panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 464911 66443 65534 0x10 0 0 syz-executor0 *139299 66443 65534 0x10 0x4000000 1K syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(111338fc26432420,ffffff0069977bb0,ffff800000173290) at ip_fragment+0x625 ip_output(f4bf138f04443951,ffffff006f30d230,ffffff00783f2400,0,ffffff00783f2400,ffffff006f30ea80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(2222acdf88b48c56,12bc,ffffff006f30ea80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(af035c15732d4ea7,ffffff006e49fd28,ffff800021141858,ffff800021141990,1144,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(4429e2ceff3627b1,0,3,ffff80002108a978,ffff800021141990) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(8d7d3d47282d199b,790,ffff80002108a978) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(10dc5afa8f6e99de) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(10dc5afa8f6e99de) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,9d955f8b010) at Xsyscall+0x128 end of kernel end trace frame: 0x9db84179040, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(111338fc26432420,ffffff0069977bb0,ffff800000173290) at ip_fragment+0x625 ip_output(f4bf138f04443951,ffffff006f30d230,ffffff00783f2400,0,ffffff00783f2400,ffffff006f30ea80) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(2222acdf88b48c56,12bc,ffffff006f30ea80,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(af035c15732d4ea7,ffffff006e49fd28,ffff800021141858,ffff800021141990,1144,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(4429e2ceff3627b1,0,3,ffff80002108a978,ffff800021141990) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(8d7d3d47282d199b,790,ffff80002108a978) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(10dc5afa8f6e99de) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(10dc5afa8f6e99de) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,9d955f8b010) at Xsyscall+0x128 end of kernel end trace frame: 0x9db84179040, count: -10 ddb{1}> show registers rdi 0xffffffff81ee5310 kprintf_mutex rsi 0xffffffff810e80d7 db_enter+0x17 rbp 0xffff800021141480 rbx 0xffff800021141520 rdx 0xffff800000ed9000 rcx 0x1683 __ALIGN_SIZE+0x683 rax 0xffff800000ed9000 r8 0xffff800021141450 r9 0 r10 0xd4943800ee6db984 r11 0xf26344aa889d1fc2 r12 0x3000000008 r13 0xffff800021141490 r14 0x100 r15 0xffffffff81c5f925 apollo_udma100_tim+0x10a1d rip 0xffffffff810e80d8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021141470 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0) pid=139299 stat=onproc flags process=10 proc=4000000 pri=75, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff80002108a4c8,0xffffffff81faceb8 process=0xffff80002109a018 user=0xffff80002113c000, vmspace=0xffffff0065912008 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 49982 288266 15759 0 2 0x100002 sh 15759 351686 30465 0 3 0x80 wait syz-executor1 66443 464911 13274 65534 7 0x10 syz-executor0 *66443 139299 13274 65534 7 0x4000010 syz-executor0 30465 52650 22121 0 3 0x82 wait syz-executor1 13274 275689 27331 65534 3 0x90 nanosleep syz-executor0 27331 493945 22121 0 3 0x82 wait syz-executor0 72150 269613 0 0 3 0x14200 bored sosplice 22121 156699 91983 0 3 0x82 thrsleep syz-fuzzer 22121 352936 91983 0 3 0x4000082 nanosleep syz-fuzzer 22121 431042 91983 0 3 0x4000082 thrsleep syz-fuzzer 22121 479535 91983 0 3 0x4000082 thrsleep syz-fuzzer 22121 204353 91983 0 3 0x4000082 thrsleep syz-fuzzer 22121 455344 91983 0 3 0x4000082 thrsleep syz-fuzzer 22121 265205 91983 0 3 0x4000082 thrsleep syz-fuzzer 22121 224402 91983 0 3 0x4000082 kqread syz-fuzzer 22121 243339 91983 0 3 0x4000082 thrsleep syz-fuzzer 22121 76426 91983 0 3 0x4000082 thrsleep syz-fuzzer 22121 108717 91983 0 3 0x4000082 thrsleep syz-fuzzer 91983 75549 4282 0 3 0x10008a pause ksh 4282 73084 56254 0 3 0x92 select sshd 53736 515440 1 0 3 0x100083 ttyin getty 56254 224041 1 0 3 0x80 select sshd 68876 380765 13884 73 3 0x100090 kqread syslogd 13884 309368 1 0 3 0x100082 netio syslogd 73488 402671 1 77 3 0x100090 poll dhclient 43476 196435 1 0 3 0x80 poll dhclient 4920 431110 0 0 3 0x14200 pgzero zerothread 36134 273020 0 0 3 0x14200 aiodoned aiodoned 32473 332701 0 0 3 0x14200 syncer update 39464 239533 0 0 3 0x14200 cleaner cleaner 49655 298522 0 0 3 0x14200 reaper reaper 49128 228788 0 0 3 0x14200 pgdaemon pagedaemon 79860 229994 0 0 3 0x14200 bored crynlk 81467 1883 0 0 3 0x14200 bored crypto 23813 95451 0 0 3 0x40014200 acpi0 acpi0 16912 96368 0 0 3 0x40014200 idle1 90022 485099 0 0 3 0x14200 bored softnet 87172 248360 0 0 3 0x14200 bored systqmp 1996 512673 0 0 3 0x14200 bored systq 55553 195439 0 0 3 0x40014200 bored softclock 55667 385059 0 0 3 0x40014200 idle0 1 388256 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper