login: panic: pool_do_get: shmpl free list modified: page 0xfffffd8062319000; item addr 0xfffffd8062319a40; offset 0x0=0x0 != 0xd35286edd3cba443 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 87506 96898 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82fde93e) at panic+0x1cf sys/kern/subr_prf.c:198 pool_do_get(ffffffff835324a0,1,ffff800037025aec) at pool_do_get+0x57e pool_get(ffffffff835324a0,1) at pool_get+0xf0 shmget_allocate_segment(ffff80002d9c2a70,ffff800037025d40,0,ffff800037025c90) at shmget_allocate_segment+0x1a7 sys_shmget(ffff80002d9c2a70,ffff800037025d40,ffff800037025c90) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 syscall(ffff800037025d40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8faf7dc1b90, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pool_do_get: shmpl free list modified: page 0xfffffd8062319000; item addr 0xfffffd8062319a40; offset 0x0=0x0 != 0xd35286edd3cba443 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82fde93e) at panic+0x1cf sys/kern/subr_prf.c:198 pool_do_get(ffffffff835324a0,1,ffff800037025aec) at pool_do_get+0x57e pool_get(ffffffff835324a0,1) at pool_get+0xf0 shmget_allocate_segment(ffff80002d9c2a70,ffff800037025d40,0,ffff800037025c90) at shmget_allocate_segment+0x1a7 sys_shmget(ffff80002d9c2a70,ffff800037025d40,ffff800037025c90) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 syscall(ffff800037025d40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8faf7dc1b90, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800037025960 rbx 0xfffffd8062319a40 rdx 0 rcx 0 rax 0xffff80002d9c2a70 r8 0 r9 0x8080808080808080 r10 0x8988a92723c50fe2 r11 0x13a969bee7a383c8 r12 0 r13 0xfffffd8062319f90 r14 0 r15 0x1 rip 0xffffffff817025b5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800037025950 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=87506 pid=96898 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4971e0,0xffff80002d9c3728 process=0xffff8000ffff9e08 user=0xffff800037020000, vmspace=0xfffffd806ea962b8 estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 24524 257183 94192 0 2 0 syz-executor 67851 438854 45980 0 3 0 vmmaplk syz-executor 67851 57936 45980 0 2 0x4000000 syz-executor 96898 169871 49002 0 2 0 syz-executor *96898 87506 49002 0 7 0x4000000 syz-executor 81910 128754 49893 0 2 0 syz-executor 81910 503404 49893 0 3 0x4000080 fsleep syz-executor 85445 470644 83333 0 2 0 syz-executor 85445 376872 83333 0 2 0x4000000 syz-executor 34026 415802 71150 0 2 0 syz-executor 34026 21343 71150 0 2 0x4000000 syz-executor 99525 186586 80292 0 2 0 syz-executor 99525 247613 80292 0 3 0x4000080 kqsel syz-executor 99525 149839 80292 0 2 0x4000000 syz-executor 99525 65079 80292 0 3 0x4000080 fsleep syz-executor 80191 476267 54879 0 2 0 syz-executor 80191 56366 54879 0 2 0x4000000 syz-executor 80191 134598 54879 0 3 0x4000080 fsleep syz-executor 49002 76764 17426 0 2 0x482 syz-executor 97885 47393 1 0 3 0x100083 ttyin getty 45980 99385 17426 0 2 0x482 syz-executor 71150 375864 17426 0 2 0x482 syz-executor 30447 118652 0 0 3 0x14200 acct acct 54879 263028 17426 0 2 0x482 syz-executor 80292 395400 17426 0 2 0x482 syz-executor 49893 92839 17426 0 2 0x482 syz-executor 94192 69470 17426 0 2 0x482 syz-executor 83333 340609 17426 0 2 0x482 syz-executor 81002 169739 0 0 3 0x14280 nfsidl nfsio 52598 478325 0 0 3 0x14280 nfsidl nfsio 19298 141646 0 0 3 0x14280 nfsidl nfsio 16835 310259 0 0 3 0x14280 nfsidl nfsio 88383 396394 0 0 3 0x14280 nfsidl nfsio 21532 440358 0 0 3 0x14280 nfsidl nfsio 28974 449472 0 0 3 0x14280 nfsidl nfsio 8076 366925 0 0 3 0x14280 nfsidl nfsio 84142 476680 0 0 3 0x14280 nfsidl nfsio 37319 40166 0 0 3 0x14280 nfsidl nfsio 35918 146537 0 0 3 0x14280 nfsidl nfsio 99386 319692 0 0 3 0x14280 nfsidl nfsio 9432 130393 0 0 3 0x14280 nfsidl nfsio 68384 307313 0 0 3 0x14280 nfsidl nfsio 55198 101568 0 0 3 0x14280 nfsidl nfsio 63334 513638 0 0 3 0x14280 nfsidl nfsio 71400 354275 0 0 3 0x14280 nfsidl nfsio 38737 181049 0 0 3 0x14280 nfsidl nfsio 29806 254428 0 0 3 0x14280 nfsidl nfsio 94638 56418 0 0 3 0x14280 nfsidl nfsio 79275 391591 0 0 3 0x14200 bored sosplice 17426 159766 32796 0 3 0x82 kqread syz-executor 32796 265869 59874 0 3 0x10008a sigsusp ksh 59874 75160 63412 0 3 0x98 kqread sshd-session 63412 242835 44183 0 3 0x92 kqread sshd-session 44183 154773 1 0 3 0x88 kqread sshd 70895 290543 90898 73 3 0x1100090 kqread syslogd 90898 510014 1 0 3 0x100082 sbwait syslogd 62959 127262 1 0 3 0x100080 kqread resolvd 56340 120378 48684 77 3 0x100092 kqread dhcpleased 1901 272 48684 77 3 0x100092 kqread dhcpleased 48684 237729 1 0 3 0x80 kqread dhcpleased 35003 438938 0 0 3 0x14200 bored smr 86258 471628 0 0 2 0x14200 zerothread 32016 202485 0 0 3 0x14200 aiodoned aiodoned 14665 500866 0 0 3 0x14200 syncer update 70383 89166 0 0 3 0x14200 cleaner cleaner 82442 498488 0 0 3 0x14200 reaper reaper 90754 183626 0 0 3 0x14200 pgdaemon pagedaemon 12338 14559 0 0 3 0x14200 bored viomb 46317 440631 0 0 3 0x40014200 acpi0 acpi0 4125 327981 0 0 3 0x14200 bored softnet3 95410 201949 0 0 3 0x14200 bored softnet2 23158 146847 0 0 3 0x14200 bored softnet1 54657 316366 0 0 3 0x14200 bored softnet0 7708 211268 0 0 3 0x14200 bored systqmp 91063 80116 0 0 3 0x14200 bored systq 25042 295668 0 0 2 0x40014200 softclock 14528 119271 0 0 3 0x40014200 idle0 1 228576 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10195 10046K 10573K 166960K 17798 0 pcb 17 18K 23K 166960K 1501 0 rtable 148 7K 10K 166960K 7182 0 pf 33 13K 22K 166960K 695 0 ifaddr 32 8K 11K 166960K 973 0 ifgroup 54 2K 2K 166960K 1109 0 sysctl 4 1K 2K 166960K 23 0 counters 31 17K 18K 166960K 318 0 ioctlops 0 0K 4K 166960K 928 0 iov 0 0K 18K 166960K 483 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1622 102K 102K 166960K 8211 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 76K 166960K 140 0 VM map 2 1K 1K 166960K 2 0 sem 24 73K 83K 166960K 38 0 dirhash 15 2K 3K 166960K 114 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 18 65K 97K 166960K 11591 0 sigio 1 0K 0K 166960K 155 0 proc 61 59K 124K 166960K 6766 0 subproc 104 6K 7K 166960K 2757 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1167 0 in_multi 46 3K 7K 166960K 2561 0 ether_multi 1 0K 0K 166960K 87 0 mrt 1 0K 0K 166960K 31 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 3805 0 pfkey data 0 0K 0K 166960K 9 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 221 72K 93K 166960K 92926 0 UVM aobj 244 13K 15K 166960K 307 0 pinsyscall 39 78K 98K 166960K 17943 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 359 0 NDP 12 0K 2K 166960K 727 0 temp 77 6816K 6948K 166960K 318045 0 kqueue 14 22K 36K 166960K 1576 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1066 0 1063 5 4 1 3 0 8 0 rtentry 112 2524 0 2465 4 1 3 4 0 8 0 unpcb 144 7100 0 7080 22 18 4 6 0 8 3 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 2448 0 2443 28 24 4 8 0 8 3 arp 88 453 0 440 1 0 1 1 0 8 0 ipq 40 30 0 29 3 2 1 1 0 8 0 ipqe 40 288 0 287 3 2 1 1 0 8 0 inpcb 336 9177 0 9158 49 38 11 13 0 8 8 nd6 104 692 0 677 1 0 1 1 0 8 0 pkpcb 40 148 0 148 7 6 1 1 0 8 1 kcovpl 48 212 0 204 1 0 1 1 0 8 0 ppxss 1072 60 0 60 6 5 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 9855 0 9627 46 26 20 29 0 8 2 art_table 32 9858 0 9627 4 0 4 4 0 8 0 art_node 16 2484 0 2437 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 9 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 26 0 4 1 0 1 1 0 8 0 shmpl 112 304 0 64 7 0 7 7 0 8 0 shmpl: pool(0xffffffff835324a0:shmpl): free list modified: page 0xfffffd8062319000; item ordinal 0; addr 0xfffffd8062319a40 (p 0xfffffd8062319000); offset 0x0=0x0 shmpl: pool(0xffffffff835324a0:shmpl): page inconsistency: page 0xfffffd8062319000; item ordinal 1; addr 0xee83da51c4cd60f6 dirhash 1024 89 0 69 3 0 3 3 0 8 0 dino2pl 256 14881 0 12990 119 0 119 119 0 8 0 ffsino 240 14881 0 12990 112 0 112 112 0 8 0 nchpl 144 26266 0 24330 73 0 73 73 0 8 0 uvmvnodes 80 7449 0 0 153 0 153 153 0 8 0 vnodes 216 7449 0 0 414 0 414 414 0 8 0 namei 1024 99122 0 99121 7 6 1 2 0 8 0 kstatmem 264 598 0 574 5 2 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 8 0 8 5 4 1 1 0 8 1 scxspl 216 165431 0 165431 20 12 8 8 1 8 8 plimitpl 152 1556 0 1540 1 0 1 1 0 8 0 sigapl 424 11514 0 11446 8 0 8 8 0 8 0 futexpl 64 95478 0 95475 1 0 1 1 0 8 0 knotepl 120 307225 0 307176 69 61 8 17 0 8 6 kqueuepl 184 2238 0 2226 8 6 2 4 0 8 1 pipepl 288 1338 0 1311 15 12 3 7 0 8 0 fdescpl 432 11453 0 11423 5 1 4 5 0 8 0 filepl 120 55270 0 55025 38 26 12 17 0 8 3 lockfpl 104 2328 0 2326 4 3 1 2 0 8 0 lockfspl 48 914 0 912 1 0 1 1 0 8 0 sessionpl 144 233 0 225 1 0 1 1 0 8 0 pgrppl 48 502 0 486 1 0 1 1 0 8 0 ucredpl 104 9166 0 9155 1 0 1 1 0 8 0 zombiepl 144 12359 0 12359 3 2 1 1 0 8 1 processpl 1096 11514 0 11446 7 2 5 6 0 8 0 procpl 648 22655 0 22577 11 3 8 8 0 8 0 sosppl 168 144 0 144 6 5 1 1 0 8 1 sockpl 504 17647 0 17605 152 136 16 35 0 8 7 mcl64k 65536 846 0 846 8 7 1 1 0 8 1 mcl16k 16384 565 0 565 7 6 1 1 0 8 1 mcl12k 12288 390 0 390 8 7 1 1 0 8 1 mcl9k 9216 202 0 202 6 5 1 1 0 8 1 mcl8k 8192 1450 0 1450 7 6 1 1 0 8 1 mcl4k 4096 508 0 508 8 7 1 1 0 8 1 mcl2k2 2112 20 0 20 4 4 0 1 0 8 0 mcl2k 2048 31447 0 31337 36 19 17 27 0 8 2 mtagpl 96 157 0 140 1 0 1 1 0 8 0 mbufpl 256 133104 0 132909 395 374 21 64 0 8 1 bufpl 280 29665 0 22216 533 0 533 533 0 8 0 anonpl 24 1235565 0 1231932 172 123 49 81 0 187 0 amapchunkpl 152 303544 0 303062 140 104 36 49 0 158 14 amappl16 200 18813 0 18784 141 129 12 19 0 8 8 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 522 0 511 1 0 1 1 0 8 0 amappl13 176 13 0 13 2 2 0 1 0 8 0 amappl12 168 15304 0 15275 2 0 2 2 0 8 0 amappl11 160 48 0 38 1 0 1 1 0 8 0 amappl10 152 9 0 9 1 1 0 1 0 8 0 amappl9 144 103 0 103 1 1 0 1 0 8 0 amappl8 136 23 0 21 1 0 1 1 0 8 0 amappl7 128 513 0 501 1 0 1 1 0 8 0 amappl6 120 2200 0 2198 1 0 1 1 0 8 0 amappl5 112 947 0 938 1 0 1 1 0 8 0 amappl4 104 907 0 891 1 0 1 1 0 8 0 amappl3 96 63291 0 63185 5 1 4 4 0 8 0 amappl2 88 3542 0 3478 2 0 2 2 0 8 0 amappl1 80 54107 0 53596 14 2 12 13 0 8 0 amappl 88 90523 0 90355 5 0 5 5 0 92 0 dma65536 65536 2 0 2 2 2 0 1 0 8 0 dma32768 32768 2 0 2 2 2 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 1 1 0 1 0 8 0 dma2048 2048 4 0 4 3 3 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 2 0 2 2 1 1 1 0 8 1 dma256 256 8 0 8 2 2 0 1 0 8 0 dma128 128 255 0 255 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 306 0 63 5 0 5 5 0 8 0 uaddrrnd 24 11453 0 11423 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 11453 0 11423 1 0 1 1 0 8 0 vmmpekpl 168 74255 0 74206 3 0 3 3 0 8 0 vmmpepl 168 657897 0 656126 138 49 89 93 0 357 11 vmsppl 344 11452 0 11423 4 1 3 4 0 8 0 rwobjpl 24 159016 0 150477 54 0 54 54 0 8 0 pdppl 4096 22912 0 22846 493 427 66 82 0 8 0 pvpl 32 5152379 0 5141480 1117 996 121 374 0 265 4 pmappl 216 11452 0 11423 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1504 0 1102 14 0 14 14 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82fde93e) at panic+0x1cf sys/kern/subr_prf.c:198 pool_do_get(ffffffff835324a0,1,ffff800037025aec) at pool_do_get+0x57e pool_get(ffffffff835324a0,1) at pool_get+0xf0 shmget_allocate_segment(ffff80002d9c2a70,ffff800037025d40,0,ffff800037025c90) at shmget_allocate_segment+0x1a7 sys_shmget(ffff80002d9c2a70,ffff800037025d40,ffff800037025c90) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 syscall(ffff800037025d40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8faf7dc1b90, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82fde93e) at panic+0x1cf sys/kern/subr_prf.c:198 pool_do_get(ffffffff835324a0,1,ffff800037025aec) at pool_do_get+0x57e pool_get(ffffffff835324a0,1) at pool_get+0xf0 shmget_allocate_segment(ffff80002d9c2a70,ffff800037025d40,0,ffff800037025c90) at shmget_allocate_segment+0x1a7 sys_shmget(ffff80002d9c2a70,ffff800037025d40,ffff800037025c90) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 syscall(ffff800037025d40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8faf7dc1b90, count: -8