panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 344580 3527 65534 0x10 0 0 syz-executor1 *306179 3527 65534 0x10 0x4000000 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(a4804616eda4db6a,ffffff007e12afd9,ffff800000173290) at ip_fragment+0x625 ip_output(cf07145c26c32742,ffffff006f307af0,ffffff007e12af00,0,ffffff007e503d00,ffffff006f308a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(e955ffdfccf29181,1400,ffffff006f308a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(646cf8edd34289ea,ffffff006531c360,ffff8000211553f0,ffff8000211554a0,1000,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(309cd2871cafca88,ffff80002108b9e0,ffff8000211554a0,1000,ffff8000211554b8) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_write(b53f612603387f5b,40,ffff80002108b9e0) at sys_write+0x7b sys/kern/sys_generic.c:283 syscall(ec2f1d10698587c9) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ec2f1d10698587c9) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,c,0,3,3e2c98b4010) at Xsyscall+0x128 end of kernel end trace frame: 0x3e4dd7c7000, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(a4804616eda4db6a,ffffff007e12afd9,ffff800000173290) at ip_fragment+0x625 ip_output(cf07145c26c32742,ffffff006f307af0,ffffff007e12af00,0,ffffff007e503d00,ffffff006f308a80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(e955ffdfccf29181,1400,ffffff006f308a80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(646cf8edd34289ea,ffffff006531c360,ffff8000211553f0,ffff8000211554a0,1000,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(309cd2871cafca88,ffff80002108b9e0,ffff8000211554a0,1000,ffff8000211554b8) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_write(b53f612603387f5b,40,ffff80002108b9e0) at sys_write+0x7b sys/kern/sys_generic.c:283 syscall(ec2f1d10698587c9) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ec2f1d10698587c9) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,c,0,3,3e2c98b4010) at Xsyscall+0x128 end of kernel end trace frame: 0x3e4dd7c7000, count: -10 ddb{1}> show registers rdi 0xffffffff81ee5310 kprintf_mutex rsi 0xffffffff810e80d7 db_enter+0x17 rbp 0xffff800021155020 rbx 0xffff8000211550c0 rdx 0xffff8000024da000 rcx 0x1755 __ALIGN_SIZE+0x755 rax 0xffff8000024da000 r8 0xffff800021154ff0 r9 0 r10 0xf52c541eafe0ac6c r11 0x2a8d48b61b94b668 r12 0x3000000008 r13 0xffff800021155030 r14 0x100 r15 0xffffffff81c5f925 apollo_udma100_tim+0x10a1d rip 0xffffffff810e80d8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021155010 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=306179 stat=onproc flags process=10 proc=4000000 pri=76, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80002108bc38,0xffffffff81faceb8 process=0xffff80002109a018 user=0xffff800021150000, vmspace=0xffffff0065958530 estcpu=26, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 3527 344580 9077 65534 7 0x10 syz-executor1 * 3527 306179 9077 65534 7 0x4000010 syz-executor1 21125 357767 9715 65534 2 0x10 syz-executor0 21125 64850 9715 65534 3 0x4000090 fsleep syz-executor0 9077 455723 54745 65534 3 0x90 nanosleep syz-executor1 54745 109679 79312 0 3 0x82 wait syz-executor1 9715 40046 55843 65534 3 0x90 nanosleep syz-executor0 55843 453704 79312 0 3 0x82 wait syz-executor0 90144 512329 0 0 3 0x14200 bored sosplice 79312 442906 69227 0 3 0x82 thrsleep syz-fuzzer 79312 455475 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 517388 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 149551 69227 0 3 0x4000082 kqread syz-fuzzer 79312 319725 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 372462 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 401298 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 180753 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 234179 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 470296 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 423991 69227 0 3 0x4000082 thrsleep syz-fuzzer 79312 139673 69227 0 3 0x4000082 thrsleep syz-fuzzer 69227 127913 13529 0 3 0x10008a pause ksh 13529 227281 51293 0 3 0x92 select sshd 1974 451463 1 0 3 0x100083 ttyin getty 51293 242845 1 0 3 0x80 select sshd 15166 211951 15611 73 3 0x100090 kqread syslogd 15611 145151 1 0 3 0x100082 netio syslogd 45419 174524 1 77 3 0x100090 poll dhclient 22988 305283 1 0 3 0x80 poll dhclient 55207 231654 0 0 2 0x14200 zerothread 8364 17960 0 0 3 0x14200 aiodoned aiodoned 39063 50430 0 0 3 0x14200 syncer update 21735 345289 0 0 3 0x14200 cleaner cleaner 62803 224921 0 0 3 0x14200 reaper reaper 26876 518486 0 0 3 0x14200 pgdaemon pagedaemon 83965 243618 0 0 3 0x14200 bored crynlk 71275 423756 0 0 3 0x14200 bored crypto 41639 251148 0 0 3 0x40014200 acpi0 acpi0 25700 470769 0 0 3 0x40014200 idle1 11540 317123 0 0 3 0x14200 bored softnet 62511 239180 0 0 3 0x14200 bored systqmp 28090 31620 0 0 3 0x14200 bored systq 58305 314165 0 0 3 0x40014200 bored softclock 13272 337845 0 0 3 0x40014200 idle0 1 441376 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper