panic: pr_find_pagehead: mbufpl: page header missing
Stopped at      db_enter+0xa:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*273925  52138      0           0  0x4000000    0  syz-executor0
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_do_put(ffffff0006000100,ffffffff81edd2c0) at pool_do_put+0x339
pool_put(0,ffffff0006000100) at pool_put+0x37
m_free(ffffff0006000100) at m_free+0x12c
tun_dev_read(ffff80002117bb18,ffffff007eb35c28,ffffff007eb35c28) at tun_dev_read+0x237
spec_read(10) at spec_read+0x9d
VOP_READ(ffff80002117bb18,ffffff007eb35c28,ffffff0068a45268,0) at VOP_READ+0x5e
vn_read(ffffff0068a45268,ffff8000ffffd2c8,3e8) at vn_read+0x130
dofilereadv(ffff8000ffffd2c8,ffff80002117bbc0,3e8,ffff80002117bbd0,fc6baf06c68) at dofilereadv+0x14f
sys_read(ffff80002117bc60,ffff8000ffffd2c8,ffff80002105f008) at sys_read+0x6e
syscall(0) at syscall+0x3e4
Xsyscall(6,3,0,3,1,fc618fc4a00) at Xsyscall+0x128
end of kernel
end trace frame: 0xfc6baf06c80, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> show panic
pr_find_pagehead: mbufpl: page header missing
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
pool_do_put(ffffff0006000100,ffffffff81edd2c0) at pool_do_put+0x339
pool_put(0,ffffff0006000100) at pool_put+0x37
m_free(ffffff0006000100) at m_free+0x12c
tun_dev_read(ffff80002117bb18,ffffff007eb35c28,ffffff007eb35c28) at tun_dev_read+0x237
spec_read(10) at spec_read+0x9d
VOP_READ(ffff80002117bb18,ffffff007eb35c28,ffffff0068a45268,0) at VOP_READ+0x5evn_read(ffffff0068a45268,ffff8000ffffd2c8,3e8) at vn_read+0x130
dofilereadv(ffff8000ffffd2c8,ffff80002117bbc0,3e8,ffff80002117bbd0,fc6baf06c68) at dofilereadv+0x14f
sys_read(ffff80002117bc60,ffff8000ffffd2c8,ffff80002105f008) at sys_read+0x6e
syscall(0) at syscall+0x3e4
Xsyscall(6,3,0,3,1,fc618fc4a00) at Xsyscall+0x128
end of kernel
end trace frame: 0xfc6baf06c80, count: -13
ddb> show registers
rdi               0xffffffff81e176b8    kprintf_mutex
rsi               0xffffffff8144da29    db_enter+0x9
rbp               0xffff80002117b740
rbx               0xffff80002117b7e0
rdx               0xffff800000acb000
rcx                           0x1a9d    __ALIGN_SIZE+0xa9d
rax               0xffff800000acb000
r8                0xffff80002117b710
r9                0x8080808080808080
r10                                0
r11               0xffffffff8114ff50    x86_bus_space_io_read_1
r12                     0x3000000008
r13               0xffff80002117b750
r14                            0x100
r15               0xffffffff81c12489    apollo_udma100_tim+0x263e
rip               0xffffffff8144da2a    db_enter+0xa
cs                               0x8
rflags                         0x202
rsp               0xffff80002117b740
ss                              0x10
db_enter+0xa:   popq    %rbp
ddb> show proc
PROC (syz-executor0) pid=273925 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=80, usrpri=80, nice=20
    forw=0xffffffffffffffff, list=0xffff8000ffffce18,0xffffffff81edbd78
    process=0xffff80002105f008 user=0xffff800021176000, vmspace=0xffffff007f12bc60
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 52138  158910   7590      0  2           0                syz-executor0
*52138  273925   7590      0  7   0x4000000                syz-executor0
 29840  162491  55470      0  2           0                syz-executor1
 29840  368124  55470      0  2   0x4000000                syz-executor1
 72273  337357      1      0  3    0x100083  ttyin         getty
 24699  101305      0      0  3     0x14200  bored         sosplice
 55470  308273  38416      0  3        0x82  nanosleep     syz-executor1
  7590  422094  38416      0  3        0x82  nanosleep     syz-executor0
 38416  319275  58178      0  3        0x82  thrsleep      syz-fuzzer
 38416  150762  58178      0  3   0x4000082  thrsleep      syz-fuzzer
 38416  136104  58178      0  3   0x4000082  thrsleep      syz-fuzzer
 38416  433227  58178      0  3   0x4000082  thrsleep      syz-fuzzer
 38416  496504  58178      0  3   0x4000082  thrsleep      syz-fuzzer
 38416  479415  58178      0  3   0x4000082  thrsleep      syz-fuzzer
 38416  117222  58178      0  3   0x4000082  kqread        syz-fuzzer
 58178   19775  80284      0  3    0x10008a  pause         ksh
 80284  353373  52171      0  3        0x92  select        sshd
 52171  243819      1      0  3        0x80  select        sshd
  5156   32566  59952     73  3    0x100090  kqread        syslogd
 59952  332285      1      0  3    0x100082  netio         syslogd
 38931   87235      1     77  3    0x100090  poll          dhclient
  7450  165085      1      0  3        0x80  poll          dhclient
 49531  102630      0      0  2     0x14200                zerothread
 42901  437168      0      0  3     0x14200  aiodoned      aiodoned
 57578  364921      0      0  3     0x14200  syncer        update
 59431  163801      0      0  3     0x14200  cleaner       cleaner
 45138   66324      0      0  3     0x14200  reaper        reaper
 47384   91461      0      0  3     0x14200  pgdaemon      pagedaemon
 36283   37044      0      0  3     0x14200  bored         crynlk
 66765    7297      0      0  3     0x14200  bored         crypto
 45287   62630      0      0  3  0x40014200  acpi0         acpi0
 30437  228765      0      0  3     0x14200  bored         softnet
 83861  314365      0      0  3     0x14200  bored         systqmp
 72944  397194      0      0  3     0x14200  bored         systq
 24150   23989      0      0  3  0x40014200  bored         softclock
 34331  490064      0      0  3  0x40014200                idle0
     1  479237      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper