panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *300080 93338 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333daee) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8337be48,ffffffff8335ddc0,84,ffffffff833d2af1) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001471800) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800010fd3c50,8020699f,ffff80003c995bc0,ffff80002a7dcd10) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7dcd10,ffff80003c995d90,ffff80003c995ce0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c995d90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c995d90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd6948b1bf20, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333daee) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8337be48,ffffffff8335ddc0,84,ffffffff833d2af1) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001471800) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800010fd3c50,8020699f,ffff80003c995bc0,ffff80002a7dcd10) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7dcd10,ffff80003c995d90,ffff80003c995ce0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c995d90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c995d90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd6948b1bf20, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c9958f0 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a7dcd10 r8 0x101010101010101 r9 0x8080808080808080 r10 0xa40414a7f15dc092 r11 0x74c161d3dbf6fdbf r12 0 r13 0x6 r14 0 r15 0x1 rip 0xffffffff81548685 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c9958e0 ss 0 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=300080 pid=93338 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=81, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a81e2c0,0xffff80002a7dc2c0 process=0xffff8000ffff8498 user=0xffff80003c990000, vmspace=0xfffffd806ba5c180 estcpu=32, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 79124 175945 75240 0 2 0xc80 syz-executor 79124 126668 75240 0 2 0x4000000 syz-executor 79124 77473 75240 0 2 0x4000000 syz-executor 79124 442642 75240 0 3 0x4000080 fsleep syz-executor 79023 360412 60028 0 3 0x80 nanoslp syz-executor 79023 168342 60028 0 3 0x4000080 fsleep syz-executor 79023 72391 60028 0 3 0x4000080 fsleep syz-executor 93338 301939 5710 0 2 0 syz-executor 93338 203704 5710 0 2 0x4000000 syz-executor *93338 300080 5710 0 7 0x4000000 syz-executor 72089 458983 5745 0 3 0x80 nanoslp syz-executor 72089 110492 5745 0 3 0x4000080 kqread syz-executor 72089 157878 5745 0 3 0x4000080 fsleep syz-executor 72089 477711 5745 0 3 0x4000080 fsleep syz-executor 84163 365315 0 0 3 0x14200 bored sosplice 48556 278322 44837 0 3 0x82 sbwait sshd-session 72893 345682 44837 0 3 0x82 sbwait sshd-session 5745 149488 71132 0 3 0x82 nanoslp syz-executor 95278 347837 71132 0 3 0x82 wait syz-executor 81326 77915 71132 0 2 0x2 syz-executor 75240 473519 71132 0 3 0x82 nanoslp syz-executor 43924 260393 71132 0 2 0x2 syz-executor 5710 26591 71132 0 3 0x82 nanoslp syz-executor 11913 435 71132 0 2 0x2 syz-executor 60028 109671 71132 0 3 0x82 nanoslp syz-executor 71132 70993 7308 0 3 0x82 kqread syz-executor 7308 397008 37288 0 3 0x10008a sigsusp ksh 37288 236396 21980 0 3 0x98 kqread sshd-session 21980 373246 44837 0 3 0x92 kqread sshd-session 16665 196310 1 0 3 0x100083 ttyin getty 44837 160439 1 0 3 0x88 kqread sshd 119 290530 10262 73 3 0x1100090 kqread syslogd 10262 117490 1 0 3 0x100082 sbwait syslogd 45729 257321 1 0 3 0x100080 kqread resolvd 73393 509567 47786 77 3 0x100092 kqread dhcpleased 83100 140816 47786 77 3 0x100092 kqread dhcpleased 47786 385247 1 0 3 0x80 kqread dhcpleased 69607 234039 0 0 3 0x14200 bored smr 28680 290273 0 0 2 0x14200 zerothread 25455 316471 0 0 3 0x14200 aiodoned aiodoned 54963 176036 0 0 3 0x14200 syncer update 42205 348700 0 0 3 0x14200 cleaner cleaner 96309 391033 0 0 3 0x14200 reaper reaper 16979 286131 0 0 3 0x14200 pgdaemon pagedaemon 72939 30879 0 0 3 0x14200 bored viomb 34830 299766 0 0 3 0x40014200 acpi0 acpi0 16261 179181 0 0 3 0x14200 bored softnet7 64343 196198 0 0 3 0x14200 bored softnet6 65585 418549 0 0 3 0x14200 bored softnet5 77014 346885 0 0 3 0x14200 bored softnet4 12560 424211 0 0 3 0x14200 bored softnet3 13876 485382 0 0 3 0x14200 bored softnet2 81061 315146 0 0 3 0x14200 bored softnet1 47325 282528 0 0 3 0x14200 bored softnet0 22381 195227 0 0 3 0x14200 bored systqmp 444 500704 0 0 3 0x14200 bored systq 59702 521515 0 0 2 0x40014200 softclock 49152 4471 0 0 3 0x40014200 idle0 1 268578 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10193 11142K 11332K 166960K 11743 0 pcb 18 13K 14K 166960K 112 0 rtable 210 8K 8K 166960K 314 0 pf 28 12K 13K 166960K 53 0 ifaddr 39 7K 7K 166960K 57 0 ifgroup 46 2K 2K 166960K 73 0 sysctl 4 1K 9K 166960K 9 0 counters 31 17K 17K 166960K 49 0 ioctlops 0 0K 4K 166960K 73 0 iov 0 0K 40K 166960K 24 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1468 92K 93K 166960K 1707 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 9 0 VM map 2 1K 1K 166960K 2 0 sem 8 0K 0K 166960K 9 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 85K 166960K 395 0 sigio 0 0K 0K 166960K 4 0 proc 60 59K 83K 166960K 507 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 40 0 in_multi 92 6K 7K 166960K 116 0 ether_multi 1 0K 0K 166960K 6 0 mrt 0 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 410 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 245 176K 181K 166960K 5233 0 UVM aobj 13 2K 2K 166960K 14 0 pinsyscall 42 84K 90K 166960K 1442 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 21 0 NDP 10 0K 2K 166960K 37 0 temp 39 8633K 8706K 166960K 12904 0 kqueue 14 22K 30K 166960K 81 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 65 0 62 1 0 1 1 0 8 0 rtentry 136 100 0 12 4 0 4 4 0 8 0 unpcb 144 350 0 330 2 0 2 2 0 8 1 syncache 336 6 0 6 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 736 150 0 138 8 6 2 8 0 8 0 arp 88 12 0 1 1 0 1 1 0 8 0 inpcb 328 418 0 400 10 8 2 10 0 8 0 ip6q 72 2 0 0 1 0 1 1 0 8 0 ip6af 40 2 0 0 1 0 1 1 0 8 0 nd6 104 19 0 4 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1072 16 0 16 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 442 0 44 28 1 27 28 0 8 0 art_table 40 443 0 44 5 0 5 5 0 8 0 art_node 32 100 0 21 1 0 1 1 0 8 0 semapl 112 7 0 1 1 0 1 1 0 8 0 shmpl 112 11 0 1 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 2092 0 596 95 0 95 95 0 8 0 ffsino 256 2092 0 596 95 0 95 95 0 8 0 nchpl 144 2631 0 952 63 0 63 63 0 8 0 rtmask 32 2 0 2 2 1 1 1 0 8 1 uvmvnodes 80 2400 0 0 49 0 49 49 0 8 0 vnodes 216 2400 0 0 134 0 134 134 0 8 0 namei 1024 8722 0 8721 2 0 2 2 0 8 1 kstatmem 264 42 0 22 2 0 2 2 0 8 0 scsiplug 72 2 0 2 2 1 1 1 0 8 1 scxspl 216 9018 0 9018 15 7 8 8 1 8 8 plimitpl 152 75 0 58 1 0 1 1 0 8 0 sigapl 424 684 0 632 7 1 6 7 0 8 0 knotepl 120 15817 0 15514 18 8 10 18 0 8 0 kqueuepl 184 132 0 122 1 0 1 1 0 8 0 pipepl 304 122 0 95 3 0 3 3 0 8 0 fdescpl 448 662 0 631 4 0 4 4 0 8 0 filepl 120 3516 0 3288 14 5 9 14 0 8 1 lockfpl 104 237 0 235 2 1 1 2 0 8 0 lockfspl 48 113 0 111 1 0 1 1 0 8 0 sessionpl 144 24 0 14 1 0 1 1 0 8 0 pgrppl 48 68 0 50 1 0 1 1 0 8 0 ucredpl 104 459 0 448 1 0 1 1 0 8 0 zombiepl 144 774 0 773 1 0 1 1 0 8 0 processpl 1152 684 0 632 4 0 4 4 0 8 0 procpl 664 1157 0 1095 6 0 6 6 0 8 0 sockpl 552 844 0 802 12 8 4 11 0 8 0 mcl64k 65536 9 0 9 2 1 1 1 0 8 1 mcl8k 8192 7 0 7 2 1 1 1 0 8 1 mcl4k 4096 2798 0 2748 13 6 7 13 0 8 0 mcl2k 2048 581 0 579 3 2 1 3 0 8 0 mtagpl 96 10 0 7 1 0 1 1 0 8 0 mbufpl 256 6897 0 6709 13 0 13 13 0 8 0 bufpl 280 3380 0 127 233 0 233 233 0 8 0 anonpl 24 127069 0 123617 47 13 34 46 0 187 10 amapchunkpl 152 16555 0 16072 31 6 25 31 0 158 3 amappl16 200 2140 0 2115 5 2 3 5 0 8 0 amappl15 192 1 0 1 1 1 0 1 0 8 0 amappl14 184 110 0 98 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 1277 0 1248 2 0 2 2 0 8 0 amappl11 160 51 0 41 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 256 0 256 1 1 0 1 0 8 0 amappl8 136 21 0 19 1 0 1 1 0 8 0 amappl7 128 102 0 90 1 0 1 1 0 8 0 amappl6 120 178 0 173 1 0 1 1 0 8 0 amappl5 112 108 0 102 1 0 1 1 0 8 0 amappl4 104 280 0 263 1 0 1 1 0 8 0 amappl3 96 2985 0 2879 4 0 4 4 0 8 0 amappl2 88 642 0 575 2 0 2 2 0 8 0 amappl1 80 9685 0 8983 17 0 17 17 0 8 1 amappl 88 4518 0 4351 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 13 0 1 1 0 1 1 0 8 0 uaddrrnd 24 662 0 631 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 662 0 631 1 0 1 1 0 8 0 vmmpekpl 168 6928 0 6893 2 0 2 2 0 8 0 vmmpepl 168 48442 0 46375 101 0 101 101 0 357 4 vmsppl 368 661 0 631 4 1 3 4 0 8 0 rwobjpl 40 18030 0 14581 36 0 36 36 0 8 0 pdppl 4096 1330 0 1262 96 26 70 76 0 8 2 pvpl 32 312035 0 302549 112 7 105 110 0 265 17 pmappl 216 661 0 631 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 375 0 47 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333daee) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8337be48,ffffffff8335ddc0,84,ffffffff833d2af1) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001471800) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800010fd3c50,8020699f,ffff80003c995bc0,ffff80002a7dcd10) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7dcd10,ffff80003c995d90,ffff80003c995ce0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c995d90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c995d90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd6948b1bf20, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333daee) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8337be48,ffffffff8335ddc0,84,ffffffff833d2af1) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001471800) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800010fd3c50,8020699f,ffff80003c995bc0,ffff80002a7dcd10) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7dcd10,ffff80003c995d90,ffff80003c995ce0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c995d90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c995d90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd6948b1bf20, count: -10