panic: ifa_update_broadaddr does not support dynamic length Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *438634 223 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 ifa_update_broadaddr(ffff800000aa6000,ffff800000a97500,ffff800016958740) at ifa_update_broadaddr+0x61 sys/net/if.c:2986 in_ioctl(80206913,ffff800016958730,ffff800000aa6000,1) at in_ioctl+0x463 sys/netinet/in.c:311 ifioctl(fffffd802ce2adb0,80206913,ffff800016958730,ffff8000ffff2ee8) at ifioctl+0xb34 sys/net/if.c:2218 sys_ioctl(ffff8000ffff2ee8,ffff800016958848,ffff800016958890) at sys_ioctl+0x5b9 syscall(ffff800016958910) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,2d5df460010) at Xsyscall+0x128 end of kernel end trace frame: 0x2d8a02392a0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic ifa_update_broadaddr does not support dynamic length ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 ifa_update_broadaddr(ffff800000aa6000,ffff800000a97500,ffff800016958740) at ifa_update_broadaddr+0x61 sys/net/if.c:2986 in_ioctl(80206913,ffff800016958730,ffff800000aa6000,1) at in_ioctl+0x463 sys/netinet/in.c:311 ifioctl(fffffd802ce2adb0,80206913,ffff800016958730,ffff8000ffff2ee8) at ifioctl+0xb34 sys/net/if.c:2218 sys_ioctl(ffff8000ffff2ee8,ffff800016958848,ffff800016958890) at sys_ioctl+0x5b9 syscall(ffff800016958910) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,2d5df460010) at Xsyscall+0x128 end of kernel end trace frame: 0x2d8a02392a0, count: -8 ddb> show registers rdi 0xffffffff816c6117 db_enter+0x17 rsi 0x1d93 __ALIGN_SIZE+0xd93 rbp 0xffff8000169584d0 rbx 0xffff800016958580 rdx 0x1d94 __ALIGN_SIZE+0xd94 rcx 0xffff800017594000 rax 0xffff800017594000 r8 0xffff800016958490 r9 0x1 r10 0xffff800000a6ec00 r11 0xb4efefd7321728f0 r12 0x3000000008 r13 0xffff8000169584e0 r14 0x100 r15 0x1 rip 0xffffffff816c6118 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000169584c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=438634 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8255a198 process=0xffff8000ffff70f0 user=0xffff800016953000, vmspace=0xfffffd803f014220 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 223 473916 72379 0 2 0 syz-executor.1 * 223 438634 72379 0 7 0x4000000 syz-executor.1 72379 204661 96781 0 3 0x82 nanosleep syz-executor.1 87957 23524 96781 0 2 0x2 syz-executor.0 77411 518433 1 0 3 0x100083 ttyin getty 52364 417486 0 0 3 0x14200 bored sosplice 96781 99094 50111 0 3 0x82 kqread syz-fuzzer 96781 86075 50111 0 3 0x4000082 nanosleep syz-fuzzer 96781 390450 50111 0 3 0x4000082 thrsleep syz-fuzzer 96781 88660 50111 0 3 0x4000082 thrsleep syz-fuzzer 96781 375178 50111 0 3 0x4000082 thrsleep syz-fuzzer 96781 3980 50111 0 3 0x4000082 thrsleep syz-fuzzer 96781 301386 50111 0 3 0x4000082 thrsleep syz-fuzzer 96781 188279 50111 0 3 0x4000082 thrsleep syz-fuzzer 50111 85128 24510 0 3 0x10008a pause ksh 24510 278581 23218 0 3 0x92 select sshd 23218 522245 1 0 3 0x80 select sshd 69142 173817 69521 73 3 0x100090 kqread syslogd 69521 66370 1 0 3 0x100082 netio syslogd 33109 182885 1 77 3 0x100090 poll dhclient 92715 137886 1 0 3 0x80 poll dhclient 76139 181534 0 0 2 0x14200 zerothread 21328 353699 0 0 3 0x14200 aiodoned aiodoned 47186 370619 0 0 3 0x14200 syncer update 14918 398236 0 0 3 0x14200 cleaner cleaner 64959 342321 0 0 3 0x14200 reaper reaper 8796 232986 0 0 3 0x14200 pgdaemon pagedaemon 31462 129084 0 0 3 0x14200 bored crynlk 14935 79659 0 0 3 0x14200 bored crypto 44474 187364 0 0 3 0x40014200 acpi0 acpi0 3289 192843 0 0 3 0x14200 bored softnet 63638 48126 0 0 3 0x14200 bored systqmp 34565 247513 0 0 3 0x14200 bored systq 84990 225047 0 0 3 0x40014200 bored softclock 33784 436094 0 0 3 0x40014200 idle0 43580 257537 0 0 3 0x14200 bored smr 1 123787 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9566 6367K 8096K 78643K 26772 0 0 pcb 13 12K 15K 78643K 1260 0 0 rtable 134 6K 6K 78643K 2122 0 0 ifaddr 83 20K 22K 78643K 659 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 177 0 0 iov 0 0K 40K 78643K 729 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1223 77K 77K 78643K 6544 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 59 0 0 VM map 8 2K 2K 78643K 12 0 0 sem 12 0K 0K 78643K 1420 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 6385 0 0 sigio 0 0K 0K 78643K 94 0 0 proc 50 38K 63K 78643K 1289 0 0 subproc 32 2K 2K 78643K 255 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1554 0 0 in_multi 33 2K 2K 78643K 356 0 0 ether_multi 1 0K 0K 78643K 25 0 0 mrt 0 0K 0K 78643K 8 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 174 768K 768K 78643K 174 0 0 exec 0 0K 1K 78643K 681 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 127 55K 64K 78643K 16058 0 0 UVM aobj 130 4K 4K 78643K 130 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 761 0 0 NDP 17 0K 0K 78643K 195 0 0 temp 188 3544K 4183K 78643K 166835 0 0 kqueue 0 0K 0K 78643K 34 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 43 0 38 1 0 1 1 0 8 0 rtpcb 80 384 0 382 1 0 1 1 0 8 0 rtentry 112 337 0 282 2 0 2 2 0 8 0 unpcb 120 3369 0 3354 3 2 1 2 0 8 0 syncache 264 39 0 39 7 7 0 1 0 8 0 tcpqe 32 15 0 15 5 5 0 1 0 8 0 tcpcb 544 2918 0 2913 25 24 1 13 0 8 0 ipq 40 289 0 289 7 6 1 1 0 8 1 ipqe 40 12585 0 12585 7 6 1 1 0 8 1 inpcb 280 7786 0 7778 28 26 2 9 0 8 1 nd6 48 46 0 43 1 0 1 1 0 8 0 pkpcb 40 18 0 18 3 3 0 1 0 8 0 ppxss 1128 67 0 67 9 8 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1251 0 1027 17 1 16 16 0 8 0 art_table 32 1253 0 1027 4 1 3 3 0 8 0 art_node 16 329 0 287 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 40 1 1 0 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 1418 0 1408 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 11522 0 10123 46 0 46 46 0 8 0 ffsino 240 11522 0 10123 83 0 83 83 0 8 0 nchpl 144 20345 0 19915 60 40 20 60 0 8 0 uvmvnodes 72 6396 0 0 117 0 117 117 0 8 0 vnodes 208 6396 0 0 337 0 337 337 0 8 0 namei 1024 62582 0 62581 4 3 1 1 0 8 0 vcpupl 1984 6 0 0 1 0 1 1 0 8 0 vmpool 520 10 0 4 1 0 1 1 0 8 0 scsiplug 64 14 0 14 5 5 0 1 0 8 0 scxspl 192 61074 0 61074 17 15 2 7 0 8 2 plimitpl 152 397 0 390 1 0 1 1 0 8 0 sigapl 432 6520 0 6507 2 0 2 2 0 8 0 futexpl 56 126446 0 126446 6 5 1 1 0 8 1 knotepl 112 1073 0 1054 3 2 1 3 0 8 0 kqueuepl 104 1239 0 1237 4 3 1 4 0 8 0 pipepl 112 2408 0 2389 6 5 1 2 0 8 0 fdescpl 424 6521 0 6507 2 0 2 2 0 8 0 filepl 120 42685 0 42589 24 19 5 10 0 8 1 lockfpl 104 2457 0 2456 1 0 1 1 0 8 0 lockfspl 48 748 0 747 1 0 1 1 0 8 0 sessionpl 112 34 0 24 1 0 1 1 0 8 0 pgrppl 48 113 0 103 1 0 1 1 0 8 0 ucredpl 96 6539 0 6532 1 0 1 1 0 8 0 zombiepl 144 6509 0 6509 1 0 1 1 0 8 1 processpl 864 6538 0 6509 4 0 4 4 0 8 0 procpl 632 14447 0 14410 5 1 4 5 0 8 0 sosppl 128 94 0 94 12 12 0 1 0 8 0 sockpl 384 11610 0 11584 47 42 5 15 0 8 1 mcl64k 65536 858 0 856 2 1 1 1 0 8 0 mcl16k 16384 77 0 77 12 11 1 1 0 8 1 mcl12k 12288 233 0 233 14 13 1 1 0 8 1 mcl9k 9216 76 0 76 12 12 0 1 0 8 0 mcl8k 8192 459 0 459 13 12 1 1 0 8 1 mcl4k 4096 403 0 403 12 11 1 1 0 8 1 mcl2k2 2112 50 0 50 10 10 0 1 0 8 0 mcl2k 2048 36803 0 36768 60 52 8 12 0 8 2 mtagpl 80 404 0 373 6 5 1 3 0 8 0 mbufpl 256 230344 0 230194 139 118 21 41 0 8 8 bufpl 256 21311 0 14915 400 0 400 400 0 8 0 anonpl 16 667213 0 658618 143 93 50 55 0 62 6 amapchunkpl 152 30784 0 30683 54 48 6 29 0 158 1 amappl16 192 39824 0 39352 158 127 31 36 0 8 7 amappl15 184 1281 0 1281 3 3 0 1 0 8 0 amappl14 176 2139 0 2133 1 0 1 1 0 8 0 amappl13 168 366 0 366 2 2 0 1 0 8 0 amappl12 160 444 0 443 1 0 1 1 0 8 0 amappl11 152 264 0 253 1 0 1 1 0 8 0 amappl10 144 1473 0 1470 1 0 1 1 0 8 0 amappl9 136 406 0 403 1 0 1 1 0 8 0 amappl8 128 312 0 265 2 0 2 2 0 8 0 amappl7 120 1555 0 1549 1 0 1 1 0 8 0 amappl6 112 265 0 252 1 0 1 1 0 8 0 amappl5 104 1536 0 1524 1 0 1 1 0 8 0 amappl4 96 5896 0 5866 1 0 1 1 0 8 0 amappl3 88 2648 0 2643 1 0 1 1 0 8 0 amappl2 80 51862 0 51794 4 2 2 3 0 8 0 amappl1 72 122054 0 121648 27 18 9 20 0 8 0 amappl 80 14939 0 14900 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 129 0 0 3 0 3 3 0 8 0 uaddrrnd 24 6531 0 6507 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6531 0 6507 1 0 1 1 0 8 0 vmmpekpl 168 42984 0 42955 2 0 2 2 0 8 0 vmmpepl 168 751610 0 750041 198 115 83 84 0 357 9 vmsppl 272 6520 0 6507 4 3 1 2 0 8 0 pdppl 4096 13068 0 13028 7 1 6 6 0 8 0 pvpl 32 1902633 0 1891254 402 273 129 176 0 265 32 pmappl 200 6530 0 6511 3 1 2 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 785 0 239 16 0 16 16 0 8 0