malloc: free list modified: devbuf

login: panic: Data modified on freelist: word 5 of object 0xffff8000006a0300 size 0x100 previous type devbuf (0xd != 0xdeadbeef)

Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*517431  73207      0           0  0x4000000    0  syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331
bpfopen(21700,1,2000,ffff8000ffff8ed8) at bpfopen+0xb5 sys/net/bpf.c:360
spec_open_clone(ffff800014926478) at spec_open_clone+0x241 sys/kern/spec_vnops.c:737
spec_open(ffff800014926478) at spec_open+0x40e
VOP_OPEN(fffffd8036cdb750,1,fffffd803f7c6c00,ffff8000ffff8ed8) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff8000149266c8,1,0) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff8ed8,ffffff9c,20000040,0,0,ffff8000149268c0) at doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff800014926940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffffa2,0,4,c37754ec010) at Xsyscall+0x128
end of kernel
end trace frame: 0xc399d215c30, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
Data modified on freelist: word 5 of object 0xffff8000006a0300 size 0x100 previous type devbuf (0xd != 0xdeadbeef)

ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331
bpfopen(21700,1,2000,ffff8000ffff8ed8) at bpfopen+0xb5 sys/net/bpf.c:360
spec_open_clone(ffff800014926478) at spec_open_clone+0x241 sys/kern/spec_vnops.c:737
spec_open(ffff800014926478) at spec_open+0x40e
VOP_OPEN(fffffd8036cdb750,1,fffffd803f7c6c00,ffff8000ffff8ed8) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff8000149266c8,1,0) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff8ed8,ffffff9c,20000040,0,0,ffff8000149268c0) at doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff800014926940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffffa2,0,4,c37754ec010) at Xsyscall+0x128
end of kernel
end trace frame: 0xc399d215c30, count: -11
ddb>

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Manager
2019/10/19 15:51	openbsd	b1a121060c68	8c88c9c1	.config	console log	report	syz	ci-openbsd-main
2019/10/16 02:17	openbsd	19120e8f37ae	d4ea592f	.config	console log	report	syz	ci-openbsd-main
2019/10/22 04:39	openbsd	09b707593b26	c59a7cd8	.config	console log	report		ci-openbsd-main
2019/10/19 15:11	openbsd	b1a121060c68	8c88c9c1	.config	console log	report		ci-openbsd-main
2019/10/16 01:28	openbsd	19120e8f37ae	d4ea592f	.config	console log	report		ci-openbsd-main