panic: pool_do_get: pdppl free list modified: page 0xfffffd8068d24000; item addr 0xfffffd8068d24000; offset 0x0=0x11e57ed0 != 0xc88bf7ad40ce2178
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*507987 73922 0 0 0x4000000 0K syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824ea29d) at panic+0x177 sys/kern/subr_prf.c:202
pool_do_get(ffffffff82863db8,1,ffff800029752ac8) at pool_do_get+0x444 sys/kern/subr_pool.c:740
pool_get(ffffffff82863db8,1) at pool_get+0xeb sys/kern/subr_pool.c:584
pmap_create() at pmap_create+0xe7 sys/arch/amd64/amd64/pmap.c:1326
uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 uvmspace_init sys/uvm/uvm_map.c:3495 [inline]
uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 sys/uvm/uvm_map.c:3476
vm_impl_init_vmx(ffff80002187b880,ffff800021237508) at vm_impl_init_vmx+0x71 sys/arch/amd64/amd64/vmm.c:1601
vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 vm_impl_init sys/arch/amd64/amd64/vmm.c:1710 [inline]
vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 sys/arch/amd64/amd64/vmm.c:1527
vmmioctl(a00,c5005601,ffff800000b07800,1,ffff800021237508) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e35c3d0,c5005601,ffff800000b07800,1,fffffd807f7d7720,ffff800021237508) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd807bb18ee8,c5005601,ffff800000b07800,ffff800021237508) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800021237508,ffff800029752fa8,ffff800029752ff0) at sys_ioctl+0x4a2
syscall(ffff800029753070) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800029753070) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5afd727a410, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.