panic: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *189025 95018 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8076830600,ffffffca) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002e8797f0,ffff800000bfc600,ffff80002e879558,ffff80002e879458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(31700,ffff80002e8797f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002e879650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8076424c08,ffff80002e8797f0,1,fffffd807f7d89c0) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd806c5fd178,ffff80002e8797f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff800021620d20,3,ffff80002e8797f0,1,ffff80002e8798f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002e879960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x11a838cb7c0, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8076830600,ffffffca) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002e8797f0,ffff800000bfc600,ffff80002e879558,ffff80002e879458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(31700,ffff80002e8797f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002e879650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8076424c08,ffff80002e8797f0,1,fffffd807f7d89c0) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd806c5fd178,ffff80002e8797f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff800021620d20,3,ffff80002e8797f0,1,ffff80002e8798f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002e879960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x11a838cb7c0, count: -13 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002e879280 rbx 0x10 rdx 0xffff800000c0c800 rcx 0 rax 0xffff800021620d20 r8 0 r9 0x8080808080808080 r10 0x48602102fd3b5c95 r11 0x421f2909d75b6291 r12 0 r13 0xffffffca r14 0 r15 0x1 rip 0xffffffff824a53a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e879270 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) pid=189025 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800021620a80,0xffff800021620010 process=0xffff80002e7defd8 user=0xffff80002e874000, vmspace=0xfffffd8076dca998 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 80669 279094 39539 0 2 0 syz-executor.0 80669 54899 39539 0 2 0x4000480 syz-executor.0 95018 519178 4888 0 2 0 syz-executor.3 *95018 189025 4888 0 7 0x4000000 syz-executor.3 54182 412412 65968 0 2 0 syz-executor.4 54182 365253 65968 0 3 0x4000080 fsleep syz-executor.4 54182 106824 65968 0 3 0x4000080 fsleep syz-executor.4 29294 460608 79636 0 3 0x80 nanoslp syz-executor.2 29294 217913 79636 0 3 0x4000080 fsleep syz-executor.2 55481 61473 41411 0 2 0 syz-executor.6 55481 27962 41411 0 3 0x4000080 fsleep syz-executor.6 79636 21698 68948 0 3 0x82 nanoslp syz-executor.2 41411 87140 68948 0 2 0x482 syz-executor.6 33970 326281 68948 0 2 0x482 syz-executor.7 39539 203116 68948 0 2 0x482 syz-executor.0 65968 368470 68948 0 3 0x82 nanoslp syz-executor.4 48550 168074 68948 0 2 0x2 syz-executor.1 51707 426126 0 0 3 0x14200 acct acct 4888 84488 68948 0 2 0x482 syz-executor.3 91503 437704 1 0 3 0x100083 ttyin getty 5805 105886 0 0 3 0x14200 bored sosplice 85028 64063 68948 0 2 0x2 syz-executor.5 68948 187304 28803 0 3 0x82 thrsleep syz-fuzzer 68948 331958 28803 0 2 0x4000482 syz-fuzzer 68948 227082 28803 0 3 0x4000082 thrsleep syz-fuzzer 68948 179738 28803 0 3 0x4000082 thrsleep syz-fuzzer 68948 488844 28803 0 3 0x4000082 thrsleep syz-fuzzer 68948 443668 28803 0 3 0x4000082 kqread syz-fuzzer 68948 25479 28803 0 3 0x4000082 thrsleep syz-fuzzer 68948 237385 28803 0 3 0x4000082 thrsleep syz-fuzzer 68948 270788 28803 0 3 0x4000082 thrsleep syz-fuzzer 28803 373716 88105 0 3 0x10008a sigsusp ksh 88105 513141 72027 0 3 0x9a kqread sshd 72027 282497 1 0 3 0x88 kqread sshd 22984 321287 55608 73 3 0x100090 kqread syslogd 55608 492130 1 0 3 0x100082 netio syslogd 25798 169770 1 0 3 0x100080 kqread resolvd 11047 228805 32500 77 3 0x100092 kqread dhcpleased 64574 65522 32500 77 3 0x100092 kqread dhcpleased 32500 508207 1 0 3 0x80 kqread dhcpleased 89557 413032 0 0 3 0x14200 bored smr 92494 426573 0 0 2 0x14200 zerothread 93612 83297 0 0 3 0x14200 aiodoned aiodoned 63715 334321 0 0 3 0x14200 syncer update 78926 265740 0 0 3 0x14200 cleaner cleaner 27612 67107 0 0 3 0x14200 reaper reaper 75031 471012 0 0 3 0x14200 pgdaemon pagedaemon 35527 439549 0 0 3 0x14200 bored viomb 27551 453097 0 0 3 0x40014200 acpi0 acpi0 19555 124251 0 0 3 0x14200 bored softnet 10048 86269 0 0 3 0x14200 bored systqmp 61891 462359 0 0 3 0x14200 bored systq 45992 100826 0 0 2 0x40014200 softclock 75197 342067 0 0 3 0x40014200 idle0 1 150800 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10204 6815K 7766K 78643K 35493 0 pcb 13 14K 16K 78643K 931 0 rtable 188 11K 14K 78643K 2254 0 ifaddr 81 18K 21K 78643K 856 0 sysctl 2 0K 0K 78643K 4 0 counters 26 17K 17K 78643K 118 0 ioctlops 0 0K 4K 78643K 1723 0 iov 0 0K 12K 78643K 854 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1469 92K 92K 78643K 7533 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 47 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 566 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 73K 78643K 6700 0 sigio 1 0K 0K 78643K 44 0 proc 59 55K 79K 78643K 1463 0 subproc 104 6K 6K 78643K 468 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 119 0 in_multi 71 4K 6K 78643K 674 0 ether_multi 1 0K 0K 78643K 73 0 mrt 2 0K 0K 78643K 36 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 85 387K 387K 78643K 85 0 exec 0 0K 2K 78643K 1767 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 368 313K 839K 78643K 81159 0 UVM aobj 131 4K 4K 78643K 137 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 834 0 NDP 11 0K 1K 78643K 180 0 temp 135 4705K 4773K 78643K 68455 0 kqueue 12 18K 28K 78643K 413 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 584 0 581 10 9 1 5 0 8 0 rtentry 112 527 0 457 4 0 4 4 0 8 0 unpcb 136 3235 0 3222 24 19 5 6 0 8 4 syncache 296 23 0 23 6 6 0 1 0 8 0 tcpqe 32 3 0 3 1 1 0 1 0 8 0 tcpcb 736 2250 0 2244 57 47 10 11 0 8 9 arp 88 81 0 71 1 0 1 1 0 8 0 ipq 40 46 0 39 3 2 1 1 0 8 0 ipqe 40 98 0 90 3 2 1 1 0 8 0 inpcb 304 5808 0 5801 59 50 9 16 0 8 8 rttmr 72 14 0 14 3 3 0 1 0 8 0 ip6q 72 2 0 1 1 0 1 1 0 8 0 ip6af 40 3 0 2 1 0 1 1 0 8 0 nd6 48 125 0 105 1 0 1 1 0 8 0 pkpcb 40 54 0 54 4 3 1 1 0 8 1 kcovpl 48 36 0 28 1 0 1 1 0 8 0 ppxss 1152 27 0 27 8 8 0 1 0 8 0 pfstscr 40 83 0 80 1 0 1 1 0 8 0 pfosfp 40 4 0 2 1 0 1 1 0 8 0 pfosfpen 112 4 0 2 1 0 1 1 0 8 0 pfrke_plain 168 5 0 0 1 0 1 1 0 8 0 pfrktable 1344 156 0 146 3 1 2 2 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 112 156 0 153 1 0 1 1 0 8 0 pfstate 320 78 0 76 1 0 1 1 0 8 0 pfrule 1360 427 0 394 12 9 3 12 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 3207 0 2794 44 12 32 32 0 8 0 art_table 32 3208 0 2794 5 0 5 5 0 8 0 art_node 16 526 0 465 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 564 0 554 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 10112 0 8657 92 0 92 92 0 8 0 ffsino 240 10112 0 8657 87 0 87 87 0 8 0 nchpl 144 18978 0 17351 62 0 62 62 0 8 0 rtmask 32 4 0 2 1 0 1 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 67527 0 67526 2 1 1 2 0 8 0 vcpupl 1984 21 0 0 3 0 3 3 0 8 0 vmpool 528 70 0 49 2 0 2 2 0 8 0 pfiaddrpl 120 68 0 48 1 0 1 1 0 8 0 scsiplug 72 12 0 12 4 4 0 1 0 8 0 scxspl 216 53638 0 53638 16 15 1 8 0 8 1 plimitpl 152 440 0 426 1 0 1 1 0 8 0 sigapl 424 6955 0 6914 8 1 7 8 0 8 0 futexpl 64 57743 0 57739 1 0 1 1 0 8 0 knotepl 120 64118 0 64038 11 7 4 11 0 8 0 kqueuepl 184 1480 0 1472 22 21 1 4 0 8 0 pipepl 304 1458 0 1430 30 26 4 8 0 8 1 fdescpl 432 6919 0 6893 4 0 4 4 0 8 0 filepl 120 43240 0 43001 50 36 14 17 0 8 6 lockfpl 104 1754 0 1752 5 3 2 2 0 8 1 lockfspl 48 365 0 363 1 0 1 1 0 8 0 sessionpl 144 52 0 36 1 0 1 1 0 8 0 pgrppl 48 58 0 42 1 0 1 1 0 8 0 ucredpl 96 4890 0 4879 1 0 1 1 0 8 0 zombiepl 144 6914 0 6913 1 0 1 1 0 8 0 processpl 1000 6955 0 6913 9 2 7 9 0 8 0 procpl 672 16481 0 16425 12 6 6 9 0 8 0 sosppl 168 60 0 60 6 5 1 1 0 8 1 sockpl 448 9691 0 9668 160 149 11 25 0 8 8 mcl64k 65536 223 0 223 6 5 1 1 0 8 1 mcl16k 16384 52 0 52 9 8 1 1 0 8 1 mcl12k 12288 235 0 235 4 3 1 1 0 8 1 mcl9k 9216 126 0 126 8 7 1 1 0 8 1 mcl8k 8192 379 0 379 2 1 1 1 0 8 1 mcl4k 4096 724 0 724 2 1 1 1 0 8 1 mcl2k2 2112 42 0 42 12 11 1 1 0 8 1 mcl2k 2048 89973 0 89910 45 32 13 20 0 8 0 mtagpl 96 6103 0 5026 52 20 32 38 0 8 0 mbufpl 256 194551 0 193261 387 292 95 257 0 8 2 bufpl 288 14853 0 8444 458 0 458 458 0 8 0 anonpl 24 1849243 0 1829670 205 61 144 144 0 188 21 amapchunkpl 152 271381 0 270609 945 835 110 662 0 158 77 amappl16 200 17280 0 16605 93 49 44 49 0 8 8 amappl15 192 1335 0 1330 1 0 1 1 0 8 0 amappl14 184 75 0 72 1 0 1 1 0 8 0 amappl13 176 1999 0 1993 1 0 1 1 0 8 0 amappl12 168 1394 0 1390 1 0 1 1 0 8 0 amappl11 160 946 0 935 1 0 1 1 0 8 0 amappl10 152 391 0 390 1 0 1 1 0 8 0 amappl9 144 569 0 565 1 0 1 1 0 8 0 amappl8 136 1747 0 1666 3 0 3 3 0 8 0 amappl7 128 787 0 772 1 0 1 1 0 8 0 amappl6 120 373 0 349 2 1 1 2 0 8 0 amappl5 112 6180 0 6165 1 0 1 1 0 8 0 amappl4 104 2664 0 2633 2 1 1 2 0 8 0 amappl3 96 2628 0 2613 1 0 1 1 0 8 0 amappl2 88 2754 0 2701 3 1 2 3 0 8 0 amappl1 80 121122 0 120580 18 5 13 18 0 8 0 amappl 88 80117 0 79871 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 6989 0 6942 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6989 0 6942 1 0 1 1 0 8 0 vmmpekpl 168 50549 0 50496 4 0 4 4 0 8 0 vmmpepl 168 627113 0 624572 219 87 132 144 0 357 6 vmsppl 272 6988 0 6942 6 2 4 4 0 8 0 rwobjpl 24 148347 0 140655 48 0 48 48 0 8 0 pdppl 4096 13984 0 13905 328 243 85 86 0 8 6 pvpl 32 3390848 0 3367112 389 156 233 259 0 265 37 pmappl 216 6988 0 6942 3 0 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1704 0 804 31 1 30 31 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8076830600,ffffffca) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002e8797f0,ffff800000bfc600,ffff80002e879558,ffff80002e879458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(31700,ffff80002e8797f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002e879650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8076424c08,ffff80002e8797f0,1,fffffd807f7d89c0) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd806c5fd178,ffff80002e8797f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff800021620d20,3,ffff80002e8797f0,1,ffff80002e8798f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002e879960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x11a838cb7c0, count: -13 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254a5ed) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bc195,ffffffff825d144c,568,ffffffff825624d9) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8076830600,ffffffca) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff80002e8797f0,ffff800000bfc600,ffff80002e879558,ffff80002e879458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(31700,ffff80002e8797f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff80002e879650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8076424c08,ffff80002e8797f0,1,fffffd807f7d89c0) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd806c5fd178,ffff80002e8797f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff800021620d20,3,ffff80002e8797f0,1,ffff80002e8798f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff800021620d20,ffff80002e879898,ffff80002e8798f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff80002e879960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x11a838cb7c0, count: -13