Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts.
2020/05/07 11:14:36 parsed 1 programs
2020/05/07 11:14:41 executed programs: 0
panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d7e2600+16 0x0!=0xc3ddb0058087732b
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
217743 7590 0 0x2 0 0 syz-executor.0
* 43035 88289 0 0x12 0 1 sshd
db_enter() at db_enter+0x18
panic(ffffffff821fa82d) at panic+0x15c
pool_cache_get(ffffffff82673d88) at pool_cache_get+0x323
pool_get(ffffffff82673d88,1) at pool_get+0x91
m_gethdr(1,1) at m_gethdr+0x4c
m_getuio(ffff800020ed7438,0,4200,ffff800020ed75b8) at m_getuio+0xe4
sosend(fffffd806eb3fc88,0,ffff800020ed75b8,0,0,80) at sosend+0x54e
dofilewritev(ffff800020ed1ae0,4,ffff800020ed75b8,0,ffff800020ed76a0) at dofilewritev+0x1b6
sys_write(ffff800020ed1ae0,ffff800020ed7650,ffff800020ed76a0) at sys_write+0x83
syscall(ffff800020ed7720) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc2560, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d7e2600+16 0x0!=0xc3ddb0058087732b
ddb{1}> trace
db_enter() at db_enter+0x18
panic(ffffffff821fa82d) at panic+0x15c
pool_cache_get(ffffffff82673d88) at pool_cache_get+0x323
pool_get(ffffffff82673d88,1) at pool_get+0x91
m_gethdr(1,1) at m_gethdr+0x4c
m_getuio(ffff800020ed7438,0,4200,ffff800020ed75b8) at m_getuio+0xe4
sosend(fffffd806eb3fc88,0,ffff800020ed75b8,0,0,80) at sosend+0x54e
dofilewritev(ffff800020ed1ae0,4,ffff800020ed75b8,0,ffff800020ed76a0) at dofilewritev+0x1b6
sys_write(ffff800020ed1ae0,ffff800020ed7650,ffff800020ed76a0) at sys_write+0x83
syscall(ffff800020ed7720) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc2560, count: -11
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020ed7160
rbx 0xffff800020ed7210
rdx 0x8b
rcx 0x2
rax 0x1
r8 0xffffffff819e912f kprintf+0x16f
r9 0x1
r10 0xfb9b42b06f58d516
r11 0x4b9a41a5aefa6fd8
r12 0x3000000008
r13 0xffff800020ed7170
r14 0x100
r15 0x1
rip 0xffffffff81fcb0a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020ed7150
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (sshd) pid=43035 stat=onproc
flags process=12<EXEC,SUGID,8ORPHAN> proc=0
pri=24, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020ed0280,0xffff800020ed0500
process=0xffff800020ec8f78 user=0xffff800020ed2000, vmspace=0xfffffd806e953738
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
7590 217743 251 0 7 0x2 syz-executor.0
251 112272 56207 0 3 0x82 nanosleep syz-execprog
251 98461 56207 0 3 0x4000082 nanosleep syz-execprog
251 368003 56207 0 3 0x4000082 thrsleep syz-execprog
251 516077 56207 0 3 0x4000082 thrsleep syz-execprog
251 446861 56207 0 3 0x4000082 thrsleep syz-execprog
251 263491 56207 0 3 0x4000082 thrsleep syz-execprog
251 461014 56207 0 3 0x4000082 thrsleep syz-execprog
251 36292 56207 0 3 0x4000082 thrsleep syz-execprog
251 41063 56207 0 3 0x4000082 kqread syz-execprog
56207 43677 88289 0 3 0x10008a pause ksh
*88289 43035 78029 0 7 0x12 sshd
93203 364975 1 0 3 0x100083 ttyin getty
78029 371787 1 0 3 0x80 select sshd
7295 320762 20531 74 3 0x100092 bpf pflogd
20531 254184 1 0 3 0x80 netio pflogd
71863 278468 52928 73 3 0x100090 kqread syslogd
52928 273035 1 0 3 0x100082 netio syslogd
81296 85550 1 77 3 0x100090 poll dhclient
52235 82634 1 0 3 0x80 poll dhclient
868 105577 0 0 3 0x14200 bored smr
31633 185666 0 0 3 0x14200 pgzero zerothread
58772 233610 0 0 3 0x14200 aiodoned aiodoned
53631 212847 0 0 3 0x14200 syncer update
54200 119383 0 0 3 0x14200 cleaner cleaner
24116 360948 0 0 3 0x14200 reaper reaper
42493 433378 0 0 3 0x14200 pgdaemon pagedaemon
27546 41966 0 0 3 0x14200 bored crynlk
65646 343570 0 0 3 0x14200 bored crypto
42980 90760 0 0 3 0x40014200 acpi0 acpi0
58176 70798 0 0 3 0x40014200 idle1
98388 125999 0 0 3 0x14200 bored softnet
84273 457970 0 0 3 0x14200 bored systqmp
40120 294297 0 0 3 0x14200 bored systq
84974 159310 0 0 3 0x40014200 bored softclock
39967 52571 0 0 3 0x40014200 idle0
1 510957 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 7590 (syz-executor.0) thread 0xffff800020e6c278 (217743)
exclusive rrwlock inode r = 0 (0xfffffd806b91d5e8)
#0 witness_lock+0x4c7
#1 rw_enter+0x453
#2 rrw_enter+0x88
#3 VOP_LOCK+0x4b
#4 vn_lock+0x81
#5 vget+0x1c8
#6 ufs_ihashget+0x141
#7 ffs_vget+0x74
#8 ufs_lookup+0x14b7
#9 VOP_LOOKUP+0x5b
#10 vfs_lookup+0x7a6
#11 namei+0x63c
#12 dounlinkat+0x99
#13 syscall+0x4a4
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b91d3c8)
#0 witness_lock+0x4c7
#1 rw_enter+0x453
#2 rrw_enter+0x88
#3 VOP_LOCK+0x4b
#4 vn_lock+0x81
#5 vfs_lookup+0xe6
#6 namei+0x63c
#7 dounlinkat+0x99
#8 syscall+0x4a4
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9466 6395K 6395K 78643K 10557 0
pcb 13 8K 8K 78643K 13 0
rtable 83 2K 2K 78643K 163 0
ifaddr 37 9K 9K 78643K 284 0
counters 41 33K 33K 78643K 41 0
ioctlops 0 0K 4K 78643K 1468 0
mount 1 1K 1K 78643K 1 0
vnodes 1183 74K 75K 78643K 1188 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 2 4K 12K 78643K 263 0
proc 59 63K 83K 78643K 398 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 22 1K 1K 78643K 22 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
exec 0 0K 1K 78643K 197 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 78 12K 12K 78643K 1199 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 5 0K 0K 78643K 7 0
temp 29 3033K 3097K 78643K 2359 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 4 0 0 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 29 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 1 0 1 0 8 0
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 279 0 273 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 11 0 0 1 0 1 1 0 8 0
pfstkey 112 11 0 0 1 0 1 1 0 8 0
pfstate 328 11 0 0 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 144 0 0 9 0 9 9 0 8 0
art_table 32 145 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1669 0 267 88 0 88 88 0 8 0
ffsino 272 1669 0 267 94 0 94 94 0 8 0
nchpl 144 2130 0 530 60 0 60 60 0 8 0
uvmvnodes 72 1679 0 0 31 0 31 31 0 8 0
vnodes 208 1679 0 0 89 0 89 89 0 8 0
namei 1024 5186 0 5186 1 0 1 1 0 8 1
percpumem 16 31 0 0 1 0 1 1 0 8 0
scxspl 192 5315 0 5315 2 1 1 2 0 8 1
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 424 486 0 457 4 0 4 4 0 8 0
knotepl 112 47 0 36 1 0 1 1 0 8 0
kqueuepl 144 2 0 0 1 0 1 1 0 8 0
pipelkpl 48 77 0 70 1 0 1 1 0 8 0
pipepl 120 154 0 141 1 0 1 1 0 8 0
fdescpl 496 471 0 457 3 0 3 3 0 8 0
filepl 152 1600 0 1542 3 0 3 3 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 62 0 53 1 0 1 1 0 8 0
zombiepl 144 457 0 457 1 0 1 1 0 8 1
processpl 984 486 0 457 5 0 5 5 0 8 1
procpl 624 494 0 457 4 0 4 4 0 8 1
sockpl 400 325 0 307 2 0 2 2 0 8 0
mcl4k 4096 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 71 0 0 9 0 9 9 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 89 0 0 6 0 6 6 0 8 0
bufpl 280 3229 0 134 222 0 222 222 0 8 0
anonpl 16 29303 0 26922 13 1 12 12 0 124 1
amapchunkpl 152 1073 0 993 4 0 4 4 0 158 0
amappl16 192 1181 0 1092 5 0 5 5 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 36 0 30 1 0 1 1 0 8 0
amappl13 168 21 0 20 1 0 1 1 0 8 0
amappl12 160 8 0 6 1 0 1 1 0 8 0
amappl11 152 52 0 37 1 0 1 1 0 8 0
amappl10 144 269 0 265 1 0 1 1 0 8 0
amappl9 136 230 0 228 1 0 1 1 0 8 0
amappl8 128 274 0 265 1 0 1 1 0 8 0
amappl7 120 361 0 350 1 0 1 1 0 8 0
amappl6 112 24 0 21 1 0 1 1 0 8 0
amappl5 104 375 0 360 1 0 1 1 0 8 0
amappl4 96 499 0 471 1 0 1 1 0 8 0
amappl3 88 105 0 99 1 0 1 1 0 8 0
amappl2 80 1410 0 1353 2 0 2 2 0 8 0
amappl1 72 16927 0 16507 23 5 18 18 0 8 8
amappl 80 723 0 693 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
uaddrrnd 24 471 0 457 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 471 0 457 1 0 1 1 0 8 0
vmmpekpl 168 6820 0 6796 2 0 2 2 0 8 0
vmmpepl 168 42982 0 41994 76 4 72 72 0 357 27
vmsppl 368 470 0 457 2 0 2 2 0 8 0
pdppl 4096 950 0 914 6 0 6 6 0 8 0
pvpl 32 140382 0 135532 104 0 104 104 0 265 63
pmappl 232 470 0 457 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 231 0 3 7 0 7 7 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82523ff0) at x86_ipi_db+0x1a
x86_ipi_handler() at x86_ipi_handler+0xc6
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff8266bfa8) at __mp_lock+0x127
__mp_acquire_count(ffffffff8266bfa8,1) at __mp_acquire_count+0x51
mi_switch() at mi_switch+0x392
sleep_finish(ffff800020f656a0,1) at sleep_finish+0x113
sleep_finish_all(ffff800020f656a0,1) at sleep_finish_all+0x32
tsleep(fffffd806b258d40,11,ffffffff822528e4,0) at tsleep+0x1cc
biowait(fffffd806b258d40) at biowait+0xa6
bwrite(fffffd806b258d40) at bwrite+0x1e4
ufs_dirremove(fffffd8079b96680,fffffd806b91d550,800c,1) at ufs_dirremove+0x291
ufs_rmdir(ffff800020f658c8) at ufs_rmdir+0x247
VOP_RMDIR(fffffd8079b96680,fffffd8078856358,ffff800020f659c8) at VOP_RMDIR+0xf8
end trace frame: 0xffff800020f65a60, count: 0
ddb{0}>