panic: pool_cache_item_magic_check: mcl2k cpu free list modified: item addr 0xffffff0005ff0800+24 0x470a1ed9891e12b2!=0x470a1ed98f1e62b2 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 112107 39847 65534 0x10 0 1 syz-executor0 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_cache_get(2) at pool_cache_get+0x2bf pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline] pool_cache_get(2) at pool_cache_get+0x2bf sys/kern/subr_pool.c:1892 pool_get(ffffff006efb9900,2) at pool_get+0x60 sys/kern/subr_pool.c:577 m_clget(10,ffff800000173000,1) at m_clget+0x204 sys/kern/uipc_mbuf.c:394 vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 vio_add_rx_mbuf sys/dev/pv/if_vio.c:906 [inline] vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 sys/dev/pv/if_vio.c:950 vio_rx_intr(ffff80000064d200) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1062 intr_handler(0,ffff80000064d180) at intr_handler+0x70 sys/arch/amd64/amd64/intr.c:529 Xintr_ioapic_edge19_untramp(0,0,1388,18041969,ffff800000022a00,ffff800000022a00) at Xintr_ioapic_edge19_untramp+0x19f acpicpu_idle() at acpicpu_idle+0x251 sys/dev/acpi/acpicpu.c:1187 sched_idle(0) at sched_idle+0x374 sys/kern/kern_sched.c:177 end trace frame: 0x0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic pool_cache_item_magic_check: mcl2k cpu free list modified: item addr 0xffffff0005ff0800+24 0x470a1ed9891e12b2!=0x470a1ed98f1e62b2 ddb{0}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_cache_get(2) at pool_cache_get+0x2bf pool_cache_item_magic_check sys/kern/subr_pool.c:1789 [inline] pool_cache_get(2) at pool_cache_get+0x2bf sys/kern/subr_pool.c:1892 pool_get(ffffff006efb9900,2) at pool_get+0x60 sys/kern/subr_pool.c:577 m_clget(10,ffff800000173000,1) at m_clget+0x204 sys/kern/uipc_mbuf.c:394 vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 vio_add_rx_mbuf sys/dev/pv/if_vio.c:906 [inline] vio_populate_rx_mbufs(ffff800000173050) at vio_populate_rx_mbufs+0xd4 sys/dev/pv/if_vio.c:950 vio_rx_intr(ffff80000064d200) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1062 intr_handler(0,ffff80000064d180) at intr_handler+0x70 sys/arch/amd64/amd64/intr.c:529 Xintr_ioapic_edge19_untramp(0,0,1388,18041969,ffff800000022a00,ffff800000022a00) at Xintr_ioapic_edge19_untramp+0x19f acpicpu_idle() at acpicpu_idle+0x251 sys/dev/acpi/acpicpu.c:1187 sched_idle(0) at sched_idle+0x374 sys/kern/kern_sched.c:177 end trace frame: 0x0, count: -11 ddb{0}> show registers rdi 0xffffffff81e53648 kprintf_mutex rsi 0x5 rbp 0xffff800021039b30 rbx 0xffff800021039bd0 rdx 0x3fd rcx 0 rax 0xffffffff81e40ff0 cpu_info_full_primary+0x1ff0 r8 0xffff800021039b00 r9 0x8080808080808080 r10 0 r11 0xffffffff811c6fd0 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800021039b40 r14 0x100 r15 0xffffffff81bf6405 cmd0646_9_tim_udma+0x1db0b rip 0xffffffff81711a9a db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff800021039b30 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (idle0) pid=262793 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=86, nice=20 forw=0xf020c0138211c8a3, list=0xffff800021031770,0xffff800021030bc8 process=0xffff8000210332f0 user=0xffff800021034000, vmspace=0xffffffff81ec6008 estcpu=36, cpticks=188362, pctcpu=0.0 user=0, sys=0, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 39847 112107 33109 65534 7 0x10 syz-executor0 62824 435401 70508 65534 3 0x10 biowait syz-executor1 70508 251766 80055 0 3 0x82 wait syz-executor1 33109 110118 78900 65534 3 0x90 nanosleep syz-executor0 78900 74026 80055 0 3 0x82 wait syz-executor0 29202 148140 0 0 3 0x14200 bored sosplice 80055 67422 55568 0 3 0x82 thrsleep syz-fuzzer 80055 48350 55568 0 3 0x4000082 nanosleep syz-fuzzer 80055 83683 55568 0 3 0x4000082 thrsleep syz-fuzzer 80055 101438 55568 0 3 0x4000082 kqread syz-fuzzer 80055 163128 55568 0 3 0x4000082 thrsleep syz-fuzzer 80055 454700 55568 0 3 0x4000082 thrsleep syz-fuzzer 80055 207280 55568 0 3 0x4000082 thrsleep syz-fuzzer 80055 249698 55568 0 3 0x4000082 nanosleep syz-fuzzer 80055 284324 55568 0 3 0x4000082 thrsleep syz-fuzzer 80055 226592 55568 0 3 0x4000082 thrsleep syz-fuzzer 55568 62581 15992 0 3 0x10008a pause ksh 15992 312713 86149 0 3 0x92 select sshd 13541 59165 1 0 3 0x100083 ttyin getty 86149 243509 1 0 3 0x80 select sshd 66019 442565 19526 73 3 0x100090 kqread syslogd 19526 413874 1 0 3 0x100082 netio syslogd 83616 352584 1 77 3 0x100090 poll dhclient 26573 161556 1 0 3 0x80 poll dhclient 5090 59519 0 0 2 0x14200 zerothread 75075 75751 0 0 3 0x14200 aiodoned aiodoned 54607 188728 0 0 3 0x14200 syncer update 71534 470214 0 0 3 0x14200 cleaner cleaner 13053 55157 0 0 3 0x14200 reaper reaper 63093 150174 0 0 3 0x14200 pgdaemon pagedaemon 87552 491003 0 0 3 0x14200 bored crynlk 83553 428191 0 0 3 0x14200 bored crypto 90493 280458 0 0 3 0x40014200 acpi0 acpi0 19516 478681 0 0 3 0x40014200 idle1 79885 37459 0 0 2 0x14200 softnet 20543 266593 0 0 3 0x14200 bored systqmp 86567 355122 0 0 3 0x14200 bored systq 84542 234435 0 0 3 0x40014200 bored softclock *79507 262793 0 0 7 0x40014200 idle0 1 432109 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper