panic: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *281122 60092 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547a66) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bbb25,ffffffff825d1251,568,ffffffff825622f4) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd80665c9a00,ffffffeb) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800029769540,ffff800000c22400,ffff8000297692a8,ffff8000297691a8) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800029769540,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff8000297693a0) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8068523c08,ffff800029769540,1,fffffd807f7d8a80) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd80667b48f8,ffff800029769540,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002169a2a8,3,ffff800029769540,1,ffff800029769640) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff8000297696b0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x819a0381e00, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547a66) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bbb25,ffffffff825d1251,568,ffffffff825622f4) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd80665c9a00,ffffffeb) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800029769540,ffff800000c22400,ffff8000297692a8,ffff8000297691a8) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800029769540,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff8000297693a0) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8068523c08,ffff800029769540,1,fffffd807f7d8a80) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd80667b48f8,ffff800029769540,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002169a2a8,3,ffff800029769540,1,ffff800029769640) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff8000297696b0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x819a0381e00, count: -13 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800029768fd0 rbx 0x30 rdx 0xffff800000c4a900 rcx 0 rax 0xffff80002169a2a8 r8 0 r9 0x8080808080808080 r10 0x22d4e75a9c3009a6 r11 0x619950b4773f8d1e r12 0 r13 0xffffffeb r14 0 r15 0x1 rip 0xffffffff81d70938 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800029768fc0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) pid=281122 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff80002169ba48,0xffffffff82a2f7e0 process=0xffff8000215f1398 user=0xffff800029764000, vmspace=0xfffffd806d943ee8 estcpu=34, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 60092 358382 31880 0 2 0 syz-executor.3 *60092 281122 31880 0 7 0x4000000 syz-executor.3 54830 292256 3561 0 2 0 syz-executor.4 54830 60357 3561 0 3 0x4000080 fsleep syz-executor.4 24149 428569 33906 0 3 0x82 nanoslp syz-executor.0 77683 150928 33906 0 2 0x2 syz-executor.5 52961 91581 33906 0 2 0x2 syz-executor.6 31880 147233 33906 0 2 0x482 syz-executor.3 30477 457272 33906 0 2 0x482 syz-executor.7 93526 397096 33906 0 2 0x482 syz-executor.2 3561 417861 33906 0 2 0x482 syz-executor.4 65889 21230 0 0 3 0x14200 acct acct 6015 427450 1 0 3 0x100083 ttyin getty 36055 137773 0 0 3 0x14280 nfsidl nfsio 39339 175125 0 0 3 0x14280 nfsidl nfsio 81572 220870 0 0 3 0x14280 nfsidl nfsio 90519 441858 0 0 3 0x14280 nfsidl nfsio 80112 426525 0 0 3 0x14280 nfsidl nfsio 80036 69310 0 0 3 0x14280 nfsidl nfsio 95177 25683 0 0 3 0x14280 nfsidl nfsio 42893 510745 0 0 3 0x14280 nfsidl nfsio 6659 434970 0 0 3 0x14280 nfsidl nfsio 31063 221022 0 0 3 0x14280 nfsidl nfsio 54377 455084 0 0 3 0x14280 nfsidl nfsio 23061 237479 0 0 3 0x14280 nfsidl nfsio 5112 163954 0 0 3 0x14280 nfsidl nfsio 70210 479678 0 0 3 0x14280 nfsidl nfsio 82574 376981 0 0 3 0x14280 nfsidl nfsio 73415 383670 0 0 3 0x14280 nfsidl nfsio 1235 192493 0 0 3 0x14280 nfsidl nfsio 58400 457378 0 0 3 0x14280 nfsidl nfsio 22893 294880 0 0 3 0x14280 nfsidl nfsio 21682 49907 0 0 3 0x14280 nfsidl nfsio 59056 35204 0 0 3 0x14200 bored sosplice 74720 410566 33906 0 2 0x482 syz-executor.1 33906 421077 73301 0 3 0x82 thrsleep syz-fuzzer 33906 267193 73301 0 3 0x4000082 nanoslp syz-fuzzer 33906 347567 73301 0 3 0x4000082 kqread syz-fuzzer 33906 215862 73301 0 3 0x4000082 thrsleep syz-fuzzer 33906 162935 73301 0 3 0x4000082 thrsleep syz-fuzzer 33906 137756 73301 0 3 0x4000082 thrsleep syz-fuzzer 33906 23168 73301 0 3 0x4000082 thrsleep syz-fuzzer 33906 180325 73301 0 3 0x4000082 thrsleep syz-fuzzer 73301 345884 85837 0 3 0x10008a sigsusp ksh 85837 449242 26207 0 3 0x9a kqread sshd 26207 87283 1 0 3 0x88 kqread sshd 97477 227479 60773 73 3 0x100090 kqread syslogd 60773 423647 1 0 3 0x100082 netio syslogd 76763 72448 1 0 3 0x100080 kqread resolvd 81829 517657 27945 77 3 0x100092 kqread dhcpleased 26766 115246 27945 77 3 0x100092 kqread dhcpleased 27945 218507 1 0 3 0x80 kqread dhcpleased 94052 111583 0 0 3 0x14200 bored smr 42363 43435 0 0 2 0x14200 zerothread 58671 284257 0 0 3 0x14200 aiodoned aiodoned 91655 416270 0 0 3 0x14200 syncer update 43945 200509 0 0 3 0x14200 cleaner cleaner 25790 431439 0 0 3 0x14200 reaper reaper 45393 511872 0 0 3 0x14200 pgdaemon pagedaemon 96864 219961 0 0 3 0x14200 bored viomb 26601 91123 0 0 3 0x40014200 acpi0 acpi0 62022 107472 0 0 3 0x14200 bored softnet 59536 219026 0 0 3 0x14200 bored systqmp 52874 310290 0 0 3 0x14200 bored systq 25571 30029 0 0 2 0x40014200 softclock 70645 261454 0 0 3 0x40014200 idle0 1 25905 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10208 6508K 7023K 78643K 20275 0 pcb 13 12K 14K 78643K 425 0 rtable 256 23K 24K 78643K 3013 0 ifaddr 99 21K 22K 78643K 3756 0 sysctl 2 0K 0K 78643K 2 0 counters 27 17K 17K 78643K 74 0 ioctlops 0 0K 4K 78643K 6252 0 iov 0 0K 32K 78643K 993 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1347 84K 84K 78643K 4707 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 53 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 591 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 85K 78643K 5105 0 sigio 0 0K 0K 78643K 12 0 proc 60 55K 79K 78643K 1028 0 subproc 104 6K 6K 78643K 299 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 184 0 in_multi 86 5K 6K 78643K 810 0 ether_multi 1 0K 0K 78643K 31 0 mrt 1 0K 0K 78643K 15 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 247 1102K 1102K 78643K 247 0 exec 0 0K 2K 78643K 1558 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 366 478K 482K 78643K 62831 0 UVM aobj 131 9K 9K 78643K 136 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 388 0 NDP 12 0K 1K 78643K 182 0 temp 138 4711K 6231K 78643K 34510 0 kqueue 12 18K 26K 78643K 322 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 201 0 198 2 1 1 2 0 8 0 rtentry 112 621 0 525 4 0 4 4 0 8 0 unpcb 136 1992 0 1979 16 15 1 5 0 8 0 syncache 296 19 0 19 6 6 0 1 0 8 0 tcpqe 32 68 0 68 3 3 0 1 0 8 0 tcpcb 736 1606 0 1598 50 48 2 8 0 8 0 arp 88 56 0 40 1 0 1 1 0 8 0 ipq 40 10 0 6 3 2 1 1 0 8 0 ipqe 40 19 0 15 3 2 1 1 0 8 0 inpcb 304 3657 0 3647 57 56 1 11 0 8 0 rttmr 72 6 0 6 2 2 0 1 0 8 0 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 3 0 3 1 1 0 1 0 8 0 nd6 48 157 0 131 1 0 1 1 0 8 0 pkpcb 40 16 0 16 2 2 0 1 0 8 0 kcovpl 48 23 0 15 1 0 1 1 0 8 0 ppxss 1152 6 0 6 2 2 0 1 0 8 0 pfstscr 40 26 0 24 3 2 1 1 0 8 0 pfrktable 1344 654 0 638 5 3 2 2 0 8 0 pftag 88 61 0 60 2 1 1 1 0 8 0 pfstitem 24 8 0 6 1 0 1 1 0 8 0 pfstkey 112 34 0 32 3 2 1 1 0 8 0 pfstate 320 20 0 19 3 2 1 1 0 8 0 pfrule 1360 1119 0 1035 8 0 8 8 0 8 1 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 3166 0 2776 38 12 26 30 0 8 0 art_table 32 3168 0 2777 4 0 4 4 0 8 0 art_node 16 620 0 536 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 22 1 0 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 589 0 579 1 0 1 1 0 8 0 shmpl 112 133 0 5 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 8151 0 6694 92 0 92 92 0 8 0 ffsino 240 8151 0 6694 86 0 86 86 0 8 0 nchpl 144 14883 0 13263 62 0 62 62 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 57925 0 57924 2 1 1 2 0 8 0 vcpupl 1984 29 0 0 4 0 4 4 0 8 0 vmpool 528 128 0 99 5 3 2 3 0 8 0 pfiaddrpl 120 1854 0 1783 5 2 3 3 0 8 0 scsiplug 72 8 0 8 3 2 1 1 0 8 1 scxspl 216 41321 0 41321 15 14 1 8 0 8 1 plimitpl 152 330 0 315 1 0 1 1 0 8 0 sigapl 424 5382 0 5324 9 1 8 8 0 8 0 futexpl 64 46723 0 46722 1 0 1 1 0 8 0 knotepl 120 49389 0 49309 4 0 4 4 0 8 0 kqueuepl 184 1180 0 1172 19 18 1 4 0 8 0 pipepl 304 1261 0 1232 36 33 3 12 0 8 0 fdescpl 432 5347 0 5324 4 0 4 4 0 8 0 filepl 120 37302 0 37063 52 42 10 17 0 8 0 lockfpl 104 1039 0 1037 1 0 1 1 0 8 0 lockfspl 48 280 0 278 1 0 1 1 0 8 0 sessionpl 144 40 0 24 1 0 1 1 0 8 0 pgrppl 48 46 0 30 1 0 1 1 0 8 0 ucredpl 96 5972 0 5961 1 0 1 1 0 8 0 zombiepl 144 5324 0 5320 1 0 1 1 0 8 0 processpl 1000 5382 0 5320 10 1 9 9 0 8 0 procpl 672 12610 0 12539 19 12 7 9 0 8 0 sosppl 168 29 0 29 4 4 0 1 0 8 0 sockpl 448 5871 0 5842 116 112 4 25 0 8 0 mcl64k 65536 289 0 286 3 2 1 1 0 8 0 mcl16k 16384 45 0 45 10 10 0 1 0 8 0 mcl12k 12288 147 0 147 9 9 0 1 0 8 0 mcl9k 9216 137 0 137 12 11 1 1 0 8 1 mcl8k 8192 370 0 369 7 6 1 1 0 8 0 mcl4k 4096 491 0 491 3 2 1 1 0 8 1 mcl2k2 2112 39 0 39 12 11 1 1 0 8 1 mcl2k 2048 84772 0 84715 16 7 9 12 0 8 0 mtagpl 96 1610 0 1167 14 1 13 13 0 8 0 mbufpl 256 177116 0 175853 304 213 91 294 0 8 0 bufpl 288 11341 0 4929 459 0 459 459 0 8 0 anonpl 24 1478087 0 1459319 203 75 128 145 0 188 0 amapchunkpl 152 163079 0 162358 77 42 35 46 0 158 0 amappl16 200 16138 0 15489 80 41 39 49 0 8 0 amappl15 192 919 0 912 1 0 1 1 0 8 0 amappl14 184 660 0 657 1 0 1 1 0 8 0 amappl13 176 1344 0 1339 1 0 1 1 0 8 0 amappl12 168 587 0 583 2 1 1 1 0 8 0 amappl11 160 1220 0 1207 1 0 1 1 0 8 0 amappl10 152 254 0 248 1 0 1 1 0 8 0 amappl9 144 960 0 956 1 0 1 1 0 8 0 amappl8 136 1215 0 1130 5 1 4 4 0 8 1 amappl7 128 375 0 364 1 0 1 1 0 8 0 amappl6 120 732 0 708 2 1 1 2 0 8 0 amappl5 112 3343 0 3331 1 0 1 1 0 8 0 amappl4 104 3322 0 3289 2 0 2 2 0 8 0 amappl3 96 2003 0 1988 1 0 1 1 0 8 0 amappl2 88 2226 0 2176 3 1 2 3 0 8 0 amappl1 80 95535 0 95048 18 6 12 18 0 8 0 amappl 88 61948 0 61733 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 135 0 5 3 0 3 3 0 8 0 uaddrrnd 24 5475 0 5423 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5475 0 5423 1 0 1 1 0 8 0 vmmpekpl 168 39587 0 39527 3 0 3 3 0 8 0 vmmpepl 168 485163 0 482895 231 104 127 162 0 357 0 vmsppl 272 5474 0 5423 5 1 4 4 0 8 0 rwobjpl 24 119826 0 112202 49 1 48 49 0 8 0 pdppl 4096 10956 0 10875 362 269 93 95 0 8 12 pvpl 32 2492499 0 2470658 349 151 198 259 0 265 0 pmappl 216 5474 0 5423 6 2 4 4 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1569 0 686 31 3 28 31 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547a66) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bbb25,ffffffff825d1251,568,ffffffff825622f4) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd80665c9a00,ffffffeb) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800029769540,ffff800000c22400,ffff8000297692a8,ffff8000297691a8) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800029769540,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff8000297693a0) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8068523c08,ffff800029769540,1,fffffd807f7d8a80) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd80667b48f8,ffff800029769540,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002169a2a8,3,ffff800029769540,1,ffff800029769640) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff8000297696b0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x819a0381e00, count: -13 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547a66) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bbb25,ffffffff825d1251,568,ffffffff825622f4) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd80665c9a00,ffffffeb) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800029769540,ffff800000c22400,ffff8000297692a8,ffff8000297691a8) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800029769540,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff8000297693a0) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8068523c08,ffff800029769540,1,fffffd807f7d8a80) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd80667b48f8,ffff800029769540,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff80002169a2a8,3,ffff800029769540,1,ffff800029769640) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff80002169a2a8,ffff8000297695e8,ffff800029769640) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff8000297696b0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x819a0381e00, count: -13