kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Thu Sep 12 11:18:42 PDT 2019

OpenBSD/amd64 (ci-openbsd-main-2.c.syzkaller.internal) (tty00)

Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts.
2019/09/12 11:19:30 parsed 1 programs
2019/09/12 11:19:35 executed programs: 0
2019/09/12 11:19:40 executed programs: 10
2019/09/12 11:19:46 executed programs: 22
login: Data modified on freelist: word -35183758756972 of object 0xffff800000a72700 size 0x100 previous type devbuf (invalid addr 0x63935041420a7387)

panic: Data modified on freelist: word 5 of object 0xffff800000a72700 size 0x100 previous type devbuf (0xd != 0xdead4110)


Stopped at      db_enter+0x18:  addq    $0x8,%rsp

    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND

*252196  60663      0           0  0x4000000    0  syz-executor.0

db_enter() at db_enter+0x18

panic() at panic+0x15c

malloc(100,2,a) at malloc+0xa23

bpfopen(21700,1,2000,ffff8000ffff8280) at bpfopen+0xb5

spec_open_clone(ffff800014918808) at spec_open_clone+0x241

spec_open(ffff800014918808) at spec_open+0x40e

VOP_OPEN(fffffd8036ce1750,1,fffffd803f7c6b40,ffff8000ffff8280) at VOP_OPEN+0x6a

vn_open(ffff800014918a48,1,0) at vn_open+0x494

doopenat(ffff8000ffff8280,ffffff9c,20000040,0,0,ffff800014918c40) at doopenat+0x28e

syscall(ffff800014918cc0) at syscall+0x507

Xsyscall(6,0,ffffffffffffffa2,0,4,24bb1b9a010) at Xsyscall+0x128

end of kernel

end trace frame: 0x24dcec5f290, count: 4

https://www.openbsd.org/ddb.html describes the minimum info required in bug

reports.  Insufficient info makes it difficult to find and fix bugs.

ddb> 

ddb> set $lines = 0

ddb> set $maxwidth = 0

ddb> show panic

Data modified on freelist: word 5 of object 0xffff800000a72700 size 0x100 previous type devbuf (0xd != 0xdead4110)


ddb> trace

db_enter() at db_enter+0x18

panic() at panic+0x15c

malloc(100,2,a) at malloc+0xa23

bpfopen(21700,1,2000,ffff8000ffff8280) at bpfopen+0xb5

spec_open_clone(ffff800014918808) at spec_open_clone+0x241

spec_open(ffff800014918808) at spec_open+0x40e

VOP_OPEN(fffffd8036ce1750,1,fffffd803f7c6b40,ffff8000ffff8280) at VOP_OPEN+0x6a

vn_open(ffff800014918a48,1,0) at vn_open+0x494

doopenat(ffff8000ffff8280,ffffff9c,20000040,0,0,ffff800014918c40) at doopenat+0x28e

syscall(ffff800014918cc0) at syscall+0x507

Xsyscall(6,0,ffffffffffffffa2,0,4,24bb1b9a010) at Xsyscall+0x128

end of kernel

end trace frame: 0x24dcec5f290, count: -11

ddb> show registers

rdi                                0

rsi                              0x1

rbp               0xffff800014918510

rbx               0xffff8000149185c0

rdx                              0x2

rcx                              0x1

rax                              0x1

r8                0xffff8000149184d0

r9                               0x1

r10               0x1e2a43d0ef48f8b0

r11               0xb5a1fb27050c5138

r12                     0x3000000008

r13               0xffff800014918520

r14                            0x100

r15                              0x1

rip               0xffffffff81defc18    db_enter+0x18

cs                               0x8

rflags                         0x246

rsp               0xffff800014918500

ss                              0x10

db_enter+0x18:  addq    $0x8,%rsp

ddb>