panic: ifa_update_broadaddr does not support dynamic length Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *474754 40699 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 ifa_update_broadaddr(ffff800000b24000,ffff800000b16600,ffff8000175c5bf0) at ifa_update_broadaddr+0x61 sys/net/if.c:2970 in_ioctl(80206913,ffff8000175c5be0,ffff800000b24000,1) at in_ioctl+0x463 sys/netinet/in.c:311 ifioctl(fffffd8037001480,80206913,ffff8000175c5be0,ffff8000ffff89e8) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000ffff89e8,ffff8000175c5cf8,ffff8000175c5d40) at sys_ioctl+0x5b9 syscall(ffff8000175c5dc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,67e75f2c010) at Xsyscall+0x128 end of kernel end trace frame: 0x6814de9a6d0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic ifa_update_broadaddr does not support dynamic length ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 ifa_update_broadaddr(ffff800000b24000,ffff800000b16600,ffff8000175c5bf0) at ifa_update_broadaddr+0x61 sys/net/if.c:2970 in_ioctl(80206913,ffff8000175c5be0,ffff800000b24000,1) at in_ioctl+0x463 sys/netinet/in.c:311 ifioctl(fffffd8037001480,80206913,ffff8000175c5be0,ffff8000ffff89e8) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000ffff89e8,ffff8000175c5cf8,ffff8000175c5d40) at sys_ioctl+0x5b9 syscall(ffff8000175c5dc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,67e75f2c010) at Xsyscall+0x128 end of kernel end trace frame: 0x6814de9a6d0, count: -8 ddb> show registers rdi 0xffffffff81a00537 db_enter+0x17 rsi 0x1e54 __ALIGN_SIZE+0xe54 rbp 0xffff8000175c5980 rbx 0xffff8000175c5a30 rdx 0x1e55 __ALIGN_SIZE+0xe55 rcx 0xffff8000167ba000 rax 0xffff8000167ba000 r8 0xffff8000175c5940 r9 0x1 r10 0xffff800000b2bec0 r11 0x616f99997e5175ec r12 0x3000000008 r13 0xffff8000175c5990 r14 0x100 r15 0x1 rip 0xffffffff81a00538 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000175c5970 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=474754 stat=onproc flags process=0 proc=4000000 pri=84, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8770,0xffffffff82565848 process=0xffff8000ffff7450 user=0xffff8000175c0000, vmspace=0xfffffd803f012770 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 40699 416256 9095 0 2 0 syz-executor.1 *40699 474754 9095 0 7 0x4000000 syz-executor.1 53408 455004 9519 0 3 0x82 nanosleep syz-executor.0 9095 507314 9519 0 3 0x82 nanosleep syz-executor.1 8634 211575 1 0 3 0x100083 ttyin getty 12564 210871 0 0 3 0x14200 acct acct 96447 459387 0 0 3 0x14200 bored sosplice 9519 57452 10461 0 3 0x82 thrsleep syz-fuzzer 9519 495676 10461 0 3 0x4000082 thrsleep syz-fuzzer 9519 12568 10461 0 3 0x4000082 thrsleep syz-fuzzer 9519 440105 10461 0 3 0x4000082 thrsleep syz-fuzzer 9519 170066 10461 0 3 0x4000082 kqread syz-fuzzer 9519 274995 10461 0 3 0x4000082 thrsleep syz-fuzzer 9519 274504 10461 0 3 0x4000082 thrsleep syz-fuzzer 9519 134221 10461 0 3 0x4000082 thrsleep syz-fuzzer 10461 269637 33403 0 3 0x10008a pause ksh 33403 329565 10490 0 3 0x92 select sshd 10490 269604 1 0 3 0x80 select sshd 59445 274436 97451 73 3 0x100090 kqread syslogd 97451 496736 1 0 3 0x100082 netio syslogd 81390 280128 0 0 2 0x14200 zerothread 22670 177829 0 0 3 0x14200 aiodoned aiodoned 97596 108615 0 0 3 0x14200 syncer update 89097 371179 0 0 3 0x14200 cleaner cleaner 89036 19270 0 0 3 0x14200 reaper reaper 87659 235312 0 0 3 0x14200 pgdaemon pagedaemon 4329 57441 0 0 3 0x14200 bored crynlk 21860 388033 0 0 3 0x14200 bored crypto 18925 335253 0 0 3 0x40014200 acpi0 acpi0 86034 209780 0 0 3 0x14200 bored softnet 75063 201888 0 0 3 0x14200 bored systqmp 73634 523437 0 0 3 0x14200 bored systq 55407 118043 0 0 3 0x40014200 bored softclock 29627 412662 0 0 3 0x40014200 idle0 13671 391446 0 0 3 0x14200 bored smr 1 83295 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9609 6971K 7552K 78643K 22289 0 0 pcb 13 11K 12K 78643K 1275 0 0 rtable 159 11K 11K 78643K 2616 0 0 ifaddr 108 24K 24K 78643K 1052 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 406 0 0 iov 0 0K 32K 78643K 1765 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1214 76K 77K 78643K 6294 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 3 5K 9K 78643K 97 0 0 VM map 53 13K 13K 78643K 72 0 0 sem 12 1K 1K 78643K 12 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1794 195K 288K 78643K 12646 0 0 file desc 5 13K 25K 78643K 5670 0 0 sigio 0 0K 0K 78643K 88 0 0 proc 44 30K 55K 78643K 2500 0 0 subproc 32 2K 2K 78643K 750 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 549 0 0 in_multi 43 2K 3K 78643K 739 0 0 ether_multi 1 0K 0K 78643K 57 0 0 mrt 0 0K 0K 78643K 49 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 132 583K 583K 78643K 132 0 0 exec 0 0K 1K 78643K 1304 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 198 382K 382K 78643K 16249 0 0 UVM aobj 130 6K 6K 78643K 138 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 1203 0 0 NDP 23 0K 1K 78643K 348 0 0 temp 247 3545K 4212K 78643K 216312 0 0 kqueue 0 0K 0K 78643K 85 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 132 0 126 1 0 1 1 0 8 0 rtpcb 80 683 0 683 8 7 1 1 0 8 1 rtentry 112 715 0 653 2 0 2 2 0 8 0 unpcb 120 5101 0 5094 3 2 1 2 0 8 0 syncache 264 37 0 37 15 15 0 1 0 8 0 tcpqe 32 150 0 150 7 7 0 1 0 8 0 tcpcb 544 2445 0 2441 40 39 1 15 0 8 0 ipq 40 44 0 44 17 17 0 1 0 8 0 ipqe 40 1173 0 1173 17 17 0 1 0 8 0 inpcb 280 7076 0 7071 41 40 1 9 0 8 0 rttmr 72 15 0 15 9 9 0 1 0 8 0 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 6 0 6 1 1 0 1 0 8 0 nd6 48 104 0 100 3 2 1 1 0 8 0 pkpcb 40 18 0 18 6 6 0 1 0 8 0 swfcl 56 5 0 0 1 0 1 1 0 8 0 ppxss 1128 111 0 111 22 22 0 1 0 8 0 art_heap8 4096 6 0 0 6 0 6 6 0 8 0 art_heap4 256 2856 0 2611 43 27 16 16 0 8 0 art_table 32 2862 0 2611 4 1 3 3 0 8 0 art_node 16 712 0 664 1 0 1 1 0 8 0 sysvmsgpl 40 79 0 56 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 12394 0 10981 46 0 46 46 0 8 0 ffsino 240 12394 0 10981 84 0 84 84 0 8 0 nchpl 144 22025 0 21558 60 40 20 60 0 8 0 uvmvnodes 72 9223 0 0 168 0 168 168 0 8 0 vnodes 208 9223 0 0 486 0 486 486 0 8 0 namei 1024 76467 0 76467 5 4 1 1 0 8 1 vcpupl 1984 51 0 0 7 0 7 7 0 8 0 vmpool 520 70 0 19 4 0 4 4 0 8 0 scsiplug 64 6 0 6 3 3 0 1 0 8 0 scxspl 192 82053 0 82053 32 31 1 7 0 8 1 plimitpl 152 498 0 492 1 0 1 1 0 8 0 sigapl 432 5717 0 5706 2 0 2 2 0 8 0 futexpl 56 191734 0 191734 5 4 1 1 0 8 1 knotepl 112 3708 0 3689 5 4 1 2 0 8 0 kqueuepl 104 4219 0 4217 7 6 1 4 0 8 0 pipepl 112 4830 0 4811 18 17 1 2 0 8 0 fdescpl 424 5718 0 5706 2 0 2 2 0 8 0 filepl 120 57850 0 57765 41 37 4 10 0 8 1 lockfpl 104 1983 0 1983 4 3 1 1 0 8 1 lockfspl 48 736 0 736 4 3 1 1 0 8 1 sessionpl 112 62 0 54 1 0 1 1 0 8 0 pgrppl 48 136 0 128 1 0 1 1 0 8 0 ucredpl 96 6411 0 6404 1 0 1 1 0 8 0 zombiepl 144 5708 0 5707 2 1 1 1 0 8 0 processpl 864 5736 0 5707 4 0 4 4 0 8 0 procpl 632 13212 0 13175 5 1 4 5 0 8 0 sosppl 128 72 0 72 20 20 0 1 0 8 0 sockpl 384 12964 0 12952 62 60 2 13 0 8 0 mcl64k 65536 3696 0 3696 268 268 0 64 0 8 0 mcl16k 16384 124 0 124 21 20 1 1 0 8 1 mcl12k 12288 494 0 494 6 5 1 1 0 8 1 mcl9k 9216 269 0 269 9 9 0 1 0 8 0 mcl8k 8192 277 0 277 8 8 0 1 0 8 0 mcl4k 4096 538 0 538 6 6 0 1 0 8 0 mcl2k2 2112 75 0 75 17 17 0 1 0 8 0 mcl2k 2048 77927 0 77880 21 14 7 15 0 8 0 mtagpl 80 249 0 247 8 7 1 1 0 8 0 mbufpl 256 179916 0 179814 250 241 9 42 0 8 0 bufpl 256 34657 0 25436 577 0 577 577 0 8 0 anonpl 16 800873 0 783412 230 142 88 102 0 62 0 amapchunkpl 152 37497 0 37344 128 117 11 31 0 158 3 amappl16 192 36847 0 35644 268 206 62 73 0 8 0 amappl15 184 807 0 807 9 9 0 1 0 8 0 amappl14 176 781 0 777 1 0 1 1 0 8 0 amappl13 168 440 0 437 7 6 1 1 0 8 0 amappl12 160 951 0 950 1 0 1 1 0 8 0 amappl11 152 710 0 706 1 0 1 1 0 8 0 amappl10 144 460 0 457 1 0 1 1 0 8 0 amappl9 136 2653 0 2649 1 0 1 1 0 8 0 amappl8 128 2211 0 2154 3 1 2 3 0 8 0 amappl7 120 659 0 651 1 0 1 1 0 8 0 amappl6 112 551 0 538 1 0 1 1 0 8 0 amappl5 104 1659 0 1652 1 0 1 1 0 8 0 amappl4 96 5495 0 5461 1 0 1 1 0 8 0 amappl3 88 2089 0 2079 1 0 1 1 0 8 0 amappl2 80 42858 0 42791 3 1 2 3 0 8 0 amappl1 72 119155 0 118779 26 17 9 19 0 8 0 amappl 80 14223 0 14158 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 137 0 8 3 0 3 3 0 8 0 uaddrrnd 24 5788 0 5706 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5788 0 5706 1 0 1 1 0 8 0 vmmpekpl 168 41777 0 41738 3 0 3 3 0 8 0 vmmpepl 168 727002 0 724652 442 292 150 178 0 357 37 vmsppl 272 5717 0 5706 3 2 1 2 0 8 0 pdppl 4096 11582 0 11501 17 6 11 11 0 8 0 pvpl 32 2234578 0 2214820 597 366 231 325 0 265 39 pmappl 200 5787 0 5725 4 0 4 4 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 1354 0 637 22 0 22 22 0 8 0