panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 169088 3373 0 0 0 1 syz-executor1 *327304 3373 0 0 0x4000000 0K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(89e5399f964517cd,ffffff00633dd4b0,ffff800000173290) at ip_fragment+0x625 ip_output(89e5399f9644c11a,ffffff006f4ad348,ffffff007216e400,0,ffffff007216e400,ffffff006f4ae900) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(f2b923594d1b75cf,13ab,ffffff006f4ae900,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(1a692d27b741ddae,ffffff0070bef180,ffff800021089c78,1055,ffff800021089db0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(87297e972b24aa9b,0,3,ffff800021063788,ffff800021089db0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(54dac7d6304ca29e,790,ffff800021063788) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(745fb0a28df17b8d) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(745fb0a28df17b8d) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,5ae2b51f010) at Xsyscall+0x128 end of kernel end trace frame: 0x5b0d633f020, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(89e5399f964517cd,ffffff00633dd4b0,ffff800000173290) at ip_fragment+0x625 ip_output(89e5399f9644c11a,ffffff006f4ad348,ffffff007216e400,0,ffffff007216e400,ffffff006f4ae900) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(f2b923594d1b75cf,13ab,ffffff006f4ae900,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(1a692d27b741ddae,ffffff0070bef180,ffff800021089c78,1055,ffff800021089db0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(87297e972b24aa9b,0,3,ffff800021063788,ffff800021089db0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(54dac7d6304ca29e,790,ffff800021063788) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(745fb0a28df17b8d) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(745fb0a28df17b8d) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,5ae2b51f010) at Xsyscall+0x128 end of kernel end trace frame: 0x5b0d633f020, count: -10 ddb{0}> show registers rdi 0xffffffff81eeef78 kprintf_mutex rsi 0xffffffff81b0b167 db_enter+0x17 rbp 0xffff8000210898a0 rbx 0xffff800021089940 rdx 0xffff80000293d000 rcx 0x1298 __ALIGN_SIZE+0x298 rax 0xffff80000293d000 r8 0xffff800021089870 r9 0 r10 0xf2b923594deee5bb r11 0x6a9f28bab9b35771 r12 0x3000000008 r13 0xffff8000210898b0 r14 0x100 r15 0xffffffff81cd516a apollo_udma100_tim+0xed43 rip 0xffffffff81b0b168 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021089890 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1) pid=327304 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800021062720,0xffffffff81fdbec8 process=0xffff8000210646a0 user=0xffff800021084000, vmspace=0xffffff007f124840 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 3373 169088 65337 0 7 0 syz-executor1 * 3373 327304 65337 0 7 0x4000000 syz-executor1 96703 300803 1 0 3 0x100083 ttyin getty 67271 64518 0 0 3 0x14200 bored sosplice 65337 501041 31714 0 3 0x82 nanosleep syz-executor1 48861 217179 31714 0 3 0x82 nanosleep syz-executor0 31714 508387 35660 0 3 0x82 thrsleep syz-fuzzer 31714 200239 35660 0 3 0x4000082 nanosleep syz-fuzzer 31714 276231 35660 0 3 0x4000082 thrsleep syz-fuzzer 31714 102849 35660 0 3 0x4000082 thrsleep syz-fuzzer 31714 264869 35660 0 3 0x4000082 thrsleep syz-fuzzer 31714 189333 35660 0 3 0x4000082 thrsleep syz-fuzzer 31714 265401 35660 0 3 0x4000082 thrsleep syz-fuzzer 31714 41986 35660 0 3 0x4000082 thrsleep syz-fuzzer 31714 291276 35660 0 3 0x4000082 thrsleep syz-fuzzer 31714 435433 35660 0 3 0x4000082 kqread syz-fuzzer 35660 338754 51893 0 3 0x10008a pause ksh 51893 170809 23438 0 3 0x92 select sshd 23438 296988 1 0 3 0x80 select sshd 34059 165972 4981 73 3 0x100090 kqread syslogd 4981 101445 1 0 3 0x100082 netio syslogd 22087 228945 1 77 3 0x100090 poll dhclient 94108 151652 1 0 3 0x80 poll dhclient 33142 411705 0 0 3 0x14200 pgzero zerothread 54427 201606 0 0 3 0x14200 aiodoned aiodoned 61757 449219 0 0 3 0x14200 syncer update 70711 384588 0 0 3 0x14200 cleaner cleaner 25612 296431 0 0 3 0x14200 reaper reaper 86837 64698 0 0 3 0x14200 pgdaemon pagedaemon 72031 49282 0 0 3 0x14200 bored crynlk 33335 517729 0 0 3 0x14200 bored crypto 13670 381262 0 0 3 0x40014200 acpi0 acpi0 92275 270864 0 0 3 0x40014200 idle1 45843 271990 0 0 3 0x14200 bored softnet 71674 523347 0 0 3 0x14200 bored systqmp 53075 26237 0 0 3 0x14200 bored systq 27469 59495 0 0 3 0x40014200 bored softclock 30713 57964 0 0 3 0x40014200 idle0 1 410732 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper