panic: pool_do_get: mbufpl free list modified: page 0xffffff003ceb5000; item addr 0xffffff003ceb5900; offset 0x0=0x7769372006000100 != 0x77693720bd245618 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *448590 96870 0 0x12 0 0 sshd db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81e94370,0) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(ffff800014a57fd8,214) at pool_get+0x77 sys/kern/subr_pool.c:587 m_copym(ffffff003ceb5800,34,ffff800000ac9980,ffffff003ceb5500) at m_copym+0x136 m_get sys/kern/uipc_mbuf.c:237 [inline] m_copym(ffffff003ceb5800,34,ffff800000ac9980,ffffff003ceb5500) at m_copym+0x136 sys/kern/uipc_mbuf.c:655 tcp_output(ffff800014a339d8) at tcp_output+0x108d sys/netinet/tcp_output.c:673 tcp_usrreq(41b8,ffffff0036330788,0,ffffff003ceb5000,0,b7ee3adf18c655cb) at tcp_usrreq+0x1c0 sys/netinet/tcp_usrreq.c:331 sosend(ffffff00360a64b8,ffff800014a58328,214,ffff800014a583d0,0,b7ee3adf18c655cb) at sosend+0x462 sys/kern/uipc_socket.c:513 dofilewritev(ffff800014a339d8,ffff800014a583d0,214,ffff800014a583e0,7f7ffffc7bc8) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_write(ffff800014a58470,ffff800014a339d8,ffff800014a15cb0) at sys_write+0x6e sys/kern/sys_generic.c:283 syscall(0) at syscall+0x3e4 Xsyscall(6,4,17dfc30099b3,4,3,17e29da469c0) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc7be0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic pool_do_get: mbufpl free list modified: page 0xffffff003ceb5000; item addr 0xffffff003ceb5900; offset 0x0=0x7769372006000100 != 0x77693720bd245618 ddb> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81e94370,0) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(ffff800014a57fd8,214) at pool_get+0x77 sys/kern/subr_pool.c:587 m_copym(ffffff003ceb5800,34,ffff800000ac9980,ffffff003ceb5500) at m_copym+0x136 m_get sys/kern/uipc_mbuf.c:237 [inline]tcp_output(ffff800014a339d8) at tcp_output+0x108d m_copym(ffffff003ceb5800,34,ffff800000ac9980,ffffff003ceb5500) at m_copym+0x136 sys/kern/uipc_mbuf.c:655tcp_output(ffff800014a339d8) at tcp_output+0x108d tcp_usrreq(41b8,ffffff0036330788,0,ffffff003ceb5000,0,b7ee3adf18c655cb) at tcp_usrreq+0x1c0 sys/netinet/tcp_usrreq.c:331 sosend(ffffff00360a64b8,ffff800014a58328,214,ffff800014a583d0,0,b7ee3adf18c655cb) at sosend+0x462 sys/kern/uipc_socket.c:513 dofilewritev(ffff800014a339d8,ffff800014a583d0,214,ffff800014a583e0,7f7ffffc7bc8) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_write(ffff800014a58470,ffff800014a339d8,ffff800014a15cb0) at sys_write+0x6e sys/kern/sys_generic.c:283syscall(0) at syscall+0x3e4 Xsyscall(6,4,17dfc30099b3,4,3,17e29da469c0) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc7be0, count: -12 ddb> show registers rdi 0xffffffff81e39300 kprintf_mutex rsi 0x5 rbp 0xffff800014a57e20 rbx 0xffff800014a57ec0 rdx 0x3fd rcx 0 rax 0 r8 0xffff800014a57df0 r9 0x8080808080808080 r10 0x7769372006000100 r11 0xffffffff81782140 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800014a57e30 r14 0x100 r15 0xffffffff81c4a5aa cy_pio_rec+0xfd4e rip 0xffffffff8180489a db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff800014a57e20 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (sshd) pid=448590 stat=onproc flags process=12 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800014a33c30,0xffff800014a32bd8 process=0xffff800014a15cb0 user=0xffff800014a53000, vmspace=0xffffff003f12b948 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 41828 157322 1 0 3 0x100083 ttyin getty 52695 395537 0 0 3 0x14200 bored sosplice 93730 92131 56026 0 3 0x2 biowait syz-executor0 24733 240299 56026 0 2 0x2 syz-executor1 56026 4410 60468 0 3 0x82 thrsleep syz-fuzzer 56026 180253 60468 0 3 0x4000082 nanosleep syz-fuzzer 56026 145620 60468 0 3 0x4000082 thrsleep syz-fuzzer 56026 341747 60468 0 3 0x4000082 thrsleep syz-fuzzer 56026 414328 60468 0 2 0x4000002 syz-fuzzer 56026 471063 60468 0 3 0x4000082 thrsleep syz-fuzzer 56026 437027 60468 0 3 0x4000082 thrsleep syz-fuzzer 60468 97203 96870 0 3 0x10008a pause ksh *96870 448590 43318 0 7 0x12 sshd 43318 108829 1 0 3 0x80 select sshd 23090 48791 63431 73 3 0x100090 kqread syslogd 63431 120811 1 0 3 0x100082 netio syslogd 40679 419319 1 77 3 0x100090 poll dhclient 24353 274797 1 0 3 0x80 poll dhclient 46508 416226 0 0 3 0x14200 pgzero zerothread 55438 334716 0 0 3 0x14200 aiodoned aiodoned 14268 343129 0 0 3 0x14200 syncer update 26673 100384 0 0 3 0x14200 cleaner cleaner 40926 282011 0 0 3 0x14200 reaper reaper 74028 113191 0 0 3 0x14200 pgdaemon pagedaemon 61523 243815 0 0 3 0x14200 bored crynlk 81597 494328 0 0 3 0x14200 bored crypto 3181 100080 0 0 3 0x40014200 acpi0 acpi0 8109 320375 0 0 3 0x14200 bored softnet 83192 228237 0 0 3 0x14200 bored systqmp 18553 499308 0 0 3 0x14200 bored systq 92340 473805 0 0 3 0x40014200 bored softclock 75351 407114 0 0 3 0x40014200 idle0 1 7216 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper