panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *446023 734 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b5f6d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8306b5a4,ffffffff83038bf4,83,ffffffff830a9424) at __assert+0x29 rtmap_grow(40,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(3f) at rtable_add+0x279 route_output(fffffd80736d0300,fffffd806d440600) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd806d440600,fffffd80736d0300,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806d440600,0,ffff80002a4ffc28,0,0,804) at sosend+0xa40 sendit(ffff80002a57a038,5,ffff80002a4ffd20,804,ffff80002a4ffdd0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a57a038,ffff80002a4ffe80,ffff80002a4ffdd0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002a4ffe80) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x34125174200, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b5f6d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8306b5a4,ffffffff83038bf4,83,ffffffff830a9424) at __assert+0x29 rtmap_grow(40,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(3f) at rtable_add+0x279 route_output(fffffd80736d0300,fffffd806d440600) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd806d440600,fffffd80736d0300,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806d440600,0,ffff80002a4ffc28,0,0,804) at sosend+0xa40 sendit(ffff80002a57a038,5,ffff80002a4ffd20,804,ffff80002a4ffdd0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a57a038,ffff80002a4ffe80,ffff80002a4ffdd0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002a4ffe80) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x34125174200, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a4ff830 rbx 0x21 rdx 0 rcx 0 rax 0xffff80002a57a038 r8 0 r9 0x8080808080808080 r10 0x21c0c26bac37df0b r11 0x2a8906baf09cce6c r12 0 r13 0x17 r14 0 r15 0x1 rip 0xffffffff81ffaa35 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a4ff820 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=446023 pid=734 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a48ccc0,0xffff80002a4d07c8 process=0xffff8000ffffb7b8 user=0xffff80002a4fa000, vmspace=0xfffffd806c1e0ad8 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 2064 405052 77101 0 2 0 syz-executor 2064 241546 77101 0 2 0x4000000 syz-executor 39008 263467 13011 0 3 0 futex syz-executor 83552 471435 54559 0 3 0 futex syz-executor 83552 375480 54559 0 3 0x4000080 fsleep syz-executor 76530 512989 31867 0 3 0 futex syz-executor 76530 417894 31867 0 3 0x4000000 futex syz-executor 76530 80884 31867 0 3 0x4000080 fsleep syz-executor 41965 283220 1294 0 2 0 syz-executor 41965 138899 1294 0 3 0x4000080 fsleep syz-executor 41414 432582 31153 0 3 0x3000 suspend syz-executor 41414 126953 31153 0 3 0x4081000 futex syz-executor 734 409753 6822 0 3 0 futex syz-executor * 734 446023 6822 0 7 0x4000000 syz-executor 734 228031 6822 0 2 0x4000000 syz-executor 734 461236 6822 0 3 0x4000080 fsleep syz-executor 39817 29646 77273 0 3 0 futex syz-executor 39817 83459 77273 0 3 0x4000080 bell syz-executor 39817 401333 77273 0 3 0x4000080 rest syz-executor 39817 503284 77273 0 3 0x4000080 fsleep syz-executor 13011 138150 35715 0 2 0x482 syz-executor 77273 173671 35715 0 2 0x482 syz-executor 6822 369908 35715 0 2 0x482 syz-executor 64030 277730 0 0 3 0x14200 acct acct 15593 517213 0 0 3 0x14280 nfsidl nfsio 44270 124962 0 0 3 0x14280 nfsidl nfsio 66440 172129 0 0 3 0x14280 nfsidl nfsio 16807 230403 0 0 3 0x14280 nfsidl nfsio 90793 402569 0 0 3 0x14280 nfsidl nfsio 11371 95964 0 0 3 0x14280 nfsidl nfsio 15469 213275 0 0 3 0x14280 nfsidl nfsio 32570 340169 0 0 3 0x14280 nfsidl nfsio 92990 434125 0 0 3 0x14280 nfsidl nfsio 46742 267698 0 0 3 0x14280 nfsidl nfsio 76417 294300 0 0 3 0x14280 nfsidl nfsio 62426 477469 0 0 3 0x14280 nfsidl nfsio 2380 344496 0 0 3 0x14280 nfsidl nfsio 786 271379 0 0 3 0x14280 nfsidl nfsio 17067 373877 0 0 3 0x14280 nfsidl nfsio 45370 14929 0 0 3 0x14280 nfsidl nfsio 76937 309863 0 0 3 0x14280 nfsidl nfsio 40772 490118 0 0 3 0x14280 nfsidl nfsio 19869 35462 0 0 3 0x14280 nfsidl nfsio 76876 339814 0 0 3 0x14280 nfsidl nfsio 25766 171361 0 0 3 0x14200 bored sosplice 33812 5714 1 0 3 0x100083 ttyin getty 77101 436761 35715 0 2 0x482 syz-executor 31153 17840 35715 0 2 0x482 syz-executor 54559 417321 35715 0 2 0x482 syz-executor 31867 172469 35715 0 2 0x482 syz-executor 1294 396046 35715 0 2 0x482 syz-executor 35715 305022 65199 0 3 0x82 kqread syz-executor 65199 94917 47289 0 3 0x10008a sigsusp ksh 47289 9068 58055 0 3 0x98 kqread sshd-session 58055 291457 18229 0 3 0x92 kqread sshd-session 18229 214857 1 0 3 0x88 kqread sshd 7432 190567 46171 73 3 0x1100090 kqread syslogd 46171 173253 1 0 3 0x100082 sbwait syslogd 90407 283500 1 0 3 0x100080 kqread resolvd 30990 300693 49350 77 3 0x100092 kqread dhcpleased 38109 234536 49350 77 3 0x100092 kqread dhcpleased 49350 320242 1 0 3 0x80 kqread dhcpleased 33035 196841 0 0 3 0x14200 bored smr 82324 318952 0 0 2 0x14200 zerothread 43841 372885 0 0 3 0x14200 aiodoned aiodoned 10713 361259 0 0 3 0x14200 syncer update 68849 510773 0 0 3 0x14200 cleaner cleaner 45425 307536 0 0 3 0x14200 reaper reaper 92407 361626 0 0 3 0x14200 pgdaemon pagedaemon 93461 103239 0 0 3 0x14200 bored viomb 7124 218664 0 0 3 0x40014200 acpi0 acpi0 48530 359047 0 0 3 0x14200 bored softnet3 57528 6775 0 0 3 0x14200 bored softnet2 82811 389068 0 0 3 0x14200 bored softnet1 61529 311560 0 0 2 0x14200 softnet0 20509 179675 0 0 3 0x14200 bored systqmp 35773 394218 0 0 3 0x14200 bored systq 14939 406101 0 0 2 0x40014200 softclock 23554 76285 0 0 3 0x40014200 idle0 1 129843 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 11120K 11391K 166960K 13470 0 pcb 17 17K 18K 166960K 473 0 rtable 161 8K 9K 166960K 1355 0 pf 34 14K 270K 166960K 148 0 ifaddr 30 5K 8K 166960K 102 0 ifgroup 42 1K 2K 166960K 150 0 sysctl 4 1K 1K 166960K 6 0 counters 28 17K 17K 166960K 65 0 ioctlops 0 0K 4K 166960K 228 0 iov 0 0K 20K 166960K 213 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1486 93K 94K 166960K 3103 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 50 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 79 0 dirhash 12 2K 2K 166960K 54 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 18 65K 93K 166960K 2006 0 sigio 0 0K 0K 166960K 313 0 proc 60 59K 91K 166960K 764 0 subproc 104 6K 6K 166960K 158 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 257 0 in_multi 64 4K 7K 166960K 196 0 ether_multi 1 0K 0K 166960K 7 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 127 572K 572K 166960K 127 0 exec 0 0K 1K 166960K 870 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 234 73K 91K 166960K 20282 0 UVM aobj 106 3K 3K 166960K 112 0 pinsyscall 39 78K 96K 166960K 3137 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 106 0 NDP 9 0K 2K 166960K 74 0 temp 76 6816K 6948K 166960K 77001 0 kqueue 13 20K 30K 166960K 391 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 463 0 458 6 3 3 3 0 8 2 rtentry 112 455 0 390 4 0 4 4 0 8 0 unpcb 144 2234 0 2219 10 6 4 6 0 8 3 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 808 723 0 718 12 7 5 8 0 8 4 arp 88 98 0 85 1 0 1 1 0 8 0 ipq 40 6 0 6 1 0 1 1 0 8 1 ipqe 40 96 0 96 1 0 1 1 0 8 1 inpcb 336 2874 0 2864 24 17 7 13 0 8 6 nd6 104 49 0 33 1 0 1 1 0 8 0 pkpcb 40 10 0 10 3 2 1 1 0 8 1 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1072 24 0 24 3 2 1 1 0 8 1 pfstscr 40 4 0 3 2 1 1 1 0 8 0 pfrktable 1344 8 0 6 1 0 1 1 0 8 0 pfanchor 1288 4 0 0 1 0 1 1 0 8 0 pftag 88 5 0 5 2 1 1 1 0 8 1 pfstitem 24 10 0 2 1 0 1 1 0 8 0 pfstkey 128 28 0 19 1 0 1 1 0 8 0 pfstate 344 14 0 10 1 0 1 1 0 8 0 pfrule 1344 18 0 16 1 0 1 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 864 0 563 34 3 31 31 0 8 4 art_table 32 868 0 563 4 0 4 4 0 8 0 art_node 16 384 0 326 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 6 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 73 0 63 1 0 1 1 0 8 0 shmpl 112 109 0 6 3 0 3 3 0 8 0 dirhash 1024 47 0 30 3 0 3 3 0 8 0 dino2pl 256 5079 0 3581 95 0 95 95 0 8 0 ffsino 240 5079 0 3581 89 0 89 89 0 8 0 nchpl 144 7951 0 6264 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 28060 0 28060 2 1 1 2 0 8 1 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 92 0 74 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 6 0 6 2 1 1 1 0 8 1 scxspl 216 22804 0 22804 10 8 2 8 1 8 2 plimitpl 152 582 0 566 1 0 1 1 0 8 0 sigapl 424 2307 0 2239 8 0 8 8 0 8 0 futexpl 64 29582 0 29575 1 0 1 1 0 8 0 knotepl 120 86321 0 86274 45 35 10 17 0 8 8 kqueuepl 184 741 0 732 5 4 1 4 0 8 0 pipepl 288 479 0 452 7 0 7 7 0 8 4 fdescpl 432 2262 0 2232 5 1 4 5 0 8 0 filepl 120 17722 0 17471 18 4 14 14 0 8 4 lockfpl 104 903 0 901 2 1 1 2 0 8 0 lockfspl 48 320 0 318 1 0 1 1 0 8 0 sessionpl 144 28 0 20 1 0 1 1 0 8 0 pgrppl 48 71 0 55 1 0 1 1 0 8 0 ucredpl 104 3112 0 3100 1 0 1 1 0 8 0 zombiepl 144 2736 0 2736 2 1 1 1 0 8 1 processpl 1096 2307 0 2239 5 0 5 5 0 8 0 procpl 648 5354 0 5274 8 0 8 8 0 8 0 sosppl 168 12 0 12 2 1 1 1 0 8 1 sockpl 504 5647 0 5617 67 55 12 22 0 8 8 mcl64k 65536 50 0 50 3 2 1 1 0 8 1 mcl16k 16384 8 0 8 2 1 1 1 0 8 1 mcl12k 12288 5 0 5 3 2 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 35 0 35 3 2 1 1 0 8 1 mcl4k 4096 5241 0 5184 14 6 8 14 0 8 0 mcl2k2 2112 3 0 3 2 2 0 1 0 8 0 mcl2k 2048 2554 0 2551 4 2 2 2 0 8 1 mtagpl 96 38 0 20 1 0 1 1 0 8 0 mbufpl 256 28823 0 28688 115 90 25 79 0 8 8 bufpl 280 7138 0 891 447 0 447 447 0 8 0 anonpl 24 317366 0 313866 76 29 47 47 0 187 18 amapchunkpl 152 68533 0 68014 45 14 31 31 0 158 10 amappl16 200 6694 0 6662 38 27 11 15 0 8 8 amappl15 192 13 0 13 1 1 0 1 0 8 0 amappl14 184 131 0 121 1 0 1 1 0 8 0 amappl13 176 41 0 41 1 1 0 1 0 8 0 amappl12 168 3048 0 3018 3 1 2 3 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 44 0 44 1 1 0 1 0 8 0 amappl9 144 152 0 152 1 1 0 1 0 8 0 amappl8 136 29 0 27 1 0 1 1 0 8 0 amappl7 128 104 0 94 1 0 1 1 0 8 0 amappl6 120 220 0 218 1 0 1 1 0 8 0 amappl5 112 144 0 134 1 0 1 1 0 8 0 amappl4 104 325 0 309 1 0 1 1 0 8 0 amappl3 96 12283 0 12187 3 0 3 3 0 8 0 amappl2 88 2559 0 2480 2 0 2 2 0 8 0 amappl1 80 13591 0 13078 16 3 13 13 0 8 1 amappl 88 19688 0 19509 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 2 1 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 111 0 6 2 0 2 2 0 8 0 uaddrrnd 24 2262 0 2232 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2262 0 2232 1 0 1 1 0 8 0 vmmpekpl 168 18779 0 18738 4 1 3 3 0 8 0 vmmpepl 168 140942 0 139156 100 10 90 90 0 357 9 vmsppl 344 2261 0 2232 4 1 3 4 0 8 0 rwobjpl 24 42763 0 35873 44 0 44 44 0 8 2 pdppl 4096 4530 0 4464 116 50 66 80 0 8 0 pvpl 32 911712 0 902659 158 43 115 115 0 265 25 pmappl 216 2261 0 2232 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 600 0 239 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b5f6d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8306b5a4,ffffffff83038bf4,83,ffffffff830a9424) at __assert+0x29 rtmap_grow(40,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(3f) at rtable_add+0x279 route_output(fffffd80736d0300,fffffd806d440600) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd806d440600,fffffd80736d0300,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806d440600,0,ffff80002a4ffc28,0,0,804) at sosend+0xa40 sendit(ffff80002a57a038,5,ffff80002a4ffd20,804,ffff80002a4ffdd0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a57a038,ffff80002a4ffe80,ffff80002a4ffdd0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002a4ffe80) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x34125174200, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b5f6d) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8306b5a4,ffffffff83038bf4,83,ffffffff830a9424) at __assert+0x29 rtmap_grow(40,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(3f) at rtable_add+0x279 route_output(fffffd80736d0300,fffffd806d440600) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd806d440600,fffffd80736d0300,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806d440600,0,ffff80002a4ffc28,0,0,804) at sosend+0xa40 sendit(ffff80002a57a038,5,ffff80002a4ffd20,804,ffff80002a4ffdd0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a57a038,ffff80002a4ffe80,ffff80002a4ffdd0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002a4ffe80) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x34125174200, count: -12