pool: free list modified: pvpl

panic: pool_p_free: pvpl free list modified: page 0xfffffd80687de000; item addr 0xfffffd80687de010; offset 0x0=0x0
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*443178  21547      0     0x14000      0x200    0  systqmp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8245935b) at panic+0x164 sys/kern/subr_prf.c:218
pool_p_free(ffffffff82858d80,fffffd80687def90) at pool_p_free+0x1de sys/kern/subr_pool.c:983
pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578
taskq_thread(ffffffff826d2750) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_p_free: pvpl free list modified: page 0xfffffd80687de000; item addr 0xfffffd80687de010; offset 0x0=0x0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8245935b) at panic+0x164 sys/kern/subr_prf.c:218
pool_p_free(ffffffff82858d80,fffffd80687def90) at pool_p_free+0x1de sys/kern/subr_pool.c:983
pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578
taskq_thread(ffffffff826d2750) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: -5
ddb> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80001d672760
rbx               0xffff80001d672810
rdx                             0x8b
rcx                              0x2
rax                              0x1
r8                0xffff80001d672720
r9                0xffffffff8203e52f    kprintf+0x15f
r10                              0x1
r11               0x91b98ee8e98c4207
r12                     0x3000000008
r13               0xffff80001d672770
r14                            0x100
r15                              0x1
rip               0xffffffff81989c28    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff80001d672750
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb> show proc
PROC (systqmp) pid=443178 stat=onproc
    flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
    pri=32, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff80001d652110,0xffff80001d651760
    process=0xffff8000ffffe000 user=0xffff80001d66d000, vmspace=0xffffffff8284d990
    estcpu=0, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 24156  193531  47234      0  2           0                syz-executor.0
 24156  462321  47234      0  2   0x4000000                syz-executor.0
 24156   56001  47234      0  3   0x4000080  fsleep        syz-executor.0
 29029  221609      0      0  3     0x14280  nfsidl        nfsio
 80182   57985      0      0  3     0x14280  nfsidl        nfsio
 18769  450475      0      0  3     0x14280  nfsidl        nfsio
 39621  153613      0      0  3     0x14280  nfsidl        nfsio
 49804  436987      0      0  3     0x14280  nfsidl        nfsio
 22929  159896      0      0  3     0x14280  nfsidl        nfsio
 45008  165302      0      0  3     0x14280  nfsidl        nfsio
 81345   95862      0      0  3     0x14280  nfsidl        nfsio
 90935  309832      0      0  3     0x14280  nfsidl        nfsio
 59644  158627      0      0  3     0x14280  nfsidl        nfsio
 80558  170913      0      0  3     0x14280  nfsidl        nfsio
  8722   89516      0      0  3     0x14280  nfsidl        nfsio
 85743   54543      0      0  3     0x14280  nfsidl        nfsio
  4300  219069      0      0  3     0x14280  nfsidl        nfsio
 61550  115475      0      0  3     0x14280  nfsidl        nfsio
 55861  329906      0      0  3     0x14280  nfsidl        nfsio
 85950   73787      0      0  3     0x14280  nfsidl        nfsio
 85980   24085      0      0  3     0x14280  nfsidl        nfsio
 96303  298795      0      0  3     0x14280  nfsidl        nfsio
 77482  469055      0      0  3     0x14280  nfsidl        nfsio
 32740  155910      0      0  3     0x14200  bored         sosplice
 53091  382311  45619      0  3        0x82  piperd        syz-executor.1
 47234  323206  45619      0  2       0x482                syz-executor.0
 45619  393226  39718      0  3        0x82  thrsleep      syz-fuzzer
 45619   46109  39718      0  2   0x4000482                syz-fuzzer
 45619  307552  39718      0  3   0x4000082  thrsleep      syz-fuzzer
 45619  146732  39718      0  3   0x4000082  thrsleep      syz-fuzzer
 45619  317151  39718      0  3   0x4000082  thrsleep      syz-fuzzer
 45619   86889  39718      0  2   0x4000002                syz-fuzzer
 45619  331000  39718      0  3   0x4000082  thrsleep      syz-fuzzer
 39718  488038  24306      0  3    0x10008a  pause         ksh
 24306  291040  71779      0  3        0x92  select        sshd
 94205  107339      1      0  3    0x100083  ttyin         getty
 71779  190783      1      0  3        0x80  select        sshd
 41911   18063  57170     73  3    0x100090  kqread        syslogd
 57170  285325      1      0  3    0x100082  netio         syslogd
 52789   26791      1     77  3    0x100090  poll          dhclient
 67345  320387      1      0  3        0x80  poll          dhclient
 85058  402326      0      0  3     0x14200  bored         smr
 22363  230932      0      0  2     0x14200                zerothread
 25362  424066      0      0  3     0x14200  aiodoned      aiodoned
 63544  338296      0      0  2     0x14200                update
 50296  104721      0      0  3     0x14200  cleaner       cleaner
 11225   17767      0      0  3     0x14200  reaper        reaper
 30534  432103      0      0  3     0x14200  pgdaemon      pagedaemon
 69229  496875      0      0  3     0x14200  bored         crynlk
 18975  219473      0      0  3     0x14200  bored         crypto
 97761  373174      0      0  3  0x40014200  acpi0         acpi0
 52160  290549      0      0  3     0x14200  bored         softnet
*21547  443178      0      0  7     0x14200                systqmp
 77185  516462      0      0  3     0x14200  bored         systq
 69621  461544      0      0  2  0x40014200                softclock
 47873  387232      0      0  3  0x40014200                idle0
     1   33319      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb> show all locks
No such command
ddb> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf  9485   6337K    6915K  78643K     11301        0
            pcb    13      8K       8K  78643K       102        0
         rtable    73      6K       8K  78643K       623        0
         ifaddr    68     14K      16K  78643K       229        0
       counters    20     16K      16K  78643K        29        0
       ioctlops     0      0K       4K  78643K       121        0
            iov     0      0K      16K  78643K        46        0
          mount     1      1K       1K  78643K         1        0
         vnodes  1218     77K      77K  78643K      1442        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       5K  78643K        17        0
         VM map     2      0K       0K  78643K         2        0
            sem    12      0K       0K  78643K       150        0
        dirhash    12      2K       2K  78643K        12        0
           ACPI  1809    195K     288K  78643K     12938        0
      file desc     5     13K      25K  78643K       591        0
          sigio     0      0K       0K  78643K         7        0
           proc    49     38K      63K  78643K       412        0
        subproc    32      2K       2K  78643K        34        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K        41        0
       in_multi    42      2K       3K  78643K       142        0
    ether_multi     1      0K       0K  78643K        16        0
            mrt     2      0K       0K  78643K        13        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys    43    201K     201K  78643K        43        0
           exec     0      0K       1K  78643K       201        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     7     26K      26K  78643K         7        0
       UVM amap   126     22K      38K  78643K      2288        0
       UVM aobj    29      7K       7K  78643K        35        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       0K  78643K        84        0
            NDP    10      0K       0K  78643K        34        0
           temp   111   3864K    3928K  78643K      4270        0
         kqueue     3      4K       8K  78643K        15        0
      SYN cache     2     16K      16K  78643K         2        0
ddb> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64        6    0        4     1     0     1     1     0     8    0
rtpcb       80       39    0       37     1     0     1     1     0     8    0
rtentry    112       76    0       59     2     0     2     2     0     8    0
unpcb      120      319    0      311     1     0     1     1     0     8    0
syncache   264        7    0        7     3     3     0     1     0     8    0
tcpqe       32      159    0      159     1     1     0     1     0     8    0
tcpcb      544      689    0      684     8     7     1     4     0     8    0
ipq         40        3    0        3     2     2     0     1     0     8    0
ipqe        40        8    0        8     2     2     0     1     0     8    0
inpcb      296     1024    0     1016     5     4     1     2     0     8    0
rttmr       72        4    0        4     2     2     0     1     0     8    0
nd6         48       18    0       17     1     0     1     1     0     8    0
pkpcb       40        2    0        2     1     1     0     1     0     8    0
swfcl       56        2    0        0     1     0     1     1     0     8    0
ppxss      1136       1    0        1     1     1     0     1     0     8    0
pfrktable  1344     126    0      118     1     0     1     1     0     8    0
pftag       88       36    0       34     4     3     1     1     0     8    0
pfstitem    24        1    0        0     1     0     1     1     0     8    0
pfstkey    112        2    0        1     1     0     1     1     0     8    0
pfstate    328        2    0        1     1     0     1     1     0     8    0
pfrule     1360      44    0       30     2     0     2     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      451    0      354    15     2    13    15     0     8    1
art_table   32      452    0      354     2     0     2     2     0     8    0
art_node    16       75    0       62     1     0     1     1     0     8    0
sysvmsgpl   40        6    0        2     1     0     1     1     0     8    0
semupl     112        2    0        2     1     1     0     1     0     8    0
semapl     112      148    0      138     1     0     1     1     0     8    0
shmpl      112       32    0        6     1     0     1     1     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256     2128    0      735    88     0    88    88     0     8    0
ffsino     240     2128    0      735    83     0    83    83     0     8    0
nchpl      144     3109    0     1521    60     0    60    60     0     8    0
uvmvnodes   72     2337    0        0    43     0    43    43     0     8    0
vnodes     208     2337    0        0   123     0   123   123     0     8    0
namei      1024    8373    0     8373     1     0     1     1     0     8    1
pfiaddrpl  120       48    0       40     1     0     1     1     0     8    0
scsiplug    64        1    0        1     1     1     0     1     0     8    0
scxspl     192     8786    0     8786     1     0     1     1     0     8    1
plimitpl   152       50    0       43     1     0     1     1     0     8    0
sigapl     424      798    0      749     6     0     6     6     0     8    0
futexpl     56    11527    0    11526     1     0     1     1     0     8    0
knotepl    112       82    0       62     1     0     1     1     0     8    0
kqueuepl   144       58    0       56     1     0     1     1     0     8    0
pipepl     272      128    0      115     2     1     1     2     0     8    0
fdescpl    432      763    0      749     2     0     2     2     0     8    0
filepl     120     4464    0     4362     4     0     4     4     0     8    0
lockfpl    104       80    0       79     1     0     1     1     0     8    0
lockfspl    48       33    0       32     1     0     1     1     0     8    0
sessionpl  112       17    0        7     1     0     1     1     0     8    0
pgrppl      48       19    0        9     1     0     1     1     0     8    0
ucredpl     96      353    0      346     1     0     1     1     0     8    0
zombiepl   144      749    0      749     1     0     1     1     0     8    1
processpl  928      798    0      749     7     0     7     7     0     8    0
procpl     624     1592    0     1535     5     0     5     5     0     8    0
sosppl     128        4    0        4     1     1     0     1     0     8    0
sockpl     400     1384    0     1366     3     0     3     3     0     8    1
mcl64k     65536     31    0       31     4     4     0     1     0     8    0
mcl16k     16384      2    0        2     1     1     0     1     0     8    0
mcl12k     12288     19    0       19     5     4     1     1     0     8    1
mcl9k      9216      10    0       10     4     4     0     1     0     8    0
mcl8k      8192      22    0       22     5     4     1     1     0     8    1
mcl4k      4096      47    0       47     4     4     0     1     0     8    0
mcl2k2     2112       8    0        8     3     3     0     1     0     8    0
mcl2k      2048   94491    0    94447    17    11     6    13     0     8    0
mtagpl      96       61    0       32     3     1     2     2     0     8    0
mbufpl     256   152676    0   152469    20     6    14    17     0     8    0
bufpl      280     4088    0      115   284     0   284   284     0     8    0
anonpl      16    88736    0    70740    93    18    75    90     0   107    0
amapchunkpl 152    4907    0     4722    26    18     8    22     0   158    0
amappl16   192     3440    0     2472    66    17    49    61     0     8    0
amappl15   184        3    0        0     1     0     1     1     0     8    0
amappl14   176      345    0      342     1     0     1     1     0     8    0
amappl13   168      240    0      236     1     0     1     1     0     8    0
amappl12   160      236    0      232     1     0     1     1     0     8    0
amappl11   152      390    0      379     1     0     1     1     0     8    0
amappl10   144       15    0       10     1     0     1     1     0     8    0
amappl9    136      352    0      351     1     0     1     1     0     8    0
amappl8    128      294    0      264     1     0     1     1     0     8    0
amappl7    120      103    0       91     1     0     1     1     0     8    0
amappl6    112       28    0       23     1     0     1     1     0     8    0
amappl5    104      150    0      140     1     0     1     1     0     8    0
amappl4     96      988    0      958     1     0     1     1     0     8    0
amappl3     88      705    0      693     1     0     1     1     0     8    0
amappl2     80     5292    0     5227     2     0     2     2     0     8    0
amappl1     72    27224    0    26807    22    12    10    17     0     8    0
amappl      80     1810    0     1758     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      64       34    0        6     1     0     1     1     0     8    0
uaddrrnd    24      763    0      749     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      763    0      749     1     0     1     1     0     8    0
vmmpekpl   168     8321    0     8292     2     0     2     2     0     8    0
vmmpepl    168   100640    0    98578   134    44    90   115     0   357    0
vmsppl     272      762    0      749     2     1     1     2     0     8    0
pdppl      4096    1532    0     1498     6     1     5     6     0     8    0
pvpl        32   259219    0   237590   226    46   180   217     0   265    5
pmappl     200      762    0      749     1     0     1     1     0     8    0
extentpl    40       53    0       36     1     0     1     1     0     8    0
phpool     112      272    0       44     7     0     7     7     0     8    0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8245935b) at panic+0x164 sys/kern/subr_prf.c:218
pool_p_free(ffffffff82858d80,fffffd80687def90) at pool_p_free+0x1de sys/kern/subr_pool.c:983
pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578
taskq_thread(ffffffff826d2750) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: -5
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8245935b) at panic+0x164 sys/kern/subr_prf.c:218
pool_p_free(ffffffff82858d80,fffffd80687def90) at pool_p_free+0x1de sys/kern/subr_pool.c:983
pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578
taskq_thread(ffffffff826d2750) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: -5
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Manager
2020/08/01 14:38	openbsd	18f4917e2c82	d895b3be	.config	console log	report	ci-openbsd-main
2020/07/07 06:58	openbsd	56c392bf0c09	bed10395	.config	console log	report	ci-openbsd-main
2020/06/28 13:32	openbsd	634337a5c27d	a2cdad9d	.config	console log	report	ci-openbsd-main
2020/06/26 22:02	openbsd	d8c65c0d1302	b202c7a8	.config	console log	report	ci-openbsd-main
2020/06/21 21:46	openbsd	45dd89a788b7	eabcced4	.config	console log	report	ci-openbsd-main
2020/06/19 01:01	openbsd	e8105163f17b	3ea11d3f	.config	console log	report	ci-openbsd-multicore
2020/06/16 23:46	openbsd	253bdb8e8585	b9f3810b	.config	console log	report	ci-openbsd-main
2020/06/10 18:31	openbsd	580f643cb4ef	a6f7998d	.config	console log	report	ci-openbsd-main
2020/05/09 21:57	openbsd	7752f9fda662	88cb3e92	.config	console log	report	ci-openbsd-multicore
2020/04/23 22:34	openbsd	4b7f300a0481	b9233cab	.config	console log	report	ci-openbsd-main
2020/03/10 21:59	openbsd	bfe2257568b6	35f53e45	.config	console log	report	ci-openbsd-main
2020/02/01 19:48	openbsd	18b9798e50be	2274ad39	.config	console log	report	ci-openbsd-main
2020/01/29 10:40	openbsd	23b78d59dd06	c8e81ce4	.config	console log	report	ci-openbsd-multicore
2020/01/25 15:55	openbsd	61e8dc34fbac	2e95ab33	.config	console log	report	ci-openbsd-main
2020/01/16 04:57	openbsd	2a9551c7a233	f9b69507	.config	console log	report	ci-openbsd-multicore
2019/12/18 00:14	openbsd	e749f6f89611	64ca0a37	.config	console log	report	ci-openbsd-multicore
2019/11/20 12:37	openbsd	039d6aae052b	12be8ffc	.config	console log	report	ci-openbsd-multicore