panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *347341 2337 0 0x8000000 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac3da) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063374,ffffffff83030f37,83,ffffffff830a14f2) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd806c58c400,fffffd8069fb9de0) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8069fb9de0,fffffd806c58c400,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8069fb9de0,0,ffff8000375e1c48,0,0,0) at sosend+0xa40 sendit(ffff80002a4a31d0,4,ffff8000375e1d40,0,ffff8000375e1df0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4a31d0,ffff8000375e1ea0,ffff8000375e1df0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff8000375e1ea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf262ac7cb80, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/main/kernel/sys/net/rtable.c", line 131 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac3da) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063374,ffffffff83030f37,83,ffffffff830a14f2) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd806c58c400,fffffd8069fb9de0) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8069fb9de0,fffffd806c58c400,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8069fb9de0,0,ffff8000375e1c48,0,0,0) at sosend+0xa40 sendit(ffff80002a4a31d0,4,ffff8000375e1d40,0,ffff8000375e1df0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4a31d0,ffff8000375e1ea0,ffff8000375e1df0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff8000375e1ea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf262ac7cb80, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000375e1850 rbx 0x21 rdx 0xffff80000118d6c0 rcx 0 rax 0xffff80002a4a31d0 r8 0 r9 0x8080808080808080 r10 0xe3e86dd97fb02fac r11 0xbf382973db0093e5 r12 0 r13 0x1 r14 0 r15 0x1 rip 0xffffffff82287535 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000375e1840 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=347341 pid=2337 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4b0a30,0xffffffff8355f7b8 process=0xffff8000ffff9e08 user=0xffff8000375dc000, vmspace=0xfffffd807a85ac20 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 2337 468173 30497 0 2 0x8000000 syz-executor * 2337 347341 30497 0 7 0xc000000 syz-executor 41054 436690 28456 0 2 0x8000000 syz-executor 41054 202987 28456 0 2 0xc000000 syz-executor 23700 503365 15568 0 2 0x8101004 sh 22995 282588 79397 0 2 0x8000000 syz-executor 22995 452741 79397 0 3 0xc000000 futex syz-executor 22995 368805 79397 0 3 0xc000080 fsleep syz-executor 22995 397416 79397 0 3 0xc000080 fsleep syz-executor 21953 223453 94337 0 2 0x8000000 syz-executor 21953 458237 94337 0 3 0xc000000 futex syz-executor 21953 25063 94337 0 3 0xc000080 fsleep syz-executor 21953 411617 94337 0 3 0xc000080 fsleep syz-executor 96280 298292 44336 0 2 0x8000002 ndp 44336 62588 75860 0 3 0x810008a sigsusp sh 15568 67705 94373 0 3 0x810008a sigsusp sh 37018 509485 91704 0 2 0x8000000 syz-executor 37018 284613 91704 0 3 0xc000080 msgwait syz-executor 37018 379975 91704 0 2 0xc000000 syz-executor 12317 182164 25904 0 2 0x8000000 syz-executor 12317 173137 25904 0 3 0xc000080 kqread syz-executor 12317 320331 25904 0 3 0xc000000 futex syz-executor 12317 233762 25904 0 3 0xc000080 fsleep syz-executor 75860 220993 8793 0 3 0x8000082 wait syz-executor 94373 106491 8793 0 3 0x8000082 wait syz-executor 91704 415604 8793 0 2 0x8000482 syz-executor 30497 64075 8793 0 2 0x8000482 syz-executor 25904 489875 8793 0 2 0x8000482 syz-executor 79397 521982 8793 0 2 0x8000482 syz-executor 94337 412819 8793 0 2 0x8000482 syz-executor 28456 32313 8793 0 2 0x8000482 syz-executor 89314 147846 0 0 3 0x14200 bored sosplice 8793 429968 70518 0 2 0x8000002 syz-executor 70518 14518 11558 0 3 0x810008a sigsusp ksh 11558 518348 6537 0 3 0x18000098 kqread sshd-session 6537 29521 38109 0 3 0x18000092 kqread sshd-session 83582 108195 1 0 3 0x18100083 ttyopn getty 38109 202208 1 0 3 0x18000088 kqread sshd 7757 55332 96316 73 2 0x19100010 syslogd 96316 302675 1 0 3 0x18100082 sbwait syslogd 68263 210998 1 0 3 0x18100080 kqread resolvd 39750 393831 50516 77 3 0x18100092 kqread dhcpleased 14318 466313 50516 77 3 0x18100092 kqread dhcpleased 50516 132305 1 0 3 0x18000080 kqread dhcpleased 6444 237182 0 0 3 0x14200 bored smr 74381 159196 0 0 2 0x14200 zerothread 31346 399718 0 0 3 0x14200 aiodoned aiodoned 78369 183466 0 0 3 0x14200 syncer update 93566 282488 0 0 3 0x14200 cleaner cleaner 34440 309804 0 0 3 0x14200 reaper reaper 33681 68561 0 0 3 0x14200 pgdaemon pagedaemon 11816 185018 0 0 3 0x14200 bored viomb 22942 253341 0 0 3 0x40014200 acpi0 acpi0 53684 445919 0 0 3 0x14200 bored softnet3 70734 372453 0 0 3 0x14200 bored softnet2 60754 37607 0 0 3 0x14200 bored softnet1 60868 51816 0 0 2 0x14200 softnet0 58509 456822 0 0 3 0x14200 bored systqmp 85571 369841 0 0 3 0x14200 bored systq 6035 423362 0 0 3 0x40014200 tmoslp softclock 30408 114988 0 0 3 0x40014200 idle0 1 460670 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10204 10089K 14443K 166960K 12177 0 pcb 18 14K 14K 166960K 149 0 rtable 195 6K 7K 166960K 1453 0 pf 33 13K 15K 166960K 131 0 ifaddr 38 6K 8K 166960K 201 0 ifgroup 50 2K 2K 166960K 228 0 sysctl 2 0K 0K 166960K 2 0 counters 30 17K 17K 166960K 76 0 ioctlops 0 0K 4K 166960K 217 0 iov 0 0K 32K 166960K 86 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1462 92K 92K 166960K 2307 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 11 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 28 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 20 73K 93K 166960K 1196 0 sigio 0 0K 0K 166960K 10 0 proc 58 59K 83K 166960K 1493 0 subproc 104 6K 8K 166960K 572 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 52 0 in_multi 85 6K 7K 166960K 494 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 1 0K 1K 166960K 1144 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 239 107K 124K 166960K 10858 0 UVM aobj 60 3K 4K 166960K 62 0 pinsyscall 42 84K 94K 166960K 3136 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 18 0 NDP 11 0K 2K 166960K 144 0 temp 64 6816K 6880K 166960K 18871 0 kqueue 14 20K 26K 166960K 76 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 148 0 144 1 0 1 1 0 8 0 rtentry 112 513 0 425 4 0 4 4 0 8 1 unpcb 144 625 0 600 7 1 6 6 0 8 5 syncache 336 6 0 6 2 1 1 1 0 8 1 tcpqe 32 2 0 2 1 0 1 1 0 8 1 tcpcb 808 168 0 161 2 0 2 2 0 8 1 arp 88 91 0 75 1 0 1 1 0 8 0 ipq 40 6 0 6 1 0 1 1 0 8 1 ipqe 40 10 0 10 1 0 1 1 0 8 1 inpcb 336 961 0 948 10 5 5 7 0 8 3 nd6 104 132 0 112 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 44 0 36 1 0 1 1 0 8 0 ppxss 1072 7 0 7 1 0 1 1 0 8 1 pfstscr 40 5 0 4 2 1 1 1 0 8 0 pfosfp 40 2 0 0 1 0 1 1 0 8 0 pfosfpen 112 2 0 0 1 0 1 1 0 8 0 pfstitem 24 3 0 0 1 0 1 1 0 8 0 pfstkey 128 8 0 5 2 1 1 1 0 8 0 pfstate 344 5 0 3 2 1 1 1 0 8 0 pfrule 1344 4 0 2 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2043 0 1673 29 0 29 29 0 8 5 art_table 32 2044 0 1673 4 0 4 4 0 8 1 art_node 16 511 0 433 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 6 1 0 1 1 0 8 0 semupl 112 3 0 3 2 1 1 1 0 8 1 semapl 112 26 0 16 1 0 1 1 0 8 0 shmpl 112 59 0 2 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2569 0 1000 99 0 99 99 0 8 0 ffsino 240 2569 0 1000 93 0 93 93 0 8 0 nchpl 144 3577 0 1847 65 0 65 65 0 8 0 uvmvnodes 80 3471 0 0 71 0 71 71 0 8 0 vnodes 216 3471 0 0 193 0 193 193 0 8 0 namei 1024 15199 0 15198 3 1 2 2 0 8 1 vcpupl 3904 71 0 0 9 0 9 9 0 8 0 vmpool 664 72 0 1 6 0 6 6 0 8 0 kstatmem 264 114 0 92 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 1 0 1 0 8 0 scxspl 216 24129 0 24129 10 2 8 8 1 8 8 plimitpl 152 209 0 192 1 0 1 1 0 8 0 sigapl 424 1425 0 1376 8 0 8 8 0 8 2 futexpl 64 9136 0 9130 1 0 1 1 0 8 0 knotepl 120 21073 0 21025 9 0 9 9 0 8 7 kqueuepl 184 181 0 137 3 0 3 3 0 8 0 pipepl 288 296 0 267 5 0 5 5 0 8 2 fdescpl 432 1388 0 1356 5 1 4 5 0 8 0 filepl 120 7014 0 6713 18 2 16 16 0 8 6 lockfpl 104 182 0 179 1 0 1 1 0 8 0 lockfspl 48 83 0 80 1 0 1 1 0 8 0 sessionpl 144 57 0 49 1 0 1 1 0 8 0 pgrppl 48 140 0 124 1 0 1 1 0 8 0 ucredpl 104 683 0 672 1 0 1 1 0 8 0 zombiepl 144 1671 0 1671 2 1 1 1 0 8 1 processpl 1096 1425 0 1376 5 0 5 5 0 8 1 procpl 648 2460 0 2398 7 0 7 7 0 8 1 sosppl 168 3 0 3 1 0 1 1 0 8 1 sockpl 504 1753 0 1711 33 21 12 26 0 8 6 mcl64k 65536 7 0 7 1 0 1 1 0 8 1 mcl16k 16384 3 0 3 1 0 1 1 0 8 1 mcl12k 12288 4 0 4 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 17 0 17 2 1 1 1 0 8 1 mcl4k 4096 7 0 7 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 7198 0 7102 26 12 14 26 0 8 1 mtagpl 96 16 0 16 1 0 1 1 0 8 1 mbufpl 256 16303 0 16097 74 52 22 63 0 8 8 bufpl 280 7739 0 1268 463 0 463 463 0 8 0 anonpl 24 275904 0 272279 131 57 74 102 0 187 39 amapchunkpl 152 35097 0 34598 55 22 33 42 0 158 12 amappl16 200 6101 0 6073 40 29 11 24 0 8 8 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 178 0 168 1 0 1 1 0 8 0 amappl13 176 12 0 12 2 1 1 1 0 8 1 amappl12 168 2565 0 2533 2 0 2 2 0 8 0 amappl11 160 53 0 43 1 0 1 1 0 8 0 amappl10 152 10 0 10 1 1 0 1 0 8 0 amappl9 144 143 0 143 1 1 0 1 0 8 0 amappl8 136 28 0 27 1 0 1 1 0 8 0 amappl7 128 164 0 154 1 0 1 1 0 8 0 amappl6 120 509 0 506 1 0 1 1 0 8 0 amappl5 112 272 0 263 1 0 1 1 0 8 0 amappl4 104 386 0 372 1 0 1 1 0 8 0 amappl3 96 6706 0 6593 4 0 4 4 0 8 1 amappl2 88 1094 0 1034 2 0 2 2 0 8 0 amappl1 80 12864 0 12309 13 1 12 13 0 8 0 amappl 88 10224 0 10046 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 61 0 2 2 0 2 2 0 8 0 uaddrrnd 24 1460 0 1357 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1460 0 1357 1 0 1 1 0 8 0 vmmpekpl 168 12834 0 12779 4 0 4 4 0 8 0 vmmpepl 168 93279 0 91416 102 2 100 100 0 357 18 vmsppl 344 1459 0 1357 11 1 10 10 0 8 0 rwobjpl 24 33673 0 29231 28 0 28 28 0 8 0 pdppl 4096 2926 0 2785 233 92 141 143 0 8 0 pvpl 32 728622 0 718337 522 267 255 384 0 265 157 pmappl 216 1459 0 1357 7 1 6 6 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 622 0 188 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac3da) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063374,ffffffff83030f37,83,ffffffff830a14f2) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd806c58c400,fffffd8069fb9de0) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8069fb9de0,fffffd806c58c400,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8069fb9de0,0,ffff8000375e1c48,0,0,0) at sosend+0xa40 sendit(ffff80002a4a31d0,4,ffff8000375e1d40,0,ffff8000375e1df0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4a31d0,ffff8000375e1ea0,ffff8000375e1df0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff8000375e1ea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf262ac7cb80, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ac3da) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83063374,ffffffff83030f37,83,ffffffff830a14f2) at __assert+0x29 rtmap_grow(6,21) at rtmap_grow+0x1f3 sys/net/rtable.c:131 rtable_add(5) at rtable_add+0x279 route_output(fffffd806c58c400,fffffd8069fb9de0) at route_output+0x525 sys/net/rtsock.c:786 route_send(fffffd8069fb9de0,fffffd806c58c400,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd8069fb9de0,0,ffff8000375e1c48,0,0,0) at sosend+0xa40 sendit(ffff80002a4a31d0,4,ffff8000375e1d40,0,ffff8000375e1df0) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a4a31d0,ffff8000375e1ea0,ffff8000375e1df0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff8000375e1ea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf262ac7cb80, count: -12