panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *341548 25824 0 0x8000000 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac94d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830621b8,ffffffff83035667,83,ffffffff830a5ea7) at __assert+0x29 rtmap_grow(18,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(17) at rtable_add+0x279 if_createrdomain(17,ffff8000011b6000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8069a9b220,8020699f,ffff800037465540,ffff80002a4571c0) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a4571c0,ffff800037465720,ffff800037465670) at sys_ioctl+0x678 syscall(ffff800037465720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2a7bd6f0050, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac94d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830621b8,ffffffff83035667,83,ffffffff830a5ea7) at __assert+0x29 rtmap_grow(18,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(17) at rtable_add+0x279 if_createrdomain(17,ffff8000011b6000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8069a9b220,8020699f,ffff800037465540,ffff80002a4571c0) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a4571c0,ffff800037465720,ffff800037465670) at sys_ioctl+0x678 syscall(ffff800037465720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2a7bd6f0050, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800037465270 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a4571c0 r8 0 r9 0x8080808080808080 r10 0x4b547f7b79c4866 r11 0x8cb4f640fdf742a7 r12 0 r13 0x17 r14 0 r15 0x1 rip 0xffffffff81febd85 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800037465260 ss 0 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=341548 pid=25824 tcnt=4 stat=onproc flags process=8000000 proc=4000000 runpri=84, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a47a030,0xffff80002a47a550 process=0xffff80002a466f20 user=0xffff800037460000, vmspace=0xfffffd8067757ae0 estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 96780 40799 13642 0 2 0x8101004 sh 13642 71020 43408 0 3 0x810008a sigsusp sh 56772 373040 7253 0 2 0x8001006 sh 62931 259613 35578 0 2 0x8000000 syz-executor 62931 258597 35578 0 3 0xc000080 lockf syz-executor 62931 118195 35578 0 3 0xc000080 fsleep syz-executor 62931 205902 35578 0 3 0xc000080 lockf syz-executor 25824 162613 57304 0 2 0x8000000 syz-executor 25824 247913 57304 0 3 0xc000080 kqread syz-executor 25824 384126 57304 0 2 0xc000000 syz-executor *25824 341548 57304 0 7 0xc000000 syz-executor 10929 182224 93944 0 2 0x8000000 syz-executor 10929 229108 93944 0 3 0xc000080 ttyin syz-executor 10929 245780 93944 0 2 0xc000480 syz-executor 2421 90149 32156 0 2 0x8000001 syz-executor 2421 125088 32156 0 3 0xc000080 fsleep syz-executor 2421 411131 32156 0 3 0xc000080 fsleep syz-executor 43408 353257 45884 0 3 0x8000082 wait syz-executor 7253 141813 45884 0 2 0x8000003 syz-executor 93944 170680 45884 0 2 0x8000482 syz-executor 32156 478690 45884 0 2 0x8000482 syz-executor 35578 351839 45884 0 2 0x8000482 syz-executor 84269 212368 45884 0 2 0x8000002 syz-executor 57304 326694 45884 0 2 0x8000482 syz-executor 10104 61235 45884 0 2 0x8000002 syz-executor 87867 164265 0 0 3 0x14200 acct acct 85482 360468 0 0 3 0x14200 bored sosplice 45884 484144 83132 0 3 0x8000082 kqread syz-executor 83132 152667 9830 0 3 0x810008a sigsusp ksh 9830 153124 6226 0 3 0x18000098 kqread sshd-session 6226 451842 13599 0 3 0x18000092 kqread sshd-session 10005 519276 1 0 3 0x18100083 ttyin getty 13599 238449 1 0 3 0x18000088 kqread sshd 20060 209510 34292 73 2 0x19100010 syslogd 34292 372563 1 0 3 0x18100082 sbwait syslogd 88731 356314 1 0 3 0x18100080 kqread resolvd 17554 36205 63681 77 3 0x18100092 kqread dhcpleased 68004 24711 63681 77 3 0x18100092 kqread dhcpleased 63681 151685 1 0 3 0x18000080 kqread dhcpleased 80927 273746 0 0 3 0x14200 bored smr 4363 212707 0 0 2 0x14200 zerothread 62630 248378 0 0 3 0x14200 aiodoned aiodoned 46592 61461 0 0 3 0x14200 syncer update 40725 123627 0 0 3 0x14200 cleaner cleaner 24362 138259 0 0 3 0x14200 reaper reaper 47245 137902 0 0 3 0x14200 pgdaemon pagedaemon 12471 3576 0 0 3 0x14200 bored viomb 10903 31901 0 0 3 0x40014200 acpi0 acpi0 30770 293020 0 0 3 0x14200 bored softnet3 57120 259249 0 0 3 0x14200 bored softnet2 96683 147987 0 0 3 0x14200 bored softnet1 59795 15369 0 0 3 0x14200 bored softnet0 83499 473978 0 0 3 0x14200 bored systqmp 19579 142715 0 0 3 0x14200 bored systq 51316 159090 0 0 3 0x40014200 tmoslp softclock 91188 383236 0 0 3 0x40014200 idle0 1 212780 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10242 10195K 14457K 166960K 16827 0 pcb 17 20K 22K 166960K 929 0 rtable 181 7K 8K 166960K 3998 0 pf 34 13K 16K 166960K 403 0 ifaddr 38 8K 10K 166960K 529 0 ifgroup 54 2K 2K 166960K 626 0 sysctl 4 1K 1K 166960K 16 0 counters 31 17K 17K 166960K 182 0 ioctlops 0 0K 4K 166960K 658 0 iov 1 12K 28K 166960K 458 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1565 98K 99K 166960K 6281 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 76K 166960K 82 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 406 0 dirhash 15 2K 3K 166960K 90 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 19 69K 97K 166960K 4369 0 sigio 0 0K 0K 166960K 121 0 proc 59 59K 124K 166960K 3758 0 subproc 104 6K 7K 166960K 1508 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 649 0 in_multi 78 5K 7K 166960K 1340 0 ether_multi 1 0K 0K 166960K 18 0 mrt 1 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 2 0K 1K 166960K 2361 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 233 119K 138K 166960K 36195 0 UVM aobj 552 14K 14K 166960K 565 0 pinsyscall 41 82K 96K 166960K 8144 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 149 0 NDP 12 0K 2K 166960K 389 0 temp 82 6832K 6956K 166960K 161353 0 kqueue 19 25K 32K 166960K 561 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 702 0 699 5 4 1 3 0 8 0 rtentry 112 1348 0 1271 4 1 3 4 0 8 0 unpcb 144 3976 0 3957 15 13 2 6 0 8 1 syncache 336 10 0 10 3 3 0 1 0 8 0 tcpqe 32 7 0 7 2 2 0 1 0 8 0 tcpcb 808 1486 0 1479 24 23 1 11 0 8 0 arp 88 244 0 229 1 0 1 1 0 8 0 ipq 40 7 0 6 1 0 1 1 0 8 0 ipqe 40 18 0 17 1 0 1 1 0 8 0 inpcb 336 6139 0 6126 45 38 7 18 0 8 5 nd6 104 368 0 350 1 0 1 1 0 8 0 pkpcb 40 17 0 17 4 3 1 1 0 8 1 kcovpl 48 116 0 108 1 0 1 1 0 8 0 ppxss 1072 24 0 24 3 2 1 1 0 8 1 pfstscr 40 6 0 4 1 0 1 1 0 8 0 pfosfp 40 2 0 0 1 0 1 1 0 8 0 pfosfpen 112 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pftag 88 5 0 0 1 0 1 1 0 8 0 pfqueue 264 3 0 3 2 2 0 1 0 8 0 pfstitem 24 3 0 0 1 0 1 1 0 8 0 pfstkey 128 11 0 8 1 0 1 1 0 8 0 pfstate 344 7 0 5 1 0 1 1 0 8 0 pfrule 1344 33 0 27 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 5378 0 5016 38 9 29 30 0 8 3 art_table 32 5379 0 5016 4 0 4 4 0 8 0 art_node 16 1341 0 1272 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 8 1 0 1 1 0 8 0 semapl 112 402 0 392 1 0 1 1 0 8 0 shmpl 112 562 0 13 16 0 16 16 0 8 0 dirhash 1024 69 0 50 3 0 3 3 0 8 0 dino2pl 256 7091 0 5392 107 0 107 107 0 8 0 ffsino 240 7091 0 5392 102 0 102 102 0 8 1 nchpl 144 11395 0 9557 69 0 69 69 0 8 0 uvmvnodes 80 7449 0 0 153 0 153 153 0 8 0 vnodes 216 7449 0 0 414 0 414 414 0 8 0 namei 1024 56273 0 56272 7 3 4 4 0 8 3 vcpupl 3904 14 0 2 2 0 2 2 0 8 0 vmpool 664 30 0 18 2 0 2 2 0 8 0 kstatmem 264 326 0 302 2 0 2 2 0 8 0 scsiplug 72 9 0 9 2 1 1 1 0 8 1 scxspl 216 78544 0 78544 10 9 1 8 1 8 1 plimitpl 152 1152 0 1135 1 0 1 1 0 8 0 sigapl 424 4478 0 4429 9 2 7 8 0 8 0 futexpl 64 53843 0 53840 1 0 1 1 0 8 0 knotepl 120 110138 0 110087 40 30 10 17 0 8 8 kqueuepl 184 1345 0 1265 10 6 4 4 0 8 0 pipepl 288 865 0 837 11 8 3 9 0 8 0 fdescpl 432 4417 0 4386 5 1 4 5 0 8 0 filepl 120 35854 0 35364 32 17 15 16 0 8 0 lockfpl 104 1337 0 1299 2 1 1 2 0 8 0 lockfspl 48 594 0 558 1 0 1 1 0 8 0 sessionpl 144 128 0 120 1 0 1 1 0 8 0 pgrppl 48 342 0 326 1 0 1 1 0 8 0 ucredpl 104 4844 0 4833 1 0 1 1 0 8 0 zombiepl 144 4619 0 4619 3 2 1 1 0 8 1 processpl 1096 4478 0 4429 6 2 4 6 0 8 0 procpl 648 8844 0 8785 9 3 6 8 0 8 1 sosppl 168 24 0 24 3 2 1 1 0 8 1 sockpl 504 10883 0 10848 169 157 12 30 0 8 7 mcl64k 65536 35 0 35 4 3 1 1 0 8 1 mcl16k 16384 12 0 12 3 3 0 1 0 8 0 mcl12k 12288 5 0 5 2 2 0 1 0 8 0 mcl9k 9216 6 0 6 3 3 0 1 0 8 0 mcl8k 8192 219 0 219 4 3 1 1 0 8 1 mcl4k 4096 8 0 8 3 3 0 1 0 8 0 mcl2k2 2112 4 0 4 2 2 0 1 0 8 0 mcl2k 2048 15067 0 14970 30 15 15 27 0 8 2 mtagpl 96 69 0 69 1 0 1 1 0 8 1 mbufpl 256 49238 0 49060 113 93 20 64 0 8 4 bufpl 280 14846 0 7398 533 0 533 533 0 8 0 anonpl 24 565483 0 562144 97 45 52 53 0 187 13 amapchunkpl 152 124892 0 124434 74 40 34 39 0 158 15 amappl16 200 9021 0 9007 45 42 3 15 0 8 0 amappl15 192 8 0 8 2 2 0 1 0 8 0 amappl14 184 327 0 317 1 0 1 1 0 8 0 amappl13 176 12 0 12 1 1 0 1 0 8 0 amappl12 168 6712 0 6684 2 0 2 2 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 76 0 76 1 1 0 1 0 8 0 amappl9 144 130 0 130 1 1 0 1 0 8 0 amappl8 136 20 0 18 1 0 1 1 0 8 0 amappl7 128 308 0 298 1 0 1 1 0 8 0 amappl6 120 1225 0 1221 1 0 1 1 0 8 0 amappl5 112 548 0 539 1 0 1 1 0 8 0 amappl4 104 611 0 594 1 0 1 1 0 8 0 amappl3 96 23351 0 23245 6 2 4 4 0 8 1 amappl2 88 2099 0 2039 2 0 2 2 0 8 0 amappl1 80 26595 0 26057 16 4 12 14 0 8 0 amappl 88 34842 0 34676 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 2 0 2 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 4 0 3 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 255 0 255 3 3 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 25 0 24 1 0 1 1 0 8 0 aobjpl 72 564 0 13 11 0 11 11 0 8 0 uaddrrnd 24 4445 0 4404 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4445 0 4404 1 0 1 1 0 8 0 vmmpekpl 168 34950 0 34897 4 0 4 4 0 8 0 vmmpepl 168 266810 0 265144 109 27 82 92 0 357 6 vmsppl 344 4446 0 4404 6 1 5 5 0 8 0 rwobjpl 24 77453 0 68572 55 1 54 54 0 8 0 pdppl 4096 8898 0 8820 364 286 78 86 0 8 0 pvpl 32 2019473 0 2010259 509 283 226 229 0 265 128 pmappl 216 4446 0 4404 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1039 0 654 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac94d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830621b8,ffffffff83035667,83,ffffffff830a5ea7) at __assert+0x29 rtmap_grow(18,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(17) at rtable_add+0x279 if_createrdomain(17,ffff8000011b6000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8069a9b220,8020699f,ffff800037465540,ffff80002a4571c0) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a4571c0,ffff800037465720,ffff800037465670) at sys_ioctl+0x678 syscall(ffff800037465720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2a7bd6f0050, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac94d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830621b8,ffffffff83035667,83,ffffffff830a5ea7) at __assert+0x29 rtmap_grow(18,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(17) at rtable_add+0x279 if_createrdomain(17,ffff8000011b6000) at if_createrdomain+0x40 sys/net/if.c:1947 ifioctl(fffffd8069a9b220,8020699f,ffff800037465540,ffff80002a4571c0) at ifioctl+0x19be sys/net/if.c:2296 sys_ioctl(ffff80002a4571c0,ffff800037465720,ffff800037465670) at sys_ioctl+0x678 syscall(ffff800037465720) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2a7bd6f0050, count: -10