panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 324383 64432 32767 0x10 0 1 syz-executor0 *302532 64432 32767 0x10 0x4000000 0K syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(9890ba11f64f4ea2,ffffff0076e9e3d9,ffff800000173290) at ip_fragment+0x625 ip_output(d0584c20c185b088,ffffff006f4af230,ffffff0076e9e300,0,ffffff0078177c00,ffffff006e8e3c08) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(169c0508f3887dc7,1400,ffffff006e8e3c08,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(d701f7dac4fcf314,ffffff0068214e98,ffff800021189330,1000,ffff8000211893e0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(8e027bd6bebfb2db,ffff80002108ae28,ffff8000211893e0,1000,ffff8000211893f8) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_write(9890ba11f614fb79,40,ffff80002108ae28) at sys_write+0x7b sys/kern/sys_generic.c:283 syscall(29266d3c6362c60f) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(29266d3c6362c60f) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,c,0,3,92cbfb69010) at Xsyscall+0x128 end of kernel end trace frame: 0x92fafc13140, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(9890ba11f64f4ea2,ffffff0076e9e3d9,ffff800000173290) at ip_fragment+0x625 ip_output(d0584c20c185b088,ffffff006f4af230,ffffff0076e9e300,0,ffffff0078177c00,ffffff006e8e3c08) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(169c0508f3887dc7,1400,ffffff006e8e3c08,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(d701f7dac4fcf314,ffffff0068214e98,ffff800021189330,1000,ffff8000211893e0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(8e027bd6bebfb2db,ffff80002108ae28,ffff8000211893e0,1000,ffff8000211893f8) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_write(9890ba11f614fb79,40,ffff80002108ae28) at sys_write+0x7b sys/kern/sys_generic.c:283 syscall(29266d3c6362c60f) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(29266d3c6362c60f) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,c,0,3,92cbfb69010) at Xsyscall+0x128 end of kernel end trace frame: 0x92fafc13140, count: -10 ddb{0}> show registers rdi 0xffffffff81eee870 kprintf_mutex rsi 0xffffffff8158b247 db_enter+0x17 rbp 0xffff800021188f60 rbx 0xffff800021189000 rdx 0xffff800001f3e000 rcx 0x12d5 __ALIGN_SIZE+0x2d5 rax 0xffff800001f3e000 r8 0xffff800021188f30 r9 0 r10 0x19470930b35b2d6 r11 0x9b22367dbe05e721 r12 0x3000000008 r13 0xffff800021188f70 r14 0x100 r15 0xffffffff81cd2082 substchar+0xd438 rip 0xffffffff8158b248 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021188f50 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=302532 stat=onproc flags process=10 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff80002108b2d8,0xffff80002108b090 process=0xffff80002109ad38 user=0xffff800021184000, vmspace=0xffffff00770c6748 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 64432 324383 96855 32767 7 0x10 syz-executor0 *64432 302532 96855 32767 7 0x4000010 syz-executor0 66018 161921 37680 32767 2 0x10 syz-executor1 66018 103423 37680 32767 3 0x4000090 fsleep syz-executor1 66018 512704 37680 32767 3 0x4000090 fsleep syz-executor1 96855 208470 99389 32767 3 0x90 nanosleep syz-executor0 99389 434057 65818 0 3 0x82 wait syz-executor0 37680 302930 28757 32767 3 0x90 nanosleep syz-executor1 28757 499630 65818 0 3 0x82 wait syz-executor1 32536 19559 0 0 3 0x14200 bored sosplice 65818 352210 84288 0 3 0x82 thrsleep syz-fuzzer 65818 362766 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 144294 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 166866 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 213313 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 211463 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 470467 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 318629 84288 0 3 0x4000082 kqread syz-fuzzer 65818 366024 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 477517 84288 0 3 0x4000082 thrsleep syz-fuzzer 65818 228918 84288 0 3 0x4000082 thrsleep syz-fuzzer 84288 494032 56120 0 3 0x10008a pause ksh 56120 99847 34390 0 3 0x92 select sshd 28794 98150 1 0 3 0x100083 ttyin getty 34390 293207 1 0 3 0x80 select sshd 7576 500859 6022 73 3 0x100090 kqread syslogd 6022 445731 1 0 3 0x100082 netio syslogd 49194 118503 1 77 3 0x100090 poll dhclient 17197 14890 1 0 3 0x80 poll dhclient 6693 213233 0 0 2 0x14200 zerothread 83512 335231 0 0 3 0x14200 aiodoned aiodoned 59578 268866 0 0 3 0x14200 syncer update 49938 261428 0 0 3 0x14200 cleaner cleaner 16230 263686 0 0 3 0x14200 reaper reaper 87497 152239 0 0 3 0x14200 pgdaemon pagedaemon 45563 205760 0 0 3 0x14200 bored crynlk 9152 288981 0 0 3 0x14200 bored crypto 87592 197619 0 0 3 0x40014200 acpi0 acpi0 15591 123504 0 0 3 0x40014200 idle1 24097 399987 0 0 3 0x14200 bored softnet 10319 226736 0 0 3 0x14200 bored systqmp 55545 511316 0 0 3 0x14200 bored systq 71911 446627 0 0 3 0x40014200 bored softclock 87819 442073 0 0 3 0x40014200 idle0 1 80508 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper