panic: pr_find_pagehead: mbufpl: incorrect page Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_put(ffffff0006000100,ffffffff81e9a7d0) at pool_do_put+0x339 pool_put(0,ffffff0006000100) at pool_put+0x37 sys/kern/subr_pool.c:808 m_free(ffffff0006000100) at m_free+0x12c sys/kern/uipc_mbuf.c:447 mq_purge(ffff800001aec480) at mq_purge+0x6d m_freem sys/kern/uipc_mbuf.c:525 [inline] mq_purge(ffff800001aec480) at mq_purge+0x6d ml_purge sys/kern/uipc_mbuf.c:1591 [inline] mq_purge(ffff800001aec480) at mq_purge+0x6d sys/kern/uipc_mbuf.c:1695 switchclose(ffff800014ad9540,ffff800014ab63b8,ffffffff816c5927,ffff800014ab6360) at switchclose+0x77 sys/net/switchctl.c:323 spec_close(ffffffff81e40220) at spec_close+0x271 sys/kern/spec_vnops.c:553 VOP_CLOSE(ffffff002743b3b0,ffff800014ad9540,ffffff003f7c7ae0,3) at VOP_CLOSE+0x5f sys/kern/vfs_vops.c:174 vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc sys/kern/vfs_vnops.c:575 fdrop(ffffff0030467d30,ffff800014ad9540) at fdrop+0xa4 sys/kern/kern_descrip.c:1260 closef(ffff800014ad9540,ffffff00365d4d48) at closef+0xd5 sys/kern/kern_descrip.c:1244 fdfree(ffff8000149cf330) at fdfree+0x98 sys/kern/kern_descrip.c:1176 exit1(ffff800014ab6680,ffff800014ad9540,ffff8000149cf330) at exit1+0x22f sys/kern/kern_exit.c:194 end trace frame: 0xffff800014ab65a0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic pr_find_pagehead: mbufpl: incorrect page ddb> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_put(ffffff0006000100,ffffffff81e9a7d0) at pool_do_put+0x339 pool_put(0,ffffff0006000100) at pool_put+0x37 sys/kern/subr_pool.c:808 m_free(ffffff0006000100) at m_free+0x12c sys/kern/uipc_mbuf.c:447 mq_purge(ffff800001aec480) at mq_purge+0x6d m_freem sys/kern/uipc_mbuf.c:525 [inline] mq_purge(ffff800001aec480) at mq_purge+0x6d ml_purge sys/kern/uipc_mbuf.c:1591 [inline] mq_purge(ffff800001aec480) at mq_purge+0x6d sys/kern/uipc_mbuf.c:1695 switchclose(ffff800014ad9540,ffff800014ab63b8,ffffffff816c5927,ffff800014ab6360) at switchclose+0x77 sys/net/switchctl.c:323 spec_close(ffffffff81e40220) at spec_close+0x271 sys/kern/spec_vnops.c:553 VOP_CLOSE(ffffff002743b3b0,ffff800014ad9540,ffffff003f7c7ae0,3) at VOP_CLOSE+0x5f sys/kern/vfs_vops.c:174 vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(ffff800014ad9540,ffffff0030467d30) at vn_closefile+0xfc sys/kern/vfs_vnops.c:575 fdrop(ffffff0030467d30,ffff800014ad9540) at fdrop+0xa4 sys/kern/kern_descrip.c:1260 closef(ffff800014ad9540,ffffff00365d4d48) at closef+0xd5 sys/kern/kern_descrip.c:1244 fdfree(ffff8000149cf330) at fdfree+0x98 sys/kern/kern_descrip.c:1176 exit1(ffff800014ab6680,ffff800014ad9540,ffff8000149cf330) at exit1+0x22f sys/kern/kern_exit.c:194 sys_exit(ffffffff811f4743,ffff800014ab65a0,ffff800014ab6680) at sys_exit+0x13 sys/kern/kern_exit.c:94 syscall(0) at syscall+0x3e4 Xsyscall(6,1,0,1,0,7f7ffffbef60) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbef10, count: -17 ddb> show registers rdi 0xffffffff81e19cf0 kprintf_mutex rsi 0x5 rbp 0xffff800014ab6170 rbx 0xffff800014ab6210 rdx 0x3fd rcx 0 rax 0 r8 0xffff800014ab6140 r9 0x8080808080808080 r10 0 r11 0xffffffff8187b6c0 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800014ab6180 r14 0x100 r15 0xffffffff81be15f4 cmd0646_9_tim_udma+0x222a7 rip 0xffffffff815bf8fa db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff800014ab6170 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (syz-executor0) pid=489387 stat=onproc flags process=1008 proc=2000 pri=50, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800014ad92e8,0xffffffff81e9c990 process=0xffff8000149cf330 user=0xffff800014ab1000, vmspace=0xffffff003f12bd68 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 11849 443173 1 0 3 0x100083 ttyin getty 78905 379566 0 0 3 0x14200 bored sosplice 35522 418724 39327 0 3 0x82 nanosleep syz-executor0 18362 70647 39327 0 3 0x2 biowait syz-executor1 39327 301419 33080 0 3 0x82 thrsleep syz-fuzzer 39327 99017 33080 0 3 0x4000082 nanosleep syz-fuzzer 39327 135020 33080 0 3 0x4000082 thrsleep syz-fuzzer 39327 523324 33080 0 3 0x4000082 thrsleep syz-fuzzer 39327 249734 33080 0 3 0x4000082 thrsleep syz-fuzzer 39327 279989 33080 0 3 0x4000082 thrsleep syz-fuzzer 39327 362394 33080 0 3 0x4000082 kqread syz-fuzzer 33080 60674 82577 0 3 0x10008a pause ksh 82577 319177 48930 0 3 0x92 select sshd 48930 177714 1 0 3 0x80 select sshd 33361 161877 29759 73 3 0x100090 kqread syslogd 29759 452299 1 0 3 0x100082 netio syslogd 66722 157790 1 77 3 0x100090 poll dhclient 90078 197229 1 0 3 0x80 poll dhclient 61733 68718 0 0 2 0x14200 zerothread 79094 110605 0 0 3 0x14200 aiodoned aiodoned 92739 213967 0 0 3 0x14200 syncer update 34209 417016 0 0 3 0x14200 cleaner cleaner 93094 515484 0 0 3 0x14200 reaper reaper 49598 302700 0 0 3 0x14200 pgdaemon pagedaemon 10373 472070 0 0 3 0x14200 bored crynlk 41129 134950 0 0 3 0x14200 bored crypto 28109 493184 0 0 3 0x40014200 acpi0 acpi0 69244 3119 0 0 3 0x14200 bored softnet 43987 204969 0 0 3 0x14200 bored systqmp 89151 174309 0 0 3 0x14200 bored systq 7141 282380 0 0 3 0x40014200 bored softclock 13970 393295 0 0 3 0x40014200 idle0 1 1316 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper