panic: kernel diagnostic assertion "M_DATABUF(m) + M_SIZE(m) >= (m->m_data + m->m_len)" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/uipc_mbuf.c", line 1335 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 422778 82896 0 0 0 0 syz-executor1 *222979 82896 0 0 0x4000000 1K syz-executor1 db_enter() at db_enter+0xa panic() at panic+0x147 __assert(ffffffff81521464,ffff800021194c00,ffffff0063805204,c) at __assert+0x24 m_copyback(ffffff00638051f8,ffffff0063805100,8,0,0) at m_copyback+0x4e9 swofp_send_error(ffff800001aee000,ffffff0063805100,ffff800001ae7680,ffffffff81b2cc70) at swofp_send_error+0xac swofp_recv_hello(ffffff0063805100,ffff800001aee000) at swofp_recv_hello+0x3f swofp_input(ffff800001aee000,ffff800021194d98) at swofp_input+0xfe switchwrite(ffffff0061820788,ffffff0061820788,ffff800021194f78) at switchwrite+0x30e spec_write(ffffffff81e4c3d0) at spec_write+0xa8 VOP_WRITE(1,ffffff0061820788,1,ffffff006873abc8) at VOP_WRITE+0x65 vn_write(ffffff006873abc8,ffff800021194f78,87) at vn_write+0x161 dofilewritev(ffff8000211950a0,1,ffff8000211950b8,ffff8000210a2270,0) at dofilewritev+0x13e sys_pwritev(10c0,ffff8000210a2270,0) at sys_pwritev+0xbf syscall(0) at syscall+0x489 end trace frame: 0xffff8000211951c0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic kernel diagnostic assertion "M_DATABUF(m) + M_SIZE(m) >= (m->m_data + m->m_len)" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/uipc_mbuf.c", line 1335 ddb{1}> trace db_enter() at db_enter+0xa panic() at panic+0x147 __assert(ffffffff81521464,ffff800021194c00,ffffff0063805204,c) at __assert+0x24m_copyback(ffffff00638051f8,ffffff0063805100,8,0,0) at m_copyback+0x4e9 swofp_send_error(ffff800001aee000,ffffff0063805100,ffff800001ae7680,ffffffff81b2cc70) at swofp_send_error+0xac swofp_recv_hello(ffffff0063805100,ffff800001aee000) at swofp_recv_hello+0x3f swofp_input(ffff800001aee000,ffff800021194d98) at swofp_input+0xfe switchwrite(ffffff0061820788,ffffff0061820788,ffff800021194f78) at switchwrite+0x30e spec_write(ffffffff81e4c3d0) at spec_write+0xa8 VOP_WRITE(1,ffffff0061820788,1,ffffff006873abc8) at VOP_WRITE+0x65 vn_write(ffffff006873abc8,ffff800021194f78,87) at vn_write+0x161 dofilewritev(ffff8000211950a0,1,ffff8000211950b8,ffff8000210a2270,0) at dofilewritev+0x13e sys_pwritev(10c0,ffff8000210a2270,0) at sys_pwritev+0xbf syscall(0) at syscall+0x489 Xsyscall(6,0,ffffffffffffffb8,0,4,3fbcc7071a0) at Xsyscall+0x128 end of kernel end trace frame: 0x3fe1d02e7b0, count: -15 ddb{1}> show registers rdi 0xffffffff81e2ec58 kprintf_mutex rsi 0xffffffff81b67d99 db_enter+0x9 rbp 0xffff800021194b60 rbx 0xffff800021194c00 rdx 0xffff800002ed7000 rcx 0x4628 __ALIGN_SIZE+0x3628 rax 0xffff800002ed7000 r8 0xffff800021194b30 r9 0x8080808080808080 r10 0 r11 0xffffffff819e6130 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff800021194b70 r14 0x100 r15 0xffffffff81bf400f cmd0646_9_tim_udma+0x20bde rip 0xffffffff81b67d9a db_enter+0xa cs 0x8 rflags 0x206 rsp 0xffff800021194b60 ss 0x10 db_enter+0xa: popq %rbp ddb{1}> show proc PROC (syz-executor1) pid=222979 stat=onproc flags process=0 proc=4000000 pri=84, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a32d8,0xffffffff81eac508 process=0xffff8000210b6cc0 user=0xffff800021190000, vmspace=0xffffff007f124000 estcpu=34, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 82896 422778 77497 0 7 0 syz-executor1 82896 220947 77497 0 3 0x4000080 switchread syz-executor1 82896 99101 77497 0 2 0x4000000 syz-executor1 *82896 222979 77497 0 7 0x4000000 syz-executor1 2262 416062 1 0 3 0x100083 ttyin getty 35729 201395 0 0 3 0x14200 bored sosplice 77497 9184 3158 0 3 0x82 nanosleep syz-executor1 51965 404079 3158 0 3 0x82 piperd syz-executor0 3158 53873 91329 0 3 0x82 thrsleep syz-fuzzer 3158 283077 91329 0 3 0x4000082 thrsleep syz-fuzzer 3158 110472 91329 0 3 0x4000082 thrsleep syz-fuzzer 3158 182600 91329 0 3 0x4000082 kqread syz-fuzzer 3158 448251 91329 0 3 0x4000082 thrsleep syz-fuzzer 3158 57503 91329 0 3 0x4000082 thrsleep syz-fuzzer 3158 65225 91329 0 3 0x4000082 thrsleep syz-fuzzer 3158 393995 91329 0 3 0x4000082 thrsleep syz-fuzzer 3158 494913 91329 0 3 0x4000082 thrsleep syz-fuzzer 3158 384713 91329 0 3 0x4000082 thrsleep syz-fuzzer 91329 358228 22281 0 3 0x10008a pause ksh 22281 245551 63066 0 3 0x92 select sshd 63066 184644 1 0 3 0x80 select sshd 79267 55430 27763 73 3 0x100010 ffs_fsync syslogd 27763 346860 1 0 3 0x100082 netio syslogd 68311 376260 1 77 3 0x100090 poll dhclient 50506 341094 1 0 3 0x80 poll dhclient 4874 150938 0 0 3 0x14200 pgzero zerothread 20524 274662 0 0 3 0x14200 aiodoned aiodoned 18930 262967 0 0 3 0x14200 syncer update 31478 419227 0 0 3 0x14200 cleaner cleaner 85373 397488 0 0 3 0x14200 reaper reaper 11993 150566 0 0 3 0x14200 pgdaemon pagedaemon 95589 494544 0 0 3 0x14200 bored crynlk 95729 315610 0 0 3 0x14200 bored crypto 29170 480221 0 0 3 0x40014200 acpi0 acpi0 72121 291077 0 0 3 0x40014200 idle1 78939 24422 0 0 3 0x14200 bored softnet 37766 481030 0 0 3 0x14200 bored systqmp 31511 521184 0 0 3 0x14200 bored systq 65543 334979 0 0 3 0x40014200 bored softclock 36266 31439 0 0 3 0x40014200 idle0 1 265436 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper