pool: double put: mcl2k

panic: pool_do_put: mcl2k: double pool_put: 0xffffff006d9ad800
Stopped at      db_enter+0xa:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*176923   4196      0           0  0x4000000    0  syz-executor1
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_do_put(ffffff006d9ad800,ffffffff81ea61e0) at pool_do_put+0x2e2
pool_put(0,ffffff0072536700) at pool_put+0x37
m_extfree(97cb50c8e74dc718) at m_extfree+0xb1
m_free(ffffff0072536700) at m_free+0xee
m_freem(16) at m_freem+0x2d
soreceive(0,ffffff006e70bd88,ffff800021195e40,1ff,ffff800021195ed0,ffff800021195de0) at soreceive+0x1131
recvit(ffff800021195f00,ffff800021196008,ffff800021195ff0,ffff8000ffffa728,0) at recvit+0x28c
sys_recvmsg(ffff800021196090,ffff8000ffffa728,ffff80002105f658) at sys_recvmsg+0x120
syscall(0) at syscall+0x3e4
Xsyscall(6,0,ffffffffffffffbf,0,3,4a9c354d010) at Xsyscall+0x128
end of kernel
end trace frame: 0x4ac88b1b420, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> show panic
pool_do_put: mcl2k: double pool_put: 0xffffff006d9ad800
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_do_put(ffffff006d9ad800,ffffffff81ea61e0) at pool_do_put+0x2e2
pool_put(0,ffffff0072536700) at pool_put+0x37
m_extfree(97cb50c8e74dc718) at m_extfree+0xb1
m_free(ffffff0072536700) at m_free+0xee
m_freem(16) at m_freem+0x2d
soreceive(0,ffffff006e70bd88,ffff800021195e40,1ff,ffff800021195ed0,ffff800021195de0) at soreceive+0x1131
recvit(ffff800021195f00,ffff800021196008,ffff800021195ff0,ffff8000ffffa728,0) at recvit+0x28c
sys_recvmsg(ffff800021196090,ffff8000ffffa728,ffff80002105f658) at sys_recvmsg+0x120
syscall(0) at syscall+0x3e4
Xsyscall(6,0,ffffffffffffffbf,0,3,4a9c354d010) at Xsyscall+0x128
end of kernel
end trace frame: 0x4ac88b1b420, count: -12
ddb> show registers
rdi               0xffffffff81e01078    kprintf_mutex
rsi               0xffffffff818dd6d9    db_enter+0x9
rbp               0xffff800021195b40
rbx               0xffff800021195be0
rdx               0xffff800000acb000
rcx                           0x1dbe    __ALIGN_SIZE+0xdbe
rax               0xffff800000acb000
r8                0xffff800021195b10
r9                0x8080808080808080
r10               0x97cb50c8e74dc718
r11               0xffffffff81a5c910    x86_bus_space_io_read_1
r12                     0x3000000008
r13               0xffff800021195b50
r14                            0x100
r15               0xffffffff81c3edad    cy_pio_rec+0x9efc
rip               0xffffffff818dd6da    db_enter+0xa
cs                               0x8
rflags                         0x206
rsp               0xffff800021195b40
ss                              0x10
db_enter+0xa:   popq    %rbp
ddb> show proc
PROC (syz-executor1) pid=176923 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=86, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff8000ffffbc40,0xffff8000ffffae40
    process=0xffff80002105f658 user=0xffff800021191000, vmspace=0xffffff007f12b840
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
  4196  207317  41366      0  2           0                syz-executor1
* 4196  176923  41366      0  7   0x4000000                syz-executor1
 48021  145332  50181      0  2           0                syz-executor0
 48021  223799  50181      0  3   0x4000080  ttyout        syz-executor0
 48021  514810  50181      0  3   0x4000000  fdlock        syz-executor0
 11493  277744      1      0  3    0x100083  ttyin         getty
 40537  499672      0      0  3     0x14200  bored         sosplice
 50181   18375  49076      0  3        0x82  nanosleep     syz-executor0
 41366   94100  49076      0  3        0x82  nanosleep     syz-executor1
 49076  354550  29605      0  3        0x82  thrsleep      syz-fuzzer
 49076  266601  29605      0  3   0x4000082  thrsleep      syz-fuzzer
 49076  205521  29605      0  3   0x4000082  thrsleep      syz-fuzzer
 49076  383157  29605      0  3   0x4000082  thrsleep      syz-fuzzer
 49076  322146  29605      0  3   0x4000082  kqread        syz-fuzzer
 49076   94805  29605      0  3   0x4000082  thrsleep      syz-fuzzer
 49076  100998  29605      0  3   0x4000082  thrsleep      syz-fuzzer
 29605  183150  35211      0  3    0x10008a  pause         ksh
 35211  280648  67940      0  3        0x92  select        sshd
 67940  483540      1      0  3        0x80  select        sshd
 96549  449712  14272     73  3    0x100090  kqread        syslogd
 14272  485884      1      0  3    0x100082  netio         syslogd
 75100   52458      1     77  3    0x100090  poll          dhclient
 45870  277851      1      0  3        0x80  poll          dhclient
 76443  275439      0      0  2     0x14200                zerothread
 28199  188063      0      0  3     0x14200  aiodoned      aiodoned
 17810   67402      0      0  3     0x14200  syncer        update
 60959  411053      0      0  3     0x14200  cleaner       cleaner
 92098  195884      0      0  3     0x14200  reaper        reaper
 45089  206708      0      0  3     0x14200  pgdaemon      pagedaemon
 67076  218641      0      0  3     0x14200  bored         crynlk
 20851  179119      0      0  3     0x14200  bored         crypto
 35908  336287      0      0  3  0x40014200  acpi0         acpi0
 41320   22792      0      0  3     0x14200  bored         softnet
 95104  514570      0      0  3     0x14200  bored         systqmp
  2087   82205      0      0  3     0x14200  bored         systq
 35567  217262      0      0  3  0x40014200  bored         softclock
 52187  319518      0      0  3  0x40014200                idle0
     1  480268      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
Time	Kernel	Commit	Syzkaller	Log	Report	Manager
2018/12/02 05:27	openbsd	3f7c3e6a6fe6	28e157f1	console log	report	ci-openbsd-main
2018/12/01 01:17	openbsd	d93678d71f23	ade12e91	console log	report	ci-openbsd-main
2018/11/30 23:36	openbsd	d93678d71f23	ade12e91	console log	report	ci-openbsd-main
2018/11/30 08:20	openbsd	25236b556a2d	66071e27	console log	report	ci-openbsd-main