36, cpticks=1, pctcpu=0.1
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
31888 30130 60861 0 2 0 syz-executor.1
31888 437514 60861 0 3 0x4000080 select syz-executor.1
* 8351 122197 7718 0 7 0x2 syz-executor.0
60861 467079 7718 0 3 0x82 nanosleep syz-executor.1
7718 379513 94395 0 3 0x82 thrsleep syz-fuzzer
7718 418890 94395 0 3 0x4000082 nanosleep syz-fuzzer
7718 236402 94395 0 3 0x4000082 thrsleep syz-fuzzer
7718 439210 94395 0 3 0x4000082 thrsleep syz-fuzzer
7718 125634 94395 0 3 0x4000082 kqread syz-fuzzer
7718 11995 94395 0 3 0x4000082 thrsleep syz-fuzzer
7718 369472 94395 0 3 0x4000082 thrsleep syz-fuzzer
94395 429080 49338 0 3 0x10008a pause ksh
49338 165716 59658 0 3 0x92 select sshd
76392 212490 1 0 3 0x100083 ttyin getty
59658 276165 1 0 3 0x80 select sshd
67876 78772 55203 73 3 0x100090 kqread syslogd
55203 251237 1 0 3 0x100082 netio syslogd
67543 216256 1 77 3 0x100090 poll dhclient
24565 114570 1 0 3 0x80 poll dhclient
35616 302566 0 0 3 0x14200 bored smr
89629 65156 0 0 2 0x14200 zerothread
67810 133810 0 0 3 0x14200 aiodoned aiodoned
43778 113081 0 0 3 0x14200 syncer update
23066 13731 0 0 3 0x14200 cleaner cleaner
21580 407950 0 0 3 0x14200 reaper reaper
75629 259255 0 0 3 0x14200 pgdaemon pagedaemon
58135 262623 0 0 3 0x14200 bored crynlk
7142 443257 0 0 3 0x14200 bored crypto
34194 424346 0 0 3 0x40014200 acpi0 acpi0
50287 302074 0 0 3 0x14200 bored softnet
15394 103814 0 0 3 0x14200 bored systqmp
41437 78464 0 0 3 0x14200 bored systq
17050 521367 0 0 3 0x40014200 bored softclock
52909 71097 0 0 3 0x40014200 idle0
1 170052 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9460 6328K 6582K 78643K 10614 0
pcb 13 8K 8K 78643K 17 0
rtable 105 3K 3K 78643K 191 0
ifaddr 44 10K 10K 78643K 50 0
counters 21 16K 16K 78643K 21 0
ioctlops 0 0K 2K 78643K 15 0
iov 0 0K 12K 78643K 8 0
mount 1 1K 1K 78643K 1 0
vnodes 1216 76K 77K 78643K 1250 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 6 0K 0K 78643K 6 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 5 13K 25K 78643K 66 0
sigio 0 0K 0K 78643K 2 0
proc 48 38K 54K 78643K 359 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 33 2K 2K 78643K 33 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 1K 78643K 181 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 86 20K 36K 78643K 983 0
UVM aobj 6 2K 2K 78643K 8 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 2 0
NDP 6 0K 0K 78643K 10 0
temp 66 3027K 3091K 78643K 8209 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 0 1 0 1 1 0 8 0
rtpcb 80 19 0 17 1 0 1 1 0 8 0
rtentry 112 45 0 1 2 0 2 2 0 8 0
unpcb 120 75 0 67 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 70 0 70 1 0 1 1 0 8 1
tcpcb 544 15 0 10 1 0 1 1 0 8 0
inpcb 280 57 0 49 1 0 1 1 0 8 0
nd6 48 6 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 188 0 0 12 0 12 12 0 8 0
art_table 32 189 0 0 2 0 2 2 0 8 0
