panic: pr_find_pagehead: mbufpl: incorrect page Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_put(ffffff0006000100,ffffffff81ec4ba8) at pool_do_put+0x339 pool_put(0,ffffff0006000100) at pool_put+0x37 sys/kern/subr_pool.c:808 m_free(ffffff0006000100) at m_free+0x12c sys/kern/uipc_mbuf.c:447 mq_purge(ffff800002acd000) at mq_purge+0x6d m_freem sys/kern/uipc_mbuf.c:525 [inline] mq_purge(ffff800002acd000) at mq_purge+0x6d ml_purge sys/kern/uipc_mbuf.c:1591 [inline] mq_purge(ffff800002acd000) at mq_purge+0x6d sys/kern/uipc_mbuf.c:1695 switchclose(ffff800014a1cc00,ffff800014ac7e58,ffffffff812ea177,ffff800014ac7e00) at switchclose+0x77 sys/net/switchctl.c:323 spec_close(ffffffff81e0e210) at spec_close+0x271 sys/kern/spec_vnops.c:553 VOP_CLOSE(ffffff002be737c0,ffff800014a1cc00,ffffff003f7c7900,3) at VOP_CLOSE+0x5f sys/kern/vfs_vops.c:174 vn_closefile(ffff800014a1cc00,ffffff003033ff10) at vn_closefile+0xfc vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(ffff800014a1cc00,ffffff003033ff10) at vn_closefile+0xfc sys/kern/vfs_vnops.c:575 fdrop(ffffff003033ff10,ffff800014a1cc00) at fdrop+0xa4 sys/kern/kern_descrip.c:1260 closef(ffff800014a1cc00,ffffff00365e36a8) at closef+0xd5 sys/kern/kern_descrip.c:1244 fdfree(ffff800014a15cb0) at fdfree+0x98 sys/kern/kern_descrip.c:1176 exit1(ffff800014ac8120,ffff800014a1cc00,ffff800014a15cb0) at exit1+0x22f sys/kern/kern_exit.c:194 end trace frame: 0xffff800014ac8040, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic pr_find_pagehead: mbufpl: incorrect page ddb> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_put(ffffff0006000100,ffffffff81ec4ba8) at pool_do_put+0x339 pool_put(0,ffffff0006000100) at pool_put+0x37 sys/kern/subr_pool.c:808 m_free(ffffff0006000100) at m_free+0x12c sys/kern/uipc_mbuf.c:447 mq_purge(ffff800002acd000) at mq_purge+0x6d m_freem sys/kern/uipc_mbuf.c:525 [inline] mq_purge(ffff800002acd000) at mq_purge+0x6d ml_purge sys/kern/uipc_mbuf.c:1591 [inline] mq_purge(ffff800002acd000) at mq_purge+0x6d sys/kern/uipc_mbuf.c:1695 switchclose(ffff800014a1cc00,ffff800014ac7e58,ffffffff812ea177,ffff800014ac7e00) at switchclose+0x77 sys/net/switchctl.c:323 spec_close(ffffffff81e0e210) at spec_close+0x271 sys/kern/spec_vnops.c:553 VOP_CLOSE(ffffff002be737c0,ffff800014a1cc00,ffffff003f7c7900,3) at VOP_CLOSE+0x5f sys/kern/vfs_vops.c:174 vn_closefile(ffff800014a1cc00,ffffff003033ff10) at vn_closefile+0xfc vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(ffff800014a1cc00,ffffff003033ff10) at vn_closefile+0xfc sys/kern/vfs_vnops.c:575 fdrop(ffffff003033ff10,ffff800014a1cc00) at fdrop+0xa4 sys/kern/kern_descrip.c:1260 closef(ffff800014a1cc00,ffffff00365e36a8) at closef+0xd5 sys/kern/kern_descrip.c:1244 fdfree(ffff800014a15cb0) at fdfree+0x98 sys/kern/kern_descrip.c:1176 exit1(ffff800014ac8120,ffff800014a1cc00,ffff800014a15cb0) at exit1+0x22f sys/kern/kern_exit.c:194 sys_exit(ffffffff81040973,ffff800014ac8040,ffff800014ac8120) at sys_exit+0x13 sys/kern/kern_exit.c:94 syscall(0) at syscall+0x3e4 Xsyscall(6,1,0,1,0,7f7ffffbe7e0) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbe790, count: -17 ddb> show registers rdi 0xffffffff81e30ac8 kprintf_mutex rsi 0x5 rbp 0xffff800014ac7c10 rbx 0xffff800014ac7cb0 rdx 0x3fd rcx 0 rax 0 r8 0xffff800014ac7be0 r9 0x8080808080808080 r10 0 r11 0xffffffff814f29d0 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800014ac7c20 r14 0x100 r15 0xffffffff81be2b75 cmd0646_9_tim_udma+0x27309 rip 0xffffffff81b4814a db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff800014ac7c10 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (syz-executor1) pid=308519 stat=onproc flags process=1008 proc=2000 pri=50, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800014a1c750,0xffffffff81eb33c0 process=0xffff800014a15cb0 user=0xffff800014ac3000, vmspace=0xffffff003f12c420 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 24656 319264 1 0 3 0x100083 ttyin getty 70647 324078 0 0 3 0x14200 bored sosplice 23800 339073 96300 0 3 0x2 biowait syz-executor0 19876 66750 96300 0 3 0x82 nanosleep syz-executor1 96300 326905 45243 0 3 0x82 thrsleep syz-fuzzer 96300 108506 45243 0 3 0x4000082 thrsleep syz-fuzzer 96300 169528 45243 0 3 0x4000082 thrsleep syz-fuzzer 96300 299212 45243 0 3 0x4000082 thrsleep syz-fuzzer 96300 146158 45243 0 3 0x4000082 thrsleep syz-fuzzer 96300 328347 45243 0 3 0x4000082 thrsleep syz-fuzzer 96300 19002 45243 0 3 0x4000082 kqread syz-fuzzer 45243 53568 83661 0 3 0x10008a pause ksh 83661 215592 46097 0 3 0x92 select sshd 46097 396354 1 0 3 0x80 select sshd 6082 18991 48305 73 3 0x100090 kqread syslogd 48305 492119 1 0 3 0x100082 netio syslogd 75403 482194 1 77 3 0x100090 poll dhclient 92694 186544 1 0 3 0x80 poll dhclient 67750 491639 0 0 2 0x14200 zerothread 68068 479512 0 0 3 0x14200 aiodoned aiodoned 32910 429872 0 0 3 0x14200 syncer update 15681 295277 0 0 3 0x14200 cleaner cleaner 87440 509317 0 0 3 0x14200 reaper reaper 38597 368426 0 0 3 0x14200 pgdaemon pagedaemon 84520 517267 0 0 3 0x14200 bored crynlk 43249 66080 0 0 3 0x14200 bored crypto 27570 252781 0 0 3 0x40014200 acpi0 acpi0 63354 161641 0 0 3 0x14200 bored softnet 62831 263389 0 0 3 0x14200 bored systqmp 11806 271688 0 0 3 0x14200 bored systq 57104 288536 0 0 3 0x40014200 bored softclock 36268 100747 0 0 3 0x40014200 idle0 1 281361 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper