panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 342752 18259 32767 0x10 0 0 syz-executor1 * 83119 18259 32767 0x10 0x4000000 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(b6160bb3b621aa82,ffffff006da618b0,ffff800000173290) at ip_fragment+0x625 ip_output(f73678284b8be037,ffffff006f4b3690,ffffff006f181300,0,ffffff006f181300,ffffff006f4b4a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(a5acaf866864fd3a,13af,ffffff006f4b4a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(6c652f7ca0140017,ffffff006e65dd28,ffff800021173668,1051,ffff8000211737a0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(e44189c4d6736277,0,2,ffff80002108a4c8,ffff8000211737a0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(6922b8e917b3f430,790,ffff80002108a4c8) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(700e2cbb133c090b) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(700e2cbb133c090b) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,34e9c01c010) at Xsyscall+0x128 end of kernel end trace frame: 0x3519ad1eff0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(b6160bb3b621aa82,ffffff006da618b0,ffff800000173290) at ip_fragment+0x625 ip_output(f73678284b8be037,ffffff006f4b3690,ffffff006f181300,0,ffffff006f181300,ffffff006f4b4a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(a5acaf866864fd3a,13af,ffffff006f4b4a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(6c652f7ca0140017,ffffff006e65dd28,ffff800021173668,1051,ffff8000211737a0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(e44189c4d6736277,0,2,ffff80002108a4c8,ffff8000211737a0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(6922b8e917b3f430,790,ffff80002108a4c8) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(700e2cbb133c090b) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(700e2cbb133c090b) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,34e9c01c010) at Xsyscall+0x128 end of kernel end trace frame: 0x3519ad1eff0, count: -10 ddb{1}> show registers rdi 0xffffffff81eee870 kprintf_mutex rsi 0xffffffff8158b247 db_enter+0x17 rbp 0xffff800021173290 rbx 0xffff800021173330 rdx 0xffff80000233d000 rcx 0x13ab __ALIGN_SIZE+0x3ab rax 0xffff80000233d000 r8 0xffff800021173260 r9 0 r10 0xbd87127d0962ff01 r11 0x25ac95804ac413ca r12 0x3000000008 r13 0xffff8000211732a0 r14 0x100 r15 0xffffffff81cd2082 substchar+0xd438 rip 0xffffffff8158b248 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021173280 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=83119 stat=onproc flags process=10 proc=4000000 pri=72, usrpri=72, nice=20 forw=0xffffffffffffffff, list=0xffff80002108a720,0xffffffff81faa2e0 process=0xffff80002109a018 user=0xffff80002116e000, vmspace=0xffffff00681b4748 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 18259 342752 14738 32767 7 0x10 syz-executor1 *18259 83119 14738 32767 7 0x4000010 syz-executor1 14738 158065 75309 32767 3 0x90 nanosleep syz-executor1 75309 41080 1782 0 3 0x82 wait syz-executor1 80877 297146 25112 32767 3 0x10 biowait syz-executor0 25112 287106 1782 0 3 0x82 wait syz-executor0 75110 320331 0 0 3 0x14200 bored sosplice 1782 48294 52248 0 3 0x82 thrsleep syz-fuzzer 1782 353902 52248 0 3 0x4000082 nanosleep syz-fuzzer 1782 317167 52248 0 3 0x4000082 thrsleep syz-fuzzer 1782 163648 52248 0 3 0x4000082 thrsleep syz-fuzzer 1782 401454 52248 0 3 0x4000082 thrsleep syz-fuzzer 1782 155256 52248 0 3 0x4000082 thrsleep syz-fuzzer 1782 20300 52248 0 3 0x4000082 thrsleep syz-fuzzer 1782 228824 52248 0 3 0x4000082 nanosleep syz-fuzzer 1782 54533 52248 0 3 0x4000082 kqread syz-fuzzer 1782 30468 52248 0 3 0x4000082 thrsleep syz-fuzzer 52248 432847 4038 0 3 0x10008a pause ksh 4038 304752 23983 0 3 0x92 select sshd 35950 522926 1 0 3 0x100083 ttyin getty 23983 95932 1 0 3 0x80 select sshd 12939 63610 89022 73 3 0x100090 kqread syslogd 89022 121130 1 0 3 0x100082 netio syslogd 84558 382859 1 77 3 0x100090 poll dhclient 76964 259026 1 0 3 0x80 poll dhclient 95047 427745 0 0 3 0x14200 pgzero zerothread 95833 29589 0 0 3 0x14200 aiodoned aiodoned 38785 42195 0 0 3 0x14200 syncer update 14819 415291 0 0 3 0x14200 cleaner cleaner 29394 121341 0 0 3 0x14200 reaper reaper 65878 137780 0 0 3 0x14200 pgdaemon pagedaemon 34787 288100 0 0 3 0x14200 bored crynlk 10649 172073 0 0 3 0x14200 bored crypto 54597 32435 0 0 3 0x40014200 acpi0 acpi0 69786 158592 0 0 3 0x40014200 idle1 83181 339080 0 0 3 0x14200 bored softnet 28648 402351 0 0 3 0x14200 bored systqmp 74221 76960 0 0 3 0x14200 bored systq 47388 56761 0 0 3 0x40014200 bored softclock 49504 15309 0 0 3 0x40014200 idle0 1 37957 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper