panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *396022 27517 0 0x10 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b39ed) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068e4b,ffffffff830389ef,83,ffffffff830a962e) at __assert+0x29 rtmap_grow(2,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(1) at rtable_add+0x279 if_createrdomain(1,ffff8000012a7000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd806e4819f0,8020699f,ffff80002a580d70,ffff80002a512a50) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a512a50,ffff80002a580f50,ffff80002a580ea0) at sys_ioctl+0x678 syscall(ffff80002a580f50) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x771eeb21b60, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b39ed) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068e4b,ffffffff830389ef,83,ffffffff830a962e) at __assert+0x29 rtmap_grow(2,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(1) at rtable_add+0x279 if_createrdomain(1,ffff8000012a7000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd806e4819f0,8020699f,ffff80002a580d70,ffff80002a512a50) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a512a50,ffff80002a580f50,ffff80002a580ea0) at sys_ioctl+0x678 syscall(ffff80002a580f50) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x771eeb21b60, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a580aa0 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a512a50 r8 0x101010101010101 r9 0x8080808080808080 r10 0xfb7d14ba9c951ae8 r11 0x63fe5fae35b41429 r12 0 r13 0x1 r14 0 r15 0x1 rip 0xffffffff812feb65 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a580a90 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=396022 pid=27517 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=83, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a5122b8,0xffff80002a5131f8 process=0xffff80002a5ab380 user=0xffff80002a57c000, vmspace=0xfffffd807eb94ac0 estcpu=33, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 29169 3130 88138 0 2 0 syz-executor 29169 489391 88138 0 3 0x4000080 fsleep syz-executor 6174 217249 91566 0 2 0 syz-executor 6174 230711 91566 0 3 0x4000080 fsleep syz-executor 7728 519866 98681 0 2 0 syz-executor 7728 55853 98681 0 2 0x4000000 syz-executor 88418 275193 84774 0 2 0 syz-executor 88418 421595 84774 0 3 0x4000000 inode syz-executor 88418 420215 84774 0 3 0x4000000 getblk syz-executor 65847 89095 2073 0 2 0 syz-executor 65847 37000 2073 0 3 0x4000080 kqsel syz-executor 27517 366355 15213 0 2 0x10 syz-executor 27517 261616 15213 0 2 0x4000010 syz-executor *27517 396022 15213 0 7 0x4000010 syz-executor 23941 91633 0 0 3 0x14200 acct acct 15213 214903 29264 0 3 0x82 nanoslp syz-executor 91566 26843 29264 0 3 0x82 nanoslp syz-executor 80210 377651 29264 0 2 0x2 syz-executor 2073 472081 29264 0 3 0x82 nanoslp syz-executor 88138 259516 29264 0 3 0x82 nanoslp syz-executor 84774 428984 29264 0 3 0x82 nanoslp syz-executor 98681 220199 29264 0 3 0x82 nanoslp syz-executor 78579 179653 29264 0 2 0x2 syz-executor 25832 425878 0 0 3 0x14280 nfsidl nfsio 84470 203040 0 0 3 0x14280 nfsidl nfsio 93881 126456 0 0 3 0x14280 nfsidl nfsio 98047 103956 0 0 3 0x14280 nfsidl nfsio 93204 152526 0 0 3 0x14280 nfsidl nfsio 48503 387210 0 0 3 0x14280 nfsidl nfsio 50584 119471 0 0 3 0x14280 nfsidl nfsio 41425 369568 0 0 3 0x14280 nfsidl nfsio 66108 183519 0 0 3 0x14280 nfsidl nfsio 47731 282511 0 0 3 0x14280 nfsidl nfsio 73486 168463 0 0 3 0x14280 nfsidl nfsio 14760 307225 0 0 3 0x14280 nfsidl nfsio 21261 53124 0 0 3 0x14280 nfsidl nfsio 72759 383617 0 0 3 0x14280 nfsidl nfsio 35706 265647 0 0 3 0x14280 nfsidl nfsio 5568 506571 0 0 3 0x14280 nfsidl nfsio 57568 137665 0 0 3 0x14280 nfsidl nfsio 19083 52220 0 0 3 0x14280 nfsidl nfsio 9510 357198 0 0 3 0x14280 nfsidl nfsio 53611 400575 0 0 3 0x14280 nfsidl nfsio 88251 360197 0 0 3 0x14200 bored sosplice 29264 64077 28768 0 3 0x82 kqread syz-executor 28768 463839 66876 0 3 0x10008a sigsusp ksh 66876 3510 38100 0 3 0x98 kqread sshd-session 38100 165206 27746 0 3 0x92 kqread sshd-session 780 427106 1 0 3 0x100083 ttyin getty 27746 501147 1 0 3 0x88 kqread sshd 19252 264850 81824 73 2 0x1100010 syslogd 81824 270092 1 0 3 0x100082 sbwait syslogd 55179 374809 1 0 3 0x100080 kqread resolvd 95552 177693 13433 77 3 0x100092 kqread dhcpleased 5884 69903 13433 77 3 0x100092 kqread dhcpleased 13433 294628 1 0 3 0x80 kqread dhcpleased 52312 363032 0 0 3 0x14200 bored smr 80460 126882 0 0 2 0x14200 zerothread 33961 284751 0 0 3 0x14200 aiodoned aiodoned 10823 166817 0 0 3 0x14200 syncer update 74237 359560 0 0 3 0x14200 cleaner cleaner 95514 523014 0 0 3 0x14200 reaper reaper 66838 321953 0 0 3 0x14200 pgdaemon pagedaemon 6785 155324 0 0 3 0x14200 bored viomb 51157 27330 0 0 3 0x40014200 acpi0 acpi0 38103 94397 0 0 3 0x14200 bored softnet3 84602 200224 0 0 3 0x14200 bored softnet2 45423 313320 0 0 3 0x14200 bored softnet1 62917 99682 0 0 3 0x14200 bored softnet0 29015 275545 0 0 3 0x14200 bored systqmp 89036 26890 0 0 3 0x14200 bored systq 92465 461773 0 0 3 0x40014200 tmoslp softclock 34724 59873 0 0 3 0x40014200 idle0 1 153651 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10184 11180K 11309K 166960K 11680 0 pcb 17 13K 14K 166960K 114 0 rtable 218 6K 6K 166960K 1268 0 pf 32 13K 13K 166960K 84 0 ifaddr 42 7K 7K 166960K 163 0 ifgroup 50 2K 2K 166960K 148 0 sysctl 3 0K 1K 166960K 4 0 counters 30 17K 17K 166960K 55 0 ioctlops 0 0K 4K 166960K 79 0 iov 0 0K 16K 166960K 30 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1407 89K 89K 166960K 1949 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 16 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 18 65K 97K 166960K 811 0 sigio 0 0K 0K 166960K 72 0 proc 60 59K 124K 166960K 1179 0 subproc 104 6K 6K 166960K 416 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 43 0 in_multi 99 7K 7K 166960K 468 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 683 0 pfkey data 0 0K 1K 166960K 65 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 216 72K 88K 166960K 7653 0 UVM aobj 5 2K 4K 166960K 7 0 pinsyscall 39 78K 98K 166960K 2455 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 28 0 NDP 11 0K 2K 166960K 116 0 temp 45 6804K 6880K 166960K 17450 0 kqueue 14 20K 28K 166960K 69 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 141 0 138 2 0 2 2 0 8 1 rtentry 112 450 0 350 4 1 3 4 0 8 0 unpcb 144 365 0 348 5 3 2 4 0 8 1 syncache 336 6 0 6 2 1 1 1 0 8 1 tcpqe 32 2 0 2 1 0 1 1 0 8 1 tcpcb 808 184 0 178 8 0 8 8 0 8 7 arp 88 68 0 50 1 0 1 1 0 8 0 ipq 40 6 0 3 1 0 1 1 0 8 0 ipqe 40 168 0 165 1 0 1 1 0 8 0 inpcb 336 678 0 667 13 4 9 10 0 8 8 nd6 104 115 0 91 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 32 0 24 1 0 1 1 0 8 0 ppxss 1072 1 0 1 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 0 1 1 0 8 1 pfstkey 128 2 0 2 1 0 1 1 0 8 1 pfstate 344 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1941 0 1492 34 5 29 29 0 8 0 art_table 32 1942 0 1492 4 0 4 4 0 8 0 art_node 16 448 0 358 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 4 1 0 1 1 0 8 0 semapl 112 14 0 4 1 0 1 1 0 8 0 shmpl 112 4 0 2 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 2132 0 586 97 0 97 97 0 8 0 ffsino 240 2132 0 586 92 0 92 92 0 8 0 nchpl 144 2772 0 1072 64 0 64 64 0 8 0 uvmvnodes 80 2733 0 0 56 0 56 56 0 8 0 vnodes 216 2733 0 0 152 0 152 152 0 8 0 namei 1024 11577 0 11575 2 1 1 2 0 8 0 kstatmem 264 72 0 50 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 18884 0 18884 10 2 8 8 1 8 8 plimitpl 152 110 0 92 1 0 1 1 0 8 0 sigapl 424 1064 0 996 9 1 8 8 0 8 0 futexpl 64 5291 0 5289 1 0 1 1 0 8 0 knotepl 120 13918 0 13871 16 6 10 16 0 8 8 kqueuepl 184 104 0 93 1 0 1 1 0 8 0 pipepl 288 260 0 233 7 2 5 5 0 8 3 fdescpl 432 1026 0 996 5 1 4 5 0 8 0 filepl 120 4664 0 4415 14 3 11 11 0 8 3 lockfpl 104 108 0 106 1 0 1 1 0 8 0 lockfspl 48 47 0 45 1 0 1 1 0 8 0 sessionpl 144 45 0 37 1 0 1 1 0 8 0 pgrppl 48 79 0 63 1 0 1 1 0 8 0 ucredpl 104 508 0 496 1 0 1 1 0 8 0 zombiepl 144 1130 0 1130 2 1 1 1 0 8 1 processpl 1096 1064 0 996 5 0 5 5 0 8 0 procpl 648 1587 0 1510 7 0 7 7 0 8 0 sosppl 168 1 0 1 1 1 0 1 0 8 0 sockpl 504 1193 0 1162 35 22 13 18 0 8 9 mcl64k 65536 11 0 11 2 1 1 1 0 8 1 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 13 0 13 2 1 1 1 0 8 1 mcl4k 4096 3157 0 3106 15 7 8 14 0 8 0 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 1283 0 1283 2 1 1 1 0 8 1 mtagpl 96 13 0 10 2 1 1 1 0 8 0 mbufpl 256 11849 0 11665 33 14 19 21 0 8 6 bufpl 280 7450 0 1203 447 0 447 447 0 8 0 anonpl 24 233098 0 229893 125 75 50 98 0 187 25 amapchunkpl 152 25600 0 25135 74 34 40 50 0 158 21 amappl16 200 5059 0 5043 18 10 8 14 0 8 6 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 160 0 150 1 0 1 1 0 8 0 amappl13 176 11 0 11 1 1 0 1 0 8 0 amappl12 168 2017 0 1989 3 1 2 3 0 8 0 amappl11 160 55 0 45 1 0 1 1 0 8 0 amappl10 152 13 0 13 1 1 0 1 0 8 0 amappl9 144 126 0 126 1 1 0 1 0 8 0 amappl8 136 25 0 24 1 0 1 1 0 8 0 amappl7 128 151 0 140 1 0 1 1 0 8 0 amappl6 120 405 0 403 1 0 1 1 0 8 0 amappl5 112 222 0 213 1 0 1 1 0 8 0 amappl4 104 364 0 346 1 0 1 1 0 8 0 amappl3 96 4627 0 4522 4 0 4 4 0 8 0 amappl2 88 983 0 921 2 0 2 2 0 8 0 amappl1 80 10691 0 10177 14 2 12 13 0 8 0 amappl 88 7094 0 6933 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1026 0 996 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1026 0 996 1 0 1 1 0 8 0 vmmpekpl 168 9450 0 9403 3 0 3 3 0 8 0 vmmpepl 168 70651 0 68910 93 5 88 88 0 357 9 vmsppl 344 1025 0 996 4 1 3 4 0 8 0 rwobjpl 24 26383 0 22811 22 0 22 22 0 8 0 pdppl 4096 2058 0 1992 128 60 68 82 0 8 2 pvpl 32 554997 0 545356 433 211 222 286 0 265 135 pmappl 216 1025 0 996 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 480 0 122 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b39ed) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068e4b,ffffffff830389ef,83,ffffffff830a962e) at __assert+0x29 rtmap_grow(2,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(1) at rtable_add+0x279 if_createrdomain(1,ffff8000012a7000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd806e4819f0,8020699f,ffff80002a580d70,ffff80002a512a50) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a512a50,ffff80002a580f50,ffff80002a580ea0) at sys_ioctl+0x678 syscall(ffff80002a580f50) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x771eeb21b60, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b39ed) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068e4b,ffffffff830389ef,83,ffffffff830a962e) at __assert+0x29 rtmap_grow(2,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(1) at rtable_add+0x279 if_createrdomain(1,ffff8000012a7000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd806e4819f0,8020699f,ffff80002a580d70,ffff80002a512a50) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a512a50,ffff80002a580f50,ffff80002a580ea0) at sys_ioctl+0x678 syscall(ffff80002a580f50) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x771eeb21b60, count: -10