panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 87618 19010 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8062ed5900,ffff8000343bb268,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8062ed5900,0,fffffd806ee42e88,22,0,0,f800a26d4ec5058f) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806ee42e10,fffffd8062ed5900,fffffd8062ed5600,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd807cd78010,fffffd8062ed5600,ffff8000343bb4e0,0,0,0) at sosend+0x66d sendit(ffff80002a667010,3,ffff8000343bb678,0,ffff8000343bb668) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a667010,ffff8000343bb820,ffff8000343bb770) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff8000343bb820) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb00d0d9dae0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8062ed5900,ffff8000343bb268,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8062ed5900,0,fffffd806ee42e88,22,0,0,f800a26d4ec5058f) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806ee42e10,fffffd8062ed5900,fffffd8062ed5600,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd807cd78010,fffffd8062ed5600,ffff8000343bb4e0,0,0,0) at sosend+0x66d sendit(ffff80002a667010,3,ffff8000343bb678,0,ffff8000343bb668) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a667010,ffff8000343bb820,ffff8000343bb770) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff8000343bb820) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb00d0d9dae0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000343bb0b0 rbx 0x24 rdx 0xffff800000dbfe40 rcx 0 rax 0xffff80002a667010 r8 0x101010101010101 r9 0x8080808080808080 r10 0xeb6ce5dbb613dd8f r11 0x56a2e96c123e1f72 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff818496ac db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000343bb0a0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) tid=87618 pid=19010 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=78, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a666d68,0xffffffff82d736d8 process=0xffff800037855d70 user=0xffff8000343b6000, vmspace=0xfffffd807bfb7060 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 19010 247411 55447 0 2 0 syz-executor.2 *19010 87618 55447 0 7 0x4000000 syz-executor.2 26032 328227 97800 0 2 0 syz-executor.1 55447 194945 93423 0 3 0x82 nanoslp syz-executor.2 65519 362045 93423 0 2 0x2 syz-executor.0 47344 275087 93423 0 3 0x82 nanoslp syz-executor.5 27571 214922 93423 0 2 0x2 syz-executor.7 19339 304981 0 0 3 0x14280 nfsidl nfsio 94237 477529 0 0 3 0x14280 nfsidl nfsio 95118 188173 0 0 3 0x14280 nfsidl nfsio 21351 25403 0 0 3 0x14280 nfsidl nfsio 52703 14910 0 0 3 0x14280 nfsidl nfsio 26540 92603 0 0 3 0x14280 nfsidl nfsio 37194 48857 0 0 3 0x14280 nfsidl nfsio 54607 409383 0 0 3 0x14280 nfsidl nfsio 54778 384066 0 0 3 0x14280 nfsidl nfsio 38226 228766 0 0 3 0x14280 nfsidl nfsio 42063 131070 0 0 3 0x14280 nfsidl nfsio 80215 316224 0 0 3 0x14280 nfsidl nfsio 88339 299879 0 0 3 0x14280 nfsidl nfsio 31704 390559 0 0 3 0x14280 nfsidl nfsio 14609 364627 0 0 3 0x14280 nfsidl nfsio 556 70963 0 0 3 0x14280 nfsidl nfsio 76367 205288 0 0 3 0x14280 nfsidl nfsio 39806 52949 0 0 3 0x14280 nfsidl nfsio 13188 410052 0 0 3 0x14280 nfsidl nfsio 95547 322549 0 0 3 0x14280 nfsidl nfsio 97800 262414 93423 0 3 0x82 nanoslp syz-executor.1 16425 97507 93423 0 2 0x2 syz-executor.6 3040 109490 1 0 3 0x100083 ttyin getty 98345 33802 93423 0 3 0x82 nanoslp syz-executor.3 39279 399108 93423 0 2 0x2 syz-executor.4 99470 68406 0 0 3 0x14200 bored sosplice 93423 3197 32189 0 3 0x2000082 wait syz-fuzzer 93423 196818 32189 0 3 0x6000082 nanoslp syz-fuzzer 93423 304924 32189 0 3 0x6000082 wait syz-fuzzer 93423 452279 32189 0 3 0x6000082 wait syz-fuzzer 93423 449776 32189 0 3 0x6000082 thrsleep syz-fuzzer 93423 64120 32189 0 3 0x6000082 kqread syz-fuzzer 93423 362034 32189 0 3 0x6000082 thrsleep syz-fuzzer 93423 128025 32189 0 3 0x6000082 wait syz-fuzzer 93423 435709 32189 0 3 0x6000082 thrsleep syz-fuzzer 93423 423982 32189 0 3 0x6000082 wait syz-fuzzer 93423 241838 32189 0 3 0x6000082 thrsleep syz-fuzzer 93423 265768 32189 0 3 0x6000082 wait syz-fuzzer 93423 84432 32189 0 3 0x6000082 wait syz-fuzzer 93423 68359 32189 0 3 0x6000082 wait syz-fuzzer 93423 446058 32189 0 3 0x6000082 thrsleep syz-fuzzer 32189 405178 89348 0 3 0x10008a sigsusp ksh 89348 242430 65303 0 3 0x9a kqread sshd 65303 492913 1 0 3 0x88 kqread sshd 73119 485780 18372 73 3 0x1100090 kqread syslogd 18372 274930 1 0 3 0x100082 netio syslogd 73872 247685 1 0 3 0x100080 kqread resolvd 68497 507891 61682 77 3 0x100092 kqread dhcpleased 53928 280436 61682 77 3 0x100092 kqread dhcpleased 61682 340372 1 0 3 0x80 kqread dhcpleased 20701 484222 0 0 3 0x14200 bored smr 58670 468201 0 0 2 0x14200 zerothread 74001 344071 0 0 3 0x14200 aiodoned aiodoned 26874 134918 0 0 3 0x14200 syncer update 90678 283876 0 0 3 0x14200 cleaner cleaner 37040 303370 0 0 3 0x14200 reaper reaper 89903 184757 0 0 3 0x14200 pgdaemon pagedaemon 97877 285575 0 0 3 0x14200 bored viomb 34832 331387 0 0 3 0x40014200 acpi0 acpi0 60681 493815 0 0 3 0x14200 bored softnet3 76494 506589 0 0 3 0x14200 bored softnet2 62077 324150 0 0 3 0x14200 bored softnet1 38462 433157 0 0 3 0x14200 bored softnet0 53283 29786 0 0 3 0x14200 bored systqmp 62328 479346 0 0 3 0x14200 bored systq 14249 8151 0 0 3 0x40014200 tmoslp softclock 61952 270747 0 0 3 0x40014200 idle0 1 493085 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10197 6421K 7544K 166960K 30464 0 pcb 15 22K 27K 166960K 1619 0 rtable 156 13K 16K 166960K 1821 0 pf 27 8K 10K 166960K 258 0 ifaddr 34 10K 12K 166960K 248 0 ifgroup 46 2K 2K 166960K 403 0 sysctl 4 1K 3K 166960K 10 0 counters 29 17K 17K 166960K 133 0 ioctlops 0 0K 2K 166960K 803 0 iov 0 0K 34K 166960K 1165 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1478 92K 93K 166960K 7789 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 139 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 1637 0 dirhash 12 2K 2K 166960K 75 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 13 45K 73K 166960K 10663 0 sigio 0 0K 0K 166960K 390 0 proc 61 59K 75K 166960K 1638 0 subproc 104 6K 7K 166960K 471 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1343 0 in_multi 55 4K 7K 166960K 507 0 ether_multi 1 0K 0K 166960K 15 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 2493 0 pfkey data 0 0K 0K 166960K 13 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 419 444K 452K 166960K 99815 0 UVM aobj 131 8K 8K 166960K 134 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 343 0 NDP 10 0K 1K 166960K 188 0 temp 74 6764K 7404K 166960K 98091 0 kqueue 12 18K 30K 166960K 844 0 SYN cache 2 104K 112K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 486 0 483 5 2 3 3 0 8 2 rtentry 112 529 0 464 4 1 3 4 0 8 0 unpcb 144 8454 0 8441 19 13 6 8 0 8 5 syncache 336 91 0 91 4 3 1 1 0 8 1 tcpqe 32 212 0 212 4 3 1 1 0 8 1 tcpcb 808 3292 0 3287 45 36 9 15 0 8 8 arp 88 81 0 72 1 0 1 1 0 8 0 ipq 40 49 0 49 2 1 1 1 0 8 1 ipqe 40 104 0 104 2 1 1 1 0 8 1 inpcb 360 10061 0 10052 93 84 9 17 0 8 8 nd6 104 116 0 104 1 0 1 1 0 8 0 pkpcb 40 124 0 124 3 2 1 1 0 8 1 kcovpl 48 36 0 28 1 0 1 1 0 8 0 ppxss 1072 41 0 41 4 3 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1878 0 1586 35 11 24 30 0 8 2 art_table 32 1879 0 1586 4 0 4 4 0 8 0 art_node 16 457 0 398 1 0 1 1 0 8 0 sysvmsgpl 40 36 0 12 1 0 1 1 0 8 0 semapl 112 1635 0 1625 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 59 0 42 3 0 3 3 0 8 0 dino2pl 256 15962 0 14455 95 0 95 95 0 8 0 ffsino 240 15962 0 14455 90 0 90 90 0 8 0 nchpl 144 30562 0 28925 63 1 62 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 103393 0 103391 6 4 2 3 0 8 1 vcpupl 2048 145 0 0 19 0 19 19 0 8 0 vmpool 664 156 0 11 13 0 13 13 0 8 0 kstatmem 264 228 0 208 2 0 2 2 0 8 0 scxspl 216 95749 0 95749 15 11 4 8 1 8 4 plimitpl 152 706 0 691 1 0 1 1 0 8 0 sigapl 424 10971 0 10909 9 1 8 8 0 8 0 futexpl 64 97738 0 97738 1 0 1 1 0 8 1 knotepl 120 96426 0 96344 13 9 4 11 0 8 1 kqueuepl 184 2724 0 2716 16 10 6 6 0 8 5 pipepl 288 2073 0 2045 17 8 9 9 0 8 6 fdescpl 432 10893 0 10869 4 0 4 4 0 8 0 filepl 120 68061 0 67823 34 18 16 19 0 8 7 lockfpl 104 3678 0 3676 3 1 2 2 0 8 1 lockfspl 48 1227 0 1225 1 0 1 1 0 8 0 sessionpl 144 54 0 38 1 0 1 1 0 8 0 pgrppl 48 225 0 209 1 0 1 1 0 8 0 ucredpl 104 9687 0 9673 1 0 1 1 0 8 0 zombiepl 144 10911 0 10909 1 0 1 1 0 8 0 processpl 1072 10971 0 10909 5 0 5 5 0 8 0 procpl 680 26885 0 26808 12 2 10 10 0 8 2 sosppl 168 144 0 144 3 2 1 1 0 8 1 sockpl 488 19146 0 19121 375 362 13 31 0 8 9 mcl64k 65536 394 0 394 4 3 1 1 0 8 1 mcl16k 16384 216 0 216 4 3 1 1 0 8 1 mcl12k 12288 405 0 405 4 3 1 1 0 8 1 mcl9k 9216 191 0 191 4 3 1 1 0 8 1 mcl8k 8192 956 0 955 3 2 1 1 0 8 0 mcl4k 4096 1188 0 1188 7 6 1 3 0 8 1 mcl2k2 2112 73 0 73 4 3 1 1 0 8 1 mcl2k 2048 93790 0 93745 53 44 9 44 0 8 2 mtagpl 96 1642 0 1471 14 4 10 10 0 8 2 mbufpl 256 272281 0 272028 925 885 40 514 0 8 8 bufpl 280 26904 0 20508 458 0 458 458 0 8 0 anonpl 24 1113105 0 1098848 164 51 113 113 0 188 17 amapchunkpl 152 316338 0 315531 49 9 40 43 0 158 1 amappl16 200 22385 0 21866 87 53 34 38 0 8 5 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 234 0 222 2 1 1 2 0 8 0 amappl13 176 32 0 31 1 0 1 1 0 8 0 amappl12 168 11950 0 11922 2 0 2 2 0 8 0 amappl11 160 51 0 41 1 0 1 1 0 8 0 amappl10 152 57 0 47 1 0 1 1 0 8 0 amappl9 144 135 0 134 2 1 1 1 0 8 0 amappl8 136 480 0 396 4 0 4 4 0 8 0 amappl7 128 263 0 238 2 0 2 2 0 8 0 amappl6 120 780 0 765 1 0 1 1 0 8 0 amappl5 112 325 0 315 1 0 1 1 0 8 0 amappl4 104 698 0 674 2 1 1 2 0 8 0 amappl3 96 63017 0 62941 3 0 3 3 0 8 0 amappl2 88 11924 0 11851 3 1 2 3 0 8 0 amappl1 80 48738 0 48239 21 8 13 21 0 8 0 amappl 88 98788 0 98552 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 11049 0 10880 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 11049 0 10880 2 0 2 2 0 8 0 vmmpekpl 168 78263 0 78175 5 0 5 5 0 8 0 vmmpepl 168 654092 0 651758 210 68 142 142 0 357 23 vmsppl 352 11048 0 10880 16 0 16 16 0 8 0 rwobjpl 24 157473 0 149852 49 1 48 48 0 8 0 pdppl 4096 22104 0 21905 707 500 207 209 0 8 8 pvpl 32 2931252 0 2911864 384 182 202 287 0 265 29 pmappl 216 11048 0 10880 10 0 10 10 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2033 0 1509 26 10 16 24 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8062ed5900,ffff8000343bb268,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8062ed5900,0,fffffd806ee42e88,22,0,0,f800a26d4ec5058f) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806ee42e10,fffffd8062ed5900,fffffd8062ed5600,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd807cd78010,fffffd8062ed5600,ffff8000343bb4e0,0,0,0) at sosend+0x66d sendit(ffff80002a667010,3,ffff8000343bb678,0,ffff8000343bb668) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a667010,ffff8000343bb820,ffff8000343bb770) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff8000343bb820) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb00d0d9dae0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8062ed5900,ffff8000343bb268,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8062ed5900,0,fffffd806ee42e88,22,0,0,f800a26d4ec5058f) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806ee42e10,fffffd8062ed5900,fffffd8062ed5600,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd807cd78010,fffffd8062ed5600,ffff8000343bb4e0,0,0,0) at sosend+0x66d sendit(ffff80002a667010,3,ffff8000343bb678,0,ffff8000343bb668) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a667010,ffff8000343bb820,ffff8000343bb770) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff8000343bb820) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb00d0d9dae0, count: -10