panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xffffff007e25c900+24 0xd86d7e451e21edf6!=0xd86d7e457d26fdf6 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 232343 5785 0 0 0 1 syz-executor0 *441246 5785 0 0 0x4000000 0K syz-executor0 db_enter() at db_enter+0xa panic() at panic+0x147 pool_cache_get(2) at pool_cache_get+0x2bf pool_get(1,2) at pool_get+0x60 m_get(10000,ff6eff92) at m_get+0x2f switchwrite(ffffff0072bd3658,ffffff0072bd3658,ffff8000211793e8) at switchwrite+0x1d3 spec_write(ffffffff81e4c3d0) at spec_write+0xa8 VOP_WRITE(1,ffffff0072bd3658,1,ffffff0067f75d30) at VOP_WRITE+0x65 vn_write(ffffff0067f75d30,ffff8000211793e8,ffffff91) at vn_write+0x161 dofilewritev(ffff800021179510,1,ffff800021179528,ffff8000210a2720,0) at dofilewritev+0x13e sys_pwritev(10c0,ffff8000210a2720,0) at sys_pwritev+0xbf syscall(0) at syscall+0x489 Xsyscall(6,0,ffffffffffffffb8,0,4,c95880e80d8) at Xsyscall+0x128 end of kernel end trace frame: 0xc97caf55440, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xffffff007e25c900+24 0xd86d7e451e21edf6!=0xd86d7e457d26fdf6 ddb{0}> trace db_enter() at db_enter+0xa panic() at panic+0x147 pool_cache_get(2) at pool_cache_get+0x2bf pool_get(1,2) at pool_get+0x60 m_get(10000,ff6eff92) at m_get+0x2f switchwrite(ffffff0072bd3658,ffffff0072bd3658,ffff8000211793e8) at switchwrite+0x1d3 spec_write(ffffffff81e4c3d0) at spec_write+0xa8 VOP_WRITE(1,ffffff0072bd3658,1,ffffff0067f75d30) at VOP_WRITE+0x65 vn_write(ffffff0067f75d30,ffff8000211793e8,ffffff91) at vn_write+0x161 dofilewritev(ffff800021179510,1,ffff800021179528,ffff8000210a2720,0) at dofilewritev+0x13e sys_pwritev(10c0,ffff8000210a2720,0) at sys_pwritev+0xbf syscall(0) at syscall+0x489 Xsyscall(6,0,ffffffffffffffb8,0,4,c95880e80d8) at Xsyscall+0x128 end of kernel end trace frame: 0xc97caf55440, count: -13 ddb{0}> show registers rdi 0xffffffff81e2ec58 kprintf_mutex rsi 0xffffffff81b67d99 db_enter+0x9 rbp 0xffff800021179040 rbx 0xffff8000211790e0 rdx 0xffff800000cd6000 rcx 0x6946 __ALIGN_SIZE+0x5946 rax 0xffff800000cd6000 r8 0xffff800021179010 r9 0x8080808080808080 r10 0 r11 0xffffffff819e6130 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800021179050 r14 0x100 r15 0xffffffff81bf5517 cmd0646_9_tim_udma+0x220e6 rip 0xffffffff81b67d9a db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff800021179040 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor0) pid=441246 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a3c38,0xffffffff81eac508 process=0xffff8000210b7630 user=0xffff800021174000, vmspace=0xffffff007f124948 estcpu=31, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 5785 232343 3705 0 7 0 syz-executor0 5785 459701 3705 0 2 0x4000000 syz-executor0 * 5785 441246 3705 0 7 0x4000000 syz-executor0 77447 31610 1 0 3 0x100083 ttyin getty 90798 419219 0 0 3 0x14200 bored sosplice 71706 130022 47224 0 2 0x2 syz-executor1 3705 55903 47224 0 3 0x82 nanosleep syz-executor0 47224 265923 35423 0 3 0x82 thrsleep syz-fuzzer 47224 371565 35423 0 3 0x4000082 nanosleep syz-fuzzer 47224 424314 35423 0 3 0x4000082 thrsleep syz-fuzzer 47224 134701 35423 0 3 0x4000082 thrsleep syz-fuzzer 47224 406224 35423 0 3 0x4000082 thrsleep syz-fuzzer 47224 61387 35423 0 3 0x4000082 thrsleep syz-fuzzer 47224 322378 35423 0 3 0x4000082 thrsleep syz-fuzzer 47224 203310 35423 0 3 0x4000082 thrsleep syz-fuzzer 47224 332071 35423 0 3 0x4000082 kqread syz-fuzzer 47224 22535 35423 0 3 0x4000082 thrsleep syz-fuzzer 35423 50945 5197 0 3 0x10008a pause ksh 5197 371683 70359 0 3 0x92 select sshd 70359 209008 1 0 3 0x80 select sshd 87356 261614 91516 73 3 0x100090 kqread syslogd 91516 475210 1 0 3 0x100082 netio syslogd 53049 99505 1 77 3 0x100090 poll dhclient 33011 280405 1 0 3 0x80 poll dhclient 59377 412355 0 0 3 0x14200 pgzero zerothread 91894 181692 0 0 3 0x14200 aiodoned aiodoned 12289 73505 0 0 3 0x14200 syncer update 44981 329915 0 0 3 0x14200 cleaner cleaner 48093 264055 0 0 3 0x14200 reaper reaper 59967 309912 0 0 3 0x14200 pgdaemon pagedaemon 39172 94286 0 0 3 0x14200 bored crynlk 12196 513369 0 0 3 0x14200 bored crypto 56615 162629 0 0 3 0x40014200 acpi0 acpi0 48453 93394 0 0 3 0x40014200 idle1 58924 354782 0 0 3 0x14200 bored softnet 71488 363243 0 0 3 0x14200 bored systqmp 32655 372307 0 0 3 0x14200 bored systq 38060 321260 0 0 3 0x40014200 bored softclock 85677 131408 0 0 3 0x40014200 idle0 1 155733 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper