panic: pool_do_get: sockpl free list modified: page 0xfffffd806b0f7000; item addr 0xfffffd806b0f7d83; offset 0x0=0xef0ffceaf0042e46 != 0xeaf0042e46087ba2 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 80878 55114 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82933ab8) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82de8a78,9,ffff80002f3b2fc8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82de8a78,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82b9a680,1) at soalloc+0x58 sys/kern/uipc_socket.c:142 socreate(2,ffff80002f3b30e8,1,0) at socreate+0xa8 sys/kern/uipc_socket.c:192 sys_socket(ffff80002a6692b8,ffff80002f3b3240,ffff80002f3b3190) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff80002f3b3240) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x83a9d12f640, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pool_do_get: sockpl free list modified: page 0xfffffd806b0f7000; item addr 0xfffffd806b0f7d83; offset 0x0=0xef0ffceaf0042e46 != 0xeaf0042e46087ba2 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82933ab8) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82de8a78,9,ffff80002f3b2fc8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82de8a78,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82b9a680,1) at soalloc+0x58 sys/kern/uipc_socket.c:142 socreate(2,ffff80002f3b30e8,1,0) at socreate+0xa8 sys/kern/uipc_socket.c:192 sys_socket(ffff80002a6692b8,ffff80002f3b3240,ffff80002f3b3190) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff80002f3b3240) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x83a9d12f640, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002f3b2e40 rbx 0xeaf0042e46087ba2 rdx 0 rcx 0 rax 0xffff80002a6692b8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x4c6decba77b42cd2 r11 0xefb137a397e52e5b r12 0 r13 0xfffffd806b0f7d83 r14 0 r15 0x1 rip 0xffffffff823883ac db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002f3b2e30 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) tid=80878 pid=55114 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a669d58,0xffffffff82d611a8 process=0xffff8000ffff69f0 user=0xffff80002f3ae000, vmspace=0xfffffd80074be580 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 40775 63206 46103 0 2 0 syz-executor.1 40775 127051 46103 0 3 0x4000080 fsleep syz-executor.1 14473 420108 94960 0 3 0x80 nanoslp syz-executor.6 14473 198349 94960 0 3 0x4000080 fsleep syz-executor.6 14473 346445 94960 0 3 0x4000080 fsleep syz-executor.6 14473 62117 94960 0 3 0x4000080 fsleep syz-executor.6 55114 366959 99805 0 2 0 syz-executor.2 55114 32472 99805 0 3 0x4000080 netcon syz-executor.2 *55114 80878 99805 0 7 0x4000000 syz-executor.2 51152 320578 68265 0 3 0x80 nanoslp syz-executor.0 51152 234113 68265 0 3 0x4000080 kqpoll syz-executor.0 51152 381891 68265 0 3 0x4000080 fsleep syz-executor.0 71461 77149 16771 0 3 0x80 nanoslp syz-executor.4 71461 449992 16771 0 3 0x4000080 kqread syz-executor.4 71461 247616 16771 0 3 0x4000080 fsleep syz-executor.4 71461 409656 16771 0 3 0x4000080 fsleep syz-executor.4 88093 96275 12554 0 3 0x80 nanoslp syz-executor.3 88093 21163 12554 0 3 0x4000080 piperd syz-executor.3 88093 9410 12554 0 3 0x4000080 fsleep syz-executor.3 25120 473804 4296 60928 3 0x90 nanoslp syz-executor.5 25120 104771 4296 60928 3 0x4000010 unix syz-executor.5 25120 125689 4296 60928 3 0x4000090 fsleep syz-executor.5 66654 70783 72790 0 3 0x80 nanoslp syz-executor.7 66654 112908 72790 0 3 0x4000080 netcon syz-executor.7 85661 158698 0 0 3 0x14280 nfsidl nfsio 6807 323346 0 0 3 0x14280 nfsidl nfsio 28783 262197 0 0 3 0x14280 nfsidl nfsio 29557 220381 0 0 3 0x14280 nfsidl nfsio 8840 90267 0 0 3 0x14280 nfsidl nfsio 40213 58068 0 0 3 0x14280 nfsidl nfsio 85319 178826 0 0 3 0x14280 nfsidl nfsio 72896 64450 0 0 3 0x14280 nfsidl nfsio 70710 468000 0 0 3 0x14280 nfsidl nfsio 49997 493765 0 0 3 0x14280 nfsidl nfsio 66686 301592 0 0 3 0x14280 nfsidl nfsio 88675 171776 0 0 3 0x14280 nfsidl nfsio 58973 454615 0 0 3 0x14280 nfsidl nfsio 71346 276669 0 0 3 0x14280 nfsidl nfsio 59447 101049 0 0 3 0x14280 nfsidl nfsio 84106 244560 0 0 3 0x14280 nfsidl nfsio 12575 44536 0 0 3 0x14280 nfsidl nfsio 92019 44697 0 0 3 0x14280 nfsidl nfsio 908 259063 0 0 3 0x14280 nfsidl nfsio 30374 421610 0 0 3 0x14280 nfsidl nfsio 4296 20047 23307 0 3 0x82 nanoslp syz-executor.5 72790 466711 23307 0 3 0x82 nanoslp syz-executor.7 67013 442157 1 0 3 0x100083 ttyin getty 46103 227200 23307 0 3 0x82 nanoslp syz-executor.1 68265 502070 23307 0 3 0x82 nanoslp syz-executor.0 94960 98654 23307 0 3 0x82 nanoslp syz-executor.6 99805 294816 23307 0 3 0x82 nanoslp syz-executor.2 12554 267219 23307 0 3 0x82 nanoslp syz-executor.3 69721 523785 0 0 3 0x14200 acct acct 16771 207061 23307 0 3 0x82 nanoslp syz-executor.4 29117 97797 0 0 3 0x14200 bored sosplice 23307 452379 1388 0 3 0x2000082 wait syz-fuzzer 23307 210624 1388 0 3 0x6000082 thrsleep syz-fuzzer 23307 142328 1388 0 3 0x6000082 wait syz-fuzzer 23307 53866 1388 0 3 0x6000082 thrsleep syz-fuzzer 23307 101603 1388 0 3 0x6000082 wait syz-fuzzer 23307 79122 1388 0 3 0x6000082 wait syz-fuzzer 23307 470795 1388 0 3 0x6000082 thrsleep syz-fuzzer 23307 91921 1388 0 3 0x6000082 kqread syz-fuzzer 23307 259514 1388 0 3 0x6000082 thrsleep syz-fuzzer 23307 244339 1388 0 3 0x6000082 thrsleep syz-fuzzer 23307 515717 1388 0 3 0x6000082 wait syz-fuzzer 23307 339430 1388 0 3 0x6000082 wait syz-fuzzer 23307 518630 1388 0 3 0x6000082 wait syz-fuzzer 23307 368875 1388 0 3 0x6000082 wait syz-fuzzer 1388 503201 28796 0 3 0x10008a sigsusp ksh 28796 355149 74518 0 3 0x9a kqread sshd 74518 392395 1 0 3 0x88 kqread sshd 11900 281005 7667 73 3 0x1100090 kqread syslogd 7667 198293 1 0 3 0x100082 netio syslogd 11261 388507 1 0 3 0x100080 kqread resolvd 53549 57571 87887 77 3 0x100092 kqread dhcpleased 9840 328242 87887 77 3 0x100092 kqread dhcpleased 87887 10206 1 0 3 0x80 kqread dhcpleased 77872 268212 0 0 3 0x14200 bored smr 87790 137651 0 0 2 0x14200 zerothread 26212 274073 0 0 3 0x14200 aiodoned aiodoned 17175 99810 0 0 3 0x14200 syncer update 98492 112877 0 0 3 0x14200 cleaner cleaner 38100 469146 0 0 3 0x14200 reaper reaper 9240 293456 0 0 3 0x14200 pgdaemon pagedaemon 96796 344392 0 0 3 0x14200 bored viomb 65506 461265 0 0 3 0x40014200 acpi0 acpi0 14732 291895 0 0 3 0x14200 bored softnet3 57689 104115 0 0 3 0x14200 bored softnet2 90804 227154 0 0 3 0x14200 bored