panic: pool_do_get: mbufpl free list modified: page 0xffffff00040bf000; item addr 0xffffff00040bfe00; offset 0x0=0xa19ffa3c06000100 != 0xa19ffa3c47b0ff4e Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *194504 58734 0 0 0x4000000 0 syz-executor0 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81eaffc8,ffffff00040bf500) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(1,2) at pool_get+0x77 sys/kern/subr_pool.c:587 m_get(0,2d) at m_get+0x2f sys/kern/uipc_mbuf.c:237 switchwrite(ffffff003d7f75a0,ffffff003d7f75a0,ffff800014ad5e18) at switchwrite+0x1d3 sys/net/switchctl.c:251 spec_write(ffffffff81e25078) at spec_write+0xa0 sys/kern/spec_vnops.c:310 VOP_WRITE(2d,ffffff003d7f75a0,1,ffff800014ad5e18) at VOP_WRITE+0x65 sys/kern/vfs_vops.c:268 vn_write(ffffff00303e6bc8,ffff800014ad5e18,2d) at vn_write+0x127 sys/kern/vfs_vnops.c:397 dofilewritev(ffff800014a1d5a0,ffff800014ad5ec0,2d,ffff800014ad5ed8,102f28e8778) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_write(ffff800014ad5f60,ffff800014a1d5a0,ffff800014a16628) at sys_write+0x6e sys/kern/sys_generic.c:283 syscall(0) at syscall+0x3e4 Xsyscall(6,0,c,0,3,10003643010) at Xsyscall+0x128 end of kernel end trace frame: 0x102f28e8800, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic pool_do_get: mbufpl free list modified: page 0xffffff00040bf000; item addr 0xffffff00040bfe00; offset 0x0=0xa19ffa3c06000100 != 0xa19ffa3c47b0ff4e ddb> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81eaffc8,ffffff00040bf500) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(1,2) at pool_get+0x77 sys/kern/subr_pool.c:587 m_get(0,2d) at m_get+0x2f sys/kern/uipc_mbuf.c:237 switchwrite(ffffff003d7f75a0,ffffff003d7f75a0,ffff800014ad5e18) at switchwrite+0x1d3 sys/net/switchctl.c:251 spec_write(ffffffff81e25078) at spec_write+0xa0 sys/kern/spec_vnops.c:310 VOP_WRITE(2d,ffffff003d7f75a0,1,ffff800014ad5e18) at VOP_WRITE+0x65 sys/kern/vfs_vops.c:268 vn_write(ffffff00303e6bc8,ffff800014ad5e18,2d) at vn_write+0x127 sys/kern/vfs_vnops.c:397 dofilewritev(ffff800014a1d5a0,ffff800014ad5ec0,2d,ffff800014ad5ed8,102f28e8778) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_write(ffff800014ad5f60,ffff800014a1d5a0,ffff800014a16628) at sys_write+0x6e sys/kern/sys_generic.c:283syscall(0) at syscall+0x3e4 Xsyscall(6,0,c,0,3,10003643010) at Xsyscall+0x128 end of kernel end trace frame: 0x102f28e8800, count: -13 ddb> show registers rdi 0xffffffff81e310e0 kprintf_mutex rsi 0xffffffff81128c39 db_enter+0x9 rbp 0xffff800014ad5a60 rbx 0xffff800014ad5b00 rdx 0xffff800000acb000 rcx 0x43cb __ALIGN_SIZE+0x33cb rax 0xffff800000acb000 r8 0xffff800014ad5a30 r9 0x8080808080808080 r10 0xa19ffa3c06000100 r11 0xffffffff81a92f60 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800014ad5a70 r14 0x100 r15 0xffffffff81c49b8a cy_pio_rec+0x12884 rip 0xffffffff81128c3a db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff800014ad5a60 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (syz-executor0) pid=194504 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800014a1c2e0,0xffffffff81eb10d0 process=0xffff800014a16628 user=0xffff800014ad1000, vmspace=0xffffff003f12bc60 estcpu=32, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 58734 450430 6461 0 2 0 syz-executor0 *58734 194504 6461 0 7 0x4000000 syz-executor0 73079 445120 1 0 3 0x100083 ttyin getty 59064 306706 0 0 3 0x14200 bored sosplice 94671 38124 77445 0 3 0x2 biowait syz-executor1 6461 46707 77445 0 3 0x82 nanosleep syz-executor0 77445 154069 17516 0 3 0x82 thrsleep syz-fuzzer 77445 370546 17516 0 3 0x4000082 nanosleep syz-fuzzer 77445 11864 17516 0 3 0x4000082 thrsleep syz-fuzzer 77445 118 17516 0 3 0x4000082 thrsleep syz-fuzzer 77445 308928 17516 0 3 0x4000082 thrsleep syz-fuzzer 77445 506765 17516 0 3 0x4000082 thrsleep syz-fuzzer 77445 213021 17516 0 3 0x4000082 kqread syz-fuzzer 17516 368768 66063 0 3 0x10008a pause ksh 66063 214176 925 0 3 0x92 select sshd 925 328685 1 0 3 0x80 select sshd 96526 388162 68062 73 3 0x100090 kqread syslogd 68062 458642 1 0 3 0x100082 netio syslogd 84661 86411 1 77 3 0x100090 poll dhclient 48142 478631 1 0 3 0x80 poll dhclient 89070 227605 0 0 2 0x14200 zerothread 1608 492157 0 0 3 0x14200 aiodoned aiodoned 36036 16379 0 0 3 0x14200 syncer update 3715 419487 0 0 3 0x14200 cleaner cleaner 34962 281772 0 0 3 0x14200 reaper reaper 69405 341935 0 0 3 0x14200 pgdaemon pagedaemon 7629 254001 0 0 3 0x14200 bored crynlk 83424 101321 0 0 3 0x14200 bored crypto 84239 170 0 0 3 0x40014200 acpi0 acpi0 57443 43944 0 0 3 0x14200 bored softnet 24866 358649 0 0 3 0x14200 bored systqmp 82092 129126 0 0 3 0x14200 bored systq 37583 29130 0 0 3 0x40014200 bored softclock 52048 265440 0 0 3 0x40014200 idle0 1 135525 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper