panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 416800 19637 0 0 0 1 syz-executor0 * 26740 19637 0 0 0x4000000 0K syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(567f1cc221763f5d,ffffff00071e15b0,ffff800000173290) at ip_fragment+0x625 ip_output(301b5098ca1ad5de,ffffff006f302578,ffffff006d8cc400,0,ffffff006d8cc400,ffffff006f303780) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(c91e48ce38f10e1f,1395,ffffff006f303780,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(c91e48ce388b4d00,ffffff0068a76da8,ffff800021137a68,ffff800021137ba0,106b,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(bb34d13781550d43,0,3,ffff800021098bd0,ffff800021137ba0) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(ad86567437247ef5,790,ffff800021098bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(567f1cc221f9d5b4) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(567f1cc221f9d5b4) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(0,0,d,0,3,1a685f10010) at Xsyscall+0x128 end of kernel end trace frame: 0x1a8a75e7110, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(567f1cc221763f5d,ffffff00071e15b0,ffff800000173290) at ip_fragment+0x625 ip_output(301b5098ca1ad5de,ffffff006f302578,ffffff006d8cc400,0,ffffff006d8cc400,ffffff006f303780) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(c91e48ce38f10e1f,1395,ffffff006f303780,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(c91e48ce388b4d00,ffffff0068a76da8,ffff800021137a68,ffff800021137ba0,106b,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(bb34d13781550d43,0,3,ffff800021098bd0,ffff800021137ba0) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(ad86567437247ef5,790,ffff800021098bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(567f1cc221f9d5b4) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(567f1cc221f9d5b4) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(0,0,d,0,3,1a685f10010) at Xsyscall+0x128 end of kernel end trace frame: 0x1a8a75e7110, count: -10 ddb{0}> show registers rdi 0xffffffff81efc250 kprintf_mutex rsi 0xffffffff818bdff7 db_enter+0x17 rbp 0xffff800021137690 rbx 0xffff800021137730 rdx 0xffff8000018da000 rcx 0x1304 __ALIGN_SIZE+0x304 rax 0xffff8000018da000 r8 0xffff800021137660 r9 0 r10 0x5cbf78ed5460fce5 r11 0x42ce44173127a833 r12 0x3000000008 r13 0xffff8000211376a0 r14 0x100 r15 0xffffffff81c5c0b4 substchar+0xf53a rip 0xffffffff818bdff8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021137680 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=26740 stat=onproc flags process=0 proc=4000000 pri=75, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff800021099530,0xffffffff81fabfe0 process=0xffff80002109a018 user=0xffff800021132000, vmspace=0xffffff007f124c60 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 19637 416800 92953 0 7 0 syz-executor0 *19637 26740 92953 0 7 0x4000000 syz-executor0 52245 135732 57926 0 2 0x482 syz-executor1 92953 78253 57926 0 3 0x82 nanosleep syz-executor0 44876 19980 1 0 3 0x100083 ttyin getty 43022 215288 0 0 3 0x14200 bored sosplice 57926 386089 1927 0 3 0x82 thrsleep syz-fuzzer 57926 506671 1927 0 2 0x4000482 syz-fuzzer 57926 394052 1927 0 3 0x4000082 thrsleep syz-fuzzer 57926 33290 1927 0 3 0x4000082 kqread syz-fuzzer 57926 492248 1927 0 3 0x4000082 thrsleep syz-fuzzer 57926 301894 1927 0 3 0x4000082 thrsleep syz-fuzzer 57926 254653 1927 0 3 0x4000082 thrsleep syz-fuzzer 57926 98510 1927 0 3 0x4000082 thrsleep syz-fuzzer 57926 281887 1927 0 3 0x4000082 thrsleep syz-fuzzer 57926 113278 1927 0 3 0x4000082 thrsleep syz-fuzzer 57926 144132 1927 0 3 0x4000082 thrsleep syz-fuzzer 1927 470731 44481 0 3 0x10008a pause ksh 44481 97523 25985 0 3 0x92 select sshd 25985 1373 1 0 3 0x80 select sshd 43258 69417 84103 73 3 0x100090 kqread syslogd 84103 434618 1 0 3 0x100082 netio syslogd 92395 366115 1 77 3 0x100090 poll dhclient 51319 446378 1 0 3 0x80 poll dhclient 16220 420750 0 0 3 0x14200 pgzero zerothread 83101 515880 0 0 3 0x14200 aiodoned aiodoned 28747 297974 0 0 3 0x14200 syncer update 81904 193707 0 0 3 0x14200 cleaner cleaner 98102 489605 0 0 3 0x14200 reaper reaper 96589 344090 0 0 3 0x14200 pgdaemon pagedaemon 13341 197750 0 0 3 0x14200 bored crynlk 50233 301115 0 0 3 0x14200 bored crypto 93543 335811 0 0 3 0x40014200 acpi0 acpi0 1400 322707 0 0 3 0x40014200 idle1 98487 311019 0 0 3 0x14200 bored softnet 35015 444385 0 0 3 0x14200 bored systqmp 5814 505151 0 0 3 0x14200 bored systq 8331 367847 0 0 3 0x40014200 bored softclock 79307 435448 0 0 3 0x40014200 idle0 1 414046 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper