panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *112149 5955 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8060b5be00,ffff800037808b58,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8060b5be00,0,fffffd807104e1f8,22,0,0,50b8052c049864aa) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807104e180,fffffd8060b5be00,fffffd8060b5bc00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067e8c5f8,fffffd8060b5bc00,ffff800037808dd0,0,0,0) at sosend+0x66d sendit(ffff80002a67b7e8,3,ffff800037808f68,0,ffff800037808f58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a67b7e8,ffff800037809110,ffff800037809060) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037809110) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8e57bbaf960, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8060b5be00,ffff800037808b58,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8060b5be00,0,fffffd807104e1f8,22,0,0,50b8052c049864aa) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807104e180,fffffd8060b5be00,fffffd8060b5bc00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067e8c5f8,fffffd8060b5bc00,ffff800037808dd0,0,0,0) at sosend+0x66d sendit(ffff80002a67b7e8,3,ffff800037808f68,0,ffff800037808f58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a67b7e8,ffff800037809110,ffff800037809060) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037809110) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8e57bbaf960, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000378089a0 rbx 0x24 rdx 0xffff800000db98c0 rcx 0 rax 0xffff80002a67b7e8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x510d649b1a998ec8 r11 0x51e8e1fe13fa9fbd r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff812e439c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800037808990 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) tid=112149 pid=5955 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a67aff0,0xffffffff82d6e2a8 process=0xffff8000329c2e30 user=0xffff800037804000, vmspace=0xfffffd806984c018 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 5955 154667 81361 0 2 0 syz-executor.1 * 5955 112149 81361 0 7 0x4000000 syz-executor.1 33740 193742 25995 0 2 0 syz-executor.5 33740 454069 25995 0 3 0x4000080 fsleep syz-executor.5 84303 205873 81526 0 3 0x80 nanoslp syz-executor.3 84303 200449 81526 0 3 0x4000080 netio syz-executor.3 84303 100958 81526 0 3 0x4000080 fsleep syz-executor.3 92466 212137 52502 0 2 0 syz-executor.2 92466 137911 52502 0 3 0x4000080 kqpoll syz-executor.2 51167 520130 56666 0 3 0x80 nanoslp syz-executor.6 51167 223673 56666 0 3 0x4000080 bell syz-executor.6 51167 492378 56666 0 3 0x4000080 fsleep syz-executor.6 72694 246848 0 0 3 0x14200 acct acct 46631 493269 0 0 3 0x14280 nfsidl nfsio 58962 264333 0 0 3 0x14280 nfsidl nfsio 27985 373029 0 0 3 0x14280 nfsidl nfsio 28971 353809 0 0 3 0x14280 nfsidl nfsio 87970 151331 0 0 3 0x14280 nfsidl nfsio 2687 245303 0 0 3 0x14280 nfsidl nfsio 73215 373814 0 0 3 0x14280 nfsidl nfsio 65306 412674 0 0 3 0x14280 nfsidl nfsio 37232 87235 0 0 3 0x14280 nfsidl nfsio 71819 311961 0 0 3 0x14280 nfsidl nfsio 38914 309040 0 0 3 0x14280 nfsidl nfsio 27142 482963 0 0 3 0x14280 nfsidl nfsio 72822 500749 0 0 3 0x14280 nfsidl nfsio 67003 214183 0 0 3 0x14280 nfsidl nfsio 63455 86566 0 0 3 0x14280 nfsidl nfsio 36308 441051 0 0 3 0x14280 nfsidl nfsio 89139 275609 0 0 3 0x14280 nfsidl nfsio 22655 512113 0 0 3 0x14280 nfsidl nfsio 34389 186148 0 0 3 0x14280 nfsidl nfsio 9367 172630 0 0 3 0x14280 nfsidl nfsio 71795 317170 0 0 3 0x14200 bored sosplice 56666 402283 18562 0 3 0x82 nanoslp syz-executor.6 25995 151324 18562 0 3 0x82 nanoslp syz-executor.5 7444 294172 18562 0 2 0x2 syz-executor.7 81526 489845 18562 0 3 0x82 nanoslp syz-executor.3 52502 345369 18562 0 3 0x82 nanoslp syz-executor.2 81361 209977 18562 0 3 0x82 nanoslp syz-executor.1 2537 189960 18562 0 3 0x82 nanoslp syz-executor.4 18562 15891 5779 0 3 0x2000082 wait syz-fuzzer 18562 107798 5779 0 3 0x6000082 nanoslp syz-fuzzer 18562 158543 5779 0 3 0x6000082 thrsleep syz-fuzzer 18562 451113 5779 0 3 0x6000082 wait syz-fuzzer 18562 366360 5779 0 3 0x6000082 wait syz-fuzzer 18562 243608 5779 0 3 0x6000082 wait syz-fuzzer 18562 41117 5779 0 3 0x6000082 wait syz-fuzzer 18562 309906 5779 0 3 0x6000082 thrsleep syz-fuzzer 18562 335396 5779 0 3 0x6000082 wait syz-fuzzer 18562 124615 5779 0 3 0x6000082 kqread syz-fuzzer 18562 51602 5779 0 3 0x6000082 thrsleep syz-fuzzer 18562 149630 5779 0 3 0x6000082 wait syz-fuzzer 18562 429853 5779 0 3 0x6000082 thrsleep syz-fuzzer 18562 214923 5779 0 3 0x6000082 thrsleep syz-fuzzer 5779 193244 53263 0 3 0x10008a sigsusp ksh 53263 381582 17008 0 3 0x9a kqread sshd 67210 461465 1 0 3 0x100083 ttyin getty 17008 372448 1 0 3 0x88 kqread sshd 87546 69800 19918 73 3 0x1100090 kqread syslogd 19918 192042 1 0 3 0x100082 netio syslogd 50387 77159 1 0 3 0x100080 kqread resolvd 48078 414709 74215 77 3 0x100092 kqread dhcpleased 4529 497597 74215 77 3 0x100092 kqread dhcpleased 74215 68049 1 0 3 0x80 kqread dhcpleased 65323 29348 0 0 3 0x14200 bored smr 62251 38028 0 0 2 0x14200 zerothread 55744 307192 0 0 3 0x14200 aiodoned aiodoned 27361 58781 0 0 3 0x14200 syncer update 99134 325139 0 0 3 0x14200 cleaner cleaner 31800 22800 0 0 3 0x14200 reaper reaper 2359 135510 0 0 3 0x14200 pgdaemon pagedaemon 71199 313199 0 0 3 0x14200 bored viomb 99502 309710 0 0 3 0x40014200 acpi0 acpi0 44352 160900 0 0 3 0x14200 bored softnet3 79090 365030 0 0 3 0x14200 bored softnet2 71608 505030 0 0 3 0x14200 bored softnet1 35836 208970 0 0 3 0x14200 bored softnet0 66936 94049 0 0 3 0x14200 bored systqmp 36582 471200 0 0 3 0x14200 bored systq 37786 134572 0 0 3 0x40014200 tmoslp softclock 19612 387163 0 0 3 0x40014200 idle0 1 343852 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10173 6412K 7580K 166960K 14169 0 pcb 16 14K 14K 166960K 123 0 rtable 176 13K 14K 166960K 447 0 pf 27 8K 9K 166960K 70 0 ifaddr 34 9K 11K 166960K 66 0 ifgroup 46 2K 2K 166960K 105 0 sysctl 3 0K 0K 166960K 3 0 counters 29 17K 17K 166960K 49 0 ioctlops 0 0K 2K 166960K 147 0 iov 0 0K 16K 166960K 176 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1408 88K 88K 166960K 2077 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 14 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 309 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 83K 166960K 1365 0 sigio 0 0K 0K 166960K 77 0 proc 57 59K 75K 166960K 513 0 subproc 91 5K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 38 0 in_multi 66 4K 7K 166960K 111 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 55 254K 254K 166960K 55 0 exec 0 0K 1K 166960K 429 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 317 128K 149K 166960K 14837 0 UVM aobj 64 2K 2K 166960K 66 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 18 0 NDP 10 0K 2K 166960K 46 0 temp 70 6763K 6836K 166960K 19033 0 kqueue 14 22K 24K 166960K 121 0 SYN cache 2 104K 112K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 66 0 63 1 0 1 1 0 8 0 rtentry 112 139 0 61 4 0 4 4 0 8 0 unpcb 144 885 0 872 9 5 4 6 0 8 3 syncache 336 28 0 28 2 1 1 1 0 8 1 tcpqe 32 141 0 141 1 1 0 1 0 8 0 tcpcb 808 315 0 304 8 6 2 8 0 8 0 arp 88 28 0 16 1 0 1 1 0 8 0 ipq 40 1 0 1 1 0 1 1 0 8 1 ipqe 40 67 0 67 1 0 1 1 0 8 1 inpcb 360 986 0 967 16 11 5 13 0 8 3 nd6 104 24 0 9 1 0 1 1 0 8 0 pkpcb 40 73 0 73 2 1 1 1 0 8 1 kcovpl 48 8 0 1 1 0 1 1 0 8 0 ppxss 1072 12 0 12 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 520 0 200 30 0 30 30 0 8 7 art_table 32 521 0 200 4 0 4 4 0 8 0 art_node 16 136 0 66 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 1 1 0 1 1 0 8 0 semapl 112 307 0 297 1 0 1 1 0 8 0 shmpl 112 63 0 2 2 0 2 2 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 3122 0 1684 91 0 91 91 0 8 0 ffsino 240 3122 0 1684 86 0 86 86 0 8 0 nchpl 144 5053 0 3413 63 0 63 63 0 8 0 uvmvnodes 80 3870 0 0 79 0 79 79 0 8 0 vnodes 216 3870 0 0 215 0 215 215 0 8 0 namei 1024 16827 0 16827 3 2 1 3 0 8 1 vcpupl 2048 9 0 0 2 0 2 2 0 8 0 vmpool 664 12 0 3 1 0 1 1 0 8 0 kstatmem 264 60 0 40 2 0 2 2 0 8 0 scxspl 216 16674 0 16674 8 7 1 8 1 8 1 plimitpl 152 206 0 191 1 0 1 1 0 8 0 sigapl 424 1684 0 1620 8 0 8 8 0 8 0 futexpl 64 12530 0 12527 1 0 1 1 0 8 0 knotepl 120 16322 0 16244 7 3 4 7 0 8 0 kqueuepl 184 210 0 200 3 2 1 3 0 8 0 pipepl 288 329 0 303 11 8 3 11 0 8 0 fdescpl 432 1646 0 1621 4 0 4 4 0 8 0 filepl 120 8234 0 8004 17 7 10 15 0 8 2 lockfpl 104 200 0 198 1 0 1 1 0 8 0 lockfspl 48 93 0 91 1 0 1 1 0 8 0 sessionpl 144 23 0 8 1 0 1 1 0 8 0 pgrppl 48 40 0 25 1 0 1 1 0 8 0 ucredpl 104 835 0 823 1 0 1 1 0 8 0 zombiepl 144 1621 0 1620 1 0 1 1 0 8 0 processpl 1072 1684 0 1620 5 0 5 5 0 8 0 procpl 680 3624 0 3540 9 0 9 9 0 8 1 sosppl 168 8 0 8 1 1 0 1 0 8 0 sockpl 488 2010 0 1975 33 19 14 20 0 8 9 mcl64k 65536 60 0 60 2 1 1 1 0 8 1 mcl16k 16384 28 0 28 2 1 1 1 0 8 1 mcl12k 12288 57 0 57 2 1 1 1 0 8 1 mcl9k 9216 18 0 18 2 1 1 1 0 8 1 mcl8k 8192 71 0 70 2 1 1 1 0 8 0 mcl4k 4096 164 0 164 2 1 1 1 0 8 1 mcl2k2 2112 10 0 10 2 1 1 1 0 8 1 mcl2k 2048 71277 0 71230 57 49 8 41 0 8 1 mtagpl 96 553 0 180 12 0 12 12 0 8 0 mbufpl 256 125807 0 125334 93 47 46 61 0 8 5 bufpl 280 6535 0 280 447 0 447 447 0 8 0 anonpl 24 332761 0 320986 105 22 83 103 0 188 0 amapchunkpl 152 49468 0 48651 50 8 42 43 0 158 9 amappl16 200 9503 0 9141 38 17 21 31 0 8 1 amappl15 192 35 0 33 1 0 1 1 0 8 0 amappl14 184 151 0 138 2 1 1 2 0 8 0 amappl13 176 15 0 15 1 0 1 1 0 8 1 amappl12 168 2264 0 2238 2 0 2 2 0 8 0 amappl11 160 58 0 48 1 0 1 1 0 8 0 amappl10 152 29 0 22 1 0 1 1 0 8 0 amappl9 144 138 0 137 1 0 1 1 0 8 0 amappl8 136 205 0 154 2 0 2 2 0 8 0 amappl7 128 161 0 143 2 0 2 2 0 8 0 amappl6 120 260 0 248 1 0 1 1 0 8 0 amappl5 112 162 0 154 1 0 1 1 0 8 0 amappl4 104 426 0 407 2 1 1 2 0 8 0 amappl3 96 10087 0 10009 3 0 3 3 0 8 0 amappl2 88 2159 0 2086 3 1 2 3 0 8 0 amappl1 80 13907 0 13408 22 10 12 22 0 8 0 amappl 88 14299 0 14092 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 65 0 2 2 0 2 2 0 8 0 uaddrrnd 24 1658 0 1624 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1658 0 1624 1 0 1 1 0 8 0 vmmpekpl 168 17592 0 17550 3 0 3 3 0 8 0 vmmpepl 168 118934 0 116873 128 29 99 123 0 357 4 vmsppl 352 1657 0 1624 4 0 4 4 0 8 0 rwobjpl 24 40892 0 35628 32 0 32 32 0 8 0 pdppl 4096 3322 0 3257 168 95 73 73 0 8 8 pvpl 32 719389 0 702196 330 168 162 323 0 265 5 pmappl 216 1657 0 1624 3 0 3 3 0 8 1 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 575 0 214 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8060b5be00,ffff800037808b58,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8060b5be00,0,fffffd807104e1f8,22,0,0,50b8052c049864aa) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807104e180,fffffd8060b5be00,fffffd8060b5bc00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067e8c5f8,fffffd8060b5bc00,ffff800037808dd0,0,0,0) at sosend+0x66d sendit(ffff80002a67b7e8,3,ffff800037808f68,0,ffff800037808f58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a67b7e8,ffff800037809110,ffff800037809060) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037809110) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8e57bbaf960, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828f6f9f) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd8060b5be00,ffff800037808b58,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd8060b5be00,0,fffffd807104e1f8,22,0,0,50b8052c049864aa) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd807104e180,fffffd8060b5be00,fffffd8060b5bc00,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067e8c5f8,fffffd8060b5bc00,ffff800037808dd0,0,0,0) at sosend+0x66d sendit(ffff80002a67b7e8,3,ffff800037808f68,0,ffff800037808f58) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a67b7e8,ffff800037809110,ffff800037809060) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800037809110) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8e57bbaf960, count: -10