panic: Data modified on freelist: word 4 of object 0xffff800000c24e00 size 0x188 previous type counters (0x6563 != 0xdeadbeef) Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *330412 40902 0 0 0x4000000 0 syz-executor.7 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c7ae) at panic+0x161 sys/kern/subr_prf.c:202 malloc(188,7f,5) at malloc+0xa85 sys/kern/kern_malloc.c:363 doppoll(ffff800024aec010,20000200,31,ffff80002e7d5868,0,ffff80002e7d5930) at doppoll+0xde sys/kern/sys_generic.c:1015 sys_poll(ffff800024aec010,ffff80002e7d58d8,ffff80002e7d5930) at sys_poll+0xa7 syscall(ffff80002e7d59a0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95409601080, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: Data modified on freelist: word 4 of object 0xffff800000c24e00 size 0x188 previous type counters (0x6563 != 0xdeadbeef) ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c7ae) at panic+0x161 sys/kern/subr_prf.c:202 malloc(188,7f,5) at malloc+0xa85 sys/kern/kern_malloc.c:363 doppoll(ffff800024aec010,20000200,31,ffff80002e7d5868,0,ffff80002e7d5930) at doppoll+0xde sys/kern/sys_generic.c:1015 sys_poll(ffff800024aec010,ffff80002e7d58d8,ffff80002e7d5930) at sys_poll+0xa7 syscall(ffff80002e7d59a0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95409601080, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002e7d53d0 rbx 0xffff800000c24e00 rdx 0 rcx 0 rax 0xffff800024aec010 r8 0x101010101010101 r9 0x8080808080808080 r10 0xbd696ef8d2bdb52 r11 0xc3651f9577f6c2ba r12 0 r13 0x51 r14 0 r15 0x1 rip 0xffffffff81cc3d58 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e7d53c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.7) pid=330412 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff800024aecd30,0xffff8000216ac558 process=0xffff80002b39cfe8 user=0xffff80002e7d0000, vmspace=0xfffffd80689bbbb0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 52379 43960 75143 0 2 0 syz-executor.2 52379 152129 75143 0 2 0x4000000 syz-executor.2 40902 307970 96477 0 2 0 syz-executor.7 *40902 330412 96477 0 7 0x4000000 syz-executor.7 40902 71398 96477 0 3 0x4000080 fsleep syz-executor.7 97675 426725 23614 0 3 0x80 nanoslp syz-executor.6 97675 383809 23614 0 3 0x4000080 netcon syz-executor.6 97675 102959 23614 0 3 0x4000080 fsleep syz-executor.6 55467 416526 32633 0 3 0x82 nanoslp syz-executor.0 23614 219612 32633 0 3 0x82 nanoslp syz-executor.6 27873 495371 32633 0 3 0x82 nanoslp syz-executor.1 92515 429695 32633 0 3 0x82 nanoslp syz-executor.5 75143 472549 32633 0 3 0x82 nanoslp syz-executor.2 96477 251642 32633 0 3 0x82 nanoslp syz-executor.7 8314 96274 32633 0 3 0x2 biowait syz-executor.4 78094 259021 1 0 3 0x100083 ttyin getty 87102 240255 0 0 3 0x14200 acct acct 58246 187112 0 0 3 0x14280 nfsidl nfsio 84229 312634 0 0 3 0x14280 nfsidl nfsio 51329 368376 0 0 3 0x14280 nfsidl nfsio 73006 260265 0 0 3 0x14280 nfsidl nfsio 57025 519628 0 0 3 0x14280 nfsidl nfsio 17232 119391 0 0 3 0x14280 nfsidl nfsio 6220 29895 0 0 3 0x14280 nfsidl nfsio 47348 32647 0 0 3 0x14280 nfsidl nfsio 73347 106366 0 0 3 0x14280 nfsidl nfsio 89539 116329 0 0 3 0x14280 nfsidl nfsio 88773 282089 0 0 3 0x14280 nfsidl nfsio 31454 354076 0 0 3 0x14280 nfsidl nfsio 90558 451564 0 0 3 0x14280 nfsidl nfsio 54893 237039 0 0 3 0x14280 nfsidl nfsio 68188 360505 0 0 3 0x14280 nfsidl nfsio 48998 417416 0 0 3 0x14280 nfsidl nfsio 67080 134014 0 0 3 0x14280 nfsidl nfsio 85215 336505 0 0 3 0x14280 nfsidl nfsio 15777 477038 0 0 3 0x14280 nfsidl nfsio 29608 323701 0 0 3 0x14280 nfsidl nfsio 12413 344200 0 0 3 0x14200 bored sosplice 36086 344779 32633 0 2 0x2 syz-executor.3 32633 225190 37760 0 3 0x82 kqread syz-fuzzer 32633 428675 37760 0 3 0x4000082 nanoslp syz-fuzzer 32633 376577 37760 0 3 0x4000082 thrsleep syz-fuzzer 32633 122227 37760 0 3 0x4000082 thrsleep syz-fuzzer 32633 470036 37760 0 3 0x4000082 thrsleep syz-fuzzer 32633 506109 37760 0 3 0x4000082 thrsleep syz-fuzzer 32633 206540 37760 0 3 0x4000082 thrsleep syz-fuzzer 32633 297948 37760 0 3 0x4000082 thrsleep syz-fuzzer 37760 356341 21935 0 3 0x10008a sigsusp ksh 21935 372028 87725 0 3 0x9a kqread sshd 87725 215197 1 0 3 0x88 kqread sshd 48210 13667 88099 73 3 0x1100090 kqread syslogd 88099 176775 1 0 3 0x100082 netio syslogd 91625 76770 1 0 3 0x100080 kqread resolvd 3707 396011 98717 77 3 0x100092 kqread dhcpleased 74134 517436 98717 77 3 0x100092 kqread dhcpleased 98717 424893 1 0 3 0x80 kqread dhcpleased 3953 217721 0 0 3 0x14200 bored smr 40422 142810 0 0 2 0x14200 zerothread 3638 199117 0 0 3 0x14200 aiodoned aiodoned 500 469557 0 0 3 0x14200 syncer update 76283 356032 0 0 3 0x14200 cleaner cleaner 94780 370945 0 0 3 0x14200 reaper reaper 75849 57552 0 0 3 0x14200 pgdaemon pagedaemon 29506 163971 0 0 3 0x14200 bored viomb 58471 272416 0 0 3 0x40014200 acpi0 acpi0 66537 398664 0 0 3 0x14200 bored softnet 45487 473725 0 0 3 0x14200 bored softnet 58736 383196 0 0 3 0x14200 bored softnet 55099 134484 0 0 3 0x14200 bored softnet 4947 522583 0 0 3 0x14200 bored systqmp 78995 229293 0 0 3 0x14200 bored systq 48631 371753 0 0 3 0x40014200 bored softclock 29136 435676 0 0 3 0x40014200 idle0 1 442089 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10166 6402K 6807K 78643K 14611 0 pcb 14 22K 26K 78643K 1170 0 rtable 183 13K 19K 78643K 930 0 ifaddr 78 16K 19K 78643K 304 0 sysctl 1 1K 1K 78643K 1 0 counters 25 17K 17K 78643K 51 0 ioctlops 0 0K 4K 78643K 1323 0 iov 0 0K 20K 78643K 428 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1332 83K 83K 78643K 2332 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 23 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 225 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 70K 78643K 3856 0 sigio 0 0K 0K 78643K 175 0 proc 59 59K 83K 78643K 922 0 subproc 104 6K 6K 78643K 286 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 54 0 in_multi 74 5K 6K 78643K 296 0 ether_multi 1 0K 0K 78643K 15 0 mrt 1 0K 0K 78643K 14 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 2K 78643K 1225 0 pfkey data 0 0K 0K 78643K 38 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 279 327K 327K 78643K 20874 0 UVM aobj 52 2K 2K 78643K 55 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 33 0 NDP 11 0K 2K 78643K 81 0 temp 131 4740K 5766K 78643K 17455 0 kqueue 13 20K 26K 78643K 466 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 126 0 123 2 1 1 2 0 8 0 rtentry 112 306 0 226 5 1 4 4 0 8 0 unpcb 136 1168 0 1155 14 13 1 7 0 8 0 syncache 296 23 0 23 6 6 0 1 0 8 0 tcpqe 32 10 0 10 3 3 0 1 0 8 0 tcpcb 736 2119 0 2102 81 70 11 44 0 8 8 arp 88 55 0 40 1 0 1 1 0 8 0 inpcb 312 5766 0 5752 85 78 7 21 0 8 5 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 3 0 3 1 1 0 1 0 8 0 nd6 48 70 0 52 1 0 1 1 0 8 0 pkpcb 40 18 0 18 4 4 0 1 0 8 0 kcovpl 48 22 0 14 1 0 1 1 0 8 0 ppxss 1152 7 0 7 2 2 0 1 0 8 0 pfstscr 40 17 0 14 1 0 1 1 0 8 0 pfrktable 1344 26 0 26 3 3 0 1 0 8 0 pftag 88 5 0 2 2 1 1 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 112 24 0 20 1 0 1 1 0 8 0 pfstate 336 12 0 10 1 0 1 1 0 8 0 pfrule 1360 71 0 71 5 4 1 2 0 8 1 rttmr 64 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1221 0 868 40 17 23 30 0 8 0 art_table 32 1222 0 868 5 1 4 4 0 8 0 art_node 16 305 0 235 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 6 1 1 0 1 0 8 0 semapl 112 223 0 213 1 0 1 1 0 8 0 shmpl 112 52 0 3 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5858 0 4419 91 0 91 91 0 8 0 ffsino 240 5858 0 4419 86 0 86 86 0 8 0 nchpl 144 10740 0 9102 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 39275 0 39275 2 1 1 2 0 8 1 vcpupl 1984 50 0 0 7 0 7 7 0 8 0 vmpool 528 51 0 1 4 0 4 4 0 8 0 pfiaddrpl 120 19 0 19 3 3 0 1 0 8 0 kstatmem 264 74 0 52 2 0 2 2 0 8 0 scxspl 216 35292 0 35291 18 17 1 8 0 8 0 plimitpl 152 234 0 220 1 0 1 1 0 8 0 sigapl 424 4133 0 4068 8 0 8 8 0 8 0 futexpl 64 38167 0 38165 6 5 1 1 0 8 0 knotepl 120 58846 0 58721 15 8 7 8 0 8 3 kqueuepl 184 811 0 802 10 9 1 4 0 8 0 pipepl 304 604 0 576 19 16 3 10 0 8 0 fdescpl 432 4095 0 4071 5 1 4 4 0 8 0 filepl 120 26725 0 26486 54 43 11 18 0 8 3 lockfpl 104 949 0 947 4 2 2 2 0 8 1 lockfspl 48 242 0 240 1 0 1 1 0 8 0 sessionpl 144 39 0 23 1 0 1 1 0 8 0 pgrppl 48 39 0 23 1 0 1 1 0 8 0 ucredpl 96 1557 0 1547 1 0 1 1 0 8 0 zombiepl 144 4071 0 4068 1 0 1 1 0 8 0 processpl 1000 4133 0 4068 10 1 9 9 0 8 0 procpl 672 8938 0 8861 14 6 8 9 0 8 1 sosppl 168 25 0 24 5 4 1 1 0 8 0 sockpl 448 7081 0 7051 143 132 11 32 0 8 6 mcl64k 65536 164 0 164 9 8 1 1 0 8 1 mcl16k 16384 50 0 50 9 8 1 1 0 8 1 mcl12k 12288 87 0 87 9 8 1 1 0 8 1 mcl9k 9216 36 0 36 7 6 1 1 0 8 1 mcl8k 8192 148 0 148 8 7 1 1 0 8 1 mcl4k 4096 701 0 700 5 4 1 1 0 8 0 mcl2k2 2112 17 0 17 8 8 0 1 0 8 0 mcl2k 2048 66021 0 65979 21 14 7 12 0 8 0 mtagpl 96 365 0 150 8 2 6 6 0 8 0 mbufpl 256 136409 0 135946 71 38 33 46 0 8 1 bufpl 288 10506 0 4102 458 0 458 458 0 8 0 anonpl 24 706161 0 692167 150 57 93 114 0 188 0 amapchunkpl 152 60306 0 59791 43 18 25 33 0 158 0 amappl16 200 9699 0 9208 51 22 29 39 0 8 0 amappl15 192 592 0 589 1 0 1 1 0 8 0 amappl14 184 127 0 125 1 0 1 1 0 8 0 amappl13 176 996 0 991 1 0 1 1 0 8 0 amappl12 168 465 0 460 1 0 1 1 0 8 0 amappl11 160 707 0 690 1 0 1 1 0 8 0 amappl10 152 514 0 508 1 0 1 1 0 8 0 amappl9 144 775 0 771 1 0 1 1 0 8 0 amappl8 136 1233 0 1160 4 1 3 3 0 8 0 amappl7 128 560 0 549 1 0 1 1 0 8 0 amappl6 120 551 0 534 2 1 1 2 0 8 0 amappl5 112 2868 0 2856 1 0 1 1 0 8 0 amappl4 104 2144 0 2114 2 0 2 2 0 8 0 amappl3 96 11456 0 11416 2 0 2 2 0 8 0 amappl2 88 5758 0 5692 3 1 2 3 0 8 0 amappl1 80 95336 0 94769 22 8 14 19 0 8 0 amappl 88 20127 0 19977 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 54 0 3 1 0 1 1 0 8 0 uaddrrnd 24 4146 0 4072 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4146 0 4072 1 0 1 1 0 8 0 vmmpekpl 168 29102 0 29045 3 0 3 3 0 8 0 vmmpepl 168 391800 0 389535 184 66 118 132 0 357 0 vmsppl 272 4145 0 4072 7 1 6 6 0 8 0 rwobjpl 24 96434 0 89021 47 1 46 46 0 8 0 pdppl 4096 8298 0 8194 350 236 114 114 0 8 10 pvpl 32 1555657 0 1537429 321 157 164 230 0 265 1 pmappl 216 4145 0 4072 5 0 5 5 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1479 0 620 26 0 26 26 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c7ae) at panic+0x161 sys/kern/subr_prf.c:202 malloc(188,7f,5) at malloc+0xa85 sys/kern/kern_malloc.c:363 doppoll(ffff800024aec010,20000200,31,ffff80002e7d5868,0,ffff80002e7d5930) at doppoll+0xde sys/kern/sys_generic.c:1015 sys_poll(ffff800024aec010,ffff80002e7d58d8,ffff80002e7d5930) at sys_poll+0xa7 syscall(ffff80002e7d59a0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95409601080, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c7ae) at panic+0x161 sys/kern/subr_prf.c:202 malloc(188,7f,5) at malloc+0xa85 sys/kern/kern_malloc.c:363 doppoll(ffff800024aec010,20000200,31,ffff80002e7d5868,0,ffff80002e7d5930) at doppoll+0xde sys/kern/sys_generic.c:1015 sys_poll(ffff800024aec010,ffff80002e7d58d8,ffff80002e7d5930) at sys_poll+0xa7 syscall(ffff80002e7d59a0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95409601080, count: -7