syzbot

[   2.5678779] panic: kernel diagnostic assertion "len <= map->dm_mapsize - offset" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/arch/x86/x86/bus_dma.c", line 832 bad length 0x20004 + 0x4000 > 0x22000
[   2.5678779] cpu0: Begin traceback...
[   2.5678779] vpanic() at netbsd:vpanic+0xc9d
[   2.5678779] kern_assert() at netbsd:kern_assert+0x228
[   2.5678779] bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x1364 _bus_dmamap_sync sys/arch/x86/x86/bus_dma.c:829 [inline]
[   2.5678779] bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x1364 sys/arch/x86/x86/bus_dma.c:1389
[   2.5678779] virtio_enqueue_commit() at netbsd:virtio_enqueue_commit+0xbd6 sys/dev/pci/virtio.c:1159
[   2.5678779] vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0x1f4e sys/dev/pci/vioscsi.c:423
[   2.5678779] scsipi_run_queue() at netbsd:scsipi_run_queue+0x1ef0 scsipi_adapter_request sys/dev/scsipi/scsipi_base.c:2834 [inline]
[   2.5678779] scsipi_run_queue() at netbsd:scsipi_run_queue+0x1ef0 sys/dev/scsipi/scsipi_base.c:2183
[   2.5678779] scsipi_execute_xs() at netbsd:scsipi_execute_xs+0xe8e sys/dev/scsipi/scsipi_base.c:2204
[   2.5678779] scsipi_command() at netbsd:scsipi_command+0x386
[   2.5678779] scsipi_inquire() at netbsd:scsipi_inquire+0x18b sys/dev/scsipi/scsipi_base.c:1221
[   2.5678779] scsi_probe_bus() at netbsd:scsi_probe_bus+0x9dc scsi_report_luns sys/dev/scsipi/scsiconf.c:358 [inline]
[   2.5678779] scsi_probe_bus() at netbsd:scsi_probe_bus+0x9dc scsi_discover_luns sys/dev/scsipi/scsiconf.c:435 [inline]
[   2.5678779] scsi_probe_bus() at netbsd:scsi_probe_bus+0x9dc sys/dev/scsipi/scsiconf.c:494
[   2.5678779] scsibus_config() at netbsd:scsibus_config+0x349 sys/dev/scsipi/scsiconf.c:268
[   2.5678779] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x28 sys/dev/scsipi/scsiconf.c:234
[   2.5678779] cpu0: End traceback...
[   2.5678779] fatal breakpoint trap in supervisor mode
[   2.5678779] trap type 1 code 0 rip 0xffffffff8023675d cs 0x8 rflags 0x286 cr2 0 ilevel 0x8 rsp 0xfffffe80af079360
[   2.5678779] curlwp 0xfffffe80103f5b00 pid 0.96 lowest kstack 0xfffffe80af0722c0
Stopped in pid 0.96 (system) at netbsd:breakpoint+0x5:  leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0xc9d
kern_assert() at netbsd:kern_assert+0x228
bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x1364 _bus_dmamap_sync sys/arch/x86/x86/bus_dma.c:829 [inline]
bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x1364 sys/arch/x86/x86/bus_dma.c:1389
virtio_enqueue_commit() at netbsd:virtio_enqueue_commit+0xbd6 sys/dev/pci/virtio.c:1159
vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0x1f4e sys/dev/pci/vioscsi.c:423
scsipi_run_queue() at netbsd:scsipi_run_queue+0x1ef0 scsipi_adapter_request sys/dev/scsipi/scsipi_base.c:2834 [inline]
scsipi_run_queue() at netbsd:scsipi_run_queue+0x1ef0 sys/dev/scsipi/scsipi_base.c:2183
scsipi_execute_xs() at netbsd:scsipi_execute_xs+0xe8e sys/dev/scsipi/scsipi_base.c:2204
scsipi_command() at netbsd:scsipi_command+0x386
scsipi_inquire() at netbsd:scsipi_inquire+0x18b sys/dev/scsipi/scsipi_base.c:1221
scsi_probe_bus() at netbsd:scsi_probe_bus+0x9dc scsi_report_luns sys/dev/scsipi/scsiconf.c:358 [inline]
scsi_probe_bus() at netbsd:scsi_probe_bus+0x9dc scsi_discover_luns sys/dev/scsipi/scsiconf.c:435 [inline]
scsi_probe_bus() at netbsd:scsi_probe_bus+0x9dc sys/dev/scsipi/scsiconf.c:494
scsibus_config() at netbsd:scsibus_config+0x349 sys/dev/scsipi/scsiconf.c:268
scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x28 sys/dev/scsipi/scsiconf.c:234
ds          4918
es          8db3
fs          9350
gs          0
rdi         5
rsi         0
rbp         fffffe80af079360
rbx         0
rdx         1
--db_more--