login: panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806f7bde00+24 0x4f2056623dbe4c86!=0x4f2056e250dc8086
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
16335 6941 0 0x2 0x4000000 1 syz-execprog
*233966 96312 0 0x14000 0x40000200 0K softclock
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline]
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x323 sys/kern/subr_pool.c:1892
pool_get() at pool_get+0x91 sys/kern/subr_pool.c:572
m_get(2,1) at m_get+0x4c sys/kern/uipc_mbuf.c:250
ip6_output(fffffd806f2b3a00,ffffffff82525c08,0,0,ffff800020a25368,0) at ip6_output+0x203 sys/netinet6/ip6_output.c:198
mld6_sendpkt(ffff800000a5ff00,83,0) at mld6_sendpkt+0x2da sys/netinet6/mld6.c:465
mld6_fasttimeo() at mld6_fasttimeo+0x162 mld6_checktimer sys/netinet6/mld6.c:363 [inline]
mld6_fasttimeo() at mld6_fasttimeo+0x162 sys/netinet6/mld6.c:341
pffasttimo(ffffffff825254c8) at pffasttimo+0x85 sys/kern/uipc_domain.c:292
timeout_run(ffffffff825254c8) at timeout_run+0xc4 timeout_sync_leave sys/kern/kern_timeout.c:177 [inline]
timeout_run(ffffffff825254c8) at timeout_run+0xc4 sys/kern/kern_timeout.c:474
softclock_thread(ffff800020a109e0) at softclock_thread+0x16a sys/kern/kern_timeout.c:553
end trace frame: 0x0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806f7bde00+24 0x4f2056623dbe4c86!=0x4f2056e250dc8086
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline]
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x323 sys/kern/subr_pool.c:1892
pool_get() at pool_get+0x91 sys/kern/subr_pool.c:572
m_get(2,1) at m_get+0x4c sys/kern/uipc_mbuf.c:250
ip6_output(fffffd806f2b3a00,ffffffff82525c08,0,0,ffff800020a25368,0) at ip6_output+0x203 sys/netinet6/ip6_output.c:198
mld6_sendpkt(ffff800000a5ff00,83,0) at mld6_sendpkt+0x2da sys/netinet6/mld6.c:465
mld6_fasttimeo() at mld6_fasttimeo+0x162 mld6_checktimer sys/netinet6/mld6.c:363 [inline]
mld6_fasttimeo() at mld6_fasttimeo+0x162 sys/netinet6/mld6.c:341
pffasttimo(ffffffff825254c8) at pffasttimo+0x85 sys/kern/uipc_domain.c:292
timeout_run(ffffffff825254c8) at timeout_run+0xc4 timeout_sync_leave sys/kern/kern_timeout.c:177 [inline]
timeout_run(ffffffff825254c8) at timeout_run+0xc4 sys/kern/kern_timeout.c:474
softclock_thread(ffff800020a109e0) at softclock_thread+0x16a sys/kern/kern_timeout.c:553
end trace frame: 0x0, count: -11
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020a24fa0
rbx 0xffff800020a25050
rdx 0x8b
rcx 0x2
rax 0x1
r8 0xffffffff81918aaf kprintf+0x16f
r9 0x1
r10 0x3b6d92addafe76b3
r11 0x5c8f88fb0ea67fb4
r12 0x3000000008
r13 0xffff800020a24fb0
r14 0x100
r15 0x1
rip 0xffffffff814a9118 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020a24f90
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (softclock) pid=233966 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020a10ed0,0xffff800020a10500
process=0xffff800020a12000 user=0xffff800020a20000, vmspace=0xffffffff8264e768
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
34585 205451 6941 0 2 0x482 syz-executor.0
6941 154567 44399 0 3 0x82 thrsleep syz-execprog
6941 16335 44399 0 7 0x4000002 syz-execprog
6941 40422 44399 0 3 0x4000082 thrsleep syz-execprog
6941 406182 44399 0 2 0x4000482 syz-execprog
6941 204358 44399 0 3 0x4000082 thrsleep syz-execprog
6941 218268 44399 0 3 0x4000082 thrsleep syz-execprog
6941 211326 44399 0 3 0x4000082 thrsleep syz-execprog
6941 231970 44399 0 3 0x4000082 kqread syz-execprog
6941 50409 44399 0 3 0x4000082 thrsleep syz-execprog
44399 164548 33624 0 3 0x10008a pause ksh
33624 172677 85636 0 3 0x92 select sshd
88851 334876 1 0 3 0x100083 ttyin getty
85636 4516 1 0 3 0x80 select sshd
50094 6671 67254 74 3 0x100092 bpf pflogd
67254 478384 1 0 3 0x80 netio pflogd
30728 401288 9354 73 3 0x100090 kqread syslogd
9354 352130 1 0 3 0x100082 netio syslogd
69346 340816 1 77 3 0x100090 poll dhclient
22319 11148 1 0 3 0x80 poll dhclient
92912 194794 0 0 3 0x14200 pgzero zerothread
19892 14843 0 0 3 0x14200 aiodoned aiodoned
71510 80580 0 0 3 0x14200 syncer update
41573 185418 0 0 3 0x14200 cleaner cleaner
56991 259665 0 0 3 0x14200 reaper reaper
77657 413955 0 0 3 0x14200 pgdaemon pagedaemon
42855 484986 0 0 3 0x14200 bored crynlk
91755 146741 0 0 3 0x14200 bored crypto
26605 294576 0 0 3 0x40014200 acpi0 acpi0
64377 281100 0 0 3 0x40014200 idle1
31253 451183 0 0 3 0x14200 bored softnet
18924 159260 0 0 3 0x14200 bored systqmp
99261 430370 0 0 3 0x14200 bored systq
*96312 233966 0 0 7 0x40014200 softclock
46376 243500 0 0 3 0x40014200 idle0
11992 268674 0 0 3 0x14200 bored smr
1 259211 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 96312 (softclock) thread 0xffff800020a109e0 (233966)
exclusive rwlock netlock r = 0 (0xffffffff824ca238)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mld6_fasttimeo+0x1d sys/netinet6/mld6.c:336
#2 pffasttimo+0x85 sys/kern/uipc_domain.c:292
#3 timeout_run+0xc4 timeout_sync_leave sys/kern/kern_timeout.c:177 [inline]
#3 timeout_run+0xc4 sys/kern/kern_timeout.c:474
#4 softclock_thread+0x16a sys/kern/kern_timeout.c:553
#5 proc_trampoline+0x1c
shared rwlock timeout r = 0 (0xffffffff824b5210)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 timeout_run+0xb9 sys/kern/kern_timeout.c:473
#2 softclock_thread+0x16a sys/kern/kern_timeout.c:553
#3 proc_trampoline+0x1c
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82625ee0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
#2 mi_switch+0x392 sys/kern/sched_bsd.c:436
#3 sleep_finish+0x113 sys/kern/kern_synch.c:373
#4 softclock_thread+0x103 sys/kern/kern_timeout.c:548
#5 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9457 6385K 6385K 78643K 10544 0 0
pcb 13 8K 8K 78643K 13 0 0
rtable 77 2K 2K 78643K 165 0 0
ifaddr 32 9K 9K 78643K 210 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1468 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1181 74K 74K 78643K 1186 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 2 4K 12K 78643K 195 0 0
proc 59 63K 83K 78643K 384 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 22 1K 1K 78643K 22 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
exec 0 0K 1K 78643K 199 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 72 12K 12K 78643K 1134 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 5 0K 0K 78643K 7 0 0
temp 48 3546K 3610K 78643K 3691 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 4 0 1 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 4 1 0 1 1 0 8 0
unpcb 120 29 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 1 0 1 0 8 0
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 211 0 205 1 0 1 1 0 8 0
nd6 48 2 0 0 1 0 1 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 10 0 0 1 0 1 1 0 8 0
pfstkey 112 10 0 0 1 0 1 1 0 8 0
pfstate 328 10 0 0 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 168 0 2 11 0 11 11 0 8 0
art_table 32 169 0 2 2 0 2 2 0 8 0
art_node 16 33 0 6 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1599 0 197 46 0 46 46 0 8 0
ffsino 272 1599 0 197 94 0 94 94 0 8 0
nchpl 144 2015 0 404 60 0 60 60 0 8 0
uvmvnodes 72 1609 0 0 30 0 30 30 0 8 0
vnodes 208 1609 0 0 85 0 85 85 0 8 0
namei 1024 4850 0 4850 1 0 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
scxspl 192 5143 0 5143 2 1 1 2 0 8 1
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 432 403 0 390 2 0 2 2 0 8 0
knotepl 112 39 0 28 1 0 1 1 0 8 0
kqueuepl 104 2 0 0 1 0 1 1 0 8 0
pipepl 112 510 0 497 1 0 1 1 0 8 0
fdescpl 488 404 0 390 3 0 3 3 0 8 0
filepl 152 1831 0 1773 3 0 3 3 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 52 0 43 1 0 1 1 0 8 0
zombiepl 144 390 0 389 1 0 1 1 0 8 0
processpl 896 419 0 389 4 0 4 4 0 8 0
procpl 632 427 0 389 4 0 4 4 0 8 0
sockpl 384 257 0 239 2 0 2 2 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 78 0 0 10 0 10 10 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 99 0 0 6 0 6 6 0 8 0
bufpl 256 6065 0 1315 297 0 297 297 0 8 0
anonpl 16 26702 0 24904 14 1 13 13 0 124 5
amapchunkpl 152 927 0 862 5 0 5 5 0 158 2
amappl16 192 878 0 833 3 0 3 3 0 8 0
amappl14 176 22 0 20 1 0 1 1 0 8 0
amappl13 168 1 0 1 1 0 1 1 0 8 1
amappl12 160 187 0 183 2 1 1 1 0 8 0
amappl11 152 53 0 37 1 0 1 1 0 8 0
amappl10 144 18 0 15 1 0 1 1 0 8 0
amappl9 136 463 0 457 1 0 1 1 0 8 0
amappl8 128 129 0 119 1 0 1 1 0 8 0
amappl7 120 33 0 30 1 0 1 1 0 8 0
amappl6 112 78 0 70 1 0 1 1 0 8 0
amappl5 104 298 0 285 1 0 1 1 0 8 0
amappl4 96 677 0 650 1 0 1 1 0 8 0
amappl3 88 117 0 111 1 0 1 1 0 8 0
amappl2 80 1305 0 1244 3 0 3 3 0 8 1
amappl1 72 16587 0 16174 25 7 18 20 0 8 8
amappl 80 655 0 627 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
uaddrrnd 24 404 0 390 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 404 0 390 1 0 1 1 0 8 0
vmmpekpl 168 7477 0 7454 2 0 2 2 0 8 0
vmmpepl 168 40312 0 39384 86 6 80 80 0 357 37
vmsppl 368 403 0 390 2 0 2 2 0 8 0
pdppl 4096 815 0 780 6 0 6 6 0 8 1
pvpl 32 130719 0 126541 115 0 115 115 0 265 81
pmappl 232 403 0 390 1 0 1 1 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 437 0 3 13 0 13 13 0 8 0
ddb{0}>