panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 505842 31267 32767 0x10 0 1 syz-executor1 *241086 31267 32767 0x10 0x4000000 0K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(f86d8fb47af5cb0a,ffffff007afe84b0,ffff800000173290) at ip_fragment+0x625 ip_output(a44150d52edba594,ffffff006f4af9d8,ffffff007ae1bb00,0,ffffff007ae1bb00,ffffff006f4b0a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(1fb289c40c476e89,e0,ffffff006f4b0a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(34260d53b48c7a25,ffffff006fa8a3c0,ffff800021154ec8,2320,ffff800021155000,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(fa48011dee3c4c72,0,a,ffff80002108a720,ffff800021155000) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(bfc198a5748086e4,790,ffff80002108a720) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(2e5ac4085a65e463) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(2e5ac4085a65e463) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,d56deac1010) at Xsyscall+0x128 end of kernel end trace frame: 0xd598aa24c90, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(f86d8fb47af5cb0a,ffffff007afe84b0,ffff800000173290) at ip_fragment+0x625 ip_output(a44150d52edba594,ffffff006f4af9d8,ffffff007ae1bb00,0,ffffff007ae1bb00,ffffff006f4b0a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(1fb289c40c476e89,e0,ffffff006f4b0a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(34260d53b48c7a25,ffffff006fa8a3c0,ffff800021154ec8,2320,ffff800021155000,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(fa48011dee3c4c72,0,a,ffff80002108a720,ffff800021155000) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(bfc198a5748086e4,790,ffff80002108a720) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(2e5ac4085a65e463) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(2e5ac4085a65e463) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,d56deac1010) at Xsyscall+0x128 end of kernel end trace frame: 0xd598aa24c90, count: -10 ddb{0}> show registers rdi 0xffffffff81eee870 kprintf_mutex rsi 0xffffffff8158b247 db_enter+0x17 rbp 0xffff800021154af0 rbx 0xffff800021154b90 rdx 0xffff800003f44000 rcx 0x18c0 __ALIGN_SIZE+0x8c0 rax 0xffff800003f44000 r8 0xffff800021154ac0 r9 0 r10 0xdee10aa20319ebd1 r11 0x7fdc503870163549 r12 0x3000000008 r13 0xffff800021154b00 r14 0x100 r15 0xffffffff81cd2082 substchar+0xd438 rip 0xffffffff8158b248 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021154ae0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1) pid=241086 stat=onproc flags process=10 proc=4000000 pri=70, usrpri=70, nice=20 forw=0xffffffffffffffff, list=0xffff80002108b2d8,0xffffffff81faa2e0 process=0xffff800021065a50 user=0xffff800021150000, vmspace=0xffffff00659f4a58 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 31267 505842 21542 32767 7 0x10 syz-executor1 *31267 241086 21542 32767 7 0x4000010 syz-executor1 21542 856 58908 32767 3 0x90 nanosleep syz-executor1 58908 87796 6219 0 3 0x82 wait syz-executor1 16899 142507 82688 32767 3 0x10 biowait syz-executor0 82688 120510 6219 0 3 0x82 wait syz-executor0 7713 404391 0 0 3 0x14200 bored sosplice 6219 404489 27784 0 3 0x82 thrsleep syz-fuzzer 6219 324237 27784 0 3 0x4000082 nanosleep syz-fuzzer 6219 365700 27784 0 3 0x4000082 thrsleep syz-fuzzer 6219 132958 27784 0 3 0x4000082 thrsleep syz-fuzzer 6219 270653 27784 0 3 0x4000082 thrsleep syz-fuzzer 6219 67434 27784 0 3 0x4000082 thrsleep syz-fuzzer 6219 179018 27784 0 3 0x4000082 thrsleep syz-fuzzer 6219 353827 27784 0 3 0x4000082 kqread syz-fuzzer 6219 457494 27784 0 3 0x4000082 nanosleep syz-fuzzer 6219 153566 27784 0 3 0x4000082 thrsleep syz-fuzzer 6219 131999 27784 0 3 0x4000082 thrsleep syz-fuzzer 27784 272124 91605 0 3 0x10008a pause ksh 91605 471731 50300 0 3 0x92 select sshd 74931 364932 1 0 3 0x100083 ttyin getty 50300 15752 1 0 3 0x80 select sshd 32934 368184 59729 73 3 0x100090 kqread syslogd 59729 183090 1 0 3 0x100082 netio syslogd 23366 389240 1 77 3 0x100090 poll dhclient 39502 155514 1 0 3 0x80 poll dhclient 42323 433392 0 0 3 0x14200 pgzero zerothread 47335 416888 0 0 3 0x14200 aiodoned aiodoned 93311 412529 0 0 3 0x14200 syncer update 92678 124935 0 0 3 0x14200 cleaner cleaner 24019 516118 0 0 3 0x14200 reaper reaper 50318 376691 0 0 3 0x14200 pgdaemon pagedaemon 61152 322883 0 0 3 0x14200 bored crynlk 7287 192557 0 0 3 0x14200 bored crypto 20468 505396 0 0 3 0x40014200 acpi0 acpi0 27426 484356 0 0 3 0x40014200 idle1 98005 160530 0 0 3 0x14200 bored softnet 50686 280546 0 0 3 0x14200 bored systqmp 16328 209067 0 0 3 0x14200 bored systq 20780 198628 0 0 3 0x40014200 bored softclock 23879 233988 0 0 3 0x40014200 idle0 1 56206 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper