login: panic: Data modified on freelist: word 5 of object 0xffff8000006a0900 size 0x100 previous type devbuf (0xd != 0xdeadbeef) Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *179359 35007 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331 bpfopen(21700,1,2000,ffff8000ffff3160) at bpfopen+0xb5 sys/net/bpf.c:360 spec_open_clone(ffff8000149263e8) at spec_open_clone+0x241 sys/kern/spec_vnops.c:737 spec_open(ffff8000149263e8) at spec_open+0x40e VOP_OPEN(fffffd8036f00820,1,fffffd803f7c6c00,ffff8000ffff3160) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154 vn_open(ffff800014926628,1,0) at vn_open+0x494 sys/kern/vfs_vnops.c:174 doopenat(ffff8000ffff3160,ffffff9c,20000040,0,0,ffff800014926820) at doopenat+0x28e sys/kern/vfs_syscalls.c:1157 syscall(ffff8000149268a0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffffa2,0,4,b91511bc010) at Xsyscall+0x128 end of kernel end trace frame: 0xb93719ce600, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic Data modified on freelist: word 5 of object 0xffff8000006a0900 size 0x100 previous type devbuf (0xd != 0xdeadbeef) ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331 bpfopen(21700,1,2000,ffff8000ffff3160) at bpfopen+0xb5 sys/net/bpf.c:360 spec_open_clone(ffff8000149263e8) at spec_open_clone+0x241 sys/kern/spec_vnops.c:737 spec_open(ffff8000149263e8) at spec_open+0x40e VOP_OPEN(fffffd8036f00820,1,fffffd803f7c6c00,ffff8000ffff3160) at VOP_OPEN+0x6a sys/kern/vfs_vops.c:154 vn_open(ffff800014926628,1,0) at vn_open+0x494 sys/kern/vfs_vnops.c:174 doopenat(ffff8000ffff3160,ffffff9c,20000040,0,0,ffff800014926820) at doopenat+0x28e sys/kern/vfs_syscalls.c:1157 syscall(ffff8000149268a0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffffa2,0,4,b91511bc010) at Xsyscall+0x128 end of kernel end trace frame: 0xb93719ce600, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000149260f0 rbx 0xffff8000149261a0 rdx 0x2 rcx 0x1 rax 0x1 r8 0xffff8000149260b0 r9 0x1 r10 0x41b6cfc12c46beb r11 0x3c03111e095a2d08 r12 0x3000000008 r13 0xffff800014926100 r14 0x100 r15 0x1 rip 0xffffffff81d5c6a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000149260e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=179359 stat=onproc flags process=0 proc=4000000 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3b40,0xffffffff825a4598 process=0xffff8000148a26d8 user=0xffff800014921000, vmspace=0xfffffd803f014440 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb>