kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Oct 24 08:40:52 PDT 2019 OpenBSD/amd64 (ci-openbsd-main-4.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts. 2019/10/24 08:41:27 parsed 1 programs 2019/10/24 08:41:35 executed programs: 0 login: panic: ifa_update_broadaddr does not support dynamic length Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *361839 900 0 0 0 0 syz-executor.0 db_enter() at db_enter+0x18 panic() at panic+0x15c ifa_update_broadaddr(ffff800000a63800,ffff8000006a0900,ffff800014918590) at ifa_update_broadaddr+0x61 in_ioctl(80206913,ffff800014918580,ffff800000a63800,1) at in_ioctl+0x463 ifioctl(fffffd80363e8488,80206913,ffff800014918580,ffff8000ffff8770) at ifioctl+0xb34 sys_ioctl(ffff8000ffff8770,ffff800014918698,ffff8000149186e0) at sys_ioctl+0x5b9 syscall(ffff800014918760) at syscall+0x507 Xsyscall(6,0,ffffffffffffff36,0,3,60310c17010) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbc860, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic ifa_update_broadaddr does not support dynamic length ddb> trace db_enter() at db_enter+0x18 panic() at panic+0x15c ifa_update_broadaddr(ffff800000a63800,ffff8000006a0900,ffff800014918590) at ifa_update_broadaddr+0x61 in_ioctl(80206913,ffff800014918580,ffff800000a63800,1) at in_ioctl+0x463 ifioctl(fffffd80363e8488,80206913,ffff800014918580,ffff8000ffff8770) at ifioctl+0xb34 sys_ioctl(ffff8000ffff8770,ffff800014918698,ffff8000149186e0) at sys_ioctl+0x5b9 syscall(ffff800014918760) at syscall+0x507 Xsyscall(6,0,ffffffffffffff36,0,3,60310c17010) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbc860, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014918320 rbx 0xffff8000149183d0 rdx 0x2 rcx 0x1 rax 0x1 r8 0xffff8000149182e0 r9 0x1 r10 0xa0edfe6026aa8439 r11 0x849a6af0f2571f62 r12 0x3000000008 r13 0xffff800014918330 r14 0x100 r15 0x1 rip 0xffffffff814f24f8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014918310 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=361839 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8008,0xffffffff82571f70 process=0xffff8000148a3458 user=0xffff800014913000, vmspace=0xfffffd803f014660 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND * 900 361839 53862 0 7 0 syz-executor.0 53862 161317 8831 0 3 0x82 nanosleep syz-executor.0 8831 440156 34780 0 3 0x82 thrsleep syz-execprog 8831 241195 34780 0 3 0x4000082 thrsleep syz-execprog 8831 459849 34780 0 3 0x4000082 thrsleep syz-execprog 8831 317612 34780 0 3 0x4000082 thrsleep syz-execprog 8831 11886 34780 0 3 0x4000082 kqread syz-execprog 8831 373106 34780 0 3 0x4000082 thrsleep syz-execprog 8831 237550 34780 0 3 0x4000082 thrsleep syz-execprog 34780 364343 453 0 3 0x10008a pause ksh 453 513772 15153 0 3 0x92 select sshd 95080 112470 1 0 3 0x100083 ttyin getty 15153 215905 1 0 3 0x80 select sshd 10439 210187 48231 73 3 0x100090 kqread syslogd 48231 470834 1 0 3 0x100082 netio syslogd 34729 388713 1 77 3 0x100090 poll dhclient 85743 471272 1 0 3 0x80 poll dhclient 37312 471801 0 0 2 0x14200 zerothread 49351 275838 0 0 3 0x14200 aiodoned aiodoned 82377 497360 0 0 3 0x14200 syncer update 39068 139062 0 0 3 0x14200 cleaner cleaner 22373 398685 0 0 3 0x14200 reaper reaper 37972 460219 0 0 3 0x14200 pgdaemon pagedaemon 16176 43111 0 0 3 0x14200 bored crynlk 21972 156897 0 0 3 0x14200 bored crypto 4676 292830 0 0 3 0x40014200 acpi0 acpi0 55077 454828 0 0 3 0x14200 bored softnet 81593 405677 0 0 3 0x14200 bored systqmp 32277 460573 0 0 3 0x14200 bored systq 14890 430603 0 0 3 0x40014200 bored softclock 25663 408731 0 0 3 0x40014200 idle0 17486 308119 0 0 3 0x14200 bored smr 1 301732 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9433 6310K 6310K 78643K 10526 0 0 pcb 13 8K 8K 78643K 13 0 0 rtable 83 2K 2K 78643K 153 0 0 ifaddr 28 8K 8K 78643K 28 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 14 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1180 74K 74K 78643K 1185 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 3 8K 12K 78643K 18 0 0 proc 47 38K 54K 78643K 307 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 22 1K 1K 78643K 22 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 172 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 66 11K 11K 78643K 844 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 6 0K 0K 78643K 6 0 0 temp 39 3525K 3589K 78643K 3058 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 rtpcb 80 17 0 15 1 0 1 1 0 8 0 rtentry 112 34 0 1 1 0 1 1 0 8 0 unpcb 120 27 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 2 2 0 1 0 8 0 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 27 0 20 1 0 1 1 0 8 0 nd6 48 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 167 0 0 11 0 11 11 0 8 0 art_table 32 168 0 0 2 0 2 2 0 8 0 art_node 16 33 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1413 0 19 45 0 45 45 0 8 0 ffsino 240 1413 0 19 82 0 82 82 0 8 0 nchpl 144 1653 0 48 60 0 60 60 0 8 0 uvmvnodes 72 1422 0 0 26 0 26 26 0 8 0 vnodes 208 1422 0 0 75 0 75 75 0 8 0 namei 1024 3839 0 3839 2 1 1 1 0 8 1 scxspl 192 4107 0 4107 9 8 1 7 0 8 1 plimitpl 152 14 0 8 1 0 1 1 0 8 0 sigapl 432 197 0 185 2 0 2 2 0 8 0 knotepl 112 39 0 28 1 0 1 1 0 8 0 kqueuepl 104 2 0 0 1 0 1 1 0 8 0 pipepl 112 138 0 125 2 1 1 1 0 8 0 fdescpl 424 198 0 185 2 0 2 2 0 8 0 filepl 120 977 0 923 2 0 2 2 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 47 0 40 1 0 1 1 0 8 0 zombiepl 144 185 0 185 2 1 1 1 0 8 1 processpl 864 212 0 185 4 0 4 4 0 8 0 procpl 632 218 0 185 3 0 3 3 0 8 0 sockpl 384 71 0 54 2 0 2 2 0 8 0 mcl4k 4096 10 0 10 2 2 0 1 0 8 0 mcl2k 2048 5482 0 5451 7 2 5 7 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 9482 0 9409 6 1 5 5 0 8 0 bufpl 256 5785 0 1326 279 0 279 279 0 8 0 anonpl 16 20139 0 18703 14 1 13 13 0 62 6 amapchunkpl 152 700 0 640 5 0 5 5 0 158 2 amappl16 192 125 0 98 2 0 2 2 0 8 0 amappl14 176 19 0 18 2 1 1 1 0 8 0 amappl13 168 8 0 6 1 0 1 1 0 8 0 amappl12 160 4 0 3 2 1 1 1 0 8 0 amappl11 152 43 0 32 1 0 1 1 0 8 0 amappl10 144 12 0 11 2 1 1 1 0 8 0 amappl9 136 418 0 411 1 0 1 1 0 8 0 amappl8 128 115 0 105 1 0 1 1 0 8 0 amappl7 120 29 0 26 1 0 1 1 0 8 0 amappl6 112 78 0 67 1 0 1 1 0 8 0 amappl5 104 132 0 123 1 0 1 1 0 8 0 amappl4 96 426 0 402 1 0 1 1 0 8 0 amappl3 88 116 0 111 1 0 1 1 0 8 0 amappl2 80 829 0 775 4 1 3 3 0 8 1 amappl1 72 13543 0 13146 25 8 17 20 0 8 8 amappl 80 420 0 394 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 198 0 185 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 198 0 185 1 0 1 1 0 8 0 vmmpekpl 168 6181 0 6166 1 0 1 1 0 8 0 vmmpepl 168 28870 0 28008 91 14 77 77 0 357 39 vmsppl 272 197 0 185 1 0 1 1 0 8 0 pdppl 4096 402 0 370 5 0 5 5 0 8 0 pvpl 32 103255 0 99563 118 6 112 112 0 265 81 pmappl 200 197 0 185 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 402 0 8 12 0 12 12 0 8 0 ddb>