panic: Data modified on freelist: word 4 of object 0xffff800000d63800 size 0x194 previous type free (0x6563 != 0xdeaf4152) Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *396685 9911 0 0 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82784bf2) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:348 vndioctl(2902,20006473,ffff800032a15780,1,ffff80002a672010) at vndioctl+0x452 sys/dev/vnd.c:610 VOP_IOCTL(fffffd806e35bc30,20006473,ffff800032a15780,1,fffffd807f7d7680,ffff80002a672010) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806a0dd1e8,20006473,ffff800032a15780,ffff80002a672010) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a672010,ffff800032a15890,ffff800032a158e0) at sys_ioctl+0x49e syscall(ffff800032a15950) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e7fc439290, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: Data modified on freelist: word 4 of object 0xffff800000d63800 size 0x194 previous type free (0x6563 != 0xdeaf4152) ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82784bf2) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:348 vndioctl(2902,20006473,ffff800032a15780,1,ffff80002a672010) at vndioctl+0x452 sys/dev/vnd.c:610 VOP_IOCTL(fffffd806e35bc30,20006473,ffff800032a15780,1,fffffd807f7d7680,ffff80002a672010) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806a0dd1e8,20006473,ffff800032a15780,ffff80002a672010) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a672010,ffff800032a15890,ffff800032a158e0) at sys_ioctl+0x49e syscall(ffff800032a15950) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e7fc439290, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800032a14dc0 rbx 0xffff800000d63800 rdx 0 rcx 0 rax 0xffff80002a672010 r8 0x101010101010101 r9 0x8080808080808080 r10 0x7960c8a35829f894 r11 0xb4fd417dcd6da222 r12 0 r13 0x51 r14 0 r15 0x1 rip 0xffffffff81e4971c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800032a14db0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.4) tid=396685 pid=9911 tcnt=7 stat=onproc flags process=0 proc=4000000 runpri=80, usrpri=80, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6d1a90,0xffff80002a61a810 process=0xffff80002a700bd0 user=0xffff800032a10000, vmspace=0xfffffd805b2e95d0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 47756 467076 90418 0 2 0 syz-executor.5 29594 338733 49849 0 2 0 syz-executor.6 29594 323953 49849 0 2 0x4000000 syz-executor.6 9911 92791 70249 0 2 0 syz-executor.4 * 9911 396685 70249 0 7 0x4000000 syz-executor.4 9911 63880 70249 0 2 0x4000000 syz-executor.4 9911 439321 70249 0 2 0x4000000 syz-executor.4 9911 165685 70249 0 2 0x4000000 syz-executor.4 9911 452968 70249 0 2 0x4000000 syz-executor.4 9911 42702 70249 0 2 0x4000000 syz-executor.4 15986 122327 63952 60928 2 0x10 syz-executor.3 15986 46410 63952 60928 3 0x4000090 fsleep syz-executor.3 15986 248634 63952 60928 3 0x4000090 fsleep syz-executor.3 32862 193711 53746 0 2 0 syz-executor.1 32862 155933 53746 0 3 0x4000080 fifor syz-executor.1 32862 274538 53746 0 3 0x4000080 fsleep syz-executor.1 63952 206533 47365 0 3 0x82 nanoslp syz-executor.3 53746 450866 47365 0 3 0x82 nanoslp syz-executor.1 66775 370711 47365 0 2 0x2 syz-executor.0 49849 201760 47365 0 3 0x82 nanoslp syz-executor.6 90418 36562 47365 0 3 0x82 nanoslp syz-executor.5 70249 375723 47365 0 3 0x82 nanoslp syz-executor.4 28368 213512 47365 0 2 0x2 syz-executor.7 62652 291931 47365 0 3 0x82 nanoslp syz-executor.2 13107 153598 1 0 3 0x100083 ttyopn getty 37584 402110 0 0 3 0x14280 nfsidl nfsio 7489 32600 0 0 3 0x14280 nfsidl nfsio 43429 54628 0 0 3 0x14280 nfsidl nfsio 2617 76678 0 0 3 0x14280 nfsidl nfsio 34669 264759 0 0 3 0x14280 nfsidl nfsio 25834 436660 0 0 3 0x14280 nfsidl nfsio 20528 245334 0 0 3 0x14280 nfsidl nfsio 11809 447729 0 0 3 0x14280 nfsidl nfsio 13305 158330 0 0 3 0x14280 nfsidl nfsio 19705 447558 0 0 3 0x14280 nfsidl nfsio 96965 309060 0 0 3 0x14280 nfsidl nfsio 51116 424127 0 0 3 0x14280 nfsidl nfsio 90505 497214 0 0 3 0x14280 nfsidl nfsio 82532 223139 0 0 3 0x14280 nfsidl nfsio 69824 117402 0 0 3 0x14280 nfsidl nfsio 58102 223144 0 0 3 0x14280 nfsidl nfsio 31524 375283 0 0 3 0x14280 nfsidl nfsio 21140 467801 0 0 3 0x14280 nfsidl nfsio 59625 101670 0 0 3 0x14280 nfsidl nfsio 41823 96720 0 0 3 0x14280 nfsidl nfsio 34919 296043 0 0 3 0x14200 bored sosplice 47365 489298 71189 0 3 0x2000082 wait syz-fuzzer 47365 140337 71189 0 2 0x6000002 syz-fuzzer 47365 484118 71189 0 3 0x6000082 wait syz-fuzzer 47365 311606 71189 0 3 0x6000082 wait syz-fuzzer 47365 323297 71189 0 3 0x6000082 kqread syz-fuzzer 47365 376050 71189 0 3 0x6000082 thrsleep syz-fuzzer 47365 231893 71189 0 3 0x6000082 wait syz-fuzzer 47365 45880 71189 0 3 0x6000082 wait syz-fuzzer 47365 201383 71189 0 3 0x6000082 thrsleep syz-fuzzer 47365 363374 71189 0 3 0x6000082 wait syz-fuzzer 47365 300204 71189 0 3 0x6000082 thrsleep syz-fuzzer 47365 457300 71189 0 3 0x6000082 thrsleep syz-fuzzer 47365 283389 71189 0 3 0x6000082 wait syz-fuzzer 47365 368380 71189 0 3 0x6000082 wait syz-fuzzer 71189 366067 67297 0 3 0x10008a sigsusp ksh 67297 273300 9737 0 3 0x9a kqread sshd 9737 33104 1 0 3 0x88 kqread sshd 67250 468197 95986 73 3 0x1100090 kqread syslogd 95986 172506 1 0 3 0x100082 netio syslogd 6404 353653 1 0 3 0x100080 kqread resolvd 37658 54304 167 77 3 0x100092 kqread dhcpleased 74865 118629 167 77 3 0x100092 kqread dhcpleased 167 266124 1 0 3 0x80 kqread dhcpleased 5453 290668 0 0 3 0x14200 bored smr 79761 440404 0 0 2 0x14200 zerothread 90640 67221 0 0 3 0x14200 aiodoned aiodoned 17743 169195 0 0 3 0x14200 syncer update 58482 179218 0 0 3 0x14200 cleaner cleaner 49119 269851 0 0 3 0x14200 reaper reaper 3337 393782 0 0 3 0x14200 pgdaemon pagedaemon 8013 404720 0 0 3 0x14200 bored viomb 62718 81547 0 0 3 0x40014200 acpi0 acpi0 37429 170059 0 0 3 0x14200 bored softnet3 66647 518311 0 0 3 0x14200 bored softnet2 48753 238823 0 0 3 0x14200 bored softnet1 92741 101288 0 0 3 0x14200 bored softnet0 17356 417283 0 0 3 0x14200 bored systqmp 48512 186659 0 0 3 0x14200 bored systq 37341 111060 0 0 3 0x40014200 tmoslp softclock 90851 371177 0 0 3 0x40014200 idle0 1 246353 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10217 6432K 7501K 166960K 38323 0 pcb 13 16K 18K 166960K 1524 0 rtable 225 15K 16K 166960K 2865 0 pf 32 9K 10K 166960K 488 0 ifaddr 41 12K 13K 166960K 423 0 ifgroup 55 2K 2K 166960K 739 0 sysctl 4 1K 1K 166960K 32 0 counters 29 17K 17K 166960K 236 0 ioctlops 0 0K 2K 166960K 1074 0 iov 0 0K 24K 166960K 1743 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1567 98K 98K 166960K 15989 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 136 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 1143 0 dirhash 12 2K 2K 166960K 39 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 73K 166960K 15979 0 sigio 1 0K 0K 166960K 2842 0 proc 58 59K 83K 166960K 2515 0 subproc 104 6K 6K 166960K 806 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 976 0 in_multi 88 6K 7K 166960K 831 0 ether_multi 1 0K 0K 166960K 21 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 4344 0 pfkey data 0 0K 0K 166960K 22 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 477 353K 355K 166960K 147892 0 UVM aobj 131 6K 6K 166960K 143 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 459 0 NDP 12 0K 2K 166960K 343 0 temp 74 5916K 6232K 166960K 177289 0 kqueue 12 18K 28K 166960K 893 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1163 0 1160 16 15 1 5 0 8 0 rtentry 112 800 0 699 6 2 4 4 0 8 0 unpcb 144 15102 0 15087 134 132 2 10 0 8 1 syncache 312 167 0 167 23 22 1 1 0 8 1 sackhl 24 3 0 3 3 3 0 1 0 8 0 tcpqe 32 236 0 236 20 20 0 1 0 8 0 tcpcb 808 3679 0 3669 120 117 3 14 0 8 0 arp 88 130 0 113 1 0 1 1 0 8 0 ipq 40 16 0 16 5 5 0 1 0 8 0 ipqe 40 80 0 80 5 5 0 1 0 8 0 inpcb 336 10080 0 10064 159 154 5 17 0 8 2 nd6 104 197 0 175 1 0 1 1 0 8 0 pkpcb 40 69 0 69 8 8 0 1 0 8 0 kcovpl 48 62 0 54 1 0 1 1 0 8 0 ppxss 1160 93 0 93 19 18 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2911 0 2487 54 27 27 30 0 8 0 art_table 32 2912 0 2487 5 1 4 4 0 8 0 art_node 16 719 0 627 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 0 1 0 1 1 0 8 0 semupl 112 9 0 9 1 1 0 1 0 8 0 semapl 112 1138 0 1128 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 35 0 18 3 0 3 3 0 8 0 dino2pl 256 26127 0 24577 98 0 98 98 0 8 0 ffsino 240 26127 0 24577 92 0 92 92 0 8 0 nchpl 144 53060 0 52590 65 43 22 64 0 8 1 uvmvnodes 80 7370 0 0 151 0 151 151 0 8 0 vnodes 216 7370 0 0 410 0 410 410 0 8 0 namei 1024 206471 0 206471 19 17 2 3 0 8 2 vcpupl 2048 185 0 1 23 0 23 23 0 8 0 vmpool 664 195 0 11 18 2 16 16 0 8 0 kstatmem 264 438 0 414 2 0 2 2 0 8 0 scxspl 216 154727 0 154727 41 39 2 8 1 8 2 plimitpl 152 2040 0 2025 1 0 1 1 0 8 0 sigapl 424 16191 0 16127 8 0 8 8 0 8 0 futexpl 64 161725 0 161722 10 9 1 1 0 8 0 knotepl 120 138321 0 138240 36 32 4 15 0 8 0 kqueuepl 184 1944 0 1936 21 20 1 4 0 8 0 pipepl 288 3616 0 3588 79 76 3 12 0 8 0 fdescpl 432 16146 0 16120 4 0 4 4 0 8 0 filepl 120 131496 0 131260 135 125 10 19 0 8 0 lockfpl 104 11382 0 11380 30 29 1 5 0 8 0 lockfspl 48 4873 0 4871 2 1 1 2 0 8 0 sessionpl 144 78 0 62 1 0 1 1 0 8 0 pgrppl 48 250 0 234 1 0 1 1 0 8 0 ucredpl 104 14675 0 14658 1 0 1 1 0 8 0 zombiepl 144 16128 0 16127 2 1 1 1 0 8 0 processpl 1008 16191 0 16127 10 1 9 9 0 8 0 procpl 680 39769 0 39681 25 16 9 9 0 8 1 sosppl 168 154 0 154 13 12 1 1 0 8 1 sockpl 456 26424 0 26393 648 637 11 39 0 8 5 mcl64k 65536 632 0 632 19 18 1 1 0 8 1 mcl16k 16384 394 0 394 26 25 1 1 0 8 1 mcl12k 12288 561 0 561 20 19 1 1 0 8 1 mcl9k 9216 227 0 227 29 28 1 1 0 8 1 mcl8k 8192 1305 0 1305 17 16 1 1 0 8 1 mcl4k 4096 2035 0 2035 19 18 1 3 0 8 1 mcl2k2 2112 96 0 96 24 24 0 1 0 8 0 mcl2k 2048 101742 0 101686 80 67 13 41 0 8 2 mtagpl 96 2373 0 2064 27 18 9 15 0 8 0 mbufpl 256 308058 0 307656 587 553 34 95 0 8 0 bufpl 288 50590 0 43210 528 0 528 528 0 8 0 anonpl 24 1625838 0 1611762 286 174 112 142 0 188 8 amapchunkpl 152 478889 0 478065 166 128 38 50 0 158 2 amappl16 200 32989 0 32473 161 128 33 41 0 8 5 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 423 0 411 2 1 1 2 0 8 0 amappl13 176 13 0 13 2 2 0 1 0 8 0 amappl12 168 17614 0 17585 2 0 2 2 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 83 0 74 1 0 1 1 0 8 0 amappl9 144 236 0 235 2 1 1 1 0 8 0 amappl8 136 870 0 735 5 0 5 5 0 8 0 amappl7 128 324 0 300 2 0 2 2 0 8 0 amappl6 120 1199 0 1183 1 0 1 1 0 8 0 amappl5 112 428 0 419 1 0 1 1 0 8 0 amappl4 104 913 0 883 2 1 1 2 0 8 0 amappl3 96 92014 0 91935 3 0 3 3 0 8 0 amappl2 88 17611 0 17538 3 1 2 3 0 8 0 amappl1 80 69475 0 68975 22 9 13 22 0 8 0 amappl 88 146658 0 146413 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 16341 0 16131 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 16341 0 16131 2 0 2 2 0 8 0 vmmpekpl 168 109484 0 109388 5 0 5 5 0 8 0 vmmpepl 168 965087 0 962585 358 224 134 146 0 357 4 vmsppl 368 16340 0 16131 20 0 20 20 0 8 0 rwobjpl 24 228701 0 219593 57 0 57 57 0 8 0 pdppl 4096 32688 0 32446 833 585 248 248 0 8 6 pvpl 32 4487747 0 4468088 615 416 199 333 0 265 17 pmappl 216 16340 0 16131 13 1 12 12 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2828 0 1713 34 0 34 34 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82784bf2) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:348 vndioctl(2902,20006473,ffff800032a15780,1,ffff80002a672010) at vndioctl+0x452 sys/dev/vnd.c:610 VOP_IOCTL(fffffd806e35bc30,20006473,ffff800032a15780,1,fffffd807f7d7680,ffff80002a672010) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806a0dd1e8,20006473,ffff800032a15780,ffff80002a672010) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a672010,ffff800032a15890,ffff800032a158e0) at sys_ioctl+0x49e syscall(ffff800032a15950) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e7fc439290, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82784bf2) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:348 vndioctl(2902,20006473,ffff800032a15780,1,ffff80002a672010) at vndioctl+0x452 sys/dev/vnd.c:610 VOP_IOCTL(fffffd806e35bc30,20006473,ffff800032a15780,1,fffffd807f7d7680,ffff80002a672010) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806a0dd1e8,20006473,ffff800032a15780,ffff80002a672010) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a672010,ffff800032a15890,ffff800032a158e0) at sys_ioctl+0x49e syscall(ffff800032a15950) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e7fc439290, count: -9