panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr ADDR+24 ADDR!=ADDR

Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported
panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr ADDR+16 0x0!=ADDR				1	2167d	2167d
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
openbsd	panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr ADDR+24 ADDR!=ADDR (2)	syz			19	1859d	1887d	0/3	closed as dup on 2019/10/23 13:31
panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xffffff007e25c900+24 0xd86d7e451e21edf6!=0xd86d7e457d26fdf6
Stopped at      db_enter+0xa:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 232343   5785      0           0          0    1  syz-executor0
*441246   5785      0           0  0x4000000    0K syz-executor0
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_cache_get(2) at pool_cache_get+0x2bf
pool_get(1,2) at pool_get+0x60
m_get(10000,ff6eff92) at m_get+0x2f
switchwrite(ffffff0072bd3658,ffffff0072bd3658,ffff8000211793e8) at switchwrite+0x1d3
spec_write(ffffffff81e4c3d0) at spec_write+0xa8
VOP_WRITE(1,ffffff0072bd3658,1,ffffff0067f75d30) at VOP_WRITE+0x65
vn_write(ffffff0067f75d30,ffff8000211793e8,ffffff91) at vn_write+0x161
dofilewritev(ffff800021179510,1,ffff800021179528,ffff8000210a2720,0) at dofilewritev+0x13e
sys_pwritev(10c0,ffff8000210a2720,0) at sys_pwritev+0xbf
syscall(0) at syscall+0x489
Xsyscall(6,0,ffffffffffffffb8,0,4,c95880e80d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xc97caf55440, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xffffff007e25c900+24 0xd86d7e451e21edf6!=0xd86d7e457d26fdf6
ddb{0}> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_cache_get(2) at pool_cache_get+0x2bf
pool_get(1,2) at pool_get+0x60
m_get(10000,ff6eff92) at m_get+0x2f
switchwrite(ffffff0072bd3658,ffffff0072bd3658,ffff8000211793e8) at switchwrite+0x1d3
spec_write(ffffffff81e4c3d0) at spec_write+0xa8
VOP_WRITE(1,ffffff0072bd3658,1,ffffff0067f75d30) at VOP_WRITE+0x65
vn_write(ffffff0067f75d30,ffff8000211793e8,ffffff91) at vn_write+0x161
dofilewritev(ffff800021179510,1,ffff800021179528,ffff8000210a2720,0) at dofilewritev+0x13e
sys_pwritev(10c0,ffff8000210a2720,0) at sys_pwritev+0xbf
syscall(0) at syscall+0x489
Xsyscall(6,0,ffffffffffffffb8,0,4,c95880e80d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xc97caf55440, count: -13
ddb{0}> show registers
rdi               0xffffffff81e2ec58    kprintf_mutex
rsi               0xffffffff81b67d99    db_enter+0x9
rbp               0xffff800021179040
rbx               0xffff8000211790e0
rdx               0xffff800000cd6000
rcx                           0x6946    __ALIGN_SIZE+0x5946
rax               0xffff800000cd6000
r8                0xffff800021179010
r9                0x8080808080808080
r10                                0
r11               0xffffffff819e6130    x86_bus_space_io_read_1
r12                     0x3000000008
r13               0xffff800021179050
r14                            0x100
r15               0xffffffff81bf5517    cmd0646_9_tim_udma+0x220e6
rip               0xffffffff81b67d9a    db_enter+0xa
cs                               0x8
rflags                         0x202
rsp               0xffff800021179040
ss                              0x10
db_enter+0xa:   popq    %rbp
ddb{0}> show proc
PROC (syz-executor0) pid=441246 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=81, usrpri=81, nice=20
    forw=0xffffffffffffffff, list=0xffff8000210a3c38,0xffffffff81eac508
    process=0xffff8000210b7630 user=0xffff800021174000, vmspace=0xffffff007f124948
    estcpu=31, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
  5785  232343   3705      0  7           0                syz-executor0
  5785  459701   3705      0  2   0x4000000                syz-executor0
* 5785  441246   3705      0  7   0x4000000                syz-executor0
 77447   31610      1      0  3    0x100083  ttyin         getty
 90798  419219      0      0  3     0x14200  bored         sosplice
 71706  130022  47224      0  2         0x2                syz-executor1
  3705   55903  47224      0  3        0x82  nanosleep     syz-executor0
 47224  265923  35423      0  3        0x82  thrsleep      syz-fuzzer
 47224  371565  35423      0  3   0x4000082  nanosleep     syz-fuzzer
 47224  424314  35423      0  3   0x4000082  thrsleep      syz-fuzzer
 47224  134701  35423      0  3   0x4000082  thrsleep      syz-fuzzer
 47224  406224  35423      0  3   0x4000082  thrsleep      syz-fuzzer
 47224   61387  35423      0  3   0x4000082  thrsleep      syz-fuzzer
 47224  322378  35423      0  3   0x4000082  thrsleep      syz-fuzzer
 47224  203310  35423      0  3   0x4000082  thrsleep      syz-fuzzer
 47224  332071  35423      0  3   0x4000082  kqread        syz-fuzzer
 47224   22535  35423      0  3   0x4000082  thrsleep      syz-fuzzer
 35423   50945   5197      0  3    0x10008a  pause         ksh
  5197  371683  70359      0  3        0x92  select        sshd
 70359  209008      1      0  3        0x80  select        sshd
 87356  261614  91516     73  3    0x100090  kqread        syslogd
 91516  475210      1      0  3    0x100082  netio         syslogd
 53049   99505      1     77  3    0x100090  poll          dhclient
 33011  280405      1      0  3        0x80  poll          dhclient
 59377  412355      0      0  3     0x14200  pgzero        zerothread
 91894  181692      0      0  3     0x14200  aiodoned      aiodoned
 12289   73505      0      0  3     0x14200  syncer        update
 44981  329915      0      0  3     0x14200  cleaner       cleaner
 48093  264055      0      0  3     0x14200  reaper        reaper
 59967  309912      0      0  3     0x14200  pgdaemon      pagedaemon
 39172   94286      0      0  3     0x14200  bored         crynlk
 12196  513369      0      0  3     0x14200  bored         crypto
 56615  162629      0      0  3  0x40014200  acpi0         acpi0
 48453   93394      0      0  3  0x40014200                idle1
 58924  354782      0      0  3     0x14200  bored         softnet
 71488  363243      0      0  3     0x14200  bored         systqmp
 32655  372307      0      0  3     0x14200  bored         systq
 38060  321260      0      0  3  0x40014200  bored         softclock
 85677  131408      0      0  3  0x40014200                idle0
     1  155733      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper