panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *391416 50726 0 0 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd807469d700,ffff800034424b98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd807469d700,0,fffffd805b9c81f0,22,0,0,e23cbef1b1344156) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd805b9c8178,fffffd807469d700,fffffd807469d200,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067abf200,fffffd807469d200,ffff800034424e10,0,0,0) at sosend+0x66d sendit(ffff80002a68eff8,4,ffff800034424fa8,0,ffff800034424f98) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a68eff8,ffff800034425150,ffff8000344250a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800034425150) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50cc7ecf040, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd807469d700,ffff800034424b98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd807469d700,0,fffffd805b9c81f0,22,0,0,e23cbef1b1344156) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd805b9c8178,fffffd807469d700,fffffd807469d200,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067abf200,fffffd807469d200,ffff800034424e10,0,0,0) at sosend+0x66d sendit(ffff80002a68eff8,4,ffff800034424fa8,0,ffff800034424f98) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a68eff8,ffff800034425150,ffff8000344250a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800034425150) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50cc7ecf040, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000344249e0 rbx 0x24 rdx 0xffff800000dcc980 rcx 0 rax 0xffff80002a68eff8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x7927ad109572677b r11 0xa7dc8c8bbfb2ff75 r12 0 r13 0xff r14 0 r15 0x1 rip 0xffffffff818496ac db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000344249d0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.4) tid=391416 pid=50726 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff800030f5f7f8,0xffff80002a68e810 process=0xffff8000377dae30 user=0xffff800034420000, vmspace=0xfffffd807853c458 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 78768 46055 49648 0 2 0 syz-executor.7 78768 401176 49648 0 3 0x4000080 fsleep syz-executor.7 12560 152585 20626 0 2 0 syz-executor.3 12560 315636 20626 0 3 0x4000080 fsleep syz-executor.3 50726 80388 64860 0 2 0 syz-executor.4 *50726 391416 64860 0 7 0x4000000 syz-executor.4 31425 344012 20193 0 2 0 syz-executor.5 31425 380942 20193 0 3 0x4000080 fsleep syz-executor.5 39019 72694 28185 0 3 0x80 nanoslp syz-executor.6 39019 499574 28185 0 3 0x4000080 netio syz-executor.6 99774 485477 51726 0 3 0x82 nanoslp syz-executor.0 83847 230546 51726 0 3 0x82 nanoslp syz-executor.2 28185 466191 51726 0 3 0x82 nanoslp syz-executor.6 20626 19091 51726 0 3 0x82 nanoslp syz-executor.3 32283 183624 0 0 3 0x14200 acct acct 1566 406957 51726 0 3 0x82 nanoslp syz-executor.1 9558 212917 0 0 3 0x14280 nfsidl nfsio 82872 39719 0 0 3 0x14280 nfsidl nfsio 70896 130524 0 0 3 0x14280 nfsidl nfsio 10691 406772 0 0 3 0x14280 nfsidl nfsio 17477 450903 0 0 3 0x14280 nfsidl nfsio 94902 333601 0 0 3 0x14280 nfsidl nfsio 40189 516980 0 0 3 0x14280 nfsidl nfsio 15980 507173 0 0 3 0x14280 nfsidl nfsio 62695 341082 0 0 3 0x14280 nfsidl nfsio 47701 522668 0 0 3 0x14280 nfsidl nfsio 62939 139066 0 0 3 0x14280 nfsidl nfsio 14297 117870 0 0 3 0x14280 nfsidl nfsio 55172 94316 0 0 3 0x14280 nfsidl nfsio 85653 213674 0 0 3 0x14280 nfsidl nfsio 35041 274286 0 0 3 0x14280 nfsidl nfsio 28511 26676 0 0 3 0x14280 nfsidl nfsio 32095 160639 0 0 3 0x14280 nfsidl nfsio 87904 67910 0 0 3 0x14280 nfsidl nfsio 39937 161285 0 0 3 0x14280 nfsidl nfsio 39817 330495 0 0 3 0x14280 nfsidl nfsio 20193 231888 51726 0 3 0x82 nanoslp syz-executor.5 82561 151923 0 0 3 0x14200 bored sosplice 49648 467487 51726 0 3 0x82 nanoslp syz-executor.7 64860 356998 51726 0 3 0x82 nanoslp syz-executor.4 51726 426365 25847 0 3 0x2000082 thrsleep syz-fuzzer 51726 10693 25847 0 3 0x6000082 thrsleep syz-fuzzer 51726 343031 25847 0 3 0x6000082 wait syz-fuzzer 51726 386252 25847 0 3 0x6000082 wait syz-fuzzer 51726 355990 25847 0 3 0x6000082 thrsleep syz-fuzzer 51726 11302 25847 0 3 0x6000082 wait syz-fuzzer 51726 449379 25847 0 3 0x6000082 wait syz-fuzzer 51726 173207 25847 0 3 0x6000082 wait syz-fuzzer 51726 64691 25847 0 3 0x6000082 wait syz-fuzzer 51726 339188 25847 0 3 0x6000082 kqread syz-fuzzer 51726 157179 25847 0 3 0x6000082 thrsleep syz-fuzzer 51726 351836 25847 0 3 0x6000082 thrsleep syz-fuzzer 51726 523176 25847 0 3 0x6000082 wait syz-fuzzer 51726 329423 25847 0 3 0x6000082 wait syz-fuzzer 25847 52396 27447 0 3 0x10008a sigsusp ksh 27447 130770 94727 0 3 0x9a kqread sshd 37448 474900 1 0 3 0x100083 ttyin getty 94727 169636 1 0 3 0x88 kqread sshd 94273 290828 70077 73 3 0x1100090 kqread syslogd 70077 24236 1 0 3 0x100082 netio syslogd 57754 15822 1 0 3 0x100080 kqread resolvd 35185 489956 76194 77 3 0x100092 kqread dhcpleased 2163 302211 76194 77 3 0x100092 kqread dhcpleased 76194 41870 1 0 3 0x80 kqread dhcpleased 18084 398020 0 0 3 0x14200 bored smr 92283 174820 0 0 2 0x14200 zerothread 40918 57746 0 0 3 0x14200 aiodoned aiodoned 40216 162744 0 0 3 0x14200 syncer update 96433 165257 0 0 3 0x14200 cleaner cleaner 11783 192358 0 0 3 0x14200 reaper reaper 30635 307828 0 0 3 0x14200 pgdaemon pagedaemon 77491 104992 0 0 3 0x14200 bored viomb 87835 247648 0 0 3 0x40014200 acpi0 acpi0 53582 158414 0 0 3 0x14200 bored softnet3 87804 97113 0 0 3 0x14200 bored softnet2 45132 216374 0 0 3 0x14200 bored softnet1 88733 148746 0 0 3 0x14200 bored softnet0 14964 217953 0 0 3 0x14200 bored systqmp 63360 32826 0 0 3 0x14200 bored systq 670 218326 0 0 3 0x40014200 tmoslp softclock 49227 208613 0 0 3 0x40014200 idle0 1 205714 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10176 6477K 7058K 166960K 19441 0 pcb 15 17K 19K 166960K 294 0 rtable 175 13K 15K 166960K 773 0 pf 25 8K 9K 166960K 129 0 ifaddr 32 9K 11K 166960K 121 0 ifgroup 42 1K 2K 166960K 206 0 sysctl 3 0K 0K 166960K 3 0 counters 28 17K 17K 166960K 74 0 ioctlops 0 0K 2K 166960K 242 0 iov 0 0K 16K 166960K 655 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1436 90K 90K 166960K 4245 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 693 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 935 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 69K 166960K 5098 0 sigio 0 0K 0K 166960K 485 0 proc 58 59K 75K 166960K 850 0 subproc 104 6K 6K 166960K 221 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 152 0 in_multi 66 4K 7K 166960K 210 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 1184 0 pfkey data 0 0K 0K 166960K 7 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 363 220K 221K 166960K 49068 0 UVM aobj 131 4K 4K 166960K 137 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 91 0 NDP 11 0K 2K 166960K 90 0 temp 74 6764K 7404K 166960K 47661 0 kqueue 12 18K 28K 166960K 386 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 144 0 141 1 0 1 1 0 8 0 rtentry 112 232 0 155 4 1 3 4 0 8 0 unpcb 144 4573 0 4554 15 9 6 10 0 8 5 syncache 336 59 0 59 2 1 1 1 0 8 1 tcpqe 32 164 0 164 2 1 1 1 0 8 1 tcpcb 808 1752 0 1743 21 13 8 15 0 8 6 arp 88 43 0 31 1 0 1 1 0 8 0 ipq 40 7 0 7 1 0 1 1 0 8 1 ipqe 40 90 0 90 1 0 1 1 0 8 1 inpcb 360 4349 0 4337 25 15 10 14 0 8 8 nd6 104 54 0 39 1 0 1 1 0 8 0 pkpcb 40 9 0 9 2 1 1 1 0 8 1 kcovpl 48 17 0 9 1 0 1 1 0 8 0 ppxss 1072 16 0 16 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 933 0 607 29 4 25 29 0 8 4 art_table 32 934 0 607 4 0 4 4 0 8 1 art_node 16 231 0 161 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 4 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 931 0 921 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 29 0 12 3 0 3 3 0 8 0 dino2pl 256 8411 0 6971 91 0 91 91 0 8 0 ffsino 240 8411 0 6971 86 0 86 86 0 8 0 nchpl 144 15368 0 13719 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 50214 0 50214 3 1 2 2 0 8 2 vcpupl 2048 51 0 0 7 0 7 7 0 8 0 vmpool 664 63 0 12 5 0 5 5 0 8 0 kstatmem 264 110 0 92 2 0 2 2 0 8 0 scxspl 216 48642 0 48642 11 7 4 8 1 8 4 plimitpl 152 932 0 917 1 0 1 1 0 8 0 sigapl 424 5399 0 5332 8 0 8 8 0 8 0 futexpl 64 49364 0 49361 1 0 1 1 0 8 0 knotepl 120 55180 0 55098 23 11 12 17 0 8 8 kqueuepl 184 1111 0 1103 7 3 4 4 0 8 3 pipepl 288 984 0 956 11 4 7 7 0 8 4 fdescpl 432 5361 0 5335 4 0 4 4 0 8 0 filepl 120 32676 0 32431 24 8 16 16 0 8 7 lockfpl 104 1818 0 1815 2 0 2 2 0 8 1 lockfspl 48 619 0 616 1 0 1 1 0 8 0 sessionpl 144 32 0 16 1 0 1 1 0 8 0 pgrppl 48 352 0 336 1 0 1 1 0 8 0 ucredpl 104 4793 0 4783 1 0 1 1 0 8 0 zombiepl 144 5335 0 5332 1 0 1 1 0 8 0 processpl 1072 5399 0 5332 5 0 5 5 0 8 0 procpl 680 12986 0 12901 10 1 9 9 0 8 1 sosppl 168 71 0 71 1 0 1 1 0 8 1 sockpl 488 9083 0 9049 173 162 11 35 0 8 6 mcl64k 65536 179 0 179 2 1 1 1 0 8 1 mcl16k 16384 93 0 93 2 1 1 1 0 8 1 mcl12k 12288 214 0 214 2 1 1 1 0 8 1 mcl9k 9216 72 0 72 2 1 1 1 0 8 1 mcl8k 8192 445 0 444 2 1 1 1 0 8 0 mcl4k 4096 619 0 619 2 1 1 1 0 8 1 mcl2k2 2112 32 0 32 2 1 1 1 0 8 1 mcl2k 2048 81287 0 81243 32 24 8 31 0 8 1 mtagpl 96 1205 0 1041 15 7 8 14 0 8 1 mbufpl 256 170592 0 170344 104 66 38 85 0 8 8 bufpl 280 12973 0 6578 458 0 458 458 0 8 0 anonpl 24 636544 0 624320 129 17 112 112 0 188 20 amapchunkpl 152 156623 0 155823 47 10 37 45 0 158 2 amappl16 200 12629 0 12144 43 9 34 39 0 8 7 amappl15 192 22 0 20 1 0 1 1 0 8 0 amappl14 184 176 0 165 2 1 1 2 0 8 0 amappl13 176 25 0 24 1 0 1 1 0 8 0 amappl12 168 6132 0 6105 2 0 2 2 0 8 0 amappl11 160 62 0 52 1 0 1 1 0 8 0 amappl10 152 35 0 26 1 0 1 1 0 8 0 amappl9 144 143 0 142 1 0 1 1 0 8 0 amappl8 136 301 0 233 3 0 3 3 0 8 0 amappl7 128 202 0 180 2 0 2 2 0 8 0 amappl6 120 446 0 433 1 0 1 1 0 8 0 amappl5 112 194 0 186 1 0 1 1 0 8 0 amappl4 104 520 0 500 2 1 1 2 0 8 0 amappl3 96 31433 0 31354 3 0 3 3 0 8 0 amappl2 88 6029 0 5957 3 1 2 3 0 8 0 amappl1 80 27960 0 27451 22 10 12 22 0 8 0 amappl 88 48340 0 48121 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 5424 0 5347 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5424 0 5347 1 0 1 1 0 8 0 vmmpekpl 168 41538 0 41460 4 0 4 4 0 8 0 vmmpepl 168 329431 0 327163 153 22 131 131 0 357 23 vmsppl 352 5423 0 5347 8 0 8 8 0 8 0 rwobjpl 24 87161 0 79614 48 0 48 48 0 8 2 pdppl 4096 10854 0 10745 363 246 117 117 0 8 8 pvpl 32 1905906 0 1888064 361 162 199 334 0 265 26 pmappl 216 5423 0 5347 5 0 5 5 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 774 0 366 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd807469d700,ffff800034424b98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd807469d700,0,fffffd805b9c81f0,22,0,0,e23cbef1b1344156) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd805b9c8178,fffffd807469d700,fffffd807469d200,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067abf200,fffffd807469d200,ffff800034424e10,0,0,0) at sosend+0x66d sendit(ffff80002a68eff8,4,ffff800034424fa8,0,ffff800034424f98) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a68eff8,ffff800034425150,ffff8000344250a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800034425150) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50cc7ecf040, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828efb08) at panic+0x165 sys/kern/subr_prf.c:198 ip_fragment(fffffd807469d700,ffff800034424b98,ffff80000019e2a8,5dc) at ip_fragment+0x7b1 ip_output(fffffd807469d700,0,fffffd805b9c81f0,22,0,0,e23cbef1b1344156) at ip_output+0xe10 sys/netinet/ip_output.c:478 divert_output(fffffd805b9c8178,fffffd807469d700,fffffd807469d200,0) at divert_output+0x2ca sys/netinet/ip_divert.c:174 sosend(fffffd8067abf200,fffffd807469d200,ffff800034424e10,0,0,0) at sosend+0x66d sendit(ffff80002a68eff8,4,ffff800034424fa8,0,ffff800034424f98) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendmmsg(ffff80002a68eff8,ffff800034425150,ffff8000344250a0) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800034425150) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50cc7ecf040, count: -10