login: panic: pool_do_get: mcl2k free list modified: page 0xffffff00040b6000; item addr 0xffffff00040b6800; offset 0x0=0x999da37b978b69ca != 0x999da37bf87ddaef Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *341156 33589 0 0 0 0 syz-executor3031 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81eb5100,ffffffff81eb5100) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(ffffff0036f5d100,2) at pool_get+0x77 sys/kern/subr_pool.c:587 m_clget(ffffff00360b5350,ffff800014a32268,ffffff0036f5d100) at m_clget+0x1e0 sys/kern/uipc_mbuf.c:394 sys_setsockopt(ffff800014a70e00,ffff800014a32268,ffff800014a15338) at sys_setsockopt+0x105 sys/kern/uipc_syscalls.c:957 syscall(0) at syscall+0x3e4 Xsyscall(6,0,0,0,0,7f7ffffde844) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffde830, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic pool_do_get: mcl2k free list modified: page 0xffffff00040b6000; item addr 0xffffff00040b6800; offset 0x0=0x999da37b978b69ca != 0x999da37bf87ddaef ddb> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81eb5100,ffffffff81eb5100) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(ffffff0036f5d100,2) at pool_get+0x77 sys/kern/subr_pool.c:587 m_clget(ffffff00360b5350,ffff800014a32268,ffffff0036f5d100) at m_clget+0x1e0 sys/kern/uipc_mbuf.c:394 sys_setsockopt(ffff800014a70e00,ffff800014a32268,ffff800014a15338) at sys_setsockopt+0x105 sys/kern/uipc_syscalls.c:957 syscall(0) at syscall+0x3e4 Xsyscall(6,0,0,0,0,7f7ffffde844) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffde830, count: -8 ddb> show registers rdi 0xffffffff81e38b38 kprintf_mutex rsi 0x5 rbp 0xffff800014a70b20 rbx 0xffff800014a70bc0 rdx 0x3fd rcx 0 rax 0x1 r8 0xffff800014a70af0 r9 0x8080808080808080 r10 0x999da37b978b69ca r11 0xffffffff81687d20 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800014a70b30 r14 0x100 r15 0xffffffff81c47d22 cy_pio_rec+0xf15f rip 0xffffffff814c7f1a db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff800014a70b20 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (syz-executor3031) pid=341156 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800014a324c0,0xffffffff81e92b98 process=0xffff800014a15338 user=0xffff800014a6b000, vmspace=0xffffff003f12b108 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *33589 341156 61777 0 7 0 syz-executor3031 61777 292124 89307 0 3 0x82 nanosleep syz-executor3031 89307 95530 8664 0 3 0x10008a pause ksh 8664 409694 89304 0 3 0x92 select sshd 84182 90455 1 0 3 0x100083 ttyin getty 89304 210066 1 0 3 0x80 select sshd 61081 495008 23702 73 3 0x100090 kqread syslogd 23702 175307 1 0 3 0x100082 netio syslogd 4684 231992 1 77 3 0x100090 poll dhclient 36182 341702 1 0 3 0x80 poll dhclient 10934 41642 0 0 2 0x14200 zerothread 11148 4773 0 0 3 0x14200 aiodoned aiodoned 29028 63812 0 0 3 0x14200 syncer update 67240 188355 0 0 3 0x14200 cleaner cleaner 92205 219826 0 0 3 0x14200 reaper reaper 40842 349776 0 0 3 0x14200 pgdaemon pagedaemon 84649 476393 0 0 3 0x14200 bored crynlk 15197 279130 0 0 3 0x14200 bored crypto 85725 27827 0 0 3 0x40014200 acpi0 acpi0 78372 404472 0 0 3 0x14200 bored softnet 63471 171491 0 0 3 0x14200 bored systqmp 72978 482 0 0 3 0x14200 bored systq 62287 309622 0 0 3 0x40014200 bored softclock 39694 256938 0 0 3 0x40014200 idle0 1 223189 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper