panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 93351 66499 32767 0x10 0 0 syz-executor1 *512897 66499 32767 0x10 0x4000000 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(7bebec3a465bdaa9,ffffff0067ad0db0,ffff800000173290) at ip_fragment+0x625 ip_output(dddf71b2be579659,ffffff006f4a4d20,ffffff006f171000,0,ffffff006f171000,ffffff006f4a5a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(c25a45b22689b503,125c,ffffff006f4a5a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(30fdcf4bc0d7876f,ffffff006fa8a4b0,ffff80002117b2b8,11a4,ffff80002117b3f0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(46c31eaf69998c21,0,4,ffff8000210639e0,ffff80002117b3f0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(b79d784b53dd4458,790,ffff8000210639e0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(1bd727737ae004bf) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(1bd727737ae004bf) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,c38705d70d8) at Xsyscall+0x128 end of kernel end trace frame: 0xc3aa92e8180, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(7bebec3a465bdaa9,ffffff0067ad0db0,ffff800000173290) at ip_fragment+0x625 ip_output(dddf71b2be579659,ffffff006f4a4d20,ffffff006f171000,0,ffffff006f171000,ffffff006f4a5a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(c25a45b22689b503,125c,ffffff006f4a5a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(30fdcf4bc0d7876f,ffffff006fa8a4b0,ffff80002117b2b8,11a4,ffff80002117b3f0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(46c31eaf69998c21,0,4,ffff8000210639e0,ffff80002117b3f0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(b79d784b53dd4458,790,ffff8000210639e0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(1bd727737ae004bf) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(1bd727737ae004bf) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,c38705d70d8) at Xsyscall+0x128 end of kernel end trace frame: 0xc3aa92e8180, count: -10 ddb{1}> show registers rdi 0xffffffff81f00128 kprintf_mutex rsi 0xffffffff81150e07 db_enter+0x17 rbp 0xffff80002117aee0 rbx 0xffff80002117af80 rdx 0xffff80000253e000 rcx 0x1948 __ALIGN_SIZE+0x948 rax 0xffff80000253e000 r8 0xffff80002117aeb0 r9 0 r10 0x445159c35a3f5bbe r11 0x3da5ba4da734d069 r12 0x3000000008 r13 0xffff80002117aef0 r14 0x100 r15 0xffffffff81cd528d apollo_udma100_tim+0xde73 rip 0xffffffff81150e08 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002117aed0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=512897 stat=onproc flags process=10 proc=4000000 pri=78, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff800021063c38,0xffffffff81f8d720 process=0xffff8000210653c0 user=0xffff800021176000, vmspace=0xffffff0065ad6848 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66499 93351 97478 32767 7 0x10 syz-executor1 66499 147025 97478 32767 2 0x4000010 syz-executor1 *66499 512897 97478 32767 7 0x4000010 syz-executor1 15301 191131 49159 32767 3 0x90 nanosleep syz-executor0 15301 113925 49159 32767 3 0x4000090 ttyout syz-executor0 15301 80778 49159 32767 3 0x4000090 fsleep syz-executor0 97478 423300 90670 32767 3 0x90 nanosleep syz-executor1 90670 9874 10026 0 3 0x82 wait syz-executor1 49159 257749 74860 32767 3 0x90 nanosleep syz-executor0 74860 403392 10026 0 3 0x82 wait syz-executor0 71620 4314 0 0 3 0x14200 bored sosplice 10026 327192 41019 0 3 0x82 thrsleep syz-fuzzer 10026 213795 41019 0 3 0x4000082 nanosleep syz-fuzzer 10026 149851 41019 0 3 0x4000082 thrsleep syz-fuzzer 10026 307409 41019 0 3 0x4000082 thrsleep syz-fuzzer 10026 50505 41019 0 3 0x4000082 thrsleep syz-fuzzer 10026 204944 41019 0 3 0x4000082 thrsleep syz-fuzzer 10026 71567 41019 0 3 0x4000082 kqread syz-fuzzer 10026 472140 41019 0 3 0x4000082 thrsleep syz-fuzzer 10026 173956 41019 0 3 0x4000082 thrsleep syz-fuzzer 10026 95793 41019 0 3 0x4000082 thrsleep syz-fuzzer 41019 137129 85405 0 3 0x10008a pause ksh 85405 334655 15871 0 3 0x92 select sshd 16538 83356 1 0 3 0x100083 ttyin getty 15871 140609 1 0 3 0x80 select sshd 14059 402369 18705 73 3 0x100090 kqread syslogd 18705 194135 1 0 3 0x100082 netio syslogd 60872 308931 1 77 3 0x100090 poll dhclient 99201 221947 1 0 3 0x80 poll dhclient 63738 29071 0 0 3 0x14200 pgzero zerothread 13820 474541 0 0 3 0x14200 aiodoned aiodoned 21450 321154 0 0 3 0x14200 syncer update 90725 316459 0 0 3 0x14200 cleaner cleaner 35548 72280 0 0 3 0x14200 reaper reaper 21677 386246 0 0 3 0x14200 pgdaemon pagedaemon 33666 466483 0 0 3 0x14200 bored crynlk 89951 413193 0 0 3 0x14200 bored crypto 99922 502880 0 0 3 0x40014200 acpi0 acpi0 93535 276526 0 0 3 0x40014200 idle1 66968 253991 0 0 3 0x14200 bored softnet 21900 232120 0 0 3 0x14200 bored systqmp 28538 286418 0 0 3 0x14200 bored systq 6644 400190 0 0 3 0x40014200 bored softclock 72555 314948 0 0 3 0x40014200 idle0 1 429106 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper