panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd8076c01100+16 0x0!=0xa9695cc5cce9a3d6 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *207273 91206 0 0 0 0K syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823e928b) at panic+0x15c sys/kern/subr_prf.c:207 pool_cache_get(ffffffff82909988) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1781 [inline] pool_cache_get(ffffffff82909988) at pool_cache_get+0x323 sys/kern/subr_pool.c:1884 pool_get(ffffffff82909988,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250 rt_ifa_del(ffff800000a9f700,800100,ffff800000a9f740,0) at rt_ifa_del+0xa1 sys/net/route.c:1163 in6_unlink_ifa(ffff800000a9f700,ffff800000ac3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac3000,ffff800020ec5c60,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff800020ec5c60,ffff800000ac3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806eae3e18,8080691a,ffff800020ec5c60,ffff800020dec4e8) at ifioctl+0xe70 sys/net/if.c:2288 soo_ioctl(fffffd806cf78698,8080691a,ffff800020ec5c60,ffff800020dec4e8) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800020dec4e8,ffff800020ec5d78,ffff800020ec5dc0) at sys_ioctl+0x4a5 syscall(ffff800020ec5e40) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020ec5e40) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd0230, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd8076c01100+16 0x0!=0xa9695cc5cce9a3d6 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823e928b) at panic+0x15c sys/kern/subr_prf.c:207 pool_cache_get(ffffffff82909988) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1781 [inline] pool_cache_get(ffffffff82909988) at pool_cache_get+0x323 sys/kern/subr_pool.c:1884 pool_get(ffffffff82909988,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250 rt_ifa_del(ffff800000a9f700,800100,ffff800000a9f740,0) at rt_ifa_del+0xa1 sys/net/route.c:1163 in6_unlink_ifa(ffff800000a9f700,ffff800000ac3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac3000,ffff800020ec5c60,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff800020ec5c60,ffff800000ac3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806eae3e18,8080691a,ffff800020ec5c60,ffff800020dec4e8) at ifioctl+0xe70 sys/net/if.c:2288 soo_ioctl(fffffd806cf78698,8080691a,ffff800020ec5c60,ffff800020dec4e8) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800020dec4e8,ffff800020ec5d78,ffff800020ec5dc0) at sys_ioctl+0x4a5 syscall(ffff800020ec5e40) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020ec5e40) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd0230, count: -14 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020ec54d0 rbx 0xffff800020ec5580 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff8199641f kprintf+0x16f r9 0x1 r10 0x2 r11 0x3dde29b330e2681 r12 0x3000000008 r13 0xffff800020ec54e0 r14 0x100 r15 0x1 rip 0xffffffff8209c218 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020ec54c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=207273 stat=onproc flags process=0 proc=0 pri=59, usrpri=59, nice=20 forw=0xffffffffffffffff, list=0xffff800020dec278,0xffffffff8290d2f8 process=0xffff800020e01720 user=0xffff800020ec0000, vmspace=0xfffffd807efff2e0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *91206 207273 19994 0 7 0 syz-executor.0 19994 153498 96823 0 3 0x82 nanosleep syz-executor.0 96823 235911 53077 0 3 0x82 thrsleep syz-execprog 96823 31352 53077 0 3 0x4000082 nanosleep syz-execprog 96823 269756 53077 0 3 0x4000082 thrsleep syz-execprog 96823 248020 53077 0 3 0x4000082 kqread syz-execprog 96823 69960 53077 0 3 0x4000082 thrsleep syz-execprog 96823 439260 53077 0 3 0x4000082 thrsleep syz-execprog 96823 179992 53077 0 3 0x4000082 thrsleep syz-execprog 96823 149505 53077 0 3 0x4000082 thrsleep syz-execprog 96823 146580 53077 0 3 0x4000082 nanosleep syz-execprog 53077 1395 93767 0 3 0x10008a pause ksh 93767 383269 7652 0 3 0x92 select sshd 12858 35057 1 0 3 0x100083 ttyin getty 7652 49657 1 0 3 0x80 select sshd 25228 429857 17418 74 3 0x100092 bpf pflogd 17418 198632 1 0 3 0x80 netio pflogd 60915 261041 78765 73 3 0x100090 kqread syslogd 78765 98623 1 0 3 0x100082 netio syslogd 51638 24089 1 77 3 0x100090 poll dhclient 93681 486464 1 0 3 0x80 poll dhclient 62577 147494 0 0 3 0x14200 bored smr 12518 123950 0 0 3 0x14200 pgzero zerothread 14324 477046 0 0 3 0x14200 aiodoned aiodoned 63110 95321 0 0 3 0x14200 syncer update 94136 325087 0 0 3 0x14200 cleaner cleaner 44363 381398 0 0 3 0x14200 reaper reaper 38201 224546 0 0 3 0x14200 pgdaemon pagedaemon 30150 371153 0 0 3 0x14200 bored crynlk 59784 418694 0 0 3 0x14200 bored crypto 51060 361777 0 0 3 0x40014200 acpi0 acpi0 12509 479010 0 0 7 0x40014200 idle1 47680 278339 0 0 3 0x14200 bored softnet 91336 475872 0 0 3 0x14200 bored systqmp 94046 137328 0 0 3 0x14200 bored systq 45937 30668 0 0 3 0x40014200 bored softclock 50725 303162 0 0 3 0x40014200 idle0 1 77573 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}>