panic: pool_p_free: mbufpl free list modified: page 0xfffffd806b05a000; item addr 0xfffffd806b05a800; offset 0x0=0x0 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833edc28) at panic+0x1cf sys/kern/subr_prf.c:198 pool_p_free(ffffffff839b1210,fffffd8068fe8390) at pool_p_free+0x28c sys/kern/subr_pool.c:1009 pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 pool_wakeup sys/kern/subr_pool.c:-1 [inline] pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 sys/kern/subr_pool.c:821 m_free(fffffd80701ae100) at m_free+0x1b2 sys/kern/uipc_mbuf.c:435 m_purge(fffffd80701ae100) at m_purge+0x68 m_freem sys/kern/uipc_mbuf.c:-1 [inline] m_purge(fffffd80701ae100) at m_purge+0x68 sys/kern/uipc_mbuf.c:523 sorele(ffff80000167e288) at sorele+0x186 sys/kern/uipc_socket.c:295 soclose(ffff80000167e288,0) at soclose+0x74f sys/kern/uipc_socket.c:499 soo_close(fffffd806ba79e90,ffff8000338da7e8) at soo_close+0x56 sys/kern/sys_socket.c:-1 fdrop(fffffd806ba79e90,ffff8000338da7e8) at fdrop+0x121 sys/kern/kern_descrip.c:1281 closef(fffffd806ba79e90,ffff8000338da7e8) at closef+0x190 sys/kern/kern_descrip.c:1265 fdfree(ffff8000338da7e8) at fdfree+0x115 sys/kern/kern_descrip.c:1196 exit1(ffff8000338da7e8,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff8000338da7e8,ffff80003c921b90,ffff80003c921ae0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 end trace frame: 0xffff80003c921b80, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pool_p_free: mbufpl free list modified: page 0xfffffd806b05a000; item addr 0xfffffd806b05a800; offset 0x0=0x0 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833edc28) at panic+0x1cf sys/kern/subr_prf.c:198 pool_p_free(ffffffff839b1210,fffffd8068fe8390) at pool_p_free+0x28c sys/kern/subr_pool.c:1009 pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 pool_wakeup sys/kern/subr_pool.c:-1 [inline] pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 sys/kern/subr_pool.c:821 m_free(fffffd80701ae100) at m_free+0x1b2 sys/kern/uipc_mbuf.c:435 m_purge(fffffd80701ae100) at m_purge+0x68 m_freem sys/kern/uipc_mbuf.c:-1 [inline] m_purge(fffffd80701ae100) at m_purge+0x68 sys/kern/uipc_mbuf.c:523 sorele(ffff80000167e288) at sorele+0x186 sys/kern/uipc_socket.c:295 soclose(ffff80000167e288,0) at soclose+0x74f sys/kern/uipc_socket.c:499 soo_close(fffffd806ba79e90,ffff8000338da7e8) at soo_close+0x56 sys/kern/sys_socket.c:-1 fdrop(fffffd806ba79e90,ffff8000338da7e8) at fdrop+0x121 sys/kern/kern_descrip.c:1281 closef(fffffd806ba79e90,ffff8000338da7e8) at closef+0x190 sys/kern/kern_descrip.c:1265 fdfree(ffff8000338da7e8) at fdfree+0x115 sys/kern/kern_descrip.c:1196 exit1(ffff8000338da7e8,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff8000338da7e8,ffff80003c921b90,ffff80003c921ae0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c921b90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c921b90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7744c3003f00, count: -16 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c921650 rbx 0 rdx 0 rcx 0 rax 0xffff8000338da7e8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xa110937940791ee9 r11 0xb039ac8341d50b60 r12 0 r13 0xfffffd8068fe8390 r14 0 r15 0x1 rip 0xffffffff82f95aa5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c921640 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=124924 pid=53416 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff8000338da7e8 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff8000338dafb0,0xffff8000338db258 process=0xffff8000338de898 user=0xffff80003c91c000, vmspace=0xfffffd806ce59d08 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 63060 319833 32731 0 2 0 syz-executor 63060 220022 32731 0 3 0x4000080 fsleep syz-executor 64939 380223 1696 0 3 0x80 nanoslp syz-executor 64939 367575 1696 0 3 0x4000080 sbwait syz-executor 64939 149871 1696 0 3 0x4000080 fsleep syz-executor 87017 316286 87509 0 3 0x80 nanoslp syz-executor 87017 100911 87509 0 3 0x4000080 lockf syz-executor 87017 478578 87509 0 3 0x4000080 lockf syz-executor 87017 183848 87509 0 3 0x4000080 fsleep syz-executor 28321 370401 62745 0 3 0x80 nanoslp syz-executor 28321 29794 62745 0 3 0x4000080 sbwait syz-executor 28321 102928 62745 0 3 0x4000080 fsleep syz-executor 2071 493984 1 0 3 0x100083 ttyin getty 32731 185736 8550 0 2 0xc82 syz-executor 72296 54306 8550 0 2 0xc82 syz-executor 62745 181436 8550 0 3 0x82 nanoslp syz-executor 78298 402345 8550 0 3 0x82 nanoslp syz-executor 87509 134365 8550 0 3 0x82 nanoslp syz-executor 1696 163013 8550 0 3 0x82 nanoslp syz-executor 51094 59139 8550 0 3 0x82 nanoslp syz-executor 99341 175760 8550 0 3 0x82 nanoslp syz-executor 8550 173881 68643 0 3 0x82 kqread syz-executor 68643 274226 53190 0 3 0x10008a sigsusp ksh 53190 461133 74734 0 3 0x98 kqread sshd-session 74734 167498 70543 0 3 0x92 kqread sshd-session 70543 53819 1 0 3 0x88 kqread sshd 97643 44496 3128 73 3 0x1100090 kqread syslogd 3128 346030 1 0 3 0x100082 sbwait syslogd 29755 414099 1 0 3 0x100080 kqread resolvd 62597 41562 84241 77 3 0x100092 kqread dhcpleased 35686 462534 84241 77 3 0x100092 kqread dhcpleased 84241 404657 1 0 3 0x80 kqread dhcpleased 50484 227075 0 0 3 0x14200 bored smr 67988 371804 0 0 2 0x14200 zerothread 49979 42795 0 0 3 0x14200 aiodoned aiodoned 17618 308216 0 0 3 0x14200 syncer update 98220 252639 0 0 3 0x14200 cleaner cleaner 3077 433126 0 0 3 0x14200 reaper reaper 63858 58861 0 0 3 0x14200 pgdaemon pagedaemon 10104 317042 0 0 3 0x14200 bored viomb 87290 273528 0 0 3 0x40014200 acpi0 acpi0 33817 181145 0 0 3 0x14200 bored softnet0 95610 211076 0 0 3 0x14200 smrbar systqmp 91848 430156 0 0 3 0x14200 bored systq 30852 50725 0 0 2 0x40014200 softclock 17591 345434 0 0 3 0x40014200 idle0 1 497769 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11053 12321K 13382K 166960K 13565 0 pcb 17 15K 16K 166960K 197 0 rtable 202 6K 7K 166960K 566 0 pf 31 13K 17K 166960K 85 0 ifaddr 39 7K 8K 166960K 71 0 ifgroup 46 2K 2K 166960K 97 0 sysctl 4 1K 9K 166960K 13 0 counters 32 17K 18K 166960K 58 0 ioctlops 0 0K 4K 166960K 320 0 iov 0 0K 16K 166960K 30 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1420 89K 89K 166960K 2117 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 5K 166960K 10 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 66 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 663 0 sigio 0 0K 0K 166960K 39 0 proc 60 59K 91K 166960K 600 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 269 0 in_multi 90 6K 7K 166960K 141 0 ether_multi 1 0K 0K 166960K 7 0 mrt 1 0K 0K 166960K 17 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 468 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 244 152K 168K 166960K 7576 0 UVM aobj 82 11K 11K 166960K 83 0 pinsyscall 39 78K 94K 166960K 1795 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 3 0K 1K 166960K 53 0 NDP 10 0K 1K 166960K 47 0 temp 76 9076K 9148K 166960K 35899 0 kqueue 13 20K 35K 166960K 120 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 211 0 208 3 0 3 3 0 8 2 rtentry 136 133 0 46 4 0 4 4 0 8 0 unpcb 144 1115 0 1098 6 0 6 6 0 8 5 syncache 336 6 0 6 1 0 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 736 421 0 415 7 0 7 7 0 8 6 arp 96 22 0 5 1 0 1 1 0 8 0 ipq 40 14 0 12 1 0 1 1 0 8 0 ipqe 40 37 0 35 1 0 1 1 0 8 0 inpcb 328 1079 0 971 12 2 10 12 0 8 0 nd6 112 29 0 9 1 0 1 1 0 8 0 pkpcb 40 37 0 37 1 0 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1072 21 0 21 1 0 1 1 0 8 1 pfstscr 40 2 0 1 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfqueue 320 1 0 0 1 0 1 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 128 7 0 3 1 0 1 1 0 8 0 pfstate 384 4 0 2 1 0 1 1 0 8 0 pfrule 1360 4 0 2 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 567 0 171 31 0 31 31 0 8 3 art_table 40 569 0 171 5 0 5 5 0 8 0 art_node 32 133 0 51 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 1 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 64 0 54 1 0 1 1 0 8 0 shmpl 112 77 0 0 3 0 3 3 0 8 0 dirhash 1024 29 0 12 3 0 3 3 0 8 0 dino2pl 256 2600 0 1146 92 0 92 92 0 8 0 ffsino 256 2600 0 1146 92 0 92 92 0 8 0 nchpl 144 3525 0 1829 64 0 64 64 0 8 0 rtmask 32 3 0 3 1 0 1 1 0 8 1 vnodes 216 3213 0 0 179 0 179 179 0 8 0 namei 1024 13445 0 13445 2 0 2 2 0 8 2 vcpupl 3904 3 0 1 1 0 1 1 0 8 0 vmpool 808 3 0 1 1 0 1 1 0 8 0 kstatmem 264 58 0 38 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 2 0 2 1 0 1 1 0 8 1 scxspl 216 13589 0 13589 4 0 4 4 1 8 4 plimitpl 152 187 0 170 1 0 1 1 0 8 0 sigapl 424 949 0 906 6 0 6 6 0 8 0 knotepl 120 317352 0 317305 23 12 11 23 0 8 8 kqueuepl 184 445 0 436 4 0 4 4 0 8 3 pipepl 304 171 0 143 3 0 3 3 0 8 0 fdescpl 448 934 0 904 5 0 5 5 0 8 1 filepl 120 7755 0 7428 15 0 15 15 0 8 5 lockfpl 104 325 0 319 2 0 2 2 0 8 1 lockfspl 48 87 0 83 1 0 1 1 0 8 0 sessionpl 144 26 0 18 1 0 1 1 0 8 0 pgrppl 48 38 0 22 1 0 1 1 0 8 0 ucredpl 104 671 0 658 1 0 1 1 0 8 0 zombiepl 144 910 0 906 1 0 1 1 0 8 0 processpl 1152 949 0 906 4 0 4 4 0 8 0 procpl 664 1744 0 1693 6 0 6 6 0 8 1 sosppl 176 5 0 5 1 0 1 1 0 8 1 sockpl 552 2464 0 2335 18 6 12 17 0 8 2 mcl64k 65536 30 0 30 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 5 0 5 1 0 1 1 0 8 1 mcl4k 4096 3124 0 3070 15 0 15 15 0 8 7 mcl2k 2048 655 0 653 2 0 2 2 0 8 1 mtagpl 96 57 0 15 2 0 2 2 0 8 0 mbufpl 256 12806 0 12620 102 71 31 76 0 8 17 bufpl 280 4671 0 109 326 0 326 326 0 8 0 anonpl 24 177339 0 166888 76 0 76 76 0 187 1 amapchunkpl 152 24937 0 24203 32 0 32 32 0 158 3 amappl16 200 3667 0 3407 32 5 27 27 0 8 0 amappl15 192 6 0 6 1 0 1 1 0 8 1 amappl14 184 435 0 434 1 0 1 1 0 8 0 amappl13 176 123 0 113 1 0 1 1 0 8 0 amappl12 168 1256 0 1227 2 0 2 2 0 8 0 amappl11 160 9 0 8 1 0 1 1 0 8 0 amappl10 152 64 0 54 1 0 1 1 0 8 0 amappl9 144 260 0 259 1 0 1 1 0 8 0 amappl8 136 109 0 107 1 0 1 1 0 8 0 amappl7 128 147 0 135 1 0 1 1 0 8 0 amappl6 120 159 0 158 1 0 1 1 0 8 0 amappl5 112 115 0 107 1 0 1 1 0 8 0 amappl4 104 272 0 255 1 0 1 1 0 8 0 amappl3 96 4794 0 4676 4 0 4 4 0 8 1 amappl2 88 540 0 488 2 0 2 2 0 8 0 amappl1 80 12329 0 11768 16 0 16 16 0 8 2 amappl 88 6742 0 6560 5 0 5 5 0 92 0 uvmvnodes 80 122 0 0 3 0 3 3 0 8 0 dma4096 4096 2 0 2 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 254 0 254 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 82 0 1 2 0 2 2 0 8 0 uaddrrnd 24 934 0 904 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 934 0 904 1 0 1 1 0 8 0 vmmpekpl 168 9209 0 9174 3 0 3 3 0 8 0 vmmpepl 168 68339 0 66228 103 0 103 103 0 357 6 vmsppl 368 933 0 904 4 0 4 4 0 8 1 rwobjpl 40 21436 0 20122 16 0 16 16 0 8 0 pdppl 4096 1880 0 1812 103 34 69 80 0 8 1 pvpl 32 454086 0 436584 156 0 156 156 0 265 12 pmappl 216 936 0 905 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 470 0 104 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833edc28) at panic+0x1cf sys/kern/subr_prf.c:198 pool_p_free(ffffffff839b1210,fffffd8068fe8390) at pool_p_free+0x28c sys/kern/subr_pool.c:1009 pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 pool_wakeup sys/kern/subr_pool.c:-1 [inline] pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 sys/kern/subr_pool.c:821 m_free(fffffd80701ae100) at m_free+0x1b2 sys/kern/uipc_mbuf.c:435 m_purge(fffffd80701ae100) at m_purge+0x68 m_freem sys/kern/uipc_mbuf.c:-1 [inline] m_purge(fffffd80701ae100) at m_purge+0x68 sys/kern/uipc_mbuf.c:523 sorele(ffff80000167e288) at sorele+0x186 sys/kern/uipc_socket.c:295 soclose(ffff80000167e288,0) at soclose+0x74f sys/kern/uipc_socket.c:499 soo_close(fffffd806ba79e90,ffff8000338da7e8) at soo_close+0x56 sys/kern/sys_socket.c:-1 fdrop(fffffd806ba79e90,ffff8000338da7e8) at fdrop+0x121 sys/kern/kern_descrip.c:1281 closef(fffffd806ba79e90,ffff8000338da7e8) at closef+0x190 sys/kern/kern_descrip.c:1265 fdfree(ffff8000338da7e8) at fdfree+0x115 sys/kern/kern_descrip.c:1196 exit1(ffff8000338da7e8,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff8000338da7e8,ffff80003c921b90,ffff80003c921ae0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c921b90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c921b90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7744c3003f00, count: -16 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833edc28) at panic+0x1cf sys/kern/subr_prf.c:198 pool_p_free(ffffffff839b1210,fffffd8068fe8390) at pool_p_free+0x28c sys/kern/subr_pool.c:1009 pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 pool_wakeup sys/kern/subr_pool.c:-1 [inline] pool_put(ffffffff839b1210,fffffd80701ae100) at pool_put+0x2a5 sys/kern/subr_pool.c:821 m_free(fffffd80701ae100) at m_free+0x1b2 sys/kern/uipc_mbuf.c:435 m_purge(fffffd80701ae100) at m_purge+0x68 m_freem sys/kern/uipc_mbuf.c:-1 [inline] m_purge(fffffd80701ae100) at m_purge+0x68 sys/kern/uipc_mbuf.c:523 sorele(ffff80000167e288) at sorele+0x186 sys/kern/uipc_socket.c:295 soclose(ffff80000167e288,0) at soclose+0x74f sys/kern/uipc_socket.c:499 soo_close(fffffd806ba79e90,ffff8000338da7e8) at soo_close+0x56 sys/kern/sys_socket.c:-1 fdrop(fffffd806ba79e90,ffff8000338da7e8) at fdrop+0x121 sys/kern/kern_descrip.c:1281 closef(fffffd806ba79e90,ffff8000338da7e8) at closef+0x190 sys/kern/kern_descrip.c:1265 fdfree(ffff8000338da7e8) at fdfree+0x115 sys/kern/kern_descrip.c:1196 exit1(ffff8000338da7e8,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff8000338da7e8,ffff80003c921b90,ffff80003c921ae0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c921b90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c921b90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7744c3003f00, count: -16