panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *446636 26966 0 0 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f7be3) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80742db000,ffff800037865568,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80742db000,0,fffffd806766a1e8,22,0,0,339a8068655a7ab7) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806766a170,fffffd80742db000,fffffd80731b5400,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b781b88,fffffd80731b5400,ffff8000378657e0,0,0,0) at sosend+0x66d sendit(ffff80002db1e008,4,ffff800037865978,0,ffff800037865968) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002db1e008,ffff800037865b20,ffff800037865a70) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037865b20) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x79f7e2ad210, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f7be3) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80742db000,ffff800037865568,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80742db000,0,fffffd806766a1e8,22,0,0,339a8068655a7ab7) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806766a170,fffffd80742db000,fffffd80731b5400,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b781b88,fffffd80731b5400,ffff8000378657e0,0,0,0) at sosend+0x66d sendit(ffff80002db1e008,4,ffff800037865978,0,ffff800037865968) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002db1e008,ffff800037865b20,ffff800037865a70) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037865b20) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x79f7e2ad210, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000378653b0 rbx 0x24 rdx 0xffff800000dc97c0 rcx 0 rax 0xffff80002db1e008 r8 0x101010101010101 r9 0x8080808080808080 r10 0x4da38f93131f00f1 r11 0xc0f6b2ed86337029 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff81061a4c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000378653a0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.4) tid=446636 pid=26966 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002db1eaa8,0xffffffff82dae748 process=0xffff800035e261a0 user=0xffff800037860000, vmspace=0xfffffd80698a69b0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 26966 434413 61969 0 2 0 syz-executor.4 *26966 446636 61969 0 7 0x4000000 syz-executor.4 44784 296233 38112 0 3 0x80 nanoslp syz-executor.6 44784 320747 38112 0 3 0x4000080 netcon2 syz-executor.6 44784 454000 38112 0 3 0x4000080 fsleep syz-executor.6 10705 346062 50510 0 3 0x80 nanoslp syz-executor.5 10705 377069 50510 0 3 0x4000080 ttyout syz-executor.5 24920 330872 22469 0 3 0x80 nanoslp syz-executor.0 24920 102015 22469 0 3 0x4000080 kqpoll syz-executor.0 37807 97403 46322 0 3 0x80 nanoslp syz-executor.2 37807 58092 46322 0 3 0x4000080 fsleep syz-executor.2 37807 177878 46322 0 3 0x4000080 netio syz-executor.2 94007 199940 1 0 3 0x100083 ttyin getty 50510 11651 17534 0 3 0x82 nanoslp syz-executor.5 5662 146884 0 0 3 0x14200 acct acct 63342 247830 0 0 3 0x14200 bored sosplice 38112 122969 17534 0 3 0x82 nanoslp syz-executor.6 93201 325089 17534 0 3 0x82 nanoslp syz-executor.7 95143 135264 0 0 3 0x14280 nfsidl nfsio 67582 218841 0 0 3 0x14280 nfsidl nfsio 84790 57920 0 0 3 0x14280 nfsidl nfsio 86943 41634 0 0 3 0x14280 nfsidl nfsio 13547 196979 0 0 3 0x14280 nfsidl nfsio 67931 342463 0 0 3 0x14280 nfsidl nfsio 71542 522127 0 0 3 0x14280 nfsidl nfsio 56695 176668 0 0 3 0x14280 nfsidl nfsio 81717 502583 0 0 3 0x14280 nfsidl nfsio 22380 388408 0 0 3 0x14280 nfsidl nfsio 2840 168932 0 0 3 0x14280 nfsidl nfsio 64957 180319 0 0 3 0x14280 nfsidl nfsio 87403 343456 0 0 3 0x14280 nfsidl nfsio 38469 277727 0 0 3 0x14280 nfsidl nfsio 47572 20043 0 0 3 0x14280 nfsidl nfsio 73004 329819 0 0 3 0x14280 nfsidl nfsio 11420 328344 0 0 3 0x14280 nfsidl nfsio 96392 52313 0 0 3 0x14280 nfsidl nfsio 23921 466343 0 0 3 0x14280 nfsidl nfsio 97800 334878 0 0 3 0x14280 nfsidl nfsio 61969 49976 17534 0 3 0x82 nanoslp syz-executor.4 31116 339394 17534 0 2 0x2 syz-executor.1 46322 234377 17534 0 3 0x82 nanoslp syz-executor.2 22469 274673 17534 0 3 0x82 nanoslp syz-executor.0 28728 347235 17534 0 2 0x2 syz-executor.3 17534 276987 36051 0 3 0x2000082 wait syz-fuzzer 17534 166889 36051 0 3 0x6000082 nanoslp syz-fuzzer 17534 93818 36051 0 3 0x6000082 wait syz-fuzzer 17534 195448 36051 0 3 0x6000082 thrsleep syz-fuzzer 17534 416827 36051 0 3 0x6000082 wait syz-fuzzer 17534 324495 36051 0 3 0x6000082 wait syz-fuzzer 17534 452405 36051 0 3 0x6000082 thrsleep syz-fuzzer 17534 129572 36051 0 3 0x6000082 wait syz-fuzzer 17534 91988 36051 0 3 0x6000082 thrsleep syz-fuzzer 17534 84296 36051 0 3 0x6000082 wait syz-fuzzer 17534 362789 36051 0 3 0x6000082 thrsleep syz-fuzzer 17534 14370 36051 0 3 0x6000082 wait syz-fuzzer 17534 266813 36051 0 3 0x6000082 kqread syz-fuzzer 17534 13494 36051 0 3 0x6000082 wait syz-fuzzer 36051 407414 24731 0 3 0x10008a sigsusp ksh 24731 425394 41258 0 3 0x9a kqread sshd 41258 510096 1 0 3 0x88 kqread sshd 28663 282415 46733 73 3 0x1100090 kqread syslogd 46733 252804 1 0 3 0x100082 netio syslogd 44774 331329 1 0 3 0x100080 kqread resolvd 90200 455355 34095 77 3 0x100092 kqread dhcpleased 87629 434572 34095 77 3 0x100092 kqread dhcpleased 34095 190067 1 0 3 0x80 kqread dhcpleased 69391 80108 0 0 3 0x14200 bored smr 98218 412250 0 0 2 0x14200 zerothread 97991 96965 0 0 3 0x14200 aiodoned aiodoned 72145 19692 0 0 3 0x14200 syncer update 87591 220886 0 0 3 0x14200 cleaner cleaner 22988 339818 0 0 3 0x14200 reaper reaper 27763 482684 0 0 3 0x14200 pgdaemon pagedaemon 89229 371667 0 0 3 0x14200 bored viomb 1189 215337 0 0 3 0x40014200 acpi0 acpi0 19453 4571 0 0 3 0x14200 bored softnet3 20715 141740 0 0 3 0x14200 bored softnet2 32763 239197 0 0 3 0x14200 bored softnet1 80517 201516 0 0 3 0x14200 bored softnet0 68728 121436 0 0 3 0x14200 bored systqmp 52314 84096 0 0 3 0x14200 bored systq 35978 34596 0 0 3 0x40014200 tmoslp softclock 25706 178269 0 0 3 0x40014200 idle0 1 400784 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10185 6594K 6996K 166960K 13437 0 pcb 15 13K 14K 166960K 124 0 rtable 210 6K 6K 166960K 499 0 pf 27 8K 9K 166960K 50 0 ifaddr 39 10K 11K 166960K 65 0 ifgroup 46 2K 2K 166960K 83 0 sysctl 2 0K 0K 166960K 2 0 counters 29 17K 17K 166960K 39 0 ioctlops 0 0K 2K 166960K 78 0 iov 0 0K 16K 166960K 138 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1309 82K 82K 166960K 1823 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 17 0 VM map 2 1K 1K 166960K 2 0 sem 9 1K 1K 166960K 16 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 69K 166960K 1038 0 sigio 0 0K 0K 166960K 109 0 proc 57 59K 75K 166960K 586 0 subproc 104 6K 6K 166960K 143 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 30 0 in_multi 88 6K 7K 166960K 150 0 ether_multi 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 55 254K 254K 166960K 55 0 exec 0 0K 1K 166960K 537 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 330 85K 98K 166960K 11577 0 UVM aobj 45 2K 2K 166960K 45 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 46 0 NDP 10 0K 2K 166960K 42 0 temp 74 6764K 6828K 166960K 7004 0 kqueue 12 18K 26K 166960K 75 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 71 0 68 1 0 1 1 0 8 0 rtentry 112 167 0 69 4 0 4 4 0 8 0 unpcb 144 979 0 964 6 0 6 6 0 8 5 syncache 336 19 0 19 1 0 1 1 0 8 1 tcpqe 32 258 0 258 1 0 1 1 0 8 1 tcpcb 808 288 0 267 9 0 9 9 0 8 6 arp 88 33 0 17 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 4 0 3 1 0 1 1 0 8 0 inpcb 360 832 0 806 9 0 9 9 0 8 6 nd6 104 33 0 12 1 0 1 1 0 8 0 kcovpl 48 11 0 3 1 0 1 1 0 8 0 ppxss 1072 3 0 3 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 608 0 199 29 0 29 29 0 8 1 art_table 32 609 0 199 4 0 4 4 0 8 0 art_node 16 166 0 78 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 11 1 0 1 1 0 8 0 semupl 112 8 0 8 1 0 1 1 0 8 1 semapl 112 7 0 0 1 0 1 1 0 8 0 shmpl 112 42 0 0 2 0 2 2 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 2754 0 1316 91 0 91 91 0 8 0 ffsino 240 2754 0 1316 85 0 85 85 0 8 0 nchpl 144 4281 0 2647 63 0 63 63 0 8 0 uvmvnodes 80 3218 0 0 66 0 66 66 0 8 0 vnodes 216 3218 0 0 179 0 179 179 0 8 0 namei 1024 14778 0 14778 3 0 3 3 0 8 3 kstatmem 264 40 0 20 2 0 2 2 0 8 0 scxspl 216 13250 0 13250 8 0 8 8 1 8 8 plimitpl 152 118 0 102 1 0 1 1 0 8 0 sigapl 424 1354 0 1289 8 0 8 8 0 8 0 futexpl 64 9526 0 9524 1 0 1 1 0 8 0 knotepl 120 13235 0 13153 3 0 3 3 0 8 0 kqueuepl 184 171 0 162 4 0 4 4 0 8 3 pipepl 288 284 0 256 7 0 7 7 0 8 4 fdescpl 432 1316 0 1290 4 0 4 4 0 8 0 filepl 120 7097 0 6851 14 0 14 14 0 8 6 lockfpl 104 139 0 137 1 0 1 1 0 8 0 lockfspl 48 65 0 63 1 0 1 1 0 8 0 sessionpl 144 27 0 11 1 0 1 1 0 8 0 pgrppl 48 29 0 13 1 0 1 1 0 8 0 ucredpl 104 789 0 779 1 0 1 1 0 8 0 zombiepl 144 1290 0 1289 1 0 1 1 0 8 0 processpl 1072 1354 0 1289 5 0 5 5 0 8 0 procpl 680 2715 0 2630 9 0 9 9 0 8 1 sosppl 168 8 0 5 1 0 1 1 0 8 0 sockpl 488 1882 0 1838 26 11 15 26 0 8 8 mcl64k 65536 56 0 56 1 0 1 1 0 8 1 mcl16k 16384 27 0 27 1 0 1 1 0 8 1 mcl12k 12288 26 0 26 1 0 1 1 0 8 1 mcl9k 9216 20 0 20 1 0 1 1 0 8 1 mcl8k 8192 117 0 115 1 0 1 1 0 8 0 mcl4k 4096 121 0 121 1 0 1 1 0 8 1 mcl2k2 2112 6 0 6 1 0 1 1 0 8 1 mcl2k 2048 73027 0 72978 50 36 14 49 0 8 6 mtagpl 96 79 0 22 2 0 2 2 0 8 0 mbufpl 256 126372 0 126171 109 84 25 61 0 8 8 bufpl 280 5366 0 141 374 0 374 374 0 8 0 anonpl 24 270368 0 256733 106 0 106 106 0 188 10 amapchunkpl 152 37600 0 36746 41 0 41 41 0 158 5 amappl16 200 6971 0 6520 40 6 34 37 0 8 8 amappl15 192 38 0 35 1 0 1 1 0 8 0 amappl14 184 162 0 151 2 0 2 2 0 8 1 amappl13 176 10 0 10 1 0 1 1 0 8 1 amappl12 168 1984 0 1957 2 0 2 2 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 40 0 30 1 0 1 1 0 8 0 amappl9 144 181 0 179 1 0 1 1 0 8 0 amappl8 136 208 0 154 2 0 2 2 0 8 0 amappl7 128 168 0 150 2 0 2 2 0 8 0 amappl6 120 289 0 282 1 0 1 1 0 8 0 amappl5 112 131 0 123 1 0 1 1 0 8 0 amappl4 104 421 0 399 2 0 2 2 0 8 1 amappl3 96 7826 0 7741 3 0 3 3 0 8 0 amappl2 88 1819 0 1749 3 0 3 3 0 8 1 amappl1 80 13046 0 12540 22 4 18 22 0 8 7 amappl 88 11013 0 10789 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 44 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1316 0 1290 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1316 0 1290 1 0 1 1 0 8 0 vmmpekpl 168 15178 0 15123 3 0 3 3 0 8 0 vmmpepl 168 100643 0 98460 126 0 126 126 0 357 24 vmsppl 352 1315 0 1290 3 0 3 3 0 8 0 rwobjpl 24 34263 0 29550 29 0 29 29 0 8 0 pdppl 4096 2638 0 2580 142 78 64 66 0 8 6 pvpl 32 622202 0 602988 335 0 335 335 0 265 155 pmappl 216 1315 0 1290 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 546 0 198 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f7be3) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80742db000,ffff800037865568,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80742db000,0,fffffd806766a1e8,22,0,0,339a8068655a7ab7) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806766a170,fffffd80742db000,fffffd80731b5400,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b781b88,fffffd80731b5400,ffff8000378657e0,0,0,0) at sosend+0x66d sendit(ffff80002db1e008,4,ffff800037865978,0,ffff800037865968) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002db1e008,ffff800037865b20,ffff800037865a70) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037865b20) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x79f7e2ad210, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f7be3) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd80742db000,ffff800037865568,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd80742db000,0,fffffd806766a1e8,22,0,0,339a8068655a7ab7) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd806766a170,fffffd80742db000,fffffd80731b5400,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd806b781b88,fffffd80731b5400,ffff8000378657e0,0,0,0) at sosend+0x66d sendit(ffff80002db1e008,4,ffff800037865978,0,ffff800037865968) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002db1e008,ffff800037865b20,ffff800037865a70) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037865b20) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x79f7e2ad210, count: -10