login: panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 342538 18205 0 0 0 0 syz-executor1 * 16101 18205 0 0 0x4000000 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(bd7ed9e50dd3fb3f,ffffff00734f80b0,ffff800000173290) at ip_fragment+0x625 ip_output(9f21d6ca8b4504d4,ffffff006f4af230,ffffff00734f8600,0,ffffff00734f8600,ffffff007c61a790) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(9f21d6ca8b268d94,13d8,ffffff007c61a790,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(6a7444d5876db5c3,ffffff0068ce5bc8,ffff800021143998,1028,ffff800021143ad0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(b385763710b9bffa,0,3,ffff800021062978,ffff800021143ad0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(b180bfd5355bc96c,790,ffff800021062978) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(450fa0966fb90649) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(450fa0966fb90649) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,55e72054010) at Xsyscall+0x128 end of kernel end trace frame: 0x560e1705b70, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malformed IPv4 option passed to ip_optcopy ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(bd7ed9e50dd3fb3f,ffffff00734f80b0,ffff800000173290) at ip_fragment+0x625 ip_output(9f21d6ca8b4504d4,ffffff006f4af230,ffffff00734f8600,0,ffffff00734f8600,ffffff007c61a790) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(9f21d6ca8b268d94,13d8,ffffff007c61a790,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(6a7444d5876db5c3,ffffff0068ce5bc8,ffff800021143998,1028,ffff800021143ad0,0) at sosend+0x47a sys/kern/uipc_socket.c:513 dofilewritev(b385763710b9bffa,0,3,ffff800021062978,ffff800021143ad0) at dofilewritev+0x14b sys/kern/sys_generic.c:364 sys_writev(b180bfd5355bc96c,790,ffff800021062978) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(450fa0966fb90649) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(450fa0966fb90649) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,55e72054010) at Xsyscall+0x128 end of kernel end trace frame: 0x560e1705b70, count: -10 ddb{1}> show registers rdi 0xffffffff81f03e48 kprintf_mutex rsi 0xffffffff81257c27 db_enter+0x17 rbp 0xffff8000211435c0 rbx 0xffff800021143660 rdx 0xffff80000133f000 rcx 0x13e8 __ALIGN_SIZE+0x3e8 rax 0xffff80000133f000 r8 0xffff800021143590 r9 0 r10 0xd0eb4290839a90b8 r11 0x5b21e6ec00583ded r12 0x3000000008 r13 0xffff8000211435d0 r14 0x100 r15 0xffffffff81cd2d87 apollo_udma100_tim+0xcf06 rip 0xffffffff81257c28 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000211435b0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=16101 stat=onproc flags process=0 proc=4000000 pri=52, usrpri=52, nice=20 forw=0xffffffffffffffff, list=0xffff800021063080,0xffffffff81fd4388 process=0xffff8000210649e8 user=0xffff80002113e000, vmspace=0xffffff007f124b58 estcpu=9, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 18205 342538 91876 0 7 0 syz-executor1 *18205 16101 91876 0 7 0x4000000 syz-executor1 5659 253816 0 0 3 0x14200 bored sosplice 76174 308758 47073 0 3 0x2 biowait syz-executor0 91876 285212 47073 0 3 0x82 nanosleep syz-executor1 47073 494783 10967 0 3 0x82 thrsleep syz-fuzzer 47073 445556 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 508884 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 219130 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 396102 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 343315 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 504943 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 359183 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 287108 10967 0 3 0x4000082 kqread syz-fuzzer 47073 156367 10967 0 3 0x4000082 thrsleep syz-fuzzer 47073 19207 10967 0 3 0x4000082 thrsleep syz-fuzzer 10967 276324 29272 0 3 0x10008a pause ksh 29272 192662 53237 0 3 0x92 select sshd 40965 288499 1 0 3 0x100083 ttyin getty 53237 417568 1 0 3 0x80 select sshd 23508 504508 53033 73 3 0x100090 kqread syslogd 53033 485497 1 0 3 0x100082 netio syslogd 40326 355513 1 77 3 0x100090 poll dhclient 64388 233236 1 0 3 0x80 poll dhclient 3113 150157 0 0 3 0x14200 pgzero zerothread 84071 65897 0 0 3 0x14200 aiodoned aiodoned 12480 14312 0 0 3 0x14200 syncer update 57079 393894 0 0 3 0x14200 cleaner cleaner 89650 72797 0 0 3 0x14200 reaper reaper 47288 56548 0 0 3 0x14200 pgdaemon pagedaemon 7020 120822 0 0 3 0x14200 bored crynlk 53610 336808 0 0 3 0x14200 bored crypto 4688 183826 0 0 3 0x40014200 acpi0 acpi0 45012 163502 0 0 3 0x40014200 idle1 31276 276991 0 0 3 0x14200 bored softnet 75179 291034 0 0 3 0x14200 bored systqmp 26261 64586 0 0 3 0x14200 bored systq 90268 69913 0 0 3 0x40014200 bored softclock 6602 146048 0 0 3 0x40014200 idle0 1 20949 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper