panic: kernel diagnostic assertion "M_DATABUF(m) + M_SIZE(m) >= (m->m_data + m->m_len)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1335 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 61171 33783 0 0 0x4000000 0 syz-executor1 db_enter() at db_enter+0xa panic() at panic+0x147 __assert(ffffffff813a1834,ffff800021159b30,ffffff006d915f04,c) at __assert+0x24 m_copyback(ffffff006d915ef8,ffffff006d915e00,8,600,100) at m_copyback+0x4a4 swofp_send_error(ffff800001ae4800,ffffff006d915e00,ffff800002acd480,ffffff006d915ef8) at swofp_send_error+0xac swofp_recv_set_config(ffffff006d915e00,ffff800001ae4800) at swofp_recv_set_config+0x46 swofp_input(ffff800001ae4800,ffff800021159cd8) at swofp_input+0xfe switchwrite(ffffff0072c941c8,ffffff0072c941c8,ffff800021159eb8) at switchwrite+0x30e spec_write(ffffffff81dfb940) at spec_write+0xa0 VOP_WRITE(1,ffffff0072c941c8,1,ffffff0068f0a088) at VOP_WRITE+0x65 vn_write(ffffff0068f0a088,ffff800021159eb8,a) at vn_write+0x161 dofilewritev(ffff800021159fe0,1,ffff800021159ff8,ffff8000ffffc008,0) at dofilewritev+0x13e sys_pwritev(ffff80002115a080,ffff8000ffffc008,ffff8000210a5660) at sys_pwritev+0xbf --db_more-- syscall(0) at syscall+0x3e4 --db_more-- end trace frame: 0xffff80002115a100, count: 0 --db_more-- https://www.openbsd.org/ddb.html describes the minimum info required in bug --db_more-- reports. Insufficient info makes it difficult to find and fix bugs. ddb> $lines = 0 ? ddb> show panic kernel diagnostic assertion "M_DATABUF(m) + M_SIZE(m) >= (m->m_data + m->m_len)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1335 ddb> trace db_enter() at db_enter+0xa panic() at panic+0x147 __assert(ffffffff813a1834,ffff800021159b30,ffffff006d915f04,c) at __assert+0x24 m_copyback(ffffff006d915ef8,ffffff006d915e00,8,600,100) at m_copyback+0x4a4 swofp_send_error(ffff800001ae4800,ffffff006d915e00,ffff800002acd480,ffffff006d915ef8) at swofp_send_error+0xac swofp_recv_set_config(ffffff006d915e00,ffff800001ae4800) at swofp_recv_set_config+0x46 swofp_input(ffff800001ae4800,ffff800021159cd8) at swofp_input+0xfe switchwrite(ffffff0072c941c8,ffffff0072c941c8,ffff800021159eb8) at switchwrite+0x30e spec_write(ffffffff81dfb940) at spec_write+0xa0 VOP_WRITE(1,ffffff0072c941c8,1,ffffff0068f0a088) at VOP_WRITE+0x65 vn_write(ffffff0068f0a088,ffff800021159eb8,a) at vn_write+0x161 dofilewritev(ffff800021159fe0,1,ffff800021159ff8,ffff8000ffffc008,0) at dofilewritev+0x13e sys_pwritev(ffff80002115a080,ffff8000ffffc008,ffff8000210a5660) at sys_pwritev+0xbf syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffb6,0,4,154ac4b6010) at Xsyscall+0x128 end of kernel --db_more-- end trace frame: 0x157286e2e20, count: -15 ddb> how registers No such command ddb> show proc PROC (syz-executor1) pid=61171 stat=onproc flags process=0 proc=4000000 pri=83, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffd778,0xffffffff81eafaa0 process=0xffff8000210a5660 user=0xffff800021155000, vmspace=0xffffff007f12b948 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 33783 451387 57179 0 2 0 syz-executor1 *33783 61171 57179 0 7 0x4000000 syz-executor1 42923 26898 1 0 3 0x100083 ttyin getty 32664 179656 0 0 3 0x14200 bored sosplice 3919 160822 95556 0 3 0x2 biowait syz-executor0 57179 67108 95556 0 3 0x82 nanosleep syz-executor1 95556 125435 65360 0 3 0x82 thrsleep syz-fuzzer 95556 54823 65360 0 3 0x4000082 nanosleep syz-fuzzer 95556 317097 65360 0 3 0x4000082 thrsleep syz-fuzzer 95556 181187 65360 0 3 0x4000082 kqread syz-fuzzer 95556 151807 65360 0 3 0x4000082 thrsleep syz-fuzzer 95556 149312 65360 0 3 0x4000082 thrsleep syz-fuzzer 95556 499931 65360 0 3 0x4000082 thrsleep syz-fuzzer 65360 449558 41287 0 3 0x10008a pause ksh 41287 366372 79681 0 3 0x92 select sshd 79681 450670 1 0 3 0x80 select sshd 49689 129271 44375 73 3 0x100090 kqread syslogd 44375 214590 1 0 3 0x100082 netio syslogd 94393 245754 1 77 3 0x100090 poll dhclient 733 358692 1 0 3 0x80 poll dhclient 70836 1847 0 0 2 0x14200 zerothread