panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 70191 54614 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83377f70) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b8191,ffffffff83397179,84,ffffffff8340d658) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 route_output(fffffd806d701000,ffff800010fd66a8) at route_output+0x564 sys/net/rtsock.c:766 route_send(ffff800010fd66a8,fffffd806d701000,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd66a8,0,ffff80003c953ad8,0,0,de5f5dd6) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9974e8,6,ffff80003c953bd0,de5f5dd6,ffff80003c953c70) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9974e8,ffff80003c953d20,ffff80003c953c70) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c953d20) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c953d20) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44342487c90, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 132 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83377f70) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b8191,ffffffff83397179,84,ffffffff8340d658) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 route_output(fffffd806d701000,ffff800010fd66a8) at route_output+0x564 sys/net/rtsock.c:766 route_send(ffff800010fd66a8,fffffd806d701000,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd66a8,0,ffff80003c953ad8,0,0,de5f5dd6) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9974e8,6,ffff80003c953bd0,de5f5dd6,ffff80003c953c70) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9974e8,ffff80003c953d20,ffff80003c953c70) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c953d20) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c953d20) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44342487c90, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c9536f0 rbx 0x21 rdx 0xffff80000143ad40 rcx 0 rax 0xffff80003c9974e8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x9c05faf95225272f r11 0xcab5f759dec57035 r12 0 r13 0x1 r14 0 r15 0x1 rip 0xffffffff82351de5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c9536e0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=70191 pid=54614 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=79, usrpri=79, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c9962c0,0xffff80003c996fc8 process=0xffff8000ffff8d98 user=0xffff80003c94e000, vmspace=0xfffffd800b790748 estcpu=29, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 16376 125835 92355 0 2 0 syz-executor 16376 169768 92355 0 3 0x4000080 fsleep syz-executor 38497 224425 60090 0 2 0 syz-executor 38497 260525 60090 0 2 0x4000000 syz-executor 40746 457807 5268 0 2 0 syz-executor 40746 87862 5268 0 2 0x4000000 syz-executor 54614 79248 77123 0 2 0 syz-executor *54614 70191 77123 0 7 0x4000000 syz-executor 96420 212112 53254 0 2 0 syz-executor 96420 37619 53254 0 3 0x4000080 fsleep syz-executor 83612 425364 11900 0 2 0x82000 syz-executor 83612 26308 11900 0 4 0x4082000 syz-executor 83612 113790 11900 0 4 0x4082000 syz-executor 83612 55636 11900 0 4 0x4082000 syz-executor 83612 253464 11900 0 3 0x4002000 suspend syz-executor 51812 209170 93008 0 2 0 syz-executor 51812 501128 93008 0 3 0x4000080 fsleep syz-executor 51812 163266 93008 0 2 0x4000000 syz-executor 80208 524196 0 0 3 0x14200 acct acct 69062 349481 1 0 3 0x100083 ttyin getty 11900 274606 43799 0 3 0x82 nanoslp syz-executor 53254 33445 43799 0 2 0xc82 syz-executor 5268 154581 43799 0 2 0xc82 syz-executor 93008 115335 43799 0 2 0xc82 syz-executor 45141 473516 43799 0 2 0xc82 syz-executor 77123 91531 43799 0 2 0xc82 syz-executor 92355 95479 43799 0 3 0x82 nanoslp syz-executor 60090 73174 43799 0 3 0x82 nanoslp syz-executor 43799 207509 71741 0 3 0x82 kqread syz-executor 71741 121299 25557 0 3 0x10008a sigsusp ksh 25557 315411 87951 0 3 0x98 kqread sshd-session 87951 501507 38564 0 3 0x92 kqread sshd-session 38564 104957 1 0 3 0x88 kqread sshd 64514 111569 36456 73 3 0x1100090 kqread syslogd 36456 51641 1 0 3 0x100082 sbwait syslogd 72996 133625 1 0 3 0x100080 kqread resolvd 36370 153603 62000 77 3 0x100092 kqread dhcpleased 19903 35125 62000 77 3 0x100092 kqread dhcpleased 62000 115009 1 0 3 0x80 kqread dhcpleased 52906 286688 0 0 3 0x14200 bored smr 51285 245036 0 0 2 0x14200 zerothread 28979 387879 0 0 3 0x14200 aiodoned aiodoned 59515 355675 0 0 3 0x14200 syncer update 10092 119152 0 0 3 0x14200 cleaner cleaner 55080 463622 0 0 3 0x14200 reaper reaper 77702 323919 0 0 3 0x14200 pgdaemon pagedaemon 8075 244237 0 0 3 0x14200 bored viomb 7034 34857 0 0 3 0x40014200 acpi0 acpi0 12105 310531 0 0 3 0x14200 bored softnet0 59520 7903 0 0 3 0x14200 bored systqmp 41756 210661 0 0 3 0x14200 bored systq 33639 950 0 0 3 0x40014200 tmoslp softclock 31571 133467 0 0 3 0x40014200 idle0 1 13351 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10174 11038K 11331K 166960K 11481 0 pcb 17 12K 12K 166960K 55 0 rtable 228 7K 8K 166960K 393 0 pf 28 12K 13K 166960K 41 0 ifaddr 38 6K 7K 166960K 53 0 ifgroup 46 2K 2K 166960K 63 0 sysctl 3 1K 9K 166960K 8 0 counters 32 17K 18K 166960K 41 0 ioctlops 0 0K 4K 166960K 57 0 iov 0 0K 12K 166960K 11 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1340 84K 85K 166960K 1493 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 7 0K 0K 166960K 9 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 301 0 sigio 0 0K 0K 166960K 6 0 proc 59 59K 108K 166960K 492 0 subproc 72 4K 4K 166960K 73 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 215 0 in_multi 84 6K 7K 166960K 108 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 383 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 243 155K 164K 166960K 4485 0 UVM aobj 7 2K 2K 166960K 7 0 pinsyscall 39 78K 93K 166960K 1386 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 25 0 NDP 10 0K 2K 166960K 33 0 temp 37 8662K 8728K 166960K 7774 0 kqueue 13 20K 29K 166960K 63 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 46 0 41 1 0 1 1 0 8 0 rtentry 136 120 0 20 4 0 4 4 0 8 0 unpcb 144 126 0 111 1 0 1 1 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 203 0 199 13 6 7 7 0 8 6 arp 96 20 0 2 1 0 1 1 0 8 0 inpcb 328 338 0 328 12 5 7 7 0 8 5 nd6 112 25 0 6 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1072 7 0 7 2 1 1 1 0 8 1 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 481 0 84 30 0 30 30 0 8 2 art_table 40 482 0 84 5 0 5 5 0 8 0 art_node 32 120 0 29 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semapl 112 6 0 1 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1860 0 359 95 0 95 95 0 8 0 ffsino 256 1860 0 359 95 0 95 95 0 8 0 nchpl 144 2308 0 618 63 0 63 63 0 8 0 rtmask 32 2 0 2 1 1 0 1 0 8 0 vnodes 216 2015 0 0 112 0 112 112 0 8 0 namei 1024 7049 0 7049 3 2 1 2 0 8 1 kstatmem 264 32 0 12 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 7362 0 7362 8 7 1 8 1 8 1 plimitpl 152 129 0 113 1 0 1 1 0 8 0 sigapl 424 593 0 549 6 1 5 6 0 8 0 knotepl 120 9611 0 9564 24 14 10 17 0 8 7 kqueuepl 184 79 0 70 1 0 1 1 0 8 0 pipepl 304 130 0 103 3 0 3 3 0 8 0 fdescpl 448 579 0 549 5 1 4 5 0 8 0 filepl 120 2624 0 2410 11 2 9 9 0 8 2 lockfpl 104 64 0 62 1 0 1 1 0 8 0 lockfspl 48 29 0 27 1 0 1 1 0 8 0 sessionpl 144 22 0 14 1 0 1 1 0 8 0 pgrppl 48 33 0 17 1 0 1 1 0 8 0 ucredpl 104 344 0 332 1 0 1 1 0 8 0 zombiepl 144 594 0 593 1 0 1 1 0 8 0 processpl 1152 593 0 549 4 0 4 4 0 8 0 procpl 664 853 0 797 6 1 5 6 0 8 0 sosppl 176 3 0 3 1 1 0 1 0 8 0 sockpl 552 517 0 487 12 5 7 8 0 8 4 mcl64k 65536 4 0 4 2 1 1 1 0 8 1 mcl8k 8192 4 0 4 1 1 0 1 0 8 0 mcl4k 4096 2664 0 2612 15 7 8 14 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 414 0 408 1 0 1 1 0 8 0 mtagpl 96 10 0 5 1 0 1 1 0 8 0 mbufpl 256 5658 0 5473 14 1 13 13 0 8 0 bufpl 280 2572 0 119 176 0 176 176 0 8 0 anonpl 24 106606 0 103405 46 2 44 44 0 187 21 amapchunkpl 152 13075 0 12560 26 5 21 24 0 158 1 amappl16 200 1899 0 1872 18 7 11 15 0 8 8 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 7 0 7 1 1 0 1 0 8 0 amappl13 176 408 0 407 1 0 1 1 0 8 0 amappl12 168 919 0 880 2 0 2 2 0 8 0 amappl11 160 22 0 22 1 1 0 1 0 8 0 amappl10 152 49 0 39 1 0 1 1 0 8 0 amappl9 144 261 0 261 1 1 0 1 0 8 0 amappl8 136 19 0 18 1 0 1 1 0 8 0 amappl7 128 81 0 80 1 0 1 1 0 8 0 amappl6 120 265 0 254 1 0 1 1 0 8 0 amappl5 112 77 0 69 1 0 1 1 0 8 0 amappl4 104 382 0 360 1 0 1 1 0 8 0 amappl3 96 2386 0 2272 3 0 3 3 0 8 0 amappl2 88 520 0 468 2 0 2 2 0 8 0 amappl1 80 9398 0 8860 13 1 12 13 0 8 0 amappl 88 3759 0 3586 6 1 5 5 0 92 1 uvmvnodes 80 98 0 0 2 0 2 2 0 8 0 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 579 0 549 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 579 0 549 1 0 1 1 0 8 0 vmmpekpl 168 6222 0 6192 2 0 2 2 0 8 0 vmmpepl 168 43766 0 41935 90 1 89 89 0 357 9 vmsppl 368 578 0 549 4 1 3 4 0 8 0 rwobjpl 40 14733 0 13784 12 0 12 12 0 8 2 pdppl 4096 1164 0 1098 96 30 66 78 0 8 0 pvpl 32 267140 0 258281 118 8 110 110 0 265 35 pmappl 216 578 0 549 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 384 0 54 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83377f70) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b8191,ffffffff83397179,84,ffffffff8340d658) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 route_output(fffffd806d701000,ffff800010fd66a8) at route_output+0x564 sys/net/rtsock.c:766 route_send(ffff800010fd66a8,fffffd806d701000,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd66a8,0,ffff80003c953ad8,0,0,de5f5dd6) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9974e8,6,ffff80003c953bd0,de5f5dd6,ffff80003c953c70) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9974e8,ffff80003c953d20,ffff80003c953c70) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c953d20) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c953d20) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44342487c90, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83377f70) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b8191,ffffffff83397179,84,ffffffff8340d658) at __assert+0x29 sys/kern/subr_prf.c:-1 rtmap_grow(17,21) at rtmap_grow+0x1f2 rtable_add(16) at rtable_add+0x289 rtable_alloc sys/net/rtable.c:370 [inline] rtable_add(16) at rtable_add+0x289 sys/net/rtable.c:223 route_output(fffffd806d701000,ffff800010fd66a8) at route_output+0x564 sys/net/rtsock.c:766 route_send(ffff800010fd66a8,fffffd806d701000,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd66a8,0,ffff80003c953ad8,0,0,de5f5dd6) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9974e8,6,ffff80003c953bd0,de5f5dd6,ffff80003c953c70) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9974e8,ffff80003c953d20,ffff80003c953c70) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c953d20) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c953d20) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44342487c90, count: -12