panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 156474 92404 32767 0x10 0 0 syz-executor1 *229022 92404 32767 0x10 0x4000000 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(9b01ae1756f44ac6,ffffff0069a91cb0,ffff800000173290) at ip_fragment+0x625 ip_output(652fbd3ca440e72c,ffffff006f4b0690,ffffff007a47f600,0,ffffff007a47f600,ffffff006e8edd88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(df33600491bb86f8,1187,ffffff006e8edd88,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(3396832409e0839c,ffffff007ab57790,ffff800021189d48,1279,ffff800021189e80,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(98f66b2f0564168b,0,8,ffff800021062bd0,ffff800021189e80) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(cef767a79a0aecd3,790,ffff800021062bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(38a13eb93c42d589) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(38a13eb93c42d589) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,1af207c4010) at Xsyscall+0x128 end of kernel end trace frame: 0x1b20ed78830, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(9b01ae1756f44ac6,ffffff0069a91cb0,ffff800000173290) at ip_fragment+0x625 ip_output(652fbd3ca440e72c,ffffff006f4b0690,ffffff007a47f600,0,ffffff007a47f600,ffffff006e8edd88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(df33600491bb86f8,1187,ffffff006e8edd88,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(3396832409e0839c,ffffff007ab57790,ffff800021189d48,1279,ffff800021189e80,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(98f66b2f0564168b,0,8,ffff800021062bd0,ffff800021189e80) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(cef767a79a0aecd3,790,ffff800021062bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(38a13eb93c42d589) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(38a13eb93c42d589) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,1af207c4010) at Xsyscall+0x128 end of kernel end trace frame: 0x1b20ed78830, count: -10 ddb{1}> show registers rdi 0xffffffff81eee870 kprintf_mutex rsi 0xffffffff8158b247 db_enter+0x17 rbp 0xffff800021189970 rbx 0xffff800021189a10 rdx 0xffff80000233d000 rcx 0x131c __ALIGN_SIZE+0x31c rax 0xffff80000233d000 r8 0xffff800021189940 r9 0 r10 0x519ea494e9963f76 r11 0xfb77d3d74b7748bb r12 0x3000000008 r13 0xffff800021189980 r14 0x100 r15 0xffffffff81cd2082 substchar+0xd438 rip 0xffffffff8158b248 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021189960 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=229022 stat=onproc flags process=10 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800021063080,0xffffffff81faa2e0 process=0xffff800021065078 user=0xffff800021184000, vmspace=0xffffff0065a36b60 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 92404 156474 64382 32767 7 0x10 syz-executor1 *92404 229022 64382 32767 7 0x4000010 syz-executor1 64382 100094 61232 32767 3 0x90 nanosleep syz-executor1 61232 24741 27862 0 3 0x82 wait syz-executor1 6052 105271 14825 32767 3 0x90 nanosleep syz-executor0 14825 46924 27862 0 3 0x82 wait syz-executor0 87114 190844 0 0 3 0x14200 bored sosplice 27862 384416 49983 0 3 0x82 thrsleep syz-fuzzer 27862 386415 49983 0 3 0x4000082 nanosleep syz-fuzzer 27862 287521 49983 0 3 0x4000082 thrsleep syz-fuzzer 27862 334581 49983 0 3 0x4000082 thrsleep syz-fuzzer 27862 312673 49983 0 3 0x4000082 thrsleep syz-fuzzer 27862 128698 49983 0 3 0x4000082 thrsleep syz-fuzzer 27862 24353 49983 0 3 0x4000082 nanosleep syz-fuzzer 27862 388202 49983 0 3 0x4000082 thrsleep syz-fuzzer 27862 40277 49983 0 3 0x4000082 kqread syz-fuzzer 27862 376581 49983 0 3 0x4000082 thrsleep syz-fuzzer 27862 83732 49983 0 3 0x4000082 thrsleep syz-fuzzer 49983 314445 39183 0 3 0x10008a pause ksh 39183 398414 41317 0 3 0x92 select sshd 67850 205625 1 0 3 0x100083 ttyin getty 41317 355401 1 0 3 0x80 select sshd 3919 160849 27472 73 3 0x100090 kqread syslogd 27472 307493 1 0 3 0x100082 netio syslogd 96519 503276 1 77 3 0x100090 poll dhclient 88433 470881 1 0 3 0x80 poll dhclient 11715 247759 0 0 3 0x14200 pgzero zerothread 13237 5900 0 0 3 0x14200 aiodoned aiodoned 77408 485365 0 0 3 0x14200 syncer update 58947 442026 0 0 3 0x14200 cleaner cleaner 26037 183708 0 0 3 0x14200 reaper reaper 14223 290729 0 0 3 0x14200 pgdaemon pagedaemon 62235 308367 0 0 3 0x14200 bored crynlk 31209 230848 0 0 3 0x14200 bored crypto 10197 165481 0 0 3 0x40014200 acpi0 acpi0 82242 487589 0 0 3 0x40014200 idle1 90500 380517 0 0 3 0x14200 bored softnet 26461 307923 0 0 3 0x14200 bored systqmp 11376 186515 0 0 3 0x14200 bored systq 43474 307528 0 0 3 0x40014200 bored softclock 51797 237618 0 0 3 0x40014200 idle0 1 130659 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper