login: panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 182187 72833 0 0 0 1 syz-executor0 *406188 72833 0 0 0x4000000 0 syz-executor0 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(ffffff005ed2007c,ffff800000173290,ffffff0065485f00) at ip_fragment+0x5f4 ip_output(ffffff006f2e0690,ffffff0065485f00,ffffff005ed2007c,22,1076,3a88b5f121f65848) at ip_output+0xc6c sys/netinet/ip_output.c:501 rip_output(0,9,ffffff00654ba7f0,ffffff0064beda00) at rip_output+0x187 sys/netinet/raw_ip.c:293 rip_usrreq(e0a,ffffff00654ba7f0,ffffff0064beda00,ffffff0065485f00,0,3a88b5f121f65848) at rip_usrreq+0x3ed sys/netinet/raw_ip.c:472 sosend(ffffff0067aec970,ffff8000210a2bd0,1076,ffff8000210a2bd0,ffff8000210a2bf0,3a88b5f121f65848) at sosend+0x46a sys/kern/uipc_socket.c:513 sendit(ffff8000210a2bd0,ffff800021163610,ffff800021163520,ffff800021163628,4) at sendit+0x3f4 sys/kern/uipc_syscalls.c:662 sys_sendmsg(1c0,ffff8000210a2bd0,1) at sys_sendmsg+0x155 sys/kern/uipc_syscalls.c:567 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffd3,0,3,c8c4ded4010) at Xsyscall+0x128 end of kernel end trace frame: 0xc8e5c017cc0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(ffffff005ed2007c,ffff800000173290,ffffff0065485f00) at ip_fragment+0x5f4 ip_output(ffffff006f2e0690,ffffff0065485f00,ffffff005ed2007c,22,1076,3a88b5f121f65848) at ip_output+0xc6c sys/netinet/ip_output.c:501 rip_output(0,9,ffffff00654ba7f0,ffffff0064beda00) at rip_output+0x187 sys/netinet/raw_ip.c:293 rip_usrreq(e0a,ffffff00654ba7f0,ffffff0064beda00,ffffff0065485f00,0,3a88b5f121f65848) at rip_usrreq+0x3ed sys/netinet/raw_ip.c:472 sosend(ffffff0067aec970,ffff8000210a2bd0,1076,ffff8000210a2bd0,ffff8000210a2bf0,3a88b5f121f65848) at sosend+0x46a sys/kern/uipc_socket.c:513 sendit(ffff8000210a2bd0,ffff800021163610,ffff800021163520,ffff800021163628,4) at sendit+0x3f4 sys/kern/uipc_syscalls.c:662 sys_sendmsg(1c0,ffff8000210a2bd0,1) at sys_sendmsg+0x155 sys/kern/uipc_syscalls.c:567 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffd3,0,3,c8c4ded4010) at Xsyscall+0x128 end of kernel end trace frame: 0xc8e5c017cc0, count: -11 ddb{0}> show registers rdi 0xffffffff81e38f08 kprintf_mutex rsi 0xffffffff81487de9 db_enter+0x9 rbp 0xffff8000211630e0 rbx 0xffff800021163180 rdx 0xffff800000ad7000 rcx 0x121f __ALIGN_SIZE+0x21f rax 0xffff800000ad7000 r8 0xffff8000211630b0 r9 0 r10 0xffff800021162ef8 r11 0xffffffff819fd4a0 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff8000211630f0 r14 0x100 r15 0xffffffff81c38170 substchar+0xf15b rip 0xffffffff81487dea db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff8000211630e0 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor0) pid=406188 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a2270,0xffffffff81eb56c8 process=0xffff8000210b6fe0 user=0xffff80002115e000, vmspace=0xffffff007f125e70 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 72833 182187 38508 0 7 0 syz-executor0 *72833 406188 38508 0 7 0x4000000 syz-executor0 83219 266083 1 0 3 0x100083 ttyin getty 83506 303293 0 0 3 0x14200 bored sosplice 18756 975 15052 0 2 0x2 syz-executor1 38508 220302 15052 0 3 0x82 nanosleep syz-executor0 15052 337719 87857 0 3 0x82 thrsleep syz-fuzzer 15052 426106 87857 0 3 0x4000082 nanosleep syz-fuzzer 15052 173847 87857 0 3 0x4000082 thrsleep syz-fuzzer 15052 375033 87857 0 3 0x4000082 thrsleep syz-fuzzer 15052 73986 87857 0 3 0x4000082 thrsleep syz-fuzzer 15052 19933 87857 0 3 0x4000082 thrsleep syz-fuzzer 15052 370103 87857 0 3 0x4000082 kqread syz-fuzzer 15052 137941 87857 0 3 0x4000082 thrsleep syz-fuzzer 15052 30806 87857 0 3 0x4000082 thrsleep syz-fuzzer 15052 437070 87857 0 3 0x4000082 thrsleep syz-fuzzer 87857 499035 69620 0 3 0x10008a pause ksh 69620 365820 81682 0 3 0x92 select sshd 81682 74701 1 0 3 0x80 select sshd 8346 345957 2527 73 3 0x100090 kqread syslogd 2527 388581 1 0 3 0x100082 netio syslogd 30836 398023 1 77 3 0x100090 poll dhclient 2053 447178 1 0 3 0x80 poll dhclient 95382 104038 0 0 3 0x14200 pgzero zerothread 51905 151570 0 0 3 0x14200 aiodoned aiodoned 46310 364075 0 0 3 0x14200 syncer update 83494 144858 0 0 3 0x14200 cleaner cleaner 13052 358518 0 0 3 0x14200 reaper reaper 41009 396408 0 0 3 0x14200 pgdaemon pagedaemon 34565 207600 0 0 3 0x14200 bored crynlk 39011 41953 0 0 3 0x14200 bored crypto 94598 146738 0 0 3 0x40014200 acpi0 acpi0 49351 367256 0 0 3 0x40014200 idle1 50982 149505 0 0 3 0x14200 bored softnet 31167 71643 0 0 3 0x14200 bored systqmp 68175 369610 0 0 3 0x14200 bored systq 69715 339659 0 0 3 0x40014200 bored softclock 77276 447348 0 0 3 0x40014200 idle0 1 159284 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper