panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *432630 7404 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd66e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074a24,ffffffff8304744d,83,ffffffff830b7f28) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd807886b700,fffffd8073179818) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8073179818,fffffd807886b700,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8073179818,0,ffff800037651508,0,0,e) at sosend+0xa40 sendit(ffff80002a4d02a8,6,ffff800037651600,e,ffff8000376516b0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4d02a8,ffff800037651760,ffff8000376516b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff800037651760) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd3d166abb10, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd66e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074a24,ffffffff8304744d,83,ffffffff830b7f28) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd807886b700,fffffd8073179818) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8073179818,fffffd807886b700,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8073179818,0,ffff800037651508,0,0,e) at sosend+0xa40 sendit(ffff80002a4d02a8,6,ffff800037651600,e,ffff8000376516b0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4d02a8,ffff800037651760,ffff8000376516b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff800037651760) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd3d166abb10, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800037651110 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a4d02a8 r8 0 r9 0x8080808080808080 r10 0x6b5fe690ef34cc3d r11 0x59a6b774f395416b r12 0 r13 0x1 r14 0 r15 0x1 rip 0xffffffff820d1525 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800037651100 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=432630 pid=7404 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4d1970,0xffff80002a4d0f60 process=0xffff8000327f77c0 user=0xffff80003764c000, vmspace=0xfffffd806b5cc6f8 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=1 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 7404 459564 58302 0 3 0x80 fsleep syz-executor * 7404 432630 58302 0 7 0x4000000 syz-executor 7404 455758 58302 0 2 0x4000000 syz-executor 83202 294233 63527 0 3 0x80 fsleep syz-executor 83202 140155 63527 0 3 0x4000080 bell syz-executor 83202 395321 63527 0 3 0x4000080 fsleep syz-executor 49890 381530 79270 0 3 0x80 fsleep syz-executor 49890 187873 79270 0 3 0x4000080 nanoslp syz-executor 89029 198744 19916 0 3 0x80 fsleep syz-executor 89029 510472 19916 0 3 0x4000080 kqread syz-executor 13785 406229 36865 0 3 0x80 fsleep syz-executor 13785 512352 36865 0 3 0x4000080 fifow syz-executor 13785 209913 36865 0 3 0x4000080 fsleep syz-executor 15780 480972 22192 0 3 0x80 fsleep syz-executor 15780 308485 22192 0 3 0x4000080 kqread syz-executor 35594 371568 0 0 3 0x14200 acct acct 1488 182795 0 0 3 0x14200 bored sosplice 19916 14644 4696 0 2 0x482 syz-executor 46093 87354 4696 0 2 0x2 syz-executor 36865 411372 4696 0 2 0x482 syz-executor 58302 179500 4696 0 2 0x482 syz-executor 93865 477073 4696 0 2 0x2 syz-executor 63527 77936 4696 0 3 0x82 nanoslp syz-executor 22192 180602 4696 0 3 0x82 nanoslp syz-executor 79270 277713 4696 0 3 0x82 nanoslp syz-executor 4696 492032 51609 0 2 0x2 syz-executor 51609 280313 61276 0 3 0x10008a sigsusp ksh 61276 420548 73821 0 3 0x98 kqread sshd-session 73821 315289 66355 0 3 0x92 kqread sshd-session 43936 409715 1 0 3 0x100083 ttyin getty 66355 71522 1 0 3 0x88 kqread sshd 52143 14091 62744 73 3 0x1100090 kqread syslogd 62744 396456 1 0 3 0x100082 sbwait syslogd 53211 362084 1 0 3 0x100080 kqread resolvd 55241 441942 95420 77 3 0x100092 kqread dhcpleased 23341 353300 95420 77 3 0x100092 kqread dhcpleased 95420 3808 1 0 3 0x80 kqread dhcpleased 97547 260546 0 0 3 0x14200 bored smr 97353 242066 0 0 2 0x14200 zerothread 6598 502264 0 0 3 0x14200 aiodoned aiodoned 58393 514580 0 0 3 0x14200 syncer update 69338 254463 0 0 3 0x14200 cleaner cleaner 17986 233614 0 0 3 0x14200 reaper reaper 532 485532 0 0 3 0x14200 pgdaemon pagedaemon 79721 233883 0 0 3 0x14200 bored viomb 39960 324978 0 0 3 0x40014200 acpi0 acpi0 95489 239831 0 0 3 0x14200 bored softnet3 24219 8548 0 0 3 0x14200 bored softnet2 91497 363345 0 0 3 0x14200 bored softnet1 39386 405647 0 0 2 0x14200 softnet0 85659 341869 0 0 3 0x14200 bored systqmp 67945 222159 0 0 3 0x14200 bored systq 50488 514647 0 0 2 0x40014200 softclock 33206 489403 0 0 3 0x40014200 idle0 1 86873 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10181 11180K 11382K 166960K 11663 0 pcb 17 16K 21K 166960K 228 0 rtable 217 9K 9K 166960K 387 0 pf 33 13K 268K 166960K 51 0 ifaddr 40 7K 7K 166960K 51 0 ifgroup 50 2K 2K 166960K 64 0 sysctl 2 0K 0K 166960K 2 0 counters 30 17K 17K 166960K 34 0 ioctlops 0 0K 4K 166960K 94 0 iov 0 0K 16K 166960K 16 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1375 86K 87K 166960K 1566 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 5 0K 0K 166960K 9 0 dirhash 15 2K 2K 166960K 15 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 16 57K 97K 166960K 410 0 sigio 0 0K 0K 166960K 12 0 proc 60 59K 124K 166960K 510 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 35 0 in_multi 94 6K 7K 166960K 121 0 ether_multi 1 0K 0K 166960K 4 0 mrt 1 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 375 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 207 71K 85K 166960K 5219 0 UVM aobj 11 2K 4K 166960K 12 0 pinsyscall 37 74K 96K 166960K 1423 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 16 0 NDP 11 0K 2K 166960K 34 0 temp 45 6811K 6877K 166960K 15602 0 kqueue 14 22K 32K 166960K 73 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 56 0 50 1 0 1 1 0 8 0 rtentry 112 116 0 23 4 0 4 4 0 8 0 unpcb 144 203 0 184 2 0 2 2 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 70 0 63 1 0 1 1 0 8 0 arp 88 18 0 0 1 0 1 1 0 8 0 ipq 40 3 0 0 1 0 1 1 0 8 0 ipqe 40 3 0 0 1 0 1 1 0 8 0 inpcb 336 414 0 403 12 2 10 10 0 8 8 nd6 104 26 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 2 0 2 1 1 0 1 0 8 0 pfrktable 1344 6 0 1 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstitem 24 1 0 0 1 0 1 1 0 8 0 pfstkey 128 7 0 6 1 0 1 1 0 8 0 pfstate 344 4 0 3 1 0 1 1 0 8 0 pfrule 1344 5 0 2 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 487 0 67 29 2 27 29 0 8 0 art_table 32 488 0 67 4 0 4 4 0 8 0 art_node 16 115 0 31 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 1 0 1 1 0 8 0 semapl 112 7 0 4 1 0 1 1 0 8 0 shmpl 112 9 0 1 1 0 1 1 0 8 0 dirhash 1024 19 0 0 3 0 3 3 0 8 0 dino2pl 256 2012 0 512 95 0 95 95 0 8 0 ffsino 240 2012 0 512 89 0 89 89 0 8 0 nchpl 144 2617 0 944 63 0 63 63 0 8 0 uvmvnodes 80 2244 0 0 46 0 46 46 0 8 0 vnodes 216 2244 0 0 125 0 125 125 0 8 0 namei 1024 8435 0 8434 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 30 0 8 2 0 2 2 0 8 0 scxspl 216 9014 0 9014 15 7 8 8 1 8 8 plimitpl 152 71 0 54 1 0 1 1 0 8 0 sigapl 424 689 0 643 7 1 6 7 0 8 0 futexpl 64 4517 0 4509 1 0 1 1 0 8 0 knotepl 120 15328 0 15275 38 9 29 29 0 8 26 kqueuepl 184 96 0 85 1 0 1 1 0 8 0 pipepl 288 223 0 195 8 5 3 7 0 8 0 fdescpl 432 671 0 643 5 1 4 5 0 8 0 filepl 120 3619 0 3359 17 5 12 14 0 8 3 lockfpl 104 222 0 219 2 0 2 2 0 8 1 lockfspl 48 39 0 36 1 0 1 1 0 8 0 sessionpl 144 21 0 13 1 0 1 1 0 8 0 pgrppl 48 31 0 15 1 0 1 1 0 8 0 ucredpl 104 339 0 328 1 0 1 1 0 8 0 zombiepl 144 688 0 688 2 1 1 1 0 8 1 processpl 1096 689 0 643 4 0 4 4 0 8 0 procpl 648 1114 0 1059 6 0 6 6 0 8 0 sockpl 504 681 0 645 20 2 18 18 0 8 13 mcl64k 65536 6 0 6 2 1 1 1 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 8 0 8 1 1 0 1 0 8 0 mcl4k 4096 3027 0 2974 14 7 7 14 0 8 0 mcl2k 2048 445 0 440 3 1 2 2 0 8 1 mtagpl 96 32 0 7 1 0 1 1 0 8 0 mbufpl 256 8368 0 8162 18 2 16 17 0 8 1 bufpl 280 3928 0 96 274 0 274 274 0 8 0 anonpl 24 196501 0 193416 55 23 32 46 0 187 9 amapchunkpl 152 17855 0 17421 33 9 24 30 0 158 5 amappl16 200 5631 0 5610 18 15 3 15 0 8 0 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 118 0 108 1 0 1 1 0 8 0 amappl13 176 9 0 9 1 1 0 1 0 8 0 amappl12 168 1280 0 1252 2 0 2 2 0 8 0 amappl11 160 60 0 50 1 0 1 1 0 8 0 amappl10 152 16 0 15 1 0 1 1 0 8 0 amappl9 144 127 0 126 1 0 1 1 0 8 0 amappl8 136 20 0 19 1 0 1 1 0 8 0 amappl7 128 98 0 88 1 0 1 1 0 8 0 amappl6 120 196 0 195 1 0 1 1 0 8 0 amappl5 112 129 0 121 1 0 1 1 0 8 0 amappl4 104 293 0 277 1 0 1 1 0 8 0 amappl3 96 3245 0 3164 3 0 3 3 0 8 0 amappl2 88 927 0 853 2 0 2 2 0 8 0 amappl1 80 8046 0 7544 13 2 11 13 0 8 0 amappl 88 4856 0 4702 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 11 0 1 1 0 1 1 0 8 0 uaddrrnd 24 671 0 643 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 671 0 643 1 0 1 1 0 8 0 vmmpekpl 168 6784 0 6754 2 0 2 2 0 8 0 vmmpepl 168 50194 0 48549 88 11 77 88 0 357 1 vmsppl 352 670 0 643 4 1 3 4 0 8 0 rwobjpl 24 20886 0 17826 19 0 19 19 0 8 0 pdppl 4096 1348 0 1286 98 32 66 82 0 8 4 pvpl 32 379182 0 370959 125 33 92 109 0 265 16 pmappl 216 670 0 643 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 400 0 59 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd66e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074a24,ffffffff8304744d,83,ffffffff830b7f28) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd807886b700,fffffd8073179818) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8073179818,fffffd807886b700,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8073179818,0,ffff800037651508,0,0,e) at sosend+0xa40 sendit(ffff80002a4d02a8,6,ffff800037651600,e,ffff8000376516b0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4d02a8,ffff800037651760,ffff8000376516b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff800037651760) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd3d166abb10, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd66e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074a24,ffffffff8304744d,83,ffffffff830b7f28) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd807886b700,fffffd8073179818) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8073179818,fffffd807886b700,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8073179818,0,ffff800037651508,0,0,e) at sosend+0xa40 sendit(ffff80002a4d02a8,6,ffff800037651600,e,ffff8000376516b0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4d02a8,ffff800037651760,ffff8000376516b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff800037651760) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd3d166abb10, count: -12