art_node 16 44 0 4 1 0 1 1 0 8 0
semapl 112 4 0 0 1 0 1 1 0 8 0
shmpl 112 6 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1473 0 75 46 0 46 46 0 8 0
ffsino 240 1473 0 75 83 0 83 83 0 8 0
nchpl 144 1746 0 138 60 0 60 60 0 8 0
uvmvnodes 72 1531 0 0 28 0 28 28 0 8 0
vnodes 208 1531 0 0 81 0 81 81 0 8 0
vnodes: pool(0xffffffff825b67b8:vnodes): free list modified: page 0xfffffd805fa07000; item ordinal 0; addr 0xfffffd805fa07000 (p 0xfffffd805fa07000); offset 0x0=0x0
pool(vnodes): free list modified: page 0xfffffd805fa07000; item ordinal 0; addr 0xfffffd805fa07000 (p 0xfffffd805fa07000); offset 0x0=0x0
vnodes: pool(0xffffffff825b67b8:vnodes): page inconsistency: page 0xfffffd805fa07000; item ordinal 1; addr 0x6e3aadea306a403e
namei 1024 4255 0 4254 1 0 1 1 0 8 0
scxspl 192 5009 0 5009 1 0 1 1 0 8 1
plimitpl 152 16 0 9 1 0 1 1 0 8 0
sigapl 424 252 0 224 4 0 4 4 0 8 0
futexpl 56 742 0 742 1 0 1 1 0 8 1
knotepl 112 53 0 34 1 0 1 1 0 8 0
kqueuepl 144 3 0 0 1 0 1 1 0 8 0
pipelkpl 16 74 0 63 1 0 1 1 0 8 0
pipepl 120 148 0 127 1 0 1 1 0 8 0
fdescpl 432 238 0 224 2 0 2 2 0 8 0
filepl 120 1264 0 1161 4 0 4 4 0 8 0
lockfpl 104 21 0 20 1 0 1 1 0 8 0
lockfspl 48 9 0 8 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 17 0 7 1 0 1 1 0 8 0
ucredpl 96 95 0 88 1 0 1 1 0 8 0
zombiepl 144 224 0 224 1 0 1 1 0 8 1
processpl 920 252 0 224 4 0 4 4 0 8 0
procpl 624 303 0 268 4 0 4 4 0 8 1
sockpl 400 151 0 133 3 0 3 3 0 8 1
mcl64k 65536 4 0 4 1 0 1 1 0 8 1
mcl12k 12288 3 0 3 1 0 1 1 0 8 1
mcl4k 4096 8 0 8 1 1 0 1 0 8 0
mcl2k 2048 61007 0 60964 16 3 13 13 0 8 7
mtagpl 80 6 0 2 2 1 1 1 0 8 0
mbufpl 256 96761 0 96683 10 1 9 9 0 8 0
bufpl 280 4099 0 163 282 0 282 282 0 8 0
anonpl 16 35914 0 22982 54 1 53 53 0 107 1
amapchunkpl 152 1491 0 1363 19 0 19 19 0 158 13
amappl16 192 925 0 228 35 0 35 35 0 8 0
amappl15 184 35 0 32 1 0 1 1 0 8 0
amappl14 176 5 0 3 2 1 1 1 0 8 0
amappl13 168 23 0 22 1 0 1 1 0 8 0
amappl12 160 5 0 5 1 1 0 1 0 8 0
amappl11 152 77 0 63 1 0 1 1 0 8 0
amappl10 144 15 0 11 1 0 1 1 0 8 0
amappl9 136 379 0 376 1 0 1 1 0 8 0
amappl8 128 256 0 245 1 0 1 1 0 8 0
amappl7 120 107 0 96 1 0 1 1 0 8 0
amappl6 112 36 0 32 1 0 1 1 0 8 0
amappl5 104 157 0 145 1 0 1 1 0 8 0
amappl4 96 447 0 417 1 0 1 1 0 8 0
amappl3 88 112 0 106 1 0 1 1 0 8 0
amappl2 80 1074 0 1010 3 0 3 3 0 8 1
amappl1 72 14244 0 13842 24 7 17 20 0 8 8
amappl 80 539 0 499 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 7 0 2 1 0 1 1 0 8 0
uaddrrnd 24 238 0 224 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 238 0 224 1 0 1 1 0 8 0
vmmpekpl 168 5754 0 5731 2 0 2 2 0 8 0
vmmpepl 168 35604 0 33878 97 3 94 94 0 357 18
vmsppl 272 237 0 224 2 0 2 2 0 8 1
pdppl 4096 482 0 448 6 0 6 6 0 8 1
pvpl 32 127781 0 111906 131 0 131 131 0 265 2
pmappl 200 237 0 224 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 146 0 7 4 0 4 4 0 8 0