panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 296471 74914 65534 0x10 0 0 syz-executor0 *430960 74914 65534 0x10 0x4000000 1K syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(7762f226615701bd,ffffff0073d839b0,ffff800000173290) at ip_fragment+0x625 ip_output(6801b409e261ae98,ffffff006f303690,ffffff0073d83100,0,ffffff0073d83100,ffffff006e720c08) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(84fa9141d40f386e,12af,ffffff006e720c08,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(1b7d694cbaa9870a,ffffff0068a685b0,ffff80002117b968,ffff80002117baa0,1151,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(9905d0c9b812ce83,0,3,ffff800021062720,ffff80002117baa0) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(20405d94a23448db,790,ffff800021062720) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(d08acb04e6f802ec) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(d08acb04e6f802ec) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,738bd004010) at Xsyscall+0x128 end of kernel end trace frame: 0x73ae9c6dba0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(7762f226615701bd,ffffff0073d839b0,ffff800000173290) at ip_fragment+0x625 ip_output(6801b409e261ae98,ffffff006f303690,ffffff0073d83100,0,ffffff0073d83100,ffffff006e720c08) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(84fa9141d40f386e,12af,ffffff006e720c08,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(1b7d694cbaa9870a,ffffff0068a685b0,ffff80002117b968,ffff80002117baa0,1151,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(9905d0c9b812ce83,0,3,ffff800021062720,ffff80002117baa0) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(20405d94a23448db,790,ffff800021062720) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(d08acb04e6f802ec) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(d08acb04e6f802ec) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,738bd004010) at Xsyscall+0x128 end of kernel end trace frame: 0x73ae9c6dba0, count: -10 ddb{1}> show registers rdi 0xffffffff81f15558 kprintf_mutex rsi 0xffffffff8109bf47 db_enter+0x17 rbp 0xffff80002117b590 rbx 0xffff80002117b630 rdx 0xffff800000adb000 rcx 0x1974 __ALIGN_SIZE+0x974 rax 0xffff800000adb000 r8 0xffff80002117b560 r9 0 r10 0x643223e623c833c r11 0x4b276badca648041 r12 0x3000000008 r13 0xffff80002117b5a0 r14 0x100 r15 0xffffffff81c5f94c apollo_udma100_tim+0x10bae rip 0xffffffff8109bf48 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002117b580 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0) pid=430960 stat=onproc flags process=10 proc=4000000 pri=75, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff800021063080,0xffffffff81fbf118 process=0xffff80002109b3c8 user=0xffff800021176000, vmspace=0xffffff006927a430 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 74914 296471 20614 65534 7 0x10 syz-executor0 *74914 430960 20614 65534 7 0x4000010 syz-executor0 45270 115753 44384 65534 3 0x10 biowait syz-executor1 44384 484992 74142 0 3 0x82 wait syz-executor1 20614 368450 1974 65534 3 0x90 nanosleep syz-executor0 1974 317194 74142 0 3 0x82 wait syz-executor0 11536 524215 0 0 3 0x14200 bored sosplice 74142 423706 37643 0 3 0x82 thrsleep syz-fuzzer 74142 462669 37643 0 3 0x4000082 nanosleep syz-fuzzer 74142 256203 37643 0 3 0x4000082 thrsleep syz-fuzzer 74142 411904 37643 0 3 0x4000082 thrsleep syz-fuzzer 74142 44309 37643 0 3 0x4000082 thrsleep syz-fuzzer 74142 8302 37643 0 3 0x4000082 thrsleep syz-fuzzer 74142 280776 37643 0 3 0x4000082 nanosleep syz-fuzzer 74142 49626 37643 0 3 0x4000082 kqread syz-fuzzer 74142 415911 37643 0 3 0x4000082 thrsleep syz-fuzzer 74142 356386 37643 0 3 0x4000082 thrsleep syz-fuzzer 37643 214338 71359 0 3 0x10008a pause ksh 71359 71622 31115 0 3 0x92 select sshd 5818 57997 1 0 3 0x100083 ttyin getty 31115 27701 1 0 3 0x80 select sshd 63447 183446 47760 73 3 0x100090 kqread syslogd 47760 392884 1 0 3 0x100082 netio syslogd 74595 367040 1 77 3 0x100090 poll dhclient 70733 228719 1 0 3 0x80 poll dhclient 70020 167001 0 0 3 0x14200 pgzero zerothread 91461 221266 0 0 3 0x14200 aiodoned aiodoned 67136 457710 0 0 3 0x14200 syncer update 13215 86488 0 0 3 0x14200 cleaner cleaner 88560 363388 0 0 3 0x14200 reaper reaper 18339 288177 0 0 3 0x14200 pgdaemon pagedaemon 89490 103035 0 0 3 0x14200 bored crynlk 93557 145390 0 0 3 0x14200 bored crypto 24170 489663 0 0 3 0x40014200 acpi0 acpi0 58096 116014 0 0 3 0x40014200 idle1 93836 445479 0 0 3 0x14200 bored softnet 39477 224996 0 0 3 0x14200 bored systqmp 5185 136321 0 0 3 0x14200 bored systq 39941 350173 0 0 3 0x40014200 bored softclock 63484 292458 0 0 3 0x40014200 idle0 1 371398 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper