Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: pool_do_get: aobjpl free list modified: page 0xfffffd803ec30000; item addr 0xfffffd803ec30e40; offset 0x14=0xdeadbeee Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 30154 55887 0 0 0x4000000 0 syz-executor5070 db_enter() at db_enter+0x18 panic() at panic+0x15c pool_do_get(ffffffff825aa5d8,1,ffff8000149042a8) at pool_do_get+0x463 pool_get(ffffffff825aa5d8,1) at pool_get+0xb5 uao_create() at uao_create+0x7c shmget_allocate_segment(ffff80001488e508,ffff800014904498,0,ffff8000149044e0) at shmget_allocate_segment+0x352 sys_shmget(ffff80001488e508,ffff800014904498,ffff8000149044e0) at sys_shmget+0x13f syscall(ffff800014904560) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8e4199f58d0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic pool_do_get: aobjpl free list modified: page 0xfffffd803ec30000; item addr 0xfffffd803ec30e40; offset 0x14=0xdeadbeee ddb> trace db_enter() at db_enter+0x18 panic() at panic+0x15c pool_do_get(ffffffff825aa5d8,1,ffff8000149042a8) at pool_do_get+0x463 pool_get(ffffffff825aa5d8,1) at pool_get+0xb5 uao_create() at uao_create+0x7c shmget_allocate_segment(ffff80001488e508,ffff800014904498,0,ffff8000149044e0) at shmget_allocate_segment+0x352 sys_shmget(ffff80001488e508,ffff800014904498,ffff8000149044e0) at sys_shmget+0x13f syscall(ffff800014904560) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8e4199f58d0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014904110 rbx 0xffff8000149041c0 rdx 0x2 rcx 0x1 rax 0x1 r8 0xffff8000149040d0 r9 0x1 r10 0x36e3855854ccd7c4 r11 0x482b398ed64b4ce1 r12 0x3000000008 r13 0xffff800014904120 r14 0x100 r15 0x1 rip 0xffffffff81339268 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014904100 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor5070) pid=30154 stat=onproc flags process=0 proc=4000000 pri=56, usrpri=56, nice=20 forw=0xffffffffffffffff, list=0xffff80001488ec70,0xffffffff82583be0 process=0xffff8000148a37b8 user=0xffff8000148ff000, vmspace=0xfffffd803f012bb0 estcpu=6, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89446 334849 64206 0 2 0 syz-executor5070 89446 132640 64206 0 2 0x4000000 syz-executor5070 55887 388264 27052 0 2 0 syz-executor5070 55887 323509 27052 0 2 0x4000000 syz-executor5070 55887 357896 27052 0 3 0x4000080 fsleep syz-executor5070 *55887 30154 27052 0 7 0x4000000 syz-executor5070 27052 85419 49580 0 3 0x80 nanosleep syz-executor5070 64206 222388 49580 0 3 0x80 nanosleep syz-executor5070 49580 152726 24562 0 3 0x82 nanosleep syz-executor5070 24562 101117 15748 0 3 0x10008a pause ksh 15748 105453 32312 0 3 0x92 select sshd 41719 237028 1 0 3 0x100083 ttyin getty 32312 443512 1 0 3 0x80 select sshd 31532 518096 26495 73 3 0x100090 kqread syslogd 26495 411697 1 0 3 0x100082 netio syslogd 76886 457422 1 77 3 0x100090 poll dhclient 27549 39293 1 0 3 0x80 poll dhclient 94935 168784 0 0 2 0x14200 zerothread 92338 120394 0 0 3 0x14200 aiodoned aiodoned 20187 512653 0 0 3 0x14200 syncer update 24270 470110 0 0 3 0x14200 cleaner cleaner 46731 29871 0 0 3 0x14200 reaper reaper 43107 76627 0 0 3 0x14200 pgdaemon pagedaemon 69723 4339 0 0 3 0x14200 bored crynlk 32106 265948 0 0 3 0x14200 bored crypto 36209 438896 0 0 3 0x40014200 acpi0 acpi0 10467 155550 0 0 3 0x14200 bored softnet 1203 436853 0 0 3 0x14200 bored systqmp 83823 154806 0 0 3 0x14200 bored systq 85499 366019 0 0 3 0x40014200 bored softclock 61038 114231 0 0 3 0x40014200 idle0 9681 149617 0 0 3 0x14200 bored smr 1 346584 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9443 6318K 6319K 78643K 10540 0 0 pcb 13 8K 8K 78643K 13 0 0 rtable 61 1K 2K 78643K 115 0 0 ifaddr 24 7K 7K 78643K 24 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 13 0 0 iov 1 12K 24K 78643K 38 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1181 74K 74K 78643K 1223 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 20 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 38 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1794 195K 288K 78643K 12646 0 0 file desc 3 4K 5K 78643K 61 0 0 proc 47 38K 46K 78643K 278 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 11 0K 0K 78643K 11 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 48 212K 212K 78643K 48 0 0 exec 0 0K 1K 78643K 151 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 63 3K 3K 78643K 820 0 0 UVM aobj 3 2K 2K 78643K 38 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 3 0K 0K 78643K 3 0 0 temp 22 3527K 3583K 78643K 1725 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 2 0 0 1 0 1 1 0 8 0 rtpcb 80 15 0 13 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 120 27 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 2 2 0 1 0 8 0 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 22 0 16 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 semapl 112 36 0 26 1 0 1 1 0 8 0 shmpl 112 37 0 36 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1429 0 54 45 0 45 45 0 8 0 ffsino 240 1429 0 54 81 0 81 81 0 8 0 nchpl 144 1614 0 80 57 0 57 57 0 8 0 uvmvnodes 72 1438 0 0 27 0 27 27 0 8 0 vnodes 208 1438 0 0 76 0 76 76 0 8 0 namei 1024 3908 0 3908 2 1 1 1 0 8 1 scxspl 192 12034 0 12034 9 8 1 7 0 8 1 plimitpl 152 13 0 8 1 0 1 1 0 8 0 sigapl 432 197 0 183 2 0 2 2 0 8 0 futexpl 56 625 0 624 1 0 1 1 0 8 0 knotepl 112 5 0 0 1 0 1 1 0 8 0 kqueuepl 104 1 0 0 1 0 1 1 0 8 0 pipepl 128 114 0 107 2 1 1 1 0 8 0 fdescpl 424 198 0 183 2 0 2 2 0 8 0 filepl 120 1137 0 1084 2 0 2 2 0 8 0 lockfpl 104 79 0 76 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 112 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 275 0 268 1 0 1 1 0 8 0 zombiepl 144 183 0 183 2 1 1 1 0 8 1 processpl 864 212 0 183 4 0 4 4 0 8 0 procpl 632 285 0 252 4 0 4 4 0 8 0 sockpl 384 64 0 48 2 0 2 2 0 8 0 mcl4k 4096 10 0 10 2 2 0 1 0 8 0 mcl2k 2048 5916 0 5888 7 2 5 6 0 8 1 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 10128 0 10085 4 0 4 4 0 8 0 bufpl 256 2095 0 276 114 0 114 114 0 8 0 anonpl 16 100012 0 90613 40 2 38 38 0 62 0 amapchunkpl 152 930 0 853 4 0 4 4 0 158 0 amappl16 192 4893 0 4407 25 0 25 25 0 8 0 amappl14 176 35 0 31 1 0 1 1 0 8 0 amappl12 160 6 0 6 2 2 0 1 0 8 0 amappl11 152 43 0 32 1 0 1 1 0 8 0 amappl10 144 3 0 3 2 2 0 1 0 8 0 amappl9 136 383 0 382 1 0 1 1 0 8 0 amappl8 128 106 0 97 1 0 1 1 0 8 0 amappl7 120 15 0 14 1 0 1 1 0 8 0 amappl6 112 43 0 38 1 0 1 1 0 8 0 amappl5 104 136 0 127 1 0 1 1 0 8 0 amappl4 96 392 0 370 1 0 1 1 0 8 0 amappl3 88 102 0 96 1 0 1 1 0 8 0 amappl2 80 871 0 805 3 1 2 2 0 8 0 amappl1 72 12232 0 11816 16 7 9 16 0 8 0 amappl 80 467 0 438 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 37 0 35 1 0 1 1 0 8 0 pool(0xffffffff825aa5d8:aobjpl): page inconsistency: page 0xfffffd803ec30000; 59 on list, 2 missing, 62 items per page uaddrrnd 24 198 0 183 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 198 0 183 1 0 1 1 0 8 0 vmmpekpl 168 5535 0 5519 1 0 1 1 0 8 0 vmmpepl 168 54051 0 52679 79 18 61 61 0 357 1 vmsppl 272 197 0 183 1 0 1 1 0 8 0 pdppl 4096 402 0 366 5 0 5 5 0 8 0 pvpl 32 314320 0 303168 97 6 91 91 0 265 1 pmappl 200 197 0 183 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 230 0 7 7 0 7 7 0 8 0 ddb>