panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *183717 82360 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8341768f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83456591,ffffffff834313cf,84,ffffffff834a4a2d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(c,21) at rtmap_grow+0x1f2 rtable_add(b) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(b) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(b,ffff8000015ec800) at if_createrdomain+0x40 sys/net/if.c:2046 ifioctl(ffff8000015fbc18,8020699f,ffff80003c961200,ffff80003c90ad18) at ifioctl+0x1be2 sys/net/if.c:2395 sys_ioctl(ffff80003c90ad18,ffff80003c9613d0,ffff80003c961320) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9613d0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9613d0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x38639659800, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8341768f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83456591,ffffffff834313cf,84,ffffffff834a4a2d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(c,21) at rtmap_grow+0x1f2 rtable_add(b) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(b) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(b,ffff8000015ec800) at if_createrdomain+0x40 sys/net/if.c:2046 ifioctl(ffff8000015fbc18,8020699f,ffff80003c961200,ffff80003c90ad18) at ifioctl+0x1be2 sys/net/if.c:2395 sys_ioctl(ffff80003c90ad18,ffff80003c9613d0,ffff80003c961320) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9613d0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9613d0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x38639659800, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c960f30 rbx 0x21 rdx 0 rcx 0 rax 0xffff80003c90ad18 r8 0x101010101010101 r9 0x8080808080808080 r10 0x6f8a18876c2f1d64 r11 0x5db662c48aed471 r12 0 r13 0x6 r14 0 r15 0x1 rip 0xffffffff82a23005 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c960f20 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=183717 pid=82360 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=81, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c90a2b8,0xffff80003c90aa90 process=0xffff8000ffff8018 user=0xffff80003c95c000, vmspace=0xfffffd80673c1018 estcpu=31, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 42093 362176 25170 0 2 0 syz-executor 42093 400774 25170 0 3 0x4000080 fsleep syz-executor 42093 369070 25170 0 3 0x4000080 fsleep syz-executor 86359 276701 63451 0 2 0 syz-executor 86359 95454 63451 0 2 0x4000000 syz-executor 86359 81198 63451 0 2 0x4000000 syz-executor 66360 353814 30035 0 2 0 syz-executor 66360 10321 30035 0 2 0x4000000 syz-executor 66360 337216 30035 0 2 0x4000000 syz-executor 82360 431696 73155 0 2 0 syz-executor 82360 403490 73155 0 2 0x4000000 syz-executor *82360 183717 73155 0 7 0x4000000 syz-executor 47819 89678 3285 0 2 0 syz-executor 47819 259856 3285 0 3 0x4000080 fsleep syz-executor 19184 499387 5754 0 3 0 vmmaplk syz-executor 19184 129002 5754 0 2 0x4000000 syz-executor 19184 331589 5754 0 3 0x4000080 fsleep syz-executor 19184 65155 5754 0 2 0x4000000 syz-executor 81380 143750 41840 0 2 0 syz-executor 81380 231448 41840 0 3 0x4000080 kqpoll syz-executor 81380 517660 41840 0 2 0x4000000 syz-executor 40692 482856 73644 0 2 0 syz-executor 40692 34163 73644 0 3 0x4000080 fsleep syz-executor 4804 336411 0 0 3 0x14200 acct acct 61084 293103 0 0 3 0x14280 nfsidl nfsio 70323 177876 0 0 3 0x14280 nfsidl nfsio 79089 376498 0 0 3 0x14280 nfsidl nfsio 71500 12896 0 0 3 0x14280 nfsidl nfsio 63283 319542 0 0 3 0x14280 nfsidl nfsio 4095 493266 0 0 3 0x14280 nfsidl nfsio 78689 90017 0 0 3 0x14280 nfsidl nfsio 78886 384668 0 0 3 0x14280 nfsidl nfsio 99149 521591 0 0 3 0x14280 nfsidl nfsio 27499 100498 0 0 3 0x14280 nfsidl nfsio 8194 347293 0 0 3 0x14280 nfsidl nfsio 60768 105177 0 0 3 0x14280 nfsidl nfsio 33968 270632 0 0 3 0x14280 nfsidl nfsio 34280 403841 0 0 3 0x14280 nfsidl nfsio 31081 35585 0 0 3 0x14280 nfsidl nfsio 83011 119522 0 0 3 0x14280 nfsidl nfsio 90690 63525 0 0 3 0x14280 nfsidl nfsio 3788 398723 0 0 3 0x14280 nfsidl nfsio 98104 521518 0 0 3 0x14280 nfsidl nfsio 79785 256481 0 0 3 0x14280 nfsidl nfsio 25170 400550 61304 0 3 0x82 nanoslp syz-executor 30035 232484 61304 0 3 0x82 nanoslp syz-executor 73644 232304 61304 0 3 0x82 nanoslp syz-executor 3285 121823 61304 0 3 0x82 nanoslp syz-executor 5754 137019 61304 0 3 0x82 nanoslp syz-executor 73155 43059 61304 0 3 0x82 nanoslp syz-executor 63451 407281 61304 0 3 0x82 nanoslp syz-executor 41840 219628 61304 0 3 0x82 nanoslp syz-executor 61304 167616 37436 0 3 0x82 kqread syz-executor 37436 434982 68039 0 3 0x10008a sigsusp ksh 68039 287617 4053 0 3 0x98 kqread sshd-session 4053 94486 69330 0 3 0x92 kqread sshd-session 27059 42389 1 0 3 0x100083 ttyin getty 69330 208625 1 0 3 0x88 kqread sshd 74532 444471 68411 73 3 0x1100090 kqread syslogd 68411 303934 1 0 3 0x100082 sbwait syslogd 54451 121060 1 0 3 0x100080 kqread resolvd 39583 53722 35828 77 3 0x100092 kqread dhcpleased 13949 207627 35828 77 3 0x100092 kqread dhcpleased 35828 79297 1 0 3 0x80 kqread dhcpleased 59956 82064 0 0 3 0x14200 bored smr 78189 29270 0 0 2 0x14200 zerothread 32683 486770 0 0 3 0x14200 aiodoned aiodoned 32609 171234 0 0 3 0x14200 syncer update 31686 83013 0 0 3 0x14200 cleaner cleaner 96569 624 0 0 3 0x14200 reaper reaper 49732 187636 0 0 3 0x14200 pgdaemon pagedaemon 96429 314849 0 0 3 0x14200 bored viomb 18263 367452 0 0 3 0x40014200 acpi0 acpi0 62493 492088 0 0 3 0x14200 bored softnet0 8340 31958 0 0 3 0x14200 bored systqmp 50904 161526 0 0 3 0x14200 bored systq 22616 428176 0 0 3 0x40014200 tmoslp softclock 65472 353092 0 0 3 0x40014200 idle0 1 389240 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11034 12101K 12318K 166960K 12357 0 pcb 18 12K 12K 166960K 50 0 rtable 211 7K 8K 166960K 400 0 pf 31 13K 15K 166960K 48 0 ifaddr 39 7K 8K 166960K 54 0 ifgroup 49 2K 2K 166960K 69 0 sysctl 4 1K 9K 166960K 8 0 counters 32 17K 18K 166960K 43 0 ioctlops 0 0K 4K 166960K 62 0 iov 0 0K 4K 166960K 2 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1293 81K 82K 166960K 1511 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 23 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 236K 166960K 360 0 proc 60 59K 116K 166960K 515 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 29 0 in_multi 91 6K 7K 166960K 108 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 18 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 438 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 235 162K 182K 166960K 5116 0 UVM aobj 10 4K 6K 166960K 11 0 pinsyscall 39 78K 94K 166960K 1468 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 7 0 NDP 10 0K 2K 166960K 32 0 temp 38 9063K 9128K 166960K 6985 0 kqueue 14 22K 26K 166960K 59 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 50 0 47 1 0 1 1 0 8 0 rtentry 136 119 0 29 4 0 4 4 0 8 0 unpcb 144 209 0 192 3 2 1 3 0 8 0 syncache 336 8 0 8 2 1 1 1 0 8 1 tcpqe 32 4 0 4 2 1 1 1 0 8 1 tcpcb 736 65 0 56 1 0 1 1 0 8 0 arp 96 19 0 3 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 328 195 0 181 2 0 2 2 0 8 0 nd6 112 25 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 8 0 8 2 1 1 1 0 8 1 pppxif 1416 1 0 1 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 2 2 1 1 1 0 8 0 pfstate 384 2 0 1 2 1 1 1 0 8 0 pfrule 1360 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 500 0 99 29 0 29 29 0 8 2 art_table 40 501 0 99 5 0 5 5 0 8 0 art_node 32 118 0 37 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 0 1 1 0 8 1 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 20 0 10 1 0 1 1 0 8 0 shmpl 112 8 0 1 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 1955 0 499 92 0 92 92 0 8 0 ffsino 256 1955 0 499 92 0 92 92 0 8 0 nchpl 144 2469 0 774 64 0 64 64 0 8 0 rtmask 32 2 0 2 1 1 0 1 0 8 0 vnodes 216 2126 0 0 119 0 119 119 0 8 0 namei 1024 7582 0 7580 3 2 1 2 0 8 0 kstatmem 264 32 0 12 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 0 1 1 0 8 1 scxspl 216 8179 0 8179 9 1 8 8 1 8 8 plimitpl 152 64 0 48 1 0 1 1 0 8 0 sigapl 424 666 0 602 9 1 8 8 0 8 0 knotepl 120 14955 0 14904 16 7 9 10 0 8 7 kqueuepl 184 88 0 77 1 0 1 1 0 8 0 pipepl 304 298 0 270 5 2 3 5 0 8 0 fdescpl 448 632 0 602 5 1 4 5 0 8 0 filepl 120 3114 0 2896 10 1 9 9 0 8 1 lockfpl 104 74 0 71 1 0 1 1 0 8 0 lockfspl 48 36 0 33 1 0 1 1 0 8 0 sessionpl 144 28 0 20 1 0 1 1 0 8 0 pgrppl 48 39 0 23 1 0 1 1 0 8 0 ucredpl 104 337 0 326 1 0 1 1 0 8 0 zombiepl 144 730 0 730 1 0 1 1 0 8 1 processpl 1152 666 0 602 5 0 5 5 0 8 0 procpl 664 1047 0 968 7 0 7 7 0 8 0 sosppl 176 2 0 2 1 1 0 1 0 8 0 sockpl 552 459 0 424 7 3 4 7 0 8 1 mcl64k 65536 23 0 23 2 1 1 1 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 14 0 14 2 1 1 1 0 8 1 mcl4k 4096 2808 0 2757 14 6 8 13 0 8 1 mcl2k 2048 381 0 380 2 1 1 1 0 8 0 mtagpl 96 8 0 5 2 1 1 1 0 8 0 mbufpl 256 6461 0 6292 19 1 18 18 0 8 5 bufpl 280 2698 0 102 186 0 186 186 0 8 0 anonpl 24 125187 0 121784 46 9 37 37 0 187 10 amapchunkpl 152 15807 0 15121 33 6 27 27 0 158 0 amappl16 200 2178 0 2141 6 3 3 5 0 8 1 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 405 0 404 1 0 1 1 0 8 0 amappl13 176 124 0 114 1 0 1 1 0 8 0 amappl12 168 879 0 850 2 0 2 2 0 8 0 amappl11 160 2 0 2 1 1 0 1 0 8 0 amappl10 152 82 0 72 1 0 1 1 0 8 0 amappl9 144 258 0 258 1 1 0 1 0 8 0 amappl8 136 99 0 97 1 0 1 1 0 8 0 amappl7 128 150 0 138 1 0 1 1 0 8 0 amappl6 120 149 0 148 1 0 1 1 0 8 0 amappl5 112 99 0 91 1 0 1 1 0 8 0 amappl4 104 274 0 256 1 0 1 1 0 8 0 amappl3 96 2867 0 2756 4 0 4 4 0 8 1 amappl2 88 581 0 526 2 0 2 2 0 8 0 amappl1 80 11672 0 11119 16 1 15 15 0 8 2 amappl 88 4332 0 4163 5 0 5 5 0 92 1 uvmvnodes 80 106 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 10 0 1 1 0 1 1 0 8 0 uaddrrnd 24 632 0 602 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 632 0 602 1 0 1 1 0 8 0 vmmpekpl 168 7908 0 7874 2 0 2 2 0 8 0 vmmpepl 168 50633 0 48771 105 12 93 93 0 357 12 vmsppl 368 631 0 602 4 1 3 4 0 8 0 rwobjpl 40 17576 0 16598 14 1 13 13 0 8 0 pdppl 4096 1270 0 1204 104 38 66 80 0 8 0 pvpl 32 316258 0 306714 123 17 106 106 0 265 22 pmappl 216 631 0 602 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 380 0 56 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8341768f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83456591,ffffffff834313cf,84,ffffffff834a4a2d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(c,21) at rtmap_grow+0x1f2 rtable_add(b) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(b) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(b,ffff8000015ec800) at if_createrdomain+0x40 sys/net/if.c:2046 ifioctl(ffff8000015fbc18,8020699f,ffff80003c961200,ffff80003c90ad18) at ifioctl+0x1be2 sys/net/if.c:2395 sys_ioctl(ffff80003c90ad18,ffff80003c9613d0,ffff80003c961320) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9613d0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9613d0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x38639659800, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8341768f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83456591,ffffffff834313cf,84,ffffffff834a4a2d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(c,21) at rtmap_grow+0x1f2 rtable_add(b) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(b) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(b,ffff8000015ec800) at if_createrdomain+0x40 sys/net/if.c:2046 ifioctl(ffff8000015fbc18,8020699f,ffff80003c961200,ffff80003c90ad18) at ifioctl+0x1be2 sys/net/if.c:2395 sys_ioctl(ffff80003c90ad18,ffff80003c9613d0,ffff80003c961320) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9613d0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9613d0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x38639659800, count: -10