panic: pool_p_free: rttmr free list modified: page 0xfffffd805ddc3000; item addr 0xfffffd805ddc3dd0; offset 0x10=0x83908fb0 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *307263 44431 0 0x14000 0x200 0 systqmp db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336c1c0) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_p_free(ffffffff839010c0,fffffd805ddc3f90) at pool_p_free+0x2d1 sys/kern/subr_pool.c:986 pool_gc_pages(0) at pool_gc_pages+0x357 sys/kern/subr_pool.c:1587 taskq_thread(ffffffff83834270) at taskq_thread+0x157 sys/kern/kern_task.c:446 end trace frame: 0x0, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: pool_p_free: rttmr free list modified: page 0xfffffd805ddc3000; item addr 0xfffffd805ddc3dd0; offset 0x10=0x83908fb0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336c1c0) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_p_free(ffffffff839010c0,fffffd805ddc3f90) at pool_p_free+0x2d1 sys/kern/subr_pool.c:986 pool_gc_pages(0) at pool_gc_pages+0x357 sys/kern/subr_pool.c:1587 taskq_thread(ffffffff83834270) at taskq_thread+0x157 sys/kern/kern_task.c:446 end trace frame: 0x0, count: -5 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a21a540 rbx 0xffffffff83828ddf cpu_info_full_primary+0x2ddf rdx 0 rcx 0xffff8000ffffe000 rax 0xffffffff83827ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x64cf24c9e65806d7 r11 0x335ab96d0ba9ece8 r12 0xffffffff83828be0 cpu_info_full_primary+0x2be0 r13 0 r14 0 r15 0x1 rip 0xffffffff811b9065 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a21a530 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (systqmp) tid=307263 pid=44431 tcnt=1 stat=onproc flags process=14000 proc=200 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffffe530,0xffff8000ffffe2a8 process=0xffff8000ffff89c0 user=0xffff80002a215000, vmspace=0xffffffff839882d8 estcpu=0, cpticks=5, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 79724 331174 57675 0 2 0 syz-executor 79724 52589 57675 0 2 0x4000000 syz-executor 21375 331842 19518 0 2 0 syz-executor 21375 132780 19518 0 3 0x4000080 fsleep syz-executor 82877 99797 22180 0 2 0 syz-executor 82877 255517 22180 0 2 0x4000080 syz-executor 97033 292956 55328 0 2 0 syz-executor 63406 176835 59726 0 2 0 syz-executor 63406 363868 59726 0 3 0x4000080 kqpoll syz-executor 41095 439352 55736 0 2 0 syz-executor 41095 24024 55736 0 3 0x4000080 sbwait syz-executor 12244 117001 35517 60929 2 0xc90 syz-executor 12244 28195 35517 60929 3 0x4000090 lockf syz-executor 12244 165426 35517 60929 3 0x4000090 fsleep syz-executor 12244 94137 35517 60929 3 0x4000090 fsleep syz-executor 6603 133936 30612 0 2 0 syz-executor 6603 269045 30612 0 2 0x4000000 syz-executor 6603 481908 30612 0 3 0x4000080 fsleep syz-executor 6603 46965 30612 0 3 0x4000080 fsleep syz-executor 6603 469220 30612 0 3 0x4000080 fsleep syz-executor 6603 286914 30612 0 3 0x4000080 fsleep syz-executor 55736 173546 53987 0 2 0x2 syz-executor 57675 77554 53987 0 2 0xc82 syz-executor 19518 345226 53987 0 2 0xc82 syz-executor 22180 170574 53987 0 2 0xc82 syz-executor 7001 402486 1 0 3 0x100083 ttyin getty 55328 484512 53987 0 2 0xc82 syz-executor 35517 336120 53987 0 2 0x2 syz-executor 30612 514988 53987 0 2 0x2 syz-executor 59726 431624 53987 0 2 0xc82 syz-executor 65163 206549 0 0 3 0x14200 bored sosplice 53987 504393 58314 0 2 0x2 syz-executor 58314 218609 60227 0 3 0x10008a sigsusp ksh 60227 416094 20045 0 3 0x98 kqread sshd-session 20045 135408 98851 0 3 0x92 kqread sshd-session 98851 221715 1 0 3 0x88 kqread sshd 91781 65068 60789 74 3 0x1100092 bpf pflogd 60789 448971 1 0 3 0x80 sbwait pflogd 39677 353930 65953 73 3 0x1100090 kqread syslogd 65953 434614 1 0 3 0x100082 sbwait syslogd 87491 271028 1 0 3 0x100080 kqread resolvd 94905 258371 0 0 3 0x14200 bored smr 56978 278055 0 0 2 0x14200 zerothread 23952 32735 0 0 3 0x14200 aiodoned aiodoned 17227 351219 0 0 3 0x14200 syncer update 80106 349268 0 0 3 0x14200 cleaner cleaner 95596 396633 0 0 3 0x14200 reaper reaper 50725 360802 0 0 3 0x14200 pgdaemon pagedaemon 92051 136070 0 0 3 0x14200 bored viomb 7019 293565 0 0 3 0x40014200 acpi0 acpi0 20500 273964 0 0 7 0x40014200 idle1 15452 349630 0 0 3 0x14200 bored softnet7 10369 41881 0 0 3 0x14200 bored softnet6 52995 225842 0 0 3 0x14200 bored softnet5 99051 6701 0 0 3 0x14200 bored softnet4 85823 305551 0 0 3 0x14200 bored softnet3 81975 496047 0 0 3 0x14200 bored softnet2 53947 258766 0 0 3 0x14200 bored softnet1 26950 291745 0 0 3 0x14200 bored softnet0 *44431 307263 0 0 7 0x14200 systqmp 8528 97487 0 0 3 0x14200 bored systq 80644 107866 0 0 3 0x14200 tmoslp softclockmp 9066 429005 0 0 2 0x40014200 softclock 6444 186579 0 0 3 0x40014200 idle0 1 80369 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 6603 (syz-executor) thread 0xffff800031009778 (269045) Process 44431 (systqmp) thread 0xffff8000ffffe000 (307263) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10266 11194K 13631K 166960K 16963 0 pcb 17 20K 28K 166960K 1523 0 rtable 217 16K 16K 166960K 1336 0 pf 40 18K 21K 166960K 680 0 ifaddr 37 7K 9K 166960K 388 0 ifgroup 59 2K 3K 166960K 720 0 sysctl 4 1K 9K 166960K 39 0 counters 70 37K 38K 166960K 746 0 ioctlops 0 0K 4K 166960K 2935 0 iov 0 0K 28K 166960K 593 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1638 103K 104K 166960K 6294 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 66 0 VM map 2 1K 1K 166960K 2 0 sem 28 80K 156K 166960K 343 0 dirhash 12 2K 3K 166960K 117 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 244K 166960K 5802 0 sigio 0 0K 0K 166960K 149 0 proc 68 83K 164K 166960K 1859 0 subproc 72 4K 4K 166960K 247 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 795 0 in_multi 71 5K 7K 166960K 514 0 ether_multi 1 0K 0K 166960K 71 0 mrt 1 0K 0K 166960K 40 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 277 1235K 1235K 166960K 277 0 exec 0 0K 1K 166960K 1548 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 16 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 232 143K 191K 166960K 51815 0 UVM aobj 42 2K 4K 166960K 49 0 pinsyscall 37 74K 106K 166960K 7384 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 409 0 NDP 13 0K 2K 166960K 290 0 temp 85 8652K 8908K 166960K 302882 0 kqueue 9 15K 32K 166960K 1194 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 715 0 714 7 6 1 3 0 8 0 rtentry 176 481 0 413 5 0 5 5 0 8 0 unpcb 144 5518 0 5506 39 36 3 13 0 8 2 syncache 336 11 0 11 6 6 0 1 0 8 0 tcpqe 32 4 0 4 3 3 0 1 0 8 0 tcpcb 736 2279 0 2273 55 48 7 10 0 8 6 arp 128 63 0 53 1 0 1 1 0 8 0 inpcb 328 7320 0 7313 79 72 7 15 0 8 5 nd6 144 72 0 58 1 0 1 1 0 8 0 pkpcb 40 90 0 90 15 14 1 1 0 8 1 kcovpl 48 27 0 19 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1192 257 0 257 4 3 1 1 0 8 1 pppxif 1504 32 0 32 12 11 1 1 0 8 1 pffrag 232 50 0 43 1 0 1 1 0 482 0 pffrnode 88 46 0 39 1 0 1 1 0 8 0 pffrent 40 118 0 110 1 0 1 1 0 8 0 pfosfp 40 1428 0 1428 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0 pfrktable 1344 5 0 5 4 4 0 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 396 0 296 1 0 1 1 0 8 0 pfstkey 128 400 0 300 4 0 4 4 0 8 0 pfstate 384 398 0 298 15 4 11 11 0 8 0 pfrule 1344 23 0 18 2 1 1 2 0 8 0 rttmr 136 10 0 10 7 7 0 1 0 8 0 art_heap8 4096 6 0 2 6 2 4 5 0 8 0 art_heap4 256 1839 0 1489 36 13 23 31 0 8 0 art_table 40 1845 0 1491 5 1 4 5 0 8 0 art_node 32 433 0 375 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 17 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 262 0 236 1 0 1 1 0 8 0 shmpl 112 46 0 7 2 0 2 2 0 8 0 dirhash 1024 88 0 71 3 0 3 3 0 8 0 dino2pl 256 12517 0 10973 98 1 97 97 0 8 0 ffsino 296 12517 0 10973 121 1 120 120 0 8 0 nchpl 144 20434 0 19835 66 39 27 65 0 8 0 rtmask 32 51 0 51 12 12 0 1 0 8 0 uvmvnodes 80 15019 0 0 307 0 307 307 0 8 0 vnodes 216 15019 0 0 835 0 835 835 0 8 0 namei 1024 79003 0 79003 10 9 1 3 0 8 1 percpumem 16 388 0 338 1 0 1 1 0 8 0 kstatmem 264 478 0 446 6 3 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 40 0 40 12 11 1 1 0 8 1 scxspl 216 143775 0 143775 19 17 2 8 1 8 2 plimitpl 152 1785 0 1767 1 0 1 1 0 8 0 sigapl 424 6075 0 6023 9 1 8 9 0 8 0 knotepl 120 917 0 0 24 0 24 24 0 8 0 kqueuepl 224 2492 0 2479 32 29 3 7 0 8 2 pipepl 344 977 0 949 19 12 7 9 0 8 4 fdescpl 528 6007 0 5978 3 0 3 3 0 8 0 filepl 160 47378 0 47166 59 45 14 28 0 8 1 lockfpl 104 4025 0 4022 7 6 1 2 0 8 0 lockfspl 48 1196 0 1194 1 0 1 1 0 8 0 sessionpl 144 53 0 45 1 0 1 1 0 8 0 pgrppl 48 206 0 190 1 0 1 1 0 8 0 ucredpl 104 7952 0 7941 1 0 1 1 0 8 0 zombiepl 144 6815 0 6815 1 0 1 1 0 8 1 processpl 1248 6075 0 6023 6 1 5 6 0 8 0 procpl 664 14798 0 14733 8 1 7 8 0 8 0 sosppl 168 57 0 57 8 7 1 1 0 8 1 sockpl 752 13915 0 13895 121 110 11 35 0 8 7 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 135 0 0 17 0 17 17 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 64 0 0 6 0 6 6 0 8 0 mtagpl 96 52 0 0 2 0 2 2 0 8 0 mbufpl 256 1322 0 0 73 0 73 73 0 8 0 bufpl 280 58342 0 52199 440 0 440 440 0 8 0 anonpl 32 23962 0 0 192 0 192 192 0 246 0 amapchunkpl 152 184420 0 183761 81 50 31 35 0 158 0 amappl16 200 25026 0 24282 179 129 50 58 0 8 2 amappl15 192 16 0 16 3 3 0 1 0 8 0 amappl14 184 169 0 160 1 0 1 1 0 8 0 amappl13 176 7 0 7 2 2 0 1 0 8 0 amappl12 168 6986 0 6958 4 2 2 3 0 8 0 amappl11 160 74 0 66 1 0 1 1 0 8 0 amappl10 152 6 0 6 2 1 1 1 0 8 1 amappl9 144 259 0 258 2 1 1 1 0 8 0 amappl8 136 19 0 16 1 0 1 1 0 8 0 amappl7 128 157 0 147 1 0 1 1 0 8 0 amappl6 120 366 0 361 1 0 1 1 0 8 0 amappl5 112 210 0 203 1 0 1 1 0 8 0 amappl4 104 348 0 329 1 0 1 1 0 8 0 amappl3 96 38254 0 38146 5 1 4 4 0 8 0 amappl2 88 1099 0 1049 2 0 2 2 0 8 0 amappl1 80 33214 0 32708 19 3 16 16 0 8 0 amappl 88 49766 0 49589 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 2 0 2 2 2 0 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 266 0 266 9 8 1 1 0 8 1 dma64 64 9 0 9 4 4 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 88 0 87 1 0 1 1 0 8 0 aobjpl 72 48 0 7 1 0 1 1 0 8 0 uaddrrnd 24 6007 0 5978 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6007 0 5978 1 0 1 1 0 8 0 vmmpekpl 168 39717 0 39642 4 0 4 4 0 8 0 vmmpepl 168 389712 0 387232 219 90 129 145 0 357 5 vmsppl 488 6006 0 5978 8 3 5 5 0 8 0 rwobjpl 80 110747 0 94156 345 6 339 339 0 8 0 pdppl 4096 12021 0 11956 159 94 65 83 0 8 0 pvpl 32 33200 0 0 267 1 266 266 0 265 0 pmappl 256 6006 0 5978 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 487 0 181 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336c1c0) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_p_free(ffffffff839010c0,fffffd805ddc3f90) at pool_p_free+0x2d1 sys/kern/subr_pool.c:986 pool_gc_pages(0) at pool_gc_pages+0x357 sys/kern/subr_pool.c:1587 taskq_thread(ffffffff83834270) at taskq_thread+0x157 sys/kern/kern_task.c:446 end trace frame: 0x0, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: -5