softnet1 2802 51592 0 0 3 0x14200 bored softnet0 81429 420858 0 0 3 0x14200 bored systqmp 54037 112248 0 0 3 0x14200 bored systq 83607 435474 0 0 3 0x40014200 tmoslp softclock 11223 92152 0 0 3 0x40014200 idle0 1 261529 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10206 6492K 7203K 166960K 20065 0 pcb 15 18K 20K 166960K 788 0 rtable 222 14K 15K 166960K 1375 0 pf 29 8K 9K 166960K 222 0 ifaddr 43 12K 13K 166960K 206 0 ifgroup 50 2K 2K 166960K 383 0 sysctl 3 0K 0K 166960K 5 0 counters 30 17K 17K 166960K 108 0 ioctlops 0 0K 2K 166960K 289 0 iov 0 0K 28K 166960K 655 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1413 88K 89K 166960K 4650 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 42 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 1212 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 69K 166960K 5967 0 sigio 0 0K 0K 166960K 263 0 proc 58 59K 75K 166960K 1427 0 subproc 104 6K 6K 166960K 416 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 479 0 in_multi 88 6K 7K 166960K 390 0 ether_multi 1 0K 0K 166960K 7 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 1306 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 402 152K 155K 166960K 56339 0 UVM aobj 131 4K 4K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 223 0 NDP 11 0K 2K 166960K 153 0 temp 75 6764K 6892K 166960K 100702 0 kqueue 13 20K 26K 166960K 408 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 296 0 293 2 0 2 2 0 8 1 rtentry 112 429 0 328 4 0 4 4 0 8 1 unpcb 144 4738 0 4722 9 0 9 9 0 8 8 syncache 336 88 0 88 2 1 1 1 0 8 1 tcpqe 32 187 0 187 2 1 1 1 0 8 1 tcpcb 808 1919 0 1900 17 6 11 17 0 8 8 arp 88 79 0 61 1 0 1 1 0 8 0 ipq 40 13 0 13 1 0 1 1 0 8 1 ipqe 40 39 0 39 1 0 1 1 0 8 1 inpcb 360 5257 0 5234 24 13 11 16 0 8 8 nd6 104 97 0 76 1 0 1 1 0 8 0 pkpcb 40 94 0 94 1 0 1 1 0 8 1 kcovpl 48 32 0 24 1 0 1 1 0 8 0 ppxss 1072 8 0 8 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1620 0 1178 31 2 29 29 0 8 1 art_table 32 1621 0 1178 4 0 4 4 0 8 0 art_node 16 416 0 324 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 4 1 0 1 1 0 8 1 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 1210 0 1200 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 33 0 16 3 0 3 3 0 8 0 dino2pl 256 9555 0 8062 94 0 94 94 0 8 0 ffsino 240 9555 0 8062 89 0 89 89 0 8 0 nchpl 144 17812 0 16162 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 60263 0 60263 4 3 1 3 0 8 1 vcpupl 2048 14 0 1 2 0 2 2 0 8 0 vmpool 664 14 0 1 2 0 2 2 0 8 0 kstatmem 264 178 0 156 2 0 2 2 0 8 0 scxspl 216 56887 0 56887 10 2 8 8 1 8 8 plimitpl 152 433 0 417 1 0 1 1 0 8 0 sigapl 424 6658 0 6591 8 0 8 8 0 8 0 futexpl 64 57955 0 57946 1 0 1 1 0 8 0 knotepl 120 55349 0 55266 18 7 11 18 0 8 7 kqueuepl 184 1154 0 1144 4 0 4 4 0 8 3 pipepl 288 1012 0 982 8 1 7 7 0 8 4 fdescpl 432 6200 0 6171 4 0 4 4 0 8 0 filepl 120 37187 0 36929 16 1 15 15 0 8 6 lockfpl 104 1603 0 1600 2 0 2 2 0 8 1 lockfspl 48 516 0 513 1 0 1 1 0 8 0 sessionpl 144 48 0 32 1 0 1 1 0 8 0 pgrppl 48 157 0 141 1 0 1 1 0 8 0 ucredpl 104 6377 0 6360 1 0 1 1 0 8 0 zombiepl 144 6591 0 6591 1 0 1 1 0 8 1 processpl 1072 6658 0 6591 5 0 5 5 0 8 0 procpl 680 15321 0 15225 9 0 9 9 0 8 0 sosppl 168 100 0 98 1 0 1 1 0 8 0 sockpl 488 10395 0 10352 138 124 14 36 0 8 8 sockpl: pool(0xffffffff82de8a78:sockpl): free list modified: page 0xfffffd806b0f7000; item ordinal 0; addr 0xfffffd806b0f7d83 (p 0xfffffd806b0f7000); offset 0x0=0xef0ffceaf0042e46 sockpl: pool(0xffffffff82de8a78:sockpl): page inconsistency: page 0xfffffd806b0f7000; item ordinal 1; addr 0xd9b33da8a494f150 mcl64k 65536 215 0 215 2 1 1 1 0 8 1 mcl16k 16384 139 0 139 2 1 1 1 0 8 1 mcl12k 12288 273 0 273 1 0 1 1 0 8 1 mcl9k 9216 108 0 108 1 0 1 1 0 8 1 mcl8k 8192 543 0 543 2 1 1 1 0 8 1 mcl4k 4096 727 0 727 2 1 1 1 0 8 1 mcl2k2 2112 44 0 44 2 1 1 1 0 8 1 mcl2k 2048 82746 0 82700 33 23 10 29 0 8 3 mtagpl 96 840 0 521 9 1 8 8 0 8 0 mbufpl 256 181804 0 181318 118 83 35 75 0 8 2 bufpl 280 15198 0 8809 457 0 457 457 0 8 0 anonpl 24 712387 0 698511 152 0 152 152 0 188 57 amapchunkpl 152 178087 0 177133 65 1 64 64 0 158 26 amappl16 200 15538 0 15091 56 23 33 37 0 8 8 amappl15 192 60 0 59 1 0 1 1 0 8 0 amappl14 184 269 0 256 2 1 1 2 0 8 0 amappl13 176 20 0 19 1 0 1 1 0 8 0 amappl12 168 7180 0 7148 2 0 2 2 0 8 0 amappl11 160 81 0 71 1 0 1 1 0 8 0 amappl10 152 50 0 41 1 0 1 1 0 8 0 amappl9 144 162 0 160 1 0 1 1 0 8 0 amappl8 136 399 0 324 3 0 3 3 0 8 0 amappl7 128 228 0 205 2 0 2 2 0 8 0 amappl6 120 660 0 649 1 0 1 1 0 8 0 amappl5 112 211 0 203 1 0 1 1 0 8 0 amappl4 104 644 0 624 2 1 1 2 0 8 0 amappl3 96 35840 0 35739 3 0 3 3 0 8 0 amappl2 88 6991 0 6917 3 1 2 3 0 8 0 amappl1 80 32002 0 31484 23 11 12 22 0 8 1 amappl 88 55508 0 55235 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 6214 0 6172 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6214 0 6172 1 0 1 1 0 8 0 vmmpekpl 168 47825 0 47755 4 0 4 4 0 8 0 vmmpepl 168 387510 0 385128 143 14 129 129 0 357 14 vmsppl 352 6213 0 6172 4 0 4 4 0 8 0 rwobjpl 24 100269 0 92697 48 1 47 47 0 8 0 pdppl 4096 12434 0 12357 395 318 77 79 0 8 0 pvpl 32 1877826 0 1857700 479 198 281 351 0 265 111 pmappl 216 6213 0 6172 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 817 0 443 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82933ab8) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82de8a78,9,ffff80002f3b2fc8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82de8a78,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82b9a680,1) at soalloc+0x58 sys/kern/uipc_socket.c:142 socreate(2,ffff80002f3b30e8,1,0) at socreate+0xa8 sys/kern/uipc_socket.c:192 sys_socket(ffff80002a6692b8,ffff80002f3b3240,ffff80002f3b3190) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff80002f3b3240) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x83a9d12f640, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82933ab8) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82de8a78,9,ffff80002f3b2fc8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82de8a78,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82b9a680,1) at soalloc+0x58 sys/kern/uipc_socket.c:142 socreate(2,ffff80002f3b30e8,1,0) at socreate+0xa8 sys/kern/uipc_socket.c:192 sys_socket(ffff80002a6692b8,ffff80002f3b3240,ffff80002f3b3190) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff80002f3b3240) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x83a9d12f640, count: -9