panic: Data modified on freelist: word 4 of object 0xffff800000c1ea00 size 0x120 previous type counters (0x6563 != 0xdead4110) Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *240436 60093 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8255ab8a) at panic+0x161 sys/kern/subr_prf.c:202 malloc(120,2,a) at malloc+0xa85 sys/kern/kern_malloc.c:364 bpfopen(31700,1a,2000,ffff80002165e2a0) at bpfopen+0xb0 sys/net/bpf.c:387 spec_open_clone(ffff800026331588) at spec_open_clone+0x204 spec_open(ffff800026331588) at spec_open+0x3f5 sys/kern/spec_vnops.c:155 VOP_OPEN(fffffd806f32ce30,1a,fffffd807f7d8960,ffff80002165e2a0) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138 vn_open(ffff8000263317d8,1a,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff80002165e2a0,ffffff9c,20000100,19,0,ffff8000263319c0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129 syscall(ffff800026331a30) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc17049328f0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: Data modified on freelist: word 4 of object 0xffff800000c1ea00 size 0x120 previous type counters (0x6563 != 0xdead4110) ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8255ab8a) at panic+0x161 sys/kern/subr_prf.c:202 malloc(120,2,a) at malloc+0xa85 sys/kern/kern_malloc.c:364 bpfopen(31700,1a,2000,ffff80002165e2a0) at bpfopen+0xb0 sys/net/bpf.c:387 spec_open_clone(ffff800026331588) at spec_open_clone+0x204 spec_open(ffff800026331588) at spec_open+0x3f5 sys/kern/spec_vnops.c:155 VOP_OPEN(fffffd806f32ce30,1a,fffffd807f7d8960,ffff80002165e2a0) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138 vn_open(ffff8000263317d8,1a,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff80002165e2a0,ffffff9c,20000100,19,0,ffff8000263319c0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129 syscall(ffff800026331a30) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc17049328f0, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000263312a0 rbx 0xffff800000c1ea00 rdx 0 rcx 0 rax 0xffff80002165e2a0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xb32f3c5a107dcb79 r11 0xf736754d6578c06f r12 0 r13 0x51 r14 0 r15 0x1 rip 0xffffffff822ecf48 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800026331290 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) pid=240436 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002994e2b0,0xffffffff82aa9688 process=0xffff800021660bc8 user=0xffff80002632c000, vmspace=0xfffffd805e4a1668 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 60093 417029 87986 0 2 0 syz-executor.2 *60093 240436 87986 0 7 0x4000000 syz-executor.2 58668 351163 55403 0 3 0x80 nanoslp syz-executor.1 58668 192348 55403 0 3 0x4000000 getblk syz-executor.1 58668 54917 55403 0 3 0x4000080 fsleep syz-executor.1 18016 164775 94479 0 3 0x82 nanoslp syz-executor.7 86694 261996 1 0 3 0x100083 ttyin getty 87986 368503 94479 0 3 0x82 nanoslp syz-executor.2 42761 69150 94479 0 3 0x82 nanoslp syz-executor.0 47610 495755 94479 0 3 0x82 nanoslp syz-executor.4 43638 43596 94479 0 3 0x82 nanoslp syz-executor.5 55403 352646 94479 0 3 0x82 nanoslp syz-executor.1 27674 444042 94479 0 3 0x82 nanoslp syz-executor.3 30908 430320 94479 0 3 0x82 nanoslp syz-executor.6 63656 119224 0 0 3 0x14280 nfsidl nfsio 59911 362724 0 0 3 0x14280 nfsidl nfsio 8740 373651 0 0 3 0x14280 nfsidl nfsio 28226 131623 0 0 3 0x14280 nfsidl nfsio 40170 154447 0 0 3 0x14280 nfsidl nfsio 30349 197318 0 0 3 0x14280 nfsidl nfsio 57117 119818 0 0 3 0x14280 nfsidl nfsio 81236 329954 0 0 3 0x14280 nfsidl nfsio 22654 401167 0 0 3 0x14280 nfsidl nfsio 17179 260838 0 0 3 0x14280 nfsidl nfsio 33373 488033 0 0 3 0x14280 nfsidl nfsio 77415 493326 0 0 3 0x14280 nfsidl nfsio 27602 67011 0 0 3 0x14280 nfsidl nfsio 63823 249131 0 0 3 0x14280 nfsidl nfsio 3833 76432 0 0 3 0x14280 nfsidl nfsio 16727 488683 0 0 3 0x14280 nfsidl nfsio 75973 237194 0 0 3 0x14280 nfsidl nfsio 27929 467128 0 0 3 0x14280 nfsidl nfsio 99872 523485 0 0 3 0x14280 nfsidl nfsio 1134 61734 0 0 3 0x14280 nfsidl nfsio 43551 504931 0 0 3 0x14200 bored sosplice 94479 54729 31225 0 3 0x82 thrsleep syz-fuzzer 94479 316021 31225 0 3 0x4000082 thrsleep syz-fuzzer 94479 37075 31225 0 3 0x4000082 thrsleep syz-fuzzer 94479 466095 31225 0 3 0x4000082 thrsleep syz-fuzzer 94479 269534 31225 0 3 0x4000082 kqread syz-fuzzer 94479 270966 31225 0 3 0x4000082 thrsleep syz-fuzzer 94479 390845 31225 0 3 0x4000082 thrsleep syz-fuzzer 94479 460581 31225 0 3 0x4000082 thrsleep syz-fuzzer 31225 41441 68318 0 3 0x10008a sigsusp ksh 68318 10726 65141 0 3 0x9a kqread sshd 65141 443356 1 0 3 0x88 kqread sshd 71027 433401 80911 73 3 0x1100090 kqread syslogd 80911 392251 1 0 3 0x100082 netio syslogd 46452 181873 1 0 3 0x100080 kqread resolvd 30962 323201 6708 77 3 0x100092 kqread dhcpleased 21468 295934 6708 77 3 0x100092 kqread dhcpleased 6708 521557 1 0 3 0x80 kqread dhcpleased 80107 444945 0 0 3 0x14200 bored smr 51235 108315 0 0 2 0x14200 zerothread 9841 367624 0 0 3 0x14200 aiodoned aiodoned 57489 46903 0 0 3 0x14200 syncer update 76317 154239 0 0 3 0x14200 cleaner cleaner 27360 502521 0 0 3 0x14200 reaper reaper 69872 320772 0 0 3 0x14200 pgdaemon pagedaemon 41778 497863 0 0 3 0x14200 bored viomb 63582 300745 0 0 3 0x40014200 acpi0 acpi0 59491 304283 0 0 3 0x14200 bored softnet 24402 355239 0 0 3 0x14200 bored systqmp 84557 435559 0 0 3 0x14200 bored systq 13386 323821 0 0 3 0x40014200 bored softclock 92682 222717 0 0 3 0x40014200 idle0 1 479145 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10199 6561K 7005K 78643K 37720 0 pcb 13 22K 27K 78643K 1741 0 rtable 215 9K 21K 78643K 5290 0 ifaddr 88 22K 25K 78643K 4521 0 sysctl 3 1K 1K 78643K 5 0 counters 27 17K 17K 78643K 150 0 ioctlops 0 0K 4K 78643K 9372 0 iov 0 0K 32K 78643K 1617 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1396 87K 88K 78643K 9154 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 112 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 2539 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 81K 78643K 16349 0 sigio 0 0K 0K 78643K 205 0 proc 69 55K 79K 78643K 2350 0 subproc 104 6K 6K 78643K 793 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 843 0 in_multi 87 5K 7K 78643K 1048 0 ether_multi 1 0K 0K 78643K 123 0 mrt 1 0K 0K 78643K 72 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 187 837K 837K 78643K 187 0 exec 0 0K 2K 78643K 4290 0 pfkey data 0 0K 4K 78643K 12 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 384 825K 1094K 78643K 87571 0 UVM aobj 131 9K 9K 78643K 144 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 718 0 NDP 11 0K 1K 78643K 269 0 temp 624 5714K 5786K 78643K 139555 0 kqueue 12 18K 28K 78643K 822 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 912 0 909 14 13 1 4 0 8 0 rtentry 112 840 0 750 8 4 4 4 0 8 0 unpcb 136 29997 0 29982 181 176 5 9 0 8 4 syncache 296 76 0 76 19 19 0 1 0 8 0 tcpqe 32 169 0 169 9 9 0 1 0 8 0 tcpcb 736 3691 0 3685 145 143 2 13 0 8 0 arp 88 133 0 115 1 0 1 1 0 8 0 ipq 40 24 0 24 11 11 0 1 0 8 0 ipqe 40 116 0 116 11 11 0 1 0 8 0 inpcb 312 10824 0 10813 216 210 6 16 0 8 4 rttmr 72 15 0 15 6 6 0 1 0 8 0 ip6q 72 7 0 7 3 3 0 1 0 8 0 ip6af 40 14 0 14 2 2 0 1 0 8 0 nd6 48 240 0 220 1 0 1 1 0 8 0 pkpcb 40 34 0 34 9 9 0 1 0 8 0 kcovpl 48 61 0 53 1 0 1 1 0 8 0 ppxss 1152 31 0 31 7 7 0 1 0 8 0 pfstscr 40 172 0 167 1 0 1 1 0 8 0 pfosfp 40 8 0 7 2 1 1 1 0 8 0 pfosfpen 112 8 0 7 2 1 1 1 0 8 0 pfrktable 1344 1052 0 1047 8 7 1 3 0 8 0 pftag 88 9 0 3 1 0 1 1 0 8 0 pfqueue 264 7 0 7 3 3 0 1 0 8 0 pfstitem 24 27 0 17 1 0 1 1 0 8 0 pfstkey 112 217 0 210 1 0 1 1 0 8 0 pfstate 320 109 0 104 1 0 1 1 0 8 0 pfrule 1360 3161 0 3147 45 43 2 37 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 3500 0 3117 52 27 25 34 0 8 0 art_table 32 3501 0 3117 5 0 5 5 0 8 0 art_node 16 839 0 761 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 7 1 0 1 1 0 8 0 semapl 112 2537 0 2527 1 0 1 1 0 8 0 shmpl 112 141 0 13 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 22844 0 21347 94 0 94 94 0 8 0 ffsino 240 22844 0 21347 89 0 89 89 0 8 0 nchpl 144 44353 0 42706 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 151094 0 151094 18 17 1 2 0 8 1 vcpupl 1984 246 0 1 31 0 31 31 0 8 0 vmpool 528 276 0 31 19 2 17 17 0 8 0 pfiaddrpl 120 1958 0 1951 10 9 1 3 0 8 0 scsiplug 72 14 0 14 4 4 0 1 0 8 0 scxspl 216 148696 0 148695 45 44 1 8 0 8 0 plimitpl 152 1527 0 1513 1 0 1 1 0 8 0 sigapl 424 16539 0 16476 9 1 8 8 0 8 0 futexpl 64 150556 0 150555 11 10 1 1 0 8 0 knotepl 120 168753 0 168673 53 46 7 7 0 8 4 kqueuepl 184 2558 0 2550 34 33 1 4 0 8 0 pipepl 304 2630 0 2601 69 66 3 8 0 8 0 fdescpl 432 16503 0 16480 4 0 4 4 0 8 0 filepl 120 116726 0 116484 207 195 12 21 0 8 3 lockfpl 104 4654 0 4651 11 10 1 2 0 8 0 lockfspl 48 1005 0 1002 1 0 1 1 0 8 0 sessionpl 144 79 0 63 1 0 1 1 0 8 0 pgrppl 48 214 0 198 1 0 1 1 0 8 0 ucredpl 96 12093 0 12078 1 0 1 1 0 8 0 zombiepl 144 16482 0 16476 3 2 1 1 0 8 0 processpl 1000 16539 0 16476 14 5 9 9 0 8 0 procpl 672 40547 0 40474 46 38 8 9 0 8 0 sosppl 168 62 0 62 15 15 0 1 0 8 0 sockpl 448 41778 0 41753 882 871 11 33 0 8 8 mcl64k 65536 2143 0 2143 22 21 1 1 0 8 1 mcl16k 16384 676 0 676 35 34 1 1 0 8 1 mcl12k 12288 552 0 552 36 35 1 1 0 8 1 mcl9k 9216 616 0 616 33 32 1 1 0 8 1 mcl8k 8192 1330 0 1330 26 25 1 1 0 8 1 mcl4k 4096 1382 0 1382 25 24 1 1 0 8 1 mcl2k2 2112 115 0 115 38 37 1 1 0 8 1 mcl2k 2048 121230 0 121177 43 34 9 18 0 8 1 mtagpl 96 2192 0 2020 22 17 5 9 0 8 0 mbufpl 256 382468 0 382063 762 730 32 378 0 8 2 bufpl 288 49232 0 42821 459 0 459 459 0 8 0 anonpl 24 3128438 0 3109405 283 153 130 143 0 188 7 amapchunkpl 152 313538 0 312930 776 739 37 654 0 158 9 amappl16 200 46832 0 46111 200 160 40 56 0 8 1 amappl15 192 3888 0 3887 3 2 1 1 0 8 0 amappl14 184 1847 0 1839 1 0 1 1 0 8 0 amappl13 176 1744 0 1740 1 0 1 1 0 8 0 amappl12 168 1241 0 1237 2 1 1 1 0 8 0 amappl11 160 3992 0 3973 1 0 1 1 0 8 0 amappl10 152 671 0 665 1 0 1 1 0 8 0 amappl9 144 3034 0 3031 1 0 1 1 0 8 0 amappl8 136 4026 0 3916 4 0 4 4 0 8 0 amappl7 128 3504 0 3493 1 0 1 1 0 8 0 amappl6 120 2654 0 2626 2 1 1 2 0 8 0 amappl5 112 11722 0 11712 1 0 1 1 0 8 0 amappl4 104 9152 0 9114 8 6 2 2 0 8 0 amappl3 96 47971 0 47934 2 0 2 2 0 8 0 amappl2 88 19416 0 19353 3 1 2 3 0 8 0 amappl1 80 381313 0 380761 36 21 15 19 0 8 0 amappl 88 85937 0 85748 8 2 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 143 0 13 3 0 3 3 0 8 0 uaddrrnd 24 16779 0 16511 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 16779 0 16511 2 0 2 2 0 8 0 vmmpekpl 168 104257 0 104170 4 0 4 4 0 8 0 vmmpepl 168 1597309 0 1594523 408 254 154 182 0 357 0 vmsppl 272 16778 0 16511 20 1 19 19 0 8 0 rwobjpl 24 377010 0 369224 53 4 49 50 0 8 0 pdppl 4096 33564 0 33267 1181 872 309 311 0 8 12 pvpl 32 6298177 0 6275797 628 421 207 261 0 265 10 pmappl 216 16778 0 16511 16 0 16 16 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 4121 0 3054 44 8 36 41 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8255ab8a) at panic+0x161 sys/kern/subr_prf.c:202 malloc(120,2,a) at malloc+0xa85 sys/kern/kern_malloc.c:364 bpfopen(31700,1a,2000,ffff80002165e2a0) at bpfopen+0xb0 sys/net/bpf.c:387 spec_open_clone(ffff800026331588) at spec_open_clone+0x204 spec_open(ffff800026331588) at spec_open+0x3f5 sys/kern/spec_vnops.c:155 VOP_OPEN(fffffd806f32ce30,1a,fffffd807f7d8960,ffff80002165e2a0) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138 vn_open(ffff8000263317d8,1a,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff80002165e2a0,ffffff9c,20000100,19,0,ffff8000263319c0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129 syscall(ffff800026331a30) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc17049328f0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8255ab8a) at panic+0x161 sys/kern/subr_prf.c:202 malloc(120,2,a) at malloc+0xa85 sys/kern/kern_malloc.c:364 bpfopen(31700,1a,2000,ffff80002165e2a0) at bpfopen+0xb0 sys/net/bpf.c:387 spec_open_clone(ffff800026331588) at spec_open_clone+0x204 spec_open(ffff800026331588) at spec_open+0x3f5 sys/kern/spec_vnops.c:155 VOP_OPEN(fffffd806f32ce30,1a,fffffd807f7d8960,ffff80002165e2a0) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138 vn_open(ffff8000263317d8,1a,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff80002165e2a0,ffffff9c,20000100,19,0,ffff8000263319c0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1129 syscall(ffff800026331a30) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc17049328f0, count: -11