panic: pool_p_free: tcpcb free list modified: page 0xffff800000edd000; item addr 0xffff800000eddcd0; offset 0x0=0x0
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 21377 77168 0 0x14000 0x200 1 systqmp
35114 43299 0 0x14000 0x40000200 0 softclock
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82904c3b) at panic+0x17b sys/kern/subr_prf.c:198
pool_p_free(ffffffff82e1f948,fffffd807a6d25c8) at pool_p_free+0x1d3 sys/kern/subr_pool.c:986
pool_gc_pages(0) at pool_gc_pages+0x255 sys/kern/subr_pool.c:1583
taskq_thread(ffffffff82c82ed0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pool_p_free: tcpcb free list modified: page 0xffff800000edd000; item addr 0xffff800000eddcd0; offset 0x0=0x0
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82904c3b) at panic+0x17b sys/kern/subr_prf.c:198
pool_p_free(ffffffff82e1f948,fffffd807a6d25c8) at pool_p_free+0x1d3 sys/kern/subr_pool.c:986
pool_gc_pages(0) at pool_gc_pages+0x255 sys/kern/subr_pool.c:1583
taskq_thread(ffffffff82c82ed0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: -5
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a11d4f0
rbx 0xffff800029ceccbf
rdx 0
rcx 0xffff8000ffffe290
rax 0xffff800029cebff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xd665dd4f9abed62d
r11 0xb5856f854c82ec01
r12 0xffff800029cecac0
r13 0
r14 0
r15 0x1
rip 0xffffffff81aa1e2c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002a11d4e0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (systqmp) tid=21377 pid=77168 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff8000ffffe520,0xffff8000ffffe010
process=0xffff80002a0fd630 user=0xffff80002a118000, vmspace=0xffffffff82e9aad0
estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
18443 8032 8904 0 3 0x8000082 piperd syz-executor.7
20951 446753 1 0 3 0x18100083 ttyin getty
43760 309123 8904 0 3 0x8000082 piperd syz-executor.3
30910 154282 8904 0 3 0x8000082 piperd syz-executor.1
82919 150027 8904 0 3 0x8000082 piperd syz-executor.4
92621 112431 8904 0 3 0x8000082 piperd syz-executor.5
63992 271539 8904 0 3 0x8000082 piperd syz-executor.6
51498 71200 8904 0 3 0x8000082 wait syz-executor.0
40579 487843 0 0 3 0x14200 acct acct
51803 93557 0 0 3 0x14200 bored sosplice
8904 148517 9217 0 3 0x1a000082 thrsleep syz-fuzzer
8904 410651 9217 0 3 0x1e000082 thrsleep syz-fuzzer
8904 383963 9217 0 3 0x1e000082 thrsleep syz-fuzzer
8904 62431 9217 0 3 0x1e000082 wait syz-fuzzer
8904 168898 9217 0 3 0x1e000082 kqread syz-fuzzer
8904 485982 9217 0 3 0x1e000082 thrsleep syz-fuzzer
8904 210783 9217 0 3 0x1e000082 thrsleep syz-fuzzer
8904 233348 9217 0 3 0x1e000082 wait syz-fuzzer
8904 277573 9217 0 3 0x1e000082 thrsleep syz-fuzzer
8904 319247 9217 0 3 0x1e000082 thrsleep syz-fuzzer
8904 254978 9217 0 3 0x1e000082 thrsleep syz-fuzzer
8904 101544 9217 0 3 0x1e000082 wait syz-fuzzer
8904 258986 9217 0 3 0x1e000082 wait syz-fuzzer
8904 478199 9217 0 3 0x1e000082 wait syz-fuzzer
8904 217855 9217 0 3 0x1e000082 wait syz-fuzzer
8904 502846 9217 0 3 0x1e000082 wait syz-fuzzer
9217 218623 13272 0 3 0x810008a sigsusp ksh
13272 138908 20775 0 3 0x1800009a kqread sshd
20775 391346 1 0 3 0x18000088 kqread sshd
12263 78180 40695 74 3 0x19100092 bpf pflogd
40695 6741 1 0 3 0x18000080 sbwait pflogd
47244 140362 86417 73 3 0x19100090 kqread syslogd
86417 467759 1 0 3 0x18100082 sbwait syslogd
27631 330328 1 0 3 0x18100080 kqread resolvd
45121 512108 18444 77 3 0x18100092 kqread dhcpleased
15864 214244 18444 77 3 0x18100092 kqread dhcpleased
18444 310539 1 0 3 0x18000080 kqread dhcpleased
96495 197571 0 0 3 0x14200 bored smr
53487 145226 0 0 3 0x14200 pgzero zerothread
88107 284396 0 0 3 0x14200 aiodoned aiodoned
34113 219016 0 0 3 0x14200 syncer update
3164 100487 0 0 3 0x14200 cleaner cleaner
88201 8691 0 0 3 0x14200 reaper reaper
56143 33614 0 0 3 0x14200 pgdaemon pagedaemon
77352 294559 0 0 3 0x14200 bored viomb
86672 521013 0 0 3 0x40014200 acpi0 acpi0
88433 231630 0 0 3 0x40014200 idle1
84724 240267 0 0 3 0x14200 bored softnet3
32608 180773 0 0 3 0x14200 bored softnet2
7844 126234 0 0 3 0x14200 bored softnet1
62428 170673 0 0 3 0x14200 bored softnet0
*77168 21377 0 0 7 0x14200 systqmp
88487 318462 0 0 3 0x14200 bored systq
14051 301813 0 0 3 0x14200 tmoslp softclockmp
43299 35114 0 0 7 0x40014200 softclock
2294 216959 0 0 3 0x40014200 idle0
1 82100 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 77168 (systqmp) thread 0xffff8000ffffe290 (21377)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10192 6484K 6875K 166960K 13584 0
pcb 15 14K 16K 166960K 338 0
rtable 210 6K 7K 166960K 1212 0
pf 31 9K 10K 166960K 159 0
ifaddr 40 14K 16K 166960K 166 0
ifgroup 54 2K 2K 166960K 249 0
sysctl 3 0K 0K 166960K 5 0
counters 62 36K 36K 166960K 162 0
ioctlops 0 0K 4K 166960K 1660 0
iov 0 0K 16K 166960K 161 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1469 92K 93K 166960K 3043 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 38 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 176 0
dirhash 12 2K 2K 166960K 69 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 11 37K 81K 166960K 2451 0
sigio 0 0K 0K 166960K 35 0
proc 70 91K 128K 166960K 1302 0
subproc 104 6K 7K 166960K 366 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 250 0
in_multi 84 6K 7K 166960K 389 0
ether_multi 1 0K 0K 166960K 6 0
mrt 2 0K 0K 166960K 10 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 133 599K 599K 166960K 133 0
exec 0 0K 1K 166960K 893 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 304 78K 100K 166960K 24327 0
UVM aobj 124 3K 3K 166960K 130 0
pinsyscall 35 70K 108K 166960K 4186 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 117 0
NDP 11 0K 2K 166960K 120 0
temp 74 6812K 7448K 166960K 42107 0
kqueue 12 18K 26K 166960K 237 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 495 0 492 4 3 1 3 0 8 0
rtentry 112 392 0 297 5 1 4 4 0 8 0
unpcb 144 1960 0 1944 13 10 3 6 0 8 2
syncache 336 36 0 36 7 6 1 1 0 8 1
tcpqe 32 245 0 245 7 6 1 1 0 8 1
tcpcb 808 869 0 851 24 19 5 9 0 8 2
arp 120 74 0 58 1 0 1 1 0 8 0
inpcb 392 3108 0 3087 35 28 7 13 0 8 3
nd6 136 91 0 71 1 0 1 1 0 8 0
pkpcb 40 78 0 78 6 6 0 1 0 8 0
kcovpl 48 28 0 20 1 0 1 1 0 8 0
ppxss 1168 12 0 12 3 2 1 1 0 8 1
pffrag 232 9 0 6 3 2 1 1 0 482 0
pffrnode 88 9 0 6 3 2 1 1 0 8 0
pffrent 40 59 0 56 3 2 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 170 0 107 1 0 1 1 0 8 0
pfstkey 128 170 0 107 3 0 3 3 0 8 0
pfstate 376 170 0 107 8 0 8 8 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1471 0 1074 38 10 28 31 0 8 0
art_table 32 1472 0 1074 4 0 4 4 0 8 0
art_node 16 384 0 297 1 0 1 1 0 8 0
sysvmsgpl 40 47 0 43 1 0 1 1 0 8 0
semapl 112 172 0 162 1 0 1 1 0 8 0
shmpl 112 127 0 6 4 0 4 4 0 8 0
dirhash 1024 55 0 38 3 0 3 3 0 8 0
dino2pl 256 5286 0 3759 96 0 96 96 0 8 0
ffsino 272 5286 0 3759 103 0 103 103 0 8 0
nchpl 144 8633 0 6909 67 0 67 67 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 30100 0 30100 3 2 1 2 0 8 1
percpumem 16 95 0 50 1 0 1 1 0 8 0
vcpupl 2048 5 0 1 1 0 1 1 0 8 0
vmpool 696 12 0 8 1 0 1 1 0 8 0
kstatmem 264 122 0 100 2 0 2 2 0 8 0
scxspl 216 36783 0 36783 22 18 4 8 1 8 4
plimitpl 152 414 0 398 1 0 1 1 0 8 0
sigapl 424 2753 0 2709 11 2 9 9 0 8 1
futexpl 64 26044 0 26044 2 1 1 1 0 8 1
knotepl 120 186 0 0 6 0 6 6 0 8 0
kqueuepl 216 452 0 444 1 0 1 1 0 8 0
pipepl 320 474 0 447 9 6 3 6 0 8 0
fdescpl 496 2713 0 2689 5 0 5 5 0 8 0
filepl 152 16841 0 16601 31 18 13 18 0 8 2
lockfpl 104 494 0 492 1 0 1 1 0 8 0
lockfspl 48 205 0 203 1 0 1 1 0 8 0
sessionpl 144 46 0 29 1 0 1 1 0 8 0
pgrppl 48 80 0 63 1 0 1 1 0 8 0
ucredpl 104 2505 0 2491 1 0 1 1 0 8 0
zombiepl 144 2711 0 2709 2 1 1 1 0 8 0
processpl 1136 2753 0 2709 6 0 6 6 0 8 1
procpl 656 5952 0 5893 11 2 9 10 0 8 1
srpgc 96 11 0 11 4 3 1 1 0 8 1
sosppl 168 51 0 48 1 0 1 1 0 8 0
sockpl 584 5666 0 5626 36 25 11 17 0 8 6
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 10 0 0 2 0 2 2 0 8 0
mcl12k 12288 11 0 0 2 0 2 2 0 8 0
mcl9k 9216 8 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 13 0 0 1 0 1 1 0 8 0
mcl2k 2048 358 0 0 45 0 45 45 0 8 0
mtagpl 96 32 0 0 1 0 1 1 0 8 0
mbufpl 256 1019 0 0 60 0 60 60 0 8 0
bufpl 280 10848 0 4591 448 0 448 448 0 8 0
anonpl 24 392056 0 386251 150 98 52 113 0 186 0
amapchunkpl 152 82979 0 82388 82 47 35 58 0 158 4
amappl16 200 8518 0 8426 33 24 9 18 0 8 1
amappl15 192 12 0 12 1 1 0 1 0 8 0
amappl14 184 225 0 210 2 1 1 2 0 8 0
amappl13 176 4 0 4 1 1 0 1 0 8 0
amappl12 168 3694 0 3668 3 1 2 2 0 8 0
amappl11 160 59 0 45 1 0 1 1 0 8 0
amappl10 152 87 0 69 1 0 1 1 0 8 0
amappl9 144 301 0 300 2 1 1 1 0 8 0
amappl8 136 481 0 366 5 0 5 5 0 8 0
amappl7 128 59 0 44 1 0 1 1 0 8 0
amappl6 120 665 0 645 2 1 1 2 0 8 0
amappl5 112 291 0 274 1 0 1 1 0 8 0
amappl4 104 832 0 779 4 2 2 4 0 8 0
amappl3 96 14690 0 14624 3 0 3 3 0 8 0
amappl2 88 3334 0 3251 7 4 3 5 0 8 0
amappl1 80 19325 0 18796 24 11 13 23 0 8 0
amappl 88 23416 0 23244 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 129 0 6 3 0 3 3 0 8 0
uaddrrnd 24 2726 0 2698 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2726 0 2698 1 0 1 1 0 8 0
vmmpekpl 168 23911 0 23846 4 0 4 4 0 8 0
vmmpepl 168 184396 0 182563 150 42 108 119 0 357 7
vmsppl 440 2725 0 2698 6 1 5 5 0 8 1
rwobjpl 56 55161 0 47915 105 1 104 104 0 8 0
pdppl 4096 5459 0 5400 212 135 77 78 0 8 18
pvpl 32 48782 0 0 397 3 394 395 0 265 0
pmappl 248 2725 0 2698 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 644 0 200 13 0 13 13 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82d3bff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82d68790) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d68790) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82d68790,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x489 sys/kern/sched_bsd.c:470
sleep_finish(0,1) at sleep_finish+0x194 sys/kern/kern_synch.c:414
msleep(ffffffff82e22390,ffffffff82cee260,0,ffffffff8295650b,0) at msleep+0xeb sys/kern/kern_synch.c:249
softclock_thread(ffff8000ffffea40) at softclock_thread+0xcf sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: 6
ddb{0}> trace
x86_ipi_db(ffffffff82d3bff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82d68790) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d68790) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82d68790,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x489 sys/kern/sched_bsd.c:470
sleep_finish(0,1) at sleep_finish+0x194 sys/kern/kern_synch.c:414
msleep(ffffffff82e22390,ffffffff82cee260,0,ffffffff8295650b,0) at msleep+0xeb sys/kern/kern_synch.c:249
softclock_thread(ffff8000ffffea40) at softclock_thread+0xcf sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82904c3b) at panic+0x17b sys/kern/subr_prf.c:198
pool_p_free(ffffffff82e1f948,fffffd807a6d25c8) at pool_p_free+0x1d3 sys/kern/subr_pool.c:986
pool_gc_pages(0) at pool_gc_pages+0x255 sys/kern/subr_pool.c:1583
taskq_thread(ffffffff82c82ed0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: 10
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82904c3b) at panic+0x17b sys/kern/subr_prf.c:198
pool_p_free(ffffffff82e1f948,fffffd807a6d25c8) at pool_p_free+0x1d3 sys/kern/subr_pool.c:986
pool_gc_pages(0) at pool_gc_pages+0x255 sys/kern/subr_pool.c:1583
taskq_thread(ffffffff82c82ed0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: -5