panic: pool_p_free: pvpl free list modified: page 0xfffffd80658b2000; item addr 0xfffffd80658b2000; offset 0x0=0x0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 80278 66218 0 0x14000 0x200 0 systqmp db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8244c1e5) at panic+0x15c sys/kern/subr_prf.c:207 pool_p_free(ffffffff82819610,fffffd80658b2f90) at pool_p_free+0x1de sys/kern/subr_pool.c:983 pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578 taskq_thread(ffffffff8276dd00) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic pool_p_free: pvpl free list modified: page 0xfffffd80658b2000; item addr 0xfffffd80658b2000; offset 0x0=0x0 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8244c1e5) at panic+0x15c sys/kern/subr_prf.c:207 pool_p_free(ffffffff82819610,fffffd80658b2f90) at pool_p_free+0x1de sys/kern/subr_pool.c:983 pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578 taskq_thread(ffffffff8276dd00) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: -5 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001d672900 rbx 0xffff80001d6729b0 rdx 0x2 rcx 0 rax 0x1 r8 0xffffffff815b41af kprintf+0x15f r9 0x1 r10 0x2 r11 0x857fb6e71e9f496b r12 0x3000000008 r13 0xffff80001d672910 r14 0x100 r15 0x1 rip 0xffffffff81565828 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001d6728f0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (systqmp) pid=80278 stat=onproc flags process=14000 proc=200 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80001d651c30,0xffff80001d651760 process=0xffff8000ffffeae0 user=0xffff80001d66d000, vmspace=0xffffffff8281a680 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 10866 409482 81341 60928 2 0x10 syz-executor.0 10866 378423 81341 60928 3 0x4000090 fsleep syz-executor.0 29320 265422 0 0 3 0x14200 acct acct 30972 315104 0 0 3 0x14280 nfsidl nfsio 37814 282364 0 0 3 0x14280 nfsidl nfsio 35695 513018 0 0 3 0x14280 nfsidl nfsio 19209 372581 0 0 3 0x14280 nfsidl nfsio 9579 77374 0 0 3 0x14280 nfsidl nfsio 74149 93249 0 0 3 0x14280 nfsidl nfsio 84371 90461 0 0 3 0x14280 nfsidl nfsio 47380 90885 0 0 3 0x14280 nfsidl nfsio 24869 64586 0 0 3 0x14280 nfsidl nfsio 36551 22999 0 0 3 0x14280 nfsidl nfsio 4417 489295 0 0 3 0x14280 nfsidl nfsio 96902 172404 0 0 3 0x14280 nfsidl nfsio 7077 468960 0 0 3 0x14280 nfsidl nfsio 95281 49461 0 0 3 0x14280 nfsidl nfsio 49388 519560 0 0 3 0x14280 nfsidl nfsio 85325 64113 0 0 3 0x14280 nfsidl nfsio 27842 341262 0 0 3 0x14280 nfsidl nfsio 53171 173522 0 0 3 0x14280 nfsidl nfsio 97166 150684 0 0 3 0x14280 nfsidl nfsio 72883 362383 0 0 3 0x14280 nfsidl nfsio 81341 271765 72595 0 2 0x482 syz-executor.0 37153 325953 0 0 3 0x14200 bored sosplice 37126 342812 72595 0 3 0x82 piperd syz-executor.1 72595 454268 46749 0 3 0x82 thrsleep syz-fuzzer 72595 334245 46749 0 2 0x4000482 syz-fuzzer 72595 126074 46749 0 3 0x4000082 thrsleep syz-fuzzer 72595 358813 46749 0 3 0x4000082 thrsleep syz-fuzzer 72595 485616 46749 0 3 0x4000082 thrsleep syz-fuzzer 72595 74228 46749 0 2 0x4000002 syz-fuzzer 72595 519159 46749 0 3 0x4000082 thrsleep syz-fuzzer 72595 398069 46749 0 3 0x4000082 thrsleep syz-fuzzer 46749 499890 94288 0 3 0x10008a pause ksh 94288 388347 59204 0 3 0x92 select sshd 19756 242475 1 0 3 0x100083 ttyin getty 59204 86938 1 0 3 0x80 select sshd 39480 458704 4821 73 3 0x100090 kqread syslogd 4821 288757 1 0 3 0x100082 netio syslogd 62865 187682 0 0 3 0x14200 bored smr 30640 304410 0 0 2 0x14200 zerothread 6953 103874 0 0 3 0x14200 aiodoned aiodoned 74733 112962 0 0 3 0x14200 syncer update 72496 62517 0 0 3 0x14200 cleaner cleaner 44666 141030 0 0 3 0x14200 reaper reaper 28392 363194 0 0 3 0x14200 pgdaemon pagedaemon 36140 438315 0 0 3 0x14200 bored crynlk 29913 307885 0 0 3 0x14200 bored crypto 72326 365358 0 0 3 0x40014200 acpi0 acpi0 14590 103642 0 0 3 0x14200 bored softnet *66218 80278 0 0 7 0x14200 systqmp 39538 222825 0 0 3 0x14200 bored systq 22995 357096 0 0 3 0x40014200 bored softclock 13846 301092 0 0 3 0x40014200 idle0 1 63925 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9521 6297K 10760K 78643K 15413 0 pcb 13 8K 8K 78643K 136 0 rtable 146 24K 24K 78643K 953 0 ifaddr 110 22K 22K 78643K 365 0 counters 21 16K 17K 78643K 51 0 ioctlops 0 0K 4K 78643K 232 0 iov 0 0K 28K 78643K 169 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 2488 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 176 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 1096 0 sigio 0 0K 0K 78643K 26 0 proc 46 30K 63K 78643K 474 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 96 0 in_multi 72 3K 4K 78643K 199 0 ether_multi 1 0K 0K 78643K 25 0 mrt 1 0K 0K 78643K 5 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 278 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 148 153K 169K 78643K 3408 0 UVM aobj 29 4K 4K 78643K 54 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 113 0 NDP 15 0K 0K 78643K 55 0 temp 152 3905K 3969K 78643K 42125 0 kqueue 3 4K 14K 78643K 49 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 13 0 6 1 0 1 1 0 8 0 rtpcb 80 91 0 91 7 6 1 1 0 8 1 rtentry 112 86 0 52 2 0 2 2 0 8 0 unpcb 120 681 0 672 1 0 1 1 0 8 0 syncache 264 15 0 15 6 6 0 1 0 8 0 sackhl 24 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1249 0 1249 3 3 0 1 0 8 0 tcpcb 544 377 0 373 1 0 1 1 0 8 0 ipq 40 7 0 7 2 2 0 1 0 8 0 ipqe 40 14 0 14 2 2 0 1 0 8 0 inpcb 296 1009 0 1005 4 3 1 2 0 8 0 nd6 48 18 0 16 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 4 0 4 2 2 0 1 0 8 0 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pfosfp 40 2 0 0 1 0 1 1 0 8 0 pfosfpen 112 3 0 0 1 0 1 1 0 8 0 pfrktable 1344 263 0 237 9 6 3 3 0 8 0 pftag 88 22 0 14 1 0 1 1 0 8 0 pfqueue 264 2 0 2 1 1 0 1 0 8 0 pfstkey 112 1 0 1 1 1 0 1 0 8 0 pfstate 328 1 0 1 1 1 0 1 0 8 0 pfrule 1360 70 0 40 3 0 3 3 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 363 0 193 14 1 13 13 0 8 0 art_table 32 365 0 193 2 0 2 2 0 8 0 art_node 16 85 0 55 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 8 3 3 0 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 168 0 158 1 0 1 1 0 8 0 shmpl 112 51 0 25 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2935 0 1540 88 0 88 88 0 8 0 ffsino 240 2935 0 1540 83 0 83 83 0 8 0 nchpl 144 4966 0 3389 60 0 60 60 0 8 0 uvmvnodes 72 4053 0 0 74 0 74 74 0 8 0 vnodes 208 4053 0 0 214 0 214 214 0 8 0 namei 1024 14644 0 14644 3 2 1 1 0 8 1 vcpupl 1984 16 0 0 2 0 2 2 0 8 0 vmpool 528 23 0 7 2 0 2 2 0 8 0 pfiaddrpl 120 98 0 72 1 0 1 1 0 8 0 scxspl 192 15214 0 15214 1 0 1 1 0 8 1 plimitpl 152 93 0 87 1 0 1 1 0 8 0 sigapl 424 1302 0 1254 6 0 6 6 0 8 0 futexpl 56 23235 0 23234 2 1 1 1 0 8 0 knotepl 112 129 0 110 1 0 1 1 0 8 0 kqueuepl 144 167 0 165 1 0 1 1 0 8 0 pipepl 272 195 0 185 2 1 1 2 0 8 0 fdescpl 432 1265 0 1253 2 0 2 2 0 8 0 filepl 120 8500 0 8414 7 3 4 4 0 8 1 lockfpl 104 259 0 259 5 4 1 1 0 8 1 lockfspl 48 92 0 92 5 4 1 1 0 8 1 sessionpl 112 18 0 10 1 0 1 1 0 8 0 pgrppl 48 28 0 20 1 0 1 1 0 8 0 ucredpl 96 1179 0 1171 1 0 1 1 0 8 0 zombiepl 144 1254 0 1254 2 1 1 1 0 8 1 processpl 928 1302 0 1254 7 0 7 7 0 8 0 procpl 624 2621 0 2565 6 1 5 6 0 8 0 sosppl 128 6 0 6 2 2 0 1 0 8 0 sockpl 400 1790 0 1777 6 3 3 4 0 8 0 mcl64k 65536 588 0 588 67 66 1 65 0 8 1 mcl16k 16384 5 0 5 3 3 0 1 0 8 0 mcl12k 12288 26 0 26 8 8 0 1 0 8 0 mcl9k 9216 20 0 20 7 6 1 1 0 8 1 mcl8k 8192 35 0 35 7 6 1 1 0 8 1 mcl4k 4096 109 0 109 8 7 1 1 0 8 1 mcl2k2 2112 10 0 10 6 5 1 1 0 8 1 mcl2k 2048 80243 0 80167 30 20 10 21 0 8 0 mtagpl 96 463 0 305 9 3 6 8 0 8 0 mbufpl 256 135510 0 135078 84 41 43 48 0 8 0 bufpl 280 7502 0 2150 383 0 383 383 0 8 0 anonpl 16 140008 0 122290 130 57 73 89 0 107 0 amapchunkpl 152 6163 0 5996 53 45 8 21 0 158 0 amappl16 192 7071 0 6090 81 31 50 60 0 8 0 amappl15 184 3 0 2 1 0 1 1 0 8 0 amappl14 176 24 0 18 1 0 1 1 0 8 0 amappl13 168 41 0 38 1 0 1 1 0 8 0 amappl12 160 429 0 426 1 0 1 1 0 8 0 amappl11 152 55 0 50 1 0 1 1 0 8 0 amappl10 144 71 0 68 1 0 1 1 0 8 0 amappl9 136 745 0 742 1 0 1 1 0 8 0 amappl8 128 360 0 317 2 0 2 2 0 8 0 amappl7 120 168 0 156 1 0 1 1 0 8 0 amappl6 112 28 0 20 1 0 1 1 0 8 0 amappl5 104 2016 0 2008 1 0 1 1 0 8 0 amappl4 96 440 0 418 1 0 1 1 0 8 0 amappl3 88 152 0 147 1 0 1 1 0 8 0 amappl2 80 9263 0 9200 2 0 2 2 0 8 0 amappl1 72 31274 0 30888 24 15 9 17 0 8 0 amappl 80 2858 0 2811 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 53 0 25 1 0 1 1 0 8 0 uaddrrnd 24 1288 0 1260 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1288 0 1260 1 0 1 1 0 8 0 vmmpekpl 168 11157 0 11122 2 0 2 2 0 8 0 vmmpepl 168 156575 0 154519 146 52 94 121 0 357 0 vmsppl 272 1287 0 1260 2 0 2 2 0 8 0 pdppl 4096 2582 0 2536 9 2 7 7 0 8 0 pvpl 32 414764 0 394718 371 147 224 292 0 265 59 pmappl 200 1287 0 1260 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 423 0 155 10 1 9 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8244c1e5) at panic+0x15c sys/kern/subr_prf.c:207 pool_p_free(ffffffff82819610,fffffd80658b2f90) at pool_p_free+0x1de sys/kern/subr_pool.c:983 pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578 taskq_thread(ffffffff8276dd00) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: -5 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8244c1e5) at panic+0x15c sys/kern/subr_prf.c:207 pool_p_free(ffffffff82819610,fffffd80658b2f90) at pool_p_free+0x1de sys/kern/subr_pool.c:983 pool_gc_pages(0) at pool_gc_pages+0x225 sys/kern/subr_pool.c:1578 taskq_thread(ffffffff8276dd00) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: -5