login: panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *433430 96387 0 0 0x4000000 0 syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(2955035984138fbd,ffffff0038287f00,ffff800000171290) at ip_fragment+0x551 ip_output(a9799c346ff4ee2e,ffffff0038287800,ffffff0038287f00,0,ffffff00370d5460,ffffff0036508788) at ip_output+0xc06 sys/netinet/ip_output.c:501 udp_output(ab7714c35def1d10,1400,ffffff0036508788,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004 sosend(5b6eeece31741adf,ffffff00380195b8,ffff800014ad0120,1000,ffff800014ad01d0,0) at sosend+0x472 sys/kern/uipc_socket.c:513 dofilewritev(c1f111fe2434d560,ffff8000ffff92c8,ffff800014ad01d0,1000,ffff800014ad01e8) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_write(c8f878b9a6dbb2e8,ffff800014ad0270,ffff8000ffff92c8) at sys_write+0x7b sys/kern/sys_generic.c:283 syscall(abb5d5721c96c237) at syscall+0x3f1 Xsyscall(6,0,c,0,3,6595e0080d8) at Xsyscall+0x128 end of kernel end trace frame: 0x65be3479ad0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(2955035984138fbd,ffffff0038287f00,ffff800000171290) at ip_fragment+0x551 ip_output(a9799c346ff4ee2e,ffffff0038287800,ffffff0038287f00,0,ffffff00370d5460,ffffff0036508788) at ip_output+0xc06 sys/netinet/ip_output.c:501 udp_output(ab7714c35def1d10,1400,ffffff0036508788,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004 sosend(5b6eeece31741adf,ffffff00380195b8,ffff800014ad0120,1000,ffff800014ad01d0,0) at sosend+0x472 sys/kern/uipc_socket.c:513 dofilewritev(c1f111fe2434d560,ffff8000ffff92c8,ffff800014ad01d0,1000,ffff800014ad01e8) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_write(c8f878b9a6dbb2e8,ffff800014ad0270,ffff8000ffff92c8) at sys_write+0x7b sys/kern/sys_generic.c:283syscall(abb5d5721c96c237) at syscall+0x3f1 Xsyscall(6,0,c,0,3,6595e0080d8) at Xsyscall+0x128 end of kernel end trace frame: 0x65be3479ad0, count: -10 ddb> show registers rdi 0xffffffff81f1d5a8 kprintf_mutex rsi 0xffffffff81bcf0c7 db_enter+0x17 rbp 0xffff800014acfd50 rbx 0xffff800014acfdf0 rdx 0xffff800000d33000 rcx 0x160d __ALIGN_SIZE+0x60d rax 0xffff800000d33000 r8 0xffff800014acfd20 r9 0 r10 0xb7e6bf1eb997dae6 r11 0x3b7822748166e500 r12 0x3000000008 r13 0xffff800014acfd60 r14 0x100 r15 0xffffffff81cbe76a substchar+0xfe5f rip 0xffffffff81bcf0c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014acfd40 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor0) pid=433430 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8710,0xffffffff81fafe18 process=0xffff8000ffff4020 user=0xffff800014acb000, vmspace=0xffffff003f12ae70 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 79612 33271 20849 0 2 0 syz-executor1 79612 164283 20849 0 3 0x4000080 fsleep syz-executor1 96387 159991 53674 0 2 0 syz-executor0 96387 290826 53674 0 3 0x4000080 netio syz-executor0 *96387 433430 53674 0 7 0x4000000 syz-executor0 31973 120399 1 0 3 0x100083 ttyin getty 80878 334482 0 0 3 0x14200 bored sosplice 20849 389834 74471 0 3 0x82 nanosleep syz-executor1 53674 95160 74471 0 3 0x82 nanosleep syz-executor0 74471 456079 53429 0 3 0x82 thrsleep syz-fuzzer 74471 64403 53429 0 3 0x4000082 thrsleep syz-fuzzer 74471 178672 53429 0 3 0x4000082 kqread syz-fuzzer 74471 465733 53429 0 3 0x4000082 thrsleep syz-fuzzer 74471 67494 53429 0 3 0x4000082 thrsleep syz-fuzzer 74471 459031 53429 0 3 0x4000082 thrsleep syz-fuzzer 74471 473504 53429 0 3 0x4000082 thrsleep syz-fuzzer 53429 32224 41336 0 3 0x10008a pause ksh 41336 52392 73909 0 3 0x92 select sshd 73909 365118 1 0 3 0x80 select sshd 12089 219313 65023 73 3 0x100090 kqread syslogd 65023 114366 1 0 3 0x100082 netio syslogd 50029 16661 1 77 3 0x100090 poll dhclient 63705 435524 1 0 3 0x80 poll dhclient 59534 62369 0 0 2 0x14200 zerothread 14952 437616 0 0 3 0x14200 aiodoned aiodoned 27993 240703 0 0 3 0x14200 syncer update 6855 205772 0 0 3 0x14200 cleaner cleaner 37318 319650 0 0 3 0x14200 reaper reaper 65985 441395 0 0 3 0x14200 pgdaemon pagedaemon 20252 145095 0 0 3 0x14200 bored crynlk 3020 413616 0 0 3 0x14200 bored crypto 94898 370043 0 0 3 0x40014200 acpi0 acpi0 9381 112277 0 0 3 0x14200 bored softnet 2172 50152 0 0 3 0x14200 bored systqmp 52740 69832 0 0 3 0x14200 bored systq 41047 235119 0 0 3 0x40014200 bored softclock 6267 456305 0 0 3 0x40014200 idle0 1 427299 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper