panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 8663 65206 32767 0x10 0x4000000 0K syz-executor0 331763 92294 32767 0x10 0 1 syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(6b1e6b62d11a8439,ffffff00699aefb0,ffff800000173290) at ip_fragment+0x625 ip_output(5e07733d2afffa26,ffffff006f4ad7a8,ffffff0069ab3200,0,ffffff0069ab3200,ffffff006f4ae780) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(6fb8b547681d7fea,116c,ffffff006f4ae780,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(8feeb7d59cba0782,ffffff006e652e90,ffff80002118f978,1294,ffff80002118fab0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(fccb0edc3d23c87a,0,5,ffff800021062bd0,ffff80002118fab0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(36bb4dd37ddf6dc6,790,ffff800021062bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(ba9cfd13da933374) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ba9cfd13da933374) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,28ac57e2010) at Xsyscall+0x128 end of kernel end trace frame: 0x28db720e720, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(6b1e6b62d11a8439,ffffff00699aefb0,ffff800000173290) at ip_fragment+0x625 ip_output(5e07733d2afffa26,ffffff006f4ad7a8,ffffff0069ab3200,0,ffffff0069ab3200,ffffff006f4ae780) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(6fb8b547681d7fea,116c,ffffff006f4ae780,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(8feeb7d59cba0782,ffffff006e652e90,ffff80002118f978,1294,ffff80002118fab0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(fccb0edc3d23c87a,0,5,ffff800021062bd0,ffff80002118fab0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(36bb4dd37ddf6dc6,790,ffff800021062bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(ba9cfd13da933374) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ba9cfd13da933374) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,28ac57e2010) at Xsyscall+0x128 end of kernel end trace frame: 0x28db720e720, count: -10 ddb{0}> show registers rdi 0xffffffff81f00128 kprintf_mutex rsi 0xffffffff81150e07 db_enter+0x17 rbp 0xffff80002118f5a0 rbx 0xffff80002118f640 rdx 0xffff80000233d000 rcx 0x133d __ALIGN_SIZE+0x33d rax 0xffff80000233d000 r8 0xffff80002118f570 r9 0 r10 0xabeba395329cf927 r11 0x90474ab8e9a01a80 r12 0x3000000008 r13 0xffff80002118f5b0 r14 0x100 r15 0xffffffff81cd528d apollo_udma100_tim+0xde73 rip 0xffffffff81150e08 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002118f590 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=8663 stat=onproc flags process=10 proc=4000000 pri=68, usrpri=68, nice=20 forw=0xffffffffffffffff, list=0xffff800021062018,0xffffffff81f8d720 process=0xffff800021065708 user=0xffff80002118a000, vmspace=0xffffff00659e9c68 estcpu=18, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 65206 405143 56669 32767 2 0x10 syz-executor0 *65206 8663 56669 32767 7 0x4000010 syz-executor0 92294 331763 38619 32767 7 0x10 syz-executor1 92294 477962 38619 32767 3 0x4000090 ttyout syz-executor1 38619 47694 2279 32767 3 0x90 nanosleep syz-executor1 2279 252094 10349 0 3 0x82 wait syz-executor1 56669 470124 73375 32767 3 0x90 nanosleep syz-executor0 73375 224564 10349 0 3 0x82 wait syz-executor0 9520 26795 0 0 3 0x14200 bored sosplice 10349 455696 30297 0 3 0x82 kqread syz-fuzzer 10349 396966 30297 0 3 0x4000082 nanosleep syz-fuzzer 10349 78601 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 288007 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 15680 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 419758 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 197630 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 74702 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 466868 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 508943 30297 0 3 0x4000082 thrsleep syz-fuzzer 10349 154870 30297 0 3 0x4000082 thrsleep syz-fuzzer 30297 523304 35781 0 3 0x10008a pause ksh 35781 450987 6123 0 3 0x92 select sshd 71152 197025 1 0 3 0x100083 ttyin getty 6123 395508 1 0 3 0x80 select sshd 54258 175657 29389 73 3 0x100090 kqread syslogd 29389 328786 1 0 3 0x100082 netio syslogd 10928 388445 1 77 3 0x100090 poll dhclient 83177 135858 1 0 3 0x80 poll dhclient 51042 499916 0 0 2 0x14200 zerothread 87051 488618 0 0 3 0x14200 aiodoned aiodoned 52654 449280 0 0 3 0x14200 syncer update 216 226489 0 0 3 0x14200 cleaner cleaner 46516 508264 0 0 3 0x14200 reaper reaper 77586 152820 0 0 3 0x14200 pgdaemon pagedaemon 70114 514609 0 0 3 0x14200 bored crynlk 43824 256280 0 0 3 0x14200 bored crypto 21200 284018 0 0 3 0x40014200 acpi0 acpi0 43677 33336 0 0 3 0x40014200 idle1 41322 105554 0 0 3 0x14200 bored softnet 78132 51013 0 0 3 0x14200 bored systqmp 27085 106323 0 0 3 0x14200 bored systq 29385 221510 0 0 3 0x40014200 bored softclock 38284 71472 0 0 3 0x40014200 idle0 1 83507 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper