panic: pool_do_get: sockpl free list modified: page 0xfffffd805b561000; item addr 0xfffffd805b5613da; offset 0x0=0x428d519f91fc5f2d != 0x519f91fc5f2d94e1 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *313407 31086 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff800037809b68) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82ab71c0,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(2,ffff800037809c78,2,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 sys_socket(ffff80002a674ac0,ffff800037809dd0,ffff800037809d20) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff800037809dd0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x996837c2b40, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pool_do_get: sockpl free list modified: page 0xfffffd805b561000; item addr 0xfffffd805b5613da; offset 0x0=0x428d519f91fc5f2d != 0x519f91fc5f2d94e1 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff800037809b68) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82ab71c0,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(2,ffff800037809c78,2,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 sys_socket(ffff80002a674ac0,ffff800037809dd0,ffff800037809d20) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff800037809dd0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x996837c2b40, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000378099e0 rbx 0x519f91fc5f2d94e1 rdx 0 rcx 0 rax 0xffff80002a674ac0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x1d17060953d5bd50 r11 0x8e5a8c62919f757 r12 0 r13 0xfffffd805b5613da r14 0 r15 0x1 rip 0xffffffff818b542c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000378099d0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) tid=313407 pid=31086 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=74, usrpri=74, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a674d68,0xffff80002a672570 process=0xffff8000fffec880 user=0xffff800037804000, vmspace=0xfffffd8063085308 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 40967 346093 61159 0 2 0 syz-executor.0 31086 153325 14168 0 2 0 syz-executor.2 31086 359645 14168 0 3 0x4000080 fsleep syz-executor.2 *31086 313407 14168 0 7 0x4000000 syz-executor.2 29442 478264 68406 0 2 0 syz-executor.3 29442 31863 68406 0 3 0x4000080 fsleep syz-executor.3 41337 520474 83129 0 2 0 syz-executor.7 41337 388571 83129 0 3 0x4000080 kqread syz-executor.7 41337 216903 83129 0 3 0x4000080 fsleep syz-executor.7 72350 356000 56814 0 2 0x2 syz-executor.6 27429 147437 1 0 3 0x3000 suspend syz-executor.1 27429 327503 1 0 3 0x4081000 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10201 6433K 8711K 166960K 44826 0 pcb 15 22K 24K 166960K 2261 0 rtable 201 14K 15K 166960K 5087 0 pf 27 8K 9K 166960K 702 0 ifaddr 38 14K 15K 166960K 688 0 ifgroup 46 2K 2K 166960K 1159 0 sysctl 3 0K 2K 166960K 10 0 counters 29 17K 17K 166960K 312 0 ioctlops 0 0K 2K 166960K 1548 0 iov 0 0K 28K 166960K 2140 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1610 101K 101K 166960K 15134 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 232 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 933 0 dirhash 12 2K 2K 166960K 111 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 73K 166960K 20572 0 sigio 0 0K 0K 166960K 1000 0 proc 58 59K 83K 166960K 4254 0 subproc 104 6K 7K 166960K 1586 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2151 0 in_multi 79 5K 7K 166960K 1589 0 ether_multi 1 0K 0K 166960K 31 0 mrt 1 0K 0K 166960K 25 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 4069 0 pfkey data 0 0K 0K 166960K 49 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 595 836K 845K 166960K 186775 0 UVM aobj 131 4K 4K 166960K 137 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 887 0 NDP 10 0K 2K 166960K 538 0 temp 74 6700K 6828K 166960K 275472 0 kqueue 12 18K 28K 166960K 1678 0 SYN cache 2 2456K 2464K 166960K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1393 0 1390 20 19 1 5 0 8 0 rtentry 112 1585 0 1495 9 6 3 4 0 8 0 unpcb 144 16582 0 16569 187 183 4 10 0 8 3 syncache 320 189 0 189 38 37 1 1 0 8 1 tcpqe 32 281 0 281 30 29 1 1 0 8 1 tcpcb 808 6684 0 6666 222 214 8 16 0 8 5 arp 88 310 0 294 1 0 1 1 0 8 0 ipq 40 22 0 22 7 7 0 1 0 8 0 ipqe 40 94 0 94 7 7 0 1 0 8 0 inpcb 344 18393 0 18358 340 332 8 17 0 8 4 nd6 104 382 0 364 1 0 1 1 0 8 0 pkpcb 40 169 0 169 18 18 0 1 0 8 0 kcovpl 48 122 0 114 1 0 1 1 0 8 0 ppxss 1072 64 0 64 16 16 0 1 0 8 0 art_heap8 4096 5 0 4 3 2 1 3 0 8 0 art_heap4 256 6105 0 5722 121 97 24 30 0 8 0 art_table 32 6110 0 5726 9 5 4 4 0 8 0 art_node 16 1565 0 1484 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 1 1 0 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 927 0 917 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 83 0 66 3 0 3 3 0 8 0 dino2pl 256 28170 0 26638 97 0 97 97 0 8 0 ffsino 240 28170 0 26638 91 0 91 91 0 8 0 nchpl 144 55316 0 53671 64 1 63 63 0 8 0 uvmvnodes 80 7278 0 0 149 0 149 149 0 8 0 vnodes 216 7278 0 0 405 0 405 405 0 8 0 namei 1024 194719 0 194719 16 15 1 3 0 8 1 vcpupl 2048 439 0 0 55 0 55 55 0 8 0 vmpool 664 568 0 129 38 1 37 37 0 8 0 kstatmem 264 586 0 566 2 0 2 2 0 8 0 scxspl 216 182870 0 182870 50 49 1 8 1 8 1 plimitpl 152 3089 0 3074 1 0 1 1 0 8 0 sigapl 424 21209 0 21146 11 3 8 8 0 8 0 futexpl 64 187441 0 187438 11 10 1 1 0 8 0 knotepl 120 179846 0 179770 70 66 4 18 0 8 0 kqueuepl 184 4266 0 4257 58 57 1 6 0 8 0 pipepl 288 3971 0 3878 86 79 7 7 0 8 0 fdescpl 432 20605 0 20580 6 2 4 4 0 8 0 filepl 120 131309 0 130931 217 205 12 22 0 8 0 lockfpl 104 7644 0 7642 16 15 1 2 0 8 0 lockfspl 48 2452 0 2450 1 0 1 1 0 8 0 sessionpl 144 144 0 128 1 0 1 1 0 8 0 pgrppl 48 566 0 550 1 0 1 1 0 8 0 ucredpl 104 18004 0 17993 1 0 1 1 0 8 0 zombiepl 144 21147 0 21146 3 2 1 1 0 8 0 processpl 1072 21209 0 21146 5 0 5 5 0 8 0 procpl 680 50518 0 50436 37 29 8 9 0 8 0 sosppl 168 251 0 251 25 25 0 1 0 8 0 sockpl 488 36623 0 36572 851 837 14 42 0 8 7 sockpl: pool(0xffffffff82d0ef70:sockpl): free list modified: page 0xfffffd805b561000; item ordinal 0; addr 0xfffffd805b5613da (p 0xfffffd805b561000); offset 0x0=0x428d519f91fc5f2d pool(sockpl): free list modified: page 0xfffffd805b561000; item ordinal 0; addr 0xfffffd805b5613da (p 0xfffffd805b561000); offset 0x0=0xbeaddeaf sockpl: pool(0xffffffff82d0ef70:sockpl): page inconsistency: page 0xfffffd805b561000; item ordinal 1; addr 0x2ca115db5921874 mcl64k 65536 994 0 994 42 41 1 1 0 8 1 mcl16k 16384 421 0 421 62 61 1 1 0 8 1 mcl12k 12288 849 0 849 47 47 0 1 0 8 0 mcl9k 9216 470 0 470 61 60 1 1 0 8 1 mcl8k 8192 1661 0 1661 40 39 1 1 0 8 1 mcl4k 4096 2293 0 2293 32 31 1 1 0 8 1 mcl2k2 2112 100 0 100 54 53 1 1 0 8 1 mcl2k 2048 114749 0 114710 133 127 6 30 0 8 0 mtagpl 96 4438 0 4376 53 51 2 12 0 8 0 mbufpl 256 384105 0 383921 822 801 21 188 0 8 0 bufpl 280 40392 0 33106 521 0 521 521 0 8 0 anonpl 24 1954325 0 1942003 343 236 107 167 0 188 0 amapchunkpl 152 591932 0 591112 161 122 39 66 0 158 0 amappl16 200 34846 0 34286 170 139 31 43 0 8 0 amappl15 192 16 0 16 1 1 0 1 0 8 0 amappl14 184 553 0 541 2 1 1 2 0 8 0 amappl13 176 201 0 199 1 0 1 1 0 8 0 amappl12 168 22921 0 22894 2 0 2 2 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 155 0 146 2 1 1 1 0 8 0 amappl9 144 262 0 260 1 0 1 1 0 8 0 amappl8 136 913 0 784 5 0 5 5 0 8 0 amappl7 128 475 0 450 2 0 2 2 0 8 0 amappl6 120 1989 0 1977 1 0 1 1 0 8 0 amappl5 112 595 0 587 1 0 1 1 0 8 0 amappl4 104 1321 0 1289 2 1 1 2 0 8 0 amappl3 96 115717 0 115621 11 8 3 4 0 8 0 amappl2 88 22298 0 22230 3 1 2 3 0 8 0 amappl1 80 89593 0 89090 23 11 12 22 0 8 0 amappl 88 184855 0 184583 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 21173 0 20709 3 0 3 3 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 21173 0 20709 3 0 3 3 0 8 0 vmmpekpl 168 138280 0 138159 6 0 6 6 0 8 0 vmmpepl 168 1250132 0 1247276 650 490 160 160 0 357 15 vmsppl 352 21172 0 20709 51 8 43 43 0 8 0 rwobjpl 24 281985 0 272873 58 1 57 57 0 8 0 pdppl 4096 42352 0 41857 1720 1219 501 504 0 8 6 pvpl 32 5732725 0 5715003 813 629 184 361 0 265 1 pmappl 216 21172 0 20709 29 3 26 26 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3585 0 2757 28 3 25 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff800037809b68) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82ab71c0,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(2,ffff800037809c78,2,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 sys_socket(ffff80002a674ac0,ffff800037809dd0,ffff800037809d20) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff800037809dd0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x996837c2b40, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff800037809b68) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82ab71c0,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(2,ffff800037809c78,2,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 sys_socket(ffff80002a674ac0,ffff800037809dd0,ffff800037809d20) at sys_socket+0xdc sys/kern/uipc_syscalls.c:101 syscall(ffff800037809dd0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x996837c2b40, count: -9