panic: pool_p_free: sockpl free list modified: page 0xfffffd8063b4f000; item addr 0xfffffd8063b4f1f9; offset 0x0=0xb63cd0922ee8af98 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *347861 21914 0 0x14000 0x200 0 systqmp db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8282162b) at panic+0x17b sys/kern/subr_prf.c:198 pool_p_free(ffffffff82d10d48,fffffd8063b4ff90) at pool_p_free+0x1d3 pool_gc_pages(0) at pool_gc_pages+0x255 sys/kern/subr_pool.c:1583 taskq_thread(ffffffff82b81230) at taskq_thread+0xe5 sys/kern/kern_task.c:450 end trace frame: 0x0, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: pool_p_free: sockpl free list modified: page 0xfffffd8063b4f000; item addr 0xfffffd8063b4f1f9; offset 0x0=0xb63cd0922ee8af98 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8282162b) at panic+0x17b sys/kern/subr_prf.c:198 pool_p_free(ffffffff82d10d48,fffffd8063b4ff90) at pool_p_free+0x1d3 pool_gc_pages(0) at pool_gc_pages+0x255 sys/kern/subr_pool.c:1583 taskq_thread(ffffffff82b81230) at taskq_thread+0xe5 sys/kern/kern_task.c:450 end trace frame: 0x0, count: -5 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021181380 rbx 0xffffffff82b98b9f cpu_info_full_primary+0x2b9f rdx 0 rcx 0xffff8000211682b8 rax 0xffffffff82b97ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xeb2e357a9d4cadda r11 0x998971d510f77e54 r12 0xffffffff82b989a0 cpu_info_full_primary+0x29a0 r13 0 r14 0 r15 0x1 rip 0xffffffff8255bacc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800021181370 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{0}> show proc PROC (systqmp) pid=347861 stat=onproc flags process=14000 proc=200 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800021168000,0xffff800021168580 process=0xffff8000ffffc430 user=0xffff80002117c000, vmspace=0xffffffff82d0e890 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 46500 214387 67707 0 3 0x3000 suspend syz-executor.6 46500 497706 67707 0 3 0x4081001 solock syz-executor.6 67707 421874 88800 0 3 0x82 wait syz-executor.6 55334 416617 88800 0 3 0x82 piperd syz-executor.0 8897 314821 88800 0 3 0x3 solock syz-executor.4 56641 238058 1 0 3 0x100083 ttyin getty 74269 64072 88800 0 3 0x3 solock syz-executor.1 36297 474613 88800 0 3 0x3 solock syz-executor.3 15094 366832 88800 0 3 0x82 piperd syz-executor.7 92100 453069 0 0 3 0x14280 nfsidl nfsio 48875 112738 0 0 3 0x14280 nfsidl nfsio 16383 431733 0 0 3 0x14280 nfsidl nfsio 44717 26837 0 0 3 0x14280 nfsidl nfsio 94230 288187 0 0 3 0x14280 nfsidl nfsio 19272 302155 0 0 3 0x14280 nfsidl nfsio 21103 208748 0 0 3 0x14280 nfsidl nfsio 84930 304400 0 0 3 0x14280 nfsidl nfsio 31949 415572 0 0 3 0x14280 nfsidl nfsio 60509 375878 0 0 3 0x14280 nfsidl nfsio 20450 381288 0 0 3 0x14280 nfsidl nfsio 47988 236386 0 0 3 0x14280 nfsidl nfsio 78783 271461 0 0 3 0x14280 nfsidl nfsio 78256 480946 0 0 3 0x14280 nfsidl nfsio 55657 421661 0 0 3 0x14280 nfsidl nfsio 34887 44985 0 0 3 0x14280 nfsidl nfsio 15947 359486 0 0 3 0x14280 nfsidl nfsio 10141 232901 0 0 3 0x14280 nfsidl nfsio 5830 289314 0 0 3 0x14280 nfsidl nfsio 51338 239351 0 0 3 0x14280 nfsidl nfsio 88871 211312 88800 0 3 0x82 piperd syz-executor.2 75445 402985 0 0 3 0x14200 bored sosplice 88991 360340 88800 0 3 0x82 piperd syz-executor.5 88800 39728 98305 0 3 0x2000082 wait syz-fuzzer 88800 38705 98305 0 3 0x6000082 thrsleep syz-fuzzer 88800 397722 98305 0 3 0x6000082 wait syz-fuzzer 88800 371509 98305 0 3 0x6000082 thrsleep syz-fuzzer 88800 416106 98305 0 3 0x6000082 wait syz-fuzzer 88800 394883 98305 0 3 0x6000082 thrsleep syz-fuzzer 88800 205438 98305 0 3 0x6000082 wait syz-fuzzer 88800 256094 98305 0 3 0x6000082 kqread syz-fuzzer 88800 473154 98305 0 3 0x6000082 wait syz-fuzzer 88800 146559 98305 0 3 0x6000082 wait syz-fuzzer 88800 97637 98305 0 3 0x6000082 thrsleep syz-fuzzer 88800 113886 98305 0 3 0x6000003 solock syz-fuzzer 88800 24594 98305 0 3 0x6000082 wait syz-fuzzer 88800 51834 98305 0 3 0x6000082 thrsleep syz-fuzzer 88800 455744 98305 0 3 0x6000082 wait syz-fuzzer 88800 472273 98305 0 3 0x6000003 solock syz-fuzzer 88800 176146 98305 0 3 0x6000082 thrsleep syz-fuzzer 98305 256825 50283 0 3 0x10008a sigsusp ksh 50283 259475 86704 0 3 0x9a kqread sshd 86704 72572 1 0 3 0x88 kqread sshd 65308 305370 46264 74 3 0x1100092 bpf pflogd 46264 435850 1 0 3 0x80 netio pflogd 28534 241698 18669 73 3 0x1100090 kqread syslogd 18669 166636 1 0 3 0x100082 netio syslogd 57656 163843 1 0 3 0x100080 kqread resolvd 65257 171708 42552 77 3 0x100092 kqread dhcpleased 98683 203654 42552 77 3 0x100092 kqread dhcpleased 42552 5255 1 0 3 0x80 kqread dhcpleased 99901 417232 0 0 3 0x14200 bored smr 72157 77267 0 0 3 0x14200 pgzero zerothread 94575 144902 0 0 3 0x14200 aiodoned aiodoned 77603 23118 0 0 3 0x14200 syncer update 58797 130502 0 0 3 0x14200 cleaner cleaner 91933 456872 0 0 3 0x14200 reaper reaper 53728 172456 0 0 3 0x14200 pgdaemon pagedaemon 12357 99952 0 0 3 0x14200 bored viomb 4469 236547 0 0 3 0x40014200 acpi0 acpi0 4975 42890 0 0 7 0x40014200 idle1 30941 244251 0 0 3 0x14200 bored softnet3 46474 53515 0 0 3 0x14200 bored softnet2 62113 185859 0 0 3 0x14200 bored softnet1 86307 7724 0 0 3 0x14200 bored softnet0 *21914 347861 0 0 7 0x14200 systqmp 95581 271391 0 0 3 0x14200 bored systq 13899 444441 0 0 3 0x40014200 bored softclock 1414 180073 0 0 3 0x40014200 idle0 1 429893 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 21914 (systqmp) thread 0xffff8000211682b8 (347861) shared rwlock pools r = 0 (0xffffffff82bb2610) #0 witness_lock+0x447 #1 pool_gc_pages+0x25 sys/kern/subr_pool.c:1560 #2 taskq_thread+0xe5 sys/kern/kern_task.c:450 #3 proc_trampoline+0x1c shared rwlock systqmp r = 0 (0xffffffff82b812a0) #0 witness_lock+0x447 #1 taskq_thread+0xca sys/kern/kern_task.c:446 #2 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10198 6482K 7007K 78643K 16332 0 pcb 13 16K 17K 78643K 247 0 rtable 237 7K 7K 78643K 674 0 pf 32 9K 10K 78643K 220 0 ifaddr 45 16K 17K 78643K 150 0 ifgroup 55 2K 2K 78643K 340 0 sysctl 2 0K 1K 78643K 9 0 counters 60 35K 36K 78643K 206 0 ioctlops 0 0K 4K 78643K 1527 0 iov 0 0K 16K 78643K 295 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1498 94K 94K 78643K 3551 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 46 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 523 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 11 37K 81K 78643K 4731 0 sigio 0 0K 0K 78643K 378 0 proc 70 91K 128K 78643K 1144 0 subproc 104 6K 6K 78643K 208 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 109 0 in_multi 99 7K 7K 78643K 215 0 ether_multi 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 79 360K 360K 78643K 79 0 exec 0 0K 1K 78643K 987 0 pfkey data 0 0K 0K 78643K 66 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 373 90K 95K 78643K 48803 0 UVM aobj 123 3K 3K 78643K 126 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 92 0 NDP 12 0K 0K 78643K 117 0 temp 82 5920K 6048K 78643K 49218 0 kqueue 12 18K 26K 78643K 342 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 217 0 214 3 2 1 2 0 8 0 rtentry 112 205 0 95 4 0 4 4 0 8 0 unpcb 144 3149 0 3134 37 36 1 6 0 8 0 syncache 296 38 0 38 10 10 0 1 0 8 0 tcpqe 32 147 0 147 9 9 0 1 0 8 0 tcpcb 808 5947 0 5942 100 98 2 18 0 8 0 arp 120 35 0 17 1 0 1 1 0 8 0 inpcb 368 7758 0 7750 98 96 2 17 0 8 1 nd6 136 50 0 26 1 0 1 1 0 8 0 pkpcb 40 5 0 5 2 2 0 1 0 8 0 kcovpl 48 16 0 8 1 0 1 1 0 8 0 ppxss 1256 19 0 19 7 7 0 1 0 8 0 pffrag 232 59 0 58 2 1 1 1 0 482 0 pffrnode 88 59 0 58 2 1 1 1 0 8 0 pffrent 40 131 0 130 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 132 0 126 1 0 1 1 0 8 0 pfstkey 128 132 0 126 2 0 2 2 0 8 0 pfstate 376 132 0 126 4 0 4 4 0 8 1 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 826 0 362 30 1 29 30 0 8 0 art_table 32 827 0 362 4 0 4 4 0 8 0 art_node 16 201 0 101 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 22 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 483 0 473 1 0 1 1 0 8 0 shmpl 112 123 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 7628 0 6165 92 0 92 92 0 8 0 ffsino 272 7628 0 6165 99 0 99 99 0 8 0 nchpl 144 14133 0 12486 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 45164 0 45162 4 3 1 2 0 8 0 percpumem 16 116 0 73 1 0 1 1 0 8 0 kstatmem 264 170 0 146 2 0 2 2 0 8 0 scxspl 216 40854 0 40854 17 16 1 8 1 8 1 plimitpl 152 487 0 471 1 0 1 1 0 8 0 sigapl 424 5060 0 4998 9 1 8 8 0 8 0 futexpl 64 36896 0 36896 1 1 0 1 0 8 0 knotepl 120 754 0 0 17 0 17 17 0 8 0 kqueuepl 216 794 0 786 15 14 1 5 0 8 0 pipepl 320 760 0 731 18 15 3 8 0 8 0 fdescpl 496 5021 0 4997 5 1 4 5 0 8 0 filepl 152 31253 0 31011 70 59 11 19 0 8 0 lockfpl 104 1275 0 1273 1 0 1 1 0 8 0 lockfspl 48 520 0 518 1 0 1 1 0 8 0 sessionpl 144 33 0 16 1 0 1 1 0 8 0 pgrppl 48 194 0 177 1 0 1 1 0 8 0 ucredpl 104 4008 0 3995 1 0 1 1 0 8 0 zombiepl 144 4999 0 4998 2 1 1 1 0 8 0 processpl 1072 5060 0 4998 5 0 5 5 0 8 0 procpl 696 13379 0 13300 22 12 10 10 0 8 0 sosppl 168 53 0 53 10 10 0 1 0 8 0 sockpl 488 11203 0 11177 212 208 4 29 0 8 0 mcl64k 65536 16 0 0 2 0 2 2 0 8 0 mcl16k 16384 12 0 0 2 0 2 2 0 8 0 mcl12k 12288 18 0 0 2 0 2 2 0 8 0 mcl9k 9216 14 0 0 1 0 1 1 0 8 0 mcl8k 8192 21 0 0 3 0 3 3 0 8 0 mcl4k 4096 29 0 0 3 1 2 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 333 0 0 40 3 37 40 0 8 0 mtagpl 96 504 0 0 12 0 12 12 0 8 0 mbufpl 256 1439 0 0 82 0 82 82 0 8 0 bufpl 288 11105 0 4781 453 1 452 453 0 8 0 anonpl 24 596463 0 583139 136 37 99 107 0 186 0 amapchunkpl 152 153210 0 152411 63 25 38 39 0 158 0 amappl16 200 12999 0 12630 68 46 22 36 0 8 0 amappl15 192 17 0 17 2 2 0 1 0 8 0 amappl14 184 190 0 175 2 1 1 2 0 8 0 amappl13 176 10 0 10 1 1 0 1 0 8 0 amappl12 168 5812 0 5787 3 1 2 2 0 8 0 amappl11 160 59 0 43 1 0 1 1 0 8 0 amappl10 152 37 0 27 1 0 1 1 0 8 0 amappl9 144 231 0 231 10 10 0 1 0 8 0 amappl8 136 397 0 285 4 0 4 4 0 8 0 amappl7 128 90 0 72 2 0 2 2 0 8 0 amappl6 120 359 0 334 2 1 1 2 0 8 0 amappl5 112 279 0 266 1 0 1 1 0 8 0 amappl4 104 724 0 675 3 1 2 3 0 8 0 amappl3 96 30635 0 30570 4 1 3 3 0 8 0 amappl2 88 5469 0 5397 4 2 2 4 0 8 0 amappl1 80 26614 0 26077 23 11 12 23 0 8 0 amappl 88 48069 0 47859 9 2 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 125 0 3 3 0 3 3 0 8 0 uaddrrnd 24 5022 0 4998 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5022 0 4998 1 0 1 1 0 8 0 vmmpekpl 168 41729 0 41652 4 0 4 4 0 8 0 vmmpepl 168 315730 0 313605 205 94 111 122 0 357 0 vmsppl 464 5021 0 4998 5 1 4 5 0 8 0 rwobjpl 56 87366 0 79828 116 8 108 111 0 8 0 pdppl 4096 10052 0 9996 352 296 56 78 0 8 0 pvpl 32 1540402 0 1521388 429 248 181 352 0 265 0 pmappl 248 5021 0 4998 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1374 0 508 26 0 26 26 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8282162b) at panic+0x17b sys/kern/subr_prf.c:198 pool_p_free(ffffffff82d10d48,fffffd8063b4ff90) at pool_p_free+0x1d3 pool_gc_pages(0) at pool_gc_pages+0x255 sys/kern/subr_pool.c:1583 taskq_thread(ffffffff82b81230) at taskq_thread+0xe5 sys/kern/kern_task.c:450 end trace frame: 0x0, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d58ff0) at sched_idle+0x41e sys/kern/kern_sched.c:199 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d58ff0) at sched_idle+0x41e sys/kern/kern_sched.c:199 end trace frame: 0x0, count: -5