panic: pool_do_get: pdppl free list modified: page 0xffff800015965000; item addr 0xffff800015965000; offset 0x0=0x819eafdbb3d22a88 != 0x819eafdbb3d22aca
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*142466 30318 0 0x100002 0 0 sh
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff825865d0,1,ffff8000175a5418) at pool_do_get+0x42a sys/kern/subr_pool.c:746
pool_get(ffffffff825865d0,1) at pool_get+0xb5 sys/kern/subr_pool.c:581
pmap_create() at pmap_create+0xd8 sys/arch/amd64/amd64/pmap.c:1251
uvmspace_fork(ffff8000148a30f8) at uvmspace_fork+0x62 uvmspace_init sys/uvm/uvm_map.c:3445 [inline]
uvmspace_fork(ffff8000148a30f8) at uvmspace_fork+0x62 uvmspace_alloc sys/uvm/uvm_map.c:3425 [inline]
uvmspace_fork(ffff8000148a30f8) at uvmspace_fork+0x62 sys/uvm/uvm_map.c:3997
process_new(ffff8000ffff8770,ffff8000148a30f8,1) at process_new+0x19a sys/kern/kern_fork.c:269
fork1() at fork1+0x354 sys/kern/kern_fork.c:391
syscall(ffff8000175a5730) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,2,1a06f2cf0810,2,1a0657d02010,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffaea0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: pdppl free list modified: page 0xffff800015965000; item addr 0xffff800015965000; offset 0x0=0x819eafdbb3d22a88 != 0x819eafdbb3d22aca
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff825865d0,1,ffff8000175a5418) at pool_do_get+0x42a sys/kern/subr_pool.c:746
pool_get(ffffffff825865d0,1) at pool_get+0xb5 sys/kern/subr_pool.c:581
pmap_create() at pmap_create+0xd8 sys/arch/amd64/amd64/pmap.c:1251
uvmspace_fork(ffff8000148a30f8) at uvmspace_fork+0x62 uvmspace_init sys/uvm/uvm_map.c:3445 [inline]
uvmspace_fork(ffff8000148a30f8) at uvmspace_fork+0x62 uvmspace_alloc sys/uvm/uvm_map.c:3425 [inline]
uvmspace_fork(ffff8000148a30f8) at uvmspace_fork+0x62 sys/uvm/uvm_map.c:3997
process_new(ffff8000ffff8770,ffff8000148a30f8,1) at process_new+0x19a sys/kern/kern_fork.c:269
fork1() at fork1+0x354 sys/kern/kern_fork.c:391
syscall(ffff8000175a5730) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,2,1a06f2cf0810,2,1a0657d02010,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffaea0, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000175a5280
rbx 0xffff8000175a5330
rdx 0x2
rcx 0
rax 0
r8 0xffff8000175a5240
r9 0x1
r10 0
r11 0x99940b2c6a3d0174
r12 0x3000000008
r13 0xffff8000175a5290
r14 0x100
r15 0x1
rip 0xffffffff81b6c3e8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000175a5270
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (sh) pid=142466 stat=onproc
flags process=100002<EXEC,PLEDGE> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2780,0xffffffff82574e70
process=0xffff8000148a30f8 user=0xffff8000175a0000, vmspace=0xfffffd803f014ee0
estcpu=1, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*30318 142466 8339 0 7 0x100002 sh
8339 371326 9430 0 3 0x82 wait syz-executor.1
87008 107829 74133 0 2 0x480 syz-executor.0
87008 355101 74133 0 3 0x4000080 ttyout syz-executor.0
87008 160809 74133 0 3 0x4000000 fdlock syz-executor.0
87008 97750 74133 0 3 0x4000000 fdlock syz-executor.0
87008 420033 74133 0 3 0x4000000 fdlock syz-executor.0
87008 449519 74133 0 3 0x4000080 fsleep syz-executor.0
74133 189909 9430 0 3 0x82 nanosleep syz-executor.0
3638 312458 0 0 3 0x14200 acct acct
72273 410348 1 0 3 0x100083 ttyin getty
39425 404140 0 0 3 0x14200 bored sosplice
9430 201584 68476 0 3 0x82 thrsleep syz-fuzzer
9430 520312 68476 0 3 0x4000082 thrsleep syz-fuzzer
9430 511573 68476 0 3 0x4000082 kqread syz-fuzzer
9430 63710 68476 0 3 0x4000082 thrsleep syz-fuzzer
9430 51739 68476 0 3 0x4000082 thrsleep syz-fuzzer
9430 294781 68476 0 3 0x4000082 thrsleep syz-fuzzer
9430 327640 68476 0 3 0x4000082 thrsleep syz-fuzzer
9430 210706 68476 0 3 0x4000082 thrsleep syz-fuzzer
68476 449130 95785 0 3 0x10008a pause ksh
95785 322536 61482 0 3 0x92 select sshd
61482 114326 1 0 3 0x80 select sshd
7370 387020 46366 73 3 0x100090 kqread syslogd
46366 139937 1 0 3 0x100082 netio syslogd
35179 375077 1 77 3 0x100090 poll dhclient
69096 203240 1 0 3 0x80 poll dhclient
46500 14266 0 0 2 0x14200 zerothread
41015 500368 0 0 3 0x14200 aiodoned aiodoned
22219 301555 0 0 3 0x14200 syncer update
53845 457750 0 0 3 0x14200 cleaner cleaner
57468 42210 0 0 3 0x14200 reaper reaper
56584 25967 0 0 3 0x14200 pgdaemon pagedaemon
75507 189322 0 0 3 0x14200 bored crynlk
99135 501681 0 0 3 0x14200 bored crypto
36104 490171 0 0 3 0x40014200 acpi0 acpi0
50707 521058 0 0 3 0x14200 bored softnet
29084 353449 0 0 3 0x14200 bored systqmp
93913 188538 0 0 3 0x14200 bored systq
27987 414105 0 0 3 0x40014200 bored softclock
10871 76701 0 0 3 0x40014200 idle0
27794 296525 0 0 3 0x14200 bored smr
1 270641 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9570 6389K 7736K 78643K 18857 0 0
pcb 13 10K 12K 78643K 1655 0 0
rtable 119 13K 17K 78643K 3817 0 0
ifaddr 86 24K 28K 78643K 1365 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 5532 0 0
iov 0 0K 32K 78643K 685 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 77K 78643K 5105 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 776 0 0
VM map 24 6K 6K 78643K 35 0 0
sem 12 1K 1K 78643K 428 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 7 21K 25K 78643K 10230 0 0
sigio 0 0K 0K 78643K 87 0 0
proc 49 38K 63K 78643K 1144 0 0
subproc 33 2K 2K 78643K 257 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 5692 0 0
in_multi 24 1K 2K 78643K 1486 0 0
ether_multi 1 0K 0K 78643K 41 0 0
mrt 1 0K 0K 78643K 94 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 102 450K 450K 78643K 102 0 0
exec 0 0K 1K 78643K 686 0 0
pfkey data 0 0K 0K 78643K 4 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 187 188K 189K 78643K 27811 0 0
UVM aobj 130 4K 4K 78643K 143 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 1039 0 0
NDP 20 0K 0K 78643K 371 0 0
temp 227 3545K 4184K 78643K 67781 0 0
kqueue 0 0K 0K 78643K 38 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 231 0 226 1 0 1 1 0 8 0
rtpcb 80 264 0 262 1 0 1 1 0 8 0
rtentry 112 658 0 615 4 1 3 4 0 8 0
unpcb 120 4826 0 4815 12 10 2 2 0 8 1
syncache 264 32 0 32 10 10 0 1 0 8 0
tcpqe 32 79 0 79 5 5 0 1 0 8 0
tcpcb 544 9636 0 9631 37 35 2 12 0 8 1
ipq 40 60 0 60 13 12 1 1 0 8 1
ipqe 40 942 0 942 13 12 1 1 0 8 1
inpcb 280 15776 0 15768 39 37 2 9 0 8 1
rttmr 72 39 0 39 5 5 0 1 0 8 0
ip6q 72 3 0 3 2 2 0 1 0 8 0
ip6af 40 94 0 94 1 1 0 1 0 8 0
nd6 48 182 0 180 1 0 1 1 0 8 0
pkpcb 40 18 0 18 7 7 0 1 0 8 0
ppxss 1128 282 0 281 19 18 1 1 0 8 0
art_heap8 4096 188 0 185 11 8 3 4 0 8 0
art_heap4 256 5069 0 4832 111 78 33 100 0 8 15
art_table 32 5257 0 5017 15 10 5 13 0 8 0
art_node 16 653 0 615 1 0 1 1 0 8 0
sysvmsgpl 40 40 0 27 1 0 1 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 426 0 416 1 0 1 1 0 8 0
shmpl 112 141 0 13 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 15338 0 13939 46 0 46 46 0 8 0
ffsino 240 15338 0 13939 83 0 83 83 0 8 0
nchpl 144 28097 0 27638 60 40 20 60 0 8 0
uvmvnodes 72 7517 0 0 137 0 137 137 0 8 0
vnodes 208 7517 0 0 396 0 396 396 0 8 0
namei 1024 87291 0 87291 11 10 1 1 0 8 1
vcpupl 1984 24 0 2 3 0 3 3 0 8 0
vmpool 520 33 0 11 2 0 2 2 0 8 0
scsiplug 64 4 0 4 1 1 0 1 0 8 0
scxspl 192 87038 0 87038 20 19 1 6 0 8 1
plimitpl 152 297 0 290 1 0 1 1 0 8 0
sigapl 432 10362 0 10347 2 0 2 2 0 8 0
futexpl 56 199044 0 199043 12 11 1 1 0 8 0
knotepl 112 866 0 845 6 5 1 3 0 8 0
kqueuepl 104 2504 0 2502 4 3 1 4 0 8 0
pipepl 112 4044 0 4025 6 5 1 2 0 8 0
fdescpl 424 10363 0 10347 2 0 2 2 0 8 0
filepl 120 66523 0 66425 37 32 5 11 0 8 1
lockfpl 104 2040 0 2039 1 0 1 1 0 8 0
lockfspl 48 760 0 759 1 0 1 1 0 8 0
sessionpl 112 31 0 21 1 0 1 1 0 8 0
pgrppl 48 72 0 62 1 0 1 1 0 8 0
ucredpl 96 11727 0 11720 1 0 1 1 0 8 0
zombiepl 144 10347 0 10347 1 0 1 1 0 8 1
processpl 864 10379 0 10347 4 0 4 4 0 8 0
procpl 632 26418 0 26374 26 21 5 5 0 8 1
sosppl 128 67 0 67 14 14 0 1 0 8 0
sockpl 384 20916 0 20895 84 79 5 14 0 8 2
mcl64k 65536 879 0 879 90 89 1 33 0 8 1
mcl16k 16384 85 0 85 29 29 0 1 0 8 0
mcl12k 12288 187 0 187 34 34 0 1 0 8 0
mcl9k 9216 100 0 100 33 33 0 1 0 8 0
mcl8k 8192 251 0 251 21 20 1 1 0 8 1
mcl4k 4096 464 0 464 20 19 1 1 0 8 1
mcl2k2 2112 34 0 34 16 16 0 1 0 8 0
mcl2k 2048 61821 0 61780 92 85 7 14 0 8 1
mtagpl 80 138 0 138 6 6 0 1 0 8 0
mbufpl 256 183835 0 183765 141 109 32 37 0 8 16
bufpl 256 24682 0 17165 470 0 470 470 0 8 0
anonpl 16 843055 0 831245 250 188 62 77 0 62 0
amapchunkpl 152 50524 0 50365 92 85 7 20 0 158 0
amappl16 192 52950 0 52153 226 185 41 53 0 8 0
amappl15 184 6 0 6 3 3 0 1 0 8 0
amappl14 176 2544 0 2538 1 0 1 1 0 8 0
amappl13 168 1618 0 1618 3 3 0 1 0 8 0
amappl12 160 2171 0 2168 2 1 1 1 0 8 0
amappl11 152 161 0 150 1 0 1 1 0 8 0
amappl10 144 522 0 517 1 0 1 1 0 8 0
amappl9 136 3554 0 3551 1 0 1 1 0 8 0
amappl8 128 3229 0 3159 3 0 3 3 0 8 0
amappl7 120 581 0 573 1 0 1 1 0 8 0
amappl6 112 154 0 142 1 0 1 1 0 8 0
amappl5 104 2473 0 2462 1 0 1 1 0 8 0
amappl4 96 11086 0 11054 1 0 1 1 0 8 0
amappl3 88 1231 0 1225 1 0 1 1 0 8 0
amappl2 80 82048 0 81968 3 1 2 3 0 8 0
amappl1 72 181423 0 180977 26 16 10 20 0 8 0
amappl 80 26801 0 26739 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 142 0 13 3 0 3 3 0 8 0
uaddrrnd 24 10395 0 10347 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 10395 0 10347 1 0 1 1 0 8 0
vmmpekpl 168 70644 0 70608 2 0 2 2 0 8 0
vmmpepl 168 1193072 0 1191013 416 292 124 124 0 357 29
vmsppl 272 10362 0 10347 6 5 1 2 0 8 0
pdppl 4096 20796 0 20738 11 3 8 8 0 8 0
pdppl: pool(0xffffffff825865d0:pdppl): free list modified: page 0xffff800015965000; item ordinal 0; addr 0xffff800015965000 (p 0xfffffd803e708000); offset 0x0=0x819eafdbb3d22a88
pvpl 32 2576865 0 2561973 637 485 152 254 0 265 11
pmappl 200 10395 0 10358 2 0 2 2 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 1138 0 492 21 0 21 21 0 8 0