panic: Data modified on freelist: word 4 of object 0xffff800000dca000 size 0x194 previous type free (0x6563 != 0xdead4110) Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 28381 25920 0 0x8000000 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82887781) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xa4b sys/kern/kern_malloc.c:348 disk_attach(ffff8000006a9000,ffff8000006a9048) at disk_attach+0x90 sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a7bd690,1,ffff80002a6dbd58) at vndioctl+0xd5c sys/dev/vnd.c:537 VOP_IOCTL(fffffd806eaa2b58,c0384600,ffff80002a7bd690,1,fffffd807f7d72d8,ffff80002a6dbd58) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd807b5eb7f8,c0384600,ffff80002a7bd690,ffff80002a6dbd58) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6dbd58,ffff80002a7bd860,ffff80002a7bd7b0) at sys_ioctl+0x4a5 syscall(ffff80002a7bd860) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2586a73e740, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: Data modified on freelist: word 4 of object 0xffff800000dca000 size 0x194 previous type free (0x6563 != 0xdead4110) ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82887781) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xa4b sys/kern/kern_malloc.c:348 disk_attach(ffff8000006a9000,ffff8000006a9048) at disk_attach+0x90 sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a7bd690,1,ffff80002a6dbd58) at vndioctl+0xd5c sys/dev/vnd.c:537 VOP_IOCTL(fffffd806eaa2b58,c0384600,ffff80002a7bd690,1,fffffd807f7d72d8,ffff80002a6dbd58) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd807b5eb7f8,c0384600,ffff80002a7bd690,ffff80002a6dbd58) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6dbd58,ffff80002a7bd860,ffff80002a7bd7b0) at sys_ioctl+0x4a5 syscall(ffff80002a7bd860) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2586a73e740, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a7bcc60 rbx 0xffff800000dca000 rdx 0 rcx 0 rax 0xffff80002a6dbd58 r8 0x101010101010101 r9 0x8080808080808080 r10 0x2187ba03073706f2 r11 0x40e8e4ce51c213fe r12 0 r13 0xffffffff82d319f8 bucket+0x288 r14 0 r15 0x1 rip 0xffffffff82551fbc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a7bcc50 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=28381 pid=25920 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=73, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6db560,0xffff80002a62cac0 process=0xffff8000ffffa5b8 user=0xffff80002a7b8000, vmspace=0xfffffd807f01b000 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 62438 388442 88747 0 2 0x8000000 syz-executor.6 62438 257551 88747 0 2 0xc000000 syz-executor.6 53212 393001 17477 0 2 0x8000000 syz-executor.5 53212 197910 17477 0 3 0xc000080 fsleep syz-executor.5 55011 96151 96694 0 2 0x8000000 syz-executor.1 55011 265577 96694 0 3 0xc000080 fsleep syz-executor.1 79124 276162 76114 0 2 0x8000000 syz-executor.4 79124 171260 76114 0 3 0xc000080 fsleep syz-executor.4 6801 169825 33296 0 2 0x8000000 syz-executor.7 6801 259421 33296 0 3 0xc000080 fsleep syz-executor.7 53560 508392 8015 0 2 0x8000000 syz-executor.0 53560 411567 8015 0 3 0xc000000 biowait syz-executor.0 25920 91407 28336 0 2 0x8000000 syz-executor.3 *25920 28381 28336 0 7 0xc000000 syz-executor.3 21363 449578 68910 0 2 0x8000000 syz-executor.2 21363 270270 68910 0 3 0xc000000 biowait syz-executor.2 76114 236981 72839 0 3 0x8000082 nanoslp syz-executor.4 68910 184450 72839 0 3 0x8000082 nanoslp syz-executor.2 33296 333843 72839 0 3 0x8000082 nanoslp syz-executor.7 88747 224822 72839 0 3 0x8000082 nanoslp syz-executor.6 17477 96123 72839 0 3 0x8000082 nanoslp syz-executor.5 28336 78581 72839 0 3 0x8000082 nanoslp syz-executor.3 96694 26406 72839 0 3 0x8000082 nanoslp syz-executor.1 8015 522952 72839 0 3 0x8000082 nanoslp syz-executor.0 72839 293204 96380 0 3 0x1a000082 thrsleep syz-execprog 72839 372555 96380 0 3 0x1e000082 thrsleep syz-execprog 72839 313146 96380 0 3 0x1e000082 wait syz-execprog 72839 67239 96380 0 3 0x1e000082 wait syz-execprog 72839 369672 96380 0 3 0x1e000082 wait syz-execprog 72839 144637 96380 0 3 0x1e000082 wait syz-execprog 72839 362325 96380 0 3 0x1e000082 thrsleep syz-execprog 72839 487407 96380 0 3 0x1e000082 wait syz-execprog 72839 59261 96380 0 3 0x1e000082 thrsleep syz-execprog 72839 102513 96380 0 3 0x1e000082 wait syz-execprog 72839 436902 96380 0 3 0x1e000082 wait syz-execprog 72839 496744 96380 0 3 0x1e000082 wait syz-execprog 72839 51436 96380 0 3 0x1e000082 kqread syz-execprog 96380 117406 83447 0 3 0x810008a sigsusp ksh 83447 119964 54940 0 3 0x1800009a kqread sshd 31289 25349 1 0 3 0x18100083 ttyin getty 54940 350130 1 0 3 0x18000088 kqread sshd 29498 397760 65399 73 3 0x19100090 kqread syslogd 65399 407576 1 0 3 0x18100082 netio syslogd 56066 161255 1 0 3 0x18100080 kqread resolvd 70401 82188 89311 77 3 0x18100092 kqread dhcpleased 85175 479883 89311 77 3 0x18100092 kqread dhcpleased 89311 287126 1 0 3 0x18000080 kqread dhcpleased 42036 396072 0 0 3 0x14200 bored smr 90227 88424 0 0 2 0x14200 zerothread 65334 464193 0 0 3 0x14200 aiodoned aiodoned 29627 411813 0 0 3 0x14200 syncer update 5080 52305 0 0 3 0x14200 cleaner cleaner 85776 464154 0 0 3 0x14200 reaper reaper 6891 471916 0 0 3 0x14200 pgdaemon pagedaemon 98361 306112 0 0 3 0x14200 bored viomb 29740 427649 0 0 3 0x40014200 acpi0 acpi0 45023 173699 0 0 3 0x14200 bored softnet3 36341 517622 0 0 3 0x14200 bored softnet2 21747 77176 0 0 3 0x14200 bored softnet1 64304 371114 0 0 3 0x14200 bored softnet0 89059 444990 0 0 3 0x14200 bored systqmp 24099 246678 0 0 3 0x14200 bored systq 10755 286010 0 0 3 0x40014200 tmoslp softclock 65531 277991 0 0 3 0x40014200 idle0 1 318186 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10161 6401K 6413K 166960K 11245 0 pcb 15 10K 10K 166960K 15 0 rtable 234 6K 6K 166960K 382 0 pf 29 8K 8K 166960K 32 0 ifaddr 43 11K 11K 166960K 49 0 ifgroup 50 2K 2K 166960K 55 0 counters 30 17K 17K 166960K 31 0 ioctlops 0 0K 2K 166960K 30 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1272 80K 80K 166960K 1289 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 69K 166960K 162 0 proc 55 58K 75K 166960K 498 0 subproc 0 0K 0K 166960K 13 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 110 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 407 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 271 74K 74K 166960K 4379 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 38 76K 100K 166960K 1463 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 27 2K 2K 166960K 30 0 temp 1 6788K 6852K 166960K 4600 0 kqueue 12 18K 18K 166960K 34 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 39 0 36 1 0 1 1 0 8 0 rtentry 112 122 0 12 4 0 4 4 0 8 0 unpcb 144 45 0 32 1 0 1 1 0 8 0 syncache 336 8 0 8 1 0 1 1 0 8 1 tcpqe 32 224 0 224 1 0 1 1 0 8 1 tcpcb 808 12 0 9 1 0 1 1 0 8 0 arp 88 20 0 2 1 0 1 1 0 8 0 inpcb 360 66 0 60 1 0 1 1 0 8 0 nd6 104 27 0 3 1 0 1 1 0 8 0 kcovpl 48 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 501 0 48 29 0 29 29 0 8 0 art_table 32 502 0 48 4 0 4 4 0 8 0 art_node 16 121 0 21 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1612 0 91 96 0 96 96 0 8 0 ffsino 240 1612 0 91 90 0 90 90 0 8 0 nchpl 144 1914 0 140 67 0 67 67 0 8 0 uvmvnodes 80 1635 0 0 34 0 34 34 0 8 0 vnodes 216 1635 0 0 91 0 91 91 0 8 0 namei 1024 7493 0 7493 3 0 3 3 0 8 3 kstatmem 264 24 0 2 2 0 2 2 0 8 0 scxspl 216 8749 0 8727 8 0 8 8 1 8 5 plimitpl 152 49 0 34 1 0 1 1 0 8 0 sigapl 424 493 0 448 6 0 6 6 0 8 1 futexpl 64 98 0 94 1 0 1 1 0 8 0 knotepl 120 6433 0 6355 4 0 4 4 0 8 0 kqueuepl 184 30 0 22 1 0 1 1 0 8 0 pipepl 288 183 0 155 3 0 3 3 0 8 0 fdescpl 432 477 0 448 4 0 4 4 0 8 0 filepl 120 2081 0 1942 5 0 5 5 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 32 0 16 1 0 1 1 0 8 0 pgrppl 48 32 0 16 1 0 1 1 0 8 0 ucredpl 104 97 0 86 1 0 1 1 0 8 0 zombiepl 144 448 0 448 1 0 1 1 0 8 1 processpl 1072 493 0 448 4 0 4 4 0 8 1 procpl 680 534 0 469 6 0 6 6 0 8 0 sockpl 488 150 0 128 4 0 4 4 0 8 1 mcl8k 8192 4 0 4 1 0 1 1 0 8 1 mcl4k 4096 16 0 16 1 0 1 1 0 8 1 mcl2k 2048 21310 0 21258 65 50 15 45 0 8 8 mtagpl 96 4 0 4 1 0 1 1 0 8 1 mbufpl 256 34393 0 34262 31 18 13 25 0 8 4 bufpl 280 5674 0 161 394 0 394 394 0 8 0 anonpl 24 364205 0 359529 54 0 54 54 0 188 25 amapchunkpl 152 17009 0 16368 27 0 27 27 0 158 2 amappl16 200 10772 0 10668 9 0 9 9 0 8 3 amappl15 192 43 0 43 1 0 1 1 0 8 1 amappl14 184 229 0 218 2 0 2 2 0 8 1 amappl13 176 34 0 34 1 0 1 1 0 8 1 amappl12 168 1163 0 1134 2 0 2 2 0 8 0 amappl11 160 88 0 78 1 0 1 1 0 8 0 amappl10 152 76 0 67 1 0 1 1 0 8 0 amappl9 144 313 0 313 1 0 1 1 0 8 1 amappl8 136 146 0 122 1 0 1 1 0 8 0 amappl7 128 82 0 78 1 0 1 1 0 8 0 amappl6 120 415 0 401 2 0 2 2 0 8 0 amappl5 112 217 0 204 1 0 1 1 0 8 0 amappl4 104 691 0 659 2 0 2 2 0 8 0 amappl3 96 3858 0 3767 3 0 3 3 0 8 0 amappl2 88 1106 0 1036 4 0 4 4 0 8 1 amappl1 80 14553 0 14055 23 6 17 21 0 8 4 amappl 88 3653 0 3463 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 477 0 448 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 477 0 448 1 0 1 1 0 8 0 vmmpekpl 168 12347 0 12321 2 0 2 2 0 8 0 vmmpepl 168 69236 0 67505 113 0 113 113 0 357 37 vmsppl 352 476 0 448 3 0 3 3 0 8 0 rwobjpl 24 33402 0 30773 20 0 20 20 0 8 2 pdppl 4096 960 0 896 104 38 66 66 0 8 2 pvpl 32 698118 0 688527 387 89 298 387 0 265 220 pmappl 216 476 0 448 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 438 0 106 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82887781) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xa4b sys/kern/kern_malloc.c:348 disk_attach(ffff8000006a9000,ffff8000006a9048) at disk_attach+0x90 sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a7bd690,1,ffff80002a6dbd58) at vndioctl+0xd5c sys/dev/vnd.c:537 VOP_IOCTL(fffffd806eaa2b58,c0384600,ffff80002a7bd690,1,fffffd807f7d72d8,ffff80002a6dbd58) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd807b5eb7f8,c0384600,ffff80002a7bd690,ffff80002a6dbd58) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6dbd58,ffff80002a7bd860,ffff80002a7bd7b0) at sys_ioctl+0x4a5 syscall(ffff80002a7bd860) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2586a73e740, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82887781) at panic+0x165 sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xa4b sys/kern/kern_malloc.c:348 disk_attach(ffff8000006a9000,ffff8000006a9048) at disk_attach+0x90 sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a7bd690,1,ffff80002a6dbd58) at vndioctl+0xd5c sys/dev/vnd.c:537 VOP_IOCTL(fffffd806eaa2b58,c0384600,ffff80002a7bd690,1,fffffd807f7d72d8,ffff80002a6dbd58) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd807b5eb7f8,c0384600,ffff80002a7bd690,ffff80002a6dbd58) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6dbd58,ffff80002a7bd860,ffff80002a7bd7b0) at sys_ioctl+0x4a5 syscall(ffff80002a7bd860) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2586a73e740, count: -10