kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Sat Jan 12 21:05:42 PST 2019
OpenBSD/amd64 (ci-openbsd-setuid-2.c.syzkaller.internal) (tty00)
Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts.
2019/01/12 21:06:14 parsed 1 programs
2019/01/12 21:06:18 executed programs: 0
login: panic: malformed IPv4 option passed to ip_optcopy
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
305824 53025 65534 0x10 0 0 syz-executor0
*320128 53025 65534 0x10 0x4000000 1K syz-executor0
db_enter() at db_enter+0x18
panic() at panic+0x147
ip_fragment(67f1dc688ab38e9c,ffffff007ae8d1b0,ffff800000173290) at ip_fragment+
0x625
ip_output(86002adf3c2154a2,ffffff007c9c2230,ffffff007ae8d600,0,ffffff007ae8d600
,ffffff006e724308) at ip_output+0xc8d
udp_output(67f1dc688a29b3f6,100d,ffffff006e724308,0) at udp_output+0x45a
sosend(73d3caa699ec535f,ffffff006e4a4f08,ffff800021169138,ffff800021169270,13f3
,0) at sosend+0x477
dofilewritev(714a4aee126e2a26,0,8,ffff80002108b2d8,ffff800021169270) at dofilew
ritev+0x148
sys_writev(a3435946dc8b9e62,790,ffff80002108b2d8) at sys_writev+0xdb
syscall(f32e267cce734521) at syscall+0x473
Xsyscall(6,0,d,0,3,97dffa22010) at Xsyscall+0x128
end of kernel
end trace frame: 0x980f0127320, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
malformed IPv4 option passed to ip_optcopy
ddb{1}> trace
db_enter() at db_enter+0x18
panic() at panic+0x147
ip_fragment(67f1dc688ab38e9c,ffffff007ae8d1b0,ffff800000173290) at ip_fragment+0x625
ip_output(86002adf3c2154a2,ffffff007c9c2230,ffffff007ae8d600,0,ffffff007ae8d600,ffffff006e724308) at ip_output+0xc8d
udp_output(67f1dc688a29b3f6,100d,ffffff006e724308,0) at udp_output+0x45a
sosend(73d3caa699ec535f,ffffff006e4a4f08,ffff800021169138,ffff800021169270,13f3,0) at sosend+0x477
dofilewritev(714a4aee126e2a26,0,8,ffff80002108b2d8,ffff800021169270) at dofilewritev+0x148
sys_writev(a3435946dc8b9e62,790,ffff80002108b2d8) at sys_writev+0xdb
syscall(f32e267cce734521) at syscall+0x473
Xsyscall(6,0,d,0,3,97dffa22010) at Xsyscall+0x128
end of kernel
end trace frame: 0x980f0127320, count: -10
ddb{1}> show registers
rdi 0xffffffff81edbb38 kprintf_mutex
rsi 0x5
rbp 0xffff800021168d60
rbx 0xffff800021168e00
rdx 0x3fd
rcx 0
rax 0x1
r8 0xffff800021168d30
r9 0
r10 0xeea02301907012ef
r11 0x1bf5660c632f5b8a
r12 0x3000000008
r13 0xffff800021168d70
r14 0x100
r15 0xffffffff81c5e947 substchar+0x10fc3
rip 0xffffffff811bca38 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021168d50
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor0) pid=320128 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80002108b788,0xffffffff81f734e0
process=0xffff800021064010 user=0xffff800021164000, vmspace=0xffffff0078b3be78
estcpu=9, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
53025 305824 47261 65534 7 0x10 syz-executor0
*53025 320128 47261 65534 7 0x4000010 syz-executor0
44788 511862 49202 65534 2 0x10 syz-executor1
44788 293564 49202 65534 2 0x4000090 syz-executor1
47261 248814 38519 65534 3 0x90 nanosleep syz-executor0
38519 312619 73518 0 3 0x82 wait syz-executor0
49202 511031 63812 65534 3 0x90 nanosleep syz-executor1
63812 359117 73518 0 3 0x82 wait syz-executor1
73518 499527 51674 0 3 0x82 thrsleep syz-execprog
73518 268203 51674 0 3 0x4000082 thrsleep syz-execprog
73518 105883 51674 0 3 0x4000082 thrsleep syz-execprog
73518 68078 51674 0 3 0x4000082 thrsleep syz-execprog
73518 38831 51674 0 3 0x4000082 thrsleep syz-execprog
73518 179691 51674 0 3 0x4000082 thrsleep syz-execprog
73518 504828 51674 0 3 0x4000082 thrsleep syz-execprog
73518 360066 51674 0 3 0x4000082 kqread syz-execprog
73518 382094 51674 0 3 0x4000082 thrsleep syz-execprog
51674 328763 71047 0 3 0x10008a pause ksh
71047 288533 33544 0 3 0x92 select sshd
10247 166939 1 0 3 0x100083 ttyin getty
33544 31895 1 0 3 0x80 select sshd
38381 392042 95839 73 3 0x100090 kqread syslogd
95839 212733 1 0 3 0x100082 netio syslogd
81845 61616 1 77 3 0x100090 poll dhclient
98483 238215 1 0 3 0x80 poll dhclient
17217 326956 0 0 2 0x14200 zerothread
21599 123017 0 0 3 0x14200 aiodoned aiodoned
7252 349219 0 0 3 0x14200 syncer update
45272 283274 0 0 3 0x14200 cleaner cleaner
68386 29294 0 0 3 0x14200 reaper reaper
7010 357070 0 0 3 0x14200 pgdaemon pagedaemon
11702 496817 0 0 3 0x14200 bored crynlk
98498 46482 0 0 3 0x14200 bored crypto
59563 163238 0 0 3 0x40014200 acpi0 acpi0
46016 321420 0 0 3 0x40014200 idle1
34426 412396 0 0 3 0x14200 bored softnet
24939 213414 0 0 3 0x14200 bored systqmp
67224 508138 0 0 3 0x14200 bored systq
89710 200437 0 0 3 0x40014200 bored softclock
45319 133152 0 0 3 0x40014200 idle0
1 330146 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}>