panic: pool_do_get: sockpl free list modified: page 0xfffffd807a6a4000; item addr 0xfffffd807a6a47a1; offset 0x0=0x2e0e0535d4153c04 != 0xe0535d4153c0428 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *307832 37103 0 0x1000 0x4080000 0 syz-executor.5 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff8000377f9828) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82a91560,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377f9948,1,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 fifo_open(ffff8000377f99a8) at fifo_open+0x104 sys/miscfs/fifofs/fifo_vnops.c:162 VOP_OPEN(fffffd8061cd57a8,81,fffffd807f7d77b8,ffff80002a6c3aa0) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff8000377f9bf8,81,0) at vn_open+0x452 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6c3aa0,ffffff9c,20000180,80,0,ffff8000377f9da0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377f9e50) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce124a43c80, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pool_do_get: sockpl free list modified: page 0xfffffd807a6a4000; item addr 0xfffffd807a6a47a1; offset 0x0=0x2e0e0535d4153c04 != 0xe0535d4153c0428 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff8000377f9828) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82a91560,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377f9948,1,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 fifo_open(ffff8000377f99a8) at fifo_open+0x104 sys/miscfs/fifofs/fifo_vnops.c:162 VOP_OPEN(fffffd8061cd57a8,81,fffffd807f7d77b8,ffff80002a6c3aa0) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff8000377f9bf8,81,0) at vn_open+0x452 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6c3aa0,ffffff9c,20000180,80,0,ffff8000377f9da0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377f9e50) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce124a43c80, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000377f96a0 rbx 0xe0535d4153c0428 rdx 0 rcx 0 rax 0xffff80002a6c3aa0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xf24ca2f5da712186 r11 0x25c16d88e86ce242 r12 0 r13 0xfffffd807a6a47a1 r14 0 r15 0x1 rip 0xffffffff818b542c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000377f9690 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.5) tid=307832 pid=37103 tcnt=4 stat=onproc flags process=1000 proc=4080000 runpri=32, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a6c3550 forw=0xffffffffffffffff, list=0xffff80002a6c3000,0xffff80002a6c22c8 process=0xffff80002a63a5c8 user=0xffff8000377f4000, vmspace=0xfffffd80618e7860 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *37103 307832 62862 0 7 0x4081000 syz-executor.5 37103 454731 62862 0 2 0x4081000 syz-executor.5 37103 172606 62862 0 3 0x4003000 suspend syz-executor.5 89847 164043 35032 0 3 0x1 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10194 6537K 6984K 166960K 18117 0 pcb 15 16K 21K 166960K 597 0 rtable 228 15K 15K 166960K 792 0 pf 30 9K 9K 166960K 81 0 ifaddr 40 11K 11K 166960K 88 0 ifgroup 53 2K 2K 166960K 122 0 sysctl 3 0K 0K 166960K 3 0 counters 30 17K 17K 166960K 54 0 ioctlops 0 0K 2K 166960K 450 0 iov 0 0K 32K 166960K 555 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1466 92K 92K 166960K 3790 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 46 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 309 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 11 37K 73K 166960K 4079 0 sigio 0 0K 0K 166960K 121 0 proc 57 59K 75K 166960K 820 0 subproc 91 5K 6K 166960K 169 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 162 0 in_multi 88 6K 7K 166960K 183 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 870 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 347 277K 286K 166960K 39969 0 UVM aobj 131 6K 6K 166960K 142 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 300 0 NDP 11 0K 2K 166960K 61 0 temp 71 6699K 6924K 166960K 23966 0 kqueue 12 18K 28K 166960K 349 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 386 0 383 8 6 2 3 0 8 1 rtentry 112 215 0 111 4 0 4 4 0 8 0 unpcb 144 3340 0 3326 42 41 1 9 0 8 0 syncache 320 37 0 37 9 9 0 1 0 8 0 tcpqe 32 149 0 149 6 6 0 1 0 8 0 tcpcb 808 1203 0 1198 43 35 8 8 0 8 7 arp 88 43 0 24 1 0 1 1 0 8 0 ipq 40 5 0 5 2 2 0 1 0 8 0 ipqe 40 83 0 83 2 2 0 1 0 8 0 inpcb 344 3665 0 3649 61 53 8 14 0 8 6 nd6 104 43 0 20 1 0 1 1 0 8 0 pkpcb 40 7 0 7 2 2 0 1 0 8 0 kcovpl 48 13 0 6 1 0 1 1 0 8 0 ppxss 1072 15 0 15 3 3 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 757 0 319 34 6 28 29 0 8 0 art_table 32 758 0 319 4 0 4 4 0 8 0 art_node 16 206 0 111 1 0 1 1 0 8 0 semapl 112 307 0 297 1 0 1 1 0 8 0 shmpl 112 139 0 11 4 0 4 4 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 7004 0 5565 91 0 91 91 0 8 0 ffsino 240 7004 0 5565 85 0 85 85 0 8 0 nchpl 144 12850 0 11209 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 43786 0 43784 3 2 1 2 0 8 0 vcpupl 2048 21 0 0 3 0 3 3 0 8 0 vmpool 664 26 0 5 2 0 2 2 0 8 0 kstatmem 264 70 0 48 2 0 2 2 0 8 0 scxspl 216 40973 0 40973 20 19 1 8 1 8 1 plimitpl 152 375 0 361 1 0 1 1 0 8 0 sigapl 424 4635 0 4573 8 0 8 8 0 8 0 futexpl 64 40057 0 40056 1 0 1 1 0 8 0 knotepl 120 45726 0 45649 13 6 7 11 0 8 3 kqueuepl 184 712 0 704 11 9 2 4 0 8 1 pipepl 288 624 0 599 13 10 3 7 0 8 0 fdescpl 432 4355 0 4333 4 0 4 4 0 8 0 filepl 120 26821 0 26603 56 46 10 16 0 8 1 lockfpl 104 1135 0 1133 3 2 1 2 0 8 0 lockfspl 48 416 0 414 1 0 1 1 0 8 0 sessionpl 144 30 0 15 1 0 1 1 0 8 0 pgrppl 48 158 0 143 1 0 1 1 0 8 0 ucredpl 104 3586 0 3576 1 0 1 1 0 8 0 zombiepl 144 4577 0 4573 1 0 1 1 0 8 0 processpl 1072 4635 0 4573 5 0 5 5 0 8 0 procpl 680 10713 0 10634 12 4 8 9 0 8 0 sosppl 168 48 0 48 4 3 1 1 0 8 1 sockpl 488 7410 0 7377 203 189 14 35 0 8 8 sockpl: pool(0xffffffff82d0ef70:sockpl): free list modified: page 0xfffffd807a6a4000; item ordinal 0; addr 0xfffffd807a6a47a1 (p 0xfffffd807a6a4000); offset 0x0=0x2e0e0535d4153c04 pool(sockpl): free list modified: page 0xfffffd807a6a4000; item ordinal 0; addr 0xfffffd807a6a47a1 (p 0xfffffd807a6a4000); offset 0x0=0xefdeadbe sockpl: pool(0xffffffff82d0ef70:sockpl): page inconsistency: page 0xfffffd807a6a4000; item ordinal 1; addr 0xb20fee67781a53bc mcl64k 65536 171 0 171 8 7 1 1 0 8 1 mcl16k 16384 113 0 113 7 7 0 1 0 8 0 mcl12k 12288 161 0 161 7 7 0 1 0 8 0 mcl9k 9216 54 0 54 11 10 1 1 0 8 1 mcl8k 8192 379 0 379 7 6 1 1 0 8 1 mcl4k 4096 490 0 490 2 1 1 1 0 8 1 mcl2k2 2112 33 0 33 8 7 1 1 0 8 1 mcl2k 2048 77258 0 77203 46 38 8 39 0 8 0 mtagpl 96 449 0 281 8 3 5 5 0 8 0 mbufpl 256 167795 0 167536 161 139 22 95 0 8 3 bufpl 280 13683 0 7290 457 0 457 457 0 8 0 anonpl 24 562566 0 550870 144 41 103 111 0 188 4 amapchunkpl 152 127645 0 126904 56 19 37 40 0 158 2 amappl16 200 12931 0 12452 61 34 27 39 0 8 1 amappl15 192 12 0 12 2 2 0 1 0 8 0 amappl14 184 188 0 176 2 1 1 2 0 8 0 amappl13 176 111 0 110 1 0 1 1 0 8 0 amappl12 168 5057 0 5033 2 0 2 2 0 8 0 amappl11 160 90 0 78 1 0 1 1 0 8 0 amappl10 152 35 0 26 1 0 1 1 0 8 0 amappl9 144 186 0 185 1 0 1 1 0 8 0 amappl8 136 291 0 221 3 0 3 3 0 8 0 amappl7 128 188 0 167 2 0 2 2 0 8 0 amappl6 120 335 0 329 1 0 1 1 0 8 0 amappl5 112 221 0 213 1 0 1 1 0 8 0 amappl4 104 493 0 469 2 1 1 2 0 8 0 amappl3 96 25444 0 25379 3 0 3 3 0 8 0 amappl2 88 5016 0 4948 3 1 2 3 0 8 0 amappl1 80 24009 0 23510 22 10 12 22 0 8 0 amappl 88 39276 0 39072 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 141 0 11 3 0 3 3 0 8 0 uaddrrnd 24 4381 0 4338 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4381 0 4338 1 0 1 1 0 8 0 vmmpekpl 168 34922 0 34862 3 0 3 3 0 8 0 vmmpepl 168 271900 0 269814 248 130 118 154 0 357 13 vmsppl 352 4380 0 4338 5 0 5 5 0 8 0 rwobjpl 24 76076 0 68555 49 1 48 48 0 8 0 pdppl 4096 8768 0 8697 271 186 85 85 0 8 14 pvpl 32 1360364 0 1343594 472 286 186 363 0 265 13 pmappl 216 4380 0 4338 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 793 0 443 12 1 11 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff8000377f9828) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82a91560,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377f9948,1,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 fifo_open(ffff8000377f99a8) at fifo_open+0x104 sys/miscfs/fifofs/fifo_vnops.c:162 VOP_OPEN(fffffd8061cd57a8,81,fffffd807f7d77b8,ffff80002a6c3aa0) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff8000377f9bf8,81,0) at vn_open+0x452 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6c3aa0,ffffff9c,20000180,80,0,ffff8000377f9da0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377f9e50) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce124a43c80, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f3439) at panic+0x165 sys/kern/subr_prf.c:198 pool_do_get(ffffffff82d0ef70,9,ffff8000377f9828) at pool_do_get+0x427 sys/kern/subr_pool.c:738 pool_get(ffffffff82d0ef70,9) at pool_get+0xb7 sys/kern/subr_pool.c:582 soalloc(ffffffff82a91560,1) at soalloc+0x51 sys/kern/uipc_socket.c:141 socreate(1,ffff8000377f9948,1,0) at socreate+0xb2 sys/kern/uipc_socket.c:179 fifo_open(ffff8000377f99a8) at fifo_open+0x104 sys/miscfs/fifofs/fifo_vnops.c:162 VOP_OPEN(fffffd8061cd57a8,81,fffffd807f7d77b8,ffff80002a6c3aa0) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff8000377f9bf8,81,0) at vn_open+0x452 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6c3aa0,ffffff9c,20000180,80,0,ffff8000377f9da0) at doopenat+0x26e sys/kern/vfs_syscalls.c:1126 syscall(ffff8000377f9e50) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce124a43c80, count: -12