./file0panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 10788 75471 0 0x8000000 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830a91a3) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063112,ffffffff83035af9,83,ffffffff830a66ce) at __assert+0x29 rtmap_grow(28,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(27) at rtable_add+0x279 if_createrdomain(27,ffff80000116f000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8076b3b408,8020699f,ffff8000376473e0,ffff800037666538) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff800037666538,ffff8000376475c0,ffff800037647510) at sys_ioctl+0x678 syscall(ffff8000376475c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x81c6c4198b0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830a91a3) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063112,ffffffff83035af9,83,ffffffff830a66ce) at __assert+0x29 rtmap_grow(28,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(27) at rtable_add+0x279 if_createrdomain(27,ffff80000116f000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8076b3b408,8020699f,ffff8000376473e0,ffff800037666538) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff800037666538,ffff8000376475c0,ffff800037647510) at sys_ioctl+0x678 syscall(ffff8000376475c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x81c6c4198b0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800037647110 rbx 0x21 rdx 0 rcx 0 rax 0xffff800037666538 r8 0 r9 0x8080808080808080 r10 0x18f60ba4fd93489c r11 0x16548b04ef555954 r12 0 r13 0x6 r14 0 r15 0x1 rip 0xffffffff818c7e35 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800037647100 ss 0 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=10788 pid=75471 tcnt=3 stat=onproc flags process=8000000 proc=4000000 runpri=50, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800037667978,0xffffffff834d2588 process=0xffff800032bf4cf0 user=0xffff800037642000, vmspace=0xfffffd8071136970 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 75471 332085 8505 0 2 0x8000000 syz-executor 75471 276493 8505 0 2 0xc000000 syz-executor *75471 10788 8505 0 7 0xc000000 syz-executor 44613 157002 54996 0 2 0x8000000 syz-executor 9723 311573 87882 0 2 0x8000000 syz-executor 9723 497615 87882 0 3 0xc000080 fsleep syz-executor 9723 514748 87882 0 3 0xc000080 kqread syz-executor 51330 217784 6770 0 2 0x8000000 syz-executor 51330 282867 6770 0 3 0xc000080 fsleep syz-executor 4006 179607 72998 0 2 0x8000480 syz-executor 4006 440916 72998 0 3 0xc000080 msgwait syz-executor 4006 283907 72998 0 3 0xc000080 fsleep syz-executor 4006 82598 72998 0 3 0xc000080 fsleep syz-executor 99993 39511 20767 0 2 0x8000000 syz-executor 99993 294389 20767 0 3 0xc000080 lockf syz-executor 99993 433088 20767 0 2 0xc000000 syz-executor 893 451005 10778 0 2 0x8000000 syz-executor 893 34632 10778 0 3 0xc000080 fsleep syz-executor 7567 118504 20008 0 2 0x8000000 syz-executor 7567 92967 20008 0 3 0xc000080 fsleep syz-executor 72998 367135 21340 0 2 0x8000482 syz-executor 10778 444919 21340 0 3 0x8000082 nanoslp syz-executor 54996 135225 21340 0 2 0x8000482 syz-executor 20767 436215 21340 0 2 0x8000482 syz-executor 8505 289657 21340 0 2 0x8000482 syz-executor 20008 46897 21340 0 3 0x8000082 nanoslp syz-executor 87882 39636 21340 0 2 0x8000482 syz-executor 6770 283848 21340 0 3 0x8000082 nanoslp syz-executor 53145 373005 1 0 3 0x18100083 ttyopn getty 62315 331205 0 0 3 0x14200 bored sosplice 21340 157181 27182 0 2 0x8000002 syz-executor 27182 270897 62323 0 3 0x810008a sigsusp ksh 62323 323168 41250 0 3 0x18000098 kqread sshd-session 41250 472341 6668 0 3 0x18000092 kqread sshd-session 6668 108857 1 0 3 0x18000088 kqread sshd 75746 158708 63121 73 2 0x19100010 syslogd 63121 341513 1 0 3 0x18100082 sbwait syslogd 98497 219117 1 0 3 0x18100080 kqread resolvd 32863 208046 39558 77 3 0x18100092 kqread dhcpleased 89033 228049 39558 77 3 0x18100092 kqread dhcpleased 39558 111498 1 0 3 0x18000080 kqread dhcpleased 77756 209185 0 0 3 0x14200 bored smr 85336 331255 0 0 2 0x14200 zerothread 76001 295657 0 0 3 0x14200 aiodoned aiodoned 17916 140471 0 0 3 0x14200 syncer update 60592 159402 0 0 3 0x14200 cleaner cleaner 97040 79190 0 0 3 0x14200 reaper reaper 48257 374695 0 0 3 0x14200 pgdaemon pagedaemon 82764 238150 0 0 3 0x14200 bored viomb 51533 252686 0 0 3 0x40014200 acpi0 acpi0 50326 135953 0 0 3 0x14200 bored softnet3 95456 307801 0 0 3 0x14200 bored softnet2 65883 385105 0 0 3 0x14200 bored softnet1 30133 382326 0 0 3 0x14200 bored softnet0 63624 91051 0 0 3 0x14200 bored systqmp 86741 141994 0 0 3 0x14200 bored systq 26474 368120 0 0 3 0x40014200 tmoslp softclock 10106 17043 0 0 3 0x40014200 idle0 1 35511 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10177 10145K 10348K 166960K 11625 0 pcb 19 12K 12K 166960K 59 0 rtable 238 8K 8K 166960K 869 0 pf 32 13K 13K 166960K 65 0 ifaddr 43 7K 7K 166960K 111 0 ifgroup 50 2K 2K 166960K 114 0 counters 30 17K 17K 166960K 46 0 ioctlops 0 0K 4K 166960K 58 0 iov 0 0K 14K 166960K 19 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1458 92K 92K 166960K 1877 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 72K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 7 0K 0K 166960K 7 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 97K 166960K 545 0 sigio 0 0K 0K 166960K 2 0 proc 58 59K 124K 166960K 943 0 subproc 104 6K 6K 166960K 312 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 22 0 in_multi 103 7K 7K 166960K 286 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 2K 166960K 637 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 234 72K 108K 166960K 5519 0 UVM aobj 7 2K 4K 166960K 8 0 pinsyscall 39 78K 104K 166960K 1978 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 13 0 NDP 13 0K 2K 166960K 75 0 temp 39 6803K 6869K 166960K 22095 0 kqueue 15 24K 26K 166960K 51 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 95 0 90 1 0 1 1 0 8 0 rtentry 112 294 0 185 5 1 4 4 0 8 0 unpcb 144 280 0 263 3 1 2 2 0 8 1 syncache 336 5 0 5 1 1 0 1 0 8 0 tcpqe 32 4 0 4 1 1 0 1 0 8 0 tcpcb 808 70 0 60 2 0 2 2 0 8 0 arp 88 52 0 34 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 336 450 0 432 7 2 5 5 0 8 3 nd6 104 73 0 49 1 0 1 1 0 8 0 kcovpl 48 24 0 16 1 0 1 1 0 8 0 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 9 0 7 1 0 1 1 0 8 0 pfstate 344 5 0 4 1 0 1 1 0 8 0 pfrule 1344 2 0 2 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1164 0 709 32 3 29 29 0 8 0 art_table 32 1165 0 709 4 0 4 4 0 8 0 art_node 16 291 0 193 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 4 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 5 0 0 1 0 1 1 0 8 0 shmpl 112 5 0 1 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1902 0 374 96 0 96 96 0 8 0 ffsino 240 1902 0 374 91 0 91 91 0 8 0 nchpl 144 2355 0 655 64 0 64 64 0 8 0 uvmvnodes 80 2440 0 0 50 0 50 50 0 8 0 vnodes 216 2440 0 0 136 0 136 136 0 8 0 namei 1024 9169 0 9169 3 2 1 2 0 8 1 kstatmem 264 54 0 32 2 0 2 2 0 8 0 scxspl 216 13150 0 13150 10 2 8 8 1 8 8 plimitpl 152 139 0 123 1 0 1 1 0 8 0 sigapl 424 795 0 748 7 1 6 7 0 8 0 futexpl 64 3386 0 3380 1 0 1 1 0 8 0 knotepl 120 8748 0 8699 17 7 10 10 0 8 8 kqueuepl 184 66 0 55 1 0 1 1 0 8 0 pipepl 288 166 0 138 3 0 3 3 0 8 0 fdescpl 432 775 0 745 5 1 4 5 0 8 0 filepl 120 3650 0 3394 12 1 11 11 0 8 2 lockfpl 104 85 0 80 1 0 1 1 0 8 0 lockfspl 48 32 0 28 1 0 1 1 0 8 0 sessionpl 144 38 0 30 1 0 1 1 0 8 0 pgrppl 48 98 0 82 1 0 1 1 0 8 0 ucredpl 104 362 0 351 1 0 1 1 0 8 0 zombiepl 144 811 0 811 2 1 1 1 0 8 1 processpl 1096 795 0 748 4 0 4 4 0 8 0 procpl 648 1103 0 1044 7 1 6 6 0 8 0 sosppl 168 2 0 1 1 0 1 1 0 8 0 sockpl 504 828 0 788 14 4 10 10 0 8 4 mcl64k 65536 2 0 2 2 0 2 2 0 8 2 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 9 0 9 1 1 0 1 0 8 0 mcl4k 4096 4 0 4 1 1 0 1 0 8 0 mcl2k 2048 5544 0 5444 28 13 15 26 0 8 0 mtagpl 96 10 0 10 2 1 1 1 0 8 1 mbufpl 256 9706 0 9491 23 1 22 22 0 8 1 bufpl 280 5363 0 92 377 0 377 377 0 8 0 anonpl 24 161670 0 158373 76 27 49 49 0 187 24 amapchunkpl 152 17494 0 16973 53 21 32 39 0 158 11 amappl16 200 3302 0 3284 6 4 2 5 0 8 1 amappl15 192 13 0 13 1 1 0 1 0 8 0 amappl14 184 139 0 129 1 0 1 1 0 8 0 amappl13 176 8 0 8 1 1 0 1 0 8 0 amappl12 168 1643 0 1613 3 1 2 3 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 12 0 11 1 0 1 1 0 8 0 amappl9 144 134 0 134 1 1 0 1 0 8 0 amappl8 136 15 0 14 1 0 1 1 0 8 0 amappl7 128 126 0 116 1 0 1 1 0 8 0 amappl6 120 323 0 322 1 0 1 1 0 8 0 amappl5 112 187 0 179 1 0 1 1 0 8 0 amappl4 104 334 0 317 1 0 1 1 0 8 0 amappl3 96 3387 0 3269 5 1 4 4 0 8 1 amappl2 88 819 0 764 2 0 2 2 0 8 0 amappl1 80 9663 0 9126 15 3 12 15 0 8 0 amappl 88 5057 0 4877 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 7 0 1 1 0 1 1 0 8 0 uaddrrnd 24 775 0 745 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 775 0 745 1 0 1 1 0 8 0 vmmpekpl 168 8009 0 7962 3 0 3 3 0 8 0 vmmpepl 168 54779 0 52981 86 6 80 82 0 357 1 vmsppl 344 774 0 745 4 1 3 4 0 8 0 rwobjpl 24 21367 0 18058 21 0 21 21 0 8 1 pdppl 4096 1556 0 1490 110 42 68 82 0 8 2 pvpl 32 394342 0 384556 350 135 215 215 0 265 131 pmappl 216 774 0 745 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 421 0 72 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830a91a3) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063112,ffffffff83035af9,83,ffffffff830a66ce) at __assert+0x29 rtmap_grow(28,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(27) at rtable_add+0x279 if_createrdomain(27,ffff80000116f000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8076b3b408,8020699f,ffff8000376473e0,ffff800037666538) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff800037666538,ffff8000376475c0,ffff800037647510) at sys_ioctl+0x678 syscall(ffff8000376475c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x81c6c4198b0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830a91a3) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063112,ffffffff83035af9,83,ffffffff830a66ce) at __assert+0x29 rtmap_grow(28,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(27) at rtable_add+0x279 if_createrdomain(27,ffff80000116f000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8076b3b408,8020699f,ffff8000376473e0,ffff800037666538) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff800037666538,ffff8000376475c0,ffff800037647510) at sys_ioctl+0x678 syscall(ffff8000376475c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x81c6c4198b0, count: -10