panic: pool_do_get: mbufpl free list modified: page 0xffffff00352d8000; item addr 0xffffff00352d8200; offset 0x0=0x18b4eac06000100 != 0x18b4eac6393182b Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *479391 31672 0 0x12 0 0 sshd db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81e9ead8,580) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(ffff8000149f4aa8,2a4) at pool_get+0x77 sys/kern/subr_pool.c:587 m_copym(ffffff00352d8100,34,ffff800000ac9100,ffffff003e103600) at m_copym+0x136 m_get sys/kern/uipc_mbuf.c:237 [inline] m_copym(ffffff00352d8100,34,ffff800000ac9100,ffffff003e103600) at m_copym+0x136 sys/kern/uipc_mbuf.c:655 tcp_output(ffff800014a33780) at tcp_output+0x108d sys/netinet/tcp_output.c:673 tcp_usrreq(37e8,ffffff0036342008,0,ffffff003e103f00,0,791c67a604d6e385) at tcp_usrreq+0x1c0 sys/netinet/tcp_usrreq.c:331 sosend(ffffff00360af620,ffff8000149f4df8,824,ffff8000149f4ea0,0,791c67a604d6e385) at sosend+0x462 sys/kern/uipc_socket.c:513 dofilewritev(ffff800014a33780,ffff8000149f4ea0,824,ffff8000149f4eb0,7f7ffffee308) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_write(ffff8000149f4f40,ffff800014a33780,ffff800014a15338) at sys_write+0x6e sys/kern/sys_generic.c:283 syscall(0) at syscall+0x3e4 Xsyscall(6,4,1086ee4099b3,4,3,108980c624c0) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffee320, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic pool_do_get: mbufpl free list modified: page 0xffffff00352d8000; item addr 0xffffff00352d8200; offset 0x0=0x18b4eac06000100 != 0x18b4eac6393182b ddb> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 pool_do_get(2,ffffffff81e9ead8,580) at pool_do_get+0x3ae sys/kern/subr_pool.c:752 pool_get(ffff8000149f4aa8,2a4) at pool_get+0x77 sys/kern/subr_pool.c:587 m_copym(ffffff00352d8100,34,ffff800000ac9100,ffffff003e103600) at m_copym+0x136 m_get sys/kern/uipc_mbuf.c:237 [inline]tcp_output(ffff800014a33780) at tcp_output+0x108d m_copym(ffffff00352d8100,34,ffff800000ac9100,ffffff003e103600) at m_copym+0x136 sys/kern/uipc_mbuf.c:655tcp_output(ffff800014a33780) at tcp_output+0x108d tcp_usrreq(37e8,ffffff0036342008,0,ffffff003e103f00,0,791c67a604d6e385) at tcp_usrreq+0x1c0 sys/netinet/tcp_usrreq.c:331 sosend(ffffff00360af620,ffff8000149f4df8,824,ffff8000149f4ea0,0,791c67a604d6e385) at sosend+0x462 sys/kern/uipc_socket.c:513 dofilewritev(ffff800014a33780,ffff8000149f4ea0,824,ffff8000149f4eb0,7f7ffffee308) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_write(ffff8000149f4f40,ffff800014a33780,ffff800014a15338) at sys_write+0x6e sys/kern/sys_generic.c:283syscall(0) at syscall+0x3e4 Xsyscall(6,4,1086ee4099b3,4,3,108980c624c0) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffee320, count: -12 ddb> show registers rdi 0xffffffff81e08dc0 kprintf_mutex rsi 0x5 rbp 0xffff8000149f48f0 rbx 0xffff8000149f4990 rdx 0x3fd rcx 0 rax 0 r8 0xffff8000149f48c0 r9 0x8080808080808080 r10 0x18b4eac06000100 r11 0xffffffff816e3030 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff8000149f4900 r14 0x100 r15 0xffffffff81c47e14 cy_pio_rec+0x104ef rip 0xffffffff8107428a db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff8000149f48f0 ss 0x10 db_enter+0xa: popq %rbp ddb> show proc PROC (sshd) pid=479391 stat=onproc flags process=12 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800014a33c30,0xffff800014a332e0 process=0xffff800014a15338 user=0xffff8000149ef000, vmspace=0xffffff003f12bb58 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 21531 317632 1 0 3 0x100083 ttyin getty 1524 15878 0 0 3 0x14200 bored sosplice 68302 282292 29987 0 3 0x82 piperd syz-executor0 89288 478275 29987 0 2 0x2 syz-executor1 29987 338146 94575 0 3 0x82 thrsleep syz-fuzzer 29987 106462 94575 0 3 0x4000082 nanosleep syz-fuzzer 29987 292801 94575 0 3 0x4000082 thrsleep syz-fuzzer 29987 137625 94575 0 2 0x4000002 syz-fuzzer 29987 59779 94575 0 3 0x4000082 thrsleep syz-fuzzer 29987 490113 94575 0 3 0x4000082 thrsleep syz-fuzzer 29987 269465 94575 0 3 0x4000082 thrsleep syz-fuzzer 94575 497491 31672 0 3 0x10008a pause ksh *31672 479391 92386 0 7 0x12 sshd 92386 179493 1 0 3 0x80 select sshd 69157 92029 39209 73 3 0x100090 kqread syslogd 39209 77935 1 0 3 0x100082 netio syslogd 65798 45972 1 77 3 0x100090 poll dhclient 63921 457671 1 0 3 0x80 poll dhclient 73382 325746 0 0 3 0x14200 pgzero zerothread 24966 270100 0 0 3 0x14200 aiodoned aiodoned 77663 94507 0 0 3 0x14200 syncer update 38358 237247 0 0 3 0x14200 cleaner cleaner 81148 339941 0 0 3 0x14200 reaper reaper 91055 171772 0 0 3 0x14200 pgdaemon pagedaemon 82064 130385 0 0 3 0x14200 bored crynlk 7350 227341 0 0 3 0x14200 bored crypto 87760 382646 0 0 3 0x40014200 acpi0 acpi0 7810 373474 0 0 3 0x14200 bored softnet 48038 401908 0 0 3 0x14200 bored systqmp 31336 369298 0 0 3 0x14200 bored systq 22649 52279 0 0 3 0x40014200 bored softclock 12403 359439 0 0 3 0x40014200 idle0 1 281757 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper