panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *198689 51699 0 0 0x4000000 0 syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(985c244152f935c9,ffffff003ed2fc00,ffff800000171290) at ip_fragment+0x551 ip_output(6901d0409d1004c1,ffffff003ed2f700,ffffff003ed2f700,0,ffffff00370d48c0,ffffff0036513d88) at ip_output+0xc06 sys/netinet/ip_output.c:501 udp_output(1aeaec5cdf9f4a34,121d,ffffff0036513d88,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004 sosend(475e29b01a5c2e75,ffffff00306fccb8,ffff800014a64a18,11e3,ffff800014a64b50,0) at sosend+0x472 sys/kern/uipc_socket.c:513 dofilewritev(ca4adc9dcd9521fc,0,4,ffff8000ffff8e18,ffff800014a64b50) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(3ced925a6ba99ec7,ffff800014a64bf0,ffff8000ffff8e18) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(3ced925a6bf75382) at syscall+0x3f1 Xsyscall(6,0,d,0,3,ff61520a010) at Xsyscall+0x128 end of kernel end trace frame: 0xff87af737e0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(985c244152f935c9,ffffff003ed2fc00,ffff800000171290) at ip_fragment+0x551 ip_output(6901d0409d1004c1,ffffff003ed2f700,ffffff003ed2f700,0,ffffff00370d48c0,ffffff0036513d88) at ip_output+0xc06 sys/netinet/ip_output.c:501 udp_output(1aeaec5cdf9f4a34,121d,ffffff0036513d88,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004 sosend(475e29b01a5c2e75,ffffff00306fccb8,ffff800014a64a18,11e3,ffff800014a64b50,0) at sosend+0x472 sys/kern/uipc_socket.c:513 dofilewritev(ca4adc9dcd9521fc,0,4,ffff8000ffff8e18,ffff800014a64b50) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(3ced925a6ba99ec7,ffff800014a64bf0,ffff8000ffff8e18) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(3ced925a6bf75382) at syscall+0x3f1 Xsyscall(6,0,d,0,3,ff61520a010) at Xsyscall+0x128 end of kernel end trace frame: 0xff87af737e0, count: -10 ddb> show registers rdi 0xffffffff81f107a0 kprintf_mutex rsi 0xffffffff818a5a07 db_enter+0x17 rbp 0xffff800014a64640 rbx 0xffff800014a646e0 rdx 0xffff800000932000 rcx 0x168d __ALIGN_SIZE+0x68d rax 0xffff800000932000 r8 0xffff800014a64610 r9 0 r10 0x76510b3ebd8fd0c9 r11 0xd5bc4216bc09b7a2 r12 0x3000000008 r13 0xffff800014a64650 r14 0x100 r15 0xffffffff81cbcde4 substchar+0xe983 rip 0xffffffff818a5a08 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014a64630 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor1) pid=198689 stat=onproc flags process=0 proc=4000000 pri=73, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff8000149ed2d0,0xffffffff81f73588 process=0xffff8000ffff5718 user=0xffff800014a5f000, vmspace=0xffffff003f12b108 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 51699 296106 56466 0 2 0 syz-executor1 *51699 198689 56466 0 7 0x4000000 syz-executor1 30945 439088 1 0 3 0x100083 ttyin getty 60274 474290 0 0 3 0x14200 bored sosplice 23190 228363 30690 0 2 0x2 syz-executor0 56466 488875 30690 0 3 0x82 nanosleep syz-executor1 30690 247744 94204 0 3 0x82 thrsleep syz-fuzzer 30690 499114 94204 0 3 0x4000082 thrsleep syz-fuzzer 30690 139145 94204 0 3 0x4000082 thrsleep syz-fuzzer 30690 429897 94204 0 3 0x4000082 thrsleep syz-fuzzer 30690 228831 94204 0 3 0x4000082 kqread syz-fuzzer 30690 319554 94204 0 3 0x4000082 thrsleep syz-fuzzer 30690 488011 94204 0 3 0x4000082 thrsleep syz-fuzzer 94204 148355 24461 0 3 0x10008a pause ksh 24461 395619 6732 0 3 0x92 select sshd 6732 508297 1 0 3 0x80 select sshd 87997 498622 15224 73 3 0x100090 kqread syslogd 15224 286219 1 0 3 0x100082 netio syslogd 55942 31481 1 77 3 0x100090 poll dhclient 82719 468410 1 0 3 0x80 poll dhclient 56013 219729 0 0 2 0x14200 zerothread 99448 370029 0 0 3 0x14200 aiodoned aiodoned 7429 399861 0 0 3 0x14200 syncer update 33971 381571 0 0 3 0x14200 cleaner cleaner 16002 280455 0 0 3 0x14200 reaper reaper 25020 425957 0 0 3 0x14200 pgdaemon pagedaemon 51920 373599 0 0 3 0x14200 bored crynlk 31818 109990 0 0 3 0x14200 bored crypto 44102 338327 0 0 3 0x40014200 acpi0 acpi0 12458 488530 0 0 3 0x14200 bored softnet 60289 68453 0 0 3 0x14200 bored systqmp 28042 172905 0 0 3 0x14200 bored systq 79947 405241 0 0 3 0x40014200 bored softclock 52621 416136 0 0 3 0x40014200 idle0 1 61429 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper