panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *219715 66261 0 0x14000 0x40000200 0K softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161 arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725 arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131 timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678 softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161 arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725 arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131 timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678 softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802 end trace frame: 0x0, count: -7 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021155780 rbx 0xffffffff8276fbff cpu_info_full_primary+0x2bff rdx 0x8b rcx 0x2 rax 0x86 r8 0xffffffff81e8cde4 kprintf+0x144 r9 0x1 r10 0x1082dd03b042cd0e r11 0x540da99f1c8dcf r12 0xffffffff8276fa00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff823b2108 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021155770 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softclock) pid=219715 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800021148fc0,0xffff8000211487f0 process=0xffff8000ffffe180 user=0xffff800021150000, vmspace=0xffffffff8299e7f0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 92521 427754 22507 0 2 0x480 syz-executor.0 92521 33276 22507 0 3 0x4000080 kqsel syz-executor.0 92521 420212 22507 0 3 0x4000080 fsleep syz-executor.0 65550 121282 0 0 3 0x14280 nfsidl nfsio 57801 374475 0 0 3 0x14280 nfsidl nfsio 86473 342328 0 0 3 0x14280 nfsidl nfsio 81068 64480 0 0 3 0x14280 nfsidl nfsio 64882 241113 0 0 3 0x14280 nfsidl nfsio 37592 254067 0 0 3 0x14280 nfsidl nfsio 53197 413439 0 0 3 0x14280 nfsidl nfsio 84303 46662 0 0 3 0x14280 nfsidl nfsio 18432 387243 0 0 3 0x14280 nfsidl nfsio 28957 226895 0 0 3 0x14280 nfsidl nfsio 30820 303412 0 0 3 0x14280 nfsidl nfsio 2225 370882 0 0 3 0x14280 nfsidl nfsio 88894 327112 0 0 3 0x14280 nfsidl nfsio 9318 392261 0 0 3 0x14280 nfsidl nfsio 94929 157114 0 0 3 0x14280 nfsidl nfsio 56558 306059 0 0 3 0x14280 nfsidl nfsio 11629 401613 0 0 3 0x14280 nfsidl nfsio 45165 332606 0 0 3 0x14280 nfsidl nfsio 8141 31209 0 0 3 0x14280 nfsidl nfsio 26093 292291 0 0 3 0x14280 nfsidl nfsio 7338 484425 19922 0 3 0x82 piperd syz-executor.1 22507 66289 19922 0 2 0x482 syz-executor.0 53927 358211 1 0 3 0x100083 ttyin getty 3805 423787 0 0 3 0x14200 bored sosplice 19922 167684 80382 0 3 0x82 thrsleep syz-fuzzer 19922 42556 80382 0 2 0x4000482 syz-fuzzer 19922 408913 80382 0 3 0x4000082 thrsleep syz-fuzzer 19922 16421 80382 0 3 0x4000082 thrsleep syz-fuzzer 19922 76253 80382 0 2 0x4000482 syz-fuzzer 19922 44429 80382 0 3 0x4000082 thrsleep syz-fuzzer 19922 286037 80382 0 3 0x4000082 thrsleep syz-fuzzer 19922 346994 80382 0 3 0x4000082 kqread syz-fuzzer 80382 229677 225 0 3 0x10008a sigsusp ksh 225 258349 34893 0 3 0x9a kqread sshd 34893 91639 1 0 3 0x88 kqread sshd 91329 282701 16903 74 3 0x100092 bpf pflogd 16903 317028 1 0 3 0x80 netio pflogd 97723 337411 37127 73 3 0x100090 kqread syslogd 37127 56557 1 0 3 0x100082 netio syslogd 10930 260354 1 0 3 0x100080 kqread resolvd 58316 460249 0 0 3 0x14200 bored smr 26521 487557 0 0 3 0x14200 pgzero zerothread 58326 382891 0 0 3 0x14200 aiodoned aiodoned 5749 395600 0 0 3 0x14200 syncer update 765 348284 0 0 3 0x14200 cleaner cleaner 56395 348603 0 0 3 0x14200 reaper reaper 26137 360890 0 0 3 0x14200 pgdaemon pagedaemon 65476 484672 0 0 3 0x14200 bored viomb 41232 478150 0 0 3 0x40014200 acpi0 acpi0 45157 166636 0 0 7 0x40014200 idle1 76738 120084 0 0 3 0x14200 bored softnet 73433 220241 0 0 3 0x14200 bored systqmp 79015 329875 0 0 3 0x14200 bored systq *66261 219715 0 0 7 0x40014200 softclock 32922 17937 0 0 3 0x40014200 idle0 1 249863 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 66261 (softclock) thread 0xffff800021148d20 (219715) exclusive rwlock netlock r = 0 (0xffffffff827d4c70) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 arptimer+0x22 sys/netinet/if_ether.c:129 #2 timeout_run+0xcc sys/kern/kern_timeout.c:678 #3 softclock_thread+0x134 sys/kern/kern_timeout.c:802 #4 proc_trampoline+0x1c shared rwlock timeout r = 0 (0xffffffff827f2a68) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 timeout_run+0xb7 sys/kern/kern_timeout.c:674 #2 softclock_thread+0x134 sys/kern/kern_timeout.c:802 #3 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829f8c18) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433 #4 softclock_thread+0xd9 sys/kern/kern_timeout.c:797 #5 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10131 6511K 7082K 78643K 16077 0 pcb 13 8K 8K 78643K 1577 0 rtable 78 11K 12K 78643K 3184 0 ifaddr 48 14K 17K 78643K 1173 0 sysctl 3 1K 2K 78643K 5 0 counters 44 34K 34K 78643K 438 0 ioctlops 0 0K 4K 78643K 3353 0 iov 0 0K 24K 78643K 945 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1270 80K 80K 78643K 4864 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 98 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1685 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 12208 0 sigio 0 0K 0K 78643K 83 0 proc 66 63K 111K 78643K 2072 0 subproc 66 4K 4K 78643K 1361 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1159 0 in_multi 16 1K 2K 78643K 1721 0 ether_multi 1 0K 0K 78643K 219 0 mrt 1 0K 0K 78643K 67 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 97 440K 440K 78643K 97 0 exec 0 0K 2K 78643K 2196 0 pfkey data 0 0K 1K 78643K 10 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 590 1542K 1546K 78643K 144486 0 UVM aobj 131 8K 8K 78643K 143 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 1582 0 NDP 7 0K 0K 78643K 387 0 temp 85 4196K 8292K 78643K 179569 0 kqueue 7 12K 28K 78643K 796 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 782 0 781 1 0 1 1 0 8 0 rtentry 112 1158 0 1132 3 1 2 2 0 8 0 unpcb 128 4794 0 4786 12 11 1 3 0 8 0 syncache 296 10 0 10 3 3 0 1 0 8 0 tcpqe 32 84 0 84 1 1 0 1 0 8 0 tcpcb 736 3570 0 3562 49 47 2 3 0 8 1 arp 120 125 0 118 1 0 1 1 0 8 0 inpcb 304 19898 0 19894 31 29 2 2 0 8 1 rttmr 72 4 0 4 4 4 0 1 0 8 0 nd6 48 265 0 263 4 3 1 1 0 8 0 pkpcb 40 79 0 79 23 23 0 1 0 8 0 kcovpl 48 41 0 39 1 0 1 1 0 8 0 ppxss 1248 42 0 42 23 23 0 1 0 8 0 pffrag 232 67 0 67 18 18 0 1 0 482 0 pffrnode 88 67 0 67 18 18 0 1 0 8 0 pffrent 40 798 0 798 20 20 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 79 0 77 1 0 1 1 0 8 0 pfstkey 112 79 0 77 1 0 1 1 0 8 0 pfstate 320 79 0 77 3 2 1 3 0 8 0 pfrule 1360 31 0 25 2 1 1 2 0 8 0 art_heap8 4096 12 0 11 11 10 1 3 0 8 0 art_heap4 256 7212 0 7093 66 55 11 16 0 8 0 art_table 32 7224 0 7104 2 0 2 2 0 8 0 art_node 16 1150 0 1131 1 0 1 1 0 8 0 sysvmsgpl 40 57 0 17 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1679 0 1669 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 16806 0 15380 90 0 90 90 0 8 0 ffsino 272 16806 0 15380 96 0 96 96 0 8 0 nchpl 144 33221 0 32780 61 42 19 61 0 8 0 uvmvnodes 72 19156 0 0 349 0 349 349 0 8 0 vnodes 224 19156 0 0 1127 0 1127 1127 0 8 0 namei 1024 101662 0 101662 20 19 1 1 0 8 1 percpumem 16 231 0 197 1 0 1 1 0 8 0 vcpupl 2048 161 0 1 20 0 20 20 0 8 0 vmpool 560 184 0 24 14 2 12 12 0 8 0 scsiplug 72 7 0 7 5 5 0 1 0 8 0 scxspl 216 98257 0 98257 25 24 1 8 0 8 1 plimitpl 152 746 0 738 1 0 1 1 0 8 0 sigapl 424 12415 0 12365 14 8 6 7 0 8 0 futexpl 64 216944 0 216943 17 16 1 1 0 8 0 knotepl 112 154 0 0 4 1 3 3 0 8 0 kqueuepl 216 2860 0 2846 24 23 1 2 0 8 0 pipepl 336 1855 0 1845 22 20 2 2 0 8 0 fdescpl 496 12330 0 12315 3 0 3 3 0 8 0 filepl 152 73628 0 73500 34 27 7 9 0 8 2 lockfpl 104 2871 0 2870 1 0 1 1 0 8 0 lockfspl 48 858 0 857 1 0 1 1 0 8 0 sessionpl 144 61 0 51 1 0 1 1 0 8 0 pgrppl 48 99 0 89 1 0 1 1 0 8 0 ucredpl 96 8681 0 8670 1 0 1 1 0 8 0 zombiepl 144 12365 0 12365 6 5 1 1 0 8 1 processpl 1072 12415 0 12365 6 2 4 4 0 8 0 procpl 672 26668 0 26609 13 7 6 6 0 8 0 srpgc 96 26 0 26 13 13 0 1 0 8 0 sosppl 168 134 0 134 42 42 0 1 0 8 0 sockpl 480 25706 0 25693 81 75 6 11 0 8 3 mcl64k 65536 13 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 11 0 0 2 0 2 2 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 10 0 0 2 0 2 2 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 283 0 0 21 1 20 21 0 8 0 mtagpl 96 35 0 0 1 0 1 1 0 8 0 mbufpl 256 1372 0 0 34 5 29 32 0 8 0 bufpl 280 26151 0 19822 453 0 453 453 0 8 0 anonpl 24 3314255 0 3294920 275 154 121 138 0 186 0 amapchunkpl 152 357948 0 357205 285 254 31 44 0 158 1 amappl16 200 29307 0 28632 221 185 36 48 0 8 0 amappl15 192 1815 0 1809 1 0 1 1 0 8 0 amappl14 184 2471 0 2468 5 4 1 1 0 8 0 amappl13 176 2385 0 2384 1 0 1 1 0 8 0 amappl12 168 1989 0 1985 1 0 1 1 0 8 0 amappl11 160 1230 0 1217 1 0 1 1 0 8 0 amappl10 152 520 0 513 1 0 1 1 0 8 0 amappl9 144 756 0 754 1 0 1 1 0 8 0 amappl8 136 3341 0 3214 5 0 5 5 0 8 0 amappl7 128 2227 0 2219 1 0 1 1 0 8 0 amappl6 120 763 0 749 1 0 1 1 0 8 0 amappl5 112 11186 0 11167 1 0 1 1 0 8 0 amappl4 104 3767 0 3733 1 0 1 1 0 8 0 amappl3 96 3280 0 3264 1 0 1 1 0 8 0 amappl2 88 15022 0 14949 5 3 2 2 0 8 0 amappl1 80 199616 0 199211 14 4 10 13 0 8 0 amappl 88 143061 0 142766 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 12514 0 12339 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12514 0 12339 2 0 2 2 0 8 0 vmmpekpl 168 64573 0 64521 3 0 3 3 0 8 0 vmmpepl 168 1097375 0 1095112 705 601 104 135 0 357 0 vmsppl 368 12513 0 12339 18 2 16 16 0 8 0 rwobjpl 56 241357 0 239732 69 45 24 27 0 8 0 pdppl 4096 25036 0 24838 278 78 200 200 0 8 2 pvpl 32 5770122 0 5748572 457 274 183 215 0 265 0 pmappl 224 12513 0 12339 11 0 11 11 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 740 0 240 15 0 15 15 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161 arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725 arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131 timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678 softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5