panic: Data modified on freelist: word 4 of object 0xffff80000143f200 size 0x194 previous type free (0x6563 != 0xdeaf4152) Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *361832 1955 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8337e10b) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xd7c sys/kern/kern_malloc.c:353 disk_attach(ffff800000b3d000,ffff800000b3d048) at disk_attach+0xbd sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a991480,1,ffff80002a7e2018) at vndioctl+0x11d9 sys/dev/vnd.c:537 VOP_IOCTL(fffffd806e87bc30,c0384600,ffff80002a991480,1,fffffd8007bfb548,ffff80002a7e2018) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806b53aac8,c0384600,ffff80002a991480,ffff80002a7e2018) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002a7e2018,ffff80002a991660,ffff80002a9915b0) at sys_ioctl+0x5bf sys/kern/sys_generic.c:-1 syscall(ffff80002a991660) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a991660) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3e126031570, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: Data modified on freelist: word 4 of object 0xffff80000143f200 size 0x194 previous type free (0x6563 != 0xdeaf4152) ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8337e10b) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xd7c sys/kern/kern_malloc.c:353 disk_attach(ffff800000b3d000,ffff800000b3d048) at disk_attach+0xbd sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a991480,1,ffff80002a7e2018) at vndioctl+0x11d9 sys/dev/vnd.c:537 VOP_IOCTL(fffffd806e87bc30,c0384600,ffff80002a991480,1,fffffd8007bfb548,ffff80002a7e2018) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806b53aac8,c0384600,ffff80002a991480,ffff80002a7e2018) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002a7e2018,ffff80002a991660,ffff80002a9915b0) at sys_ioctl+0x5bf sys/kern/sys_generic.c:-1 syscall(ffff80002a991660) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a991660) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3e126031570, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a990a50 rbx 0xffff80000143f200 rdx 0x3fd rcx 0 rax 0x7c r8 0x101010101010101 r9 0x8080808080808080 r10 0x2aa405f73f155079 r11 0xe449fc905aab6de0 r12 0 r13 0xffffffff838ab268 bucket+0x288 r14 0 r15 0x1 rip 0xffffffff8146bfc5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a990a40 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) tid=361832 pid=1955 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7e22a8,0xffff80002a7e3218 process=0xffff80002a8216c0 user=0xffff80002a98c000, vmspace=0xfffffd80694ed9e8 estcpu=6, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 85524 236627 99048 0 2 0 syz-executor.4 85524 51723 99048 0 3 0x4000080 fsleep syz-executor.4 1955 166759 20972 0 2 0 syz-executor.1 * 1955 361832 20972 0 7 0x4000000 syz-executor.1 2175 417643 47117 0 2 0 syz-executor.0 2175 478380 47117 0 2 0x4000000 syz-executor.0 7787 280820 17982 0 2 0 syz-executor.2 7787 5962 17982 0 3 0x4000080 fsleep syz-executor.2 71044 249540 32130 0 2 0 syz-executor.7 71044 487544 32130 0 2 0x4000000 syz-executor.7 69657 166549 67179 0 2 0 syz-executor.6 69657 257146 67179 0 3 0x4000080 fsleep syz-executor.6 81205 454074 47409 0 2 0 syz-executor.5 81205 67680 47409 0 2 0x4000000 syz-executor.5 32130 328042 61822 0 3 0x82 nanoslp syz-executor.7 99048 337006 61822 0 3 0x82 nanoslp syz-executor.4 67179 381705 61822 0 3 0x82 nanoslp syz-executor.6 47409 183721 61822 0 3 0x82 nanoslp syz-executor.5 93464 495875 61822 0 2 0x2 syz-executor.3 17982 304308 61822 0 3 0x82 nanoslp syz-executor.2 20972 471268 61822 0 3 0x82 nanoslp syz-executor.1 47117 523057 61822 0 3 0x82 nanoslp syz-executor.0 61822 275736 38030 0 3 0x82 wait syz-execprog 61822 97983 38030 0 3 0x4000082 nanoslp syz-execprog 61822 346253 38030 0 3 0x4000082 wait syz-execprog 61822 302349 38030 0 3 0x4000082 thrsleep syz-execprog 61822 349679 38030 0 3 0x4000082 wait syz-execprog 61822 349122 38030 0 3 0x4000082 wait syz-execprog 61822 14006 38030 0 3 0x4000082 thrsleep syz-execprog 61822 32673 38030 0 3 0x4000082 wait syz-execprog 61822 227475 38030 0 3 0x4000082 wait syz-execprog 61822 60223 38030 0 3 0x4000082 thrsleep syz-execprog 61822 403014 38030 0 3 0x4000082 wait syz-execprog 61822 417391 38030 0 3 0x4000082 wait syz-execprog 61822 106675 38030 0 3 0x4000082 kqread syz-execprog 38030 338420 20242 0 3 0x10008a sigsusp ksh 20242 142249 58796 0 3 0x98 kqread sshd-session 58796 247694 5244 0 3 0x92 kqread sshd-session 98373 274366 1 0 3 0x100083 ttyin getty 5244 67871 1 0 3 0x88 kqread sshd 64973 123960 35900 73 3 0x1100090 kqread syslogd 35900 430579 1 0 3 0x100082 sbwait syslogd 58986 206831 1 0 3 0x100080 kqread resolvd 85772 479826 30765 77 3 0x100092 kqread dhcpleased 93270 327456 30765 77 3 0x100092 kqread dhcpleased 30765 137658 1 0 3 0x80 kqread dhcpleased 13019 231523 0 0 3 0x14200 bored smr 33764 500270 0 0 2 0x14200 zerothread 59818 89245 0 0 3 0x14200 aiodoned aiodoned 37820 12988 0 0 3 0x14200 syncer update 29023 516770 0 0 3 0x14200 cleaner cleaner 43338 474275 0 0 3 0x14200 reaper reaper 68717 155530 0 0 3 0x14200 pgdaemon pagedaemon 7932 306712 0 0 3 0x14200 bored viomb 37778 379092 0 0 3 0x40014200 acpi0 acpi0 64020 71853 0 0 3 0x14200 bored softnet3 50732 71283 0 0 3 0x14200 bored softnet2 41822 275955 0 0 3 0x14200 bored softnet1 36826 326291 0 0 3 0x14200 bored softnet0 15764 375653 0 0 3 0x14200 bored systqmp 85125 6808 0 0 3 0x14200 bored systq 47085 224906 0 0 3 0x40014200 tmoslp softclock 59144 504515 0 0 3 0x40014200 idle0 1 351085 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10165 11040K 11052K 166960K 11256 0 pcb 17 12K 12K 166960K 17 0 rtable 234 6K 6K 166960K 382 0 pf 30 12K 12K 166960K 33 0 ifaddr 42 7K 7K 166960K 48 0 ifgroup 50 2K 2K 166960K 55 0 sysctl 1 1K 9K 166960K 5 0 counters 32 17K 17K 166960K 33 0 ioctlops 0 0K 2K 166960K 30 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1262 79K 80K 166960K 1279 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 69K 166960K 176 0 proc 57 58K 75K 166960K 500 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 110 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 418 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 261 153K 206K 166960K 4449 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 39 78K 104K 166960K 1531 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 25 1K 2K 166960K 30 0 temp 1 8672K 8736K 166960K 4740 0 kqueue 13 20K 20K 166960K 46 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 39 0 36 1 0 1 1 0 8 0 rtentry 136 122 0 12 4 0 4 4 0 8 0 unpcb 144 67 0 52 1 0 1 1 0 8 0 syncache 336 9 0 9 1 0 1 1 0 8 1 tcpcb 736 12 0 9 1 0 1 1 0 8 0 arp 88 20 0 2 1 0 1 1 0 8 0 inpcb 328 66 0 60 1 0 1 1 0 8 0 nd6 104 27 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 499 0 48 29 0 29 29 0 8 0 art_table 32 500 0 48 4 0 4 4 0 8 0 art_node 16 121 0 21 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1654 0 129 96 0 96 96 0 8 0 ffsino 248 1654 0 129 96 0 96 96 0 8 0 nchpl 144 1983 0 202 67 0 67 67 0 8 0 uvmvnodes 80 1664 0 0 34 0 34 34 0 8 0 vnodes 216 1664 0 0 93 0 93 93 0 8 0 namei 1024 7816 0 7816 2 0 2 2 0 8 2 kstatmem 264 24 0 2 2 0 2 2 0 8 0 scxspl 216 10719 0 10705 8 0 8 8 1 8 6 plimitpl 152 58 0 42 1 0 1 1 0 8 0 sigapl 424 517 0 472 6 0 6 6 0 8 0 knotepl 120 7026 0 6947 4 0 4 4 0 8 0 kqueuepl 184 42 0 33 1 0 1 1 0 8 0 pipepl 296 175 0 147 3 0 3 3 0 8 0 fdescpl 440 501 0 472 4 0 4 4 0 8 0 filepl 120 2178 0 2037 5 0 5 5 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 34 0 18 1 0 1 1 0 8 0 pgrppl 48 34 0 18 1 0 1 1 0 8 0 ucredpl 104 160 0 148 1 0 1 1 0 8 0 zombiepl 144 472 0 472 1 0 1 1 0 8 1 processpl 1160 517 0 472 4 0 4 4 0 8 0 procpl 656 569 0 505 6 0 6 6 0 8 0 sockpl 528 172 0 140 3 0 3 3 0 8 0 mcl8k 8192 4 0 4 1 0 1 1 0 8 1 mcl4k 4096 8824 0 8768 22 6 16 20 0 8 8 mcl2k 2048 156 0 156 1 0 1 1 0 8 1 mtagpl 96 4 0 4 1 0 1 1 0 8 1 mbufpl 256 12250 0 12113 11 0 11 11 0 8 2 bufpl 280 5930 0 176 411 0 411 411 0 8 0 anonpl 24 208443 0 204047 50 0 50 50 0 187 18 amapchunkpl 152 13848 0 13244 25 0 25 25 0 158 1 amappl16 200 4551 0 4450 8 0 8 8 0 8 2 amappl15 192 10 0 10 1 0 1 1 0 8 1 amappl14 184 238 0 225 2 0 2 2 0 8 1 amappl13 176 16 0 16 1 0 1 1 0 8 1 amappl12 168 1199 0 1169 2 0 2 2 0 8 0 amappl11 160 78 0 67 1 0 1 1 0 8 0 amappl10 152 94 0 84 1 0 1 1 0 8 0 amappl9 144 952 0 951 1 0 1 1 0 8 0 amappl8 136 176 0 149 1 0 1 1 0 8 0 amappl7 128 225 0 211 2 0 2 2 0 8 1 amappl6 120 336 0 328 2 0 2 2 0 8 1 amappl5 112 160 0 154 1 0 1 1 0 8 0 amappl4 104 502 0 483 2 0 2 2 0 8 1 amappl3 96 1577 0 1484 3 0 3 3 0 8 0 amappl2 88 1184 0 1109 4 0 4 4 0 8 1 amappl1 80 15541 0 14970 27 7 20 23 0 8 7 amappl 88 3329 0 3158 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 501 0 472 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 501 0 472 1 0 1 1 0 8 0 vmmpekpl 168 11764 0 11719 3 0 3 3 0 8 0 vmmpepl 168 62484 0 60572 118 0 118 118 0 357 34 vmsppl 360 500 0 472 3 0 3 3 0 8 0 rwobjpl 32 25392 0 22755 26 0 26 26 0 8 1 pdppl 4096 1009 0 944 111 42 69 69 0 8 4 pvpl 32 553348 0 543422 365 62 303 365 0 265 218 pmappl 216 500 0 472 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 282 0 48 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8337e10b) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xd7c sys/kern/kern_malloc.c:353 disk_attach(ffff800000b3d000,ffff800000b3d048) at disk_attach+0xbd sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a991480,1,ffff80002a7e2018) at vndioctl+0x11d9 sys/dev/vnd.c:537 VOP_IOCTL(fffffd806e87bc30,c0384600,ffff80002a991480,1,fffffd8007bfb548,ffff80002a7e2018) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806b53aac8,c0384600,ffff80002a991480,ffff80002a7e2018) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002a7e2018,ffff80002a991660,ffff80002a9915b0) at sys_ioctl+0x5bf sys/kern/sys_generic.c:-1 syscall(ffff80002a991660) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a991660) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3e126031570, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8337e10b) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(194,2,a) at malloc+0xd7c sys/kern/kern_malloc.c:353 disk_attach(ffff800000b3d000,ffff800000b3d048) at disk_attach+0xbd sys/kern/subr_disk.c:1082 vndioctl(2902,c0384600,ffff80002a991480,1,ffff80002a7e2018) at vndioctl+0x11d9 sys/dev/vnd.c:537 VOP_IOCTL(fffffd806e87bc30,c0384600,ffff80002a991480,1,fffffd8007bfb548,ffff80002a7e2018) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806b53aac8,c0384600,ffff80002a991480,ffff80002a7e2018) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002a7e2018,ffff80002a991660,ffff80002a9915b0) at sys_ioctl+0x5bf sys/kern/sys_generic.c:-1 syscall(ffff80002a991660) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a991660) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3e126031570, count: -10