panic: Data modified on freelist: word 5 of object 0xffff800000adb500 size 0x100 previous type devbuf (0xd != 0xdeaf4152) Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *396247 72528 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331 bpfopen(41700,2,2000,ffff8000ffff9150) at bpfopen+0xb5 sys/net/bpf.c:362 spec_open_clone(ffff80001597e328) at spec_open_clone+0x241 sys/kern/spec_vnops.c:737 spec_open(ffff80001597e328) at spec_open+0x40e VOP_OPEN(fffffd8036f3b5b0,2,fffffd803f7c69c0,ffff8000ffff9150) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154 vn_open(ffff80001597e568,2,0) at vn_open+0x494 sys/kern/vfs_vnops.c:174 doopenat(ffff8000ffff9150,ffffff9c,20000200,1,0,ffff80001597e760) at doopenat+0x28e sys/kern/vfs_syscalls.c:1157 syscall(ffff80001597e7e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffffa2,0,4,fe7062790e0) at Xsyscall+0x128 end of kernel end trace frame: 0xfe9ebf43d30, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic Data modified on freelist: word 5 of object 0xffff800000adb500 size 0x100 previous type devbuf (0xd != 0xdeaf4152) ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331 bpfopen(41700,2,2000,ffff8000ffff9150) at bpfopen+0xb5 sys/net/bpf.c:362 spec_open_clone(ffff80001597e328) at spec_open_clone+0x241 sys/kern/spec_vnops.c:737 spec_open(ffff80001597e328) at spec_open+0x40e VOP_OPEN(fffffd8036f3b5b0,2,fffffd803f7c69c0,ffff8000ffff9150) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154 vn_open(ffff80001597e568,2,0) at vn_open+0x494 sys/kern/vfs_vnops.c:174 doopenat(ffff8000ffff9150,ffffff9c,20000200,1,0,ffff80001597e760) at doopenat+0x28e sys/kern/vfs_syscalls.c:1157 syscall(ffff80001597e7e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffffa2,0,4,fe7062790e0) at Xsyscall+0x128 end of kernel end trace frame: 0xfe9ebf43d30, count: -11 ddb> show registers rdi 0xffffffff81c77727 db_enter+0x17 rsi 0x3fd0 __ALIGN_SIZE+0x2fd0 rbp 0xffff80001597e030 rbx 0xffff80001597e0e0 rdx 0x3fd1 __ALIGN_SIZE+0x2fd1 rcx 0xffff80001490b000 rax 0xffff80001490b000 r8 0xffff80001597dff0 r9 0x1 r10 0xffff800000a5d800 r11 0xc74f1aef66fb5926 r12 0x3000000008 r13 0xffff80001597e040 r14 0x100 r15 0x1 rip 0xffffffff81c77728 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001597e020 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=396247 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff9b30,0xffffffff82589310 process=0xffff8000148a2a38 user=0xffff800015979000, vmspace=0xfffffd803f014cc0 estcpu=32, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 72528 311103 38438 0 2 0 syz-executor.1 72528 338205 38438 0 3 0x4000080 kqread syz-executor.1 *72528 396247 38438 0 7 0x4000000 syz-executor.1 38438 504868 63026 0 3 0x82 nanosleep syz-executor.1 17388 146369 63026 0 3 0x82 piperd syz-executor.0 4788 243674 0 0 3 0x14200 bored sosplice 63026 414135 66234 0 3 0x82 thrsleep syz-fuzzer 63026 506442 66234 0 3 0x4000082 thrsleep syz-fuzzer 63026 419989 66234 0 3 0x4000082 thrsleep syz-fuzzer 63026 184265 66234 0 3 0x4000082 thrsleep syz-fuzzer 63026 326775 66234 0 3 0x4000082 kqread syz-fuzzer 63026 177664 66234 0 3 0x4000082 thrsleep syz-fuzzer 63026 313330 66234 0 3 0x4000082 thrsleep syz-fuzzer 66234 83744 99539 0 3 0x10008a pause ksh 99539 503357 68036 0 3 0x92 select sshd 38060 98948 1 0 3 0x100083 ttyin getty 68036 284384 1 0 3 0x80 select sshd 74467 239589 94459 73 3 0x100090 kqread syslogd 94459 392950 1 0 3 0x100082 netio syslogd 8199 160987 1 77 3 0x100090 poll dhclient 21415 56524 1 0 3 0x80 poll dhclient 96587 14528 0 0 3 0x14200 pgzero zerothread 44750 197235 0 0 3 0x14200 aiodoned aiodoned 78847 245883 0 0 3 0x14200 syncer update 61538 512862 0 0 3 0x14200 cleaner cleaner 57683 145819 0 0 3 0x14200 reaper reaper 78686 521495 0 0 3 0x14200 pgdaemon pagedaemon 708 60134 0 0 3 0x14200 bored crynlk 17108 421237 0 0 3 0x14200 bored crypto 70678 416374 0 0 3 0x40014200 acpi0 acpi0 14759 357326 0 0 3 0x14200 bored softnet 60130 181439 0 0 3 0x14200 bored systqmp 26222 306579 0 0 3 0x14200 bored systq 36265 315615 0 0 3 0x40014200 bored softclock 62403 256246 0 0 3 0x40014200 idle0 23521 366632 0 0 3 0x14200 bored smr 1 320877 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9521 6474K 7505K 78643K 13473 0 0 pcb 13 8K 8K 78643K 142 0 0 rtable 82 3K 5K 78643K 706 0 0 ifaddr 57 12K 15K 78643K 209 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 71 0 0 iov 0 0K 28K 78643K 247 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1224 77K 77K 78643K 2302 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 7 0 0 VM map 2 0K 0K 78643K 10 0 0 sem 12 0K 1K 78643K 184 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 835 0 0 sigio 0 0K 0K 78643K 4 0 0 proc 49 38K 63K 78643K 620 0 0 subproc 32 2K 2K 78643K 102 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 57 0 0 in_multi 18 1K 2K 78643K 100 0 0 ether_multi 1 0K 0K 78643K 9 0 0 mrt 0 0K 0K 78643K 2 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 60 265K 265K 78643K 60 0 0 exec 0 0K 1K 78643K 329 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 98 21K 39K 78643K 3413 0 0 UVM aobj 29 2K 2K 78643K 32 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 116 0 0 NDP 13 0K 0K 78643K 61 0 0 temp 178 3541K 3662K 78643K 59990 0 0 kqueue 0 0K 0K 78643K 10 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 23 0 19 1 0 1 1 0 8 0 rtpcb 80 99 0 97 1 0 1 1 0 8 0 rtentry 112 102 0 74 2 0 2 2 0 8 0 unpcb 120 379 0 371 1 0 1 1 0 8 0 syncache 264 7 0 7 3 3 0 1 0 8 0 tcpqe 32 5086 0 5086 3 3 0 1 0 8 0 tcpcb 544 856 0 852 2 1 1 2 0 8 0 ipq 40 9 0 9 4 4 0 1 0 8 0 ipqe 40 66 0 66 4 4 0 1 0 8 0 inpcb 280 1498 0 1491 6 4 2 3 0 8 1 nd6 48 10 0 9 2 1 1 1 0 8 0 pkpcb 40 4 0 4 2 2 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 20 0 20 5 5 0 1 0 8 0 art_heap8 4096 3 0 2 3 2 1 3 0 8 0 art_heap4 256 401 0 247 21 7 14 15 0 8 2 art_table 32 404 0 249 2 0 2 2 0 8 0 art_node 16 101 0 75 1 0 1 1 0 8 0 sysvmsgpl 40 24 0 14 3 2 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 181 0 171 1 0 1 1 0 8 0 shmpl 112 30 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2676 0 1287 46 0 46 46 0 8 0 ffsino 240 2676 0 1287 83 0 83 83 0 8 0 nchpl 144 4050 0 2454 60 0 60 60 0 8 0 uvmvnodes 72 3591 0 0 66 0 66 66 0 8 0 vnodes 208 3591 0 0 189 0 189 189 0 8 0 namei 1024 12975 0 12975 4 3 1 1 0 8 1 vmpool 520 8 0 8 4 4 0 1 0 8 0 scsiplug 64 4 0 4 3 3 0 1 0 8 0 scxspl 192 17177 0 17177 15 14 1 7 0 8 1 plimitpl 152 99 0 92 1 0 1 1 0 8 0 sigapl 432 994 0 981 2 0 2 2 0 8 0 futexpl 56 22777 0 22777 2 1 1 1 0 8 1 knotepl 112 761 0 741 3 2 1 2 0 8 0 kqueuepl 104 1020 0 1017 1 0 1 1 0 8 0 pipepl 112 636 0 617 7 6 1 2 0 8 0 fdescpl 424 995 0 981 2 0 2 2 0 8 0 filepl 120 8879 0 8780 9 5 4 5 0 8 0 lockfpl 104 344 0 343 1 0 1 1 0 8 0 lockfspl 48 107 0 106 1 0 1 1 0 8 0 sessionpl 112 21 0 11 1 0 1 1 0 8 0 pgrppl 48 25 0 15 1 0 1 1 0 8 0 ucredpl 96 954 0 947 1 0 1 1 0 8 0 zombiepl 144 981 0 981 3 2 1 1 0 8 1 processpl 864 1010 0 981 4 0 4 4 0 8 0 procpl 632 2513 0 2476 9 5 4 5 0 8 0 sosppl 128 9 0 9 3 3 0 1 0 8 0 sockpl 384 1991 0 1974 12 8 4 5 0 8 2 mcl64k 65536 525 0 525 60 53 7 29 0 8 7 mcl16k 16384 9 0 9 5 4 1 1 0 8 1 mcl12k 12288 27 0 27 8 7 1 1 0 8 1 mcl9k 9216 13 0 13 6 5 1 1 0 8 1 mcl8k 8192 56 0 56 5 4 1 1 0 8 1 mcl4k 4096 88 0 88 5 4 1 1 0 8 1 mcl2k2 2112 10 0 10 3 2 1 1 0 8 1 mcl2k 2048 56353 0 56304 21 14 7 16 0 8 0 mtagpl 80 28 0 27 3 2 1 1 0 8 0 mbufpl 256 98862 0 98793 53 45 8 21 0 8 0 bufpl 256 10524 0 4359 386 0 386 386 0 8 0 anonpl 16 147720 0 132588 123 47 76 85 0 62 6 amapchunkpl 152 7255 0 7147 34 24 10 18 0 158 5 amappl16 192 6495 0 5552 103 52 51 60 0 8 3 amappl15 184 12 0 11 4 3 1 1 0 8 0 amappl14 176 150 0 148 2 1 1 1 0 8 0 amappl13 168 137 0 136 1 0 1 1 0 8 0 amappl12 160 12 0 8 1 0 1 1 0 8 0 amappl11 152 147 0 136 1 0 1 1 0 8 0 amappl10 144 38 0 34 1 0 1 1 0 8 0 amappl9 136 1059 0 1052 1 0 1 1 0 8 0 amappl8 128 608 0 578 3 1 2 2 0 8 1 amappl7 120 79 0 71 1 0 1 1 0 8 0 amappl6 112 154 0 144 1 0 1 1 0 8 0 amappl5 104 179 0 168 1 0 1 1 0 8 0 amappl4 96 1335 0 1308 1 0 1 1 0 8 0 amappl3 88 151 0 146 1 0 1 1 0 8 0 amappl2 80 6933 0 6867 4 2 2 3 0 8 0 amappl1 72 28669 0 28263 29 20 9 20 0 8 0 amappl 80 2804 0 2767 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 31 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1003 0 981 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1003 0 981 1 0 1 1 0 8 0 vmmpekpl 168 11905 0 11883 2 0 2 2 0 8 0 vmmpepl 168 128887 0 126895 252 129 123 128 0 357 30 vmsppl 272 994 0 981 4 3 1 2 0 8 0 pdppl 4096 2012 0 1978 7 2 5 6 0 8 0 pvpl 32 417219 0 399006 384 129 255 308 0 265 89 pmappl 200 1002 0 989 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 664 0 144 16 0 16 16 0 8 0