panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *395776 22792 0 0x10 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333a525) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d01,ffffffff83353781,84,ffffffff833c876d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001459000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff8000014837c8,8020699f,ffff800038148f30,ffff80002a823ca8) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a823ca8,ffff800038149100,ffff800038149050) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff800038149100) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038149100) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c0d7992cf0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333a525) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d01,ffffffff83353781,84,ffffffff833c876d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001459000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff8000014837c8,8020699f,ffff800038148f30,ffff80002a823ca8) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a823ca8,ffff800038149100,ffff800038149050) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff800038149100) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038149100) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c0d7992cf0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800038148c60 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a823ca8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xda5c514de85b15dc r11 0x49e40bb1273f5780 r12 0 r13 0x1 r14 0 r15 0x1 rip 0xffffffff812a03b5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800038148c50 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=395776 pid=22792 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=50, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a822020,0xffff80002a8222c8 process=0xffff80002cd2a898 user=0xffff800038144000, vmspace=0xfffffd806b8c6188 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 22792 336676 43013 0 3 0x90 fsleep syz-executor *22792 395776 43013 0 7 0x4000010 syz-executor 22792 178118 43013 0 2 0x4000010 syz-executor 72236 166176 99760 0 3 0x80 fsleep syz-executor 72236 244728 99760 0 3 0x4000080 sbwait syz-executor 52833 303710 58223 0 3 0x80 fsleep syz-executor 52833 183255 58223 0 3 0x4000080 ttyopn syz-executor 58701 125477 33377 0 3 0x90 fsleep syz-executor 58701 375934 33377 0 3 0x4000090 msgwait syz-executor 58701 271109 33377 0 3 0x4000090 fsleep syz-executor 42736 286080 80453 0 3 0x80 fsleep syz-executor 42736 412998 80453 0 3 0x4000080 ttyout syz-executor 86286 506717 70845 0 3 0x80 fsleep syz-executor 86286 11957 70845 0 3 0x4000080 piperd syz-executor 63417 96223 0 0 3 0x14200 bored sosplice 42960 327967 29769 0 2 0xc82 syz-executor 70845 182577 29769 0 2 0xc82 syz-executor 43013 299322 29769 0 2 0xc82 syz-executor 26002 220441 29769 0 3 0x82 wait syz-executor 58223 326168 29769 0 2 0x3 syz-executor 99760 283894 29769 0 2 0xc82 syz-executor 80453 26971 29769 0 2 0x3 syz-executor 33377 476324 29769 0 2 0xc82 syz-executor 29769 474256 3186 0 3 0x82 kqread syz-executor 3186 83580 22524 0 3 0x10008a sigsusp ksh 22524 253937 16816 0 3 0x98 kqread sshd-session 16816 479614 2014 0 3 0x92 kqread sshd-session 93377 13252 1 0 3 0x100083 ttyin getty 2014 152789 1 0 3 0x88 kqread sshd 47069 72362 52066 73 3 0x1100090 kqread syslogd 52066 216239 1 0 3 0x100082 sbwait syslogd 15814 191975 1 0 3 0x100080 kqread resolvd 26020 395784 37030 77 3 0x100092 kqread dhcpleased 25692 140806 37030 77 3 0x100092 kqread dhcpleased 37030 248556 1 0 3 0x80 kqread dhcpleased 86102 170902 0 0 3 0x14200 bored smr 32114 257590 0 0 3 0x14200 pgzero zerothread 75197 417383 0 0 3 0x14200 aiodoned aiodoned 67202 10752 0 0 3 0x14200 syncer update 93189 48494 0 0 3 0x14200 cleaner cleaner 10492 309343 0 0 3 0x14200 reaper reaper 98676 515006 0 0 3 0x14200 pgdaemon pagedaemon 63871 442593 0 0 3 0x14200 bored viomb 36211 53261 0 0 3 0x40014200 acpi0 acpi0 25380 273561 0 0 3 0x14200 bored softnet7 73296 178091 0 0 3 0x14200 bored softnet6 2820 293904 0 0 3 0x14200 bored softnet5 92771 169938 0 0 3 0x14200 bored softnet4 25934 198632 0 0 3 0x14200 bored softnet3 8449 367272 0 0 3 0x14200 bored softnet2 17634 473002 0 0 3 0x14200 bored softnet1 75186 469518 0 0 3 0x14200 bored softnet0 12792 422340 0 0 3 0x14200 bored systqmp 59398 510112 0 0 3 0x14200 bored systq 54829 416533 0 0 2 0x40014200 softclock 65560 89252 0 0 3 0x40014200 idle0 1 55544 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10211 11158K 11433K 166960K 11548 0 pcb 18 14K 14K 166960K 120 0 rtable 187 6K 6K 166960K 284 0 pf 30 12K 16K 166960K 43 0 ifaddr 41 7K 8K 166960K 54 0 ifgroup 50 2K 2K 166960K 65 0 sysctl 4 1K 9K 166960K 9 0 counters 32 17K 18K 166960K 39 0 ioctlops 0 0K 2K 166960K 56 0 iov 0 0K 20K 166960K 13 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1347 85K 85K 166960K 1526 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 7 0 VM map 2 1K 1K 166960K 2 0 sem 7 0K 0K 166960K 7 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 97K 166960K 359 0 sigio 0 0K 0K 166960K 8 0 proc 61 59K 100K 166960K 509 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 17 0 in_multi 98 7K 7K 166960K 113 0 ether_multi 1 0K 0K 166960K 3 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 372 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 226 151K 160K 166960K 4824 0 UVM aobj 9 2K 2K 166960K 9 0 pinsyscall 39 78K 96K 166960K 1396 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 13 0 NDP 11 0K 1K 166960K 32 0 temp 42 8639K 8719K 166960K 19094 0 kqueue 14 22K 33K 166960K 61 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 118 0 114 3 0 3 3 0 8 2 rtentry 136 100 0 18 4 0 4 4 0 8 0 unpcb 144 425 0 409 1 0 1 1 0 8 0 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 736 69 0 64 2 0 2 2 0 8 1 arp 88 10 0 1 1 0 1 1 0 8 0 ipq 40 2 0 1 1 0 1 1 0 8 0 ipqe 40 67 0 66 1 0 1 1 0 8 0 inpcb 328 361 0 351 8 1 7 7 0 8 6 nd6 104 17 0 0 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 5 0 5 1 0 1 1 0 8 1 pppxif 1384 2 0 2 1 0 1 1 0 8 1 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 476 0 50 28 0 28 28 0 8 1 art_table 40 477 0 50 5 0 5 5 0 8 0 art_node 32 100 0 28 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 5 0 0 1 0 1 1 0 8 0 shmpl 112 6 0 0 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 1989 0 488 95 0 95 95 0 8 0 ffsino 256 1989 0 488 95 0 95 95 0 8 0 nchpl 144 2504 0 821 63 0 63 63 0 8 0 uvmvnodes 80 2154 0 0 44 0 44 44 0 8 0 vnodes 216 2154 0 0 120 0 120 120 0 8 0 namei 1024 7732 0 7732 3 2 1 2 0 8 1 kstatmem 264 32 0 10 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 8273 0 8273 8 7 1 8 1 8 1 plimitpl 152 94 0 77 1 0 1 1 0 8 0 sigapl 424 645 0 594 7 1 6 7 0 8 0 knotepl 120 11244 0 11192 10 0 10 10 0 8 8 kqueuepl 184 151 0 141 4 0 4 4 0 8 3 pipepl 304 157 0 129 5 0 5 5 0 8 2 fdescpl 448 624 0 594 5 1 4 5 0 8 0 filepl 120 3306 0 3078 12 0 12 12 0 8 4 lockfpl 104 117 0 115 1 0 1 1 0 8 0 lockfspl 48 51 0 49 1 0 1 1 0 8 0 sessionpl 144 22 0 14 1 0 1 1 0 8 0 pgrppl 48 34 0 18 1 0 1 1 0 8 0 ucredpl 104 302 0 288 1 0 1 1 0 8 0 zombiepl 144 724 0 722 1 0 1 1 0 8 0 processpl 1152 645 0 594 5 1 4 5 0 8 0 procpl 664 1021 0 962 6 0 6 6 0 8 0 sockpl 552 914 0 884 7 0 7 7 0 8 4 mcl64k 65536 22 0 22 2 1 1 1 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 12 0 12 2 1 1 1 0 8 1 mcl4k 4096 2769 0 2717 16 8 8 15 0 8 0 mcl2k 2048 618 0 614 2 0 2 2 0 8 1 mtagpl 96 5 0 4 2 1 1 1 0 8 0 mbufpl 256 6577 0 6401 28 7 21 28 0 8 8 bufpl 280 3364 0 122 232 0 232 232 0 8 0 anonpl 24 127247 0 124105 32 0 32 32 0 187 10 amapchunkpl 152 15394 0 14918 25 0 25 25 0 158 5 amappl16 200 2166 0 2143 5 3 2 5 0 8 0 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 106 0 96 1 0 1 1 0 8 0 amappl13 176 4 0 4 1 1 0 1 0 8 0 amappl12 168 1238 0 1208 3 1 2 3 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 250 0 250 1 1 0 1 0 8 0 amappl8 136 30 0 29 1 0 1 1 0 8 0 amappl7 128 99 0 89 1 0 1 1 0 8 0 amappl6 120 174 0 171 1 0 1 1 0 8 0 amappl5 112 110 0 103 1 0 1 1 0 8 0 amappl4 104 268 0 253 1 0 1 1 0 8 0 amappl3 96 2697 0 2589 3 0 3 3 0 8 0 amappl2 88 630 0 571 2 0 2 2 0 8 0 amappl1 80 9054 0 8503 15 1 14 14 0 8 0 amappl 88 4138 0 3975 5 0 5 5 0 92 1 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 8 0 0 1 0 1 1 0 8 0 uaddrrnd 24 624 0 594 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 624 0 594 1 0 1 1 0 8 0 vmmpekpl 168 6519 0 6487 2 0 2 2 0 8 0 vmmpepl 168 45192 0 43321 89 0 89 89 0 357 6 vmsppl 368 623 0 594 4 1 3 4 0 8 0 rwobjpl 40 17044 0 14046 31 0 31 31 0 8 0 pdppl 4096 1254 0 1188 98 32 66 82 0 8 0 pvpl 32 300042 0 291409 101 0 101 101 0 265 24 pmappl 216 623 0 594 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 390 0 57 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333a525) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d01,ffffffff83353781,84,ffffffff833c876d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001459000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff8000014837c8,8020699f,ffff800038148f30,ffff80002a823ca8) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a823ca8,ffff800038149100,ffff800038149050) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff800038149100) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038149100) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c0d7992cf0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333a525) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d01,ffffffff83353781,84,ffffffff833c876d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001459000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff8000014837c8,8020699f,ffff800038148f30,ffff80002a823ca8) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a823ca8,ffff800038149100,ffff800038149050) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff800038149100) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038149100) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c0d7992cf0, count: -10