panic: pool_cache_item_magic_check: mcl2k cpu free list modified: item addr 0xffffff0005ff0800+24 0x470a1ed9891e12b2!=0x470a1ed98f1e62b2
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
112107 39847 65534 0x10 0 1 syz-executor0
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
pool_cache_get(2) at pool_cache_get+0x2bf pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline]
pool_cache_get(2) at pool_cache_get+0x2bf sys/kern/subr_pool.c:1892
pool_get(ffffff006efb9900,2) at pool_get+0x60 sys/kern/subr_pool.c:577
m_clget(10,ffff800000173000,1) at m_clget+0x204 sys/kern/uipc_mbuf.c:394
vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 vio_add_rx_mbuf sys/dev/pv/if_vio.c:906 [inline]
vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 sys/dev/pv/if_vio.c:950
vio_rx_intr(ffff80000064d200) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1062
intr_handler(0,ffff80000064d180) at intr_handler+0x70 sys/arch/amd64/amd64/intr.c:529
Xintr_ioapic_edge19_untramp(0,0,1388,18041969,ffff800000022a00,ffff800000022a00) at Xintr_ioapic_edge19_untramp+0x19f
acpicpu_idle() at acpicpu_idle+0x251 sys/dev/acpi/acpicpu.c:1187
sched_idle(0) at sched_idle+0x374 sys/kern/kern_sched.c:177
end trace frame: 0x0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> show panic
pool_cache_item_magic_check: mcl2k cpu free list modified: item addr 0xffffff0005ff0800+24 0x470a1ed9891e12b2!=0x470a1ed98f1e62b2
ddb{0}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
pool_cache_get(2) at pool_cache_get+0x2bf pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline]
pool_cache_get(2) at pool_cache_get+0x2bf sys/kern/subr_pool.c:1892
pool_get(ffffff006efb9900,2) at pool_get+0x60 sys/kern/subr_pool.c:577
m_clget(10,ffff800000173000,1) at m_clget+0x204 sys/kern/uipc_mbuf.c:394
vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 vio_add_rx_mbuf sys/dev/pv/if_vio.c:906 [inline]
vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 sys/dev/pv/if_vio.c:950
vio_rx_intr(ffff80000064d200) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1062
intr_handler(0,ffff80000064d180) at intr_handler+0x70 sys/arch/amd64/amd64/intr.c:529
Xintr_ioapic_edge19_untramp(0,0,1388,18041969,ffff800000022a00,ffff800000022a00) at Xintr_ioapic_edge19_untramp+0x19f
acpicpu_idle() at acpicpu_idle+0x251 sys/dev/acpi/acpicpu.c:1187
sched_idle(0) at sched_idle+0x374 sys/kern/kern_sched.c:177
end trace frame: 0x0, count: -11
ddb{0}> show registers
rdi 0xffffffff81e53648 kprintf_mutex
rsi 0x5
rbp 0xffff800021039b30
rbx 0xffff800021039bd0
rdx 0x3fd
rcx 0
rax 0xffffffff81e40ff0 cpu_info_full_primary+0x1ff0
r8 0xffff800021039b00
r9 0x8080808080808080
r10 0
r11 0xffffffff811c6fd0 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff800021039b40
r14 0x100
r15 0xffffffff81bf6405 cmd0646_9_tim_udma+0x1db0b
rip 0xffffffff81711a9a db_enter+0xa
cs 0x8
rflags 0x202
rsp 0xffff800021039b30
ss 0x10
db_enter+0xa: popq %rbp
ddb{0}> show proc
PROC (idle0) pid=262793 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=86, nice=20
forw=0xf020c0138211c8a3, list=0xffff800021031770,0xffff800021030bc8
process=0xffff8000210332f0 user=0xffff800021034000, vmspace=0xffffffff81ec6008
estcpu=36, cpticks=188362, pctcpu=0.0
user=0, sys=0, intr=1
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
39847 112107 33109 65534 7 0x10 syz-executor0
62824 435401 70508 65534 3 0x10 biowait syz-executor1
70508 251766 80055 0 3 0x82 wait syz-executor1
33109 110118 78900 65534 3 0x90 nanosleep syz-executor0
78900 74026 80055 0 3 0x82 wait syz-executor0
29202 148140 0 0 3 0x14200 bored sosplice
80055 67422 55568 0 3 0x82 thrsleep syz-fuzzer
80055 48350 55568 0 3 0x4000082 nanosleep syz-fuzzer
80055 83683 55568 0 3 0x4000082 thrsleep syz-fuzzer
80055 101438 55568 0 3 0x4000082 kqread syz-fuzzer
80055 163128 55568 0 3 0x4000082 thrsleep syz-fuzzer
80055 454700 55568 0 3 0x4000082 thrsleep syz-fuzzer
80055 207280 55568 0 3 0x4000082 thrsleep syz-fuzzer
80055 249698 55568 0 3 0x4000082 nanosleep syz-fuzzer
80055 284324 55568 0 3 0x4000082 thrsleep syz-fuzzer
80055 226592 55568 0 3 0x4000082 thrsleep syz-fuzzer
55568 62581 15992 0 3 0x10008a pause ksh
15992 312713 86149 0 3 0x92 select sshd
13541 59165 1 0 3 0x100083 ttyin getty
86149 243509 1 0 3 0x80 select sshd
66019 442565 19526 73 3 0x100090 kqread syslogd
19526 413874 1 0 3 0x100082 netio syslogd
83616 352584 1 77 3 0x100090 poll dhclient
26573 161556 1 0 3 0x80 poll dhclient
5090 59519 0 0 2 0x14200 zerothread
75075 75751 0 0 3 0x14200 aiodoned aiodoned
54607 188728 0 0 3 0x14200 syncer update
71534 470214 0 0 3 0x14200 cleaner cleaner
13053 55157 0 0 3 0x14200 reaper reaper
63093 150174 0 0 3 0x14200 pgdaemon pagedaemon
87552 491003 0 0 3 0x14200 bored crynlk
83553 428191 0 0 3 0x14200 bored crypto
90493 280458 0 0 3 0x40014200 acpi0 acpi0
19516 478681 0 0 3 0x40014200 idle1
79885 37459 0 0 2 0x14200 softnet
20543 266593 0 0 3 0x14200 bored systqmp
86567 355122 0 0 3 0x14200 bored systq
84542 234435 0 0 3 0x40014200 bored softclock
*79507 262793 0 0 7 0x40014200 idle0
1 432109 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper