panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *177359 61402 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333b4aa) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d59,ffffffff83359cf7,84,ffffffff833cefb2) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001437000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800001490530,8020699f,ffff80003858d640,ffff80002a7d5778) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7d5778,ffff80003858d810,ffff80003858d760) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003858d810) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003858d810) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22430c977b0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333b4aa) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d59,ffffffff83359cf7,84,ffffffff833cefb2) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001437000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800001490530,8020699f,ffff80003858d640,ffff80002a7d5778) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7d5778,ffff80003858d810,ffff80003858d760) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003858d810) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003858d810) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22430c977b0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003858d370 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a7d5778 r8 0x101010101010101 r9 0x8080808080808080 r10 0xb9a6c56cc2fe04dc r11 0x4496bfc3b165dcd6 r12 0 r13 0x19 r14 0 r15 0x1 rip 0xffffffff82547715 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003858d360 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=177359 pid=61402 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7d4020,0xffff80002a7d4a90 process=0xffff8000ffffb198 user=0xffff800038588000, vmspace=0xfffffd806b8bd468 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 61402 492180 73117 0 3 0x80 fsleep syz-executor *61402 177359 73117 0 7 0x4000000 syz-executor 61402 326478 73117 0 2 0x4000000 syz-executor 31580 327048 81284 0 3 0x80 fsleep syz-executor 31580 391830 81284 0 3 0x4000080 fifor syz-executor 19375 2789 73492 0 3 0x80 fsleep syz-executor 19375 146049 73492 0 3 0x4000080 fifow syz-executor 1422 48330 6805 -1 3 0x90 fsleep syz-executor 1422 487768 6805 -1 3 0x4000090 msgwait syz-executor 81066 324647 45782 0 3 0x80 fsleep syz-executor 81066 320473 45782 0 3 0x4000080 kqpoll syz-executor 81066 139151 45782 0 3 0x4000080 fsleep syz-executor 36795 518000 55448 0 3 0x80 fsleep syz-executor 36795 321304 55448 0 3 0x4000080 kqread syz-executor 95125 418407 13046 60929 3 0x90 fsleep syz-executor 95125 347837 13046 60929 3 0x4000090 ttyin syz-executor 95125 187864 13046 60929 3 0x4000090 fsleep syz-executor 95125 372035 13046 60929 3 0x4000090 fsleep syz-executor 55448 420458 90410 0 2 0xc82 syz-executor 65554 239256 1 0 3 0x100083 ttyin getty 45782 58336 90410 0 2 0xc82 syz-executor 73117 418000 90410 0 2 0xc82 syz-executor 47612 141915 0 0 3 0x14200 bored sosplice 57749 294731 90410 0 2 0xc82 syz-executor 6805 481175 90410 0 2 0xc82 syz-executor 13046 245399 90410 0 2 0xc82 syz-executor 73492 258707 90410 0 2 0xc82 syz-executor 81284 245370 90410 0 2 0xc82 syz-executor 90410 117209 35489 0 3 0x82 kqread syz-executor 35489 308683 85434 0 3 0x10008a sigsusp ksh 85434 456486 56231 0 3 0x98 kqread sshd-session 56231 385942 4456 0 3 0x92 kqread sshd-session 4456 443619 1 0 3 0x88 kqread sshd 8368 496561 82800 73 3 0x1100090 kqread syslogd 82800 57030 1 0 3 0x100082 sbwait syslogd 81264 143206 1 0 3 0x100080 kqread resolvd 57371 58172 46430 77 3 0x100092 kqread dhcpleased 54310 17174 46430 77 3 0x100092 kqread dhcpleased 46430 142658 1 0 3 0x80 kqread dhcpleased 31623 190423 0 0 3 0x14200 bored smr 15805 130681 0 0 3 0x14200 pgzero zerothread 67150 261611 0 0 3 0x14200 aiodoned aiodoned 7509 496389 0 0 3 0x14200 syncer update 64815 354900 0 0 3 0x14200 cleaner cleaner 65947 278237 0 0 3 0x14200 reaper reaper 55986 59999 0 0 3 0x14200 pgdaemon pagedaemon 66329 104852 0 0 3 0x14200 bored viomb 57774 208404 0 0 3 0x40014200 acpi0 acpi0 94925 136231 0 0 3 0x14200 bored softnet7 63203 311446 0 0 3 0x14200 bored softnet6 69383 99895 0 0 3 0x14200 bored softnet5 73339 349823 0 0 3 0x14200 bored softnet4 5573 160891 0 0 3 0x14200 bored softnet3 26997 1863 0 0 3 0x14200 bored softnet2 63562 129014 0 0 3 0x14200 bored softnet1 85404 211722 0 0 3 0x14200 bored softnet0 10436 9517 0 0 3 0x14200 bored systqmp 73883 193370 0 0 3 0x14200 bored systq 51464 258264 0 0 2 0x40014200 softclock 56453 36956 0 0 3 0x40014200 idle0 1 342919 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10200 11130K 11385K 166960K 12175 0 pcb 17 14K 16K 166960K 258 0 rtable 208 10K 10K 166960K 498 0 pf 33 13K 17K 166960K 133 0 ifaddr 37 6K 7K 166960K 106 0 ifgroup 47 2K 2K 166960K 159 0 sysctl 4 1K 9K 166960K 18 0 counters 31 17K 18K 166960K 89 0 ioctlops 0 0K 4K 166960K 247 0 iov 0 0K 28K 166960K 41 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1412 89K 89K 166960K 2209 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 20 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 38 0 dirhash 12 2K 2K 166960K 39 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 1057 0 sigio 0 0K 0K 166960K 19 0 proc 60 59K 100K 166960K 731 0 subproc 72 4K 4K 166960K 118 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 113 0 in_multi 80 5K 7K 166960K 189 0 ether_multi 1 0K 0K 166960K 3 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 115 519K 519K 166960K 115 0 exec 0 0K 1K 166960K 568 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 251 152K 165K 166960K 10324 0 UVM aobj 32 2K 2K 166960K 36 0 pinsyscall 39 78K 93K 166960K 2216 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 41 0 NDP 10 0K 2K 166960K 70 0 temp 56 8637K 8747K 166960K 48369 0 kqueue 14 22K 32K 166960K 194 0 SYN cache 2 8K 16K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 117 0 114 1 0 1 1 0 8 0 rtentry 136 171 0 92 4 0 4 4 0 8 0 unpcb 144 1056 0 1034 15 13 2 9 0 8 1 syncache 336 8 0 8 3 2 1 1 0 8 1 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 736 286 0 280 7 6 1 4 0 8 0 arp 88 23 0 8 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 328 947 0 935 9 7 2 7 0 8 0 ip6q 72 5 0 2 1 0 1 1 0 8 0 ip6af 40 10 0 6 1 0 1 1 0 8 0 nd6 104 30 0 15 1 0 1 1 0 8 0 pkpcb 40 6 0 6 3 2 1 1 0 8 1 kcovpl 48 13 0 5 1 0 1 1 0 8 0 ppxss 1072 40 0 40 3 2 1 1 0 8 1 pppxif 1384 7 0 7 3 2 1 1 0 8 1 pfstscr 40 1 0 1 1 0 1 1 0 8 1 pfrktable 1344 1 0 1 1 0 1 1 0 8 1 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 8 0 6 1 0 1 1 0 8 0 pfstate 384 5 0 4 1 0 1 1 0 8 0 pfrule 1344 8 0 8 3 2 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 761 0 399 32 6 26 30 0 8 1 art_table 40 764 0 399 5 0 5 5 0 8 0 art_node 32 167 0 97 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 5 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 35 0 25 1 0 1 1 0 8 0 shmpl 112 33 0 4 1 0 1 1 0 8 0 dirhash 1024 36 0 19 3 0 3 3 0 8 0 dino2pl 256 3271 0 1764 95 0 95 95 0 8 0 ffsino 256 3271 0 1764 95 0 95 95 0 8 0 nchpl 144 4619 0 2915 64 0 64 64 0 8 0 rtmask 32 11 0 11 2 1 1 1 0 8 1 uvmvnodes 80 3795 0 0 78 0 78 78 0 8 0 vnodes 216 3795 0 0 211 0 211 211 0 8 0 namei 1024 16185 0 16185 4 3 1 2 0 8 1 kstatmem 264 88 0 68 2 0 2 2 0 8 0 scsiplug 72 3 0 3 2 2 0 1 0 8 0 scxspl 216 22333 0 22333 22 14 8 8 1 8 8 plimitpl 152 306 0 288 1 0 1 1 0 8 0 sigapl 424 1312 0 1261 7 1 6 7 0 8 0 knotepl 120 355680 0 355632 50 40 10 24 0 8 7 kqueuepl 184 328 0 315 1 0 1 1 0 8 0 pipepl 304 272 0 245 8 5 3 8 0 8 0 fdescpl 448 1289 0 1259 5 1 4 5 0 8 0 filepl 120 8111 0 7888 16 7 9 14 0 8 0 lockfpl 104 672 0 668 4 2 2 2 0 8 1 lockfspl 48 162 0 158 1 0 1 1 0 8 0 sessionpl 144 33 0 25 1 0 1 1 0 8 0 pgrppl 48 51 0 35 1 0 1 1 0 8 0 ucredpl 104 1421 0 1408 1 0 1 1 0 8 0 zombiepl 144 1331 0 1330 3 2 1 1 0 8 0 processpl 1152 1312 0 1261 5 1 4 5 0 8 0 procpl 664 2578 0 2516 7 1 6 7 0 8 0 sosppl 168 8 0 8 1 1 0 1 0 8 0 sockpl 552 2158 0 2121 29 25 4 17 0 8 0 mcl64k 65536 32 0 32 3 2 1 1 0 8 1 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl12k 12288 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 2 0 2 2 2 0 1 0 8 0 mcl8k 8192 79 0 79 2 2 0 1 0 8 0 mcl4k 4096 3612 0 3562 16 9 7 15 0 8 0 mcl2k 2048 1494 0 1487 6 4 2 5 0 8 1 mtagpl 96 14 0 9 1 0 1 1 0 8 0 mbufpl 256 13259 0 13140 20 7 13 20 0 8 0 bufpl 280 9591 0 3363 446 0 446 446 0 8 0 anonpl 24 171488 0 162827 148 69 79 80 0 187 1 amapchunkpl 152 33022 0 32378 40 12 28 28 0 158 2 amappl16 200 2718 0 2450 62 35 27 27 0 8 0 amappl14 184 121 0 111 1 0 1 1 0 8 0 amappl13 176 1 0 1 1 1 0 1 0 8 0 amappl12 168 1980 0 1950 3 1 2 3 0 8 0 amappl11 160 42 0 31 1 0 1 1 0 8 0 amappl10 152 1 0 1 1 1 0 1 0 8 0 amappl9 144 246 0 246 1 1 0 1 0 8 0 amappl8 136 24 0 21 1 0 1 1 0 8 0 amappl7 128 139 0 128 1 0 1 1 0 8 0 amappl6 120 219 0 215 1 0 1 1 0 8 0 amappl5 112 131 0 123 1 0 1 1 0 8 0 amappl4 104 302 0 286 1 0 1 1 0 8 0 amappl3 96 6816 0 6694 6 2 4 4 0 8 1 amappl2 88 716 0 659 2 0 2 2 0 8 0 amappl1 80 13079 0 12535 14 1 13 13 0 8 0 amappl 88 9417 0 9228 6 1 5 5 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 35 0 4 1 0 1 1 0 8 0 uaddrrnd 24 1289 0 1259 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1289 0 1259 1 0 1 1 0 8 0 vmmpekpl 168 11191 0 11144 3 0 3 3 0 8 0 vmmpepl 168 85433 0 83258 134 26 108 108 0 357 4 vmsppl 368 1288 0 1259 4 1 3 4 0 8 0 rwobjpl 40 26662 0 21719 52 0 52 52 0 8 0 pdppl 4096 2584 0 2518 112 44 68 80 0 8 2 pvpl 32 527860 0 513540 263 103 160 166 0 265 9 pmappl 216 1288 0 1259 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 416 0 92 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333b4aa) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d59,ffffffff83359cf7,84,ffffffff833cefb2) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001437000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800001490530,8020699f,ffff80003858d640,ffff80002a7d5778) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7d5778,ffff80003858d810,ffff80003858d760) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003858d810) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003858d810) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22430c977b0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8333b4aa) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83378d59,ffffffff83359cf7,84,ffffffff833cefb2) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(21,21) at rtmap_grow+0x1f2 rtable_add(20) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(20) at rtable_add+0x289 sys/net/rtable.c:223 if_createrdomain(20,ffff800001437000) at if_createrdomain+0x40 sys/net/if.c:1952 ifioctl(ffff800001490530,8020699f,ffff80003858d640,ffff80002a7d5778) at ifioctl+0x1c06 sys/net/if.c:2301 sys_ioctl(ffff80002a7d5778,ffff80003858d810,ffff80003858d760) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003858d810) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003858d810) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22430c977b0, count: -10