panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 295782 69794 32767 0x10 0 1 syz-executor0 * 59490 69794 32767 0x10 0x4000000 0 syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(9cce5cfe32be09d,ffffff006f1764b0,ffff800000173290) at ip_fragment+0x625 ip_output(5578852f54e3f49d,ffffff006f4b9348,ffffff006f1b1900,ffffff007c2e4b00,ffffff006f1b1900,ffffff006e8fcd88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(7f9c071dc06b700c,1220,ffffff006e8fcd88,ffffff007c2e4b00) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(f3ae83acbf5fce64,ffffff006fa8a5a0,ffff8000210632d8,1118,ffff8000210632d8,ffff8000210632f8) at sosend+0x47a sys/kern/uipc_socket.c:513 sendit(65845b5df6c17327,ffff8000210632d8,ffff80002119d2d0,ffff80002119d1d0,ffff80002119d2e8) at sendit+0x431 sys/kern/uipc_syscalls.c:662 sys_sendmsg(f39e4392de657300,1c0,ffff8000210632d8) at sys_sendmsg+0x162 sys/kern/uipc_syscalls.c:567 syscall(3088b7f0cb2506d8) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(3088b7f0cb2506d8) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffd3,0,3,34d33068010) at Xsyscall+0x128 end of kernel end trace frame: 0x34fe5991650, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(9cce5cfe32be09d,ffffff006f1764b0,ffff800000173290) at ip_fragment+0x625 ip_output(5578852f54e3f49d,ffffff006f4b9348,ffffff006f1b1900,ffffff007c2e4b00,ffffff006f1b1900,ffffff006e8fcd88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(7f9c071dc06b700c,1220,ffffff006e8fcd88,ffffff007c2e4b00) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(f3ae83acbf5fce64,ffffff006fa8a5a0,ffff8000210632d8,1118,ffff8000210632d8,ffff8000210632f8) at sosend+0x47a sys/kern/uipc_socket.c:513 sendit(65845b5df6c17327,ffff8000210632d8,ffff80002119d2d0,ffff80002119d1d0,ffff80002119d2e8) at sendit+0x431 sys/kern/uipc_syscalls.c:662 sys_sendmsg(f39e4392de657300,1c0,ffff8000210632d8) at sys_sendmsg+0x162 sys/kern/uipc_syscalls.c:567 syscall(3088b7f0cb2506d8) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(3088b7f0cb2506d8) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffd3,0,3,34d33068010) at Xsyscall+0x128 end of kernel end trace frame: 0x34fe5991650, count: -10 ddb{0}> show registers rdi 0xffffffff81eee870 kprintf_mutex rsi 0xffffffff8158b247 db_enter+0x17 rbp 0xffff80002119cd80 rbx 0xffff80002119ce20 rdx 0xffff80000173d000 rcx 0x124c __ALIGN_SIZE+0x24c rax 0xffff80000173d000 r8 0xffff80002119cd50 r9 0 r10 0x47feb61bbf05785a r11 0xf5e68b174637b360 r12 0x3000000008 r13 0xffff80002119cd90 r14 0x100 r15 0xffffffff81cd2082 substchar+0xd438 rip 0xffffffff8158b248 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002119cd70 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=59490 stat=onproc flags process=10 proc=4000000 pri=73, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff8000210624c8,0xffffffff81faa2e0 process=0xffff8000210653c0 user=0xffff800021198000, vmspace=0xffffff007c57f428 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 69794 295782 42689 32767 7 0x10 syz-executor0 *69794 59490 42689 32767 7 0x4000010 syz-executor0 71697 276834 89211 32767 2 0x490 syz-executor1 71697 33458 89211 32767 3 0x4000090 fifor syz-executor1 71697 7607 89211 32767 3 0x4000090 fifor syz-executor1 71697 335368 89211 32767 3 0x4000090 fsleep syz-executor1 89211 393710 93882 32767 3 0x90 nanosleep syz-executor1 93882 410803 73999 0 3 0x82 wait syz-executor1 42689 496557 40776 32767 3 0x90 nanosleep syz-executor0 40776 422884 73999 0 3 0x82 wait syz-executor0 19100 156826 0 0 3 0x14200 bored sosplice 73999 167541 72654 0 3 0x82 thrsleep syz-fuzzer 73999 436511 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 46959 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 448410 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 63294 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 284750 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 394903 72654 0 3 0x4000082 kqread syz-fuzzer 73999 158622 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 121142 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 107869 72654 0 3 0x4000082 thrsleep syz-fuzzer 73999 295540 72654 0 3 0x4000082 thrsleep syz-fuzzer 72654 108947 88426 0 3 0x10008a pause ksh 88426 101354 22815 0 3 0x92 select sshd 85899 137156 1 0 3 0x100083 ttyin getty 22815 441923 1 0 3 0x80 select sshd 62739 340297 98983 73 3 0x100090 kqread syslogd 98983 357911 1 0 3 0x100082 netio syslogd 2970 335769 1 77 3 0x100090 poll dhclient 74576 362025 1 0 3 0x80 poll dhclient 5177 20683 0 0 3 0x14200 pgzero zerothread 68694 512184 0 0 3 0x14200 aiodoned aiodoned 2615 91796 0 0 3 0x14200 syncer update 10117 380771 0 0 3 0x14200 cleaner cleaner 7126 192426 0 0 3 0x14200 reaper reaper 71964 19290 0 0 3 0x14200 pgdaemon pagedaemon 45724 109246 0 0 3 0x14200 bored crynlk 30014 136395 0 0 3 0x14200 bored crypto 88071 300683 0 0 3 0x40014200 acpi0 acpi0 12881 24102 0 0 3 0x40014200 idle1 29861 9073 0 0 3 0x14200 bored softnet 31097 331130 0 0 3 0x14200 bored systqmp 88246 256284 0 0 3 0x14200 bored systq 98754 523886 0 0 3 0x40014200 bored softclock 4901 312302 0 0 3 0x40014200 idle0 1 149633 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper