panic: pool_do_get: mbufpl free list modified: page 0xffffff006d91c000; item addr 0xffffff006d91c100; offset 0x0=0x67e605f006000100 != 0x67e605f0b564c0aa Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 64698 28290 0 0x12 0 0 sshd db_enter() at db_enter+0xa panic() at panic+0x147 pool_do_get(2,ffffffff81ecbc58,0) at pool_do_get+0x3ae pool_get(ffff8000210b0888,23c) at pool_get+0x77 m_copym(ffffff006d91c200,34,ffff800000ac8cc0,ffffff006d91c300) at m_copym+0x136 tcp_output(ffff8000210c39d8) at tcp_output+0x108d tcp_usrreq(3e30,ffffff006e6f6488,0,ffffff006d91c900,0,6eb6b414bf3ea56) at tcp_usrreq+0x1c0 sosend(ffffff006e481350,ffff8000210b0bd8,23c,ffff8000210b0c80,0,6eb6b414bf3ea56) at sosend+0x462 dofilewritev(ffff8000210c39d8,ffff8000210b0c80,23c,ffff8000210b0c90,7f7ffffd6468) at dofilewritev+0x13e sys_write(ffff8000210b0d20,ffff8000210c39d8,ffff8000210a5338) at sys_write+0x6e syscall(0) at syscall+0x3e4 Xsyscall(6,4,f3d0f4099b3,4,3,f3f5292fd80) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd6480, count: 3 --db_more-- https://www.openbsd.org/ddb.html describes the minimum info required in bug --db_more-- reports. Insufficient info makes it difficult to find and fix bugs. ddb> et $lines = 0 No such command ddb> show panic pool_do_get: mbufpl free list modified: page 0xffffff006d91c000; item addr 0xffffff006d91c100; offset 0x0=0x67e605f006000100 != 0x67e605f0b564c0aa ddb> trace db_enter() at db_enter+0xa panic() at panic+0x147 pool_do_get(2,ffffffff81ecbc58,0) at pool_do_get+0x3ae pool_get(ffff8000210b0888,23c) at pool_get+0x77 m_copym(ffffff006d91c200,34,ffff800000ac8cc0,ffffff006d91c300) at m_copym+0x136 tcp_output(ffff8000210c39d8) at tcp_output+0x108d tcp_usrreq(3e30,ffffff006e6f6488,0,ffffff006d91c900,0,6eb6b414bf3ea56) at tcp_usrreq+0x1c0 sosend(ffffff006e481350,ffff8000210b0bd8,23c,ffff8000210b0c80,0,6eb6b414bf3ea56) at sosend+0x462 dofilewritev(ffff8000210c39d8,ffff8000210b0c80,23c,ffff8000210b0c90,7f7ffffd6468) at dofilewritev+0x13e sys_write(ffff8000210b0d20,ffff8000210c39d8,ffff8000210a5338) at sys_write+0x6e syscall(0) at syscall+0x3e4 Xsyscall(6,4,f3d0f4099b3,4,3,f3f5292fd80) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd6480, count: -12 ddb> show registers rdi 0xffffffff81e10dd8 kprintf_mutex rsi 0x5 rbp 0xffff8000210b06d0 rbx 0xffff8000210b0770 rdx 0x3fd rcx 0 rax 0 r8 0xffff8000210b06a0 r9 0x8080808080808080 r10 0x67e605f006000100 r11 0xffffffff8174f9a0 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff8000210b06e0 r14 0x100 r15 0xffffffff81c46ed0 cy_pio_rec+0xeef4 rip 0xffffffff81679b8a db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff8000210b06d0 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (sshd) pid=64698 stat=onproc flags process=12 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000210c3c30,0xffff8000210c3088 process=0xffff8000210a5338 user=0xffff8000210ab000, vmspace=0xffffff007f12ba50 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 5510 241860 1 0 3 0x100083 ttyin getty 63094 210025 0 0 3 0x14200 bored sosplice 63747 229534 37659 0 3 0x2 biowait syz-executor0 2140 11222 37659 0 2 0x2 syz-executor1 37659 344307 6978 0 3 0x82 thrsleep syz-fuzzer 37659 262439 6978 0 3 0x4000082 nanosleep syz-fuzzer 37659 222391 6978 0 3 0x4000082 thrsleep syz-fuzzer 37659 470597 6978 0 3 0x4000082 thrsleep syz-fuzzer 37659 323259 6978 0 3 0x4000082 thrsleep syz-fuzzer 37659 73001 6978 0 3 0x4000082 thrsleep syz-fuzzer 37659 346940 6978 0 2 0x4000002 syz-fuzzer 6978 356727 28290 0 3 0x10008a pause ksh *28290 64698 4658 0 7 0x12 sshd 4658 241952 1 0 3 0x80 select sshd 63594 71371 71666 73 3 0x100090 kqread syslogd 71666 47485 1 0 3 0x100082 netio syslogd 89551 343666 1 77 3 0x100090 poll dhclient 96092 242413 1 0 3 0x80 poll dhclient 29242 306823 0 0 3 0x14200 pgzero zerothread 35429 265261 0 0 3 0x14200 aiodoned aiodoned 54934 13174 0 0 3 0x14200 syncer update