kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sat Jan 12 21:05:42 PST 2019 OpenBSD/amd64 (ci-openbsd-setuid-2.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. 2019/01/12 21:06:14 parsed 1 programs 2019/01/12 21:06:18 executed programs: 0 login: panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 305824 53025 65534 0x10 0 0 syz-executor0 *320128 53025 65534 0x10 0x4000000 1K syz-executor0 db_enter() at db_enter+0x18 panic() at panic+0x147 ip_fragment(67f1dc688ab38e9c,ffffff007ae8d1b0,ffff800000173290) at ip_fragment+ 0x625 ip_output(86002adf3c2154a2,ffffff007c9c2230,ffffff007ae8d600,0,ffffff007ae8d600 ,ffffff006e724308) at ip_output+0xc8d udp_output(67f1dc688a29b3f6,100d,ffffff006e724308,0) at udp_output+0x45a sosend(73d3caa699ec535f,ffffff006e4a4f08,ffff800021169138,ffff800021169270,13f3 ,0) at sosend+0x477 dofilewritev(714a4aee126e2a26,0,8,ffff80002108b2d8,ffff800021169270) at dofilew ritev+0x148 sys_writev(a3435946dc8b9e62,790,ffff80002108b2d8) at sys_writev+0xdb syscall(f32e267cce734521) at syscall+0x473 Xsyscall(6,0,d,0,3,97dffa22010) at Xsyscall+0x128 end of kernel end trace frame: 0x980f0127320, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x147 ip_fragment(67f1dc688ab38e9c,ffffff007ae8d1b0,ffff800000173290) at ip_fragment+0x625 ip_output(86002adf3c2154a2,ffffff007c9c2230,ffffff007ae8d600,0,ffffff007ae8d600,ffffff006e724308) at ip_output+0xc8d udp_output(67f1dc688a29b3f6,100d,ffffff006e724308,0) at udp_output+0x45a sosend(73d3caa699ec535f,ffffff006e4a4f08,ffff800021169138,ffff800021169270,13f3,0) at sosend+0x477 dofilewritev(714a4aee126e2a26,0,8,ffff80002108b2d8,ffff800021169270) at dofilewritev+0x148 sys_writev(a3435946dc8b9e62,790,ffff80002108b2d8) at sys_writev+0xdb syscall(f32e267cce734521) at syscall+0x473 Xsyscall(6,0,d,0,3,97dffa22010) at Xsyscall+0x128 end of kernel end trace frame: 0x980f0127320, count: -10 ddb{1}> show registers rdi 0xffffffff81edbb38 kprintf_mutex rsi 0x5 rbp 0xffff800021168d60 rbx 0xffff800021168e00 rdx 0x3fd rcx 0 rax 0x1 r8 0xffff800021168d30 r9 0 r10 0xeea02301907012ef r11 0x1bf5660c632f5b8a r12 0x3000000008 r13 0xffff800021168d70 r14 0x100 r15 0xffffffff81c5e947 substchar+0x10fc3 rip 0xffffffff811bca38 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021168d50 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0) pid=320128 stat=onproc flags process=10 proc=4000000 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80002108b788,0xffffffff81f734e0 process=0xffff800021064010 user=0xffff800021164000, vmspace=0xffffff0078b3be78 estcpu=9, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 53025 305824 47261 65534 7 0x10 syz-executor0 *53025 320128 47261 65534 7 0x4000010 syz-executor0 44788 511862 49202 65534 2 0x10 syz-executor1 44788 293564 49202 65534 2 0x4000090 syz-executor1 47261 248814 38519 65534 3 0x90 nanosleep syz-executor0 38519 312619 73518 0 3 0x82 wait syz-executor0 49202 511031 63812 65534 3 0x90 nanosleep syz-executor1 63812 359117 73518 0 3 0x82 wait syz-executor1 73518 499527 51674 0 3 0x82 thrsleep syz-execprog 73518 268203 51674 0 3 0x4000082 thrsleep syz-execprog 73518 105883 51674 0 3 0x4000082 thrsleep syz-execprog 73518 68078 51674 0 3 0x4000082 thrsleep syz-execprog 73518 38831 51674 0 3 0x4000082 thrsleep syz-execprog 73518 179691 51674 0 3 0x4000082 thrsleep syz-execprog 73518 504828 51674 0 3 0x4000082 thrsleep syz-execprog 73518 360066 51674 0 3 0x4000082 kqread syz-execprog 73518 382094 51674 0 3 0x4000082 thrsleep syz-execprog 51674 328763 71047 0 3 0x10008a pause ksh 71047 288533 33544 0 3 0x92 select sshd 10247 166939 1 0 3 0x100083 ttyin getty 33544 31895 1 0 3 0x80 select sshd 38381 392042 95839 73 3 0x100090 kqread syslogd 95839 212733 1 0 3 0x100082 netio syslogd 81845 61616 1 77 3 0x100090 poll dhclient 98483 238215 1 0 3 0x80 poll dhclient 17217 326956 0 0 2 0x14200 zerothread 21599 123017 0 0 3 0x14200 aiodoned aiodoned 7252 349219 0 0 3 0x14200 syncer update 45272 283274 0 0 3 0x14200 cleaner cleaner 68386 29294 0 0 3 0x14200 reaper reaper 7010 357070 0 0 3 0x14200 pgdaemon pagedaemon 11702 496817 0 0 3 0x14200 bored crynlk 98498 46482 0 0 3 0x14200 bored crypto 59563 163238 0 0 3 0x40014200 acpi0 acpi0 46016 321420 0 0 3 0x40014200 idle1 34426 412396 0 0 3 0x14200 bored softnet 24939 213414 0 0 3 0x14200 bored systqmp 67224 508138 0 0 3 0x14200 bored systq 89710 200437 0 0 3 0x40014200 bored softclock 45319 133152 0 0 3 0x40014200 idle0 1 330146 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}>