Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. 2020/05/07 11:14:36 parsed 1 programs 2020/05/07 11:14:41 executed programs: 0 panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d7e2600+16 0x0!=0xc3ddb0058087732b Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 217743 7590 0 0x2 0 0 syz-executor.0 * 43035 88289 0 0x12 0 1 sshd db_enter() at db_enter+0x18 panic(ffffffff821fa82d) at panic+0x15c pool_cache_get(ffffffff82673d88) at pool_cache_get+0x323 pool_get(ffffffff82673d88,1) at pool_get+0x91 m_gethdr(1,1) at m_gethdr+0x4c m_getuio(ffff800020ed7438,0,4200,ffff800020ed75b8) at m_getuio+0xe4 sosend(fffffd806eb3fc88,0,ffff800020ed75b8,0,0,80) at sosend+0x54e dofilewritev(ffff800020ed1ae0,4,ffff800020ed75b8,0,ffff800020ed76a0) at dofilewritev+0x1b6 sys_write(ffff800020ed1ae0,ffff800020ed7650,ffff800020ed76a0) at sys_write+0x83 syscall(ffff800020ed7720) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc2560, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d7e2600+16 0x0!=0xc3ddb0058087732b ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff821fa82d) at panic+0x15c pool_cache_get(ffffffff82673d88) at pool_cache_get+0x323 pool_get(ffffffff82673d88,1) at pool_get+0x91 m_gethdr(1,1) at m_gethdr+0x4c m_getuio(ffff800020ed7438,0,4200,ffff800020ed75b8) at m_getuio+0xe4 sosend(fffffd806eb3fc88,0,ffff800020ed75b8,0,0,80) at sosend+0x54e dofilewritev(ffff800020ed1ae0,4,ffff800020ed75b8,0,ffff800020ed76a0) at dofilewritev+0x1b6 sys_write(ffff800020ed1ae0,ffff800020ed7650,ffff800020ed76a0) at sys_write+0x83 syscall(ffff800020ed7720) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc2560, count: -11 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020ed7160 rbx 0xffff800020ed7210 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff819e912f kprintf+0x16f r9 0x1 r10 0xfb9b42b06f58d516 r11 0x4b9a41a5aefa6fd8 r12 0x3000000008 r13 0xffff800020ed7170 r14 0x100 r15 0x1 rip 0xffffffff81fcb0a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020ed7150 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (sshd) pid=43035 stat=onproc flags process=12 proc=0 pri=24, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020ed0280,0xffff800020ed0500 process=0xffff800020ec8f78 user=0xffff800020ed2000, vmspace=0xfffffd806e953738 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 7590 217743 251 0 7 0x2 syz-executor.0 251 112272 56207 0 3 0x82 nanosleep syz-execprog 251 98461 56207 0 3 0x4000082 nanosleep syz-execprog 251 368003 56207 0 3 0x4000082 thrsleep syz-execprog 251 516077 56207 0 3 0x4000082 thrsleep syz-execprog 251 446861 56207 0 3 0x4000082 thrsleep syz-execprog 251 263491 56207 0 3 0x4000082 thrsleep syz-execprog 251 461014 56207 0 3 0x4000082 thrsleep syz-execprog 251 36292 56207 0 3 0x4000082 thrsleep syz-execprog 251 41063 56207 0 3 0x4000082 kqread syz-execprog 56207 43677 88289 0 3 0x10008a pause ksh *88289 43035 78029 0 7 0x12 sshd 93203 364975 1 0 3 0x100083 ttyin getty 78029 371787 1 0 3 0x80 select sshd 7295 320762 20531 74 3 0x100092 bpf pflogd 20531 254184 1 0 3 0x80 netio pflogd 71863 278468 52928 73 3 0x100090 kqread syslogd 52928 273035 1 0 3 0x100082 netio syslogd 81296 85550 1 77 3 0x100090 poll dhclient 52235 82634 1 0 3 0x80 poll dhclient 868 105577 0 0 3 0x14200 bored smr 31633 185666 0 0 3 0x14200 pgzero zerothread 58772 233610 0 0 3 0x14200 aiodoned aiodoned 53631 212847 0 0 3 0x14200 syncer update 54200 119383 0 0 3 0x14200 cleaner cleaner 24116 360948 0 0 3 0x14200 reaper reaper 42493 433378 0 0 3 0x14200 pgdaemon pagedaemon 27546 41966 0 0 3 0x14200 bored crynlk 65646 343570 0 0 3 0x14200 bored crypto 42980 90760 0 0 3 0x40014200 acpi0 acpi0 58176 70798 0 0 3 0x40014200 idle1 98388 125999 0 0 3 0x14200 bored softnet 84273 457970 0 0 3 0x14200 bored systqmp 40120 294297 0 0 3 0x14200 bored systq 84974 159310 0 0 3 0x40014200 bored softclock 39967 52571 0 0 3 0x40014200 idle0 1 510957 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 7590 (syz-executor.0) thread 0xffff800020e6c278 (217743) exclusive rrwlock inode r = 0 (0xfffffd806b91d5e8) #0 witness_lock+0x4c7 #1 rw_enter+0x453 #2 rrw_enter+0x88 #3 VOP_LOCK+0x4b #4 vn_lock+0x81 #5 vget+0x1c8 #6 ufs_ihashget+0x141 #7 ffs_vget+0x74 #8 ufs_lookup+0x14b7 #9 VOP_LOOKUP+0x5b #10 vfs_lookup+0x7a6 #11 namei+0x63c #12 dounlinkat+0x99 #13 syscall+0x4a4 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806b91d3c8) #0 witness_lock+0x4c7 #1 rw_enter+0x453 #2 rrw_enter+0x88 #3 VOP_LOCK+0x4b #4 vn_lock+0x81 #5 vfs_lookup+0xe6 #6 namei+0x63c #7 dounlinkat+0x99 #8 syscall+0x4a4 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9466 6395K 6395K 78643K 10557 0 pcb 13 8K 8K 78643K 13 0 rtable 83 2K 2K 78643K 163 0 ifaddr 37 9K 9K 78643K 284 0 counters 41 33K 33K 78643K 41 0 ioctlops 0 0K 4K 78643K 1468 0 mount 1 1K 1K 78643K 1 0 vnodes 1183 74K 75K 78643K 1188 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 2 4K 12K 78643K 263 0 proc 59 63K 83K 78643K 398 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 22 1K 1K 78643K 22 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 1K 78643K 197 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 78 12K 12K 78643K 1199 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 5 0K 0K 78643K 7 0 temp 29 3033K 3097K 78643K 2359 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 17 0 15 1 0 1 1 0 8 0 rtentry 112 34 0 1 1 0 1 1 0 8 0 unpcb 120 29 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 1 1 0 1 0 8 0 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 279 0 273 1 0 1 1 0 8 0 nd6 48 3 0 0 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 11 0 0 1 0 1 1 0 8 0 pfstkey 112 11 0 0 1 0 1 1 0 8 0 pfstate 328 11 0 0 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 144 0 0 9 0 9 9 0 8 0 art_table 32 145 0 0 2 0 2 2 0 8 0 art_node 16 33 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1669 0 267 88 0 88 88 0 8 0 ffsino 272 1669 0 267 94 0 94 94 0 8 0 nchpl 144 2130 0 530 60 0 60 60 0 8 0 uvmvnodes 72 1679 0 0 31 0 31 31 0 8 0 vnodes 208 1679 0 0 89 0 89 89 0 8 0 namei 1024 5186 0 5186 1 0 1 1 0 8 1 percpumem 16 31 0 0 1 0 1 1 0 8 0 scxspl 192 5315 0 5315 2 1 1 2 0 8 1 plimitpl 152 15 0 8 1 0 1 1 0 8 0 sigapl 424 486 0 457 4 0 4 4 0 8 0 knotepl 112 47 0 36 1 0 1 1 0 8 0 kqueuepl 144 2 0 0 1 0 1 1 0 8 0 pipelkpl 48 77 0 70 1 0 1 1 0 8 0 pipepl 120 154 0 141 1 0 1 1 0 8 0 fdescpl 496 471 0 457 3 0 3 3 0 8 0 filepl 152 1600 0 1542 3 0 3 3 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 62 0 53 1 0 1 1 0 8 0 zombiepl 144 457 0 457 1 0 1 1 0 8 1 processpl 984 486 0 457 5 0 5 5 0 8 1 procpl 624 494 0 457 4 0 4 4 0 8 1 sockpl 400 325 0 307 2 0 2 2 0 8 0 mcl4k 4096 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 71 0 0 9 0 9 9 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 89 0 0 6 0 6 6 0 8 0 bufpl 280 3229 0 134 222 0 222 222 0 8 0 anonpl 16 29303 0 26922 13 1 12 12 0 124 1 amapchunkpl 152 1073 0 993 4 0 4 4 0 158 0 amappl16 192 1181 0 1092 5 0 5 5 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 36 0 30 1 0 1 1 0 8 0 amappl13 168 21 0 20 1 0 1 1 0 8 0 amappl12 160 8 0 6 1 0 1 1 0 8 0 amappl11 152 52 0 37 1 0 1 1 0 8 0 amappl10 144 269 0 265 1 0 1 1 0 8 0 amappl9 136 230 0 228 1 0 1 1 0 8 0 amappl8 128 274 0 265 1 0 1 1 0 8 0 amappl7 120 361 0 350 1 0 1 1 0 8 0 amappl6 112 24 0 21 1 0 1 1 0 8 0 amappl5 104 375 0 360 1 0 1 1 0 8 0 amappl4 96 499 0 471 1 0 1 1 0 8 0 amappl3 88 105 0 99 1 0 1 1 0 8 0 amappl2 80 1410 0 1353 2 0 2 2 0 8 0 amappl1 72 16927 0 16507 23 5 18 18 0 8 8 amappl 80 723 0 693 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 471 0 457 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 471 0 457 1 0 1 1 0 8 0 vmmpekpl 168 6820 0 6796 2 0 2 2 0 8 0 vmmpepl 168 42982 0 41994 76 4 72 72 0 357 27 vmsppl 368 470 0 457 2 0 2 2 0 8 0 pdppl 4096 950 0 914 6 0 6 6 0 8 0 pvpl 32 140382 0 135532 104 0 104 104 0 265 63 pmappl 232 470 0 457 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 231 0 3 7 0 7 7 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff82523ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xc6 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff8266bfa8) at __mp_lock+0x127 __mp_acquire_count(ffffffff8266bfa8,1) at __mp_acquire_count+0x51 mi_switch() at mi_switch+0x392 sleep_finish(ffff800020f656a0,1) at sleep_finish+0x113 sleep_finish_all(ffff800020f656a0,1) at sleep_finish_all+0x32 tsleep(fffffd806b258d40,11,ffffffff822528e4,0) at tsleep+0x1cc biowait(fffffd806b258d40) at biowait+0xa6 bwrite(fffffd806b258d40) at bwrite+0x1e4 ufs_dirremove(fffffd8079b96680,fffffd806b91d550,800c,1) at ufs_dirremove+0x291 ufs_rmdir(ffff800020f658c8) at ufs_rmdir+0x247 VOP_RMDIR(fffffd8079b96680,fffffd8078856358,ffff800020f659c8) at VOP_RMDIR+0xf8 end trace frame: 0xffff800020f65a60, count: 0 ddb{0}>