Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: Data modified on freelist: word 4 of object 0xffff800000cc8c00 size 0x194 previous type free (0x6563 != 0xdeadbeef) Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *416028 48250 0 0 0 0 syz-executor2850578658 db_enter() at db_enter+0x1c panic(ffffffff8277078e) at panic+0x165 malloc(194,2,a) at malloc+0xa85 disk_attach(ffff8000006b5000,ffff8000006b5048) at disk_attach+0x8e vndioctl(2902,c0384600,ffff8000216f4150,1,ffff8000ffff2db8) at vndioctl+0xeb6 VOP_IOCTL(fffffd806ede1eb8,c0384600,ffff8000216f4150,1,fffffd807f7d77b8,ffff8000ffff2db8) at VOP_IOCTL+0x91 vn_ioctl(fffffd806f89af00,c0384600,ffff8000216f4150,ffff8000ffff2db8) at vn_ioctl+0xbb sys_ioctl(ffff8000ffff2db8,ffff8000216f4260,ffff8000216f42b0) at sys_ioctl+0x49e syscall(ffff8000216f4330) at syscall+0x4a8 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d2a35df6d40, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: Data modified on freelist: word 4 of object 0xffff800000cc8c00 size 0x194 previous type free (0x6563 != 0xdeadbeef) ddb> trace db_enter() at db_enter+0x1c panic(ffffffff8277078e) at panic+0x165 malloc(194,2,a) at malloc+0xa85 disk_attach(ffff8000006b5000,ffff8000006b5048) at disk_attach+0x8e vndioctl(2902,c0384600,ffff8000216f4150,1,ffff8000ffff2db8) at vndioctl+0xeb6 VOP_IOCTL(fffffd806ede1eb8,c0384600,ffff8000216f4150,1,fffffd807f7d77b8,ffff8000ffff2db8) at VOP_IOCTL+0x91 vn_ioctl(fffffd806f89af00,c0384600,ffff8000216f4150,ffff8000ffff2db8) at vn_ioctl+0xbb sys_ioctl(ffff8000ffff2db8,ffff8000216f4260,ffff8000216f42b0) at sys_ioctl+0x49e syscall(ffff8000216f4330) at syscall+0x4a8 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d2a35df6d40, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000216f3730 rbx 0xffff800000cc8c00 rdx 0x3fd rcx 0 rax 0x7c r8 0x101010101010101 r9 0x8080808080808080 r10 0xf3a5b7cd13330902 r11 0x241d597687c0be36 r12 0 r13 0x51 r14 0 r15 0x1 rip 0xffffffff8162a3fc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000216f3720 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor2850578658) pid=416028 stat=onproc flags process=0 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3070,0xffff8000ffff2b10 process=0xffff8000ffff0000 user=0xffff8000216ef000, vmspace=0xfffffd806c4ff740 estcpu=2, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 59715 353826 9277 0 3 0 biowait syz-executor2850578658 74739 305723 66721 0 3 0 biowait syz-executor2850578658 *48250 416028 39420 0 7 0 syz-executor2850578658 82911 266861 82839 0 3 0x80 nanoslp syz-executor2850578658 18738 468578 82839 0 3 0 biowait syz-executor2850578658 39420 445428 82839 0 3 0x80 nanoslp syz-executor2850578658 31976 485573 82839 0 3 0 getblk syz-executor2850578658 66472 450083 82839 0 3 0 getblk syz-executor2850578658 66721 96257 82839 0 3 0x80 nanoslp syz-executor2850578658 96910 67381 82839 0 3 0 getblk syz-executor2850578658 9277 124124 82839 0 3 0x80 nanoslp syz-executor2850578658 82839 306711 77128 0 3 0x82 nanoslp syz-executor2850578658 77128 109598 24205 0 3 0x10008a sigsusp ksh 24205 142820 67500 0 3 0x9a kqread sshd 1559 30100 1 0 3 0x100083 ttyin getty 67500 340612 1 0 3 0x88 kqread sshd 36769 240094 93725 73 3 0x1100090 kqread syslogd 93725 57840 1 0 3 0x100082 netio syslogd 97807 515231 1 0 3 0x100080 kqread resolvd 1482 36110 6684 77 3 0x100092 kqread dhcpleased 91784 295896 6684 77 3 0x100092 kqread dhcpleased 6684 303770 1 0 3 0x80 kqread dhcpleased 63590 147435 0 0 3 0x14200 bored smr 8828 357404 0 0 2 0x14200 zerothread 12171 505880 0 0 3 0x14200 aiodoned aiodoned 60183 291702 0 0 3 0x14200 syncer update 97966 493393 0 0 3 0x14200 cleaner cleaner 17030 290903 0 0 3 0x14200 reaper reaper 71299 207533 0 0 3 0x14200 pgdaemon pagedaemon 13991 79174 0 0 3 0x14200 bored viomb 74055 232697 0 0 3 0x40014200 acpi0 acpi0 95827 455559 0 0 3 0x14200 bored softnet3 88594 147395 0 0 3 0x14200 bored softnet2 85658 276053 0 0 3 0x14200 bored softnet1 97591 117395 0 0 3 0x14200 bored softnet0 18087 484541 0 0 3 0x14200 bored systqmp 52884 381598 0 0 3 0x14200 bored systq 47554 120322 0 0 3 0x40014200 bored softclock 94510 89207 0 0 3 0x40014200 idle0 1 290386 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10133 6382K 6412K 78643K 11215 0 pcb 13 8K 8K 78643K 13 0 rtable 58 1K 2K 78643K 110 0 pf 12 6K 6K 78643K 12 0 ifaddr 11 5K 5K 78643K 11 0 ifgroup 17 1K 1K 78643K 17 0 counters 20 16K 16K 78643K 20 0 ioctlops 0 0K 2K 78643K 21 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1174 73K 74K 78643K 1188 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 55 58K 59K 78643K 246 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 1K 78643K 243 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 128 69K 69K 78643K 2185 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 1 5844K 5908K 78643K 2761 0 kqueue 11 16K 18K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 20 0 17 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 144 33 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpqe 32 61 0 61 1 1 0 1 0 8 0 tcpcb 808 8 0 5 1 0 1 1 0 8 0 arp 88 2 0 0 1 0 1 1 0 8 0 inpcb 336 26 0 20 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1456 0 52 88 0 88 88 0 8 0 ffsino 240 1457 0 52 83 0 83 83 0 8 0 nchpl 144 1664 0 87 59 0 59 59 0 8 0 uvmvnodes 80 1467 0 0 30 0 30 30 0 8 0 vnodes 216 1467 0 0 82 0 82 82 0 8 0 namei 1024 4372 0 4370 3 1 2 2 0 8 1 kstatmem 264 6 0 0 1 0 1 1 0 8 0 scxspl 216 5708 0 5649 25 18 7 8 0 8 3 plimitpl 152 24 0 10 1 0 1 1 0 8 0 sigapl 424 329 0 288 5 0 5 5 0 8 0 knotepl 120 3377 0 3348 3 1 2 2 0 8 1 kqueuepl 184 20 0 13 1 0 1 1 0 8 0 pipepl 288 87 0 84 2 1 1 1 0 8 0 fdescpl 432 313 0 289 3 0 3 3 0 8 0 filepl 120 1160 0 1101 2 0 2 2 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 25 0 9 1 0 1 1 0 8 0 pgrppl 48 25 0 9 1 0 1 1 0 8 0 ucredpl 104 71 0 60 1 0 1 1 0 8 0 zombiepl 144 289 0 288 2 1 1 1 0 8 0 processpl 1008 329 0 288 7 1 6 6 0 8 0 procpl 696 329 0 288 5 1 4 4 0 8 0 sockpl 456 79 0 57 3 0 3 3 0 8 0 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 5 0 5 2 1 1 1 0 8 1 mcl2k 2048 10799 0 10761 34 24 10 30 0 8 4 mtagpl 96 4 0 4 1 1 0 1 0 8 0 mbufpl 256 17386 0 17344 17 11 6 17 0 8 0 bufpl 288 3155 0 92 219 0 219 219 0 8 0 anonpl 24 173333 0 171070 28 11 17 23 0 188 1 amapchunkpl 152 8142 0 7936 9 1 8 8 0 158 0 amappl16 200 5098 0 5068 8 5 3 5 0 8 0 amappl15 192 14 0 14 1 1 0 1 0 8 0 amappl14 184 127 0 118 1 0 1 1 0 8 0 amappl13 176 22 0 22 1 1 0 1 0 8 0 amappl12 168 801 0 781 1 0 1 1 0 8 0 amappl11 160 53 0 43 1 0 1 1 0 8 0 amappl10 152 27 0 27 2 1 1 1 0 8 1 amappl9 144 125 0 125 1 1 0 1 0 8 0 amappl8 136 44 0 42 1 0 1 1 0 8 0 amappl7 128 32 0 27 1 0 1 1 0 8 0 amappl6 120 151 0 140 1 0 1 1 0 8 0 amappl5 112 81 0 74 1 0 1 1 0 8 0 amappl4 104 455 0 418 2 0 2 2 0 8 1 amappl3 96 2223 0 2178 2 0 2 2 0 8 0 amappl2 88 464 0 422 2 1 1 2 0 8 0 amappl1 80 9018 0 8570 14 3 11 11 0 8 0 amappl 88 1907 0 1824 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 313 0 289 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 313 0 289 1 0 1 1 0 8 0 vmmpekpl 168 6912 0 6897 1 0 1 1 0 8 0 vmmpepl 168 33791 0 32589 58 3 55 55 0 357 0 vmsppl 368 312 0 289 3 0 3 3 0 8 0 rwobjpl 24 18520 0 16363 15 1 14 14 0 8 0 pdppl 4096 633 0 578 81 22 59 59 0 8 4 pvpl 32 267435 0 262493 59 15 44 51 0 265 1 pmappl 216 312 0 289 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 550 0 63 14 0 14 14 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c panic(ffffffff8277078e) at panic+0x165 malloc(194,2,a) at malloc+0xa85 disk_attach(ffff8000006b5000,ffff8000006b5048) at disk_attach+0x8e vndioctl(2902,c0384600,ffff8000216f4150,1,ffff8000ffff2db8) at vndioctl+0xeb6 VOP_IOCTL(fffffd806ede1eb8,c0384600,ffff8000216f4150,1,fffffd807f7d77b8,ffff8000ffff2db8) at VOP_IOCTL+0x91 vn_ioctl(fffffd806f89af00,c0384600,ffff8000216f4150,ffff8000ffff2db8) at vn_ioctl+0xbb sys_ioctl(ffff8000ffff2db8,ffff8000216f4260,ffff8000216f42b0) at sys_ioctl+0x49e syscall(ffff8000216f4330) at syscall+0x4a8 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d2a35df6d40, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c panic(ffffffff8277078e) at panic+0x165 malloc(194,2,a) at malloc+0xa85 disk_attach(ffff8000006b5000,ffff8000006b5048) at disk_attach+0x8e vndioctl(2902,c0384600,ffff8000216f4150,1,ffff8000ffff2db8) at vndioctl+0xeb6 VOP_IOCTL(fffffd806ede1eb8,c0384600,ffff8000216f4150,1,fffffd807f7d77b8,ffff8000ffff2db8) at VOP_IOCTL+0x91 vn_ioctl(fffffd806f89af00,c0384600,ffff8000216f4150,ffff8000ffff2db8) at vn_ioctl+0xbb sys_ioctl(ffff8000ffff2db8,ffff8000216f4260,ffff8000216f42b0) at sys_ioctl+0x49e syscall(ffff8000216f4330) at syscall+0x4a8 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d2a35df6d40, count: -10