panic: malformed IPv4 option passed to ip_optcopy Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *359332 76917 65534 0x10 0x4000000 0 syz-executor1 1125 44410 0 0x2 0 1 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(7ead9a1680506eb4,ffffff006ef31bb0,ffff800000173290) at ip_fragment+0x625 ip_output(8c9065119f57aa0a,ffffff006f305c08,ffffff006d281e00,0,ffffff006d281e00,ffffff006e721d88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(9e8ec8178dea5d4d,f98,ffffff006e721d88,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(2cfd5c08a3f4043f,ffffff007227e870,ffff80002116f828,ffff80002116f960,1468,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(e8cc1783901da2a8,0,9,ffff800021062bd0,ffff80002116f960) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(1258b2e689871a18,790,ffff800021062bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(81f3defd07a4fb25) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(81f3defd07a4fb25) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,bec48ca20d8) at Xsyscall+0x128 end of kernel end trace frame: 0xbeed60ad700, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic malformed IPv4 option passed to ip_optcopy ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 ip_fragment(7ead9a1680506eb4,ffffff006ef31bb0,ffff800000173290) at ip_fragment+0x625 ip_output(8c9065119f57aa0a,ffffff006f305c08,ffffff006d281e00,0,ffffff006d281e00,ffffff006e721d88) at ip_output+0xc8d sys/netinet/ip_output.c:501 udp_output(9e8ec8178dea5d4d,f98,ffffff006e721d88,0) at udp_output+0x45a sys/netinet/udp_usrreq.c:1004 sosend(2cfd5c08a3f4043f,ffffff007227e870,ffff80002116f828,ffff80002116f960,1468,0) at sosend+0x477 sys/kern/uipc_socket.c:513 dofilewritev(e8cc1783901da2a8,0,9,ffff800021062bd0,ffff80002116f960) at dofilewritev+0x148 sys/kern/sys_generic.c:364 sys_writev(1258b2e689871a18,790,ffff800021062bd0) at sys_writev+0xdb sys/kern/sys_generic.c:310 syscall(81f3defd07a4fb25) at syscall+0x473 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(81f3defd07a4fb25) at syscall+0x473 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,d,0,3,bec48ca20d8) at Xsyscall+0x128 end of kernel end trace frame: 0xbeed60ad700, count: -10 ddb{0}> show registers rdi 0xffffffff81ee5310 kprintf_mutex rsi 0xffffffff810e80d7 db_enter+0x17 rbp 0xffff80002116f450 rbx 0xffff80002116f4f0 rdx 0xffff8000020da000 rcx 0x147e __ALIGN_SIZE+0x47e rax 0xffff8000020da000 r8 0xffff80002116f420 r9 0 r10 0xabb4594e737cc556 r11 0x5d0c0567917c3582 r12 0x3000000008 r13 0xffff80002116f460 r14 0x100 r15 0xffffffff81c5f925 apollo_udma100_tim+0x10a1d rip 0xffffffff810e80d8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002116f440 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1) pid=359332 stat=onproc flags process=10 proc=4000000 pri=76, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff800021062270,0xffffffff81faceb8 process=0xffff80002109a360 user=0xffff80002116a000, vmspace=0xffffff0065905c68 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 76917 309397 48648 65534 2 0x10 syz-executor1 76917 118798 48648 65534 3 0x4000090 fsleep syz-executor1 *76917 359332 48648 65534 7 0x4000010 syz-executor1 48648 513328 29592 65534 3 0x90 nanosleep syz-executor1 29592 357388 44410 0 3 0x82 wait syz-executor1 49912 147626 42899 65534 3 0x90 nanosleep syz-executor0 42899 416669 44410 0 3 0x82 wait syz-executor0 40263 402911 0 0 3 0x14200 bored sosplice 44410 1125 15751 0 7 0x2 syz-fuzzer 44410 231269 15751 0 3 0x4000082 nanosleep syz-fuzzer 44410 521502 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 520565 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 402105 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 264450 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 355691 15751 0 3 0x4000082 kqread syz-fuzzer 44410 337396 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 30860 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 332654 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 79253 15751 0 3 0x4000082 thrsleep syz-fuzzer 44410 260818 15751 0 3 0x4000082 thrsleep syz-fuzzer 15751 358020 41392 0 3 0x10008a pause ksh 41392 254740 3287 0 3 0x92 select sshd 78370 463969 1 0 3 0x100083 ttyin getty 3287 454719 1 0 3 0x80 select sshd 13159 30097 50105 73 3 0x100090 kqread syslogd 50105 506161 1 0 3 0x100082 netio syslogd 19188 180873 1 77 3 0x100090 poll dhclient 78739 162946 1 0 3 0x80 poll dhclient 24691 226334 0 0 3 0x14200 pgzero zerothread 21796 30750 0 0 3 0x14200 aiodoned aiodoned 92162 247798 0 0 3 0x14200 syncer update 49794 378888 0 0 3 0x14200 cleaner cleaner 44651 81963 0 0 3 0x14200 reaper reaper 123 108094 0 0 3 0x14200 pgdaemon pagedaemon 45441 14265 0 0 3 0x14200 bored crynlk 46559 144924 0 0 3 0x14200 bored crypto 67053 234041 0 0 3 0x40014200 acpi0 acpi0 97152 215629 0 0 3 0x40014200 idle1 45449 382871 0 0 3 0x14200 bored softnet 86553 336427 0 0 3 0x14200 bored systqmp 91124 76163 0 0 3 0x14200 bored systq 86050 168237 0 0 2 0x40014200 softclock 88315 145420 0 0 3 0x40014200 idle0 1 241215 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper