ÇP¿??)cZJ5òªß³‚jfÉéžxƒë7Ã8«_oùÙ€Å<Ù5¹ì;VŠß¾y”•"d|0¨Ù&-V„u` „|”vš*œeHð§âs×¤.í",N¹fˆØkÉlAú‚ó®Èé¾h©Cqþù¼»&·Däåë7Ã8«_oùÙ€Å<Ù5¹ì;VŠß¾y”•"d|0¨Ù&-V„u` „|”vš*œeHð§âs×¤.í",N¹fˆØkÉlAú‚ó®Èé¾h©Cqþù¼»&·Däåpanic: pool_do_get: mbufpl free list modified: page 0xffffff002ae63000; item addr 0xffffff002ae63c00; offset 0x0=0x656bcb7f06000100 != 0x656bcb7f9453657b Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *497678 67787 0 0 0x4000000 0 syz-executor0 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81ec9518,ffffff002ae63400) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(1,2) at pool_get+0x77 sys/kern/subr_pool.c:587 m_get(10000,fff9ff91) at m_get+0x2f sys/kern/uipc_mbuf.c:237 switchwrite(ffffff000465e950,ffffff000465e950,ffff800014acc5a8) at switchwrite+0x1d3 sys/net/switchctl.c:251 spec_write(ffffffff81e21ed0) at spec_write+0xa0 sys/kern/spec_vnops.c:310 VOP_WRITE(1,ffffff000465e950,1,ffffff0036099968) at VOP_WRITE+0x65 sys/kern/vfs_vops.c:268 vn_write(ffffff0036099968,ffff800014acc5a8,ffffff91) at vn_write+0x161 sys/kern/vfs_vnops.c:397 dofilewritev(ffff800014acc6d0,1,ffff800014acc6e8,ffff800014a1d7a8,0) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_pwritev(ffff800014acc770,ffff800014a1d7a8,ffff8000149cfca8) at sys_pwritev+0xbf sys/kern/vfs_syscalls.c:3141 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffb8,0,4,c5f846f3010) at Xsyscall+0x128 end of kernel end trace frame: 0xc624bd5f7e0, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic pool_do_get: mbufpl free list modified: page 0xffffff002ae63000; item addr 0xffffff002ae63c00; offset 0x0=0x656bcb7f06000100 != 0x656bcb7f9453657b ddb> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81ec9518,ffffff002ae63400) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(1,2) at pool_get+0x77 sys/kern/subr_pool.c:587 m_get(10000,fff9ff91) at m_get+0x2f sys/kern/uipc_mbuf.c:237 switchwrite(ffffff000465e950,ffffff000465e950,ffff800014acc5a8) at switchwrite+0x1d3 sys/net/switchctl.c:251 spec_write(ffffffff81e21ed0) at spec_write+0xa0 sys/kern/spec_vnops.c:310 VOP_WRITE(1,ffffff000465e950,1,ffffff0036099968) at VOP_WRITE+0x65 sys/kern/vfs_vops.c:268 vn_write(ffffff0036099968,ffff800014acc5a8,ffffff91) at vn_write+0x161 sys/kern/vfs_vnops.c:397 dofilewritev(ffff800014acc6d0,1,ffff800014acc6e8,ffff800014a1d7a8,0) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_pwritev(ffff800014acc770,ffff800014a1d7a8,ffff8000149cfca8) at sys_pwritev+0xbf sys/kern/vfs_syscalls.c:3141 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffb8,0,4,c5f846f3010) at Xsyscall+0x128 end of kernel end trace frame: 0xc624bd5f7e0, count: -13 ddb> show registers rdi 0xffffffff81e1fa20 kprintf_mutex rsi 0xffffffff8136e039 db_enter+0x9 rbp 0xffff800014acc1f0 rbx 0xffff800014acc290 rdx 0xffff800002ad0000 rcx 0xb437 __ALIGN_SIZE+0xa437 rax 0xffff800002ad0000 r8 0xffff800014acc1c0 r9 0x8080808080808080 r10 0x656bcb7f06000100 r11 0xffffffff810b3d00 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800014acc200 r14 0x100 r15 0xffffffff81c4a1d1 cy_pio_rec+0x1142d rip 0xffffffff8136e03a db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff800014acc1f0 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (syz-executor0) pid=497678 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800014a1d2f8,0xffffffff81ed0438 process=0xffff8000149cfca8 user=0xffff800014ac7000, vmspace=0xffffff003f12b840 estcpu=32, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 67787 55232 63316 0 2 0 syz-executor0 *67787 497678 63316 0 7 0x4000000 syz-executor0 55506 414197 1 0 3 0x100083 ttyin getty 48131 11249 0 0 3 0x14200 bored sosplice 63316 341597 46145 0 3 0x82 nanosleep syz-executor0 75137 337841 46145 0 3 0x82 nanosleep syz-executor1 46145 453843 17815 0 3 0x82 thrsleep syz-fuzzer 46145 386671 17815 0 3 0x4000082 nanosleep syz-fuzzer 46145 457490 17815 0 3 0x4000082 thrsleep syz-fuzzer 46145 486329 17815 0 3 0x4000082 thrsleep syz-fuzzer 46145 360086 17815 0 3 0x4000082 kqread syz-fuzzer 46145 134705 17815 0 3 0x4000082 thrsleep syz-fuzzer 46145 76346 17815 0 3 0x4000082 thrsleep syz-fuzzer 17815 38211 29007 0 3 0x10008a pause ksh 29007 12622 11699 0 3 0x92 select sshd 11699 337374 1 0 3 0x80 select sshd 90137 418619 33952 73 3 0x100090 kqread syslogd 33952 365117 1 0 3 0x100082 netio syslogd 33188 459929 1 77 3 0x100090 poll dhclient 45753 47001 1 0 3 0x80 poll dhclient 25146 226561 0 0 2 0x14200 zerothread 78239 399201 0 0 3 0x14200 aiodoned aiodoned 59859 283963 0 0 3 0x14200 syncer update 24379 249399 0 0 3 0x14200 cleaner cleaner 56229 135365 0 0 3 0x14200 reaper reaper 51610 247778 0 0 3 0x14200 pgdaemon pagedaemon 20989 496837 0 0 3 0x14200 bored crynlk 55004 129973 0 0 3 0x14200 bored crypto 83442 492428 0 0 3 0x40014200 acpi0 acpi0 75098 274257 0 0 3 0x14200 bored softnet 15172 504977 0 0 3 0x14200 bored systqmp 5447 311952 0 0 3 0x14200 bored systq 93495 295650 0 0 3 0x40014200 bored softclock 73932 217991 0 0 3 0x40014200 idle0 1 188401 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper