panic: pool_do_get: sockpl free list modified: page 0xfffffd80681ad000; item addr 0xfffffd80681ad800; offset 0x0=0x0 != 0x1e56eccce1b53a5c Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 87889 85643 0 0x8000010 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285b43f) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d79ba8,9,ffff8000377e78cc) at pool_do_get+0x434 pool_get(ffffffff82d79ba8,9) at pool_get+0xba sys/kern/subr_pool.c:582 soalloc(ffffffff82bdad00,1) at soalloc+0x58 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377e79f8,1,0) at socreate+0xa6 sys/kern/uipc_socket.c:198 sys_socketpair(ffff80002a6f2cf0,ffff8000377e7b50,ffff8000377e7aa0) at sys_socketpair+0xab sys/kern/uipc_syscalls.c:477 syscall(ffff8000377e7b50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbd40452e20, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pool_do_get: sockpl free list modified: page 0xfffffd80681ad000; item addr 0xfffffd80681ad800; offset 0x0=0x0 != 0x1e56eccce1b53a5c ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285b43f) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d79ba8,9,ffff8000377e78cc) at pool_do_get+0x434 pool_get(ffffffff82d79ba8,9) at pool_get+0xba sys/kern/subr_pool.c:582 soalloc(ffffffff82bdad00,1) at soalloc+0x58 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377e79f8,1,0) at socreate+0xa6 sys/kern/uipc_socket.c:198 sys_socketpair(ffff80002a6f2cf0,ffff8000377e7b50,ffff8000377e7aa0) at sys_socketpair+0xab sys/kern/uipc_syscalls.c:477 syscall(ffff8000377e7b50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbd40452e20, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000377e7740 rbx 0xfffffd80681ad800 rdx 0xffff800000df3f80 rcx 0 rax 0xffff80002a6f2cf0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x8ca2116ee22eca81 r11 0xede67344381788f6 r12 0 r13 0xfffffd806b92f0f0 r14 0 r15 0x1 rip 0xffffffff8196917c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000377e7730 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=87889 pid=85643 tcnt=2 stat=onproc flags process=8000010 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6f3c50,0xffff80002a6f27e0 process=0xffff800035ddb688 user=0xffff8000377e2000, vmspace=0xfffffd806ec492b8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 94554 87211 75016 0 2 0x8000000 syz-executor.4 94554 312703 75016 0 3 0xc000080 fsleep syz-executor.4 85643 182167 80878 0 2 0x8000010 syz-executor.3 *85643 87889 80878 0 7 0xc000010 syz-executor.3 42726 243345 20995 0 2 0x8000000 syz-executor.1 42726 441894 20995 0 3 0xc000080 fsleep syz-executor.1 579 36547 67236 0 2 0x8000000 syz-executor.0 579 487440 67236 0 3 0xc000080 fsleep syz-executor.0 83534 270407 59132 0 2 0x8000000 syz-executor.6 83534 419010 59132 0 3 0xc000080 kqsel syz-executor.6 27595 54829 70721 0 2 0x8000000 syz-executor.2 27595 267018 70721 0 3 0xc000080 fsleep syz-executor.2 4964 309387 53898 0 3 0x8000080 nanoslp syz-executor.5 4964 318753 53898 0 3 0xc000080 sbwait syz-executor.5 4964 123301 53898 0 3 0xc000080 fsleep syz-executor.5 53898 177582 89722 0 3 0x8000082 nanoslp syz-executor.5 75016 41658 89722 0 3 0x8000082 nanoslp syz-executor.4 59132 11170 89722 0 3 0x8000082 nanoslp syz-executor.6 32828 264740 89722 0 2 0x8000002 syz-executor.7 88647 109639 0 0 3 0x14280 nfsidl nfsio 17412 278010 0 0 3 0x14280 nfsidl nfsio 1808 287452 0 0 3 0x14280 nfsidl nfsio 76233 63002 0 0 3 0x14280 nfsidl nfsio 96208 67933 0 0 3 0x14280 nfsidl nfsio 4439 1049 0 0 3 0x14280 nfsidl nfsio 62256 358459 0 0 3 0x14280 nfsidl nfsio 94311 86962 0 0 3 0x14280 nfsidl nfsio 81562 116523 0 0 3 0x14280 nfsidl nfsio 40895 377619 0 0 3 0x14280 nfsidl nfsio 67704 15960 0 0 3 0x14280 nfsidl nfsio 15628 457187 0 0 3 0x14280 nfsidl nfsio 18826 318773 0 0 3 0x14280 nfsidl nfsio 90715 50901 0 0 3 0x14280 nfsidl nfsio 18834 471859 0 0 3 0x14280 nfsidl nfsio 42528 378749 0 0 3 0x14280 nfsidl nfsio 30003 48407 0 0 3 0x14280 nfsidl nfsio 23726 301718 0 0 3 0x14280 nfsidl nfsio 42968 409302 0 0 3 0x14280 nfsidl nfsio 80013 932 0 0 3 0x14280 nfsidl nfsio 80878 206289 89722 0 3 0x8000082 nanoslp syz-executor.3 35805 361520 0 0 3 0x14200 bored sosplice 70721 219070 89722 0 3 0x8000082 nanoslp syz-executor.2 20995 472689 89722 0 3 0x8000082 nanoslp syz-executor.1 67236 57368 89722 0 3 0x8000082 nanoslp syz-executor.0 89722 327389 72743 0 3 0x1a000082 thrsleep syz-fuzzer 89722 47849 72743 0 3 0x1e000082 nanoslp syz-fuzzer 89722 507768 72743 0 3 0x1e000082 kqread syz-fuzzer 89722 476521 72743 0 3 0x1e000082 wait syz-fuzzer 89722 485474 72743 0 3 0x1e000082 thrsleep syz-fuzzer 89722 3219 72743 0 3 0x1e000082 wait syz-fuzzer 89722 394109 72743 0 3 0x1e000082 wait syz-fuzzer 89722 393611 72743 0 3 0x1e000082 wait syz-fuzzer 89722 315225 72743 0 3 0x1e000082 wait syz-fuzzer 89722 392743 72743 0 3 0x1e000082 wait syz-fuzzer 89722 493166 72743 0 3 0x1e000082 thrsleep syz-fuzzer 89722 80095 72743 0 3 0x1e000082 thrsleep syz-fuzzer 89722 296899 72743 0 3 0x1e000082 wait syz-fuzzer 89722 422189 72743 0 3 0x1e000082 wait syz-fuzzer 72743 140624 65041 0 3 0x810008a sigsusp ksh 65041 267756 3050 0 3 0x1800009a kqread sshd 22271 124974 1 0 3 0x18100083 ttyin getty 3050 519520 1 0 3 0x18000088 kqread sshd 64408 99770 90581 73 3 0x19100090 kqread syslogd 90581 181172 1 0 3 0x18100082 sbwait syslogd 58502 497112 1 0 3 0x18100080 kqread resolvd 71474 180646 19811 77 3 0x18100092 kqread dhcpleased 66300 211812 19811 77 3 0x18100092 kqread dhcpleased 19811 62426 1 0 3 0x18000080 kqread dhcpleased 80442 206688 0 0 3 0x14200 bored smr 51129 211970 0 0 2 0x14200 zerothread 64043 195870 0 0 3 0x14200 aiodoned aiodoned 41059 303775 0 0 3 0x14200 syncer update 43054 21874 0 0 3 0x14200 cleaner cleaner 4722 218812 0 0 3 0x14200 reaper reaper 34613 256314 0 0 3 0x14200 pgdaemon pagedaemon 64422 391213 0 0 3 0x14200 bored viomb 78687 115798 0 0 3 0x40014200 acpi0 acpi0 97113 267424 0 0 3 0x14200 bored softnet3 29547 402744 0 0 3 0x14200 bored softnet2 59506 219338 0 0 3 0x14200 bored softnet1 32478 400274 0 0 3 0x14200 bored softnet0 51473 281152 0 0 3 0x14200 bored systqmp 86696 116384 0 0 3 0x14200 bored systq 78282 22929 0 0 3 0x40014200 tmoslp softclock 18566 167548 0 0 3 0x40014200 idle0 1 180288 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10206 6681K 7079K 166960K 12650 0 pcb 19 13K 13K 166960K 146 0 rtable 244 7K 8K 166960K 1005 0 pf 34 9K 10K 166960K 82 0 ifaddr 45 12K 12K 166960K 92 0 ifgroup 59 2K 2K 166960K 143 0 sysctl 1 0K 1K 166960K 2 0 counters 32 17K 18K 166960K 52 0 ioctlops 0 0K 2K 166960K 81 0 iov 0 0K 16K 166960K 56 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1419 89K 90K 166960K 2250 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 72K 166960K 26 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 98 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 77K 166960K 1037 0 sigio 1 0K 0K 166960K 50 0 proc 58 59K 91K 166960K 713 0 subproc 104 6K 7K 166960K 182 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 119 0 in_multi 98 7K 7K 166960K 192 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 513 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 292 93K 101K 166960K 11008 0 UVM aobj 23 2K 2K 166960K 23 0 pinsyscall 37 74K 100K 166960K 2317 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 62 0 NDP 13 0K 2K 166960K 61 0 temp 75 6812K 6884K 166960K 39126 0 kqueue 13 18K 30K 166960K 158 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 226 0 223 3 0 3 3 0 8 2 rtentry 112 392 0 280 4 0 4 4 0 8 0 unpcb 144 935 0 907 6 0 6 6 0 8 4 syncache 336 4 0 4 1 0 1 1 0 8 1 tcpcb 808 440 0 434 8 0 8 8 0 8 7 arp 88 99 0 83 1 0 1 1 0 8 0 ipq 40 5 0 3 1 0 1 1 0 8 0 ipqe 40 49 0 47 1 0 1 1 0 8 0 inpcb 352 1245 0 1228 8 0 8 8 0 8 6 nd6 104 47 0 20 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 0 1 1 0 8 1 kcovpl 48 14 0 6 1 0 1 1 0 8 0 ppxss 1072 2 0 2 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 808 0 349 29 0 29 29 0 8 0 art_table 32 809 0 349 4 0 4 4 0 8 0 art_node 16 391 0 292 1 0 1 1 0 8 0 sysvmsgpl 40 15 0 6 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 95 0 85 1 0 1 1 0 8 0 shmpl 112 20 0 0 1 0 1 1 0 8 0 dirhash 1024 31 0 14 3 0 3 3 0 8 0 dino2pl 256 3149 0 1632 96 0 96 96 0 8 0 ffsino 240 3149 0 1632 90 0 90 90 0 8 0 nchpl 144 4729 0 2991 66 0 66 66 0 8 0 uvmvnodes 80 3809 0 0 78 0 78 78 0 8 0 vnodes 216 3809 0 0 212 0 212 212 0 8 0 namei 1024 16112 0 16112 3 0 3 3 0 8 3 vcpupl 3904 4 0 1 1 0 1 1 0 8 0 vmpool 664 6 0 3 1 0 1 1 0 8 0 kstatmem 264 66 0 40 3 0 3 3 0 8 0 scxspl 216 22979 0 22979 8 0 8 8 1 8 8 plimitpl 152 213 0 197 1 0 1 1 0 8 0 sigapl 424 1345 0 1280 8 0 8 8 0 8 0 futexpl 64 15962 0 15957 1 0 1 1 0 8 0 knotepl 120 6684 0 6600 11 0 11 11 0 8 6 kqueuepl 184 287 0 277 1 0 1 1 0 8 0 pipepl 288 240 0 211 3 0 3 3 0 8 0 fdescpl 432 1307 0 1279 4 0 4 4 0 8 0 filepl 120 8233 0 7962 12 0 12 12 0 8 3 lockfpl 104 342 0 340 1 0 1 1 0 8 0 lockfspl 48 154 0 152 1 0 1 1 0 8 0 sessionpl 144 29 0 13 1 0 1 1 0 8 0 pgrppl 48 41 0 25 1 0 1 1 0 8 0 ucredpl 104 1078 0 1067 1 0 1 1 0 8 0 zombiepl 144 1280 0 1280 1 0 1 1 0 8 1 processpl 1072 1345 0 1280 5 0 5 5 0 8 0 procpl 656 2459 0 2373 9 0 9 9 0 8 1 sosppl 168 12 0 12 1 0 1 1 0 8 1 sockpl 504 2415 0 2367 35 24 11 21 0 8 5 sockpl: pool(0xffffffff82d79ba8:sockpl): free list modified: page 0xfffffd80681ad000; item ordinal 0; addr 0xfffffd80681ad800 (p 0xfffffd806b92f000); offset 0x0=0x0 pool(sockpl): free list modified: page 0xfffffd80681ad000; item ordinal 0; addr 0xfffffd80681ad800 (p 0xfffffd806b92f000); offset 0x0=0x0 sockpl: pool(0xffffffff82d79ba8:sockpl): page inconsistency: page 0xfffffd80681ad000; item ordinal 1; addr 0xe772bd4c37052d77 mcl64k 65536 2 0 2 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 27 0 27 1 0 1 1 0 8 1 mcl4k 4096 8 0 8 1 0 1 1 0 8 1 mcl2k 2048 22274 0 22176 35 15 20 35 0 8 5 mtagpl 96 58 0 30 1 0 1 1 0 8 0 mbufpl 256 46049 0 45773 70 40 30 67 0 8 8 bufpl 280 6994 0 665 453 0 453 453 0 8 0 anonpl 24 273185 0 267415 87 0 87 87 0 188 46 amapchunkpl 152 36097 0 35416 41 0 41 41 0 158 13 amappl16 200 6739 0 6627 19 3 16 19 0 8 8 amappl15 192 12 0 12 1 0 1 1 0 8 1 amappl14 184 170 0 159 2 0 2 2 0 8 1 amappl13 176 13 0 13 1 0 1 1 0 8 1 amappl12 168 2032 0 2003 2 0 2 2 0 8 0 amappl11 160 54 0 43 1 0 1 1 0 8 0 amappl10 152 40 0 31 1 0 1 1 0 8 0 amappl9 144 150 0 149 1 0 1 1 0 8 0 amappl8 136 108 0 80 2 0 2 2 0 8 0 amappl7 128 53 0 44 1 0 1 1 0 8 0 amappl6 120 408 0 393 2 0 2 2 0 8 1 amappl5 112 181 0 169 1 0 1 1 0 8 0 amappl4 104 535 0 503 2 0 2 2 0 8 0 amappl3 96 7683 0 7597 3 0 3 3 0 8 0 amappl2 88 1737 0 1666 3 0 3 3 0 8 1 amappl1 80 12644 0 12156 22 2 20 22 0 8 8 amappl 88 10368 0 10167 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 22 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1313 0 1282 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1313 0 1282 1 0 1 1 0 8 0 vmmpekpl 168 13684 0 13628 3 0 3 3 0 8 0 vmmpepl 168 98355 0 96492 111 0 111 111 0 357 27 vmsppl 344 1312 0 1282 3 0 3 3 0 8 0 rwobjpl 24 33990 0 29115 30 0 30 30 0 8 0 pdppl 4096 2632 0 2567 134 67 67 70 0 8 2 pvpl 32 670443 0 658599 361 19 342 361 0 265 235 pmappl 216 1312 0 1282 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 515 0 146 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285b43f) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d79ba8,9,ffff8000377e78cc) at pool_do_get+0x434 pool_get(ffffffff82d79ba8,9) at pool_get+0xba sys/kern/subr_pool.c:582 soalloc(ffffffff82bdad00,1) at soalloc+0x58 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377e79f8,1,0) at socreate+0xa6 sys/kern/uipc_socket.c:198 sys_socketpair(ffff80002a6f2cf0,ffff8000377e7b50,ffff8000377e7aa0) at sys_socketpair+0xab sys/kern/uipc_syscalls.c:477 syscall(ffff8000377e7b50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbd40452e20, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285b43f) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d79ba8,9,ffff8000377e78cc) at pool_do_get+0x434 pool_get(ffffffff82d79ba8,9) at pool_get+0xba sys/kern/subr_pool.c:582 soalloc(ffffffff82bdad00,1) at soalloc+0x58 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377e79f8,1,0) at socreate+0xa6 sys/kern/uipc_socket.c:198 sys_socketpair(ffff80002a6f2cf0,ffff8000377e7b50,ffff8000377e7aa0) at sys_socketpair+0xab sys/kern/uipc_syscalls.c:477 syscall(ffff8000377e7b50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbd40452e20, count: -9