panic: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 59719 50471 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd807b84a500,ffffffcf) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002cda39a0,ffff800000bb0000,ffff80002cda3708,ffff80002cda3608) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff80002cda39a0,11) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002cda3800) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd807bc74b08,ffff80002cda39a0,11,fffffd807f7d8720) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8068f66b58,ffff80002cda39a0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002e7d3a50,3,ffff80002cda39a0,1,ffff80002cda3aa0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002cda3b10) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1554650d410, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd807b84a500,ffffffcf) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002cda39a0,ffff800000bb0000,ffff80002cda3708,ffff80002cda3608) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff80002cda39a0,11) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002cda3800) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd807bc74b08,ffff80002cda39a0,11,fffffd807f7d8720) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8068f66b58,ffff80002cda39a0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002e7d3a50,3,ffff80002cda39a0,1,ffff80002cda3aa0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002cda3b10) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1554650d410, count: -13 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002cda3430 rbx 0x10 rdx 0xffff800000bc7900 rcx 0 rax 0xffff80002e7d3a50 r8 0 r9 0x8080808080808080 r10 0x2a0859142eee4c94 r11 0xda0aa9e7c502382c r12 0 r13 0xffffffcf r14 0 r15 0x1 rip 0xffffffff824a53a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002cda3420 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=59719 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff80002e7d2a90,0xffff80002e7d2d40 process=0xffff8000ffffb390 user=0xffff80002cd9e000, vmspace=0xfffffd806c450cd0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 76970 429329 90277 0 3 0x80 nanoslp syz-executor.1 76970 337947 90277 0 3 0x4000080 fsleep syz-executor.1 75576 415052 54058 0 3 0x80 nanoslp syz-executor.6 75576 277366 54058 0 3 0x4000080 fsleep syz-executor.6 50471 174943 41922 0 2 0 syz-executor.0 *50471 59719 41922 0 7 0x4000000 syz-executor.0 84649 287792 87293 0 3 0x80 nanoslp syz-executor.3 84649 281030 87293 0 3 0x4000080 fsleep syz-executor.3 90277 322745 19933 0 2 0x482 syz-executor.1 41922 27974 19933 0 2 0x482 syz-executor.0 6743 43495 0 0 3 0x14200 acct acct 87293 231677 19933 0 2 0x482 syz-executor.3 54058 486530 19933 0 2 0x482 syz-executor.6 99711 6244 19933 0 2 0x482 syz-executor.2 8865 137865 19933 0 3 0x82 piperd syz-executor.5 61021 159413 19933 0 3 0x82 nanoslp syz-executor.4 56515 398153 19933 0 2 0x482 syz-executor.7 22960 107774 0 0 3 0x14280 nfsidl nfsio 81407 354913 0 0 3 0x14280 nfsidl nfsio 72596 182192 0 0 3 0x14280 nfsidl nfsio 50162 125438 0 0 3 0x14280 nfsidl nfsio 43286 424115 0 0 3 0x14280 nfsidl nfsio 46321 198395 0 0 3 0x14280 nfsidl nfsio 67740 367891 0 0 3 0x14200 bored sosplice 19933 109854 43160 0 3 0x82 thrsleep syz-fuzzer 19933 338901 43160 0 3 0x4000082 thrsleep syz-fuzzer 19933 471696 43160 0 3 0x4000082 kqread syz-fuzzer 19933 504079 43160 0 3 0x4000082 thrsleep syz-fuzzer 19933 278851 43160 0 3 0x4000082 thrsleep syz-fuzzer 19933 29225 43160 0 3 0x4000082 thrsleep syz-fuzzer 19933 517457 43160 0 3 0x4000082 thrsleep syz-fuzzer 19933 49998 43160 0 3 0x4000082 thrsleep syz-fuzzer 19933 257113 43160 0 3 0x4000082 thrsleep syz-fuzzer 43160 290468 92692 0 3 0x10008a sigsusp ksh 92692 328647 61745 0 3 0x9a kqread sshd 48848 429629 1 0 3 0x100083 ttyin getty 61745 404149 1 0 3 0x88 kqread sshd 40851 172676 91986 73 3 0x100090 kqread syslogd 91986 7626 1 0 3 0x100082 netio syslogd 92292 222071 1 0 3 0x100080 kqread resolvd 94963 441949 45884 77 3 0x100092 kqread dhcpleased 84370 60252 45884 77 3 0x100092 kqread dhcpleased 45884 420641 1 0 3 0x80 kqread dhcpleased 54640 445743 0 0 3 0x14200 bored smr 48523 446576 0 0 2 0x14200 zerothread 1555 72608 0 0 3 0x14200 aiodoned aiodoned 14109 489269 0 0 3 0x14200 syncer update 52843 54449 0 0 3 0x14200 cleaner cleaner 54547 240582 0 0 3 0x14200 reaper reaper 74171 154270 0 0 3 0x14200 pgdaemon pagedaemon 32067 158726 0 0 3 0x14200 bored viomb 21238 79591 0 0 3 0x40014200 acpi0 acpi0 22352 228919 0 0 3 0x14200 bored softnet 3173 206826 0 0 3 0x14200 bored systqmp 32225 275213 0 0 3 0x14200 bored systq 42854 266249 0 0 2 0x40014200 softclock 47718 199652 0 0 3 0x40014200 idle0 1 173794 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 6533K 7097K 78643K 23219 0 pcb 13 16K 18K 78643K 1834 0 rtable 259 15K 18K 78643K 3210 0 ifaddr 95 22K 22K 78643K 1075 0 sysctl 3 1K 1K 78643K 3 0 counters 27 17K 17K 78643K 121 0 ioctlops 0 0K 4K 78643K 2311 0 iov 0 0K 32K 78643K 1125 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1412 88K 88K 78643K 5904 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 90 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 1276 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 77K 78643K 9178 0 sigio 0 0K 0K 78643K 35 0 proc 60 55K 79K 78643K 1619 0 subproc 104 6K 7K 78643K 529 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 480 0 in_multi 99 6K 7K 78643K 769 0 ether_multi 1 0K 0K 78643K 99 0 mrt 1 0K 0K 78643K 78 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 175 784K 784K 78643K 175 0 exec 0 0K 2K 78643K 2752 0 pfkey data 0 0K 1K 78643K 4 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 384 427K 803K 78643K 113614 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1348 0 NDP 11 0K 1K 78643K 206 0 temp 136 4711K 6243K 78643K 70315 0 kqueue 12 18K 30K 78643K 1088 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 553 0 550 7 6 1 3 0 8 0 rtentry 112 588 0 488 4 0 4 4 0 8 0 unpcb 136 7119 0 7102 69 64 5 6 0 8 4 syncache 296 38 0 38 11 11 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 3 0 3 1 1 0 1 0 8 0 tcpcb 736 7313 0 7304 165 155 10 17 0 8 8 arp 88 86 0 68 1 0 1 1 0 8 0 ipq 40 18 0 18 6 6 0 1 0 8 0 ipqe 40 81 0 81 6 6 0 1 0 8 0 inpcb 304 14014 0 14006 154 145 9 16 0 8 8 rttmr 72 27 0 27 8 7 1 1 0 8 1 ip6q 72 2 0 2 1 1 0 1 0 8 0 nd6 48 150 0 122 1 0 1 1 0 8 0 pkpcb 40 31 0 31 6 6 0 1 0 8 0 kcovpl 48 40 0 32 1 0 1 1 0 8 0 ppxss 1152 4 0 4 2 2 0 1 0 8 0 pfstscr 40 281 0 280 3 2 1 1 0 8 0 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfrke_plain 168 18 0 16 2 1 1 1 0 8 0 pfrktable 1344 626 0 611 8 6 2 2 0 8 0 pftag 88 5 0 0 1 0 1 1 0 8 0 pfqueue 264 5 0 4 2 1 1 1 0 8 0 pfstitem 24 87 0 85 2 1 1 1 0 8 0 pfstkey 112 533 0 531 3 2 1 1 0 8 0 pfstate 320 315 0 314 3 2 1 1 0 8 0 pfrule 1360 768 0 582 18 2 16 16 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2448 0 1978 43 13 30 30 0 8 0 art_table 32 2449 0 1978 4 0 4 4 0 8 0 art_node 16 584 0 493 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1274 0 1264 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 13229 0 11774 92 0 92 92 0 8 0 ffsino 240 13229 0 11774 86 0 86 86 0 8 0 nchpl 144 25069 0 23446 62 0 62 62 0 8 0 rtmask 32 20 0 18 2 1 1 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 84874 0 84874 8 7 1 2 0 8 1 vcpupl 1984 58 0 0 8 0 8 8 0 8 0 vmpool 528 91 0 33 5 1 4 4 0 8 0 pfiaddrpl 120 199 0 173 1 0 1 1 0 8 0 scsiplug 72 9 0 9 3 3 0 1 0 8 0 scxspl 216 73765 0 73765 28 27 1 8 0 8 1 plimitpl 152 1154 0 1139 1 0 1 1 0 8 0 sigapl 424 9424 0 9378 12 4 8 8 0 8 0 futexpl 64 99621 0 99618 6 5 1 1 0 8 0 knotepl 120 85216 0 85136 13 10 3 10 0 8 0 kqueuepl 184 5030 0 5022 57 53 4 4 0 8 3 pipepl 304 1889 0 1861 61 53 8 12 0 8 5 fdescpl 432 9388 0 9363 4 0 4 4 0 8 0 filepl 120 66341 0 66096 116 102 14 17 0 8 5 lockfpl 104 2296 0 2294 7 6 1 4 0 8 0 lockfspl 48 536 0 534 1 0 1 1 0 8 0 sessionpl 144 55 0 39 1 0 1 1 0 8 0 pgrppl 48 128 0 112 1 0 1 1 0 8 0 ucredpl 96 7255 0 7245 1 0 1 1 0 8 0 zombiepl 144 9378 0 9375 4 3 1 1 0 8 0 processpl 1000 9424 0 9375 11 3 8 9 0 8 0 procpl 672 24678 0 24617 18 11 7 9 0 8 0 sosppl 168 85 0 85 15 14 1 1 0 8 1 sockpl 448 21728 0 21700 385 373 12 26 0 8 8 mcl64k 65536 386 0 386 9 8 1 2 0 8 1 mcl16k 16384 81 0 81 21 20 1 1 0 8 1 mcl12k 12288 341 0 341 20 19 1 1 0 8 1 mcl9k 9216 132 0 132 28 27 1 1 0 8 1 mcl8k 8192 567 0 567 13 12 1 1 0 8 1 mcl4k 4096 1146 0 1146 10 9 1 1 0 8 1 mcl2k2 2112 66 0 66 23 22 1 1 0 8 1 mcl2k 2048 94185 0 94139 24 16 8 9 0 8 1 mtagpl 96 1539 0 1438 16 9 7 12 0 8 0 mbufpl 256 219662 0 219358 158 112 46 80 0 8 8 bufpl 288 17976 0 11569 458 0 458 458 0 8 0 anonpl 24 2581812 0 2563571 260 125 135 145 0 188 13 amapchunkpl 152 324015 0 323286 443 400 43 349 0 158 10 amappl16 200 23835 0 23162 130 92 38 50 0 8 1 amappl15 192 1541 0 1533 1 0 1 1 0 8 0 amappl14 184 770 0 766 1 0 1 1 0 8 0 amappl13 176 2661 0 2659 1 0 1 1 0 8 0 amappl12 168 713 0 707 1 0 1 1 0 8 0 amappl11 160 1493 0 1482 1 0 1 1 0 8 0 amappl10 152 427 0 425 5 4 1 1 0 8 0 amappl9 144 1132 0 1126 1 0 1 1 0 8 0 amappl8 136 3097 0 3011 5 1 4 4 0 8 0 amappl7 128 1973 0 1962 1 0 1 1 0 8 0 amappl6 120 954 0 928 2 1 1 2 0 8 0 amappl5 112 6621 0 6608 1 0 1 1 0 8 0 amappl4 104 5083 0 5052 2 0 2 2 0 8 0 amappl3 96 1761 0 1749 1 0 1 1 0 8 0 amappl2 88 4278 0 4225 3 1 2 3 0 8 0 amappl1 80 172013 0 171489 19 6 13 18 0 8 0 amappl 88 112510 0 112272 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 9479 0 9396 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9479 0 9396 1 0 1 1 0 8 0 vmmpekpl 168 70101 0 70045 3 0 3 3 0 8 0 vmmpepl 168 859452 0 856939 353 219 134 147 0 357 5 vmsppl 272 9478 0 9396 8 2 6 6 0 8 0 rwobjpl 24 208895 0 201217 49 1 48 49 0 8 0 pdppl 4096 18964 0 18850 554 432 122 124 0 8 8 pvpl 32 4681968 0 4659536 468 246 222 258 0 265 24 pmappl 216 9478 0 9396 5 0 5 5 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2059 0 1163 27 0 27 27 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd807b84a500,ffffffcf) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002cda39a0,ffff800000bb0000,ffff80002cda3708,ffff80002cda3608) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff80002cda39a0,11) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002cda3800) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd807bc74b08,ffff80002cda39a0,11,fffffd807f7d8720) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8068f66b58,ffff80002cda39a0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002e7d3a50,3,ffff80002cda39a0,1,ffff80002cda3aa0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002cda3b10) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1554650d410, count: -13 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd807b84a500,ffffffcf) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002cda39a0,ffff800000bb0000,ffff80002cda3708,ffff80002cda3608) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff80002cda39a0,11) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002cda3800) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd807bc74b08,ffff80002cda39a0,11,fffffd807f7d8720) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8068f66b58,ffff80002cda39a0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002e7d3a50,3,ffff80002cda39a0,1,ffff80002cda3aa0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002e7d3a50,ffff80002cda3a48,ffff80002cda3aa0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002cda3b10) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1554650d410, count: -13