syzbot


panic: ifa_update_broadaddr does not support dynamic lengtpha

Status: closed as dup on 2019/10/19 11:24
Reported-by: syzbot+14bcb85937b1a43f3566@syzkaller.appspotmail.com
First crash: 1623d, last: 1623d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
panic: ifa_update_broadaddr does not support dynamic length syz 6780 1603d 1661d

Sample crash report:
panic: ifa_update_broadaddr does not support dynamic lengtpha
nStopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 291475  67683      0           0  0x4000000    1  syz-executor.0
*217439  39553      0           0  0x4000000    0  syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ifa_update_broadaddr(ffff800000adb000,ffff800000ae1100,ffff80002177dcf0) at ifa_update_broadaddr+0x61 sys/net/if.c:2970
in_ioctl(80206913,ffff80002177dce0,ffff800000adb000,1) at in_ioctl+0x463 sys/netinet/in.c:299
ifioctl(fffffd807d107340,80206913,ffff80002177dce0,ffff800020acf8d8) at ifioctl+0xb64 sys/net/if.c:2202
sys_ioctl(ffff800020acf8d8,ffff80002177ddf8,ffff80002177de40) at sys_ioctl+0x5b9
syscall(ffff80002177dec0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff80002177dec0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,17eaefc0280) at Xsyscall+0x128
end of kernel
end trace frame: 0x18187f427f0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
ifa_update_broadaddr does not support dynamic length
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ifa_update_broadaddr(ffff800000adb000,ffff800000ae1100,ffff80002177dcf0) at ifa_update_broadaddr+0x61 sys/net/if.c:2970
in_ioctl(80206913,ffff80002177dce0,ffff800000adb000,1) at in_ioctl+0x463 sys/netinet/in.c:299
ifioctl(fffffd807d107340,80206913,ffff80002177dce0,ffff800020acf8d8) at ifioctl+0xb64 sys/net/if.c:2202
sys_ioctl(ffff800020acf8d8,ffff80002177ddf8,ffff80002177de40) at sys_ioctl+0x5b9
syscall(ffff80002177dec0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff80002177dec0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,17eaefc0280) at Xsyscall+0x128
end of kernel
end trace frame: 0x18187f427f0, count: -8
ddb{0}> show registers
rdi               0xffffffff8213f9a7    db_enter+0x17
rsi                           0x17a2    __ALIGN_SIZE+0x7a2
rbp               0xffff80002177da80
rbx               0xffff80002177db30
rdx                           0x17a3    __ALIGN_SIZE+0x7a3
rcx               0xffff800021358000
rax               0xffff800021358000
r8                0xffffffff8149ad7f    kprintf+0x16f
r9                               0x1
r10                             0x25
r11               0x3493ac0a1ad5e271
r12                     0x3000000008
r13               0xffff80002177da90
r14                            0x100
r15                              0x1
rip               0xffffffff8213f9a8    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff80002177da70
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.1) pid=217439 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=86, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff800020ace028,0xffff800020acfb60
    process=0xffff800020add880 user=0xffff800021778000, vmspace=0xfffffd807f00bb80
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 67683  295263  29958      0  2           0                syz-executor.0
 67683  503660  29958      0  3   0x4000080  pipewr        syz-executor.0
 67683  291475  29958      0  7   0x4000000                syz-executor.0
 39553  329135  84577      0  2           0                syz-executor.1
 39553  108308  84577      0  3   0x4000080  pipewr        syz-executor.1
 39553  190114  84577      0  3   0x4000080  pipewr        syz-executor.1
 39553  147324  84577      0  3   0x4000080  piperd        syz-executor.1
*39553  217439  84577      0  7   0x4000000                syz-executor.1
 29958   38783  74350      0  3        0x82  nanosleep     syz-executor.0
 84577  115961  74350      0  3        0x82  nanosleep     syz-executor.1
 64279  181950      0      0  3     0x14200  acct          acct
 71807  233154      0      0  3     0x14200  bored         sosplice
 74350  353391  72886      0  3        0x82  thrsleep      syz-fuzzer
 74350  316786  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 74350  225072  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 74350  253437  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 74350  303377  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 74350  351297  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 74350  133693  72886      0  3   0x4000082  kqread        syz-fuzzer
 74350    1352  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 74350  516519  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 74350  244609  72886      0  3   0x4000082  thrsleep      syz-fuzzer
 72886  132889  51915      0  3    0x10008a  pause         ksh
 51915  335918  81973      0  3        0x92  select        sshd
 14523  128532      1      0  3    0x100083  ttyin         getty
 81973  399708      1      0  3        0x80  select        sshd
 50320  377777  63749     74  3    0x100092  bpf           pflogd
 63749  389716      1      0  3        0x80  netio         pflogd
 62481  369475  48761     73  3    0x100090  kqread        syslogd
 48761  366437      1      0  3    0x100082  netio         syslogd
 84359   12831      1     77  3    0x100090  poll          dhclient
 73649   25804      1      0  3        0x80  poll          dhclient
 82808  360215      0      0  2     0x14200                zerothread
 68965  239635      0      0  3     0x14200  aiodoned      aiodoned
 66166  257905      0      0  3     0x14200  syncer        update
 46187  470848      0      0  3     0x14200  cleaner       cleaner
 95142  500884      0      0  3     0x14200  reaper        reaper
 73624  250980      0      0  3     0x14200  pgdaemon      pagedaemon
 16811   58719      0      0  3     0x14200  bored         crynlk
 55277  192194      0      0  3     0x14200  bored         crypto
 77477  395823      0      0  3  0x40014200  acpi0         acpi0
 41382  144145      0      0  3  0x40014200                idle1
 67806  517923      0      0  3     0x14200  bored         softnet
 61060  415157      0      0  3     0x14200  bored         systqmp
 12073  305990      0      0  3     0x14200  bored         systq
 89458  380384      0      0  3  0x40014200  bored         softclock
 98810  249466      0      0  3  0x40014200                idle0
 33107  154369      0      0  3     0x14200  bored         smr
     1  151183      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
Process 39553 (syz-executor.1) thread 0xffff800020acf8d8 (217439)
exclusive rwlock netlock r = 0 (0xffffffff8251b198)
#0  witness_lock+0x52e sys/kern/subr_witness.c:1163
#1  in_ioctl+0x142
#2  ifioctl+0xb64 sys/net/if.c:2202
#3  sys_ioctl+0x5b9
#4  syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#4  syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#5  Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8262db68)
#0  witness_lock+0x52e sys/kern/subr_witness.c:1163
#1  syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1  syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2  Xsyscall+0x128
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim Kern Lim
         devbuf  9555   7072K    7959K  78643K     13642        0        0
            pcb    13      8K       8K  78643K       345        0        0
         rtable    85      4K       5K  78643K       899        0        0
         ifaddr    71     16K      17K  78643K       302        0        0
       counters    39     33K      33K  78643K        39        0        0
       ioctlops     0      0K       4K  78643K      1549        0        0
            iov     0      0K      32K  78643K       203        0        0
          mount     1      1K       1K  78643K         1        0        0
         vnodes  1222     77K      77K  78643K      2246        0        0
      UFS quota     1     32K      32K  78643K         1        0        0
      UFS mount     5     36K      36K  78643K         5        0        0
            shm     2      1K       5K  78643K        16        0        0
         VM map    18      9K       9K  78643K        22        0        0
            sem    12      0K       1K  78643K       531        0        0
        dirhash    12      2K       2K  78643K        12        0        0
           ACPI  1808    196K     290K  78643K     12765        0        0
      file desc     6     17K      25K  78643K      1791        0        0
          sigio     0      0K       0K  78643K        23        0        0
           proc    62     63K      95K  78643K       724        0        0
        subproc    32      2K       2K  78643K       102        0        0
    NFS srvsock     1      0K       0K  78643K         1        0        0
     NFS daemon     1     16K      16K  78643K         1        0        0
    ip_moptions     0      0K       1K  78643K       182        0        0
       in_multi    14      0K       2K  78643K       136        0        0
    ether_multi     1      0K       0K  78643K        16        0        0
            mrt     0      0K       0K  78643K         6        0        0
    ISOFS mount     1     32K      32K  78643K         1        0        0
  MSDOSFS mount     1     16K      16K  78643K         1        0        0
           ttys    84    371K     371K  78643K        84        0        0
           exec     0      0K       1K  78643K       324        0        0
     pfkey data     0      0K       0K  78643K         2        0        0
        pagedep     1      8K       8K  78643K         1        0        0
       inodedep     1     32K      32K  78643K         1        0        0
         newblk     1      0K       0K  78643K         1        0        0
        VM swap     7     26K      26K  78643K         7        0        0
       UVM amap   144    161K     161K  78643K      8735        0        0
       UVM aobj   130      4K       4K  78643K       130        0        0
        memdesc     1      4K       4K  78643K         1        0        0
    crypto data     1      1K       1K  78643K         1        0        0
    ip6_options     0      0K       0K  78643K      1150        0        0
            NDP    16      0K       0K  78643K        86        0        0
           temp   199   3556K    4193K  78643K     80362        0        0
         kqueue     0      0K       0K  78643K         4        0        0
      SYN cache     2     16K      16K  78643K         2        0        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64       22    0       19     1     0     1     1     0     8    0
plcache    128       20    0        0     1     0     1     1     0     8    0
rtpcb       80      119    0      117     1     0     1     1     0     8    0
rtentry    112      134    0      106     2     0     2     2     0     8    0
unpcb      120      664    0      653     1     0     1     1     0     8    0
syncache   264        9    0        9     4     4     0     1     0     8    0
sackhl      24        1    0        1     1     1     0     1     0     8    0
tcpqe       32        1    0        1     1     1     0     1     0     8    0
tcpcb      544     1255    0     1250     1     0     1     1     0     8    0
inpcb      280     6471    0     6462    29    25     4     6     0     8    3
rttmr       72        2    0        1     2     1     1     1     0     8    0
nd6         48       15    0       15     1     1     0     1     0     8    0
pkpcb       40        7    0        7     4     3     1     1     0     8    1
swfcl       56        1    0        0     1     0     1     1     0     8    0
ppxss      1128      42    0       42    12    11     1     1     0     8    1
pffrag     232       37    0       37    10     9     1     1     0   482    1
pffrnode    88       37    0       37    10     9     1     1     0     8    1
pffrent     40     1019    0     1019    10     9     1     1     0     8    1
pfosfp      40      846    0      423     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24      106    0       83     1     0     1     1     0     8    0
pfstkey    112      106    0       83     1     0     1     1     0     8    0
pfstate    328      106    0       83     5     2     3     3     0     8    0
pfrule     1360      21    0       16     2     1     1     2     0     8    0
art_heap8  4096       8    0        6     7     4     3     3     0     8    1
art_heap4  256      558    0      400    20     7    13    16     0     8    0
art_table   32      566    0      406     3     1     2     3     0     8    0
art_node    16      133    0      107     1     0     1     1     0     8    0
sysvmsgpl   40       14    0        7     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112      526    0      516     1     0     1     1     0     8    0
shmpl      112      128    0        0     4     0     4     4     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino1pl    128     3848    0     2440    46     0    46    46     0     8    0
ffsino     272     3848    0     2440    95     0    95    95     0     8    0
nchpl      144     6419    0     4808    61     0    61    61     0     8    0
uvmvnodes   72     4633    0        0    85     0    85    85     0     8    0
vnodes     208     4633    0        0   244     0   244   244     0     8    0
namei      1024   18517    0    18517     2     1     1     1     0     8    1
percpumem   16       30    0        0     1     0     1     1     0     8    0
vcpupl     1984      16    0        0     2     0     2     2     0     8    0
vmpool     552       20    0        4     3     1     2     2     0     8    0
scsiplug    64        1    0        1     1     1     0     1     0     8    0
scxspl     192    20769    0    20769    18    17     1     7     0     8    1
plimitpl   152       97    0       89     1     0     1     1     0     8    0
sigapl     432     1979    0     1963     3     1     2     3     0     8    0
futexpl     56    42303    0    42303     1     0     1     1     0     8    1
knotepl    112      299    0      280     1     0     1     1     0     8    0
kqueuepl   104      353    0      351     1     0     1     1     0     8    0
pipepl     112     5400    0     5373    13    11     2     2     0     8    1
fdescpl    488     1980    0     1963     3     0     3     3     0     8    0
filepl     152    20047    0    19938    16    10     6     7     0     8    0
lockfpl    104      410    0      409     1     0     1     1     0     8    0
lockfspl    48      149    0      148     1     0     1     1     0     8    0
sessionpl  112       22    0       11     1     0     1     1     0     8    0
pgrppl      48       37    0       26     1     0     1     1     0     8    0
ucredpl     96     1175    0     1166     1     0     1     1     0     8    0
zombiepl   144     1965    0     1965     2     1     1     1     0     8    1
processpl  896     1999    0     1965     4     0     4     4     0     8    0
procpl     632     7716    0     7667     9     4     5     6     0     8    0
srpgc       64       12    0       12     4     4     0     1     0     8    0
sosppl     128       27    0       27    10     9     1     1     0     8    1
sockpl     384     7273    0     7251    45    39     6    10     0     8    3
mcl64k     65536    261    0        0    33    28     5    33     0     8    0
mcl16k     16384      8    0        0     1     0     1     1     0     8    0
mcl12k     12288     22    0        0     2     0     2     2     0     8    0
mcl9k      9216       4    0        0     1     0     1     1     0     8    0
mcl8k      8192      17    0        0     3     0     3     3     0     8    0
mcl4k      4096      14    0        0     2     0     2     2     0     8    0
mcl2k2     2112       7    0        0     1     0     1     1     0     8    0
mcl2k      2048     198    0        0    23     2    21    23     0     8    0
mtagpl      80       71    0        0     2     0     2     2     0     8    0
mbufpl     256      604    0        0    24     0    24    24     0     8    0
bufpl      256    10853    0     3805   441     0   441   441     0     8    0
anonpl      16   219276    0   199568   164    83    81    98     0   124    0
amapchunkpl 152   15943    0    15778    31    23     8    14     0   158    1
amappl16   192    11229    0    10088   128    70    58    69     0     8    0
amappl15   184        9    0        8     1     0     1     1     0     8    0
amappl14   176      100    0       96     1     0     1     1     0     8    0
amappl13   168        9    0        9     2     2     0     1     0     8    0
amappl12   160        9    0        6     1     0     1     1     0     8    0
amappl11   152      195    0      178     1     0     1     1     0     8    0
amappl10   144      539    0      533     1     0     1     1     0     8    0
amappl9    136      976    0      969     1     0     1     1     0     8    0
amappl8    128      531    0      498     2     0     2     2     0     8    0
amappl7    120      581    0      576     1     0     1     1     0     8    0
amappl6    112      226    0      211     1     0     1     1     0     8    0
amappl5    104      177    0      164     1     0     1     1     0     8    0
amappl4     96     2209    0     2177     1     0     1     1     0     8    0
amappl3     88      281    0      275     1     0     1     1     0     8    0
amappl2     80    14713    0    14626     3     1     2     3     0     8    0
amappl1     72    56239    0    55778    25    15    10    20     0     8    0
amappl      80     8037    0     7982     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       17    0       17     1     1     0     1     0     8    0
aobjpl      64      129    0        0     3     0     3     3     0     8    0
uaddrrnd    24     2000    0     1963     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     2000    0     1963     1     0     1     1     0     8    0
vmmpekpl   168    35966    0    35928     3     0     3     3     0     8    0
vmmpepl    168   256151    0   253688   299   189   110   171     0   357    0
vmsppl     368     1979    0     1963     2     0     2     2     0     8    0
pdppl      4096    4007    0     3950     9     1     8     8     0     8    0
pvpl        32   631191    0   608911   309   118   191   221     0   265    2
pmappl     232     1999    0     1967     3     1     2     2     0     8    0
extentpl    40       41    0       26     1     0     1     1     0     8    0
phpool     112      670    0       46    19     0    19    19     0     8    0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/19 08:49 openbsd 754f2b84d7f3 8c88c9c1 .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.