panic: pool_do_get: pdppl free list modified: page 0xfffffd8068d24000; item addr 0xfffffd8068d24000; offset 0x0=0x11e57ed0 != 0xc88bf7ad40ce2178 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *507987 73922 0 0 0x4000000 0K syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff824ea29d) at panic+0x177 sys/kern/subr_prf.c:202 pool_do_get(ffffffff82863db8,1,ffff800029752ac8) at pool_do_get+0x444 sys/kern/subr_pool.c:740 pool_get(ffffffff82863db8,1) at pool_get+0xeb sys/kern/subr_pool.c:584 pmap_create() at pmap_create+0xe7 sys/arch/amd64/amd64/pmap.c:1326 uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 uvmspace_init sys/uvm/uvm_map.c:3495 [inline] uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 sys/uvm/uvm_map.c:3476 vm_impl_init_vmx(ffff80002187b880,ffff800021237508) at vm_impl_init_vmx+0x71 sys/arch/amd64/amd64/vmm.c:1601 vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 vm_impl_init sys/arch/amd64/amd64/vmm.c:1710 [inline] vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 sys/arch/amd64/amd64/vmm.c:1527 vmmioctl(a00,c5005601,ffff800000b07800,1,ffff800021237508) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e35c3d0,c5005601,ffff800000b07800,1,fffffd807f7d7720,ffff800021237508) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd807bb18ee8,c5005601,ffff800000b07800,ffff800021237508) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800021237508,ffff800029752fa8,ffff800029752ff0) at sys_ioctl+0x4a2 syscall(ffff800029753070) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800029753070) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5afd727a410, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs.