panic: kernel diagnostic assertion "part >= 0 && part < MAXPARTITIONS" failed: file "/syzkaller/managers/main/kernel/sys/kern/subr_disk.c", line 1169 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *424365 16395 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336f9a2) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a991a,ffffffff83347771,491,ffffffff8339e6c4) at __assert+0x29 sys/kern/subr_prf.c:-1 disk_openpart(ffff800000025c48,16,2000,1) at disk_openpart+0x20d sdopen(d16,1,2000,ffff80002a7ccd10) at sdopen+0x261 sys/scsi/sd.c:429 spec_open(ffff80003c9fefe8) at spec_open+0x2d6 sys/kern/spec_vnops.c:150 VOP_OPEN(fffffd806ccb4bf0,1,fffffd8007bfd750,ffff80002a7ccd10) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138 vn_open(ffff80003c9ff230,1,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a7ccd10,ffffff9c,200000000000,0,0,ffff80003c9ff3d0) at doopenat+0x34d sys/kern/vfs_syscalls.c:1138 syscall(ffff80003c9ff480) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9ff480) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6e6eb9235c0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "part >= 0 && part < MAXPARTITIONS" failed: file "/syzkaller/managers/main/kernel/sys/kern/subr_disk.c", line 1169 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336f9a2) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a991a,ffffffff83347771,491,ffffffff8339e6c4) at __assert+0x29 sys/kern/subr_prf.c:-1 disk_openpart(ffff800000025c48,16,2000,1) at disk_openpart+0x20d sdopen(d16,1,2000,ffff80002a7ccd10) at sdopen+0x261 sys/scsi/sd.c:429 spec_open(ffff80003c9fefe8) at spec_open+0x2d6 sys/kern/spec_vnops.c:150 VOP_OPEN(fffffd806ccb4bf0,1,fffffd8007bfd750,ffff80002a7ccd10) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138 vn_open(ffff80003c9ff230,1,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a7ccd10,ffffff9c,200000000000,0,0,ffff80003c9ff3d0) at doopenat+0x34d sys/kern/vfs_syscalls.c:1138 syscall(ffff80003c9ff480) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9ff480) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6e6eb9235c0, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c9fedc0 rbx 0xffff800000025c48 rdx 0xffff800001469ac0 rcx 0 rax 0xffff80002a7ccd10 r8 0x101010101010101 r9 0x8080808080808080 r10 0x1887a57045d31bb8 r11 0x57f943186b1c78b9 r12 0 r13 0x1 r14 0 r15 0x1 rip 0xffffffff81666de5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c9fedb0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=424365 pid=16395 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7cc018,0xffff80003c948d38 process=0xffff80003c9c3620 user=0xffff80003c9fa000, vmspace=0xfffffd806cb1ea20 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 60138 300455 33022 0 2 0 syz-executor 60138 185914 33022 0 3 0x4000080 fsleep syz-executor 16395 275668 21930 0 2 0 syz-executor *16395 424365 21930 0 7 0x4000000 syz-executor 53284 165091 18372 0 2 0 syz-executor 53284 449225 18372 0 3 0x4000080 fsleep syz-executor 10070 439109 93479 0 2 0 syz-executor 10070 328209 93479 0 3 0x4000080 fsleep syz-executor 16130 361183 25459 0 3 0x80 nanoslp syz-executor 16130 321950 25459 0 3 0x4000080 kqread syz-executor 16130 55649 25459 0 3 0x4000080 fsleep syz-executor 81947 357852 56622 0 3 0x80 nanoslp syz-executor 81947 141257 56622 0 3 0x4000080 kqread syz-executor 81947 478532 56622 0 3 0x4000080 fsleep syz-executor 74281 63047 0 0 3 0x14200 acct acct 88025 454696 1 0 3 0x100083 ttyin getty 89414 348423 85583 0 2 0x2 syz-executor 25459 512700 85583 0 3 0x82 nanoslp syz-executor 73511 435330 0 0 3 0x14280 nfsidl nfsio 8819 269471 0 0 3 0x14280 nfsidl nfsio 4679 371570 0 0 3 0x14280 nfsidl nfsio 44357 360004 0 0 3 0x14280 nfsidl nfsio 63240 519993 0 0 3 0x14280 nfsidl nfsio 66505 508847 0 0 3 0x14280 nfsidl nfsio 63267 67968 0 0 3 0x14280 nfsidl nfsio 71817 373589 0 0 3 0x14280 nfsidl nfsio 91472 84735 0 0 3 0x14280 nfsidl nfsio 83820 400567 0 0 3 0x14280 nfsidl nfsio 39529 350549 0 0 3 0x14280 nfsidl nfsio 72446 236784 0 0 3 0x14280 nfsidl nfsio 48095 10076 0 0 3 0x14280 nfsidl nfsio 87994 119896 0 0 3 0x14280 nfsidl nfsio 95494 339429 0 0 3 0x14280 nfsidl nfsio 66336 151074 0 0 3 0x14280 nfsidl nfsio 87605 63281 0 0 3 0x14280 nfsidl nfsio 8423 342565 0 0 3 0x14280 nfsidl nfsio 2057 399930 0 0 3 0x14280 nfsidl nfsio 17973 288081 0 0 3 0x14280 nfsidl nfsio 21930 299832 85583 0 3 0x82 nanoslp syz-executor 94933 100141 85583 0 2 0x2 syz-executor 93479 315666 85583 0 3 0x82 nanoslp syz-executor 18372 271411 85583 0 3 0x82 nanoslp syz-executor 56622 203140 85583 0 3 0x82 nanoslp syz-executor 33022 3959 85583 0 3 0x82 nanoslp syz-executor 85583 122121 77445 0 3 0x82 kqread syz-executor 77445 90038 22216 0 3 0x10008a sigsusp ksh 22216 272317 50935 0 3 0x98 kqread sshd-session 50935 184540 88253 0 3 0x92 kqread sshd-session 88253 447394 1 0 3 0x88 kqread sshd 99648 241076 83984 73 3 0x1100090 kqread syslogd 83984 30576 1 0 3 0x100082 sbwait syslogd 57656 280049 1 0 3 0x100080 kqread resolvd 64059 501119 85660 77 3 0x100092 kqread dhcpleased 12383 51591 85660 77 3 0x100092 kqread dhcpleased 85660 383628 1 0 3 0x80 kqread dhcpleased 85057 480693 0 0 3 0x14200 bored smr 59288 458004 0 0 2 0x14200 zerothread 51355 140910 0 0 3 0x14200 aiodoned aiodoned 95317 406612 0 0 3 0x14200 syncer update 50902 485220 0 0 3 0x14200 cleaner cleaner 74110 377200 0 0 3 0x14200 reaper reaper 34609 474210 0 0 3 0x14200 pgdaemon pagedaemon 75668 175604 0 0 3 0x14200 bored viomb 44658 257317 0 0 3 0x40014200 acpi0 acpi0 22900 497687 0 0 2 0x14200 softnet0 98866 192435 0 0 3 0x14200 bored systqmp 83573 276723 0 0 3 0x14200 bored systq 88493 226645 0 0 3 0x40014200 tmoslp softclock 24455 418526 0 0 3 0x40014200 idle0 1 488328 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10195 11116K 11844K 166960K 16883 0 pcb 18 16K 19K 166960K 622 0 rtable 224 12K 12K 166960K 920 0 pf 31 13K 15K 166960K 278 0 ifaddr 36 6K 11K 166960K 191 0 ifgroup 50 2K 2K 166960K 308 0 sysctl 4 1K 9K 166960K 36 0 counters 32 17K 18K 166960K 176 0 ioctlops 0 0K 4K 166960K 474 0 iov 0 0K 28K 166960K 303 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1431 90K 91K 166960K 4108 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 16 0 VM map 2 1K 1K 166960K 2 0 sem 28 17K 17K 166960K 113 0 dirhash 12 2K 2K 166960K 48 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 2548 0 sigio 0 0K 0K 166960K 158 0 proc 60 59K 100K 166960K 774 0 subproc 72 4K 4K 166960K 93 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 432 0 in_multi 71 5K 7K 166960K 340 0 ether_multi 1 0K 0K 166960K 30 0 mrt 2 0K 0K 166960K 15 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 133 599K 599K 166960K 133 0 exec 0 0K 1K 166960K 939 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 217 150K 172K 166960K 24164 0 UVM aobj 133 16K 16K 166960K 134 0 pinsyscall 37 74K 96K 166960K 3757 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 284 0 NDP 11 0K 2K 166960K 145 0 temp 82 8660K 8916K 166960K 102590 0 kqueue 14 22K 34K 166960K 546 0 SYN cache 2 8K 16K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 233 0 230 2 0 2 2 0 8 1 rtentry 136 292 0 215 4 0 4 4 0 8 0 unpcb 144 2015 0 1999 6 0 6 6 0 8 5 syncache 336 22 0 22 2 1 1 1 0 8 1 tcpqe 32 11 0 11 2 1 1 1 0 8 1 tcpcb 736 1207 0 1199 14 6 8 8 0 8 6 arp 96 37 0 22 1 0 1 1 0 8 0 ipq 40 2 0 2 1 0 1 1 0 8 1 ipqe 40 2 0 2 1 0 1 1 0 8 1 inpcb 328 2871 0 2859 17 7 10 12 0 8 8 nd6 112 52 0 38 1 0 1 1 0 8 0 pkpcb 40 119 0 119 2 1 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 mppekey 1024 3 0 3 1 0 1 1 0 8 1 ppxss 1072 117 0 117 1 0 1 1 0 8 1 pppxif 1384 9 0 9 1 0 1 1 0 8 1 pffrag 232 30 0 25 2 0 2 2 0 482 1 pffrnode 88 30 0 25 1 0 1 1 0 8 0 pffrent 40 46 0 41 1 0 1 1 0 8 0 pfstitem 24 1 0 0 1 0 1 1 0 8 0 pfstkey 128 1 0 0 1 0 1 1 0 8 0 pfstate 384 1 0 0 1 0 1 1 0 8 0 pfrule 1344 3 0 3 2 1 1 1 0 8 1 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 6 0 2 6 0 6 6 0 8 2 art_heap4 256 1400 0 1091 50 9 41 47 0 8 21 art_table 40 1406 0 1093 8 0 8 8 0 8 3 art_node 32 287 0 222 2 0 2 2 0 8 0 sysvmsgpl 40 20 0 11 2 1 1 1 0 8 0 semupl 112 6 0 6 1 0 1 1 0 8 1 semapl 112 103 0 77 1 0 1 1 0 8 0 shmpl 112 125 0 1 4 0 4 4 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 6509 0 5008 95 0 95 95 0 8 0 ffsino 256 6509 0 5008 95 0 95 95 0 8 0 nchpl 144 10148 0 8448 64 0 64 64 0 8 0 rtmask 32 28 0 28 1 0 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 37192 0 37191 3 2 1 2 0 8 0 vcpupl 3904 6 0 0 1 0 1 1 0 8 0 vmpool 800 6 0 0 1 0 1 1 0 8 0 kstatmem 264 204 0 182 3 0 3 3 0 8 1 scsiplug 72 17 0 17 2 1 1 1 0 8 1 scxspl 216 29526 0 29526 10 2 8 8 1 8 8 plimitpl 152 812 0 794 1 0 1 1 0 8 0 sigapl 424 2864 0 2802 8 0 8 8 0 8 0 knotepl 120 103303 0 103255 52 42 10 17 0 8 7 kqueuepl 184 1158 0 1145 5 0 5 5 0 8 4 pipepl 304 680 0 652 10 2 8 8 0 8 5 fdescpl 448 2825 0 2797 5 1 4 5 0 8 0 filepl 120 22241 0 22017 21 5 16 18 0 8 7 lockfpl 104 1514 0 1512 4 0 4 4 0 8 3 lockfspl 48 442 0 440 1 0 1 1 0 8 0 sessionpl 144 44 0 36 1 0 1 1 0 8 0 pgrppl 48 95 0 79 1 0 1 1 0 8 0 ucredpl 104 4074 0 4063 1 0 1 1 0 8 0 zombiepl 144 2802 0 2802 1 0 1 1 0 8 1 processpl 1152 2864 0 2802 5 0 5 5 0 8 0 procpl 664 6367 0 6297 8 0 8 8 0 8 1 sosppl 176 12 0 12 1 0 1 1 0 8 1 sockpl 552 5307 0 5276 24 12 12 15 0 8 8 mcl64k 65536 451 0 450 3 0 3 3 0 8 2 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 5 0 5 1 0 1 1 0 8 1 mcl8k 8192 64 0 64 2 1 1 1 0 8 1 mcl4k 4096 5759 0 5707 15 7 8 15 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 3962 0 3956 8 1 7 7 0 8 5 mtagpl 96 275 0 172 5 0 5 5 0 8 2 mbufpl 256 33632 0 33388 77 53 24 76 0 8 5 bufpl 280 8378 0 2156 445 0 445 445 0 8 0 anonpl 24 366598 0 363442 80 23 57 57 0 187 28 amapchunkpl 152 84500 0 84062 53 12 41 41 0 158 21 amappl16 200 5956 0 5919 35 23 12 15 0 8 8 amappl15 192 24 0 24 1 1 0 1 0 8 0 amappl14 184 23 0 23 2 1 1 1 0 8 1 amappl13 176 427 0 426 1 0 1 1 0 8 0 amappl12 168 3245 0 3208 2 0 2 2 0 8 0 amappl11 160 17 0 17 1 1 0 1 0 8 0 amappl10 152 75 0 65 1 0 1 1 0 8 0 amappl9 144 257 0 256 2 1 1 1 0 8 0 amappl8 136 21 0 19 1 0 1 1 0 8 0 amappl7 128 92 0 90 1 0 1 1 0 8 0 amappl6 120 352 0 340 1 0 1 1 0 8 0 amappl5 112 85 0 77 1 0 1 1 0 8 0 amappl4 104 504 0 479 1 0 1 1 0 8 0 amappl3 96 14700 0 14617 3 0 3 3 0 8 0 amappl2 88 3090 0 3020 2 0 2 2 0 8 0 amappl1 80 23913 0 23377 13 0 13 13 0 8 0 amappl 88 22885 0 22736 5 0 5 5 0 92 0 uvmvnodes 80 157 0 0 4 0 4 4 0 8 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 0 1 1 0 8 1 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 261 0 261 2 1 1 1 0 8 1 dma64 64 41 0 41 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 133 0 1 3 0 3 3 0 8 0 uaddrrnd 24 2825 0 2797 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2825 0 2797 1 0 1 1 0 8 0 vmmpekpl 168 23602 0 23562 3 0 3 3 0 8 0 vmmpepl 168 183074 0 181331 104 6 98 98 0 357 11 vmsppl 368 2824 0 2797 4 1 3 4 0 8 0 rwobjpl 40 45573 0 44447 14 0 14 14 0 8 0 pdppl 4096 5668 0 5600 129 57 72 82 0 8 4 pvpl 32 1167209 0 1158518 188 39 149 149 0 265 55 pmappl 216 2830 0 2797 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 520 0 141 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336f9a2) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a991a,ffffffff83347771,491,ffffffff8339e6c4) at __assert+0x29 sys/kern/subr_prf.c:-1 disk_openpart(ffff800000025c48,16,2000,1) at disk_openpart+0x20d sdopen(d16,1,2000,ffff80002a7ccd10) at sdopen+0x261 sys/scsi/sd.c:429 spec_open(ffff80003c9fefe8) at spec_open+0x2d6 sys/kern/spec_vnops.c:150 VOP_OPEN(fffffd806ccb4bf0,1,fffffd8007bfd750,ffff80002a7ccd10) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138 vn_open(ffff80003c9ff230,1,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a7ccd10,ffffff9c,200000000000,0,0,ffff80003c9ff3d0) at doopenat+0x34d sys/kern/vfs_syscalls.c:1138 syscall(ffff80003c9ff480) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9ff480) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6e6eb9235c0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336f9a2) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a991a,ffffffff83347771,491,ffffffff8339e6c4) at __assert+0x29 sys/kern/subr_prf.c:-1 disk_openpart(ffff800000025c48,16,2000,1) at disk_openpart+0x20d sdopen(d16,1,2000,ffff80002a7ccd10) at sdopen+0x261 sys/scsi/sd.c:429 spec_open(ffff80003c9fefe8) at spec_open+0x2d6 sys/kern/spec_vnops.c:150 VOP_OPEN(fffffd806ccb4bf0,1,fffffd8007bfd750,ffff80002a7ccd10) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138 vn_open(ffff80003c9ff230,1,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a7ccd10,ffffff9c,200000000000,0,0,ffff80003c9ff3d0) at doopenat+0x34d sys/kern/vfs_syscalls.c:1138 syscall(ffff80003c9ff480) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9ff480) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6e6eb9235c0, count: -11