panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 449293 24059 65534 0x10 0 1 syz-executor0 * 67810 24059 65534 0x10 0x4000000 0K syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(e63474d89846f5b5,ffffff00698f61b0,ffff800000173290) at ip_fragment+0x625 ip_output(4f28648753184c1a,ffffff006f30bd20,ffffff00698f6f00,0,ffffff00698f6f00,ffffff006e70dc08) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(41f7f1e605370fdf,fd7,ffffff006e70dc08,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(b868249556f1cfa2,ffffff00777fbc30,ffff800021155258,ffff800021155390,1429,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(d3a8b6987596bf81,0,2d6,ffff80002108b530,ffff800021155390) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(9b3fe34eef6a951d,790,ffff80002108b530) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(1f308d21ccaca36e) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(1f308d21ccaca36e) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,1a874bc8010) at Xsyscall+0x128 end of kernel end trace frame: 0x1ab54ccf360, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(e63474d89846f5b5,ffffff00698f61b0,ffff800000173290) at ip_fragment+0x625 ip_output(4f28648753184c1a,ffffff006f30bd20,ffffff00698f6f00,0,ffffff00698f6f00,ffffff006e70dc08) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(41f7f1e605370fdf,fd7,ffffff006e70dc08,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(b868249556f1cfa2,ffffff00777fbc30,ffff800021155258,ffff800021155390,1429,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(d3a8b6987596bf81,0,2d6,ffff80002108b530,ffff800021155390) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(9b3fe34eef6a951d,790,ffff80002108b530) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(1f308d21ccaca36e) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(1f308d21ccaca36e) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,1a874bc8010) at Xsyscall+0x128 end of kernel end trace frame: 0x1ab54ccf360, count: -10 ddb{0}> show registers rdi 0xffffffff81f14858 kprintf_mutex rsi 0xffffffff81a305f7 db_enter+0x17 rbp 0xffff800021154e80 rbx 0xffff800021154f20 rdx 0xffff8000010d9000 rcx 0x1d66 __ALIGN_SIZE+0xd66 rax 0xffff8000010d9000 r8 0xffff800021154e50 r9 0 r10 0x164a1bb361b430e2 r11 0x1e888d5f4aa08978 r12 0x3000000008 r13 0xffff800021154e90 r14 0x100 r15 0xffffffff81c5fd6d apollo_udma100_tim+0x13afa rip 0xffffffff81a305f8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021154e70 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=67810 stat=onproc flags process=10 proc=4000000 pri=72, usrpri=72, nice=20 forw=0xffffffffffffffff, list=0xffff80002108a018,0xffffffff81faa5b8 process=0xffff8000210653c0 user=0xffff800021150000, vmspace=0xffffff00658b9428 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 24059 449293 53069 65534 7 0x10 syz-executor0 *24059 67810 53069 65534 7 0x4000010 syz-executor0 53069 13581 34474 65534 3 0x90 nanosleep syz-executor0 34474 293979 85174 0 3 0x82 wait syz-executor0 86415 17917 58711 65534 3 0x90 nanosleep syz-executor1 58711 306139 85174 0 3 0x82 wait syz-executor1 56984 134901 0 0 3 0x14200 bored sosplice 85174 212807 24974 0 3 0x82 thrsleep syz-fuzzer 85174 245130 24974 0 3 0x4000082 nanosleep syz-fuzzer 85174 189946 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 55835 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 219714 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 22101 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 229593 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 218950 24974 0 3 0x4000082 kqread syz-fuzzer 85174 487117 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 167904 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 39822 24974 0 3 0x4000082 thrsleep syz-fuzzer 85174 211585 24974 0 3 0x4000082 thrsleep syz-fuzzer 24974 287989 51937 0 3 0x10008a pause ksh 51937 321345 26182 0 3 0x92 select sshd 13317 371612 1 0 3 0x100083 ttyin getty 26182 285363 1 0 3 0x80 select sshd 26266 444694 4478 73 3 0x100090 kqread syslogd 4478 26735 1 0 3 0x100082 netio syslogd 61970 289603 1 77 3 0x100090 poll dhclient 87984 311171 1 0 3 0x80 poll dhclient 47845 493398 0 0 3 0x14200 pgzero zerothread 26327 324085 0 0 3 0x14200 aiodoned aiodoned 39203 487970 0 0 3 0x14200 syncer update 82772 508785 0 0 3 0x14200 cleaner cleaner 12544 483824 0 0 3 0x14200 reaper reaper 58544 204993 0 0 3 0x14200 pgdaemon pagedaemon 72076 328858 0 0 3 0x14200 bored crynlk 73369 426703 0 0 3 0x14200 bored crypto 25554 286658 0 0 3 0x40014200 acpi0 acpi0 52560 321322 0 0 3 0x40014200 idle1 3350 261256 0 0 3 0x14200 bored softnet 40467 413654 0 0 3 0x14200 bored systqmp 67672 425924 0 0 3 0x14200 bored systq 47909 50817 0 0 3 0x40014200 bored softclock 81933 98821 0 0 3 0x40014200 idle0 1 394273 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper