login: panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 131 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *459030 27811 0 0 0x4000000 0 syz-executor 389021 86493 0 0x2 0 1 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8346ca79) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff83416398,ffffffff833426f8,83,ffffffff83461e45) at __assert+0x29 sys/kern/subr_prf.c:-1 rtable_init() at rtable_init rtable_add(16) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:373 [inline] rtable_add(16) at rtable_add+0x2d9 sys/net/rtable.c:222 if_createrdomain(16,ffff800000b2c000) at if_createrdomain+0x40 sys/net/if.c:1964 ifioctl(ffff80000161ae60,8020699f,ffff80003c461160,ffff80002a2baa58) at ifioctl+0x1a1e sys/net/if.c:2313 sys_ioctl(ffff80002a2baa58,ffff80003c461340,ffff80003c461290) at sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1 syscall(ffff80003c461340) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c461340) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7127b771890, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 131 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8346ca79) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff83416398,ffffffff833426f8,83,ffffffff83461e45) at __assert+0x29 sys/kern/subr_prf.c:-1 rtable_init() at rtable_init rtable_add(16) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:373 [inline] rtable_add(16) at rtable_add+0x2d9 sys/net/rtable.c:222 if_createrdomain(16,ffff800000b2c000) at if_createrdomain+0x40 sys/net/if.c:1964 ifioctl(ffff80000161ae60,8020699f,ffff80003c461160,ffff80002a2baa58) at ifioctl+0x1a1e sys/net/if.c:2313 sys_ioctl(ffff80002a2baa58,ffff80003c461340,ffff80003c461290) at sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1 syscall(ffff80003c461340) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c461340) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7127b771890, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c460e80 rbx 0xffffffff838b8dd7 cpu_info_full_primary+0x2dd7 rdx 0 rcx 0xffff80002a2baa58 rax 0xffffffff838b7ff0 cpu_info_full_primary+0x1ff0 r8 0 r9 0x8080808080808080 r10 0xca9398b8914a0500 r11 0x1ddf84a860c2229e r12 0xffffffff838b8bd8 cpu_info_full_primary+0x2bd8 r13 0 r14 0 r15 0x1 rip 0xffffffff81bea8c5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c460e70 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=459030 pid=27811 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2b8f80,0xffffffff839d1de0 process=0xffff8000373fcea8 user=0xffff80003c45c000, vmspace=0xfffffd806d2f6208 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27811 372279 67479 0 2 0 syz-executor 27811 500167 67479 0 2 0x4000000 syz-executor *27811 459030 67479 0 7 0x4000000 syz-executor 7654 404163 58537 0 2 0 syz-executor 7654 342176 58537 0 3 0x4000080 fsleep syz-executor 46946 423217 24346 0 2 0xc80 syz-executor 46946 163150 24346 0 3 0x4000080 kqpoll syz-executor 46946 432478 24346 0 3 0x4000080 fsleep syz-executor 52144 57857 69343 0 2 0 syz-executor 52144 153869 69343 0 3 0x4000080 fsleep syz-executor 52144 84428 69343 0 3 0x4000080 fsleep syz-executor 73146 270497 86493 0 2 0 syz-executor 73146 407577 86493 0 3 0x4000080 ttyout syz-executor 73146 482876 86493 0 3 0x4000080 fsleep syz-executor 74104 4955 22536 0 2 0xc80 syz-executor 74104 111275 22536 0 3 0x4000080 kqread syz-executor 74104 478736 22536 0 3 0x4000080 fsleep syz-executor 63068 24526 49227 0 3 0x3000 suspend syz-executor 63068 121140 49227 0 2 0x4081000 syz-executor 95950 259842 1 0 3 0x100083 ttyin getty 47102 118539 0 0 3 0x14280 nfsidl nfsio 93379 330409 0 0 3 0x14280 nfsidl nfsio 16560 78720 0 0 3 0x14280 nfsidl nfsio 27292 171136 0 0 3 0x14280 nfsidl nfsio 43178 358180 0 0 3 0x14280 nfsidl nfsio 78320 185708 0 0 3 0x14280 nfsidl nfsio 15778 425163 0 0 3 0x14280 nfsidl nfsio 4408 499990 0 0 3 0x14280 nfsidl nfsio 43404 428934 0 0 3 0x14280 nfsidl nfsio 57127 283560 0 0 3 0x14280 nfsidl nfsio 65276 501821 0 0 3 0x14280 nfsidl nfsio 27231 159186 0 0 3 0x14280 nfsidl nfsio 48552 358370 0 0 3 0x14280 nfsidl nfsio 60253 497933 0 0 3 0x14280 nfsidl nfsio 62870 197637 0 0 3 0x14280 nfsidl nfsio 73771 101978 0 0 3 0x14280 nfsidl nfsio 58855 351104 0 0 3 0x14280 nfsidl nfsio 55840 149716 0 0 3 0x14280 nfsidl nfsio 95361 215573 0 0 3 0x14280 nfsidl nfsio 25118 105563 0 0 3 0x14280 nfsidl nfsio 5387 408701 0 0 3 0x14200 bored sosplice 27595 10886 0 0 3 0x14200 acct acct 86493 389021 34978 0 7 0x2 syz-executor 67479 338157 34978 0 2 0xc82 syz-executor 98308 21771 34978 0 2 0x2 syz-executor 58537 150262 34978 0 2 0x2 syz-executor 69343 436463 34978 0 2 0x2 syz-executor 22536 204036 34978 0 2 0xc82 syz-executor 24346 9257 34978 0 2 0x2 syz-executor 49227 294718 34978 0 2 0x2 syz-executor 34978 359589 74117 0 3 0x82 kqread syz-executor 74117 93986 89825 0 3 0x10008a sigsusp ksh 89825 58271 7325 0 3 0x98 kqread sshd-session 7325 150616 54274 0 3 0x92 kqread sshd-session 54274 501974 1 0 3 0x88 kqread sshd 68233 200318 5333 74 3 0x1100092 bpf pflogd 5333 113155 1 0 3 0x80 sbwait pflogd 36472 413161 63057 73 3 0x1100090 kqread syslogd 63057 215543 1 0 3 0x100082 sbwait syslogd 71127 438241 1 0 3 0x100080 kqread resolvd 66419 482425 32817 77 3 0x100092 kqread dhcpleased 27266 278103 32817 77 3 0x100092 kqread dhcpleased 32817 176098 1 0 3 0x80 kqread dhcpleased 58323 34780 0 0 2 0x40014200 smr 41962 30446 0 0 2 0x14200 zerothread 22334 399381 0 0 3 0x14200 aiodoned aiodoned 54192 416759 0 0 3 0x14200 syncer update 31954 386019 0 0 3 0x14200 cleaner cleaner 24321 226627 0 0 3 0x14200 reaper reaper 46265 318895 0 0 3 0x14200 pgdaemon pagedaemon 9640 218765 0 0 3 0x14200 bored viomb 45067 238474 0 0 3 0x40014200 acpi0 acpi0 16667 250625 0 0 3 0x40014200 idle1 53029 418661 0 0 3 0x14200 bored softnet3 41176 394788 0 0 3 0x14200 bored softnet2 76366 472743 0 0 3 0x14200 bored softnet1 51839 230478 0 0 3 0x14200 bored softnet0 10170 299928 0 0 3 0x14200 bored systqmp 86635 250745 0 0 3 0x14200 bored systq 15618 243810 0 0 2 0x14200 softclockmp 92410 320351 0 0 2 0x40014200 softclock 54672 204919 0 0 3 0x40014200 idle0 1 484757 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 27811 (syz-executor) thread 0xffff80002a2baa58 (459030) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff839a6c28) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe5 sys/kern/kern_malloc.c:174 #3 rtmap_grow+0xb2 sys/net/rtable.c:126 #4 rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:373 [inline] #4 rtable_add+0x2d9 sys/net/rtable.c:222 #5 if_createrdomain+0x40 sys/net/if.c:1964 #6 ifioctl+0x1a1e sys/net/if.c:2313 #7 sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1 #8 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 #9 Xsyscall+0x128 Process 63068 (syz-executor) thread 0xffff80002efe2558 (121140) exclusive rrwlock inode r = 0 (0xfffffd806c56f560) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x190 sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x23c sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10218 11189K 12394K 166960K 12783 0 pcb 21 13K 13K 166960K 133 0 rtable 205 9K 9K 166960K 434 0 pf 40 18K 67486K 166960K 107 0 ifaddr 41 7K 8K 166960K 75 0 ifgroup 61 2K 3K 166960K 122 0 sysctl 4 1K 9K 166960K 14 0 counters 72 37K 37K 166960K 146 0 ioctlops 0 0K 4K 166960K 1779 0 iov 0 0K 20K 166960K 54 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1492 94K 94K 166960K 2289 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 17 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 32 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 98K 166960K 925 0 sigio 0 0K 0K 166960K 79 0 proc 73 91K 128K 166960K 625 0 subproc 72 4K 4K 166960K 73 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 92 0 in_multi 84 6K 7K 166960K 122 0 ether_multi 2 0K 0K 166960K 5 0 mrt 2 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 466 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 243 169K 182K 166960K 10070 0 UVM aobj 24 2K 2K 166960K 26 0 pinsyscall 43 86K 102K 166960K 2019 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 53 0 NDP 13 0K 2K 166960K 51 0 temp 76 8696K 8768K 166960K 38635 0 kqueue 15 24K 34K 166960K 171 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 152 0 149 3 2 1 3 0 8 0 rtentry 176 126 0 39 6 0 6 6 0 8 0 unpcb 144 529 0 511 5 3 2 4 0 8 1 syncache 336 4 0 4 2 2 0 1 0 8 0 tcpcb 736 239 0 235 4 3 1 4 0 8 0 arp 128 20 0 3 1 0 1 1 0 8 0 inpcb 328 918 0 904 12 5 7 7 0 8 5 nd6 144 27 0 7 1 0 1 1 0 8 0 pkpcb 40 5 0 5 2 2 0 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 32 0 30 2 1 1 1 0 8 0 pppxif 1504 1 0 1 1 1 0 1 0 8 0 pffrag 232 5 0 0 1 0 1 1 0 482 0 pffrnode 88 4 0 0 1 0 1 1 0 8 0 pffrent 40 6 0 1 1 0 1 1 0 8 0 pfosfp 40 1433 0 1008 5 0 5 5 0 8 0 pfosfpen 112 1433 0 715 21 0 21 21 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pfstitem 24 60 0 15 1 0 1 1 0 8 0 pfstkey 128 190 0 145 2 0 2 2 0 8 0 pfstate 384 124 0 80 5 0 5 5 0 8 0 pfrule 1344 24 0 17 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 588 0 204 31 2 29 31 0 8 3 art_table 32 589 0 204 4 0 4 4 0 8 0 art_node 16 125 0 48 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 1 0 1 0 8 0 semapl 112 28 0 18 1 0 1 1 0 8 0 shmpl 112 23 0 2 1 0 1 1 0 8 0 dirhash 1024 34 0 17 3 0 3 3 0 8 0 dino2pl 256 3126 0 1617 95 0 95 95 0 8 0 ffsino 288 3126 0 1617 109 0 109 109 0 8 0 nchpl 144 4472 0 2776 64 0 64 64 0 8 0 rtmask 32 8 0 7 3 2 1 1 0 8 0 uvmvnodes 80 3785 0 0 78 0 78 78 0 8 0 vnodes 216 3785 0 0 211 0 211 211 0 8 0 namei 1024 15678 0 15678 4 3 1 2 0 8 1 percpumem 16 88 0 37 1 0 1 1 0 8 0 kstatmem 264 70 0 42 4 1 3 3 0 8 1 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scxspl 216 14430 0 14430 10 9 1 8 1 8 1 plimitpl 152 175 0 156 1 0 1 1 0 8 0 sigapl 424 1244 0 1172 10 1 9 9 0 8 0 knotepl 120 578 0 0 18 0 18 18 0 8 0 kqueuepl 224 300 0 287 2 1 1 2 0 8 0 pipepl 336 155 0 127 3 0 3 3 0 8 0 fdescpl 520 1204 0 1172 3 0 3 3 0 8 0 filepl 160 7141 0 6904 19 7 12 16 0 8 2 lockfpl 104 365 0 361 2 0 2 2 0 8 1 lockfspl 48 153 0 149 1 0 1 1 0 8 0 sessionpl 144 25 0 16 1 0 1 1 0 8 0 pgrppl 48 42 0 25 1 0 1 1 0 8 0 ucredpl 104 994 0 981 1 0 1 1 0 8 0 zombiepl 144 1322 0 1321 3 2 1 1 0 8 0 processpl 1240 1244 0 1172 6 0 6 6 0 8 0 procpl 656 2628 0 2544 8 0 8 8 0 8 0 srpgc 96 2 0 2 1 1 0 1 0 8 0 sosppl 168 5 0 5 2 1 1 1 0 8 1 sockpl 728 1649 0 1611 14 5 9 10 0 8 4 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 7 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 128 0 0 16 0 16 16 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 22 0 0 3 0 3 3 0 8 0 mtagpl 96 36 0 0 1 0 1 1 0 8 0 mbufpl 256 1164 0 0 73 0 73 73 0 8 0 bufpl 280 4282 0 129 297 0 297 297 0 8 0 anonpl 32 9050 0 0 73 0 73 73 0 246 0 amapchunkpl 152 33040 0 32420 40 13 27 28 0 158 2 amappl16 200 2715 0 2606 39 32 7 16 0 8 1 amappl15 192 2 0 2 1 1 0 1 0 8 0 amappl14 184 137 0 125 1 0 1 1 0 8 0 amappl13 176 35 0 35 1 1 0 1 0 8 0 amappl12 168 1852 0 1820 4 1 3 3 0 8 0 amappl11 160 50 0 36 1 0 1 1 0 8 0 amappl10 152 23 0 23 1 1 0 1 0 8 0 amappl9 144 250 0 250 1 1 0 1 0 8 0 amappl8 136 28 0 25 1 0 1 1 0 8 0 amappl7 128 109 0 96 1 0 1 1 0 8 0 amappl6 120 172 0 168 1 0 1 1 0 8 0 amappl5 112 122 0 112 1 0 1 1 0 8 0 amappl4 104 394 0 373 1 0 1 1 0 8 0 amappl3 96 6651 0 6539 6 2 4 4 0 8 0 amappl2 88 646 0 583 2 0 2 2 0 8 0 amappl1 80 11548 0 10942 16 3 13 15 0 8 0 amappl 88 9235 0 9067 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 3 2 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 57 0 57 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 25 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1204 0 1172 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1204 0 1172 1 0 1 1 0 8 0 vmmpekpl 168 11259 0 11216 3 0 3 3 0 8 0 vmmpepl 168 80045 0 77913 115 21 94 102 0 357 1 vmsppl 480 1203 0 1172 6 1 5 5 0 8 1 rwobjpl 72 25389 0 20566 91 3 88 88 0 8 0 pdppl 4096 2416 0 2344 104 32 72 86 0 8 0 pvpl 32 17942 0 0 146 1 145 145 0 265 0 pmappl 256 1203 0 1172 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 461 0 47 13 1 12 13 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8346ca79) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff83416398,ffffffff833426f8,83,ffffffff83461e45) at __assert+0x29 sys/kern/subr_prf.c:-1 rtable_init() at rtable_init rtable_add(16) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:373 [inline] rtable_add(16) at rtable_add+0x2d9 sys/net/rtable.c:222 if_createrdomain(16,ffff800000b2c000) at if_createrdomain+0x40 sys/net/if.c:1964 ifioctl(ffff80000161ae60,8020699f,ffff80003c461160,ffff80002a2baa58) at ifioctl+0x1a1e sys/net/if.c:2313 sys_ioctl(ffff80002a2baa58,ffff80003c461340,ffff80003c461290) at sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1 syscall(ffff80003c461340) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c461340) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7127b771890, count: -10 ddb{0}> machine ddbcpu 1