panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *388118 45991 0 0 0x4000000 0 syz-executor.5 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8067ce0a00,ffff80002f564f98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8067ce0a00,0,fffffd807e77f358,22,0,0,4570a739be81878) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807e77f2e0,fffffd8067ce0a00,fffffd8067ce0e00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b0d4d90,fffffd8067ce0e00,ffff80002f565210,0,0,0) at sosend+0x66d sendit(ffff80002a692ff0,3,ffff80002f5653a8,0,ffff80002f565398) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a692ff0,ffff80002f565550,ffff80002f5654a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff80002f565550) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6102643b780, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8067ce0a00,ffff80002f564f98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8067ce0a00,0,fffffd807e77f358,22,0,0,4570a739be81878) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807e77f2e0,fffffd8067ce0a00,fffffd8067ce0e00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b0d4d90,fffffd8067ce0e00,ffff80002f565210,0,0,0) at sosend+0x66d sendit(ffff80002a692ff0,3,ffff80002f5653a8,0,ffff80002f565398) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a692ff0,ffff80002f565550,ffff80002f5654a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff80002f565550) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6102643b780, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002f564de0 rbx 0x24 rdx 0xffff800000df2f40 rcx 0 rax 0xffff80002a692ff0 r8 0 r9 0x8080808080808080 r10 0x3c0c9eafeeca8323 r11 0x3d8798dc5e576629 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff812e439c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002f564dd0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.5) tid=388118 pid=45991 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a692000,0xffff80002a6deac0 process=0xffff80002c130020 user=0xffff80002f560000, vmspace=0xfffffd80698b6c70 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 2417 263076 50340 60928 2 0x10 syz-executor.0 2417 265131 50340 60928 2 0x4000010 syz-executor.0 45991 442765 99569 0 2 0 syz-executor.5 *45991 388118 99569 0 7 0x4000000 syz-executor.5 71744 372589 33173 0 2 0 syz-executor.3 98420 134685 93919 0 2 0 syz-executor.2 98420 100251 93919 0 3 0x4000080 fsleep syz-executor.2 98420 412168 93919 0 3 0x4000080 nanoslp syz-executor.2 7238 447163 53610 0 2 0x10 syz-executor.6 7238 350290 53610 0 3 0x4000090 fsleep syz-executor.6 7238 245077 53610 0 3 0x4000090 fsleep syz-executor.6 50340 129779 76856 0 3 0x82 nanoslp syz-executor.0 5997 255130 76856 0 2 0x2 syz-executor.1 7684 224098 76856 0 3 0x82 nanoslp syz-executor.4 33173 163106 76856 0 3 0x82 nanoslp syz-executor.3 11070 56982 76856 0 2 0x482 syz-executor.7 93919 495804 76856 0 2 0x482 syz-executor.2 27825 25606 1 0 3 0x100083 ttyin getty 71052 43343 0 0 3 0x14280 nfsidl nfsio 18796 161865 0 0 3 0x14280 nfsidl nfsio 54562 185462 0 0 3 0x14280 nfsidl nfsio 26396 453987 0 0 3 0x14280 nfsidl nfsio 78244 365798 0 0 3 0x14280 nfsidl nfsio 56448 332600 0 0 3 0x14280 nfsidl nfsio 8613 437378 0 0 3 0x14280 nfsidl nfsio 6683 496784 0 0 3 0x14280 nfsidl nfsio 35266 434007 0 0 3 0x14280 nfsidl nfsio 36696 481953 0 0 3 0x14280 nfsidl nfsio 38057 484236 0 0 3 0x14280 nfsidl nfsio 13134 507885 0 0 3 0x14280 nfsidl nfsio 91962 35334 0 0 3 0x14280 nfsidl nfsio 19775 281229 0 0 3 0x14280 nfsidl nfsio 53563 158612 0 0 3 0x14280 nfsidl nfsio 44675 88255 0 0 3 0x14280 nfsidl nfsio 94355 237127 0 0 3 0x14280 nfsidl nfsio 63642 381320 0 0 3 0x14280 nfsidl nfsio 59075 84824 0 0 3 0x14280 nfsidl nfsio 22920 225484 0 0 3 0x14280 nfsidl nfsio 95287 462535 0 0 3 0x14200 acct acct 99569 360493 76856 0 3 0x82 nanoslp syz-executor.5 53610 14043 76856 0 2 0x482 syz-executor.6 87514 250307 0 0 3 0x14200 bored sosplice 76856 300686 71344 0 3 0x2000082 thrsleep syz-fuzzer 76856 117612 71344 0 3 0x6000082 nanoslp syz-fuzzer 76856 391109 71344 0 3 0x6000082 thrsleep syz-fuzzer 76856 73154 71344 0 3 0x6000082 wait syz-fuzzer 76856 254130 71344 0 3 0x6000082 thrsleep syz-fuzzer 76856 249091 71344 0 3 0x6000082 wait syz-fuzzer 76856 363670 71344 0 3 0x6000082 kqread syz-fuzzer 76856 57 71344 0 3 0x6000082 wait syz-fuzzer 76856 453799 71344 0 3 0x6000082 wait syz-fuzzer 76856 52896 71344 0 3 0x6000082 wait syz-fuzzer 76856 438291 71344 0 3 0x6000082 thrsleep syz-fuzzer 76856 443776 71344 0 3 0x6000082 wait syz-fuzzer 76856 308230 71344 0 3 0x6000082 wait syz-fuzzer 76856 180256 71344 0 3 0x6000082 wait syz-fuzzer 71344 336651 32991 0 3 0x10008a sigsusp ksh 32991 132792 89635 0 3 0x9a kqread sshd 89635 106089 1 0 3 0x88 kqread sshd 76182 32643 93492 73 3 0x1100090 kqread syslogd 93492 269741 1 0 3 0x100082 netio syslogd 20932 347703 1 0 3 0x100080 kqread resolvd 49771 105675 71029 77 3 0x100092 kqread dhcpleased 76729 164556 71029 77 3 0x100092 kqread dhcpleased 71029 265163 1 0 3 0x80 kqread dhcpleased 95540 471882 0 0 3 0x14200 bored smr 7599 465612 0 0 2 0x14200 zerothread 43001 60147 0 0 3 0x14200 aiodoned aiodoned 36916 375109 0 0 3 0x14200 syncer update 28428 511903 0 0 3 0x14200 cleaner cleaner 68093 397385 0 0 3 0x14200 reaper reaper 82366 73425 0 0 3 0x14200 pgdaemon pagedaemon 32859 376852 0 0 3 0x14200 bored viomb 15194 442413 0 0 3 0x40014200 acpi0 acpi0 11006 266587 0 0 3 0x14200 bored softnet3 9946 451915 0 0 3 0x14200 bored softnet2 89506 326829 0 0 3 0x14200 bored softnet1 33093 300007 0 0 3 0x14200 bored softnet0 98493 412339 0 0 3 0x14200 bored systqmp 60221 76626 0 0 3 0x14200 bored systq 95664 59344 0 0 2 0x40014200 softclock 7910 378369 0 0 3 0x40014200 idle0 1 314890 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10188 6426K 7483K 166960K 23630 0 pcb 15 17K 19K 166960K 1070 0 rtable 235 15K 15K 166960K 1287 0 pf 33 9K 10K 166960K 233 0 ifaddr 43 12K 12K 166960K 190 0 ifgroup 58 2K 2K 166960K 370 0 sysctl 4 1K 1K 166960K 6 0 counters 32 17K 17K 166960K 116 0 ioctlops 0 0K 2K 166960K 445 0 iov 0 0K 34K 166960K 721 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1602 100K 101K 166960K 4924 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 93 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 1156 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 73K 166960K 5928 0 sigio 1 0K 0K 166960K 102 0 proc 58 59K 75K 166960K 1168 0 subproc 104 6K 6K 166960K 332 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 523 0 in_multi 94 6K 7K 166960K 331 0 ether_multi 1 0K 0K 166960K 4 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 1739 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 345 88K 97K 166960K 56255 0 UVM aobj 131 4K 4K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 876 0 NDP 13 0K 2K 166960K 148 0 temp 74 6764K 7404K 166960K 45582 0 kqueue 12 18K 24K 166960K 377 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 348 0 345 3 0 3 3 0 8 2 rtentry 112 349 0 243 4 0 4 4 0 8 0 unpcb 144 4320 0 4305 8 0 8 8 0 8 7 syncache 336 62 0 62 1 0 1 1 0 8 1 tcpqe 32 147 0 147 1 0 1 1 0 8 1 tcpcb 808 2907 0 2881 16 6 10 16 0 8 6 arp 88 60 0 44 1 0 1 1 0 8 0 ipq 40 10 0 9 1 0 1 1 0 8 0 ipqe 40 34 0 33 1 0 1 1 0 8 0 inpcb 360 5877 0 5847 26 16 10 20 0 8 6 nd6 104 82 0 57 1 0 1 1 0 8 0 pkpcb 40 23 0 23 1 0 1 1 0 8 1 kcovpl 48 25 0 17 1 0 1 1 0 8 0 ppxss 1072 28 0 28 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1346 0 868 30 0 30 30 0 8 0 art_table 32 1347 0 868 4 0 4 4 0 8 0 art_node 16 337 0 240 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 14 1 0 1 1 0 8 1 semapl 112 1154 0 1144 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 9253 0 7798 92 0 92 92 0 8 0 ffsino 240 9253 0 7798 86 0 86 86 0 8 0 nchpl 144 17392 0 15748 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 60088 0 60087 3 0 3 3 0 8 2 vcpupl 2048 4 0 0 1 0 1 1 0 8 0 vmpool 664 70 0 66 1 0 1 1 0 8 0 kstatmem 264 194 0 168 2 0 2 2 0 8 0 scxspl 216 49883 0 49883 8 0 8 8 1 8 8 plimitpl 152 676 0 661 1 0 1 1 0 8 0 sigapl 424 6215 0 6149 8 0 8 8 0 8 0 futexpl 64 58022 0 58019 1 0 1 1 0 8 0 knotepl 120 56749 0 56666 11 0 11 11 0 8 7 kqueuepl 184 1164 0 1156 7 0 7 7 0 8 6 pipepl 288 1262 0 1234 9 0 9 9 0 8 5 fdescpl 432 6177 0 6151 4 0 4 4 0 8 0 filepl 120 38467 0 38228 19 2 17 18 0 8 5 lockfpl 104 2020 0 2017 2 0 2 2 0 8 1 lockfspl 48 605 0 602 1 0 1 1 0 8 0 sessionpl 144 44 0 28 1 0 1 1 0 8 0 pgrppl 48 138 0 122 1 0 1 1 0 8 0 ucredpl 104 4598 0 4583 1 0 1 1 0 8 0 zombiepl 144 6151 0 6149 1 0 1 1 0 8 0 processpl 1072 6215 0 6149 5 0 5 5 0 8 0 procpl 680 14867 0 14782 9 0 9 9 0 8 1 sosppl 168 73 0 72 1 0 1 1 0 8 0 sockpl 488 10585 0 10537 147 123 24 31 0 8 16 mcl64k 65536 256 0 256 1 0 1 1 0 8 1 mcl16k 16384 140 0 140 1 0 1 1 0 8 1 mcl12k 12288 211 0 211 1 0 1 1 0 8 1 mcl9k 9216 116 0 116 1 0 1 1 0 8 1 mcl8k 8192 419 0 418 1 0 1 1 0 8 0 mcl4k 4096 789 0 789 4 0 4 4 0 8 4 mcl2k2 2112 33 0 33 1 0 1 1 0 8 1 mcl2k 2048 83653 0 83601 28 15 13 28 0 8 5 mtagpl 96 1605 0 1215 15 0 15 15 0 8 4 mbufpl 256 186113 0 185605 210 164 46 79 0 8 8 bufpl 280 13947 0 7554 457 0 457 457 0 8 0 anonpl 24 695554 0 680632 114 0 114 114 0 188 20 amapchunkpl 152 177900 0 177065 41 0 41 41 0 158 5 amappl16 200 15000 0 14541 52 20 32 38 0 8 7 amappl15 192 48 0 47 1 0 1 1 0 8 0 amappl14 184 212 0 200 2 0 2 2 0 8 0 amappl13 176 15 0 14 1 0 1 1 0 8 0 amappl12 168 7055 0 7030 2 0 2 2 0 8 0 amappl11 160 54 0 44 1 0 1 1 0 8 0 amappl10 152 43 0 34 1 0 1 1 0 8 0 amappl9 144 191 0 190 1 0 1 1 0 8 0 amappl8 136 347 0 276 3 0 3 3 0 8 0 amappl7 128 229 0 202 2 0 2 2 0 8 0 amappl6 120 536 0 525 1 0 1 1 0 8 0 amappl5 112 233 0 225 1 0 1 1 0 8 0 amappl4 104 620 0 597 2 0 2 2 0 8 1 amappl3 96 35841 0 35762 3 0 3 3 0 8 0 amappl2 88 6971 0 6900 3 0 3 3 0 8 1 amappl1 80 31588 0 31084 22 3 19 22 0 8 8 amappl 88 55438 0 55222 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 6247 0 6217 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6247 0 6217 1 0 1 1 0 8 0 vmmpekpl 168 47159 0 47093 4 0 4 4 0 8 0 vmmpepl 168 381368 0 379170 130 0 130 130 0 357 19 vmsppl 352 6246 0 6217 4 0 4 4 0 8 1 rwobjpl 24 99038 0 91513 48 0 48 48 0 8 1 pdppl 4096 12500 0 12438 291 223 68 70 0 8 6 pvpl 32 1783640 0 1763154 362 15 347 362 0 265 173 pmappl 216 6246 0 6217 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 790 0 408 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8067ce0a00,ffff80002f564f98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8067ce0a00,0,fffffd807e77f358,22,0,0,4570a739be81878) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807e77f2e0,fffffd8067ce0a00,fffffd8067ce0e00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b0d4d90,fffffd8067ce0e00,ffff80002f565210,0,0,0) at sosend+0x66d sendit(ffff80002a692ff0,3,ffff80002f5653a8,0,ffff80002f565398) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a692ff0,ffff80002f565550,ffff80002f5654a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff80002f565550) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6102643b780, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8067ce0a00,ffff80002f564f98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8067ce0a00,0,fffffd807e77f358,22,0,0,4570a739be81878) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807e77f2e0,fffffd8067ce0a00,fffffd8067ce0e00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b0d4d90,fffffd8067ce0e00,ffff80002f565210,0,0,0) at sosend+0x66d sendit(ffff80002a692ff0,3,ffff80002f5653a8,0,ffff80002f565398) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a692ff0,ffff80002f565550,ffff80002f5654a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff80002f565550) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6102643b780, count: -10