panic: pool_do_get: semupl free list modified: page 0xffffff00785f8000; item addr 0xffffff00785f8ee0; offset 0x10=0xdeadbef1 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 289206 27676 0 0 0 0 syz-executor1 *410451 27676 0 0 0x4000000 1K syz-executor1 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81ed80f8,0) at pool_do_get+0x3e9 sys/kern/subr_pool.c:750 pool_get(ffff800021185d28,ffff8000210d8e28) at pool_get+0xb6 sys/kern/subr_pool.c:587 semundo_adjust(1,ffff800021185d28,ffff8000210d8e28,ffffff00785f9af0,ffff800021185d3a) at semundo_adjust+0xd5 semu_alloc sys/kern/sysv_sem.c:92 [inline] semundo_adjust(1,ffff800021185d28,ffff8000210d8e28,ffffff00785f9af0,ffff800021185d3a) at semundo_adjust+0xd5 sys/kern/sysv_sem.c:135 sys_semop(1220,ffff8000210d8e28,0) at sys_semop+0x5a8 sys/kern/sysv_sem.c:703 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffd2,0,3,3a279f49010) at Xsyscall+0x128 end of kernel end trace frame: 0x3a528537540, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic pool_do_get: semupl free list modified: page 0xffffff00785f8000; item addr 0xffffff00785f8ee0; offset 0x10=0xdeadbef1 ddb{1}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81ed80f8,0) at pool_do_get+0x3e9 sys/kern/subr_pool.c:750 pool_get(ffff800021185d28,ffff8000210d8e28) at pool_get+0xb6 sys/kern/subr_pool.c:587 semundo_adjust(1,ffff800021185d28,ffff8000210d8e28,ffffff00785f9af0,ffff800021185d3a) at semundo_adjust+0xd5 semu_alloc sys/kern/sysv_sem.c:92 [inline] semundo_adjust(1,ffff800021185d28,ffff8000210d8e28,ffffff00785f9af0,ffff800021185d3a) at semundo_adjust+0xd5 sys/kern/sysv_sem.c:135 sys_semop(1220,ffff8000210d8e28,0) at sys_semop+0x5a8 sys/kern/sysv_sem.c:703 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffd2,0,3,3a279f49010) at Xsyscall+0x128 end of kernel end trace frame: 0x3a528537540, count: -8 ddb{1}> show registers rdi 0xffffffff81e208b8 kprintf_mutex rsi 0xffffffff8125fcb9 db_enter+0x9 rbp 0xffff800021185ad0 rbx 0xffff800021185b70 rdx 0xffff800002ad8000 rcx 0x2c65 __ALIGN_SIZE+0x1c65 rax 0xffff800002ad8000 r8 0xffff800021185aa0 r9 0x8080808080808080 r10 0x139c1fcf270df12e r11 0xffffffff816da490 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800021185ae0 r14 0x100 r15 0xffffffff81c3b433 apollo_udma100_tim+0xe293 rip 0xffffffff8125fcba db_enter+0xa cs 0x8 rflags 0x206 rsp 0xffff800021185ad0 ss 0x10 db_enter+0xa: popq %rbp ddb{1}> show proc PROC (syz-executor1) pid=410451 stat=onproc flags process=0 proc=4000000 pri=53, usrpri=53, nice=20 forw=0xffffffffffffffff, list=0xffff8000210d92d8,0xffff8000210d9090 process=0xffff800021070fd0 user=0xffff800021180000, vmspace=0xffffff007f125d68 estcpu=3, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27676 289206 4314 0 7 0 syz-executor1 *27676 410451 4314 0 7 0x4000000 syz-executor1 27676 472364 4314 0 2 0x4000080 syz-executor1 4314 140894 81845 0 3 0x82 nanosleep syz-executor1 6571 93529 81845 0 3 0x82 nanosleep syz-executor0 81845 257619 42182 0 3 0x82 thrsleep syz-fuzzer 81845 220893 42182 0 3 0x4000082 nanosleep syz-fuzzer 81845 283532 42182 0 3 0x4000082 thrsleep syz-fuzzer 81845 327198 42182 0 3 0x4000082 thrsleep syz-fuzzer 81845 425135 42182 0 3 0x4000082 thrsleep syz-fuzzer 81845 504522 42182 0 3 0x4000082 thrsleep syz-fuzzer 81845 112322 42182 0 3 0x4000082 thrsleep syz-fuzzer 81845 11552 42182 0 3 0x4000082 thrsleep syz-fuzzer 81845 518251 42182 0 3 0x4000082 kqread syz-fuzzer 81845 336790 42182 0 3 0x4000082 thrsleep syz-fuzzer 42182 429307 90252 0 3 0x10008a pause ksh 90252 372351 20089 0 3 0x92 select sshd 72061 104636 1 0 3 0x100083 ttyin getty 20089 60949 1 0 3 0x80 select sshd 64780 117239 31217 73 3 0x100090 kqread syslogd 31217 28944 1 0 3 0x100082 netio syslogd 45086 282644 1 77 3 0x100090 poll dhclient 91036 427372 1 0 3 0x80 poll dhclient 49190 28639 0 0 3 0x14200 pgzero zerothread 13445 450669 0 0 3 0x14200 aiodoned aiodoned 10551 237805 0 0 3 0x14200 syncer update 14873 15206 0 0 3 0x14200 cleaner cleaner 59555 469370 0 0 3 0x14200 reaper reaper 32115 331654 0 0 3 0x14200 pgdaemon pagedaemon 84486 158338 0 0 3 0x14200 bored crynlk 7343 246673 0 0 3 0x14200 bored crypto 6452 204626 0 0 3 0x40014200 acpi0 acpi0 88553 2436 0 0 3 0x40014200 idle1 95585 506136 0 0 3 0x14200 bored softnet 98037 336523 0 0 3 0x14200 bored systqmp 60509 225302 0 0 3 0x14200 bored systq 95056 41688 0 0 3 0x40014200 bored softclock 50971 258351 0 0 3 0x40014200 idle0 1 483025 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper