panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_cache_get(ffffffff8268edc8) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline]
pool_cache_get(ffffffff8268edc8) at pool_cache_get+0x323 sys/kern/subr_pool.c:1892
pool_get() at pool_get+0x91 sys/kern/subr_pool.c:572
m_copym(fffffd806f24c200,0,3b9aca00,2) at m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
m_copym(fffffd806f24c200,0,3b9aca00,2) at m_copym+0x174 sys/kern/uipc_mbuf.c:667
ether_resolve(ffff8000001732a8,fffffd806f24c200,fffffd806f6cca58,fffffd806f315000,ffff800024bc9368) at ether_resolve+0x49f sys/net/if_ethersubr.c:227
ether_output(ffff8000001732a8,fffffd806f24c200,fffffd806f6cca58,fffffd806f315000) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff8000001732a8,fffffd806f24c200,fffffd806f6cca58,fffffd806f315000) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd807e5d4700,0,fffffd806f6cca48,20,0,fffffd806f6cc9d8) at ip_output+0x125d sys/netinet/ip_output.c:511
rip_output(fffffd807e5d4700,fffffd806b163a90,ffff800024bc9578,ffff800021f64000) at rip_output+0x252 sys/netinet/raw_ip.c:289
rip_usrreq(fffffd806b163a90,9,fffffd807e5d4700,0,0,ffff800020a8af48) at rip_usrreq+0x46a sys/netinet/raw_ip.c:538
sosend(fffffd806b163a90,0,ffff800024bc96e0,0,0,80) at sosend+0x645 sys/kern/uipc_socket.c:524
sendit(ffff800020a8af48,7,ffff800024bc97c0,0,ffff800024bc98a0) at sendit+0x52b sys/kern/uipc_syscalls.c:662
sys_sendto(ffff800020a8af48,ffff800024bc9858,ffff800024bc98a0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff800024bc9920) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800024bc9920) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
end trace frame: 0xffff800024bc99a0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd807e5d6700+16 0x0!=0xd4b716ba71f70f6b
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_cache_get(ffffffff8268edc8) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline]
pool_cache_get(ffffffff8268edc8) at pool_cache_get+0x323 sys/kern/subr_pool.c:1892
pool_get() at pool_get+0x91 sys/kern/subr_pool.c:572
m_copym(fffffd806f24c200,0,3b9aca00,2) at m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
m_copym(fffffd806f24c200,0,3b9aca00,2) at m_copym+0x174 sys/kern/uipc_mbuf.c:667
ether_resolve(ffff8000001732a8,fffffd806f24c200,fffffd806f6cca58,fffffd806f315000,ffff800024bc9368) at ether_resolve+0x49f sys/net/if_ethersubr.c:227
ether_output(ffff8000001732a8,fffffd806f24c200,fffffd806f6cca58,fffffd806f315000) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff8000001732a8,fffffd806f24c200,fffffd806f6cca58,fffffd806f315000) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd807e5d4700,0,fffffd806f6cca48,20,0,fffffd806f6cc9d8) at ip_output+0x125d sys/netinet/ip_output.c:511
rip_output(fffffd807e5d4700,fffffd806b163a90,ffff800024bc9578,ffff800021f64000) at rip_output+0x252 sys/netinet/raw_ip.c:289
rip_usrreq(fffffd806b163a90,9,fffffd807e5d4700,0,0,ffff800020a8af48) at rip_usrreq+0x46a sys/netinet/raw_ip.c:538
sosend(fffffd806b163a90,0,ffff800024bc96e0,0,0,80) at sosend+0x645 sys/kern/uipc_socket.c:524
sendit(ffff800020a8af48,7,ffff800024bc97c0,0,ffff800024bc98a0) at sendit+0x52b sys/kern/uipc_syscalls.c:662
sys_sendto(ffff800020a8af48,ffff800024bc9858,ffff800024bc98a0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff800024bc9920) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800024bc9920) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xde9bd82c320, count: -15
ddb{0}> show registers
rdi 0xffffffff816fa777 db_enter+0x17
rsi 0xc18d __ALIGN_SIZE+0xb18d
rbp 0xffff800024bc9040
rbx 0xffff800024bc90f0
rdx 0xc18e __ALIGN_SIZE+0xb18e
rcx 0xffff800021f64000
rax 0xffff800021f64000
r8 0xffffffff8158884f kprintf+0x16f
r9 0x1
r10 0x25
r11 0xe1ed1f344b18533b
r12 0x3000000008
r13 0xffff800024bc9050
r14 0x100
r15 0x1
rip 0xffffffff816fa778 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800024bc9030
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=159575 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020a8a018,0xffffffff8266a830
process=0xffff800020ad0020 user=0xffff800024bc4000, vmspace=0xfffffd807f007170
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
88486 162296 94643 0 2 0 syz-executor.1
88486 261257 94643 0 3 0x4000080 fsleep syz-executor.1
88486 467718 94643 0 7 0x4000000 syz-executor.1
31607 395385 84200 0 2 0 syz-executor.0
31607 69569 84200 0 3 0x4000080 fsleep syz-executor.0
*31607 159575 84200 0 7 0x4000000 syz-executor.0
94643 239479 95226 0 3 0x82 nanosleep syz-executor.1
84200 45854 95226 0 3 0x82 nanosleep syz-executor.0
43687 68158 1 0 3 0x100083 ttyin getty
84529 172178 0 0 3 0x14200 bored sosplice
95226 129584 30710 0 3 0x82 kqread syz-fuzzer
95226 296544 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 19493 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 319364 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 478142 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 175190 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 333991 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 317810 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 408992 30710 0 3 0x4000082 thrsleep syz-fuzzer
95226 206362 30710 0 3 0x4000082 thrsleep syz-fuzzer
30710 153741 79960 0 3 0x10008a pause ksh
79960 436648 32261 0 3 0x92 select sshd
32261 299233 1 0 3 0x80 select sshd
7710 175468 85235 74 3 0x100092 bpf pflogd
85235 289314 1 0 3 0x80 netio pflogd
88543 371534 84112 73 3 0x100090 kqread syslogd
84112 83518 1 0 3 0x100082 netio syslogd
6039 300046 1 77 3 0x100090 poll dhclient
78200 199332 1 0 3 0x80 poll dhclient
55633 189429 0 0 2 0x14200 zerothread
89474 182218 0 0 3 0x14200 aiodoned aiodoned
67613 284485 0 0 3 0x14200 syncer update
90841 497564 0 0 3 0x14200 cleaner cleaner
87433 364219 0 0 3 0x14200 reaper reaper
69507 16988 0 0 3 0x14200 pgdaemon pagedaemon
3898 246616 0 0 3 0x14200 bored crynlk
31114 415459 0 0 3 0x14200 bored crypto
93317 146184 0 0 3 0x40014200 acpi0 acpi0
58496 151078 0 0 3 0x40014200 idle1
73325 177336 0 0 2 0x14200 softnet
29753 454201 0 0 3 0x14200 bored systqmp
13866 160332 0 0 3 0x14200 bored systq
78391 441072 0 0 3 0x40014200 bored softclock
31602 150359 0 0 3 0x40014200 idle0
67055 47122 0 0 3 0x14200 bored smr
1 479552 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 31607 (syz-executor.0) thread 0xffff800020a8af48 (159575)
exclusive rwlock netlock r = 0 (0xffffffff82534208)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x51b sys/kern/uipc_socket.c:512
#3 sendit+0x52b sys/kern/uipc_syscalls.c:662
#4 sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9522 6428K 7689K 78643K 12126 0 0
pcb 13 8K 8K 78643K 101 0 0
rtable 92 5K 5K 78643K 492 0 0
ifaddr 71 13K 13K 78643K 164 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1486 0 0
iov 0 0K 24K 78643K 52 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1226 77K 77K 78643K 1677 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 7 0 0
VM map 9 4K 4K 78643K 9 0 0
sem 12 0K 1K 78643K 167 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1809 196K 290K 78643K 12766 0 0
file desc 6 17K 25K 78643K 315 0 0
sigio 0 0K 0K 78643K 4 0 0
proc 60 63K 95K 78643K 545 0 0
subproc 32 2K 2K 78643K 68 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 116 0 0
in_multi 30 2K 2K 78643K 109 0 0
ether_multi 1 0K 0K 78643K 4 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 264 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 136 63K 63K 78643K 2049 0 0
UVM aobj 44 2K 2K 78643K 48 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 53 0 0
NDP 14 0K 0K 78643K 41 0 0
temp 140 3555K 3630K 78643K 19384 0 0
kqueue 0 0K 0K 78643K 2 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 14 0 12 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 96 46 0 43 1 0 1 1 0 8 0
rtentry 112 101 0 68 2 0 2 2 0 8 0
unpcb 120 261 0 250 2 1 1 2 0 8 0
syncache 280 4 0 4 1 1 0 1 0 8 0
tcpqe 32 81 0 81 1 1 0 1 0 8 0
tcpcb 640 169 0 162 2 0 2 2 0 8 1
inpcb 280 645 0 634 4 0 4 4 0 8 3
nd6 48 15 0 13 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
ppxss 1128 11 0 11 1 0 1 1 0 8 1
pffrag 232 5 0 4 1 0 1 1 0 482 0
pffrnode 88 5 0 4 1 0 1 1 0 8 0
pffrent 40 107 0 94 1 0 1 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 41 0 5 1 0 1 1 0 8 0
pfstkey 112 41 0 5 2 0 2 2 0 8 0
pfstate 328 41 0 4 4 0 4 4 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 3 0 1 3 0 3 3 0 8 1
art_heap4 256 514 0 301 14 0 14 14 0 8 0
art_table 32 517 0 302 2 0 2 2 0 8 0
art_node 16 100 0 69 1 0 1 1 0 8 0
sysvmsgpl 40 104 0 85 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 163 0 153 1 0 1 1 0 8 0
shmpl 112 46 0 4 2 0 2 2 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1848 0 436 46 0 46 46 0 8 0
ffsino 272 1848 0 436 95 0 95 95 0 8 0
nchpl 144 2459 0 850 61 1 60 61 0 8 0
uvmvnodes 72 2280 0 0 42 0 42 42 0 8 0
vnodes 208 2280 0 0 120 0 120 120 0 8 0
namei 1024 7507 0 7507 1 0 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
vcpupl 1984 7 0 0 1 0 1 1 0 8 0
vmpool 552 7 0 0 1 0 1 1 0 8 0
scxspl 208 7265 0 7265 6 3 3 3 0 8 3
plimitpl 152 36 0 28 1 0 1 1 0 8 0
sigapl 432 508 0 492 3 1 2 3 0 8 0
futexpl 56 7524 0 7522 1 0 1 1 0 8 0
knotepl 112 95 0 76 1 0 1 1 0 8 0
kqueuepl 104 83 0 81 1 0 1 1 0 8 0
pipepl 160 336 0 317 3 1 2 2 0 8 1
fdescpl 488 509 0 492 3 0 3 3 0 8 0
filepl 152 4076 0 3966 7 0 7 7 0 8 2
lockfpl 104 144 0 143 1 0 1 1 0 8 0
lockfspl 48 46 0 45 1 0 1 1 0 8 0
sessionpl 128 21 0 10 1 0 1 1 0 8 0
pgrppl 48 23 0 12 1 0 1 1 0 8 0
ucredpl 96 362 0 353 1 0 1 1 0 8 0
zombiepl 144 492 0 492 1 0 1 1 0 8 1
processpl 928 525 0 492 5 0 5 5 0 8 0
procpl 648 1161 0 1115 5 0 5 5 0 8 1
srpgc 80 5 0 5 1 1 0 1 0 8 0
sosppl 144 11 0 11 1 0 1 1 0 8 1
sockpl 384 961 0 936 7 0 7 7 0 8 4
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 9 0 0 2 0 2 2 0 8 0
mcl4k 4096 6 0 0 1 0 1 1 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 148 0 0 18 0 18 18 0 8 0
mtagpl 80 16 0 0 1 0 1 1 0 8 0
mbufpl 256 324 0 0 20 0 20 20 0 8 0
bufpl 256 7100 0 1309 362 0 362 362 0 8 0
anonpl 16 73222 0 52793 85 2 83 84 0 124 0
amapchunkpl 152 3389 0 3228 16 2 14 14 0 158 6
amappl16 192 2411 0 1277 59 1 58 59 0 8 1
amappl15 184 47 0 47 1 1 0 1 0 8 0
amappl14 176 70 0 64 1 0 1 1 0 8 0
amappl13 168 1 0 0 1 0 1 1 0 8 0
amappl12 160 7 0 6 2 1 1 1 0 8 0
amappl11 152 150 0 132 1 0 1 1 0 8 0
amappl10 144 14 0 8 1 0 1 1 0 8 0
amappl9 136 716 0 713 1 0 1 1 0 8 0
amappl8 128 292 0 257 2 0 2 2 0 8 0
amappl7 120 54 0 49 1 0 1 1 0 8 0
amappl6 112 140 0 129 1 0 1 1 0 8 0
amappl5 104 168 0 153 1 0 1 1 0 8 0
amappl4 96 772 0 737 1 0 1 1 0 8 0
amappl3 88 123 0 116 1 0 1 1 0 8 0
amappl2 80 3017 0 2939 3 1 2 3 0 8 0
amappl1 72 21127 0 20657 25 14 11 20 0 8 0
amappl 80 1452 0 1399 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 47 0 4 1 0 1 1 0 8 0
uaddrrnd 24 516 0 492 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 516 0 492 1 0 1 1 0 8 0
vmmpekpl 168 8386 0 8349 2 0 2 2 0 8 0
vmmpepl 168 71019 0 68597 155 10 145 145 0 357 39
vmsppl 368 508 0 492 2 0 2 2 0 8 0
pdppl 4096 1039 0 991 7 0 7 7 0 8 0
pvpl 32 223843 0 200043 197 3 194 197 0 265 1
pmappl 232 515 0 492 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 534 0 3 16 0 16 16 0 8 0