QàQàpanic: Data modified on freelist: word 4 of object 0xffff800000a2d000 size 0x20 previous type free (0x0 != 0xdeafbead)

Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*215911  95591      0         0x2          0    0  syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff821a13e1) at panic+0x15c sys/kern/subr_prf.c:207
malloc(20,62,a) at malloc+0xa23 sys/kern/kern_malloc.c:331
amap_alloc1(ff,2,1) at amap_alloc1+0x223 sys/uvm/uvm_amap.c:341
amap_copy(fffffd80529f4ee8,fffffd80515cccb0,2,0,7f7ffffc4000,7f7ffffc4001) at amap_copy+0x1bb sys/uvm/uvm_amap.c:554
uvm_fault(fffffd80529f4ee8,7f7ffffc4000,1,2) at uvm_fault+0xdee uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd80529f4ee8,7f7ffffc4000,1,2) at uvm_fault+0xdee sys/uvm/uvm_fault.c:559
pageflttrap(ffff80001d42a870,1) at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199
usertrap(ffff80001d42a870) at usertrap+0x1fb sys/arch/amd64/amd64/trap.c:369
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffc4420, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
Data modified on freelist: word 4 of object 0xffff800000a2d000 size 0x20 previous type free (0x0 != 0xdeafbead)

ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff821a13e1) at panic+0x15c sys/kern/subr_prf.c:207
malloc(20,62,a) at malloc+0xa23 sys/kern/kern_malloc.c:331
amap_alloc1(ff,2,1) at amap_alloc1+0x223 sys/uvm/uvm_amap.c:341
amap_copy(fffffd80529f4ee8,fffffd80515cccb0,2,0,7f7ffffc4000,7f7ffffc4001) at amap_copy+0x1bb sys/uvm/uvm_amap.c:554
uvm_fault(fffffd80529f4ee8,7f7ffffc4000,1,2) at uvm_fault+0xdee uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd80529f4ee8,7f7ffffc4000,1,2) at uvm_fault+0xdee sys/uvm/uvm_fault.c:559
pageflttrap(ffff80001d42a870,1) at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199
usertrap(ffff80001d42a870) at usertrap+0x1fb sys/arch/amd64/amd64/trap.c:369
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffc4420, count: -9
ddb> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80001d42a260
rbx               0xffff80001d42a310
rdx                              0x2
rcx                                0
rax                                0
r8                0xffff80001d42a220
r9                               0x1
r10                                0
r11               0xb5b91067f762bec6
r12                     0x3000000008
r13               0xffff80001d42a270
r14                            0x100
r15                              0x1
rip               0xffffffff81648238    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff80001d42a250
ss                                 0
db_enter+0x18:  addq    $0x8,%rsp
ddb> show proc
PROC (syz-executor.1) pid=215911 stat=onproc
    flags process=2<EXEC> proc=0
    pri=75, usrpri=75, nice=20
    forw=0xffffffffffffffff, list=0xffff80001d40a508,0xffff80001d40b8d8
    process=0xffff8000ffff7480 user=0xffff80001d425000, vmspace=0xfffffd80529f4ee8
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 80203   77992  95591      0  2           0                syz-executor.1
 75436  219504  19844      0  2           0                syz-executor.0
 75436  114286  19844      0  3   0x4000080  netio         syz-executor.0
 19844  501409   9741      0  3        0x82  nanosleep     syz-executor.0
*95591  215911   9741      0  7         0x2                syz-executor.1
 58701  442913      0      0  3     0x14200  bored         sosplice
  9741   84722  52215      0  3        0x82  thrsleep      syz-fuzzer
  9741  494256  52215      0  3   0x4000082  thrsleep      syz-fuzzer
  9741   50196  52215      0  3   0x4000082  thrsleep      syz-fuzzer
  9741  147315  52215      0  3   0x4000082  thrsleep      syz-fuzzer
  9741  340952  52215      0  3   0x4000082  thrsleep      syz-fuzzer
  9741  305161  52215      0  3   0x4000082  thrsleep      syz-fuzzer
  9741  190949  52215      0  3   0x4000082  thrsleep      syz-fuzzer
  9741   26136  52215      0  3   0x4000082  kqread        syz-fuzzer
 52215  268861  60886      0  3    0x10008a  pause         ksh
 60886  128548  14299      0  3        0x92  select        sshd
 97107  369465      1      0  3    0x100083  ttyin         getty
 14299  347006      1      0  3        0x80  select        sshd
 28327  219082  23283     73  3    0x100090  kqread        syslogd
 23283  204082      1      0  3    0x100082  netio         syslogd
 29432  517262      1     77  3    0x100090  poll          dhclient
 98076   18944      1      0  3        0x80  poll          dhclient
 61361  442131      0      0  2     0x14200                zerothread
  5666   62693      0      0  3     0x14200  aiodoned      aiodoned
 54962  177863      0      0  3     0x14200  syncer        update
 47154   40198      0      0  3     0x14200  cleaner       cleaner
 35679   88109      0      0  3     0x14200  reaper        reaper
  1130  181006      0      0  3     0x14200  pgdaemon      pagedaemon
 23927   69950      0      0  3     0x14200  bored         crynlk
 99155   36004      0      0  3     0x14200  bored         crypto
 32568  467157      0      0  3  0x40014200  acpi0         acpi0
 85662  321507      0      0  3     0x14200  bored         softnet
 28652  475801      0      0  3     0x14200  bored         systqmp
 54193  357395      0      0  3     0x14200  bored         systq
 15666  122127      0      0  3  0x40014200  bored         softclock
  5850  356384      0      0  3  0x40014200                idle0
 89355  195262      0      0  3     0x14200  bored         smr
     1  221128      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb> show all locks
No such command
ddb> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf  9518   6995K    7643K  78643K     12179        0
            pcb    13      8K       8K  78643K       123        0
         rtable   116      3K       4K  78643K       919        0
         ifaddr    83     15K      16K  78643K       192        0
       counters    19     16K      16K  78643K        19        0
       ioctlops     0      0K       2K  78643K        92        0
            iov     0      0K      24K  78643K       736        0
          mount     1      1K       1K  78643K         1        0
         vnodes  1223     77K      77K  78643K      1828        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       5K  78643K        14        0
         VM map     2      0K       0K  78643K         2        0
            sem    12      0K       1K  78643K       204        0
        dirhash    12      2K       2K  78643K        12        0
           ACPI  1794    195K     288K  78643K     12646        0
      file desc     6     17K      25K  78643K       951        0
          sigio     0      0K       0K  78643K        20        0
           proc    48     38K      63K  78643K       655        0
        subproc    32      2K       2K  78643K       123        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K       143        0
       in_multi    72      3K       4K  78643K       144        0
    ether_multi     1      0K       0K  78643K         2        0
            mrt     0      0K       0K  78643K         1        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys    60    265K     265K  78643K        60        0
           exec     0      0K       1K  78643K       313        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     7     26K      26K  78643K         7        0
       UVM amap   129     55K      63K  78643K      3529        0
       UVM aobj    46      4K       4K  78643K        50        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       0K  78643K       128        0
            NDP    14      0K       0K  78643K        45        0
           temp   142   3031K    3666K  78643K     37903        0
         kqueue     0      0K       0K  78643K         4        0
      SYN cache     2     16K      16K  78643K         2        0
ddb> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64       24    0       15     1     0     1     1     0     8    0
rtpcb       80       94    0       92     1     0     1     1     0     8    0
rtentry    112      294    0      246     2     0     2     2     0     8    0
unpcb      120      878    0      869     1     0     1     1     0     8    0
syncache   264       11    0       11     5     4     1     1     0     8    1
sackhl      24        2    0        2     1     1     0     1     0     8    0
tcpqe       32       94    0       94     3     2     1     1     0     8    1
tcpcb      544      757    0      753     4     3     1     3     0     8    0
ipq         40        9    0        9     5     5     0     1     0     8    0
ipqe        40      323    0      323     5     5     0     1     0     8    0
inpcb      280     1385    0     1378     8     6     2     4     0     8    1
nd6         48       16    0       13     1     0     1     1     0     8    0
pkpcb       40        6    0        6     2     1     1     1     0     8    1
ppxss      1128       6    0        6     5     5     0     1     0     8    0
art_heap8  4096       2    0        0     2     0     2     2     0     8    0
art_heap4  256     1554    0     1334    19     3    16    16     0     8    2
art_table   32     1556    0     1334     3     0     3     3     0     8    0
art_node    16      293    0      248     1     0     1     1     0     8    0
sysvmsgpl   40       77    0       40     1     0     1     1     0     8    0
semupl     112        5    0        5     2     2     0     1     0     8    0
semapl     112      200    0      190     1     0     1     1     0     8    0
shmpl      112       48    0        4     2     0     2     2     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino1pl    128     2714    0     1319    46     0    46    46     0     8    0
ffsino     240     2714    0     1319    83     0    83    83     0     8    0
nchpl      144     4269    0     2663    60     0    60    60     0     8    0
uvmvnodes   72     3242    0        0    59     0    59    59     0     8    0
vnodes     208     3242    0        0   171     0   171   171     0     8    0
namei      1024   12721    0    12721     1     0     1     1     0     8    1
vcpupl     1984       6    0        0     1     0     1     1     0     8    0
vmpool     528        6    0        0     1     0     1     1     0     8    0
scxspl     192    13969    0    13969     1     0     1     1     0     8    1
plimitpl   152       59    0       52     1     0     1     1     0     8    0
sigapl     432     1107    0     1093     2     0     2     2     0     8    0
futexpl     56    27840    0    27840     1     0     1     1     0     8    1
knotepl    112      200    0      181     1     0     1     1     0     8    0
kqueuepl   104      254    0      252     1     0     1     1     0     8    0
pipepl     128     1854    0     1835     6     4     2     2     0     8    1
fdescpl    424     1108    0     1093     2     0     2     2     0     8    0
filepl     120     9463    0     9364    12     7     5     6     0     8    1
lockfpl    104      956    0      954     1     0     1     1     0     8    0
lockfspl    48      193    0      191     1     0     1     1     0     8    0
sessionpl  112       22    0       12     1     0     1     1     0     8    0
pgrppl      48       30    0       20     1     0     1     1     0     8    0
ucredpl     96      681    0      674     1     0     1     1     0     8    0
zombiepl   144     1093    0     1093     1     0     1     1     0     8    1
processpl  872     1123    0     1093     4     0     4     4     0     8    0
procpl     632     2539    0     2501     7     3     4     5     0     8    0
sosppl     128       30    0       30     4     4     0     1     0     8    0
sockpl     384     2377    0     2359    16    12     4     6     0     8    2
mcl64k     65536     65    0       65     3     2     1     1     0     8    1
mcl16k     16384     18    0       18     4     3     1     1     0     8    1
mcl12k     12288     33    0       33     5     4     1     1     0     8    1
mcl9k      9216      10    0       10     5     5     0     1     0     8    0
mcl8k      8192      34    0       34     5     4     1     1     0     8    1
mcl4k      4096      91    0       91     2     1     1     1     0     8    1
mcl2k2     2112       7    0        7     5     4     1     1     0     8    1
mcl2k      2048   69363    0    69315    17    10     7    14     0     8    0
mtagpl      80       36    0       28     2     1     1     1     0     8    0
mbufpl     256   118750    0   118563    65    43    22    30     0     8    7
bufpl      280    10597    0     4413   442     0   442   442     0     8    0
anonpl      16   159190    0   143262   121    23    98    98     0   107   16
amapchunkpl 152    6691    0     6549    31    22     9    17     0   158    2
amappl16   192     6785    0     5670    99    35    64    69     0     8    8
amappl15   184       80    0       72     1     0     1     1     0     8    0
amappl14   176      122    0      119     1     0     1     1     0     8    0
amappl13   168        9    0        9     2     2     0     1     0     8    0
amappl12   160      481    0      481     2     2     0     1     0     8    0
amappl11   152       80    0       68     1     0     1     1     0     8    0
amappl10   144      152    0      149     1     0     1     1     0     8    0
amappl9    136      727    0      724     1     0     1     1     0     8    0
amappl8    128      295    0      263     2     0     2     2     0     8    0
amappl7    120      266    0      249     1     0     1     1     0     8    0
amappl6    112       76    0       70     1     0     1     1     0     8    0
amappl5    104      734    0      724     1     0     1     1     0     8    0
amappl4     96     1184    0     1150     1     0     1     1     0     8    0
amappl3     88      392    0      382     1     0     1     1     0     8    0
amappl2     80     7788    0     7716     3     1     2     3     0     8    0
amappl1     72    30858    0    30440    28    19     9    20     0     8    0
amappl      80     2855    0     2807     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      64       49    0        4     1     0     1     1     0     8    0
uaddrrnd    24     1114    0     1093     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     1114    0     1093     1     0     1     1     0     8    0
vmmpekpl   168    14473    0    14445     2     0     2     2     0     8    0
vmmpepl    168   143867    0   141528   221    79   142   147     0   357   38
vmsppl     272     1113    0     1093     2     0     2     2     0     8    0
pdppl      4096    2234    0     2192     7     1     6     6     0     8    0
pvpl        32   432689    0   414121   308    54   254   300     0   265   70
pmappl     200     1113    0     1093     3     1     2     2     0     8    0
extentpl    40       46    0       29     1     0     1     1     0     8    0
phpool     112      219    0       72     5     0     5     5     0     8    0