kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Sat Oct  5 11:01:27 PDT 2019

OpenBSD/amd64 (ci-openbsd-main-6.c.syzkaller.internal) (tty00)

Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts.
2019/10/05 11:01:50 parsed 1 programs
2019/10/05 11:01:57 executed programs: 0
2019/10/05 11:02:02 executed programs: 6
login: panic: Data modified on freelist: word 5 of object 0xffff8000006a0c00 size 0x100 previous type devbuf (0xd != 0xdeadbeef)


Stopped at      db_enter+0x18:  addq    $0x8,%rsp

    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND

*107129   2768      0           0  0x4000000    0  syz-executor.0

db_enter() at db_enter+0x18

panic() at panic+0x15c

malloc(100,2,a) at malloc+0xa23

bpfopen(21700,1,2000,ffff8000ffff9b30) at bpfopen+0xb5

spec_open_clone(ffff800014926308) at spec_open_clone+0x241

spec_open(ffff800014926308) at spec_open+0x40e

VOP_OPEN(fffffd803e61d8f0,1,fffffd803f7c6cc0,ffff8000ffff9b30) at VOP_OPEN+0x6a

vn_open(ffff800014926548,1,0) at vn_open+0x494

doopenat(ffff8000ffff9b30,ffffff9c,20000040,0,0,ffff800014926740) at doopenat+0x28e

syscall(ffff8000149267c0) at syscall+0x507

Xsyscall(6,0,ffffffffffffffa2,0,4,28928fa010) at Xsyscall+0x128

end of kernel

end trace frame: 0x2ad7b08450, count: 4

https://www.openbsd.org/ddb.html describes the minimum info required in bug

reports.  Insufficient info makes it difficult to find and fix bugs.

ddb> 

ddb> set $lines = 0

ddb> set $maxwidth = 0

ddb> show panic

Data modified on freelist: word 5 of object 0xffff8000006a0c00 size 0x100 previous type devbuf (0xd != 0xdeadbeef)


ddb> trace

db_enter() at db_enter+0x18

panic() at panic+0x15c

malloc(100,2,a) at malloc+0xa23

bpfopen(21700,1,2000,ffff8000ffff9b30) at bpfopen+0xb5

spec_open_clone(ffff800014926308) at spec_open_clone+0x241

spec_open(ffff800014926308) at spec_open+0x40e

VOP_OPEN(fffffd803e61d8f0,1,fffffd803f7c6cc0,ffff8000ffff9b30) at VOP_OPEN+0x6a

vn_open(ffff800014926548,1,0) at vn_open+0x494

doopenat(ffff8000ffff9b30,ffffff9c,20000040,0,0,ffff800014926740) at doopenat+0x28e

syscall(ffff8000149267c0) at syscall+0x507

Xsyscall(6,0,ffffffffffffffa2,0,4,28928fa010) at Xsyscall+0x128

end of kernel

end trace frame: 0x2ad7b08450, count: -11

ddb> show registers

rdi                                0

rsi                              0x1

rbp               0xffff800014926010

rbx               0xffff8000149260c0

rdx                              0x2

rcx                              0x1

rax                              0x1

r8                0xffff800014925fd0

r9                               0x1

r10               0xd945bb5a25d36d5e

r11               0x2958bab94060d31c

r12                     0x3000000008

r13               0xffff800014926020

r14                            0x100

r15                              0x1

rip               0xffffffff820d0728    db_enter+0x18

cs                               0x8

rflags                         0x246

rsp               0xffff800014926000

ss                              0x10

db_enter+0x18:  addq    $0x8,%rsp

ddb>