panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 375838 35382 32767 0x10 0 0 syz-executor1 *384347 35382 32767 0x10 0x4000000 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(fb844b1460dece23,ffffff006f1205b0,ffff800000173290) at ip_fragment+0x625 ip_output(c16453145517478e,ffffff006f4adaf0,ffffff006f120f00,0,ffffff006f120f00,ffffff006e8eed88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(2c9210317b312952,127f,ffffff006e8eed88,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(d2908651bc8e55e8,ffffff007e046b58,ffff80002113ed98,1181,ffff80002113eed0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(958f4685728eaf56,0,4,ffff800021063c38,ffff80002113eed0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(460b0e09522bdd65,790,ffff800021063c38) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(fb844b1460519aca) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(fb844b1460519aca) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,2fe3f6e2010) at Xsyscall+0x128 end of kernel end trace frame: 0x300a2aab070, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(fb844b1460dece23,ffffff006f1205b0,ffff800000173290) at ip_fragment+0x625 ip_output(c16453145517478e,ffffff006f4adaf0,ffffff006f120f00,0,ffffff006f120f00,ffffff006e8eed88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(2c9210317b312952,127f,ffffff006e8eed88,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(d2908651bc8e55e8,ffffff007e046b58,ffff80002113ed98,1181,ffff80002113eed0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(958f4685728eaf56,0,4,ffff800021063c38,ffff80002113eed0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(460b0e09522bdd65,790,ffff800021063c38) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(fb844b1460519aca) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(fb844b1460519aca) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,2fe3f6e2010) at Xsyscall+0x128 end of kernel end trace frame: 0x300a2aab070, count: -10 ddb{1}> show registers rdi 0xffffffff81ee6a98 kprintf_mutex rsi 0xffffffff810774d7 db_enter+0x17 rbp 0xffff80002113e9c0 rbx 0xffff80002113ea60 rdx 0xffff800004744000 rcx 0x10aa __ALIGN_SIZE+0xaa rax 0xffff800004744000 r8 0xffff80002113e990 r9 0 r10 0x7147921a52a0e02c r11 0x9a602e0ed705fa46 r12 0x3000000008 r13 0xffff80002113e9d0 r14 0x100 r15 0xffffffff81cd35c1 substchar+0x1034c rip 0xffffffff810774d8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002113e9b0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=384347 stat=onproc flags process=10 proc=4000000 pri=69, usrpri=69, nice=20 forw=0xffffffffffffffff, list=0xffff800021062018,0xffffffff81fb06c8 process=0xffff8000210653c0 user=0xffff80002113a000, vmspace=0xffffff00659ebc68 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 35382 375838 27811 32767 7 0x10 syz-executor1 *35382 384347 27811 32767 7 0x4000010 syz-executor1 15075 254198 12465 32767 2 0x10 syz-executor0 15075 3242 12465 32767 3 0x4000090 lockf syz-executor0 15075 481503 12465 32767 3 0x4000090 lockf syz-executor0 27811 89342 51117 32767 3 0x90 nanosleep syz-executor1 51117 79142 7488 0 3 0x82 wait syz-executor1 12465 267541 33879 32767 3 0x90 nanosleep syz-executor0 33879 388997 7488 0 3 0x82 wait syz-executor0 38802 130606 0 0 3 0x14200 bored sosplice 7488 345709 45352 0 3 0x82 thrsleep syz-fuzzer 7488 224723 45352 0 3 0x4000082 nanosleep syz-fuzzer 7488 479648 45352 0 3 0x4000082 thrsleep syz-fuzzer 7488 167094 45352 0 3 0x4000082 thrsleep syz-fuzzer 7488 364184 45352 0 3 0x4000082 thrsleep syz-fuzzer 7488 446263 45352 0 3 0x4000082 thrsleep syz-fuzzer 7488 340056 45352 0 3 0x4000082 thrsleep syz-fuzzer 7488 156275 45352 0 3 0x4000082 kqread syz-fuzzer 7488 417802 45352 0 3 0x4000082 thrsleep syz-fuzzer 7488 395322 45352 0 3 0x4000082 thrsleep syz-fuzzer 7488 251677 45352 0 3 0x4000082 thrsleep syz-fuzzer 45352 399692 96325 0 3 0x10008a pause ksh 96325 500720 43419 0 3 0x92 select sshd 66108 100221 1 0 3 0x100083 ttyin getty 43419 348556 1 0 3 0x80 select sshd 29787 15637 66876 73 3 0x100090 kqread syslogd 66876 254144 1 0 3 0x100082 netio syslogd 87571 447550 1 77 3 0x100090 poll dhclient 22973 435075 1 0 3 0x80 poll dhclient 94997 135240 0 0 2 0x14200 zerothread 53805 328407 0 0 3 0x14200 aiodoned aiodoned 76333 356200 0 0 3 0x14200 syncer update 75934 129400 0 0 3 0x14200 cleaner cleaner 44842 17777 0 0 3 0x14200 reaper reaper 60958 65801 0 0 3 0x14200 pgdaemon pagedaemon 30682 450108 0 0 3 0x14200 bored crynlk 75082 464181 0 0 3 0x14200 bored crypto 85797 59389 0 0 3 0x40014200 acpi0 acpi0 44197 305086 0 0 3 0x40014200 idle1 91394 277393 0 0 3 0x14200 bored softnet 47349 340007 0 0 3 0x14200 bored systqmp 84930 27243 0 0 3 0x14200 bored systq 38874 417180 0 0 3 0x40014200 bored softclock 86268 281247 0 0 3 0x40014200 idle0 1 127683 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper