panic: Data modified on freelist: word 4 of object 0xffff800001256a00 size 0x200 previous type free (0x6563 != 0xdead4110) Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *184917 99075 0 0 0x4000000 0 syz-executor.7 db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83011e18) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(200,7f,1) at malloc+0xd7c sys/kern/kern_malloc.c:349 vndsetcred(ffff80002a51f6e8,fffffd806c2cee78,58,ffff80002a681690) at vndsetcred+0x65 sys/dev/vnd.c:680 vndioctl(2902,c0384600,ffff80002a681900,1,ffff80002a51f6e8) at vndioctl+0xe6c sys/dev/vnd.c:485 VOP_IOCTL(fffffd806e821c30,c0384600,ffff80002a681900,1,fffffd807f7d7820,ffff80002a51f6e8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c2e1168,c0384600,ffff80002a681900,ffff80002a51f6e8) at vn_ioctl+0xe8 sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a51f6e8,ffff80002a681ae0,ffff80002a681a30) at sys_ioctl+0x678 syscall(ffff80002a681ae0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xecd05943cd0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: Data modified on freelist: word 4 of object 0xffff800001256a00 size 0x200 previous type free (0x6563 != 0xdead4110) ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83011e18) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(200,7f,1) at malloc+0xd7c sys/kern/kern_malloc.c:349 vndsetcred(ffff80002a51f6e8,fffffd806c2cee78,58,ffff80002a681690) at vndsetcred+0x65 sys/dev/vnd.c:680 vndioctl(2902,c0384600,ffff80002a681900,1,ffff80002a51f6e8) at vndioctl+0xe6c sys/dev/vnd.c:485 VOP_IOCTL(fffffd806e821c30,c0384600,ffff80002a681900,1,fffffd807f7d7820,ffff80002a51f6e8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c2e1168,c0384600,ffff80002a681900,ffff80002a51f6e8) at vn_ioctl+0xe8 sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a51f6e8,ffff80002a681ae0,ffff80002a681a30) at sys_ioctl+0x678 syscall(ffff80002a681ae0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xecd05943cd0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a680ee0 rbx 0xffff800001256a00 rdx 0x3fd rcx 0 rax 0x7c r8 0x101010101010101 r9 0x8080808080808080 r10 0xf666b23aae28cb75 r11 0xfec0483b0be137e0 r12 0 r13 0xffffffff834d0088 bucket+0x288 r14 0 r15 0x1 rip 0xffffffff812003a5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a680ed0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor.7) tid=184917 pid=99075 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a51ef50,0xffffffff835386e8 process=0xffff80002a564018 user=0xffff80002a67c000, vmspace=0xfffffd8069439168 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 99075 135344 49028 0 2 0 syz-executor.7 *99075 184917 49028 0 7 0x4000000 syz-executor.7 38494 289312 62815 0 2 0 syz-executor.2 38494 418331 62815 0 2 0x4000000 syz-executor.2 91218 191842 10666 0 2 0 syz-executor.0 91218 485590 10666 0 2 0x4000000 syz-executor.0 29562 55005 55958 0 2 0 syz-executor.3 29562 232903 55958 0 3 0x4000080 fsleep syz-executor.3 98597 302753 13121 0 2 0 syz-executor.5 98597 234599 13121 0 3 0x4000080 fsleep syz-executor.5 25096 185234 25511 0 3 0x2 biowait syz-executor.6 49028 174900 25511 0 3 0x82 nanoslp syz-executor.7 55958 357176 25511 0 3 0x82 nanoslp syz-executor.3 13121 121775 25511 0 3 0x82 nanoslp syz-executor.5 45185 422066 25511 0 2 0x2 syz-executor.4 71626 53463 25511 0 3 0x2 biowait syz-executor.1 62815 105812 25511 0 2 0x2 syz-executor.2 10666 121986 25511 0 3 0x82 nanoslp syz-executor.0 25511 253675 83379 0 3 0x82 thrsleep syz-execprog 25511 150984 83379 0 2 0x4000002 syz-execprog 25511 70861 83379 0 3 0x4000082 wait syz-execprog 25511 320548 83379 0 3 0x4000082 wait syz-execprog 25511 111155 83379 0 3 0x4000082 thrsleep syz-execprog 25511 90065 83379 0 3 0x4000082 wait syz-execprog 25511 120102 83379 0 3 0x4000082 wait syz-execprog 25511 321444 83379 0 3 0x4000082 thrsleep syz-execprog 25511 57192 83379 0 3 0x4000082 wait syz-execprog 25511 189631 83379 0 3 0x4000082 wait syz-execprog 25511 131531 83379 0 3 0x4000082 wait syz-execprog 25511 103364 83379 0 3 0x4000082 thrsleep syz-execprog 25511 306809 83379 0 3 0x4000082 wait syz-execprog 25511 102786 83379 0 3 0x4000082 kqread syz-execprog 83379 282987 52532 0 3 0x10008a sigsusp ksh 52532 501866 75451 0 3 0x98 kqread sshd-session 75451 370695 6057 0 3 0x92 kqread sshd-session 20769 186516 1 0 3 0x100083 ttyin getty 6057 92456 1 0 3 0x88 kqread sshd 15856 173539 42863 73 3 0x1100090 kqread syslogd 42863 406215 1 0 3 0x100082 sbwait syslogd 67145 8241 1 0 3 0x100080 kqread resolvd 17884 471455 45817 77 3 0x100092 kqread dhcpleased 94218 500969 45817 77 3 0x100092 kqread dhcpleased 45817 106015 1 0 3 0x80 kqread dhcpleased 41286 24100 0 0 3 0x14200 bored smr 7483 200599 0 0 2 0x14200 zerothread 24093 256695 0 0 3 0x14200 aiodoned aiodoned 25398 436340 0 0 3 0x14200 syncer update 65449 85081 0 0 3 0x14200 cleaner cleaner 78591 335399 0 0 3 0x14200 reaper reaper 66848 7778 0 0 3 0x14200 pgdaemon pagedaemon 37734 214304 0 0 3 0x14200 bored viomb 66503 477484 0 0 3 0x40014200 acpi0 acpi0 6170 177542 0 0 3 0x14200 bored softnet3 6591 310421 0 0 3 0x14200 bored softnet2 89606 231167 0 0 3 0x14200 bored softnet1 11027 198776 0 0 3 0x14200 bored softnet0 92182 147845 0 0 3 0x14200 bored systqmp 60760 104238 0 0 3 0x14200 bored systq 40141 449930 0 0 3 0x40014200 tmoslp softclock 20618 290377 0 0 3 0x40014200 idle0 1 41045 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10163 11039K 11052K 166960K 11268 0 pcb 17 12K 12K 166960K 17 0 rtable 234 6K 6K 166960K 380 0 pf 30 12K 12K 166960K 33 0 ifaddr 42 7K 7K 166960K 48 0 ifgroup 50 2K 2K 166960K 55 0 counters 30 17K 17K 166960K 31 0 ioctlops 0 0K 2K 166960K 30 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1260 79K 79K 166960K 1277 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 15 53K 69K 166960K 197 0 proc 57 58K 75K 166960K 500 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 110 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 406 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 245 74K 74K 166960K 4545 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 37 74K 104K 166960K 1517 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 19 1K 2K 166960K 30 0 temp 1 6800K 6864K 166960K 4711 0 kqueue 13 20K 20K 166960K 46 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 38 0 35 1 0 1 1 0 8 0 rtentry 112 122 0 12 4 0 4 4 0 8 0 unpcb 144 67 0 52 1 0 1 1 0 8 0 syncache 336 9 0 9 1 0 1 1 0 8 1 tcpcb 808 12 0 9 1 0 1 1 0 8 0 arp 88 20 0 2 1 0 1 1 0 8 0 inpcb 336 66 0 60 1 0 1 1 0 8 0 nd6 104 27 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 501 0 48 29 0 29 29 0 8 0 art_table 32 502 0 48 4 0 4 4 0 8 0 art_node 16 121 0 21 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1702 0 177 96 0 96 96 0 8 0 ffsino 240 1702 0 177 90 0 90 90 0 8 0 nchpl 144 2077 0 299 67 0 67 67 0 8 0 uvmvnodes 80 1712 0 0 35 0 35 35 0 8 0 vnodes 216 1712 0 0 96 0 96 96 0 8 0 namei 1024 7850 0 7849 3 0 3 3 0 8 2 kstatmem 264 24 0 2 2 0 2 2 0 8 0 scxspl 216 12081 0 12079 8 0 8 8 1 8 7 plimitpl 152 58 0 42 1 0 1 1 0 8 0 sigapl 424 537 0 494 6 0 6 6 0 8 0 futexpl 64 386 0 384 1 0 1 1 0 8 0 knotepl 120 6768 0 6689 3 0 3 3 0 8 0 kqueuepl 184 42 0 33 1 0 1 1 0 8 0 pipepl 288 183 0 155 3 0 3 3 0 8 1 fdescpl 432 521 0 494 4 0 4 4 0 8 0 filepl 120 2173 0 2033 5 0 5 5 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 34 0 18 1 0 1 1 0 8 0 pgrppl 48 34 0 18 1 0 1 1 0 8 0 ucredpl 104 136 0 124 1 0 1 1 0 8 0 zombiepl 144 494 0 494 1 0 1 1 0 8 1 processpl 1096 537 0 494 4 0 4 4 0 8 0 procpl 648 614 0 553 6 0 6 6 0 8 0 sockpl 504 171 0 147 4 0 4 4 0 8 1 mcl8k 8192 13 0 13 1 0 1 1 0 8 1 mcl4k 4096 9821 0 9763 15 0 15 15 0 8 7 mcl2k 2048 162 0 162 1 0 1 1 0 8 1 mtagpl 96 4 0 4 1 0 1 1 0 8 1 mbufpl 256 13990 0 13848 9 0 9 9 0 8 0 bufpl 280 7665 0 1340 452 0 452 452 0 8 0 anonpl 24 335694 0 330548 50 0 50 50 0 187 17 amapchunkpl 152 16873 0 16323 26 0 26 26 0 158 3 amappl16 200 10055 0 9913 9 0 9 9 0 8 0 amappl15 192 60 0 60 1 0 1 1 0 8 1 amappl14 184 266 0 254 2 0 2 2 0 8 0 amappl13 176 24 0 24 1 0 1 1 0 8 1 amappl12 168 1229 0 1200 2 0 2 2 0 8 0 amappl11 160 59 0 49 1 0 1 1 0 8 0 amappl10 152 75 0 66 1 0 1 1 0 8 0 amappl9 144 338 0 337 1 0 1 1 0 8 0 amappl8 136 147 0 119 1 0 1 1 0 8 0 amappl7 128 206 0 191 2 0 2 2 0 8 1 amappl6 120 302 0 299 1 0 1 1 0 8 0 amappl5 112 229 0 220 1 0 1 1 0 8 0 amappl4 104 521 0 501 2 0 2 2 0 8 1 amappl3 96 4131 0 4054 3 0 3 3 0 8 0 amappl2 88 1293 0 1218 4 0 4 4 0 8 2 amappl1 80 14829 0 14299 23 6 17 22 0 8 5 amappl 88 3809 0 3647 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 521 0 494 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 521 0 494 1 0 1 1 0 8 0 vmmpekpl 168 11440 0 11406 2 0 2 2 0 8 0 vmmpepl 168 70147 0 68393 115 0 115 115 0 357 36 vmsppl 344 520 0 494 3 0 3 3 0 8 0 rwobjpl 24 32395 0 29695 20 0 20 20 0 8 2 pdppl 4096 1049 0 988 111 42 69 69 0 8 8 pvpl 32 684635 0 673801 369 69 300 369 0 265 211 pmappl 216 520 0 494 2 0 2 2 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 372 0 42 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83011e18) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(200,7f,1) at malloc+0xd7c sys/kern/kern_malloc.c:349 vndsetcred(ffff80002a51f6e8,fffffd806c2cee78,58,ffff80002a681690) at vndsetcred+0x65 sys/dev/vnd.c:680 vndioctl(2902,c0384600,ffff80002a681900,1,ffff80002a51f6e8) at vndioctl+0xe6c sys/dev/vnd.c:485 VOP_IOCTL(fffffd806e821c30,c0384600,ffff80002a681900,1,fffffd807f7d7820,ffff80002a51f6e8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c2e1168,c0384600,ffff80002a681900,ffff80002a51f6e8) at vn_ioctl+0xe8 sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a51f6e8,ffff80002a681ae0,ffff80002a681a30) at sys_ioctl+0x678 syscall(ffff80002a681ae0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xecd05943cd0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83011e18) at panic+0x1cf sys/kern/subr_prf.c:198 malloc(200,7f,1) at malloc+0xd7c sys/kern/kern_malloc.c:349 vndsetcred(ffff80002a51f6e8,fffffd806c2cee78,58,ffff80002a681690) at vndsetcred+0x65 sys/dev/vnd.c:680 vndioctl(2902,c0384600,ffff80002a681900,1,ffff80002a51f6e8) at vndioctl+0xe6c sys/dev/vnd.c:485 VOP_IOCTL(fffffd806e821c30,c0384600,ffff80002a681900,1,fffffd807f7d7820,ffff80002a51f6e8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c2e1168,c0384600,ffff80002a681900,ffff80002a51f6e8) at vn_ioctl+0xe8 sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a51f6e8,ffff80002a681ae0,ffff80002a681a30) at sys_ioctl+0x678 syscall(ffff80002a681ae0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xecd05943cd0, count: -10