panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *185440 78207 0 0 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80709a9f00,ffff800035c23658,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80709a9f00,0,fffffd8070710e88,22,0,0,e4f19594974cfa27) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd8070710e10,fffffd80709a9f00,fffffd80709a9b00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8071c58228,fffffd80709a9b00,ffff800035c238d0,0,0,0) at sosend+0x66d sendit(ffff80002a69e2a8,3,ffff800035c23a68,0,ffff800035c23a58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a69e2a8,ffff800035c23c10,ffff800035c23b60) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800035c23c10) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4bb85c43fc0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80709a9f00,ffff800035c23658,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80709a9f00,0,fffffd8070710e88,22,0,0,e4f19594974cfa27) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd8070710e10,fffffd80709a9f00,fffffd80709a9b00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8071c58228,fffffd80709a9b00,ffff800035c238d0,0,0,0) at sosend+0x66d sendit(ffff80002a69e2a8,3,ffff800035c23a68,0,ffff800035c23a58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a69e2a8,ffff800035c23c10,ffff800035c23b60) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800035c23c10) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4bb85c43fc0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800035c234a0 rbx 0x24 rdx 0xffff800000e0f7c0 rcx 0 rax 0xffff80002a69e2a8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xb9ffc58f61e06889 r11 0x982dffcd2143c14f r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff812e439c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800035c23490 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.4) tid=185440 pid=78207 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a69eaa0,0xffff80002a69f7f8 process=0xffff800035bfd940 user=0xffff800035c1e000, vmspace=0xfffffd8068957dd8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 70321 291696 86489 0 2 0 syz-executor.5 70321 102283 86489 0 3 0x4000080 fsleep syz-executor.5 39882 48348 30386 0 2 0 syz-executor.2 39882 79451 30386 0 3 0x4000080 fsleep syz-executor.2 3222 313673 65697 0 2 0 syz-executor.0 3222 53706 65697 0 3 0x4000080 fsleep syz-executor.0 78207 225860 38566 0 2 0 syz-executor.4 *78207 185440 38566 0 7 0x4000000 syz-executor.4 1758 82194 11454 0 2 0 syz-executor.7 1758 374646 11454 0 3 0x4000080 nanoslp syz-executor.7 6801 512817 77138 60928 2 0x10 syz-executor.3 6801 349836 77138 60928 3 0x4000090 fsleep syz-executor.3 86489 511086 16179 0 3 0x82 nanoslp syz-executor.5 77138 43994 16179 0 3 0x82 nanoslp syz-executor.3 85202 222748 16179 0 2 0x2 syz-executor.1 7180 75539 0 0 3 0x14280 nfsidl nfsio 77174 463645 0 0 3 0x14280 nfsidl nfsio 52770 482582 0 0 3 0x14280 nfsidl nfsio 41360 93458 0 0 3 0x14280 nfsidl nfsio 44258 83091 0 0 3 0x14280 nfsidl nfsio 44803 116905 0 0 3 0x14280 nfsidl nfsio 47706 510592 0 0 3 0x14280 nfsidl nfsio 84708 133155 0 0 3 0x14280 nfsidl nfsio 48703 438170 0 0 3 0x14280 nfsidl nfsio 98905 505944 0 0 3 0x14280 nfsidl nfsio 69708 178144 0 0 3 0x14280 nfsidl nfsio 79879 207699 0 0 3 0x14280 nfsidl nfsio 55519 194778 0 0 3 0x14280 nfsidl nfsio 79960 320677 0 0 3 0x14280 nfsidl nfsio 28023 355413 0 0 3 0x14280 nfsidl nfsio 832 102338 0 0 3 0x14280 nfsidl nfsio 42410 399673 0 0 3 0x14280 nfsidl nfsio 23216 413005 0 0 3 0x14280 nfsidl nfsio 7703 234206 0 0 3 0x14280 nfsidl nfsio 18116 53124 0 0 3 0x14280 nfsidl nfsio 30386 369972 16179 0 3 0x82 nanoslp syz-executor.2 38566 7859 16179 0 3 0x82 nanoslp syz-executor.4 11454 248990 16179 0 3 0x82 nanoslp syz-executor.7 14385 470031 0 0 3 0x14200 bored sosplice 20218 197228 16179 0 2 0x2 syz-executor.6 65697 196187 16179 0 3 0x82 nanoslp syz-executor.0 16179 293479 54696 0 3 0x2000082 wait syz-fuzzer 16179 326369 54696 0 3 0x6000082 nanoslp syz-fuzzer 16179 117125 54696 0 3 0x6000082 wait syz-fuzzer 16179 474584 54696 0 3 0x6000082 thrsleep syz-fuzzer 16179 287660 54696 0 3 0x6000082 wait syz-fuzzer 16179 451560 54696 0 3 0x6000082 thrsleep syz-fuzzer 16179 476596 54696 0 3 0x6000082 thrsleep syz-fuzzer 16179 80777 54696 0 3 0x6000082 wait syz-fuzzer 16179 469081 54696 0 3 0x6000082 kqread syz-fuzzer 16179 96726 54696 0 3 0x6000082 wait syz-fuzzer 16179 263449 54696 0 3 0x6000082 thrsleep syz-fuzzer 16179 387921 54696 0 3 0x6000082 wait syz-fuzzer 16179 403005 54696 0 3 0x6000082 wait syz-fuzzer 16179 357533 54696 0 3 0x6000082 wait syz-fuzzer 54696 515543 52619 0 3 0x10008a sigsusp ksh 52619 430350 43509 0 3 0x9a kqread sshd 20491 420283 1 0 3 0x100083 ttyin getty 43509 236010 1 0 3 0x88 kqread sshd 87223 194620 75588 73 3 0x1100090 kqread syslogd 75588 262336 1 0 3 0x100082 netio syslogd 74138 145557 1 0 3 0x100080 kqread resolvd 58665 33084 51276 77 3 0x100092 kqread dhcpleased 35362 259692 51276 77 3 0x100092 kqread dhcpleased 51276 314516 1 0 3 0x80 kqread dhcpleased 6275 330277 0 0 3 0x14200 bored smr 60647 451783 0 0 2 0x14200 zerothread 78448 452182 0 0 3 0x14200 aiodoned aiodoned 261 491245 0 0 3 0x14200 syncer update 44234 337644 0 0 3 0x14200 cleaner cleaner 58611 298308 0 0 3 0x14200 reaper reaper 5457 19989 0 0 3 0x14200 pgdaemon pagedaemon 1100 83292 0 0 3 0x14200 bored viomb 51177 140832 0 0 3 0x40014200 acpi0 acpi0 41573 424498 0 0 3 0x14200 bored softnet3 49836 30928 0 0 3 0x14200 bored softnet2 80019 147239 0 0 3 0x14200 bored softnet1 67780 80019 0 0 3 0x14200 bored softnet0 64331 26603 0 0 3 0x14200 bored systqmp 19367 400265 0 0 3 0x14200 bored systq 39017 418483 0 0 3 0x40014200 tmoslp softclock 17580 192697 0 0 3 0x40014200 idle0 1 30317 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10186 6541K 7683K 166960K 20239 0 pcb 15 16K 18K 166960K 352 0 rtable 201 14K 15K 166960K 695 0 pf 31 9K 9K 166960K 102 0 ifaddr 38 10K 11K 166960K 106 0 ifgroup 54 2K 2K 166960K 153 0 sysctl 2 0K 0K 166960K 4 0 counters 31 17K 17K 166960K 65 0 ioctlops 0 0K 2K 166960K 280 0 iov 0 0K 34K 166960K 377 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1506 94K 94K 166960K 3714 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 39 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 480 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 16 57K 73K 166960K 3356 0 sigio 0 0K 0K 166960K 102 0 proc 58 59K 75K 166960K 744 0 subproc 104 6K 6K 166960K 195 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 109 0 in_multi 77 5K 7K 166960K 193 0 ether_multi 1 0K 0K 166960K 1 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 115 519K 519K 166960K 115 0 exec 0 0K 1K 166960K 893 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 338 133K 137K 166960K 32641 0 UVM aobj 131 4K 4K 166960K 137 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 147 0 NDP 12 0K 1K 166960K 77 0 temp 74 6764K 6843K 166960K 25557 0 kqueue 12 18K 26K 166960K 308 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 231 0 228 3 0 3 3 0 8 2 rtentry 112 226 0 137 4 0 4 4 0 8 0 unpcb 144 3049 0 3036 13 5 8 8 0 8 7 syncache 336 28 0 28 2 1 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 335 0 335 2 1 1 1 0 8 1 tcpcb 808 1125 0 1114 25 15 10 18 0 8 8 arp 88 43 0 28 1 0 1 1 0 8 0 ipq 40 3 0 3 1 0 1 1 0 8 1 ipqe 40 10 0 10 1 0 1 1 0 8 1 inpcb 360 3296 0 3280 26 16 10 17 0 8 8 nd6 104 46 0 28 1 0 1 1 0 8 0 pkpcb 40 3 0 3 1 0 1 1 0 8 1 kcovpl 48 15 0 7 1 0 1 1 0 8 0 ppxss 1072 20 0 20 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 852 0 471 30 0 30 30 0 8 1 art_table 32 853 0 471 4 0 4 4 0 8 0 art_node 16 222 0 142 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 9 1 0 1 1 0 8 0 semapl 112 478 0 468 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 5955 0 4503 92 0 92 92 0 8 0 ffsino 240 5955 0 4503 86 0 86 86 0 8 0 nchpl 144 10454 0 8807 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 35126 0 35126 3 2 1 3 0 8 1 vcpupl 2048 9 0 0 2 0 2 2 0 8 0 vmpool 664 9 0 0 1 0 1 1 0 8 0 kstatmem 264 92 0 68 2 0 2 2 0 8 0 scxspl 216 30149 0 30149 9 7 2 8 1 8 2 plimitpl 152 348 0 333 1 0 1 1 0 8 0 sigapl 424 3660 0 3596 8 0 8 8 0 8 0 futexpl 64 29990 0 29986 1 0 1 1 0 8 0 knotepl 120 33166 0 33084 11 0 11 11 0 8 7 kqueuepl 184 589 0 581 6 0 6 6 0 8 5 pipepl 288 557 0 528 8 3 5 5 0 8 2 fdescpl 432 3623 0 3596 4 0 4 4 0 8 0 filepl 120 22654 0 22415 19 4 15 15 0 8 4 lockfpl 104 1807 0 1804 2 0 2 2 0 8 1 lockfspl 48 761 0 758 1 0 1 1 0 8 0 sessionpl 144 30 0 14 1 0 1 1 0 8 0 pgrppl 48 72 0 56 1 0 1 1 0 8 0 ucredpl 104 3139 0 3128 1 0 1 1 0 8 0 zombiepl 144 3596 0 3596 1 0 1 1 0 8 1 processpl 1072 3660 0 3596 5 0 5 5 0 8 0 procpl 680 8475 0 8392 9 0 9 9 0 8 1 sosppl 168 22 0 19 2 1 1 1 0 8 0 sockpl 488 6582 0 6551 141 128 13 35 0 8 8 mcl64k 65536 156 0 156 2 1 1 1 0 8 1 mcl16k 16384 85 0 85 2 1 1 1 0 8 1 mcl12k 12288 136 0 136 2 1 1 1 0 8 1 mcl9k 9216 70 0 70 2 1 1 1 0 8 1 mcl8k 8192 612 0 611 2 1 1 1 0 8 0 mcl4k 4096 320 0 320 5 1 4 4 0 8 4 mcl2k2 2112 32 0 32 2 1 1 1 0 8 1 mcl2k 2048 77029 0 76967 46 36 10 40 0 8 1 mtagpl 96 1378 0 868 15 1 14 14 0 8 0 mbufpl 256 155514 0 154880 106 52 54 63 0 8 8 bufpl 280 9472 0 3080 457 0 457 457 0 8 0 anonpl 24 486173 0 473485 137 0 137 137 0 188 46 amapchunkpl 152 104431 0 103585 46 4 42 42 0 158 7 amappl16 200 11797 0 11376 51 19 32 48 0 8 8 amappl15 192 40 0 38 1 0 1 1 0 8 0 amappl14 184 171 0 161 2 1 1 2 0 8 0 amappl13 176 24 0 24 2 1 1 1 0 8 1 amappl12 168 4350 0 4321 2 0 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 30 0 21 1 0 1 1 0 8 0 amappl9 144 218 0 218 2 1 1 1 0 8 1 amappl8 136 261 0 199 3 0 3 3 0 8 0 amappl7 128 194 0 171 2 0 2 2 0 8 0 amappl6 120 385 0 372 1 0 1 1 0 8 0 amappl5 112 164 0 156 1 0 1 1 0 8 0 amappl4 104 498 0 473 2 1 1 2 0 8 0 amappl3 96 21002 0 20920 3 0 3 3 0 8 0 amappl2 88 4187 0 4114 3 1 2 3 0 8 0 amappl1 80 21373 0 20864 22 10 12 22 0 8 0 amappl 88 32008 0 31783 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 3632 0 3596 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3632 0 3596 1 0 1 1 0 8 0 vmmpekpl 168 29214 0 29161 3 0 3 3 0 8 0 vmmpepl 168 231729 0 229527 158 34 124 130 0 357 22 vmsppl 352 3631 0 3596 4 0 4 4 0 8 0 rwobjpl 24 66452 0 58969 49 0 49 49 0 8 3 pdppl 4096 7270 0 7201 220 147 73 75 0 8 4 pvpl 32 1175209 0 1156961 410 174 236 335 0 265 67 pmappl 216 3631 0 3596 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 647 0 262 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80709a9f00,ffff800035c23658,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80709a9f00,0,fffffd8070710e88,22,0,0,e4f19594974cfa27) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd8070710e10,fffffd80709a9f00,fffffd80709a9b00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8071c58228,fffffd80709a9b00,ffff800035c238d0,0,0,0) at sosend+0x66d sendit(ffff80002a69e2a8,3,ffff800035c23a68,0,ffff800035c23a58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a69e2a8,ffff800035c23c10,ffff800035c23b60) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800035c23c10) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4bb85c43fc0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80709a9f00,ffff800035c23658,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80709a9f00,0,fffffd8070710e88,22,0,0,e4f19594974cfa27) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd8070710e10,fffffd80709a9f00,fffffd80709a9b00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8071c58228,fffffd80709a9b00,ffff800035c238d0,0,0,0) at sosend+0x66d sendit(ffff80002a69e2a8,3,ffff800035c23a68,0,ffff800035c23a58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a69e2a8,ffff800035c23c10,ffff800035c23b60) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800035c23c10) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4bb85c43fc0, count: -10