panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 776 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 117250 90227 0 0x14000 0x200 1K systq *352011 84416 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8274ccea) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827c9484,ffffffff827c2e76,308,ffffffff827163c8) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd80770de1d8) at arptfree+0x12e sys/netinet/if_ether.c:776 arptimer(ffffffff82c27440) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c27440) at timeout_run+0xcc sys/kern/kern_timeout.c:641 softclock_thread(ffff800021178ae0) at softclock_thread+0x134 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 776 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8274ccea) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827c9484,ffffffff827c2e76,308,ffffffff827163c8) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd80770de1d8) at arptfree+0x12e sys/netinet/if_ether.c:776 arptimer(ffffffff82c27440) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c27440) at timeout_run+0xcc sys/kern/kern_timeout.c:641 softclock_thread(ffff800021178ae0) at softclock_thread+0x134 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021184dc0 rbx 0xffffffff82b2eb8f cpu_info_full_primary+0x2b8f rdx 0 rcx 0 rax 0xffff800021178ae0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc583f93173c15038 r11 0xacc9d7b77fdccb2d r12 0xffffffff82b2e990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff812f3db8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021184db0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softclock) pid=352011 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800021179308,0xffff800021178838 process=0xffff8000ffffe180 user=0xffff800021180000, vmspace=0xffffffff82c234f8 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 70278 306356 60473 0 2 0 syz-executor.7 70278 454517 60473 0 2 0x4000000 syz-executor.7 70278 5389 60473 0 2 0x4000000 syz-executor.7 89829 137171 56672 0 2 0 syz-executor.1 89829 144398 56672 0 2 0x4000000 syz-executor.1 89829 510647 56672 0 3 0x4000080 fsleep syz-executor.1 2960 227719 22725 0 2 0x480 syz-executor.2 2960 165659 22725 0 2 0x4000000 syz-executor.2 2960 470060 22725 0 3 0x4000080 fsleep syz-executor.2 98530 289953 44689 0 2 0 syz-executor.6 98530 89531 44689 0 3 0x4000080 fsleep syz-executor.6 98530 391987 44689 0 3 0x4000080 fsleep syz-executor.6 98530 38054 44689 0 3 0x4000080 fsleep syz-executor.6 96459 374889 43387 0 2 0x482 syz-executor.4 75705 347278 43387 0 2 0x482 syz-executor.3 59053 376925 43387 0 2 0x482 syz-executor.5 56672 91709 43387 0 2 0x482 syz-executor.1 60473 83104 43387 0 2 0x482 syz-executor.7 22725 256866 43387 0 2 0x482 syz-executor.2 44689 22251 43387 0 2 0x482 syz-executor.6 76584 418775 0 0 3 0x14200 acct acct 84335 205014 0 0 3 0x14280 nfsidl nfsio 25857 1492 0 0 3 0x14280 nfsidl nfsio 5942 260680 0 0 3 0x14280 nfsidl nfsio 50929 339095 0 0 3 0x14280 nfsidl nfsio 56495 170560 0 0 3 0x14280 nfsidl nfsio 35409 309644 0 0 3 0x14280 nfsidl nfsio 11758 298486 0 0 3 0x14280 nfsidl nfsio 75615 218610 0 0 3 0x14280 nfsidl nfsio 56516 284965 0 0 3 0x14280 nfsidl nfsio 2108 288138 0 0 3 0x14280 nfsidl nfsio 80428 351077 0 0 3 0x14280 nfsidl nfsio 35566 71098 0 0 3 0x14280 nfsidl nfsio 90381 443645 0 0 3 0x14280 nfsidl nfsio 81632 228124 0 0 3 0x14280 nfsidl nfsio 59049 348935 0 0 3 0x14280 nfsidl nfsio 64425 147034 0 0 3 0x14280 nfsidl nfsio 71510 80391 0 0 3 0x14280 nfsidl nfsio 45410 424878 0 0 3 0x14280 nfsidl nfsio 3675 31951 0 0 3 0x14280 nfsidl nfsio 15554 318718 0 0 3 0x14280 nfsidl nfsio 24728 32117 0 0 3 0x14200 bored sosplice 43387 271488 15233 0 3 0x82 thrsleep syz-fuzzer 43387 66154 15233 0 2 0x4000482 syz-fuzzer 43387 76027 15233 0 3 0x4000082 wait syz-fuzzer 43387 361908 15233 0 3 0x4000082 wait syz-fuzzer 43387 290889 15233 0 3 0x4000082 thrsleep syz-fuzzer 43387 480335 15233 0 3 0x4000082 thrsleep syz-fuzzer 43387 254896 15233 0 3 0x4000082 thrsleep syz-fuzzer 43387 38173 15233 0 3 0x4000082 thrsleep syz-fuzzer 43387 179486 15233 0 3 0x4000082 wait syz-fuzzer 43387 3691 15233 0 3 0x4000082 wait syz-fuzzer 43387 358675 15233 0 2 0x4000482 syz-fuzzer 43387 462310 15233 0 3 0x4000082 wait syz-fuzzer 43387 356571 15233 0 3 0x4000082 wait syz-fuzzer 43387 512669 15233 0 3 0x4000082 thrsleep syz-fuzzer 43387 99737 15233 0 3 0x4000082 wait syz-fuzzer 43387 67545 15233 0 3 0x4000082 wait syz-fuzzer 15233 509939 13417 0 3 0x10008a sigsusp ksh 13417 257010 14636 0 3 0x9a kqread sshd 3360 444610 1 0 3 0x100083 ttyin getty 14636 246067 1 0 3 0x88 kqread sshd 20355 172868 47669 74 2 0x1100492 pflogd 47669 213230 1 0 3 0x80 netio pflogd 28968 190816 22969 73 2 0x1100010 syslogd 22969 199627 1 0 3 0x100082 netio syslogd 95212 474391 1 0 3 0x100080 kqread resolvd 5094 450826 0 0 2 0x14200 smr 67203 274895 0 0 2 0x14200 zerothread 52369 190411 0 0 3 0x14200 aiodoned aiodoned 75357 472108 0 0 2 0x14600 update 18041 450415 0 0 3 0x14200 cleaner cleaner 29257 133025 0 0 2 0x14200 reaper 10026 76976 0 0 3 0x14200 pgdaemon pagedaemon 97003 178934 0 0 3 0x14200 bored viomb 4487 502226 0 0 3 0x40014200 acpi0 acpi0 46497 201093 0 0 3 0x40014200 idle1 81190 427700 0 0 3 0x14200 bored softnet 62795 18765 0 0 3 0x14200 bored softnet 6587 174909 0 0 3 0x14200 bored softnet 61145 179563 0 0 3 0x14200 bored softnet 5920 119232 0 0 2 0x14200 systqmp 90227 117250 0 0 7 0x14200 systq *84416 352011 0 0 7 0x40014200 softclock 67580 10515 0 0 3 0x40014200 idle0 1 4537 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex pvpl r = 0 (0xffffffff82c2aef0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 pool_put+0x80 sys/kern/subr_pool.c:797 #4 pmap_do_remove+0x607 sys/arch/amd64/amd64/pmap.c:1886 #5 uvm_unmap_kill_entry_withlock+0x1ac sys/uvm/uvm_map.c:1928 #6 uvm_map_teardown+0x187 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] #6 uvm_map_teardown+0x187 sys/uvm/uvm_map.c:2578 #7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3513 #8 reaper+0x19a sys/kern/kern_exit.c:448 #9 proc_trampoline+0x1c Process 28968 (syslogd) thread 0xffff800021203b40 (190816) exclusive rrwlock inode r = 0 (0xfffffd806e6a14e0) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:564 #5 sys_fsync+0xf5 sys/kern/vfs_syscalls.c:2935 #6 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline] #6 syscall+0x438 sys/arch/amd64/amd64/trap.c:599 #7 Xsyscall+0x128 Process 29257 (reaper) thread 0xffff8000211bd310 (133025) exclusive rwlock vmmaplk r = 0 (0xfffffd80089ae948) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5332 #3 uvm_map_teardown+0x81 sys/uvm/uvm_map.c:2546 #4 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3513 #5 reaper+0x19a sys/kern/kern_exit.c:448 #6 proc_trampoline+0x1c Process 84416 (softclock) thread 0xffff800021178ae0 (352011) exclusive rwlock netlock r = 0 (0xffffffff82b46280) #0 witness_lock+0x44d #1 arptimer+0x22 sys/netinet/if_ether.c:132 #2 timeout_run+0xcc sys/kern/kern_timeout.c:641 #3 softclock_thread+0x134 sys/kern/kern_timeout.c:765 #4 proc_trampoline+0x1c shared rwlock timeout r = 0 (0xffffffff82b4a920) #0 witness_lock+0x44d #1 timeout_run+0xb7 sys/kern/kern_timeout.c:637 #2 softclock_thread+0x134 sys/kern/kern_timeout.c:765 #3 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82c6db10) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x3bb sys/kern/sched_bsd.c:415 #3 sleep_finish+0x180 sys/kern/kern_synch.c:417 #4 softclock_thread+0xd9 sys/kern/kern_timeout.c:760 #5 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10230 6506K 7084K 78643K 22770 0 pcb 13 16K 18K 78643K 1193 0 rtable 206 17K 19K 78643K 3083 0 ifaddr 82 27K 29K 78643K 882 0 sysctl 2 0K 0K 78643K 2 0 counters 56 35K 36K 78643K 664 0 ioctlops 0 0K 4K 78643K 2209 0 iov 0 0K 44K 78643K 1500 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1435 90K 90K 78643K 8683 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 84 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1746 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 89K 78643K 10289 0 sigio 0 0K 0K 78643K 438 0 proc 64 67K 128K 78643K 2203 0 subproc 104 6K 6K 78643K 702 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 365 0 in_multi 77 5K 7K 78643K 1250 0 ether_multi 1 0K 0K 78643K 70 0 mrt 1 0K 0K 78643K 77 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 169 758K 758K 78643K 169 0 exec 0 0K 1K 78643K 2663 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 357 93K 104K 78643K 72262 0 UVM aobj 131 4K 5K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 335 0 NDP 15 0K 1K 78643K 357 0 temp 141 5774K 6799K 78643K 109419 0 kqueue 6 10K 28K 78643K 796 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 647 0 646 9 8 1 3 0 8 0 rtentry 112 1059 0 977 7 4 3 4 0 8 0 unpcb 144 9727 0 9716 95 94 1 10 0 8 0 syncache 296 54 0 54 14 14 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 89 2 89 11 11 0 1 0 8 0 tcpcb 776 3085 0 3077 92 91 1 14 0 8 0 arp 120 128 0 113 1 0 1 1 0 8 0 inpcb 368 10030 0 10022 128 127 1 16 0 8 0 nd6 48 246 0 227 1 0 1 1 0 8 0 pkpcb 40 14 0 14 3 3 0 1 0 8 0 kcovpl 48 54 0 46 1 0 1 1 0 8 0 mppekey 1024 39 0 39 2 2 0 1 0 8 0 ppxss 1256 207 0 207 16 16 0 1 0 8 0 pppxif 1456 101 0 101 9 9 0 1 0 8 0 pfstscr 40 5 0 5 2 2 0 1 0 8 0 pffrag 232 22 0 22 2 1 1 1 0 482 1 pffrnode 88 22 0 22 2 1 1 1 0 8 1 pffrent 40 161 0 161 2 1 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1280 5 0 0 1 0 1 1 0 8 0 pfqueue 264 4 0 4 1 1 0 1 0 8 0 pfstitem 24 588 0 581 1 0 1 1 0 8 0 pfstkey 128 590 0 583 5 3 2 5 0 8 0 pfstate 384 585 0 578 18 14 4 15 0 8 1 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 21 0 21 6 6 0 1 0 8 0 art_heap8 4096 7 0 6 6 5 1 2 0 8 0 art_heap4 256 5042 0 4677 57 29 28 31 0 8 0 art_table 32 5049 0 4683 4 1 3 4 0 8 0 art_node 16 1055 0 985 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 4 1 0 1 1 0 8 0 semapl 112 1740 0 1730 1 0 1 1 0 8 0 shmpl 112 131 0 3 5 1 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 14942 0 13469 93 0 93 93 0 8 0 ffsino 272 14942 0 13469 99 0 99 99 0 8 0 nchpl 144 32020 0 30376 63 0 63 63 0 8 0 rtmask 32 5 0 5 2 2 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 119155 0 119155 3 2 1 2 0 8 1 percpumem 16 345 0 304 1 0 1 1 0 8 0 vmpool 696 22 0 22 6 6 0 1 0 8 0 kstatmem 264 342 0 312 4 1 3 3 0 8 0 scsiplug 72 6 0 6 2 2 0 1 0 8 0 scxspl 216 79585 0 79585 30 27 3 8 0 8 3 plimitpl 152 819 0 803 1 0 1 1 0 8 0 sigapl 424 10532 0 10466 10 2 8 8 0 8 0 futexpl 64 85861 0 85856 2 1 1 1 0 8 0 knotepl 120 679 0 0 12 0 12 12 0 8 0 kqueuepl 216 2112 0 2107 34 33 1 5 0 8 0 pipepl 320 2339 0 2310 63 60 3 8 0 8 0 fdescpl 496 10492 0 10468 9 5 4 5 0 8 0 filepl 152 84700 0 84469 122 110 12 24 0 8 0 lockfpl 104 2812 0 2811 6 5 1 2 0 8 0 lockfspl 48 788 0 787 1 0 1 1 0 8 0 sessionpl 144 70 0 54 1 0 1 1 0 8 0 pgrppl 48 86 0 70 1 0 1 1 0 8 0 ucredpl 104 9750 0 9741 1 0 1 1 0 8 0 zombiepl 144 10470 0 10466 1 0 1 1 0 8 0 processpl 1072 10532 0 10466 5 0 5 5 0 8 0 procpl 696 29310 0 29217 18 8 10 11 0 8 0 srpgc 96 66 0 66 20 20 0 1 0 8 0 sosppl 168 84 0 84 17 17 0 1 0 8 0 sockpl 488 20422 0 20400 417 413 4 37 0 8 0 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 26 0 0 2 1 1 2 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 28 0 0 3 0 3 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 409 0 0 49 12 37 49 0 8 0 mtagpl 96 576 0 0 13 0 13 13 0 8 0 mbufpl 256 5512 0 0 332 0 332 332 0 8 0 bufpl 288 20297 0 13972 452 0 452 452 0 8 0 anonpl 24 2055121 0 2034362 224 53 171 171 0 186 42 amapchunkpl 152 201963 0 200933 81 21 60 60 0 158 20 amappl16 200 15929 0 15374 84 54 30 42 0 8 0 amappl15 192 11 0 10 2 1 1 1 0 8 0 amappl14 184 297 0 284 2 1 1 2 0 8 0 amappl13 176 11 0 11 3 3 0 1 0 8 0 amappl12 168 979 0 975 1 0 1 1 0 8 0 amappl11 160 54 0 46 1 0 1 1 0 8 0 amappl10 152 101 0 85 1 0 1 1 0 8 0 amappl9 144 1003 0 1002 1 0 1 1 0 8 0 amappl8 136 692 0 582 4 0 4 4 0 8 0 amappl7 128 270 0 244 3 2 1 2 0 8 0 amappl6 120 435 0 420 1 0 1 1 0 8 0 amappl5 112 468 0 462 1 0 1 1 0 8 0 amappl4 104 1110 0 1076 3 2 1 2 0 8 0 amappl3 96 30921 0 30863 2 0 2 2 0 8 0 amappl2 88 11511 0 11441 4 2 2 3 0 8 0 amappl1 80 239717 0 239024 23 7 16 23 0 8 0 amappl 88 71097 0 70887 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 10514 0 10489 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10514 0 10489 1 0 1 1 0 8 0 vmmpekpl 168 86591 0 86533 5 1 4 4 0 8 0 vmmpepl 168 970757 0 968048 329 190 139 179 0 357 5 vmsppl 368 10513 0 10488 4 1 3 4 0 8 0 rwobjpl 56 256030 0 248277 122 10 112 115 0 8 0 pdppl 4096 21035 0 20976 579 518 61 81 0 8 2 pvpl 32 4034041 0 4005229 472 169 303 304 0 265 64 pmappl 248 10513 0 10488 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1839 0 715 34 0 34 34 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8274ccea) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827c9484,ffffffff827c2e76,308,ffffffff827163c8) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd80770de1d8) at arptfree+0x12e sys/netinet/if_ether.c:776 arptimer(ffffffff82c27440) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c27440) at timeout_run+0xcc sys/kern/kern_timeout.c:641 softclock_thread(ffff800021178ae0) at softclock_thread+0x134 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1