”gpanic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *473639 13422 0 0 0x4000000 0 syz-executor 222500 81378 0 0x2 0 1 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336f3d2) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff833b011a,ffffffff833a7ff4,84,ffffffff83402467) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x24f rtable_add(16) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x2d9 sys/net/rtable.c:223 if_createrdomain(16,ffff80000148a800) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff8000014254a0,8020699f,ffff80003c481d10,ffff80003b441250) at ifioctl+0x1c66 sys/net/if.c:2301 sys_ioctl(ffff80003b441250,ffff80003c481ef0,ffff80003c481e40) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c481ef0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c481ef0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf43e73b5f40, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 132 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336f3d2) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff833b011a,ffffffff833a7ff4,84,ffffffff83402467) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x24f rtable_add(16) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x2d9 sys/net/rtable.c:223 if_createrdomain(16,ffff80000148a800) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff8000014254a0,8020699f,ffff80003c481d10,ffff80003b441250) at ifioctl+0x1c66 sys/net/if.c:2301 sys_ioctl(ffff80003b441250,ffff80003c481ef0,ffff80003c481e40) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c481ef0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c481ef0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf43e73b5f40, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c481a20 rbx 0xffffffff837f9ddf cpu_info_full_primary+0x2ddf rdx 0 rcx 0xffff80003b441250 rax 0xffffffff837f8ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xf3ef7c12d61ad58 r11 0x2a7c7aa27bccc2c9 r12 0xffffffff837f9be0 cpu_info_full_primary+0x2be0 r13 0 r14 0 r15 0x1 rip 0xffffffff8324dbb5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c481a10 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=473639 pid=13422 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2bf500,0xffff80003b440a98 process=0xffff80003ac27510 user=0xffff80003c47c000, vmspace=0xfffffd805e9973f8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 13422 2663 81378 0 2 0 syz-executor 13422 178500 81378 0 2 0x4000000 syz-executor *13422 473639 81378 0 7 0x4000000 syz-executor 60630 72607 54198 0 3 0 vmmaplk syz-executor 60630 236422 54198 0 3 0x4000080 fsleep syz-executor 60630 100556 54198 0 2 0x4000000 syz-executor 60630 234042 54198 0 2 0x4000000 syz-executor 80269 264173 97807 0 2 0 syz-executor 80269 356028 97807 0 2 0x4000000 syz-executor 79628 296138 33844 0 2 0 syz-executor 79628 321638 33844 0 3 0x4000080 fsleep syz-executor 79628 339660 33844 0 3 0x4000080 fsleep syz-executor 97517 429688 12163 0 3 0x80 nanoslp syz-executor 97517 462853 12163 0 3 0x4000080 kqread syz-executor 97517 469596 12163 0 3 0x4000080 fsleep syz-executor 43776 321520 71658 0 3 0x80 nanoslp syz-executor 43776 350837 71658 0 3 0x4000080 kqsel syz-executor 43776 84498 71658 0 3 0x4000080 fsleep syz-executor 78433 136881 1 0 3 0x100083 ttyin getty 81378 222500 31244 0 7 0x2 syz-executor 75441 258992 83755 0 3 0x82 sbwait sshd-session 4280 429504 0 0 3 0x14200 acct acct 81529 128916 0 0 3 0x14200 bored sosplice 71658 378813 31244 0 3 0x82 nanoslp syz-executor 97807 302973 31244 0 3 0x82 nanoslp syz-executor 20045 498338 31244 0 3 0x82 wait syz-executor 41599 55878 31244 0 3 0x82 nanoslp syz-executor 33844 169056 31244 0 3 0x82 nanoslp syz-executor 12163 425982 31244 0 3 0x82 nanoslp syz-executor 54198 282807 31244 0 2 0xc82 syz-executor 31244 382290 31188 0 3 0x82 kqread syz-executor 31188 395022 68182 0 3 0x10008a sigsusp ksh 68182 416608 6329 0 3 0x98 kqread sshd-session 6329 236921 83755 0 3 0x92 kqread sshd-session 83755 324350 1 0 3 0x88 kqread sshd 17910 382178 97521 74 3 0x1100092 bpf pflogd 97521 32601 1 0 3 0x80 sbwait pflogd 32229 474979 48341 73 3 0x1100090 kqread syslogd 48341 346855 1 0 3 0x100082 sbwait syslogd 23462 312970 1 0 3 0x100080 kqread resolvd 58905 489373 12570 77 3 0x100092 kqread dhcpleased 3607 430221 12570 77 3 0x100092 kqread dhcpleased 12570 79888 1 0 3 0x80 kqread dhcpleased 21782 484352 0 0 3 0x14200 bored smr 80286 325702 0 0 2 0x14200 zerothread 96881 376458 0 0 3 0x14200 aiodoned aiodoned 20135 478915 0 0 3 0x14200 syncer update 99099 394507 0 0 3 0x14200 cleaner cleaner 54850 451570 0 0 3 0x14200 reaper reaper 61290 278632 0 0 3 0x14200 pgdaemon pagedaemon 47841 424324 0 0 3 0x14200 bored viomb 79296 386502 0 0 3 0x40014200 acpi0 acpi0 88648 21460 0 0 3 0x40014200 idle1 59417 215917 0 0 3 0x14200 bored softnet7 10283 520688 0 0 3 0x14200 bored softnet6 30032 280293 0 0 3 0x14200 bored softnet5 62015 511161 0 0 3 0x14200 bored softnet4 36850 10343 0 0 3 0x14200 bored softnet3 99870 267473 0 0 3 0x14200 bored softnet2 52757 487830 0 0 3 0x14200 bored softnet1 82954 66504 0 0 3 0x14200 bored softnet0 89949 377138 0 0 3 0x14200 bored systqmp 30958 498170 0 0 3 0x14200 bored systq 69842 507280 0 0 3 0x14200 tmoslp softclockmp 88202 396277 0 0 2 0x40014200 softclock 97490 322311 0 0 3 0x40014200 idle0 1 349821 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 13422 (syz-executor) thread 0xffff80003b441250 (473639) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff83873798) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:174 #3 rtmap_grow+0xb2 sys/net/rtable.c:127 #4 rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:370 [inline] #4 rtable_add+0x2d9 sys/net/rtable.c:223 #5 if_createrdomain+0x40 sys/net/if.c:1952 #6 ifioctl+0x1c66 sys/net/if.c:2301 #7 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 #9 Xsyscall+0x128 Process 60630 (syz-executor) thread 0xffff80002a2bf500 (100556) exclusive rwlock vmmaplk r = 0 (0xfffffd805e9976e0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5168 #3 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1918 #4 uvm_fault_check+0x895 uvmfault_amapcopy sys/uvm/uvm_fault.c:235 [inline] #4 uvm_fault_check+0x895 sys/uvm/uvm_fault.c:784 #5 uvm_fault+0x106 sys/uvm/uvm_fault.c:677 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #7 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:603 #8 recall_trap+0x8 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10222 11037K 11176K 166960K 12542 0 pcb 22 17K 19K 166960K 435 0 rtable 200 10K 10K 166960K 434 0 pf 41 18K 67486K 166960K 236 0 ifaddr 40 7K 8K 166960K 129 0 ifgroup 61 2K 2K 166960K 222 0 sysctl 4 1K 9K 166960K 19 0 counters 72 37K 38K 166960K 282 0 ioctlops 0 0K 8K 166960K 1817 0 iov 0 0K 32K 166960K 180 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1465 92K 92K 166960K 2693 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 22 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 165 0 dirhash 12 2K 2K 166960K 39 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 110K 166960K 1613 0 sigio 0 0K 0K 166960K 111 0 proc 73 115K 180K 166960K 708 0 subproc 72 4K 4K 166960K 82 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 343 0 in_multi 78 5K 7K 166960K 184 0 ether_multi 1 0K 0K 166960K 19 0 mrt 2 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 708 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 274 185K 193K 166960K 16673 0 UVM aobj 68 5K 5K 166960K 70 0 pinsyscall 45 90K 102K 166960K 2774 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 114 0 NDP 14 0K 1K 166960K 93 0 temp 77 8652K 8728K 166960K 88020 0 kqueue 15 24K 30K 166960K 341 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 194 0 191 2 1 1 2 0 8 0 rtentry 176 134 0 57 5 0 5 5 0 8 0 unpcb 144 1427 0 1405 13 12 1 8 0 8 0 syncache 336 19 0 19 6 5 1 1 0 8 1 tcpqe 32 6 0 6 3 2 1 1 0 8 1 tcpcb 736 851 0 836 27 19 8 8 0 8 6 arp 128 15 0 3 1 0 1 1 0 8 0 inpcb 328 2485 0 2462 43 35 8 18 0 8 6 nd6 144 27 0 11 1 0 1 1 0 8 0 pkpcb 40 15 0 15 4 4 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 4 0 4 2 2 0 1 0 8 0 ppxss 1192 91 0 90 3 2 1 1 0 8 0 pppxif 1504 10 0 10 5 4 1 1 0 8 1 pfstscr 40 3 0 3 3 3 0 1 0 8 0 pffrag 232 10 0 5 1 0 1 1 0 482 0 pffrnode 88 8 0 4 1 0 1 1 0 8 0 pffrent 40 16 0 11 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pfstitem 24 141 0 75 1 0 1 1 0 8 0 pfstkey 128 146 0 80 3 0 3 3 0 8 0 pfstate 384 143 0 78 8 0 8 8 0 8 0 pfrule 1344 64 0 58 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 667 0 299 30 6 24 29 0 8 0 art_table 40 668 0 299 5 0 5 5 0 8 0 art_node 32 134 0 68 1 0 1 1 0 8 0 sysvmsgpl 40 77 0 71 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 162 0 152 1 0 1 1 0 8 0 shmpl 112 67 0 2 2 0 2 2 0 8 0 dirhash 1024 35 0 18 3 0 3 3 0 8 0 dino2pl 256 4535 0 3027 95 0 95 95 0 8 0 ffsino 296 4535 0 3027 117 0 117 117 0 8 0 nchpl 144 6827 0 5126 64 0 64 64 0 8 0 rtmask 32 18 0 18 6 5 1 1 0 8 1 uvmvnodes 80 5279 0 0 108 0 108 108 0 8 0 vnodes 216 5279 0 0 294 0 294 294 0 8 0 namei 1024 23139 0 23138 3 2 1 2 0 8 0 percpumem 16 156 0 105 1 0 1 1 0 8 0 kstatmem 264 152 0 120 4 1 3 3 0 8 0 scsiplug 72 8 0 8 5 4 1 1 0 8 1 scxspl 216 36518 0 36518 16 13 3 8 1 8 3 plimitpl 152 646 0 629 1 0 1 1 0 8 0 sigapl 424 1932 0 1875 9 2 7 9 0 8 0 knotepl 120 591 0 0 17 0 17 17 0 8 0 kqueuepl 224 604 0 590 8 7 1 5 0 8 0 pipepl 344 253 0 226 3 0 3 3 0 8 0 fdescpl 528 1886 0 1853 3 0 3 3 0 8 0 filepl 160 12701 0 12465 41 25 16 20 0 8 5 lockfpl 104 574 0 571 1 0 1 1 0 8 0 lockfspl 48 209 0 206 1 0 1 1 0 8 0 sessionpl 144 39 0 29 1 0 1 1 0 8 0 pgrppl 48 75 0 57 1 0 1 1 0 8 0 ucredpl 104 1895 0 1882 1 0 1 1 0 8 0 zombiepl 144 2600 0 2598 2 1 1 1 0 8 0 processpl 1232 1932 0 1875 6 1 5 6 0 8 0 procpl 664 4512 0 4443 9 2 7 8 0 8 0 sosppl 168 9 0 9 4 3 1 1 0 8 1 sockpl 752 4177 0 4129 74 63 11 30 0 8 6 mcl64k 65536 11 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 126 0 0 16 0 16 16 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 36 0 0 4 0 4 4 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 222 0 0 13 0 13 13 0 8 0 bufpl 280 14070 0 7927 440 0 440 440 0 8 0 anonpl 32 11615 0 0 94 0 94 94 0 246 0 amapchunkpl 152 55410 0 54818 50 22 28 31 0 158 5 amappl16 200 5970 0 5932 71 56 15 22 0 8 6 amappl15 192 5 0 5 2 2 0 1 0 8 0 amappl14 184 145 0 132 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 2558 0 2524 4 2 2 3 0 8 0 amappl11 160 90 0 76 1 0 1 1 0 8 0 amappl10 152 29 0 29 1 1 0 1 0 8 0 amappl9 144 252 0 252 1 1 0 1 0 8 0 amappl8 136 39 0 36 1 0 1 1 0 8 0 amappl7 128 122 0 108 1 0 1 1 0 8 0 amappl6 120 201 0 195 1 0 1 1 0 8 0 amappl5 112 143 0 133 1 0 1 1 0 8 0 amappl4 104 389 0 368 1 0 1 1 0 8 0 amappl3 96 9852 0 9739 4 0 4 4 0 8 0 amappl2 88 2235 0 2148 3 0 3 3 0 8 0 amappl1 80 17693 0 17013 19 3 16 16 0 8 0 amappl 88 15609 0 15417 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 69 0 2 2 0 2 2 0 8 0 uaddrrnd 24 1886 0 1853 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1886 0 1853 1 0 1 1 0 8 0 vmmpekpl 168 17785 0 17745 3 0 3 3 0 8 0 vmmpepl 168 126867 0 124650 143 33 110 110 0 357 1 vmsppl 488 1885 0 1853 7 2 5 5 0 8 0 rwobjpl 80 40569 0 34153 137 3 134 134 0 8 0 pdppl 4096 3780 0 3706 122 48 74 86 0 8 0 pvpl 32 18587 0 0 150 0 150 150 0 265 0 pmappl 256 1885 0 1853 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 333 0 84 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336f3d2) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff833b011a,ffffffff833a7ff4,84,ffffffff83402467) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x24f rtable_add(16) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x2d9 sys/net/rtable.c:223 if_createrdomain(16,ffff80000148a800) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff8000014254a0,8020699f,ffff80003c481d10,ffff80003b441250) at ifioctl+0x1c66 sys/net/if.c:2301 sys_ioctl(ffff80003b441250,ffff80003c481ef0,ffff80003c481e40) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c481ef0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c481ef0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf43e73b5f40, count: -10 ddb{0}> machine ddbcpu 1