syzbot hit this panic with the 32-bit fuzzer, no reproducer:
https://syzkaller.appspot.com/bug?id=e47f8199fc594faea8cec1fa52354df6fd30e293

From reading the code, I believe the problem is that freebsd32_sendmsg()
and freebsd32_recvmsg() copyin the msghdr32, but then
freebsd32_copyinmsghdr() does it again. The iov pointer and iovlen from
the first copy are used to copyin the iovec, but the iovlen from the
second copy is the passed to the generic kern_sendit() and kern_recvit()
routines.

kern_sendit() and kern_recvit() loop over the iovec to compute
uio_resid, the sum of the iov lengths. If the iovec length changes
between the two copyins, we can end up walking past the end of the
iovec. I believe this is mostly harmless: at worst it can cause
corruption of user memory since it will cause uninitialized memory to be
treated as an array of iov's.

Reported by: syzbot+7cc64cd0c49605acd421@syzkaller.appspotmail.com