panic: free: size too small 1024 <= 53248 / 2 (0xffff80000129b000) type shm
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*103450 65585 0 0x8000000 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82fde461) at panic+0x1cf sys/kern/subr_prf.c:198
free(ffff80000129b000,1d,400) at free+0x6f5 sys/kern/kern_malloc.c:418
shm_reallocate(1918) at shm_reallocate+0x92 sys/kern/sysv_shm.c:563
sysctl_sysvshm(ffff80003074b368,1,0,ffff80003074b398,20000080,4) at sysctl_sysvshm+0x34b
kern_sysctl(ffff80003074b364,2,0,ffff80003074b398,20000080,4,93453588c1cbfeae) at kern_sysctl+0x147 sys/kern/kern_sysctl.c:659
sys_sysctl(ffff80002a503c10,ffff80003074b4d0,ffff80003074b420) at sys_sysctl+0x2f6
syscall(ffff80003074b4d0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb4be0aa8390, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: free: size too small 1024 <= 53248 / 2 (0xffff80000129b000) type shm
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82fde461) at panic+0x1cf sys/kern/subr_prf.c:198
free(ffff80000129b000,1d,400) at free+0x6f5 sys/kern/kern_malloc.c:418
shm_reallocate(1918) at shm_reallocate+0x92 sys/kern/sysv_shm.c:563
sysctl_sysvshm(ffff80003074b368,1,0,ffff80003074b398,20000080,4) at sysctl_sysvshm+0x34b
kern_sysctl(ffff80003074b364,2,0,ffff80003074b398,20000080,4,93453588c1cbfeae) at kern_sysctl+0x147 sys/kern/kern_sysctl.c:659
sys_sysctl(ffff80002a503c10,ffff80003074b4d0,ffff80003074b420) at sys_sysctl+0x2f6
syscall(ffff80003074b4d0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb4be0aa8390, count: -9
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003074afb0
rbx 0xd000 __ALIGN_SIZE+0xc000
rdx 0
rcx 0
rax 0xffff80002a503c10
r8 0x101010101010101
r9 0x8080808080808080
r10 0x4274101125b6f398
r11 0x8b9cff6f00426af6
r12 0
r13 0x400
r14 0
r15 0x1
rip 0xffffffff82413bc5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003074afa0
ss 0
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=103450 pid=65585 tcnt=3 stat=onproc
flags process=8000000<PIN> proc=4000000<THREAD>
runpri=82, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a502ce0,0xffff80002a503710
process=0xffff80002e005560 user=0xffff800030746000, vmspace=0xfffffd806c276c28
estcpu=32, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
99997 283060 62439 0 2 0x8000000 syz-executor
99997 15057 62439 0 3 0xc000080 fsleep syz-executor
99997 137509 62439 0 2 0xc000000 syz-executor
62645 418633 71348 0 2 0x8000000 syz-executor
62645 519787 71348 0 3 0xc000080 fsleep syz-executor
72779 318866 4283 0 2 0x8000000 syz-executor
72779 272679 4283 0 3 0xc000080 fsleep syz-executor
76647 424779 85955 0 2 0x8000000 syz-executor
65585 25334 54261 0 2 0x8000000 syz-executor
65585 136660 54261 0 2 0xc000000 syz-executor
*65585 103450 54261 0 7 0xc000000 syz-executor
51776 255481 83132 0 2 0x8000000 syz-executor
51776 215410 83132 0 3 0xc000080 fsleep syz-executor
51776 62027 83132 0 3 0xc000080 fsleep syz-executor
83784 84101 41787 0 2 0x8000000 syz-executor
83784 521508 41787 0 3 0xc000080 fsleep syz-executor
83784 7068 41787 0 3 0xc000080 fsleep syz-executor
62439 74085 57115 0 3 0x8000082 nanoslp syz-executor
94272 285163 4415 0 3 0x18100082 sbwait ndp
4415 243888 7615 0 3 0x810008a sigsusp sh
54261 205179 57115 0 3 0x8000082 nanoslp syz-executor
83132 282404 57115 0 3 0x8000082 nanoslp syz-executor
7615 429928 57115 0 3 0x8000082 wait syz-executor
85955 457990 57115 0 3 0x8000082 nanoslp syz-executor
71348 186353 57115 0 3 0x8000082 nanoslp syz-executor
41787 512808 57115 0 3 0x8000082 nanoslp syz-executor
4283 66874 57115 0 3 0x8000082 nanoslp syz-executor
16264 236273 1 0 3 0x2c003000 suspend syz-executor
16264 266611 1 0 2 0x2c081000 syz-executor
11382 440102 0 0 3 0x14280 nfsidl nfsio
95344 450468 0 0 3 0x14280 nfsidl nfsio
15855 103338 0 0 3 0x14280 nfsidl nfsio
55939 270281 0 0 3 0x14280 nfsidl nfsio
70132 278240 0 0 3 0x14280 nfsidl nfsio
57173 50660 0 0 3 0x14280 nfsidl nfsio
40069 197814 0 0 3 0x14280 nfsidl nfsio
41381 510882 0 0 3 0x14280 nfsidl nfsio
91631 509015 0 0 3 0x14280 nfsidl nfsio
53132 344408 0 0 3 0x14280 nfsidl nfsio
94085 400638 0 0 3 0x14280 nfsidl nfsio
67253 58739 0 0 3 0x14280 nfsidl nfsio
40004 414195 0 0 3 0x14280 nfsidl nfsio
76314 138381 0 0 3 0x14280 nfsidl nfsio
33558 232742 0 0 3 0x14280 nfsidl nfsio
59473 429943 0 0 3 0x14280 nfsidl nfsio
92559 399816 0 0 3 0x14280 nfsidl nfsio
94082 12654 0 0 3 0x14280 nfsidl nfsio
97155 404031 0 0 3 0x14280 nfsidl nfsio
39922 189435 0 0 3 0x14280 nfsidl nfsio
95099 295160 0 0 3 0x14200 bored sosplice
57115 484382 15765 0 3 0x8000082 kqread syz-executor
15765 422824 65674 0 3 0x810008a sigsusp ksh
65674 100128 31254 0 3 0x18000098 kqread sshd-session
31254 30656 79800 0 3 0x18000092 kqread sshd-session
68484 255493 1 0 3 0x18100083 ttyopn getty
79800 367735 1 0 3 0x18000088 kqread sshd
76503 282704 53612 73 3 0x19100010 ffs_fsync syslogd
53612 257178 1 0 3 0x18100082 sbwait syslogd
75716 469926 1 0 3 0x18100080 kqread resolvd
17166 124234 39371 77 3 0x18100092 kqread dhcpleased
24323 171994 39371 77 3 0x18100092 kqread dhcpleased
39371 425756 1 0 3 0x18000080 kqread dhcpleased
55303 215000 0 0 3 0x14200 bored smr
14226 484144 0 0 2 0x14200 zerothread
21157 158110 0 0 3 0x14200 aiodoned aiodoned
8147 326938 0 0 3 0x14200 syncer update
13209 202490 0 0 3 0x14200 cleaner cleaner
81576 77506 0 0 3 0x14200 reaper reaper
23325 457705 0 0 3 0x14200 pgdaemon pagedaemon
18108 503885 0 0 3 0x14200 bored viomb
21842 145070 0 0 3 0x40014200 acpi0 acpi0
49134 70926 0 0 3 0x14200 bored softnet3
34684 439593 0 0 3 0x14200 bored softnet2
77621 314230 0 0 3 0x14200 bored softnet1
39882 105896 0 0 3 0x14200 bored softnet0
80474 307755 0 0 3 0x14200 bored systqmp
45231 521272 0 0 3 0x14200 bored systq
80278 266110 0 0 3 0x40014200 tmoslp softclock
37288 211668 0 0 3 0x40014200 idle0
1 306614 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10189 10167K 14327K 166960K 14206 0
pcb 17 17K 19K 166960K 501 0
rtable 214 8K 9K 166960K 3225 0
pf 33 13K 17K 166960K 306 0
ifaddr 41 8K 8K 166960K 425 0
ifgroup 55 2K 2K 166960K 475 0
sysctl 1 1K 3K 166960K 3 0
counters 30 17K 17K 166960K 139 0
ioctlops 0 0K 4K 166960K 429 0
iov 0 0K 20K 166960K 207 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1487 93K 94K 166960K 3955 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 4 108K 108K 166960K 34 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 216 0
dirhash 15 2K 3K 166960K 99 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 20 73K 93K 166960K 2714 0
sigio 0 0K 0K 166960K 34 0
proc 61 67K 100K 166960K 3060 0
subproc 63 3K 3K 166960K 675 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 283 0
in_multi 96 7K 7K 166960K 1119 0
ether_multi 1 0K 0K 166960K 17 0
mrt 1 0K 0K 166960K 8 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 145 652K 652K 166960K 145 0
exec 0 0K 1K 166960K 1883 0
pfkey data 0 0K 0K 166960K 3 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 243 81K 99K 166960K 23111 0
UVM aobj 131 8K 8K 166960K 136 0
pinsyscall 42 84K 98K 166960K 6025 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 85 0
NDP 11 0K 2K 166960K 312 0
temp 106 6810K 6949K 166960K 100514 0
kqueue 13 20K 28K 166960K 231 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 386 0 382 2 0 2 2 0 8 1
rtentry 112 1113 0 1017 4 1 3 4 0 8 0
unpcb 144 2298 0 2279 8 0 8 8 0 8 7
syncache 336 7 0 7 2 1 1 1 0 8 1
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 808 906 0 900 11 3 8 8 0 8 7
arp 88 202 0 184 1 0 1 1 0 8 0
ipq 40 7 0 6 1 0 1 1 0 8 0
ipqe 40 85 0 84 1 0 1 1 0 8 0
inpcb 336 3544 0 3531 27 18 9 15 0 8 7
nd6 104 299 0 276 1 0 1 1 0 8 0
pkpcb 40 18 0 18 2 1 1 1 0 8 1
kcovpl 48 96 0 87 1 0 1 1 0 8 0
ppxss 1072 12 0 12 1 0 1 1 0 8 1
pfosfp 40 2 0 0 1 0 1 1 0 8 0
pfosfpen 112 2 0 0 1 0 1 1 0 8 0
pfrktable 1344 11 0 11 2 1 1 1 0 8 1
pfanchor 1288 5 0 4 2 1 1 1 0 8 0
pftag 88 11 0 9 2 1 1 1 0 8 0
pfqueue 264 1 0 0 1 0 1 1 0 8 0
pfstkey 128 2 0 2 1 0 1 1 0 8 1
pfstate 344 1 0 1 1 0 1 1 0 8 1
pfrule 1344 24 0 21 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 4421 0 4003 34 7 27 29 0 8 0
art_table 32 4422 0 4003 4 0 4 4 0 8 0
art_node 16 1111 0 1025 1 0 1 1 0 8 0
sysvmsgpl 40 13 0 7 1 0 1 1 0 8 0
semupl 112 3 0 3 2 1 1 1 0 8 1
semapl 112 212 0 202 1 0 1 1 0 8 0
shmpl 112 133 0 5 4 0 4 4 0 8 0
dirhash 1024 76 0 57 3 0 3 3 0 8 0
dino2pl 256 4750 0 3090 105 0 105 105 0 8 0
ffsino 240 4750 0 3090 98 0 98 98 0 8 0
nchpl 144 6909 0 5115 67 0 67 67 0 8 0
uvmvnodes 80 6610 0 0 135 0 135 135 0 8 0
vnodes 216 6610 0 0 368 0 368 368 0 8 0
namei 1024 37784 0 37784 4 1 3 3 0 8 3
vcpupl 3904 5 0 2 1 0 1 1 0 8 0
vmpool 664 8 0 5 1 0 1 1 0 8 0
pfiaddrpl 120 2 0 2 2 1 1 1 0 8 1
kstatmem 264 240 0 218 2 0 2 2 0 8 0
scsiplug 72 2 0 2 2 1 1 1 0 8 1
scxspl 216 61195 0 61194 15 7 8 8 1 8 7
plimitpl 152 407 0 389 1 0 1 1 0 8 0
sigapl 424 2841 0 2772 9 0 9 9 0 8 0
futexpl 64 30795 0 30788 1 0 1 1 0 8 0
knotepl 120 48840 0 48793 10 0 10 10 0 8 8
kqueuepl 184 794 0 783 4 0 4 4 0 8 3
pipepl 288 904 0 874 11 4 7 7 0 8 4
fdescpl 432 2802 0 2770 6 1 5 5 0 8 0
filepl 120 21894 0 21668 20 6 14 14 0 8 6
lockfpl 104 533 0 531 1 0 1 1 0 8 0
lockfspl 48 214 0 212 1 0 1 1 0 8 0
sessionpl 144 109 0 101 1 0 1 1 0 8 0
pgrppl 48 337 0 320 1 0 1 1 0 8 0
ucredpl 104 3539 0 3528 1 0 1 1 0 8 0
zombiepl 144 3948 0 3948 2 1 1 1 0 8 1
processpl 1088 2841 0 2772 5 0 5 5 0 8 0
procpl 648 5590 0 5509 8 0 8 8 0 8 0
sosppl 168 3 0 3 1 0 1 1 0 8 1
sockpl 504 6271 0 6235 115 102 13 29 0 8 8
mcl64k 65536 24 0 24 2 1 1 1 0 8 1
mcl16k 16384 9 0 9 1 0 1 1 0 8 1
mcl12k 12288 3 0 3 1 0 1 1 0 8 1
mcl9k 9216 4 0 4 1 0 1 1 0 8 1
mcl8k 8192 96 0 96 2 1 1 1 0 8 1
mcl4k 4096 40 0 40 2 1 1 1 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 11374 0 11277 27 11 16 26 0 8 1
mtagpl 96 48 0 48 1 0 1 1 0 8 1
mbufpl 256 31710 0 31498 30 8 22 27 0 8 5
bufpl 280 11841 0 4123 552 0 552 552 0 8 0
anonpl 24 423001 0 418143 94 23 71 71 0 187 33
amapchunkpl 152 73843 0 73326 46 12 34 34 0 158 12
amappl16 200 7391 0 7291 35 26 9 15 0 8 3
amappl15 192 8 0 8 1 1 0 1 0 8 0
amappl14 184 287 0 276 1 0 1 1 0 8 0
amappl13 176 7 0 7 1 1 0 1 0 8 0
amappl12 168 4818 0 4784 3 1 2 3 0 8 0
amappl11 160 50 0 40 1 0 1 1 0 8 0
amappl10 152 11 0 11 1 1 0 1 0 8 0
amappl9 144 130 0 130 1 1 0 1 0 8 0
amappl8 136 22 0 20 1 0 1 1 0 8 0
amappl7 128 273 0 262 1 0 1 1 0 8 0
amappl6 120 1056 0 1053 1 0 1 1 0 8 0
amappl5 112 478 0 469 1 0 1 1 0 8 0
amappl4 104 560 0 543 1 0 1 1 0 8 0
amappl3 96 14254 0 14132 5 1 4 4 0 8 0
amappl2 88 1843 0 1782 2 0 2 2 0 8 0
amappl1 80 20566 0 19996 14 1 13 13 0 8 0
amappl 88 22025 0 21843 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 8 0 8 2 1 1 1 0 8 1
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 7 0 7 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 135 0 5 3 0 3 3 0 8 0
uaddrrnd 24 2810 0 2775 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2810 0 2775 1 0 1 1 0 8 0
vmmpekpl 168 25115 0 25051 4 0 4 4 0 8 0
vmmpepl 168 189803 0 187747 108 12 96 96 0 357 5
vmsppl 344 2809 0 2775 5 1 4 4 0 8 0
rwobjpl 24 59285 0 51505 47 0 47 47 0 8 0
pdppl 4096 5626 0 5553 235 160 75 81 0 8 2
pvpl 32 1399440 0 1387626 380 140 240 240 0 265 139
pmappl 216 2809 0 2775 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 719 0 320 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82fde461) at panic+0x1cf sys/kern/subr_prf.c:198
free(ffff80000129b000,1d,400) at free+0x6f5 sys/kern/kern_malloc.c:418
shm_reallocate(1918) at shm_reallocate+0x92 sys/kern/sysv_shm.c:563
sysctl_sysvshm(ffff80003074b368,1,0,ffff80003074b398,20000080,4) at sysctl_sysvshm+0x34b
kern_sysctl(ffff80003074b364,2,0,ffff80003074b398,20000080,4,93453588c1cbfeae) at kern_sysctl+0x147 sys/kern/kern_sysctl.c:659
sys_sysctl(ffff80002a503c10,ffff80003074b4d0,ffff80003074b420) at sys_sysctl+0x2f6
syscall(ffff80003074b4d0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb4be0aa8390, count: -9
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82fde461) at panic+0x1cf sys/kern/subr_prf.c:198
free(ffff80000129b000,1d,400) at free+0x6f5 sys/kern/kern_malloc.c:418
shm_reallocate(1918) at shm_reallocate+0x92 sys/kern/sysv_shm.c:563
sysctl_sysvshm(ffff80003074b368,1,0,ffff80003074b398,20000080,4) at sysctl_sysvshm+0x34b
kern_sysctl(ffff80003074b364,2,0,ffff80003074b398,20000080,4,93453588c1cbfeae) at kern_sysctl+0x147 sys/kern/kern_sysctl.c:659
sys_sysctl(ffff80002a503c10,ffff80003074b4d0,ffff80003074b420) at sys_sysctl+0x2f6
syscall(ffff80003074b4d0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb4be0aa8390, count: -9