panic: ifa_update_broadaddr does not support dynamic length Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *252453 84758 0 0 0x4000000 0K syz-executor.0 281713 44570 0 0x14000 0x200 1 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 ifa_update_broadaddr(ffff800000ae9000,ffff800000af0400,ffff800022b8d880) at ifa_update_broadaddr+0x61 sys/net/if.c:2970 in_ioctl(80206913,ffff800022b8d870,ffff800000ae9000,1) at in_ioctl+0x463 sys/netinet/in.c:311 ifioctl(fffffd8074289c38,80206913,ffff800022b8d870,ffff800020acec78) at ifioctl+0xb64 sys/net/if.c:2202 sys_ioctl(ffff800020acec78,ffff800022b8d988,ffff800022b8d9d0) at sys_ioctl+0x5b9 syscall(ffff800022b8da50) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800022b8da50) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,9bcda9280e0) at Xsyscall+0x128 end of kernel end trace frame: 0x9bf6933fdf0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic ifa_update_broadaddr does not support dynamic length ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 ifa_update_broadaddr(ffff800000ae9000,ffff800000af0400,ffff800022b8d880) at ifa_update_broadaddr+0x61 sys/net/if.c:2970 in_ioctl(80206913,ffff800022b8d870,ffff800000ae9000,1) at in_ioctl+0x463 sys/netinet/in.c:311 ifioctl(fffffd8074289c38,80206913,ffff800022b8d870,ffff800020acec78) at ifioctl+0xb64 sys/net/if.c:2202 sys_ioctl(ffff800020acec78,ffff800022b8d988,ffff800022b8d9d0) at sys_ioctl+0x5b9 syscall(ffff800022b8da50) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800022b8da50) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,9bcda9280e0) at Xsyscall+0x128 end of kernel end trace frame: 0x9bf6933fdf0, count: -8 ddb{0}> show registers rdi 0xffffffff814c4807 db_enter+0x17 rsi 0x1b61 __ALIGN_SIZE+0xb61 rbp 0xffff800022b8d610 rbx 0xffff800022b8d6c0 rdx 0x1b62 __ALIGN_SIZE+0xb62 rcx 0xffff800023bc6000 rax 0xffff800023bc6000 r8 0xffffffff8141f94f kprintf+0x16f r9 0x1 r10 0x25 r11 0x14c702c1016c4784 r12 0x3000000008 r13 0xffff800022b8d620 r14 0x100 r15 0x1 rip 0xffffffff814c4808 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800022b8d600 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=252453 stat=onproc flags process=0 proc=4000000 pri=75, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff800020acf658,0xffffffff8265b7c8 process=0xffff800020a8aa90 user=0xffff800022b88000, vmspace=0xfffffd807f00a000 estcpu=25, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 84758 1644 38756 0 2 0 syz-executor.0 84758 399625 38756 0 3 0x4000080 nanosleep syz-executor.0 *84758 252453 38756 0 7 0x4000000 syz-executor.0 38756 349162 21389 0 3 0x82 nanosleep syz-executor.0 22587 195894 1 0 3 0x100083 ttyin getty 10191 353502 21389 0 3 0x82 nanosleep syz-executor.1 23759 322318 0 0 3 0x14200 acct acct 2989 379863 0 0 3 0x14200 bored sosplice 21389 86170 84376 0 3 0x82 thrsleep syz-fuzzer 21389 280318 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 145507 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 48933 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 414871 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 461963 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 482363 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 114537 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 121369 84376 0 3 0x4000082 kqread syz-fuzzer 21389 208480 84376 0 3 0x4000082 thrsleep syz-fuzzer 21389 345448 84376 0 3 0x4000082 thrsleep syz-fuzzer 84376 323625 22622 0 3 0x10008a pause ksh 22622 354043 36773 0 3 0x92 select sshd 36773 426122 1 0 3 0x80 select sshd 85130 496796 78850 74 3 0x100092 bpf pflogd 78850 384682 1 0 3 0x80 netio pflogd 39634 58976 9807 73 3 0x100090 kqread syslogd 9807 215118 1 0 3 0x100082 netio syslogd 46948 521208 1 77 3 0x100090 poll dhclient 5572 145309 1 0 3 0x80 poll dhclient 15436 157736 0 0 2 0x14200 zerothread 92477 209999 0 0 3 0x14200 aiodoned aiodoned 33187 74214 0 0 3 0x14200 syncer update 62963 205730 0 0 3 0x14200 cleaner cleaner 44570 281713 0 0 7 0x14200 reaper 22850 56108 0 0 3 0x14200 pgdaemon pagedaemon 94318 401275 0 0 3 0x14200 bored crynlk 67348 185725 0 0 3 0x14200 bored crypto 51232 71722 0 0 3 0x40014200 acpi0 acpi0 18043 518581 0 0 3 0x40014200 idle1 39362 109529 0 0 3 0x14200 bored softnet 32590 213691 0 0 3 0x14200 bored systqmp 72300 121406 0 0 3 0x14200 bored systq 47411 454566 0 0 3 0x40014200 bored softclock 97775 342248 0 0 3 0x40014200 idle0 6406 131202 0 0 3 0x14200 bored smr 1 175138 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8066155768) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 mtx_enter_try+0x102 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 pmap_do_remove+0x88 rcr3 machine/cpufunc.h:141 [inline] #3 pmap_do_remove+0x88 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:414 [inline] #3 pmap_do_remove+0x88 sys/arch/amd64/amd64/pmap.c:1684 #4 uvm_map_teardown+0x195 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:206 [inline] #4 uvm_map_teardown+0x195 sys/uvm/uvm_map.c:2719 #5 uvmspace_free+0x86 sys/uvm/uvm_map.c:3592 #6 uvm_exit+0x29 sys/uvm/uvm_glue.c:297 #7 reaper+0x189 sys/kern/kern_exit.c:442 #8 proc_trampoline+0x1c Process 84758 (syz-executor.0) thread 0xffff800020acec78 (252453) exclusive rwlock netlock r = 0 (0xffffffff824dc718) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 in_ioctl+0x142 #2 ifioctl+0xb64 sys/net/if.c:2202 #3 sys_ioctl+0x5b9 #4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #5 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82648ec0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9576 7087K 8048K 78643K 16718 0 0 pcb 13 11K 12K 78643K 3007 0 0 rtable 118 13K 15K 78643K 1677 0 0 ifaddr 85 18K 19K 78643K 519 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1628 0 0 iov 0 0K 24K 78643K 487 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1228 77K 77K 78643K 3905 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 36 0 0 VM map 23 11K 12K 78643K 31 0 0 sem 10 1K 1K 78643K 13 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 5 13K 25K 78643K 2584 0 0 sigio 0 0K 0K 78643K 56 0 0 proc 62 63K 95K 78643K 1377 0 0 subproc 32 2K 2K 78643K 323 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 1K 78643K 312 0 0 in_multi 37 2K 2K 78643K 359 0 0 ether_multi 1 0K 0K 78643K 36 0 0 mrt 1 0K 0K 78643K 12 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 66 291K 291K 78643K 66 0 0 exec 0 0K 1K 78643K 694 0 0 pfkey data 0 0K 4K 78643K 1 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 177 172K 172K 78643K 10170 0 0 UVM aobj 130 6K 6K 78643K 142 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 524 0 0 NDP 19 0K 0K 78643K 164 0 0 temp 222 3560K 4200K 78643K 96283 0 0 kqueue 0 0K 0K 78643K 18 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 48 0 42 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 220 0 218 1 0 1 1 0 8 0 rtentry 112 261 0 218 2 0 2 2 0 8 0 unpcb 120 1635 0 1623 5 4 1 2 0 8 0 syncache 264 21 0 21 8 8 0 1 0 8 0 tcpqe 32 4 0 4 3 3 0 1 0 8 0 tcpcb 544 2662 0 2658 33 32 1 13 0 8 0 inpcb 280 9611 0 9603 37 35 2 10 0 8 1 rttmr 72 5 0 5 3 3 0 1 0 8 0 ip6q 72 6 0 6 3 3 0 1 0 8 0 ip6af 40 18 0 18 3 3 0 1 0 8 0 nd6 48 42 0 38 3 2 1 1 0 8 0 pkpcb 40 17 0 17 5 5 0 1 0 8 0 ppxss 1128 61 0 61 9 9 0 1 0 8 0 pffrag 232 58 0 58 10 10 0 1 0 482 0 pffrnode 88 58 0 58 10 10 0 1 0 8 0 pffrent 40 1754 0 1754 10 10 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 180 0 164 1 0 1 1 0 8 0 pfstkey 112 180 0 164 2 0 2 2 0 8 0 pfstate 328 180 0 164 6 1 5 6 0 8 1 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1122 0 894 25 10 15 15 0 8 0 art_table 32 1123 0 894 2 0 2 2 0 8 0 art_node 16 259 0 220 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 10 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 11 0 3 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5169 0 3762 46 0 46 46 0 8 0 ffsino 272 5169 0 3762 97 2 95 95 0 8 0 nchpl 144 9021 0 7401 64 3 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 31472 0 31472 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 21 0 0 3 0 3 3 0 8 0 vmpool 552 29 0 8 2 0 2 2 0 8 0 scsiplug 64 4 0 4 4 4 0 1 0 8 0 scxspl 192 29867 0 29867 25 24 1 6 0 8 1 plimitpl 152 223 0 215 1 0 1 1 0 8 0 sigapl 432 2733 0 2718 3 1 2 3 0 8 0 futexpl 56 70004 0 70004 2 1 1 1 0 8 1 knotepl 112 560 0 541 2 1 1 2 0 8 0 kqueuepl 104 899 0 897 7 6 1 4 0 8 0 pipepl 112 1636 0 1617 5 4 1 2 0 8 0 fdescpl 488 2734 0 2718 3 0 3 3 0 8 0 filepl 152 26398 0 26297 36 31 5 14 0 8 0 lockfpl 104 871 0 870 1 0 1 1 0 8 0 lockfspl 48 291 0 290 1 0 1 1 0 8 0 sessionpl 112 37 0 26 1 0 1 1 0 8 0 pgrppl 48 59 0 48 1 0 1 1 0 8 0 ucredpl 96 2262 0 2253 1 0 1 1 0 8 0 zombiepl 144 2718 0 2717 2 1 1 1 0 8 0 processpl 896 2751 0 2717 4 0 4 4 0 8 0 procpl 632 8477 0 8431 5 0 5 5 0 8 0 srpgc 64 20 0 20 7 7 0 1 0 8 0 sosppl 128 997 0 997 5 4 1 1 0 8 1 sockpl 384 11670 0 11648 52 48 4 15 0 8 1 mcl64k 65536 259 0 0 33 17 16 33 0 8 1 mcl16k 16384 11 0 0 2 0 2 2 0 8 0 mcl12k 12288 29 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 18 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 169 0 0 20 1 19 20 0 8 0 mtagpl 80 37 0 0 1 0 1 1 0 8 0 mbufpl 256 430 0 0 21 0 21 21 0 8 0 bufpl 256 14216 0 7158 442 0 442 442 0 8 0 anonpl 16 335665 0 314906 146 60 86 101 0 124 0 amapchunkpl 152 19678 0 19499 34 26 8 15 0 158 0 amappl16 192 13970 0 12791 141 81 60 72 0 8 0 amappl15 184 1436 0 1436 2 2 0 1 0 8 0 amappl14 176 813 0 808 1 0 1 1 0 8 0 amappl13 168 134 0 132 1 0 1 1 0 8 0 amappl12 160 291 0 288 1 0 1 1 0 8 0 amappl11 152 108 0 92 1 0 1 1 0 8 0 amappl10 144 16 0 11 1 0 1 1 0 8 0 amappl9 136 1197 0 1190 1 0 1 1 0 8 0 amappl8 128 786 0 730 2 0 2 2 0 8 0 amappl7 120 120 0 111 1 0 1 1 0 8 0 amappl6 112 74 0 62 1 0 1 1 0 8 0 amappl5 104 578 0 563 1 0 1 1 0 8 0 amappl4 96 2552 0 2516 1 0 1 1 0 8 0 amappl3 88 1233 0 1226 1 0 1 1 0 8 0 amappl2 80 20666 0 20583 3 1 2 3 0 8 0 amappl1 72 71935 0 71461 26 16 10 20 0 8 0 amappl 80 9057 0 8994 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 141 0 12 3 0 3 3 0 8 0 uaddrrnd 24 2763 0 2718 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2763 0 2718 1 0 1 1 0 8 0 vmmpekpl 168 27109 0 27069 2 0 2 2 0 8 0 vmmpepl 168 357425 0 354881 256 139 117 157 0 357 2 vmsppl 368 2733 0 2717 2 0 2 2 0 8 0 pdppl 4096 5533 0 5471 11 2 9 9 0 8 1 pvpl 32 896824 0 873873 315 123 192 227 0 265 0 pmappl 232 2762 0 2725 4 1 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 702 0 68 19 0 19 19 0 8 0