panic: malformed IPv4 option passed to ip_optcopy
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*287174  77612      0        0x10  0x4000000    0  syz-executor1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
ip_fragment(cb874ccf06c9ed1b,ffffff0036cc1800,ffff800000171290) at ip_fragment+0x551
ip_output(ba07f64f054ee937,ffffff0037821e00,ffffff0037821e00,0,ffffff0036f2be38,ffffff0036f2cc00) at ip_output+0xc06 sys/netinet/ip_output.c:501
udp_output(9a06bd79585e57fe,f6e,ffffff0036f2cc00,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004
sosend(172850f39b782795,ffffff00376ad0f0,ffff800014a8aac8,ffff800014a8ac00,1492,0) at sosend+0x46c sys/kern/uipc_socket.c:513
dofilewritev(a001dcb2e3f8596,0,9,ffff800014a630c0,ffff800014a8ac00) at dofilewritev+0x148 sys/kern/sys_generic.c:364
sys_writev(835f9ae10e5c2be1,ffff800014a8aca0,ffff800014a630c0) at sys_writev+0xdb sys/kern/sys_generic.c:310
syscall(8ce079facc262e67) at syscall+0x3de
Xsyscall(6,0,d,0,3,32ded5ac010) at Xsyscall+0x128
end of kernel
end trace frame: 0x330ece1c420, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> show panic
malformed IPv4 option passed to ip_optcopy
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
ip_fragment(cb874ccf06c9ed1b,ffffff0036cc1800,ffff800000171290) at ip_fragment+0x551
ip_output(ba07f64f054ee937,ffffff0037821e00,ffffff0037821e00,0,ffffff0036f2be38,ffffff0036f2cc00) at ip_output+0xc06 sys/netinet/ip_output.c:501
udp_output(9a06bd79585e57fe,f6e,ffffff0036f2cc00,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004
sosend(172850f39b782795,ffffff00376ad0f0,ffff800014a8aac8,ffff800014a8ac00,1492,0) at sosend+0x46c sys/kern/uipc_socket.c:513
dofilewritev(a001dcb2e3f8596,0,9,ffff800014a630c0,ffff800014a8ac00) at dofilewritev+0x148 sys/kern/sys_generic.c:364
sys_writev(835f9ae10e5c2be1,ffff800014a8aca0,ffff800014a630c0) at sys_writev+0xdb sys/kern/sys_generic.c:310
syscall(8ce079facc262e67) at syscall+0x3de
Xsyscall(6,0,d,0,3,32ded5ac010) at Xsyscall+0x128
end of kernel
end trace frame: 0x330ece1c420, count: -10
ddb> show registers
rdi               0xffffffff81ef21e0    kprintf_mutex
rsi               0xffffffff81534b07    db_enter+0x17
rbp               0xffff800014a8a6f0
rbx               0xffff800014a8a790
rdx               0xffff800003ad1000
rcx                           0x18b8    __ALIGN_SIZE+0x8b8
rax               0xffff800003ad1000
r8                0xffff800014a8a6c0
r9                                 0
r10                0x992129e84be8eaa
r11               0x1883ddf7ff160470
r12                     0x3000000008
r13               0xffff800014a8a700
r14                            0x100
r15               0xffffffff81c47af7    substchar+0x111c0
rip               0xffffffff81534b08    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800014a8a6e0
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb> show proc
PROC (syz-executor1) pid=287174 stat=onproc
    flags process=10<SUGID> proc=4000000<THREAD>
    pri=77, usrpri=77, nice=20
    forw=0xffffffffffffffff, list=0xffff800014a62058,0xffffffff81f83fa8
    process=0xffff800014a60d40 user=0xffff800014a85000, vmspace=0xffffff003f12b630
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 77612  440192  50671      0  3        0x90  fsleep        syz-executor1
*77612  287174  50671      0  7   0x4000010                syz-executor1
 46354  490622  18901      0  3        0x82  nanosleep     syz-executor0
 50671  515155  18901      0  3        0x82  nanosleep     syz-executor1
 28189  434137      1      0  3    0x100083  ttyin         getty
 34039  327287      0      0  3     0x14200  bored         sosplice
 18901  171983   1935      0  3        0x82  thrsleep      syz-fuzzer
 18901   22288   1935      0  3   0x4000082  nanosleep     syz-fuzzer
 18901  508308   1935      0  3   0x4000082  thrsleep      syz-fuzzer
 18901  357934   1935      0  3   0x4000082  thrsleep      syz-fuzzer
 18901  374893   1935      0  3   0x4000082  thrsleep      syz-fuzzer
 18901  407113   1935      0  3   0x4000082  thrsleep      syz-fuzzer
 18901  496745   1935      0  3   0x4000082  kqread        syz-fuzzer
 18901  289173   1935      0  3   0x4000082  thrsleep      syz-fuzzer
  1935  149785  69548      0  3    0x10008a  pause         ksh
 69548  335035  92000      0  3        0x92  select        sshd
 92000  144001      1      0  3        0x80  select        sshd
 26441  453064  88225     73  3    0x100090  kqread        syslogd
 88225  455851      1      0  3    0x100082  netio         syslogd
 97515  170475      1     77  3    0x100090  poll          dhclient
 13154  338300      1      0  3        0x80  poll          dhclient
 14517  150692      0      0  2     0x14200                zerothread
 94766  190339      0      0  3     0x14200  aiodoned      aiodoned
 71297  359306      0      0  3     0x14200  syncer        update
 82814    3364      0      0  3     0x14200  cleaner       cleaner
 66692  333840      0      0  3     0x14200  reaper        reaper
 13634  473873      0      0  3     0x14200  pgdaemon      pagedaemon
 18086  168284      0      0  3     0x14200  bored         crynlk
 46893  237087      0      0  3     0x14200  bored         crypto
 15950  466296      0      0  3  0x40014200  acpi0         acpi0
 11751  174339      0      0  3     0x14200  bored         softnet
 99404  507600      0      0  3     0x14200  bored         systqmp
 50423  499073      0      0  3     0x14200  bored         systq
 80675  113546      0      0  3  0x40014200  bored         softclock
 58565  445463      0      0  3  0x40014200                idle0
     1  231519      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper