panic: pool_do_get: inpcb free list modified: page 0xfffffd8071674000; item addr 0xfffffd8071674be8; offset 0x0=0x0 != 0xfb3e7a32c9de2315 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *208942 93321 0 0 0x4000000 0 syz-executor.7 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff826147df) at panic+0x161 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82a121c8,a,ffff80002e99cec8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82a121c8,a) at pool_get+0xb3 sys/kern/subr_pool.c:582 in_pcballoc(fffffd8068a6bca0,ffffffff829da528) at in_pcballoc+0x3c sys/netinet/in_pcb.c:234 udp_attach(fffffd8068a6bca0,0) at udp_attach+0xde sys/netinet/udp_usrreq.c:1093 socreate(18,ffff80002e99d048,2,0) at socreate+0x226 pru_attach sys/sys/protosw.h:272 [inline] socreate(18,ffff80002e99d048,2,0) at socreate+0x226 sys/kern/uipc_socket.c:196 sys_socket(ffff8000217047f0,ffff80002e99d0d8,ffff80002e99d130) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:98 syscall(ffff80002e99d1a0) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe1e25585170, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pool_do_get: inpcb free list modified: page 0xfffffd8071674000; item addr 0xfffffd8071674be8; offset 0x0=0x0 != 0xfb3e7a32c9de2315 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff826147df) at panic+0x161 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82a121c8,a,ffff80002e99cec8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82a121c8,a) at pool_get+0xb3 sys/kern/subr_pool.c:582 in_pcballoc(fffffd8068a6bca0,ffffffff829da528) at in_pcballoc+0x3c sys/netinet/in_pcb.c:234 udp_attach(fffffd8068a6bca0,0) at udp_attach+0xde sys/netinet/udp_usrreq.c:1093 socreate(18,ffff80002e99d048,2,0) at socreate+0x226 pru_attach sys/sys/protosw.h:272 [inline] socreate(18,ffff80002e99d048,2,0) at socreate+0x226 sys/kern/uipc_socket.c:196 sys_socket(ffff8000217047f0,ffff80002e99d0d8,ffff80002e99d130) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:98 syscall(ffff80002e99d1a0) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe1e25585170, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002e99cd40 rbx 0xfb3e7a32c9de2315 rdx 0 rcx 0 rax 0xffff8000217047f0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x88ae60cd8fc0f4fb r11 0xb3249da4ac7f69ea r12 0 r13 0xfffffd8071674be8 r14 0 r15 0x1 rip 0xffffffff81e41f28 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e99cd30 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.7) pid=208942 stat=onproc flags process=0 proc=4000000 pri=84, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8548,0xffff800021704020 process=0xffff8000ffff6fb0 user=0xffff80002e998000, vmspace=0xfffffd8068422668 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 29750 67295 19337 0 2 0 syz-executor.0 29750 130666 19337 0 2 0x4000000 syz-executor.0 93321 42454 1367 0 2 0 syz-executor.7 *93321 208942 1367 0 7 0x4000000 syz-executor.7 96881 414568 97367 0 2 0 syz-executor.1 96881 296478 97367 0 3 0x4000080 fsleep syz-executor.1 84568 224407 11498 0 2 0 syz-executor.2 84568 19419 11498 0 3 0x4000080 fsleep syz-executor.2 84568 151647 11498 0 3 0x4000080 fsleep syz-executor.2 82236 382508 67892 0 2 0 syz-executor.4 82236 94283 67892 0 3 0x4000080 fsleep syz-executor.4 82236 220233 67892 0 3 0x4000080 fsleep syz-executor.4 8247 439056 15685 0 2 0x2 syz-executor.5 97367 88777 15685 0 3 0x82 nanoslp syz-executor.1 97076 211608 15685 0 2 0x2 syz-executor.6 52941 504244 15685 0 3 0x82 nanoslp syz-executor.3 36435 393335 1 0 3 0x100083 ttyin getty 1367 414915 15685 0 3 0x82 nanoslp syz-executor.7 76575 318599 0 0 3 0x14200 acct acct 67892 291396 15685 0 3 0x82 nanoslp syz-executor.4 83220 263095 0 0 3 0x14200 bored sosplice 12541 160066 0 0 3 0x14280 nfsidl nfsio 97795 368558 0 0 3 0x14280 nfsidl nfsio 1330 302293 0 0 3 0x14280 nfsidl nfsio 48764 141745 0 0 3 0x14280 nfsidl nfsio 80029 504680 0 0 3 0x14280 nfsidl nfsio 27597 213669 0 0 3 0x14280 nfsidl nfsio 46531 324722 0 0 3 0x14280 nfsidl nfsio 6614 495727 0 0 3 0x14280 nfsidl nfsio 90082 113910 0 0 3 0x14280 nfsidl nfsio 37998 393471 0 0 3 0x14280 nfsidl nfsio 69407 86058 0 0 3 0x14280 nfsidl nfsio 98565 370804 0 0 3 0x14280 nfsidl nfsio 69735 200074 0 0 3 0x14280 nfsidl nfsio 82467 132666 0 0 3 0x14280 nfsidl nfsio 84025 454755 0 0 3 0x14280 nfsidl nfsio 37131 292091 0 0 3 0x14280 nfsidl nfsio 78632 438930 0 0 3 0x14280 nfsidl nfsio 52276 175051 0 0 3 0x14280 nfsidl nfsio 95665 5718 0 0 3 0x14280 nfsidl nfsio 8164 514125 0 0 3 0x14280 nfsidl nfsio 11498 103110 15685 0 3 0x82 nanoslp syz-executor.2 19337 45591 15685 0 3 0x82 nanoslp syz-executor.0 15685 120336 57849 0 3 0x82 wait syz-fuzzer 15685 479149 57849 0 3 0x4000082 nanoslp syz-fuzzer 15685 93756 57849 0 3 0x4000082 wait syz-fuzzer 15685 418816 57849 0 3 0x4000082 thrsleep syz-fuzzer 15685 447209 57849 0 3 0x4000082 wait syz-fuzzer 15685 227248 57849 0 3 0x4000082 thrsleep syz-fuzzer 15685 514369 57849 0 3 0x4000082 kqread syz-fuzzer 15685 225314 57849 0 3 0x4000082 thrsleep syz-fuzzer 15685 118099 57849 0 3 0x4000082 thrsleep syz-fuzzer 15685 41415 57849 0 3 0x4000082 wait syz-fuzzer 15685 374039 57849 0 3 0x4000082 wait syz-fuzzer 15685 21654 57849 0 3 0x4000082 wait syz-fuzzer 15685 187071 57849 0 3 0x4000082 wait syz-fuzzer 15685 136050 57849 0 3 0x4000082 wait syz-fuzzer 57849 88512 50235 0 3 0x10008a sigsusp ksh 50235 252930 29364 0 3 0x9a kqread sshd 29364 310408 1 0 3 0x88 kqread sshd 92361 522190 87897 73 3 0x1100090 kqread syslogd 87897 124509 1 0 3 0x100082 netio syslogd 26088 326029 1 0 3 0x100080 kqread resolvd 22580 508604 45695 77 3 0x100092 kqread dhcpleased 25865 144 45695 77 3 0x100092 kqread dhcpleased 45695 46035 1 0 3 0x80 kqread dhcpleased 54187 177936 0 0 3 0x14200 bored smr 52646 22484 0 0 2 0x14200 zerothread 33435 259600 0 0 3 0x14200 aiodoned aiodoned 75602 234248 0 0 3 0x14200 syncer update 60015 394896 0 0 3 0x14200 cleaner cleaner 46301 58046 0 0 3 0x14200 reaper reaper 18511 253165 0 0 3 0x14200 pgdaemon pagedaemon 48175 297566 0 0 3 0x14200 bored viomb 63045 305704 0 0 3 0x40014200 acpi0 acpi0 72973 475725 0 0 3 0x14200 bored softnet 70881 120395 0 0 3 0x14200 bored softnet 27089 153623 0 0 3 0x14200 bored softnet 29852 253599 0 0 3 0x14200 bored softnet 53202 86341 0 0 3 0x14200 bored systqmp 17146 390555 0 0 3 0x14200 bored systq 95581 403167 0 0 3 0x40014200 bored softclock 20392 292142 0 0 3 0x40014200 idle0 1 265248 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10182 6473K 6889K 78643K 14341 0 pcb 13 11K 12K 78643K 289 0 rtable 191 9K 10K 78643K 895 0 ifaddr 102 22K 22K 78643K 472 0 sysctl 2 0K 0K 78643K 2 0 counters 26 17K 17K 78643K 74 0 ioctlops 0 0K 4K 78643K 1031 0 iov 0 0K 20K 78643K 255 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1366 85K 86K 78643K 2916 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 14 0 VM map 2 0K 0K 78643K 2 0 sem 9 2K 2K 78643K 46 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 73K 78643K 2610 0 sigio 0 0K 0K 78643K 13 0 proc 59 59K 75K 78643K 819 0 subproc 104 6K 6K 78643K 250 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 242 0 in_multi 80 5K 7K 78643K 294 0 ether_multi 1 0K 0K 78643K 16 0 mrt 1 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 2K 78643K 1492 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 264 211K 243K 78643K 15644 0 UVM aobj 25 2K 2K 78643K 27 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 138 0 NDP 13 0K 1K 78643K 99 0 temp 128 4726K 5746K 78643K 44052 0 kqueue 12 18K 24K 78643K 208 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1191 0 1186 13 8 5 5 0 8 4 rtentry 112 268 0 186 4 1 3 4 0 8 0 unpcb 144 1637 0 1622 14 13 1 6 0 8 0 syncache 296 18 0 18 4 4 0 1 0 8 0 tcpqe 32 8 0 8 2 2 0 1 0 8 0 tcpcb 768 847 0 839 22 20 2 8 0 8 0 arp 88 44 0 30 1 0 1 1 0 8 0 inpcb 336 2466 0 2394 26 19 7 10 0 8 1 inpcb: pool(0xffffffff82a121c8:inpcb): free list modified: page 0xfffffd8071674000; item ordinal 0; addr 0xfffffd8071674be8 (p 0xfffffd8079e8e000); offset 0x0=0x0 pool(inpcb): free list modified: page 0xfffffd8071674000; item ordinal 0; addr 0xfffffd8071674be8 (p 0xfffffd8079e8e000); offset 0x0=0x0 inpcb: pool(0xffffffff82a121c8:inpcb): page inconsistency: page 0xfffffd8071674000; item ordinal 1; addr 0x80b564ed1582e051 nd6 48 63 0 43 1 0 1 1 0 8 0 pkpcb 40 10 0 10 2 2 0 1 0 8 0 kcovpl 48 19 0 11 1 0 1 1 0 8 0 ppxss 1160 20 0 20 3 3 0 1 0 8 0 pfstscr 40 16 0 13 1 0 1 1 0 8 0 pfanchor 1280 1 0 0 1 0 1 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 120 30 0 26 1 0 1 1 0 8 0 pfstate 336 15 0 13 1 0 1 1 0 8 0 pfrule 1360 109 0 0 10 0 10 10 0 8 0 art_heap8 4096 5 0 4 4 3 1 3 0 8 0 art_heap4 256 1197 0 834 37 9 28 29 0 8 0 art_table 32 1202 0 838 4 0 4 4 0 8 0 art_node 16 267 0 195 1 0 1 1 0 8 0 sysvmsgpl 40 84 0 73 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 7 0 0 1 0 1 1 0 8 0 shmpl 112 24 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5144 0 3710 90 0 90 90 0 8 0 ffsino 240 5144 0 3710 85 0 85 85 0 8 0 nchpl 144 9196 0 7564 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 35214 0 35213 4 3 1 2 0 8 0 vcpupl 2048 10 0 1 2 0 2 2 0 8 0 vmpool 536 14 0 5 1 0 1 1 0 8 0 kstatmem 264 114 0 90 4 2 2 3 0 8 0 scsiplug 72 14 0 14 1 1 0 1 0 8 0 scxspl 216 23888 0 23888 13 11 2 8 0 8 2 plimitpl 152 297 0 282 1 0 1 1 0 8 0 sigapl 424 2903 0 2838 8 0 8 8 0 8 0 futexpl 64 29091 0 29086 1 0 1 1 0 8 0 knotepl 120 29995 0 29915 17 6 11 11 0 8 7 kqueuepl 184 1476 0 1466 13 10 3 4 0 8 2 pipepl 288 551 0 523 12 9 3 7 0 8 0 fdescpl 432 2865 0 2839 4 0 4 4 0 8 0 filepl 120 24637 0 24267 31 18 13 16 0 8 1 lockfpl 104 556 0 554 1 0 1 1 0 8 0 lockfspl 48 188 0 186 1 0 1 1 0 8 0 sessionpl 144 35 0 19 1 0 1 1 0 8 0 pgrppl 48 35 0 19 1 0 1 1 0 8 0 ucredpl 104 4369 0 4358 1 0 1 1 0 8 0 zombiepl 144 2839 0 2838 2 1 1 1 0 8 0 processpl 1000 2903 0 2838 10 1 9 9 0 8 0 procpl 672 7079 0 6994 12 3 9 9 0 8 1 sosppl 168 21 0 20 3 2 1 1 0 8 0 sockpl 456 5305 0 5209 98 85 13 25 0 8 1 mcl64k 65536 72 0 72 3 2 1 1 0 8 1 mcl16k 16384 25 0 25 4 3 1 1 0 8 1 mcl12k 12288 65 0 65 3 2 1 1 0 8 1 mcl9k 9216 21 0 21 3 3 0 1 0 8 0 mcl8k 8192 172 0 172 4 3 1 1 0 8 1 mcl4k 4096 484 0 484 4 3 1 3 0 8 1 mcl2k2 2112 17 0 17 5 4 1 1 0 8 1 mcl2k 2048 72600 0 72540 16 7 9 12 0 8 0 mtagpl 96 137 0 84 3 1 2 2 0 8 0 mbufpl 256 201317 0 201034 97 72 25 79 0 8 3 bufpl 288 8531 0 2119 459 0 459 459 0 8 0 anonpl 24 744472 0 727148 157 36 121 130 0 188 8 amapchunkpl 152 45792 0 45133 44 16 28 41 0 158 0 amappl16 200 20659 0 20002 63 25 38 51 0 8 2 amappl15 192 375 0 373 1 0 1 1 0 8 0 amappl14 184 251 0 248 1 0 1 1 0 8 0 amappl13 176 340 0 334 1 0 1 1 0 8 0 amappl12 168 82 0 79 1 0 1 1 0 8 0 amappl11 160 600 0 581 1 0 1 1 0 8 0 amappl10 152 515 0 508 1 0 1 1 0 8 0 amappl9 144 924 0 914 1 0 1 1 0 8 0 amappl8 136 854 0 802 2 0 2 2 0 8 0 amappl7 128 303 0 280 1 0 1 1 0 8 0 amappl6 120 679 0 664 2 1 1 2 0 8 0 amappl5 112 2535 0 2515 1 0 1 1 0 8 0 amappl4 104 1796 0 1769 2 1 1 2 0 8 0 amappl3 96 7850 0 7802 2 0 2 2 0 8 0 amappl2 88 3170 0 3108 2 0 2 2 0 8 0 amappl1 80 69523 0 68833 22 6 16 21 0 8 0 amappl 88 14928 0 14774 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 26 0 2 1 0 1 1 0 8 0 uaddrrnd 24 2879 0 2844 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2879 0 2844 1 0 1 1 0 8 0 vmmpekpl 168 26720 0 26662 3 0 3 3 0 8 0 vmmpepl 168 295932 0 293267 176 43 133 156 0 357 8 vmsppl 272 2878 0 2844 5 2 3 3 0 8 0 rwobjpl 24 87390 0 79728 47 0 47 47 0 8 0 pdppl 4096 5764 0 5697 232 159 73 75 0 8 6 pvpl 32 1452092 0 1430760 321 122 199 234 0 265 15 pmappl 216 2878 0 2844 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1101 0 296 25 0 25 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff826147df) at panic+0x161 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82a121c8,a,ffff80002e99cec8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82a121c8,a) at pool_get+0xb3 sys/kern/subr_pool.c:582 in_pcballoc(fffffd8068a6bca0,ffffffff829da528) at in_pcballoc+0x3c sys/netinet/in_pcb.c:234 udp_attach(fffffd8068a6bca0,0) at udp_attach+0xde sys/netinet/udp_usrreq.c:1093 socreate(18,ffff80002e99d048,2,0) at socreate+0x226 pru_attach sys/sys/protosw.h:272 [inline] socreate(18,ffff80002e99d048,2,0) at socreate+0x226 sys/kern/uipc_socket.c:196 sys_socket(ffff8000217047f0,ffff80002e99d0d8,ffff80002e99d130) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:98 syscall(ffff80002e99d1a0) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe1e25585170, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff826147df) at panic+0x161 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82a121c8,a,ffff80002e99cec8) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82a121c8,a) at pool_get+0xb3 sys/kern/subr_pool.c:582 in_pcballoc(fffffd8068a6bca0,ffffffff829da528) at in_pcballoc+0x3c sys/netinet/in_pcb.c:234 udp_attach(fffffd8068a6bca0,0) at udp_attach+0xde sys/netinet/udp_usrreq.c:1093 socreate(18,ffff80002e99d048,2,0) at socreate+0x226 pru_attach sys/sys/protosw.h:272 [inline] socreate(18,ffff80002e99d048,2,0) at socreate+0x226 sys/kern/uipc_socket.c:196 sys_socket(ffff8000217047f0,ffff80002e99d0d8,ffff80002e99d130) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:98 syscall(ffff80002e99d1a0) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe1e25585170, count: -10