panic: pool_do_put: mcl2k: double pool_put: 0xffffff006d9ad800
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*176923 4196 0 0 0x4000000 0 syz-executor1
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_do_put(ffffff006d9ad800,ffffffff81ea61e0) at pool_do_put+0x2e2
pool_put(0,ffffff0072536700) at pool_put+0x37
m_extfree(97cb50c8e74dc718) at m_extfree+0xb1
m_free(ffffff0072536700) at m_free+0xee
m_freem(16) at m_freem+0x2d
soreceive(0,ffffff006e70bd88,ffff800021195e40,1ff,ffff800021195ed0,ffff800021195de0) at soreceive+0x1131
recvit(ffff800021195f00,ffff800021196008,ffff800021195ff0,ffff8000ffffa728,0) at recvit+0x28c
sys_recvmsg(ffff800021196090,ffff8000ffffa728,ffff80002105f658) at sys_recvmsg+0x120
syscall(0) at syscall+0x3e4
Xsyscall(6,0,ffffffffffffffbf,0,3,4a9c354d010) at Xsyscall+0x128
end of kernel
end trace frame: 0x4ac88b1b420, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> show panic
pool_do_put: mcl2k: double pool_put: 0xffffff006d9ad800
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_do_put(ffffff006d9ad800,ffffffff81ea61e0) at pool_do_put+0x2e2
pool_put(0,ffffff0072536700) at pool_put+0x37
m_extfree(97cb50c8e74dc718) at m_extfree+0xb1
m_free(ffffff0072536700) at m_free+0xee
m_freem(16) at m_freem+0x2d
soreceive(0,ffffff006e70bd88,ffff800021195e40,1ff,ffff800021195ed0,ffff800021195de0) at soreceive+0x1131
recvit(ffff800021195f00,ffff800021196008,ffff800021195ff0,ffff8000ffffa728,0) at recvit+0x28c
sys_recvmsg(ffff800021196090,ffff8000ffffa728,ffff80002105f658) at sys_recvmsg+0x120
syscall(0) at syscall+0x3e4
Xsyscall(6,0,ffffffffffffffbf,0,3,4a9c354d010) at Xsyscall+0x128
end of kernel
end trace frame: 0x4ac88b1b420, count: -12
ddb> show registers
rdi 0xffffffff81e01078 kprintf_mutex
rsi 0xffffffff818dd6d9 db_enter+0x9
rbp 0xffff800021195b40
rbx 0xffff800021195be0
rdx 0xffff800000acb000
rcx 0x1dbe __ALIGN_SIZE+0xdbe
rax 0xffff800000acb000
r8 0xffff800021195b10
r9 0x8080808080808080
r10 0x97cb50c8e74dc718
r11 0xffffffff81a5c910 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff800021195b50
r14 0x100
r15 0xffffffff81c3edad cy_pio_rec+0x9efc
rip 0xffffffff818dd6da db_enter+0xa
cs 0x8
rflags 0x206
rsp 0xffff800021195b40
ss 0x10
db_enter+0xa: popq %rbp
ddb> show proc
PROC (syz-executor1) pid=176923 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffffbc40,0xffff8000ffffae40
process=0xffff80002105f658 user=0xffff800021191000, vmspace=0xffffff007f12b840
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
4196 207317 41366 0 2 0 syz-executor1
* 4196 176923 41366 0 7 0x4000000 syz-executor1
48021 145332 50181 0 2 0 syz-executor0
48021 223799 50181 0 3 0x4000080 ttyout syz-executor0
48021 514810 50181 0 3 0x4000000 fdlock syz-executor0
11493 277744 1 0 3 0x100083 ttyin getty
40537 499672 0 0 3 0x14200 bored sosplice
50181 18375 49076 0 3 0x82 nanosleep syz-executor0
41366 94100 49076 0 3 0x82 nanosleep syz-executor1
49076 354550 29605 0 3 0x82 thrsleep syz-fuzzer
49076 266601 29605 0 3 0x4000082 thrsleep syz-fuzzer
49076 205521 29605 0 3 0x4000082 thrsleep syz-fuzzer
49076 383157 29605 0 3 0x4000082 thrsleep syz-fuzzer
49076 322146 29605 0 3 0x4000082 kqread syz-fuzzer
49076 94805 29605 0 3 0x4000082 thrsleep syz-fuzzer
49076 100998 29605 0 3 0x4000082 thrsleep syz-fuzzer
29605 183150 35211 0 3 0x10008a pause ksh
35211 280648 67940 0 3 0x92 select sshd
67940 483540 1 0 3 0x80 select sshd
96549 449712 14272 73 3 0x100090 kqread syslogd
14272 485884 1 0 3 0x100082 netio syslogd
75100 52458 1 77 3 0x100090 poll dhclient
45870 277851 1 0 3 0x80 poll dhclient
76443 275439 0 0 2 0x14200 zerothread
28199 188063 0 0 3 0x14200 aiodoned aiodoned
17810 67402 0 0 3 0x14200 syncer update
60959 411053 0 0 3 0x14200 cleaner cleaner
92098 195884 0 0 3 0x14200 reaper reaper
45089 206708 0 0 3 0x14200 pgdaemon pagedaemon
67076 218641 0 0 3 0x14200 bored crynlk
20851 179119 0 0 3 0x14200 bored crypto
35908 336287 0 0 3 0x40014200 acpi0 acpi0
41320 22792 0 0 3 0x14200 bored softnet
95104 514570 0 0 3 0x14200 bored systqmp
2087 82205 0 0 3 0x14200 bored systq
35567 217262 0 0 3 0x40014200 bored softclock
52187 319518 0 0 3 0x40014200 idle0
1 480268 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper