panic: pr_find_pagehead: mbufpl: incorrect page
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
pool_do_put(ffffff0006000100,ffffffff81e9a7d0) at pool_do_put+0x339
pool_put(0,ffffff0006000100) at pool_put+0x37 sys/kern/subr_pool.c:808
m_free(ffffff0006000100) at m_free+0x12c sys/kern/uipc_mbuf.c:447
mq_purge(ffff800001aec480) at mq_purge+0x6d m_freem sys/kern/uipc_mbuf.c:525 [inline]
mq_purge(ffff800001aec480) at mq_purge+0x6d ml_purge sys/kern/uipc_mbuf.c:1591 [inline]
mq_purge(ffff800001aec480) at mq_purge+0x6d sys/kern/uipc_mbuf.c:1695
switchclose(ffff800014ad9540,ffff800014ab63b8,ffffffff816c5927,ffff800014ab6360) at switchclose+0x77 sys/net/switchctl.c:323
spec_close(ffffffff81e40220) at spec_close+0x271 sys/kern/spec_vnops.c:553
VOP_CLOSE(ffffff002743b3b0,ffff800014ad9540,ffffff003f7c7ae0,3) at VOP_CLOSE+0x5f sys/kern/vfs_vops.c:174
vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc vn_close sys/kern/vfs_vnops.c:289 [inline]
vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc sys/kern/vfs_vnops.c:575
fdrop(ffffff0030467d30,ffff800014ad9540) at fdrop+0xa4 sys/kern/kern_descrip.c:1260
closef(ffff800014ad9540,ffffff00365d4d48) at closef+0xd5 sys/kern/kern_descrip.c:1244
fdfree(ffff8000149cf330) at fdfree+0x98 sys/kern/kern_descrip.c:1176
exit1(ffff800014ab6680,ffff800014ad9540,ffff8000149cf330) at exit1+0x22f sys/kern/kern_exit.c:194
end trace frame: 0xffff800014ab65a0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> show panic
pr_find_pagehead: mbufpl: incorrect page
ddb> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
pool_do_put(ffffff0006000100,ffffffff81e9a7d0) at pool_do_put+0x339
pool_put(0,ffffff0006000100) at pool_put+0x37 sys/kern/subr_pool.c:808
m_free(ffffff0006000100) at m_free+0x12c sys/kern/uipc_mbuf.c:447
mq_purge(ffff800001aec480) at mq_purge+0x6d m_freem sys/kern/uipc_mbuf.c:525 [inline]
mq_purge(ffff800001aec480) at mq_purge+0x6d ml_purge sys/kern/uipc_mbuf.c:1591 [inline]
mq_purge(ffff800001aec480) at mq_purge+0x6d sys/kern/uipc_mbuf.c:1695
switchclose(ffff800014ad9540,ffff800014ab63b8,ffffffff816c5927,ffff800014ab6360) at switchclose+0x77 sys/net/switchctl.c:323
spec_close(ffffffff81e40220) at spec_close+0x271 sys/kern/spec_vnops.c:553
VOP_CLOSE(ffffff002743b3b0,ffff800014ad9540,ffffff003f7c7ae0,3) at VOP_CLOSE+0x5f sys/kern/vfs_vops.c:174
vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc vn_close sys/kern/vfs_vnops.c:289 [inline]
vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc sys/kern/vfs_vnops.c:575
fdrop(ffffff0030467d30,ffff800014ad9540) at fdrop+0xa4 sys/kern/kern_descrip.c:1260
closef(ffff800014ad9540,ffffff00365d4d48) at closef+0xd5 sys/kern/kern_descrip.c:1244
fdfree(ffff8000149cf330) at fdfree+0x98 sys/kern/kern_descrip.c:1176
exit1(ffff800014ab6680,ffff800014ad9540,ffff8000149cf330) at exit1+0x22f sys/kern/kern_exit.c:194
sys_exit(ffffffff811f4743,ffff800014ab65a0,ffff800014ab6680) at sys_exit+0x13 sys/kern/kern_exit.c:94
syscall(0) at syscall+0x3e4
Xsyscall(6,1,0,1,0,7f7ffffbef60) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbef10, count: -17
ddb> show registers
rdi 0xffffffff81e19cf0 kprintf_mutex
rsi 0x5
rbp 0xffff800014ab6170
rbx 0xffff800014ab6210
rdx 0x3fd
rcx 0
rax 0
r8 0xffff800014ab6140
r9 0x8080808080808080
r10 0
r11 0xffffffff8187b6c0 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff800014ab6180
r14 0x100
r15 0xffffffff81be15f4 cmd0646_9_tim_udma+0x222a7
rip 0xffffffff815bf8fa db_enter+0xa
cs 0x8
rflags 0x246
rsp 0xffff800014ab6170
ss 0x10
db_enter+0xa: popq %rbp
ddb> show proc
PROC (syz-executor0) pid=489387 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=50, usrpri=82, nice=20
forw=0xffffffffffffffff, list=0xffff800014ad92e8,0xffffffff81e9c990
process=0xffff8000149cf330 user=0xffff800014ab1000, vmspace=0xffffff003f12bd68
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
11849 443173 1 0 3 0x100083 ttyin getty
78905 379566 0 0 3 0x14200 bored sosplice
35522 418724 39327 0 3 0x82 nanosleep syz-executor0
18362 70647 39327 0 3 0x2 biowait syz-executor1
39327 301419 33080 0 3 0x82 thrsleep syz-fuzzer
39327 99017 33080 0 3 0x4000082 nanosleep syz-fuzzer
39327 135020 33080 0 3 0x4000082 thrsleep syz-fuzzer
39327 523324 33080 0 3 0x4000082 thrsleep syz-fuzzer
39327 249734 33080 0 3 0x4000082 thrsleep syz-fuzzer
39327 279989 33080 0 3 0x4000082 thrsleep syz-fuzzer
39327 362394 33080 0 3 0x4000082 kqread syz-fuzzer
33080 60674 82577 0 3 0x10008a pause ksh
82577 319177 48930 0 3 0x92 select sshd
48930 177714 1 0 3 0x80 select sshd
33361 161877 29759 73 3 0x100090 kqread syslogd
29759 452299 1 0 3 0x100082 netio syslogd
66722 157790 1 77 3 0x100090 poll dhclient
90078 197229 1 0 3 0x80 poll dhclient
61733 68718 0 0 2 0x14200 zerothread
79094 110605 0 0 3 0x14200 aiodoned aiodoned
92739 213967 0 0 3 0x14200 syncer update
34209 417016 0 0 3 0x14200 cleaner cleaner
93094 515484 0 0 3 0x14200 reaper reaper
49598 302700 0 0 3 0x14200 pgdaemon pagedaemon
10373 472070 0 0 3 0x14200 bored crynlk
41129 134950 0 0 3 0x14200 bored crypto
28109 493184 0 0 3 0x40014200 acpi0 acpi0
69244 3119 0 0 3 0x14200 bored softnet
43987 204969 0 0 3 0x14200 bored systqmp
89151 174309 0 0 3 0x14200 bored systq
7141 282380 0 0 3 0x40014200 bored softclock
13970 393295 0 0 3 0x40014200 idle0
1 1316 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper