panic: kernel diagnostic assertion "M_DATABUF(m) + M_SIZE(m) >= (m->m_data + m->m_len)" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/uipc_mbuf.c", line 1335 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *353347 81778 0 0 0x4000000 0K syz-executor0 180614 70945 0 0x2 0x4000000 1 syz-fuzzer db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff81837554,ffff800021158e80,ffffff00707f7704,c) at __assert+0x24 sys/kern/subr_prf.c:155 m_copyback(ffffff00707f76f8,ffffff00707f7600,8,100,100) at m_copyback+0x4e9 sys/kern/uipc_mbuf.c:1335 swofp_send_error(ffffff00707f7600,ffff800001aff800,ffff800001ae5d00,0) at swofp_send_error+0xac sys/net/switchofp.c:4782 swofp_input(ffff800001aff800,ffff800021158ff8) at swofp_input+0x126 switchwrite(ffffff0070408448,ffffff0070408448,ffff8000211591d8) at switchwrite+0x30e sys/net/switchctl.c:274 spec_write(ffffffff81e27258) at spec_write+0xa8 sys/kern/spec_vnops.c:310 VOP_WRITE(1,ffffff0070408448,1,ffffff006787d540) at VOP_WRITE+0x65 sys/kern/vfs_vops.c:268 vn_write(ffffff006787d540,ffff8000211591d8,1) at vn_write+0x161 sys/kern/vfs_vnops.c:397 dofilewritev(ffff800021159300,1,ffff800021159318,ffff8000210b7088,0) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_pwritev(10c0,ffff8000210b7088,0) at sys_pwritev+0xbf sys/kern/vfs_syscalls.c:3141 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffb8,0,4,bd34e2fe1a0) at Xsyscall+0x128 end of kernel end trace frame: 0xbd5b48134f0, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel diagnostic assertion "M_DATABUF(m) + M_SIZE(m) >= (m->m_data + m->m_len)" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/uipc_mbuf.c", line 1335 ddb{0}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff81837554,ffff800021158e80,ffffff00707f7704,c) at __assert+0x24 sys/kern/subr_prf.c:155m_copyback(ffffff00707f76f8,ffffff00707f7600,8,100,100) at m_copyback+0x4e9 swofp_send_error(ffffff00707f7600,ffff800001aff800,ffff800001ae5d00,0) at swofp_send_error+0xac sys/net/switchofp.c:4782 swofp_input(ffff800001aff800,ffff800021158ff8) at swofp_input+0x126 switchwrite(ffffff0070408448,ffffff0070408448,ffff8000211591d8) at switchwrite+0x30e sys/net/switchctl.c:274 spec_write(ffffffff81e27258) at spec_write+0xa8 sys/kern/spec_vnops.c:310 VOP_WRITE(1,ffffff0070408448,1,ffffff006787d540) at VOP_WRITE+0x65 sys/kern/vfs_vops.c:268 vn_write(ffffff006787d540,ffff8000211591d8,1) at vn_write+0x161 sys/kern/vfs_vnops.c:397 dofilewritev(ffff800021159300,1,ffff800021159318,ffff8000210b7088,0) at dofilewritev+0x13e sys/kern/sys_generic.c:364 sys_pwritev(10c0,ffff8000210b7088,0) at sys_pwritev+0xbf sys/kern/vfs_syscalls.c:3141 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffb8,0,4,bd34e2fe1a0) at Xsyscall+0x128 end of kernel end trace frame: 0xbd5b48134f0, count: -14 ddb{0}> show registers rdi 0xffffffff81e3e438 kprintf_mutex rsi 0xffffffff817b9589 db_enter+0x9 rbp 0xffff800021158de0 rbx 0xffff800021158e80 rdx 0xffff800000ad6000 rcx 0x3ee8 __ALIGN_SIZE+0x2ee8 rax 0xffff800000ad6000 r8 0xffff800021158db0 r9 0x8080808080808080 r10 0 r11 0xffffffff81780d60 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800021158df0 r14 0x100 r15 0xffffffff81bf5460 cmd0646_9_tim_udma+0x20a25 rip 0xffffffff817b958a db_enter+0xa cs 0x8 rflags 0x206 rsp 0xffff800021158de0 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor0) pid=353347 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000210b64d0,0xffffffff81eb2418 process=0xffff8000210a3c98 user=0xffff800021154000, vmspace=0xffffff007f124318 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 81778 359759 13464 0 2 0 syz-executor0 81778 252232 13464 0 3 0x4000080 switchread syz-executor0 81778 143782 13464 0 2 0x4000000 syz-executor0 *81778 353347 13464 0 7 0x4000000 syz-executor0 83708 480331 1 0 3 0x100083 ttyin getty 65307 152827 70945 0 3 0x2 biowait syz-executor1 13464 379354 70945 0 3 0x82 nanosleep syz-executor0 96926 310841 0 0 3 0x14200 bored sosplice 70945 294392 99978 0 3 0x82 thrsleep syz-fuzzer 70945 13622 99978 0 3 0x4000082 nanosleep syz-fuzzer 70945 486307 99978 0 3 0x4000082 thrsleep syz-fuzzer 70945 19345 99978 0 3 0x4000082 kqread syz-fuzzer 70945 402329 99978 0 3 0x4000082 thrsleep syz-fuzzer 70945 265159 99978 0 3 0x4000082 thrsleep syz-fuzzer 70945 2150 99978 0 3 0x4000082 thrsleep syz-fuzzer 70945 192062 99978 0 3 0x4000082 thrsleep syz-fuzzer 70945 190819 99978 0 3 0x4000082 thrsleep syz-fuzzer 70945 180614 99978 0 7 0x4000002 syz-fuzzer 99978 315869 37940 0 3 0x10008a pause ksh 37940 211173 37652 0 3 0x92 select sshd 37652 499123 1 0 3 0x80 select sshd 22893 508476 97720 73 3 0x100090 kqread syslogd 97720 131629 1 0 3 0x100082 netio syslogd 10834 60712 1 77 3 0x100090 poll dhclient 16702 172291 1 0 3 0x80 poll dhclient 36252 81074 0 0 3 0x14200 pgzero zerothread 23762 261200 0 0 3 0x14200 aiodoned aiodoned 7084 187451 0 0 3 0x14200 syncer update 12621 346636 0 0 3 0x14200 cleaner cleaner 38073 181575 0 0 3 0x14200 reaper reaper 36762 305126 0 0 3 0x14200 pgdaemon pagedaemon 23889 501573 0 0 3 0x14200 bored crynlk 8579 131180 0 0 3 0x14200 bored crypto 34140 104794 0 0 3 0x40014200 acpi0 acpi0 48870 196544 0 0 3 0x40014200 idle1 87835 361656 0 0 3 0x14200 bored softnet 23721 20000 0 0 3 0x14200 bored systqmp 28525 442759 0 0 3 0x14200 bored systq 61331 395393 0 0 3 0x40014200 bored softclock 66724 121895 0 0 3 0x40014200 idle0 1 216047 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper