panic: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *390998 81478 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547276) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bae63,ffffffff825cabcb,568,ffffffff8255b781) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8067e37900,ffffffe1) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800027f957f0,ffff800000c27a00,ffff800027f95558,ffff800027f95458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800027f957f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff800027f95650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e17d960,ffff800027f957f0,1,fffffd807f7d8660) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8063df9f18,ffff800027f957f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff8000230d97b0,3,ffff800027f957f0,1,ffff800027f958f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff800027f95960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a47448c700, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "len >= 0 && !M_READONLY(m)" failed: file "/syzkaller/managers/main/kernel/sys/kern/uipc_mbuf.c", line 1384 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547276) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bae63,ffffffff825cabcb,568,ffffffff8255b781) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8067e37900,ffffffe1) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800027f957f0,ffff800000c27a00,ffff800027f95558,ffff800027f95458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800027f957f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff800027f95650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e17d960,ffff800027f957f0,1,fffffd807f7d8660) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8063df9f18,ffff800027f957f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff8000230d97b0,3,ffff800027f957f0,1,ffff800027f958f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff800027f95960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a47448c700, count: -13 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800027f95280 rbx 0x28 rdx 0xffff800000bace00 rcx 0 rax 0xffff8000230d97b0 r8 0 r9 0x8080808080808080 r10 0x9ada54bde4702d4d r11 0xb9141fccc8e9bc29 r12 0 r13 0xffffffe1 r14 0 r15 0x1 rip 0xffffffff81e942b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800027f95270 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) pid=390998 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff8000230d9cf0,0xffff8000215ef510 process=0xffff8000216ad3b0 user=0xffff800027f90000, vmspace=0xfffffd806c4acbc0 estcpu=23, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 9347 50336 27013 0 2 0 syz-executor.6 9347 19617 27013 0 2 0x4000000 syz-executor.6 73801 263680 2744 0 2 0 syz-executor.7 73801 465969 2744 0 3 0x4000080 fsleep syz-executor.7 81478 474731 77664 0 2 0 syz-executor.3 *81478 390998 77664 0 7 0x4000000 syz-executor.3 63968 352308 4820 0 2 0 syz-executor.5 63968 110123 4820 0 3 0x4000080 fsleep syz-executor.5 82810 102682 67483 0 2 0 syz-executor.4 82810 431148 67483 0 3 0x4000080 fsleep syz-executor.4 82810 81390 67483 0 3 0x4000080 fsleep syz-executor.4 82810 251502 67483 0 3 0x4000080 fsleep syz-executor.4 69687 409429 15847 0 2 0 syz-executor.0 69687 213393 15847 0 3 0x4000080 netio syz-executor.0 4820 367309 25894 0 3 0x82 nanoslp syz-executor.5 2744 271827 25894 0 3 0x82 nanoslp syz-executor.7 67483 250203 25894 0 3 0x82 nanoslp syz-executor.4 77664 506772 25894 0 3 0x82 nanoslp syz-executor.3 15847 384044 25894 0 3 0x82 nanoslp syz-executor.0 27013 510284 25894 0 2 0x482 syz-executor.6 15843 164076 25894 0 2 0x482 syz-executor.1 25894 99388 31478 0 3 0x82 thrsleep syz-fuzzer 25894 10472 31478 0 2 0x4000482 syz-fuzzer 25894 126560 31478 0 3 0x4000082 thrsleep syz-fuzzer 25894 333351 31478 0 3 0x4000082 thrsleep syz-fuzzer 25894 210506 31478 0 3 0x4000082 thrsleep syz-fuzzer 25894 24582 31478 0 3 0x4000082 thrsleep syz-fuzzer 25894 433722 31478 0 3 0x4000082 thrsleep syz-fuzzer 25894 329631 31478 0 2 0x4000482 syz-fuzzer 25894 311003 31478 0 3 0x4000082 thrsleep syz-fuzzer 31478 72253 67138 0 3 0x10008a sigsusp ksh 67138 293356 41572 0 3 0x9a kqread sshd 26879 10805 1 0 3 0x100083 ttyin getty 41572 411120 1 0 3 0x88 kqread sshd 61458 343295 15909 73 3 0x100090 kqread syslogd 15909 60084 1 0 3 0x100082 netio syslogd 39152 54584 1 0 3 0x100080 kqread resolvd 25886 377388 65532 77 3 0x100092 kqread dhcpleased 75205 315877 65532 77 3 0x100092 kqread dhcpleased 65532 458875 1 0 3 0x80 kqread dhcpleased 4644 180193 0 0 3 0x14200 bored smr 74338 345379 0 0 2 0x14200 zerothread 37861 321120 0 0 3 0x14200 aiodoned aiodoned 71161 275841 0 0 3 0x14200 syncer update 70052 482388 0 0 3 0x14200 cleaner cleaner 96523 397175 0 0 3 0x14200 reaper reaper 90068 57265 0 0 3 0x14200 pgdaemon pagedaemon 23062 76587 0 0 3 0x14200 bored viomb 84926 224067 0 0 3 0x40014200 acpi0 acpi0 23490 174033 0 0 3 0x14200 bored softnet 29054 352375 0 0 3 0x14200 bored systqmp 15047 174458 0 0 3 0x14200 bored systq 64313 124138 0 0 3 0x40014200 bored softclock 3964 28113 0 0 3 0x40014200 idle0 1 144318 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10167 6471K 6996K 78643K 12082 0 pcb 13 11K 13K 78643K 188 0 rtable 226 9K 12K 78643K 535 0 ifaddr 79 17K 18K 78643K 120 0 counters 26 17K 17K 78643K 29 0 ioctlops 0 0K 4K 78643K 265 0 iov 0 0K 12K 78643K 34 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1333 83K 83K 78643K 1830 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 84 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 82K 78643K 620 0 proc 58 55K 96K 78643K 523 0 subproc 91 5K 6K 78643K 130 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 165 0 in_multi 84 5K 6K 78643K 173 0 ether_multi 1 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 754 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 296 69K 81K 78643K 8775 0 UVM aobj 6 5K 5K 78643K 6 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 97 0 NDP 10 0K 1K 78643K 41 0 temp 119 4692K 4757K 78643K 6500 0 kqueue 12 18K 24K 78643K 56 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 75 0 72 1 0 1 1 0 8 0 rtentry 112 153 0 57 4 0 4 4 0 8 0 unpcb 136 596 0 577 6 2 4 6 0 8 3 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 621 0 621 1 1 0 1 0 8 0 tcpcb 736 189 0 185 14 12 2 9 0 8 1 arp 88 22 0 6 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 4 0 3 1 0 1 1 0 8 0 inpcb 304 554 0 547 16 10 6 6 0 8 5 nd6 48 38 0 19 1 0 1 1 0 8 0 kcovpl 48 10 0 3 1 0 1 1 0 8 0 pfstscr 40 74 0 73 1 0 1 1 0 8 0 pfrktable 1344 22 0 15 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 148 0 146 1 0 1 1 0 8 0 pfstate 320 74 0 73 1 0 1 1 0 8 0 pfrule 1360 43 0 16 3 0 3 3 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 636 0 244 29 4 25 29 0 8 0 art_table 32 637 0 244 4 0 4 4 0 8 0 art_node 16 152 0 64 1 0 1 1 0 8 0 sysvmsgpl 40 69 0 47 1 0 1 1 0 8 0 semapl 112 82 0 72 1 0 1 1 0 8 0 shmpl 112 3 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2357 0 930 90 0 90 90 0 8 0 ffsino 240 2357 0 930 85 0 85 85 0 8 0 nchpl 144 3251 0 1628 63 0 63 63 0 8 0 uvmvnodes 80 2693 0 0 55 0 55 55 0 8 0 vnodes 224 2693 0 0 159 0 159 159 0 8 0 namei 1024 12043 0 12043 2 1 1 2 0 8 1 pfiaddrpl 120 12 0 3 1 0 1 1 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 10202 0 10202 9 8 1 8 0 8 1 plimitpl 152 45 0 32 1 0 1 1 0 8 0 sigapl 424 900 0 861 6 1 5 6 0 8 0 futexpl 64 5660 0 5655 1 0 1 1 0 8 0 knotepl 120 12378 0 12304 4 0 4 4 0 8 0 kqueuepl 184 147 0 138 4 3 1 4 0 8 0 pipepl 304 337 0 312 8 5 3 8 0 8 0 fdescpl 432 887 0 861 4 0 4 4 0 8 0 filepl 120 6231 0 6007 16 6 10 14 0 8 1 lockfpl 104 84 0 82 1 0 1 1 0 8 0 lockfspl 48 38 0 36 1 0 1 1 0 8 0 sessionpl 144 25 0 10 1 0 1 1 0 8 0 pgrppl 48 30 0 15 1 0 1 1 0 8 0 ucredpl 96 1557 0 1546 1 0 1 1 0 8 0 zombiepl 144 861 0 860 1 0 1 1 0 8 0 processpl 1000 900 0 860 6 0 6 6 0 8 0 procpl 672 1616 0 1560 9 3 6 7 0 8 0 sockpl 448 1229 0 1200 29 19 10 18 0 8 6 mcl64k 65536 30 0 30 2 1 1 1 0 8 1 mcl16k 16384 13 0 13 3 2 1 1 0 8 1 mcl12k 12288 22 0 22 2 1 1 1 0 8 1 mcl9k 9216 10 0 10 3 2 1 1 0 8 1 mcl8k 8192 61 0 61 4 3 1 1 0 8 1 mcl4k 4096 85 0 85 3 2 1 1 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 74750 0 74689 17 8 9 16 0 8 0 mtagpl 96 65 0 38 2 1 1 1 0 8 0 mbufpl 256 124844 0 124505 24 0 24 24 0 8 0 bufpl 288 4758 0 146 330 0 330 330 0 8 0 anonpl 24 228591 0 212864 141 20 121 140 0 188 0 amapchunkpl 152 21706 0 20945 46 14 32 43 0 158 0 amappl16 200 3169 0 2545 47 7 40 46 0 8 0 amappl15 192 154 0 149 1 0 1 1 0 8 0 amappl14 184 57 0 54 1 0 1 1 0 8 0 amappl13 176 205 0 203 1 0 1 1 0 8 0 amappl12 168 40 0 36 1 0 1 1 0 8 0 amappl11 160 100 0 88 1 0 1 1 0 8 0 amappl10 152 94 0 88 1 0 1 1 0 8 0 amappl9 144 527 0 523 1 0 1 1 0 8 0 amappl8 136 657 0 612 2 0 2 2 0 8 0 amappl7 128 174 0 163 1 0 1 1 0 8 0 amappl6 120 264 0 243 2 1 1 2 0 8 0 amappl5 112 757 0 738 1 0 1 1 0 8 0 amappl4 104 918 0 894 2 1 1 2 0 8 0 amappl3 96 224 0 213 1 0 1 1 0 8 0 amappl2 88 721 0 674 3 1 2 3 0 8 0 amappl1 80 18875 0 18325 18 5 13 18 0 8 0 amappl 88 8305 0 8074 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 5 0 0 1 0 1 1 0 8 0 uaddrrnd 24 887 0 861 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 887 0 861 1 0 1 1 0 8 0 vmmpekpl 168 11349 0 11311 3 0 3 3 0 8 0 vmmpepl 168 88718 0 86286 161 40 121 154 0 357 12 vmsppl 272 886 0 861 4 2 2 3 0 8 0 rwobjpl 24 24886 0 20664 26 0 26 26 0 8 0 pdppl 4096 1780 0 1722 132 68 64 74 0 8 6 pvpl 32 513187 0 493316 260 57 203 260 0 265 9 pmappl 216 886 0 861 2 0 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 778 0 124 19 0 19 19 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547276) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bae63,ffffffff825cabcb,568,ffffffff8255b781) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8067e37900,ffffffe1) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800027f957f0,ffff800000c27a00,ffff800027f95558,ffff800027f95458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800027f957f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff800027f95650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e17d960,ffff800027f957f0,1,fffffd807f7d8660) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8063df9f18,ffff800027f957f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff8000230d97b0,3,ffff800027f957f0,1,ffff800027f958f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff800027f95960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a47448c700, count: -13 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82547276) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825bae63,ffffffff825cabcb,568,ffffffff8255b781) at __assert+0x25 sys/kern/subr_prf.c:161 m_align(fffffd8067e37900,ffffffe1) at m_align+0x1a0 sys/kern/uipc_mbuf.c:1385 bpf_movein(ffff800027f957f0,ffff800000c27a00,ffff800027f95558,ffff800027f95458) at bpf_movein+0x25e sys/net/bpf.c:228 bpfwrite(21700,ffff800027f957f0,1) at bpfwrite+0x128 sys/net/bpf.c:644 spec_write(ffff800027f95650) at spec_write+0xcb sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e17d960,ffff800027f957f0,1,fffffd807f7d8660) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8063df9f18,ffff800027f957f0,1) at vn_write+0x19c sys/kern/vfs_vnops.c:414 dofilewritev(ffff8000230d97b0,3,ffff800027f957f0,1,ffff800027f958f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3354 [inline] sys_pad_pwrite(ffff8000230d97b0,ffff800027f95898,ffff800027f958f0) at sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3426 syscall(ffff800027f95960) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a47448c700, count: -13