panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *310694 90833 0 0x14000 0x40000200 0K softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82573b50) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff825e884c,ffffffff825e4aa7,2d5,ffffffff825447b5) at __assert+0x25 sys/kern/subr_prf.c:161 arptfree(fffffd8064bc8d28) at arptfree+0x105 sys/netinet/if_ether.c:725 arptimer(ffffffff82b15e28) at arptimer+0x80 sys/netinet/if_ether.c:131 timeout_run(ffffffff82b15e28) at timeout_run+0xcc sys/kern/kern_timeout.c:678 softclock_thread(ffff8000210f97a0) at softclock_thread+0x134 sys/kern/kern_timeout.c:802 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82573b50) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff825e884c,ffffffff825e4aa7,2d5,ffffffff825447b5) at __assert+0x25 sys/kern/subr_prf.c:161 arptfree(fffffd8064bc8d28) at arptfree+0x105 sys/netinet/if_ether.c:725 arptimer(ffffffff82b15e28) at arptimer+0x80 sys/netinet/if_ether.c:131 timeout_run(ffffffff82b15e28) at timeout_run+0xcc sys/kern/kern_timeout.c:678 softclock_thread(ffff8000210f97a0) at softclock_thread+0x134 sys/kern/kern_timeout.c:802 end trace frame: 0x0, count: -7 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000211058e0 rbx 0xffffffff828eebff cpu_info_full_primary+0x2bff rdx 0 rcx 0 rax 0xffff8000210f97a0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x426541d0f0f3af7d r11 0x6bcfec9105d82daf r12 0xffffffff828eea00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff8202d808 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000211058d0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softclock) pid=310694 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000210f9a40,0xffff8000210f9510 process=0xffff8000ffffe568 user=0xffff800021100000, vmspace=0xffffffff82a714c8 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 43420 283596 34970 0 2 0 syz-executor.6 21542 481758 40897 0 2 0 syz-executor.5 8736 243333 88948 0 2 0 syz-executor.4 8736 142066 88948 0 2 0x4000000 syz-executor.4 31508 245872 13321 0 2 0 syz-executor.0 55603 502933 41911 0 2 0 syz-executor.2 32676 92722 58459 0 2 0 syz-executor.7 40897 118225 95095 0 2 0x482 syz-executor.5 58459 34663 95095 0 3 0x82 nanoslp syz-executor.7 26478 213362 95095 0 2 0x2 syz-executor.3 39100 268966 95095 0 2 0x2 syz-executor.1 39532 203632 0 0 3 0x14280 nfsidl nfsio 68103 256543 0 0 3 0x14280 nfsidl nfsio 33935 243396 0 0 3 0x14280 nfsidl nfsio 46102 484925 0 0 3 0x14280 nfsidl nfsio 94891 15199 0 0 3 0x14280 nfsidl nfsio 33305 76257 0 0 3 0x14280 nfsidl nfsio 70761 258836 0 0 3 0x14280 nfsidl nfsio 6922 30614 0 0 3 0x14280 nfsidl nfsio 3561 504508 0 0 3 0x14280 nfsidl nfsio 45409 369605 0 0 3 0x14280 nfsidl nfsio 28273 369965 0 0 3 0x14280 nfsidl nfsio 31845 157802 0 0 3 0x14280 nfsidl nfsio 15185 14597 0 0 3 0x14280 nfsidl nfsio 43918 391999 0 0 3 0x14280 nfsidl nfsio 25072 236733 0 0 3 0x14280 nfsidl nfsio 81241 128245 0 0 3 0x14280 nfsidl nfsio 92833 444261 0 0 3 0x14280 nfsidl nfsio 21942 157121 0 0 3 0x14280 nfsidl nfsio 29108 110314 0 0 3 0x14280 nfsidl nfsio 59903 497848 0 0 3 0x14280 nfsidl nfsio 25097 360432 1 0 3 0x100083 ttyin getty 41911 430361 95095 0 3 0x82 nanoslp syz-executor.2 34970 67457 95095 0 2 0x482 syz-executor.6 13321 427633 95095 0 3 0x82 nanoslp syz-executor.0 88948 29841 95095 0 2 0x482 syz-executor.4 36954 459010 0 0 3 0x14200 bored sosplice 95095 313637 94724 0 3 0x82 thrsleep syz-fuzzer 95095 347276 94724 0 2 0x4000482 syz-fuzzer 95095 216867 94724 0 3 0x4000082 thrsleep syz-fuzzer 95095 98473 94724 0 3 0x4000082 thrsleep syz-fuzzer 95095 113722 94724 0 2 0x4000482 syz-fuzzer 95095 514734 94724 0 3 0x4000082 kqread syz-fuzzer 95095 14682 94724 0 3 0x4000082 thrsleep syz-fuzzer 95095 354922 94724 0 3 0x4000082 thrsleep syz-fuzzer 95095 181306 94724 0 3 0x4000082 thrsleep syz-fuzzer 94724 57148 80756 0 3 0x10008a sigsusp ksh 80756 507225 84931 0 3 0x9a poll sshd 84931 219685 1 0 3 0x88 poll sshd 48477 311193 30427 74 3 0x100092 bpf pflogd 30427 408316 1 0 3 0x80 netio pflogd 89226 423374 13580 73 3 0x100090 kqread syslogd 13580 200133 1 0 3 0x100082 netio syslogd 64892 7275 1 0 3 0x100080 kqread resolvd 41660 290192 62020 77 3 0x100092 kqread dhcpleased 47109 506078 62020 77 3 0x100092 kqread dhcpleased 62020 204268 1 0 3 0x80 kqread dhcpleased 828 241975 0 0 2 0x14200 smr 18305 442758 0 0 2 0x14200 zerothread 35741 286869 0 0 3 0x14200 aiodoned aiodoned 37891 228646 0 0 3 0x14200 syncer update 19656 261355 0 0 3 0x14200 cleaner cleaner 2843 424730 0 0 3 0x14200 reaper reaper 38357 382717 0 0 3 0x14200 pgdaemon pagedaemon 19453 322764 0 0 3 0x14200 bored viomb 22335 400265 0 0 3 0x40014200 acpi0 acpi0 64186 332701 0 0 7 0x40014200 idle1 33732 74532 0 0 3 0x14200 bored softnet 43175 327201 0 0 2 0x14200 systqmp 23957 52230 0 0 3 0x14200 bored systq *90833 310694 0 0 7 0x40014200 softclock 83339 336447 0 0 3 0x40014200 idle0 1 407831 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 90833 (softclock) thread 0xffff8000210f97a0 (310694) exclusive rwlock netlock r = 0 (0xffffffff829612a0) #0 witness_lock+0x44d #1 arptimer+0x22 sys/netinet/if_ether.c:129 #2 timeout_run+0xcc sys/kern/kern_timeout.c:678 #3 softclock_thread+0x134 sys/kern/kern_timeout.c:802 #4 proc_trampoline+0x1c shared rwlock timeout r = 0 (0xffffffff828ef5a0) #0 witness_lock+0x44d #1 timeout_run+0xb7 sys/kern/kern_timeout.c:674 #2 softclock_thread+0x134 sys/kern/kern_timeout.c:802 #3 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b2abb0) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433 #4 softclock_thread+0xd9 sys/kern/kern_timeout.c:797 #5 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10226 6597K 10805K 78643K 46465 0 pcb 13 20K 24K 78643K 3428 0 rtable 371 48K 48K 78643K 5358 0 ifaddr 136 32K 33K 78643K 2379 0 sysctl 2 0K 0K 78643K 2 0 counters 58 35K 36K 78643K 382 0 ioctlops 0 0K 8K 78643K 34431 0 iov 0 0K 32K 78643K 2546 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1443 90K 91K 78643K 11923 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 160 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 4039 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 16 57K 85K 78643K 24938 0 sigio 0 0K 0K 78643K 237 0 proc 73 87K 124K 78643K 2383 0 subproc 104 6K 6K 78643K 696 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1662 0 in_multi 96 6K 6K 78643K 1135 0 ether_multi 1 0K 0K 78643K 237 0 mrt 10 0K 0K 78643K 144 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 247 1102K 1102K 78643K 247 0 exec 0 0K 2K 78643K 3582 0 pfkey data 0 0K 0K 78643K 7 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 606 1281K 1283K 78643K 319987 0 UVM aobj 131 6K 6K 78643K 156 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1559 0 NDP 14 0K 1K 78643K 294 0 temp 219 4826K 8914K 78643K 218910 0 kqueue 10 14K 22K 78643K 869 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1447 0 1444 20 19 1 4 0 8 0 rtentry 112 781 0 676 4 0 4 4 0 8 0 unpcb 136 15413 0 15398 170 161 9 13 0 8 8 syncache 296 182 0 182 28 28 0 1 0 8 0 tcpqe 32 50 0 50 20 20 0 1 0 8 0 tcpcb 736 17843 0 17815 406 401 5 20 0 8 2 arp 120 108 0 90 1 0 1 1 0 8 0 inpcb 304 32117 0 32110 314 308 6 16 0 8 5 rttmr 72 42 0 41 13 12 1 1 0 8 0 nd6 48 182 0 157 1 0 1 1 0 8 0 pkpcb 40 121 0 121 19 19 0 1 0 8 0 kcovpl 48 46 0 38 1 0 1 1 0 8 0 ppxss 1248 25 0 25 9 9 0 1 0 8 0 pfstscr 40 232 0 232 11 11 0 1 0 8 0 pffrag 232 98 0 98 10 10 0 1 0 482 0 pffrnode 88 98 0 98 10 10 0 1 0 8 0 pffrent 40 1418 0 1418 14 14 0 1 0 8 0 pfosfp 40 1449 0 1446 6 5 1 5 0 8 0 pfosfpen 112 1449 0 1442 22 21 1 21 0 8 0 pfrke_plain 168 156 0 144 1 0 1 1 0 8 0 pfrktable 1344 1184 0 1124 21 15 6 6 0 8 1 pftag 88 101 0 87 1 0 1 1 0 8 0 pfstitem 24 33 0 31 1 0 1 1 0 8 0 pfstkey 112 358 0 356 1 0 1 1 0 8 0 pfstate 320 190 0 188 2 1 1 2 0 8 0 pfrule 1360 13200 0 10765 206 3 203 203 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 3695 0 3208 44 13 31 31 0 8 0 art_table 32 3697 0 3208 4 0 4 4 0 8 0 art_node 16 764 0 669 1 0 1 1 0 8 0 sysvmsgpl 40 81 0 74 1 0 1 1 0 8 0 semupl 112 8 0 8 1 1 0 1 0 8 0 semapl 112 4037 0 4027 1 0 1 1 0 8 0 shmpl 112 153 0 25 5 1 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 32238 0 30728 95 0 95 95 0 8 0 ffsino 272 32238 0 30728 102 1 101 101 0 8 0 nchpl 144 64564 0 62937 63 0 63 63 0 8 0 rtmask 32 40 0 32 1 0 1 1 0 8 0 uvmvnodes 80 8188 0 0 168 0 168 168 0 8 0 vnodes 224 8188 0 0 482 0 482 482 0 8 0 namei 1024 223802 0 223802 10 9 1 2 0 8 1 percpumem 16 203 0 162 1 0 1 1 0 8 0 vcpupl 2048 114 0 0 15 0 15 15 0 8 0 vmpool 560 130 0 16 9 0 9 9 0 8 0 pfiaddrpl 120 1796 0 930 28 1 27 27 0 8 0 scsiplug 72 9 0 9 3 3 0 1 0 8 0 scxspl 216 219530 0 219530 41 40 1 8 0 8 1 plimitpl 152 2622 0 2607 1 0 1 1 0 8 0 sigapl 424 25229 0 25165 9 1 8 8 0 8 0 futexpl 64 244928 0 244928 8 7 1 1 0 8 1 knotepl 112 325 0 0 5 0 5 5 0 8 0 kqueuepl 216 19116 0 19059 191 183 8 13 0 8 4 pipepl 336 4878 0 4850 145 140 5 13 0 8 2 fdescpl 496 25150 0 25121 7 3 4 5 0 8 0 filepl 152 186332 0 186094 309 290 19 24 0 8 8 lockfpl 104 6455 0 6453 12 11 1 2 0 8 0 lockfspl 48 1858 0 1856 1 0 1 1 0 8 0 sessionpl 144 64 0 47 1 0 1 1 0 8 0 pgrppl 48 157 0 140 1 0 1 1 0 8 0 ucredpl 96 16185 0 16171 1 0 1 1 0 8 0 zombiepl 144 25165 0 25165 3 2 1 1 0 8 1 processpl 1064 25229 0 25165 5 0 5 5 0 8 0 procpl 672 72133 0 72060 36 28 8 10 0 8 1 srpgc 96 23 0 23 10 10 0 1 0 8 0 sosppl 168 171 0 171 28 28 0 1 0 8 0 sockpl 480 49157 0 49132 934 922 12 46 0 8 8 mcl64k 65536 34 0 0 3 0 3 3 0 8 0 mcl16k 16384 47 0 0 4 1 3 3 0 8 0 mcl12k 12288 65 0 0 2 0 2 2 0 8 0 mcl9k 9216 34 0 0 3 1 2 2 0 8 0 mcl8k 8192 49 0 0 4 1 3 3 0 8 0 mcl4k 4096 65 0 0 3 0 3 3 0 8 0 mcl2k2 2112 24 0 0 2 0 2 2 0 8 0 mcl2k 2048 528 0 0 33 7 26 26 0 8 0 mtagpl 96 999 0 0 12 1 11 12 0 8 0 mbufpl 256 2250 0 0 102 0 102 102 0 8 0 bufpl 288 45076 0 36888 585 0 585 585 0 8 0 anonpl 24 7228340 0 7200962 494 300 194 198 0 186 6 amapchunkpl 152 782885 0 782043 175 134 41 53 0 158 0 amappl16 200 71023 0 69843 225 153 72 75 0 8 2 amappl15 192 6974 0 6966 1 0 1 1 0 8 0 amappl14 184 3142 0 3135 1 0 1 1 0 8 0 amappl13 176 2693 0 2692 1 0 1 1 0 8 0 amappl12 168 4075 0 4065 1 0 1 1 0 8 0 amappl11 160 1522 0 1507 1 0 1 1 0 8 0 amappl10 152 2001 0 1993 1 0 1 1 0 8 0 amappl9 144 4077 0 4070 1 0 1 1 0 8 0 amappl8 136 5102 0 4964 5 0 5 5 0 8 0 amappl7 128 3707 0 3696 1 0 1 1 0 8 0 amappl6 120 3923 0 3894 2 1 1 2 0 8 0 amappl5 112 22239 0 22218 1 0 1 1 0 8 0 amappl4 104 6027 0 5991 6 4 2 2 0 8 0 amappl3 96 7419 0 7404 1 0 1 1 0 8 0 amappl2 88 5786 0 5726 3 1 2 3 0 8 0 amappl1 80 456526 0 455984 29 16 13 19 0 8 0 amappl 88 317595 0 317273 13 4 9 9 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 155 0 25 3 0 3 3 0 8 0 uaddrrnd 24 25280 0 25137 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 25280 0 25137 1 0 1 1 0 8 0 vmmpekpl 168 185873 0 185789 5 0 5 5 0 8 0 vmmpepl 168 2285326 0 2281965 557 390 167 178 0 357 0 vmsppl 368 25279 0 25137 16 2 14 14 0 8 0 rwobjpl 56 561675 0 551078 182 30 152 155 0 8 0 pdppl 4096 50567 0 50388 886 703 183 183 0 8 4 pvpl 32 12075811 0 12051937 832 597 235 278 0 265 14 pmappl 248 25279 0 25137 11 1 10 10 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 2667 0 1283 40 0 40 40 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82573b50) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff825e884c,ffffffff825e4aa7,2d5,ffffffff825447b5) at __assert+0x25 sys/kern/subr_prf.c:161 arptfree(fffffd8064bc8d28) at arptfree+0x105 sys/netinet/if_ether.c:725 arptimer(ffffffff82b15e28) at arptimer+0x80 sys/netinet/if_ether.c:131 timeout_run(ffffffff82b15e28) at timeout_run+0xcc sys/kern/kern_timeout.c:678 softclock_thread(ffff8000210f97a0) at softclock_thread+0x134 sys/kern/kern_timeout.c:802 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5