panic: pool_cache_item_magic_check: mcl64k cpu free list modified: item addr 0xffffff0006004000+24 0xf9e347e578321f8e!=0xf9e347e57e315f8e Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 204185 30672 0 0 0 1 syz-executor0 *251044 30672 0 0 0x4000000 0K syz-executor0 db_enter() at db_enter+0xa panic() at panic+0x147 pool_cache_get(2) at pool_cache_get+0x2bf pool_get(ffffff0065128900,2) at pool_get+0x60 m_clget(10000,ff95ff8a,ffffff007b6a1100) at m_clget+0x204 switchwrite(ffffff00656ba350,ffffff00656ba350,ffff8000211b57b8) at switchwrite+0x20c spec_write(ffffffff81e45548) at spec_write+0xa8 VOP_WRITE(1,ffffff00656ba350,1,ffffff00604f4000) at VOP_WRITE+0x65 vn_write(ffffff00604f4000,ffff8000211b57b8,ffffff91) at vn_write+0x161 dofilewritev(ffff8000211b58e0,1,ffff8000211b58f8,ffff8000210a3530,0) at dofilewritev+0x13e sys_pwritev(10c0,ffff8000210a3530,0) at sys_pwritev+0xbf syscall(0) at syscall+0x489 Xsyscall(6,0,ffffffffffffffb8,0,4,df03e92b0d8) at Xsyscall+0x128 end of kernel end trace frame: 0xdf287633550, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic pool_cache_item_magic_check: mcl64k cpu free list modified: item addr 0xffffff0006004000+24 0xf9e347e578321f8e!=0xf9e347e57e315f8e ddb{0}> trace db_enter() at db_enter+0xa panic() at panic+0x147 pool_cache_get(2) at pool_cache_get+0x2bf pool_get(ffffff0065128900,2) at pool_get+0x60 m_clget(10000,ff95ff8a,ffffff007b6a1100) at m_clget+0x204 switchwrite(ffffff00656ba350,ffffff00656ba350,ffff8000211b57b8) at switchwrite+0x20c spec_write(ffffffff81e45548) at spec_write+0xa8 VOP_WRITE(1,ffffff00656ba350,1,ffffff00604f4000) at VOP_WRITE+0x65 vn_write(ffffff00604f4000,ffff8000211b57b8,ffffff91) at vn_write+0x161 dofilewritev(ffff8000211b58e0,1,ffff8000211b58f8,ffff8000210a3530,0) at dofilewritev+0x13e sys_pwritev(10c0,ffff8000210a3530,0) at sys_pwritev+0xbf syscall(0) at syscall+0x489 Xsyscall(6,0,ffffffffffffffb8,0,4,df03e92b0d8) at Xsyscall+0x128 end of kernel end trace frame: 0xdf287633550, count: -13 ddb{0}> show registers rdi 0xffffffff81e263d0 kprintf_mutex rsi 0x5 rbp 0xffff8000211b53f0 rbx 0xffff8000211b5490 rdx 0xffff800000cd6000 rcx 0x3ffff acpi_pdirpa+0x2be67 rax 0xffff800000ad2a00 r8 0xffff8000211b53c0 r9 0x8080808080808080 r10 0 r11 0xffffffff81437f90 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff8000211b5400 r14 0x100 r15 0xffffffff81bf1c1e cmd0646_9_tim_udma+0x1bda7 rip 0xffffffff810b44fa db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff8000211b53f0 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor0) pid=251044 stat=onproc flags process=0 proc=4000000 pri=70, usrpri=70, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a3788,0xffffffff81ed2ad0 process=0xffff8000210cb630 user=0xffff8000211b0000, vmspace=0xffffff007f125528 estcpu=20, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83998 232458 51074 0 2 0 syz-executor1 83998 494598 51074 0 2 0x4000080 syz-executor1 30672 204185 36635 0 7 0 syz-executor0 30672 118847 36635 0 3 0x4000080 switchread syz-executor0 *30672 251044 36635 0 7 0x4000000 syz-executor0 67766 319073 1 0 3 0x100083 ttyin getty 126 230541 0 0 3 0x14200 bored sosplice 51074 256186 26080 0 3 0x82 nanosleep syz-executor1 36635 40965 26080 0 3 0x82 nanosleep syz-executor0 26080 140887 30412 0 3 0x82 thrsleep syz-fuzzer 26080 77644 30412 0 3 0x4000082 thrsleep syz-fuzzer 26080 384172 30412 0 3 0x4000082 thrsleep syz-fuzzer 26080 273494 30412 0 3 0x4000082 thrsleep syz-fuzzer 26080 219023 30412 0 3 0x4000082 thrsleep syz-fuzzer 26080 62259 30412 0 3 0x4000082 thrsleep syz-fuzzer 26080 79611 30412 0 3 0x4000082 thrsleep syz-fuzzer 26080 142192 30412 0 3 0x4000082 thrsleep syz-fuzzer 26080 313823 30412 0 3 0x4000082 kqread syz-fuzzer 26080 231545 30412 0 3 0x4000082 thrsleep syz-fuzzer 30412 451826 38472 0 3 0x10008a pause ksh 38472 343364 9090 0 3 0x92 select sshd 9090 172605 1 0 3 0x80 select sshd 34739 453867 55217 73 3 0x100090 kqread syslogd 55217 188921 1 0 3 0x100082 netio syslogd 88923 147142 1 77 3 0x100090 poll dhclient 27770 54302 1 0 3 0x80 poll dhclient 51982 519644 0 0 2 0x14200 zerothread 86591 26538 0 0 3 0x14200 aiodoned aiodoned 1637 303418 0 0 3 0x14200 syncer update 24762 84146 0 0 3 0x14200 cleaner cleaner 97467 449575 0 0 3 0x14200 reaper reaper 53166 113583 0 0 3 0x14200 pgdaemon pagedaemon 83846 421802 0 0 3 0x14200 bored crynlk 66958 33457 0 0 3 0x14200 bored crypto 18071 31693 0 0 3 0x40014200 acpi0 acpi0 99178 512824 0 0 3 0x40014200 idle1 74303 138041 0 0 3 0x14200 bored softnet 812 140822 0 0 3 0x14200 bored systqmp 65873 228007 0 0 3 0x14200 bored systq 20862 477627 0 0 3 0x40014200 bored softclock 11010 62754 0 0 3 0x40014200 idle0 1 394416 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper