panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *113128 29889 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83352f92) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833905ce,ffffffff8336ddd1,84,ffffffff833e2c80) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(16,ffff800000b12800) at if_createrdomain+0x40 sys/net/if.c:1978 ifioctl(ffff800010fcab28,8020699f,ffff80003c954e10,ffff80002a89a038) at ifioctl+0x1c06 sys/net/if.c:2327 sys_ioctl(ffff80002a89a038,ffff80003c954fe0,ffff80003c954f30) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c954fe0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c954fe0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x70823eb6540, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83352f92) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833905ce,ffffffff8336ddd1,84,ffffffff833e2c80) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(16,ffff800000b12800) at if_createrdomain+0x40 sys/net/if.c:1978 ifioctl(ffff800010fcab28,8020699f,ffff80003c954e10,ffff80002a89a038) at ifioctl+0x1c06 sys/net/if.c:2327 sys_ioctl(ffff80002a89a038,ffff80003c954fe0,ffff80003c954f30) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c954fe0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c954fe0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x70823eb6540, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c954b40 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a89a038 r8 0x101010101010101 r9 0x8080808080808080 r10 0xfda044cc16d932fe r11 0x34fa46bcdc4a9375 r12 0 r13 0xa r14 0 r15 0x1 rip 0xffffffff827e19d5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c954b30 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=113128 pid=29889 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=83, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a89a2d0,0xffff80002a89a578 process=0xffff8000ffff8498 user=0xffff80003c950000, vmspace=0xfffffd8069321b98 estcpu=33, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 94434 293885 34657 0 2 0 syz-executor 94434 372485 34657 0 3 0x4000080 fsleep syz-executor 49489 193559 70173 0 2 0 syz-executor 49489 162491 70173 0 3 0x4000080 fsleep syz-executor 20208 90928 31239 0 2 0 syz-executor 20208 468209 31239 0 3 0x4000080 fsleep syz-executor 20208 62670 31239 0 3 0x4000080 fsleep syz-executor 20208 201480 31239 0 3 0x4000080 fsleep syz-executor 29889 136643 34807 0 2 0 syz-executor 29889 62168 34807 0 2 0x4000000 syz-executor *29889 113128 34807 0 7 0x4000000 syz-executor 32532 138676 14916 -1 2 0x10 syz-executor 32532 400359 14916 -1 3 0x4000090 fsleep syz-executor 32532 461093 14916 -1 3 0x4000090 fsleep syz-executor 32532 177081 14916 -1 3 0x4000090 fsleep syz-executor 6809 431112 67132 0 2 0 syz-executor 6809 402149 67132 0 3 0x4000080 fsleep syz-executor 9636 508374 70164 0 2 0 syz-executor 9636 246802 70164 0 3 0x4000080 fsleep syz-executor 9636 42209 70164 0 3 0x4000080 fsleep syz-executor 75331 508061 92589 0 2 0 syz-executor 75331 493392 92589 0 3 0x4000080 fsleep syz-executor 75331 222810 92589 0 3 0x4000080 fsleep syz-executor 75331 449617 92589 0 2 0x4000000 syz-executor 16974 418144 0 0 3 0x14280 nfsidl nfsio 29753 188227 0 0 3 0x14280 nfsidl nfsio 69023 337328 0 0 3 0x14280 nfsidl nfsio 80722 480988 0 0 3 0x14280 nfsidl nfsio 21695 226024 0 0 3 0x14280 nfsidl nfsio 5761 408137 0 0 3 0x14280 nfsidl nfsio 64671 180745 0 0 3 0x14280 nfsidl nfsio 50897 183344 0 0 3 0x14280 nfsidl nfsio 35632 147890 0 0 3 0x14280 nfsidl nfsio 4157 383973 0 0 3 0x14280 nfsidl nfsio 76694 514469 0 0 3 0x14280 nfsidl nfsio 91370 66363 0 0 3 0x14280 nfsidl nfsio 82569 59278 0 0 3 0x14280 nfsidl nfsio 4387 199520 0 0 3 0x14280 nfsidl nfsio 36351 56150 0 0 3 0x14280 nfsidl nfsio 52878 264264 0 0 3 0x14280 nfsidl nfsio 22199 301602 0 0 3 0x14280 nfsidl nfsio 6229 164282 0 0 3 0x14280 nfsidl nfsio 16352 479810 0 0 3 0x14280 nfsidl nfsio 39054 507897 0 0 3 0x14280 nfsidl nfsio 60080 412153 0 0 3 0x14200 acct acct 34807 195667 60358 0 3 0x82 nanoslp syz-executor 70164 317597 60358 0 2 0xc82 syz-executor 74029 119539 0 0 3 0x14200 bored sosplice 14916 278760 60358 0 3 0x82 nanoslp syz-executor 31239 480030 60358 0 3 0x82 nanoslp syz-executor 67132 209646 60358 0 3 0x82 nanoslp syz-executor 34657 286059 60358 0 2 0xc82 syz-executor 92589 76927 60358 0 3 0x82 nanoslp syz-executor 70173 360772 60358 0 2 0xc82 syz-executor 60358 238018 81670 0 3 0x82 kqread syz-executor 81670 275245 13332 0 3 0x10008a sigsusp ksh 13332 153202 8151 0 3 0x98 kqread sshd-session 8151 160120 36919 0 3 0x92 kqread sshd-session 93541 187337 1 0 3 0x100083 ttyin getty 36919 238141 1 0 3 0x88 kqread sshd 57681 192458 50771 73 3 0x1100090 kqread syslogd 50771 447094 1 0 3 0x100082 sbwait syslogd 32952 115741 1 0 3 0x100080 kqread resolvd 38221 184020 17695 77 3 0x100092 kqread dhcpleased 48798 447730 17695 77 3 0x100092 kqread dhcpleased 17695 207526 1 0 3 0x80 kqread dhcpleased 71357 434639 0 0 3 0x14200 bored smr 48573 319376 0 0 2 0x14200 zerothread 53389 238291 0 0 3 0x14200 aiodoned aiodoned 14649 282443 0 0 3 0x14200 syncer update 90452 405946 0 0 3 0x14200 cleaner cleaner 93075 234132 0 0 3 0x14200 reaper reaper 12670 214621 0 0 3 0x14200 pgdaemon pagedaemon 62303 501134 0 0 3 0x14200 bored viomb 29719 384152 0 0 3 0x40014200 acpi0 acpi0 38515 206822 0 0 3 0x14200 bored softnet0 10450 321001 0 0 3 0x14200 bored systqmp 20438 420502 0 0 3 0x14200 bored systq 89337 334450 0 0 3 0x40014200 tmoslp softclock 29129 119842 0 0 3 0x40014200 idle0 1 489938 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10183 11066K 11481K 166960K 12497 0 pcb 21 16K 18K 166960K 219 0 rtable 205 9K 9K 166960K 491 0 pf 33 13K 16K 166960K 108 0 ifaddr 36 6K 7K 166960K 92 0 ifgroup 50 2K 2K 166960K 137 0 sysctl 2 1K 9K 166960K 8 0 counters 32 17K 18K 166960K 153 0 ioctlops 0 0K 4K 166960K 269 0 iov 0 0K 20K 166960K 38 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1407 88K 89K 166960K 2028 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 16 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 26 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 232K 166960K 694 0 sigio 0 0K 0K 166960K 6 0 proc 63 67K 100K 166960K 606 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 61 0 in_multi 76 5K 7K 166960K 142 0 ether_multi 1 0K 0K 166960K 6 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 534 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 248 151K 167K 166960K 8025 0 UVM aobj 20 2K 2K 166960K 21 0 pinsyscall 39 78K 89K 166960K 1794 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 32 0 NDP 11 0K 2K 166960K 62 0 temp 50 8643K 8707K 166960K 9846 0 kqueue 15 24K 30K 166960K 142 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 176 0 173 3 0 3 3 0 8 2 rtentry 136 146 0 67 4 0 4 4 0 8 0 unpcb 144 388 0 372 4 0 4 4 0 8 3 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 169 0 163 2 1 1 2 0 8 0 arp 96 22 0 8 1 0 1 1 0 8 0 ipq 40 2 0 0 1 0 1 1 0 8 0 ipqe 40 2 0 0 1 0 1 1 0 8 0 inpcb 328 1055 0 1041 17 10 7 13 0 8 5 ip6q 72 2 0 0 1 0 1 1 0 8 0 ip6af 40 2 0 0 1 0 1 1 0 8 0 nd6 112 34 0 14 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1072 111 0 111 2 1 1 1 0 8 1 pppxif 1384 7 0 7 2 1 1 1 0 8 1 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 7 0 5 1 0 1 1 0 8 0 pfstate 384 4 0 3 1 0 1 1 0 8 0 pfrule 1344 3 0 2 2 1 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 615 0 259 29 1 28 29 0 8 5 art_table 40 617 0 259 5 0 5 5 0 8 0 art_node 32 146 0 76 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 5 2 1 1 1 0 8 0 semapl 112 22 0 12 1 0 1 1 0 8 0 shmpl 112 18 0 1 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 2626 0 1123 95 0 95 95 0 8 0 ffsino 256 2626 0 1123 95 0 95 95 0 8 0 nchpl 144 3571 0 1872 64 0 64 64 0 8 0 rtmask 32 11 0 11 2 1 1 1 0 8 1 vnodes 216 2298 0 0 128 0 128 128 0 8 0 namei 1024 11761 0 11761 3 2 1 2 0 8 1 kstatmem 264 84 0 62 3 0 3 3 0 8 1 scsiplug 72 3 0 3 2 1 1 1 0 8 1 scxspl 216 10484 0 10484 10 2 8 8 1 8 8 plimitpl 152 242 0 225 1 0 1 1 0 8 0 sigapl 424 985 0 920 8 0 8 8 0 8 0 knotepl 120 25749 0 25668 30 18 12 17 0 8 7 kqueuepl 184 328 0 314 5 1 4 4 0 8 2 pipepl 304 153 0 126 3 0 3 3 0 8 0 fdescpl 448 948 0 918 4 0 4 4 0 8 0 filepl 120 5843 0 5622 15 2 13 13 0 8 4 lockfpl 104 182 0 179 1 0 1 1 0 8 0 lockfspl 48 71 0 68 1 0 1 1 0 8 0 sessionpl 144 23 0 15 1 0 1 1 0 8 0 pgrppl 48 40 0 24 1 0 1 1 0 8 0 ucredpl 104 737 0 725 1 0 1 1 0 8 0 zombiepl 144 1219 0 1219 1 0 1 1 0 8 1 processpl 1152 985 0 920 5 0 5 5 0 8 0 procpl 664 1896 0 1815 9 1 8 8 0 8 0 sosppl 168 4 0 4 1 0 1 1 0 8 1 sockpl 552 1634 0 1601 20 9 11 13 0 8 8 mcl64k 65536 150 0 149 1 0 1 1 0 8 0 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 3 0 3 2 1 1 1 0 8 1 mcl8k 8192 10 0 10 2 1 1 1 0 8 1 mcl4k 4096 3165 0 3113 14 6 8 13 0 8 0 mcl2k 2048 1064 0 1060 3 1 2 2 0 8 1 mtagpl 96 10 0 5 1 0 1 1 0 8 0 mbufpl 256 19024 0 18850 177 155 22 116 0 8 8 bufpl 280 2994 0 124 205 0 205 205 0 8 0 anonpl 24 153231 0 150031 65 21 44 44 0 187 19 amapchunkpl 152 25940 0 25406 40 5 35 35 0 158 14 amappl16 200 2787 0 2754 25 13 12 14 0 8 8 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 22 0 22 1 1 0 1 0 8 0 amappl13 176 441 0 440 1 0 1 1 0 8 0 amappl12 168 1293 0 1254 2 0 2 2 0 8 0 amappl11 160 12 0 12 1 1 0 1 0 8 0 amappl10 152 40 0 30 1 0 1 1 0 8 0 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 23 0 22 1 0 1 1 0 8 0 amappl7 128 91 0 90 1 0 1 1 0 8 0 amappl6 120 301 0 290 1 0 1 1 0 8 0 amappl5 112 74 0 67 1 0 1 1 0 8 0 amappl4 104 395 0 371 1 0 1 1 0 8 0 amappl3 96 4367 0 4267 3 0 3 3 0 8 0 amappl2 88 1057 0 985 2 0 2 2 0 8 0 amappl1 80 11000 0 10453 13 1 12 13 0 8 0 amappl 88 7200 0 7021 5 0 5 5 0 92 0 uvmvnodes 80 2298 0 0 47 0 47 47 0 8 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 20 0 1 1 0 1 1 0 8 0 uaddrrnd 24 948 0 918 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 948 0 918 1 0 1 1 0 8 0 vmmpekpl 168 8989 0 8947 3 0 3 3 0 8 0 vmmpepl 168 65981 0 64124 99 9 90 90 0 357 8 vmsppl 368 947 0 918 4 1 3 4 0 8 0 rwobjpl 40 22089 0 18902 35 0 35 35 0 8 2 pdppl 4096 1902 0 1836 98 32 66 76 0 8 0 pvpl 32 412809 0 404319 145 42 103 121 0 265 24 pmappl 216 947 0 918 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 539 0 203 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83352f92) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833905ce,ffffffff8336ddd1,84,ffffffff833e2c80) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(16,ffff800000b12800) at if_createrdomain+0x40 sys/net/if.c:1978 ifioctl(ffff800010fcab28,8020699f,ffff80003c954e10,ffff80002a89a038) at ifioctl+0x1c06 sys/net/if.c:2327 sys_ioctl(ffff80002a89a038,ffff80003c954fe0,ffff80003c954f30) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c954fe0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c954fe0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x70823eb6540, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83352f92) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833905ce,ffffffff8336ddd1,84,ffffffff833e2c80) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(16,ffff800000b12800) at if_createrdomain+0x40 sys/net/if.c:1978 ifioctl(ffff800010fcab28,8020699f,ffff80003c954e10,ffff80002a89a038) at ifioctl+0x1c06 sys/net/if.c:2327 sys_ioctl(ffff80002a89a038,ffff80003c954fe0,ffff80003c954f30) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c954fe0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c954fe0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x70823eb6540, count: -10