panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 194202 44426 0 0 0 0 syz-executor *515258 44426 0 0 0x4000000 1K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344fa1b) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8348d28b,ffffffff83487274,84,ffffffff834e060d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(b5,21) at rtmap_grow+0x24f rtable_add(b4) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(b4) at rtable_add+0x2d9 sys/net/rtable.c:223 if_createrdomain(b4,ffff8000015fd000) at if_createrdomain+0x40 sys/net/if.c:2046 ifioctl(ffff80000169ec60,8020699f,ffff80003c499140,ffff80002a243a00) at ifioctl+0x1c52 sys/net/if.c:2395 sys_ioctl(ffff80002a243a00,ffff80003c499320,ffff80003c499270) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c499320) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c499320) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc812693e1d0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 132 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344fa1b) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8348d28b,ffffffff83487274,84,ffffffff834e060d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(b5,21) at rtmap_grow+0x24f rtable_add(b4) at rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(b4) at rtable_add+0x2d9 sys/net/rtable.c:223 if_createrdomain(b4,ffff8000015fd000) at if_createrdomain+0x40 sys/net/if.c:2046 ifioctl(ffff80000169ec60,8020699f,ffff80003c499140,ffff80002a243a00) at ifioctl+0x1c52 sys/net/if.c:2395 sys_ioctl(ffff80002a243a00,ffff80003c499320,ffff80003c499270) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c499320) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c499320) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc812693e1d0, count: -10 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c498e50 rbx 0xffff8000299bee07 rdx 0 rcx 0xffff80002a243a00 rax 0xffff8000299bdff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x5355e4fe926b4982 r11 0x197a0bfc8136ad73 r12 0xffff8000299bec08 r13 0 r14 0 r15 0x1 rip 0xffffffff810f2625 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c498e40 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=515258 pid=44426 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a242fa0,0xffff80002a2434e0 process=0xffff8000ffff21c0 user=0xffff80003c494000, vmspace=0xfffffd80640d8210 estcpu=33, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 36344 377488 54146 0 2 0 syz-executor 36344 509058 54146 0 3 0x4000080 sbwait syz-executor 14373 262385 31782 0 2 0 syz-executor 14373 470730 31782 0 2 0x4000000 syz-executor 44426 194202 17170 0 7 0 syz-executor 44426 167963 17170 0 2 0x4000000 syz-executor *44426 515258 17170 0 7 0x4000000 syz-executor 70158 103406 71712 0 2 0 syz-executor 70158 418853 71712 0 3 0x4000080 fsleep syz-executor 70158 377610 71712 0 3 0x4000080 fsleep syz-executor 69700 76364 52798 0 3 0x80 nanoslp syz-executor 69700 106377 52798 0 3 0x4000080 kqsel syz-executor 69700 40187 52798 0 3 0x4000080 fsleep syz-executor 7937 363899 22264 0 3 0x3000 suspend syz-executor 7937 521333 22264 0 3 0x4081000 biowait syz-executor 7937 97309 22264 0 3 0x4081000 inode syz-executor 24128 183337 1 0 3 0x100083 ttyin getty 94226 214646 87585 0 3 0x82 nanoslp syz-executor 40148 351562 0 0 3 0x14280 nfsidl nfsio 30813 215886 0 0 3 0x14280 nfsidl nfsio 44482 255238 0 0 3 0x14280 nfsidl nfsio 42357 458467 0 0 3 0x14280 nfsidl nfsio 60810 496661 0 0 3 0x14280 nfsidl nfsio 54994 225057 0 0 3 0x14280 nfsidl nfsio 26469 346062 0 0 3 0x14280 nfsidl nfsio 32074 200120 0 0 3 0x14280 nfsidl nfsio 22718 185893 0 0 3 0x14280 nfsidl nfsio 14724 430017 0 0 3 0x14280 nfsidl nfsio 52846 11226 0 0 3 0x14280 nfsidl nfsio 41166 353349 0 0 3 0x14280 nfsidl nfsio 89379 261343 0 0 3 0x14280 nfsidl nfsio 79396 422127 0 0 3 0x14280 nfsidl nfsio 27523 407916 0 0 3 0x14280 nfsidl nfsio 56604 229983 0 0 3 0x14280 nfsidl nfsio 2563 343175 0 0 3 0x14280 nfsidl nfsio 98510 303951 0 0 3 0x14280 nfsidl nfsio 21498 298458 0 0 3 0x14280 nfsidl nfsio 1595 445165 0 0 3 0x14280 nfsidl nfsio 52798 506026 87585 0 3 0x82 nanoslp syz-executor 76704 114253 87585 0 2 0x2 syz-executor 71712 399589 87585 0 3 0x82 nanoslp syz-executor 31782 448396 87585 0 3 0x82 nanoslp syz-executor 17170 298932 87585 0 3 0x82 nanoslp syz-executor 22264 437319 87585 0 3 0x82 nanoslp syz-executor 54146 123245 87585 0 3 0x82 nanoslp syz-executor 87585 164328 1 0 3 0x82 kqread syz-executor 50468 425772 0 0 3 0x14200 bored smr 70681 359663 0 0 2 0x14200 zerothread 34857 447872 0 0 3 0x14200 aiodoned aiodoned 79432 405844 0 0 3 0x14200 syncer update 69596 214749 0 0 3 0x14200 cleaner cleaner 14012 287501 0 0 3 0x14200 reaper reaper 55535 160350 0 0 3 0x14200 pgdaemon pagedaemon 47062 330963 0 0 3 0x14200 bored viomb 93505 140436 0 0 3 0x40014200 acpi0 acpi0 24849 3826 0 0 3 0x40014200 idle1 75230 134440 0 0 3 0x14200 bored softnet1 42712 466896 0 0 3 0x14200 bored softnet0 58645 355190 0 0 3 0x14200 smrbar systqmp 27331 251935 0 0 3 0x14200 bored systq 42931 96267 0 0 3 0x14200 tmoslp softclockmp 9852 397592 0 0 3 0x40014200 tmoslp softclock 92905 88739 0 0 3 0x40014200 idle0 1 450303 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 14373 (syz-executor) thread 0xffff80002a242fa0 (262385) exclusive rwlock vmmaplk r = 0 (0xfffffd80640d8ab0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5171 #3 uvm_map_protect+0xe0 sys/uvm/uvm_map.c:3075 #4 sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590 #5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #6 Xsyscall+0x128 Process 14373 (syz-executor) thread 0xffff80002a2434d0 (470730) exclusive rrwlock inode r = 0 (0xfffffd806e7c46b0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1 #6 namei+0x7ca sys/kern/vfs_lookup.c:250 #7 vn_open+0x1f1 sys/kern/vfs_vnops.c:107 #8 doopenat+0x35b sys/kern/vfs_syscalls.c:1155 #9 sys_open+0x59 sys/kern/vfs_syscalls.c:1063 #10 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #11 Xsyscall+0x128 Process 44426 (syz-executor) thread 0xffff80002a243a00 (515258) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff83994bc0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:175 #3 rtmap_grow+0xb2 sys/net/rtable.c:127 #4 rtable_add+0x2d9 rtable_alloc sys/net/rtable.c:370 [inline] #4 rtable_add+0x2d9 sys/net/rtable.c:223 #5 if_createrdomain+0x40 sys/net/if.c:2046 #6 ifioctl+0x1c52 sys/net/if.c:2395 #7 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 7937 (syz-executor) thread 0xffff80002a2427d8 (521333) exclusive rrwlock inode r = 0 (0xfffffd806c39e0c8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x2bd sys/kern/sys_generic.c:384 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 76704 (syz-executor) thread 0xffff80002a240d10 (114253) exclusive rwlock vmmaplk r = 0 (0xfffffd80640d8128) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5171 #3 uvmspace_fork+0x12b sys/uvm/uvm_map.c:3752 #4 process_new+0x577 sys/kern/kern_fork.c:281 #5 fork1+0x3f6 sys/kern/kern_fork.c:-1 #6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #7 Xsyscall+0x128 exclusive rwlock vmmaplk r = 0 (0xfffffd806f5744d8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5171 #3 uvmspace_fork+0x44 sys/uvm/uvm_map.c:3743 #4 process_new+0x577 sys/kern/kern_fork.c:281 #5 fork1+0x3f6 sys/kern/kern_fork.c:-1 #6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #7 Xsyscall+0x128 Process 58645 (systqmp) thread 0xffff8000ffffea60 (355190) shared rwlock systqmp r = 0 (0xffffffff8395f7c8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{1}>