panic: m_zero: M_READONLY Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *271432 38420 65534 0x10 0 0K syz-executor1 243159 34145 0 0x14000 0x200 1 reaper db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 m_free(ffffff007a550700) at m_free+0x17a sys/kern/uipc_mbuf.c:1267 m_freem(ffffffff) at m_freem+0x2d sys/kern/uipc_mbuf.c:525 vio_txeof(ffff800000173290) at vio_txeof+0x104 sys/dev/pv/if_vio.c:1140 vio_tx_intr(ffff800000173110) at vio_tx_intr+0x25 sys/dev/pv/if_vio.c:1116 intr_handler(a,ffff80000064d280) at intr_handler+0x6b sys/arch/amd64/amd64/intr.c:529 Xintr_ioapic_edge20_untramp(0,ffffffff813e62f0,0,18041969,a,0) at Xintr_ioapic_edge20_untramp+0x19f Xspllower(7f7ffffcb000,ffffff007f1246c0,0,1,ffffffff812ed8db,7f7fffecb000) at Xspllower+0xc pmap_write_protect(ffffff007a6afa10,ffffff0069a0ebf0,7f7fffecb000,1) at pmap_write_protect+0x311 sys/arch/amd64/amd64/pmap.c:1889 uvm_mapent_forkcopy(7f7fffecb000,7f7fffecb000,ffffff007a61d858,100000,ffffff007a6afa10) at uvm_mapent_forkcopy+0x19d pmap_protect sys/arch/amd64/compile/SYZKALLER/obj/machine/pmap.h:470 [inline] uvm_mapent_forkcopy(7f7fffecb000,7f7fffecb000,ffffff007a61d858,100000,ffffff007a6afa10) at uvm_mapent_forkcopy+0x19d sys/uvm/uvm_map.c:3809 uvmspace_fork(ffff8000210b6668) at uvmspace_fork+0x1c9 sys/uvm/uvm_map.c:3939 process_new(ffffffff81acd080,1,ffff8000210a2978) at process_new+0x1d9 sys/kern/kern_fork.c:272 fork1() at fork1+0x26d sys/kern/kern_fork.c:392 end trace frame: 0xffff8000211695d0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic m_zero: M_READONLY ddb{0}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 m_free(ffffff007a550700) at m_free+0x17a sys/kern/uipc_mbuf.c:1267 m_freem(ffffffff) at m_freem+0x2d sys/kern/uipc_mbuf.c:525 vio_txeof(ffff800000173290) at vio_txeof+0x104 sys/dev/pv/if_vio.c:1140 vio_tx_intr(ffff800000173110) at vio_tx_intr+0x25 sys/dev/pv/if_vio.c:1116 intr_handler(a,ffff80000064d280) at intr_handler+0x6b sys/arch/amd64/amd64/intr.c:529 Xintr_ioapic_edge20_untramp(0,ffffffff813e62f0,0,18041969,a,0) at Xintr_ioapic_edge20_untramp+0x19f Xspllower(7f7ffffcb000,ffffff007f1246c0,0,1,ffffffff812ed8db,7f7fffecb000) at Xspllower+0xc pmap_write_protect(ffffff007a6afa10,ffffff0069a0ebf0,7f7fffecb000,1) at pmap_write_protect+0x311 sys/arch/amd64/amd64/pmap.c:1889 uvm_mapent_forkcopy(7f7fffecb000,7f7fffecb000,ffffff007a61d858,100000,ffffff007a6afa10) at uvm_mapent_forkcopy+0x19d pmap_protect sys/arch/amd64/compile/SYZKALLER/obj/machine/pmap.h:470 [inline] uvm_mapent_forkcopy(7f7fffecb000,7f7fffecb000,ffffff007a61d858,100000,ffffff007a6afa10) at uvm_mapent_forkcopy+0x19d sys/uvm/uvm_map.c:3809 uvmspace_fork(ffff8000210b6668) at uvmspace_fork+0x1c9 sys/uvm/uvm_map.c:3939 process_new(ffffffff81acd080,1,ffff8000210a2978) at process_new+0x1d9 sys/kern/kern_fork.c:272 fork1() at fork1+0x26d sys/kern/kern_fork.c:392 syscall(0) at syscall+0x466 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x466 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,2,0,2,0,7f7ffffca290) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffca240, count: -16 ddb{0}> show registers rdi 0xffffffff81e323f0 kprintf_mutex rsi 0x5 rbp 0xffff800021169098 rbx 0xffff800021169138 rdx 0x3fd rcx 0 rax 0xffffffff81e14ff0 cpu_info_full_primary+0x1ff0 r8 0xffff800021169068 r9 0 r10 0xffff8000211692e8 r11 0xffffff007a54f870 r12 0x3000000008 r13 0xffff8000211690a8 r14 0x100 r15 0xffffffff81bed177 apollo_pio_rec+0x6e0d rip 0xffffffff811b599a db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff800021169098 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor1) pid=271432 stat=onproc flags process=10 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a3c38,0xffff8000210a2be0 process=0xffff8000210b6668 user=0xffff800021164000, vmspace=0xffffff007a61d648 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 81109 15067 73278 65534 3 0x90 nanosleep syz-executor0 73278 256925 71996 0 3 0x82 wait syz-executor0 *38420 271432 97081 65534 7 0x10 syz-executor1 97081 229749 71996 0 3 0x82 wait syz-executor1 89345 176319 0 0 3 0x14200 bored sosplice 71996 516837 18428 0 3 0x82 thrsleep syz-fuzzer 71996 355042 18428 0 3 0x4000082 nanosleep syz-fuzzer 71996 445212 18428 0 3 0x4000082 thrsleep syz-fuzzer 71996 190866 18428 0 2 0x4000082 syz-fuzzer 71996 52366 18428 0 3 0x4000082 thrsleep syz-fuzzer 71996 185877 18428 0 3 0x4000082 thrsleep syz-fuzzer 71996 323059 18428 0 3 0x4000082 nanosleep syz-fuzzer 71996 137239 18428 0 3 0x4000082 thrsleep syz-fuzzer 71996 271634 18428 0 3 0x4000082 thrsleep syz-fuzzer 71996 464063 18428 0 3 0x4000082 thrsleep syz-fuzzer 18428 177841 40744 0 3 0x10008a pause ksh 40744 302406 66287 0 3 0x92 select sshd 68098 311158 1 0 3 0x100083 ttyin getty 66287 429190 1 0 3 0x80 select sshd 87188 114645 87106 73 3 0x100090 kqread syslogd 87106 121873 1 0 3 0x100082 netio syslogd 32599 247974 1 77 3 0x100090 poll dhclient 10522 289304 1 0 3 0x80 poll dhclient 55251 387744 0 0 3 0x14200 pgzero zerothread 86336 473417 0 0 3 0x14200 aiodoned aiodoned 51998 192629 0 0 3 0x14200 syncer update 57640 411886 0 0 3 0x14200 cleaner cleaner 34145 243159 0 0 7 0x14200 reaper 35643 319513 0 0 3 0x14200 pgdaemon pagedaemon 22832 377428 0 0 3 0x14200 bored crynlk 91215 408185 0 0 3 0x14200 bored crypto 82510 429895 0 0 3 0x40014200 acpi0 acpi0 45021 419610 0 0 3 0x40014200 idle1 71982 81480 0 0 3 0x14200 bored softnet 69704 143110 0 0 3 0x14200 bored systqmp 5836 215615 0 0 3 0x14200 bored systq 12019 417903 0 0 3 0x40014200 bored softclock 46439 215715 0 0 3 0x40014200 idle0 1 462081 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper