panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *172770 1203 0 0 0x4000000 0 syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(21b6253fd2291027,ffffff003543f400,ffff800000171290) at ip_fragment+0x551 ip_output(a13db409bdd896a1,ffffff003543f500,ffffff003543f400,0,ffffff00370cdc08,ffffff00370ce180) at ip_output+0xc06 sys/netinet/ip_output.c:501 udp_output(40523f1d843b97ed,1400,ffffff00370ce180,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004 sosend(939494a0e3081b1d,ffffff0030bbee20,ffff800014ab4b90,1000,ffff800014ab4c40,0) at sosend+0x472 sys/kern/uipc_socket.c:513 dofilewritev(7d415eb04425ac95,ffff8000ffff92c8,ffff800014ab4c40,1000,ffff800014ab4c58) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_write(b03daf0637b1c184,ffff800014ab4ce0,ffff8000ffff92c8) at sys_write+0x7b sys/kern/sys_generic.c:283 syscall(f4d18a1ad028ddd8) at syscall+0x3f1 Xsyscall(6,0,c,0,3,909eabe0010) at Xsyscall+0x128 end of kernel end trace frame: 0x90c673f9a60, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> show panic malformed IPv4 option passed to ip_optcopy ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(21b6253fd2291027,ffffff003543f400,ffff800000171290) at ip_fragment+0x551 ip_output(a13db409bdd896a1,ffffff003543f500,ffffff003543f400,0,ffffff00370cdc08,ffffff00370ce180) at ip_output+0xc06 sys/netinet/ip_output.c:501 udp_output(40523f1d843b97ed,1400,ffffff00370ce180,0) at udp_output+0x444 sys/netinet/udp_usrreq.c:1004 sosend(939494a0e3081b1d,ffffff0030bbee20,ffff800014ab4b90,1000,ffff800014ab4c40,0) at sosend+0x472 sys/kern/uipc_socket.c:513 dofilewritev(7d415eb04425ac95,ffff8000ffff92c8,ffff800014ab4c40,1000,ffff800014ab4c58) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_write(b03daf0637b1c184,ffff800014ab4ce0,ffff8000ffff92c8) at sys_write+0x7b sys/kern/sys_generic.c:283syscall(f4d18a1ad028ddd8) at syscall+0x3f1 Xsyscall(6,0,c,0,3,909eabe0010) at Xsyscall+0x128 end of kernel end trace frame: 0x90c673f9a60, count: -10 ddb> show registers rdi 0xffffffff81f1d5a8 kprintf_mutex rsi 0xffffffff81bcf0c7 db_enter+0x17 rbp 0xffff800014ab47c0 rbx 0xffff800014ab4860 rdx 0xffff800002933000 rcx 0x177e __ALIGN_SIZE+0x77e rax 0xffff800002933000 r8 0xffff800014ab4790 r9 0 r10 0xcc4f891073d94323 r11 0xb656a610c66780f r12 0x3000000008 r13 0xffff800014ab47d0 r14 0x100 r15 0xffffffff81cbe76a substchar+0xfe5f rip 0xffffffff81bcf0c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014ab47b0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor0) pid=172770 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff8000149ed780,0xffffffff81fafe18 process=0xffff8000ffff5a60 user=0xffff800014aaf000, vmspace=0xffffff003f12a948 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 1203 100182 74315 0 2 0 syz-executor0 * 1203 172770 74315 0 7 0x4000000 syz-executor0 82970 178148 13475 0 3 0x80 nanosleep syz-executor1 82970 67074 13475 0 3 0x4000080 piperd syz-executor1 82970 194458 13475 0 3 0x4000080 fsleep syz-executor1 5244 460303 1 0 3 0x100083 ttyin getty 20154 409756 0 0 3 0x14200 bored sosplice 74315 519154 45543 0 3 0x82 nanosleep syz-executor0 13475 425244 45543 0 3 0x82 nanosleep syz-executor1 45543 422283 54483 0 3 0x82 thrsleep syz-fuzzer 45543 398147 54483 0 3 0x4000082 nanosleep syz-fuzzer 45543 381296 54483 0 3 0x4000082 thrsleep syz-fuzzer 45543 291000 54483 0 3 0x4000082 kqread syz-fuzzer 45543 361180 54483 0 3 0x4000082 thrsleep syz-fuzzer 45543 2012 54483 0 3 0x4000082 thrsleep syz-fuzzer 45543 172515 54483 0 3 0x4000082 thrsleep syz-fuzzer 54483 60835 13956 0 3 0x10008a pause ksh 13956 299364 81391 0 3 0x92 select sshd 81391 369089 1 0 3 0x80 select sshd 41758 509958 32435 73 3 0x100090 kqread syslogd 32435 78354 1 0 3 0x100082 netio syslogd 65282 438357 1 77 3 0x100090 poll dhclient 35969 179001 1 0 3 0x80 poll dhclient 86240 445098 0 0 2 0x14200 zerothread 78089 164082 0 0 3 0x14200 aiodoned aiodoned 5459 237645 0 0 3 0x14200 syncer update 6432 327528 0 0 3 0x14200 cleaner cleaner 52726 321201 0 0 3 0x14200 reaper reaper 60093 414724 0 0 3 0x14200 pgdaemon pagedaemon 31942 73407 0 0 3 0x14200 bored crynlk 18816 57296 0 0 3 0x14200 bored crypto 13703 259005 0 0 3 0x40014200 acpi0 acpi0 95510 168385 0 0 3 0x14200 bored softnet 91467 389617 0 0 3 0x14200 bored systqmp 80546 38462 0 0 3 0x14200 bored systq 66889 500065 0 0 3 0x40014200 bored softclock 47421 153619 0 0 3 0x40014200 idle0 1 142476 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper