panic: Data modified on freelist: word 4 of object 0xffff800000ae7000 size 0x108 previous type free (0x0 != 0xdeaf4152) Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *277628 59776 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821a3e0d) at panic+0x15c sys/kern/subr_prf.c:207 malloc(108,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331 bpfopen(21700,1,2000,ffff80001d40d650) at bpfopen+0xb5 sys/net/bpf.c:369 spec_open_clone(ffff80001e478158) at spec_open_clone+0x241 sys/kern/spec_vnops.c:748 spec_open(ffff80001e478158) at spec_open+0x40e VOP_OPEN(fffffd805e422680,1,fffffd806c3c6a20,ffff80001d40d650) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154 vn_open(ffff80001e4783a8,1,0) at vn_open+0x490 sys/kern/vfs_vnops.c:183 doopenat(ffff80001d40d650,ffffff9c,20000100,0,0,ffff80001e4785a0) at doopenat+0x28b sys/kern/vfs_syscalls.c:1148 syscall(ffff80001e478620) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8667ca91000, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic Data modified on freelist: word 4 of object 0xffff800000ae7000 size 0x108 previous type free (0x0 != 0xdeaf4152) ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821a3e0d) at panic+0x15c sys/kern/subr_prf.c:207 malloc(108,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331 bpfopen(21700,1,2000,ffff80001d40d650) at bpfopen+0xb5 sys/net/bpf.c:369 spec_open_clone(ffff80001e478158) at spec_open_clone+0x241 sys/kern/spec_vnops.c:748 spec_open(ffff80001e478158) at spec_open+0x40e VOP_OPEN(fffffd805e422680,1,fffffd806c3c6a20,ffff80001d40d650) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154 vn_open(ffff80001e4783a8,1,0) at vn_open+0x490 sys/kern/vfs_vnops.c:183 doopenat(ffff80001d40d650,ffffff9c,20000100,0,0,ffff80001e4785a0) at doopenat+0x28b sys/kern/vfs_syscalls.c:1148 syscall(ffff80001e478620) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8667ca91000, count: -11 ddb> show registers rdi 0xffffffff81e4b5a7 db_enter+0x17 rsi 0x81b1 __ALIGN_SIZE+0x71b1 rbp 0xffff80001e477e60 rbx 0xffff80001e477f10 rdx 0x81b2 __ALIGN_SIZE+0x71b2 rcx 0xffff80001f619000 rax 0xffff80001f619000 r8 0xffff80001e477e20 r9 0x1 r10 0xffff8000009ecb80 r11 0x263860392a75d670 r12 0x3000000008 r13 0xffff80001e477e70 r14 0x100 r15 0x1 rip 0xffffffff81e4b5a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001e477e50 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=277628 stat=onproc flags process=0 proc=4000000 pri=76, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80001d40cee8,0xffff80001d40d170 process=0xffff8000ffff77e8 user=0xffff80001e473000, vmspace=0xfffffd805ba87670 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 59776 493643 32384 0 2 0 syz-executor.1 *59776 277628 32384 0 7 0x4000000 syz-executor.1 18532 119838 25387 0 2 0 syz-executor.0 18532 42647 25387 0 3 0x4000080 fifor syz-executor.0 18532 200963 25387 0 2 0x4000000 syz-executor.0 25387 498730 19127 0 3 0x82 nanosleep syz-executor.0 27487 241884 1 0 3 0x100083 ttyin getty 66257 254901 0 0 3 0x14200 bored sosplice 32384 202436 19127 0 3 0x82 nanosleep syz-executor.1 19127 342613 24881 0 3 0x82 thrsleep syz-fuzzer 19127 231687 24881 0 3 0x4000082 thrsleep syz-fuzzer 19127 339932 24881 0 3 0x4000082 thrsleep syz-fuzzer 19127 361717 24881 0 3 0x4000082 thrsleep syz-fuzzer 19127 109510 24881 0 3 0x4000082 kqread syz-fuzzer 19127 508946 24881 0 3 0x4000082 thrsleep syz-fuzzer 19127 99552 24881 0 3 0x4000082 thrsleep syz-fuzzer 19127 158262 24881 0 3 0x4000082 thrsleep syz-fuzzer 24881 146557 48972 0 3 0x10008a pause ksh 48972 397673 9669 0 3 0x92 select sshd 9669 420549 1 0 3 0x80 select sshd 20592 101061 66340 73 3 0x100090 kqread syslogd 66340 477257 1 0 3 0x100082 netio syslogd 55794 508632 1 77 3 0x100090 poll dhclient 95749 299922 1 0 3 0x80 poll dhclient 63864 480391 0 0 2 0x14200 zerothread 42263 191037 0 0 3 0x14200 aiodoned aiodoned 92205 338863 0 0 3 0x14200 syncer update 39963 427272 0 0 3 0x14200 cleaner cleaner 66823 4655 0 0 3 0x14200 reaper reaper 29504 74461 0 0 3 0x14200 pgdaemon pagedaemon 96650 29638 0 0 3 0x14200 bored crynlk 916 506557 0 0 3 0x14200 bored crypto 54829 123229 0 0 3 0x40014200 acpi0 acpi0 12519 310783 0 0 3 0x14200 bored softnet 24597 269948 0 0 3 0x14200 bored systqmp 83442 501744 0 0 3 0x14200 bored systq 99437 166771 0 0 3 0x40014200 bored softclock 47967 119470 0 0 3 0x40014200 idle0 41477 35050 0 0 3 0x14200 bored smr 1 267499 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9513 6348K 7383K 78643K 12812 0 pcb 13 8K 8K 78643K 80 0 rtable 111 4K 4K 78643K 458 0 ifaddr 80 16K 18K 78643K 215 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 56 0 iov 0 0K 24K 78643K 119 0 mount 1 1K 1K 78643K 1 0 vnodes 1226 77K 77K 78643K 1843 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 6 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 214 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 449 0 sigio 0 0K 0K 78643K 8 0 proc 48 38K 54K 78643K 468 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 43 0 in_multi 70 3K 3K 78643K 94 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 72 318K 318K 78643K 72 0 exec 0 0K 1K 78643K 256 0 pfkey data 0 0K 4K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 131 71K 71K 78643K 1986 0 UVM aobj 30 2K 2K 78643K 30 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 66 0 NDP 13 0K 0K 78643K 43 0 temp 139 3031K 3670K 78643K 24520 0 kqueue 0 0K 0K 78643K 2 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 5 1 0 1 1 0 8 0 rtpcb 80 77 0 75 1 0 1 1 0 8 0 rtentry 112 70 0 26 2 0 2 2 0 8 0 unpcb 120 287 0 277 1 0 1 1 0 8 0 syncache 264 11 0 11 2 2 0 1 0 8 0 tcpqe 32 7 0 7 2 2 0 1 0 8 0 tcpcb 544 192 0 188 1 0 1 1 0 8 0 ipq 40 8 0 6 2 1 1 1 0 8 0 ipqe 40 201 0 182 2 1 1 1 0 8 0 inpcb 280 789 0 782 3 1 2 3 0 8 1 nd6 48 7 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 13 0 13 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 309 0 92 15 1 14 15 0 8 0 art_table 32 311 0 92 2 0 2 2 0 8 0 art_node 16 67 0 26 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 14 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 212 0 202 1 0 1 1 0 8 0 shmpl 112 28 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2129 0 726 46 0 46 46 0 8 0 ffsino 240 2129 0 726 83 0 83 83 0 8 0 nchpl 144 3033 0 1427 60 0 60 60 0 8 0 uvmvnodes 72 2668 0 0 49 0 49 49 0 8 0 vnodes 208 2668 0 0 141 0 141 141 0 8 0 namei 1024 9378 0 9378 1 0 1 1 0 8 1 vcpupl 1984 6 0 0 1 0 1 1 0 8 0 vmpool 528 6 0 0 1 0 1 1 0 8 0 scxspl 192 9299 0 9299 1 0 1 1 0 8 1 plimitpl 152 41 0 34 1 0 1 1 0 8 0 sigapl 432 619 0 605 2 0 2 2 0 8 0 futexpl 56 14152 0 14152 1 0 1 1 0 8 1 knotepl 112 122 0 103 1 0 1 1 0 8 0 kqueuepl 104 134 0 132 1 0 1 1 0 8 0 pipepl 128 430 0 411 3 1 2 2 0 8 1 fdescpl 424 620 0 605 2 0 2 2 0 8 0 filepl 120 5266 0 5169 5 1 4 5 0 8 0 lockfpl 104 185 0 184 1 0 1 1 0 8 0 lockfspl 48 61 0 60 1 0 1 1 0 8 0 sessionpl 112 20 0 10 1 0 1 1 0 8 0 pgrppl 48 36 0 26 1 0 1 1 0 8 0 ucredpl 96 746 0 739 1 0 1 1 0 8 0 zombiepl 144 605 0 605 1 0 1 1 0 8 1 processpl 872 635 0 605 4 0 4 4 0 8 0 procpl 632 1183 0 1143 5 1 4 5 0 8 0 sosppl 128 4 0 4 2 2 0 1 0 8 0 sockpl 384 1172 0 1152 6 2 4 6 0 8 1 mcl64k 65536 556 0 39 66 1 65 66 0 8 0 mcl16k 16384 6 0 6 1 0 1 1 0 8 1 mcl12k 12288 14 0 14 2 1 1 1 0 8 1 mcl9k 9216 7 0 7 1 1 0 1 0 8 0 mcl8k 8192 20 0 20 1 0 1 1 0 8 1 mcl4k 4096 49 0 49 2 1 1 1 0 8 1 mcl2k2 2112 6 0 6 1 0 1 1 0 8 1 mcl2k 2048 69039 0 68994 15 8 7 13 0 8 1 mtagpl 80 34 0 11 2 1 1 1 0 8 0 mbufpl 256 114705 0 113569 85 9 76 76 0 8 3 bufpl 280 7915 0 1731 442 0 442 442 0 8 0 anonpl 16 90921 0 71431 103 8 95 95 0 107 14 amapchunkpl 152 3120 0 2970 11 4 7 11 0 158 0 amappl16 192 3862 0 2769 81 18 63 67 0 8 8 amappl15 184 54 0 50 1 0 1 1 0 8 0 amappl14 176 34 0 30 1 0 1 1 0 8 0 amappl13 168 89 0 87 1 0 1 1 0 8 0 amappl12 160 20 0 18 2 1 1 1 0 8 0 amappl11 152 255 0 242 1 0 1 1 0 8 0 amappl10 144 130 0 125 1 0 1 1 0 8 0 amappl9 136 567 0 562 1 0 1 1 0 8 0 amappl8 128 137 0 104 2 0 2 2 0 8 0 amappl7 120 204 0 194 1 0 1 1 0 8 0 amappl6 112 268 0 253 1 0 1 1 0 8 0 amappl5 104 180 0 168 1 0 1 1 0 8 0 amappl4 96 937 0 906 1 0 1 1 0 8 0 amappl3 88 139 0 130 1 0 1 1 0 8 0 amappl2 80 4091 0 4011 3 1 2 3 0 8 0 amappl1 72 20894 0 20459 26 16 10 20 0 8 0 amappl 80 1443 0 1396 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 29 0 0 1 0 1 1 0 8 0 uaddrrnd 24 626 0 605 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 626 0 605 1 0 1 1 0 8 0 vmmpekpl 168 8181 0 8157 2 0 2 2 0 8 0 vmmpepl 168 82391 0 80054 158 24 134 139 0 357 31 vmsppl 272 625 0 605 3 1 2 2 0 8 0 pdppl 4096 1258 0 1216 7 1 6 6 0 8 0 pvpl 32 243858 0 221268 227 7 220 220 0 265 35 pmappl 200 625 0 605 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 287 0 24 8 0 8 8 0 8 0