panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 718 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 241486 43043 0 0x2 0x480 1 syz-executor.1 * 68870 37681 0 0x14000 0x40000200 0K softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823bfea9) at panic+0x15e sys/kern/subr_prf.c:218 __assert(ffffffff8242eaed,ffffffff8242b5ea,2ce,ffffffff823965c0) at __assert+0x2b sys/kern/subr_prf.c:162 arptfree(fffffd806f32fa10) at arptfree+0x10d sys/netinet/if_ether.c:718 arptimer(ffffffff8282bca8) at arptimer+0x80 sys/netinet/if_ether.c:120 timeout_run(ffffffff8282bca8) at timeout_run+0xcc sys/kern/kern_timeout.c:482 softclock_thread(ffff800020d99638) at softclock_thread+0x124 sys/kern/kern_timeout.c:580 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 718 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823bfea9) at panic+0x15e sys/kern/subr_prf.c:218 __assert(ffffffff8242eaed,ffffffff8242b5ea,2ce,ffffffff823965c0) at __assert+0x2b sys/kern/subr_prf.c:162 arptfree(fffffd806f32fa10) at arptfree+0x10d sys/netinet/if_ether.c:718 arptimer(ffffffff8282bca8) at arptimer+0x80 sys/netinet/if_ether.c:120 timeout_run(ffffffff8282bca8) at timeout_run+0xcc sys/kern/kern_timeout.c:482 softclock_thread(ffff800020d99638) at softclock_thread+0x124 sys/kern/kern_timeout.c:580 end trace frame: 0x0, count: -7 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020da73f0 rbx 0xffff800020da7400 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffff800020da73b0 r9 0xffffffff811082e6 kprintf+0x146 r10 0x1 r11 0x5c76b4788e74ec9f r12 0x3000000008 r13 0xffff800020da74a0 r14 0x100 r15 0x1 rip 0xffffffff822eb378 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020da73e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softclock) pid=68870 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020d998b0,0xffff800020d993d0 process=0xffff800020d9b3b0 user=0xffff800020da2000, vmspace=0xffffffff828e4d40 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 43043 241486 33634 0 7 0x482 syz-executor.1 20913 274896 1 0 3 0x100083 ttyin getty 97330 365880 33634 0 3 0x82 piperd syz-executor.0 61503 165135 0 0 3 0x14280 nfsidl nfsio 97699 79310 0 0 3 0x14280 nfsidl nfsio 30406 28906 0 0 3 0x14280 nfsidl nfsio 2488 493180 0 0 3 0x14280 nfsidl nfsio 20678 296205 0 0 3 0x14280 nfsidl nfsio 66821 467777 0 0 3 0x14280 nfsidl nfsio 2497 510946 0 0 3 0x14280 nfsidl nfsio 5139 84181 0 0 3 0x14280 nfsidl nfsio 65023 518991 0 0 3 0x14280 nfsidl nfsio 26382 252973 0 0 3 0x14280 nfsidl nfsio 17216 346201 0 0 3 0x14280 nfsidl nfsio 34643 40493 0 0 3 0x14280 nfsidl nfsio 41744 7630 0 0 3 0x14280 nfsidl nfsio 29639 64009 0 0 3 0x14280 nfsidl nfsio 73946 148156 0 0 3 0x14280 nfsidl nfsio 42598 173442 0 0 3 0x14280 nfsidl nfsio 27299 477188 0 0 3 0x14280 nfsidl nfsio 99418 478504 0 0 3 0x14280 nfsidl nfsio 29751 48658 0 0 3 0x14280 nfsidl nfsio 58262 460115 0 0 3 0x14280 nfsidl nfsio 93829 510414 0 0 3 0x14200 bored sosplice 33634 218719 41020 0 3 0x82 thrsleep syz-fuzzer 33634 35604 41020 0 3 0x4000082 thrsleep syz-fuzzer 33634 510778 41020 0 3 0x4000082 thrsleep syz-fuzzer 33634 131483 41020 0 3 0x4000082 kqread syz-fuzzer 33634 57988 41020 0 3 0x4000082 thrsleep syz-fuzzer 33634 218040 41020 0 3 0x4000082 thrsleep syz-fuzzer 33634 45778 41020 0 3 0x4000082 thrsleep syz-fuzzer 33634 408238 41020 0 3 0x4000082 thrsleep syz-fuzzer 41020 145549 55809 0 3 0x10008a pause ksh 55809 406642 85348 0 3 0x92 select sshd 85348 437198 1 0 3 0x80 select sshd 84380 312636 5406 74 3 0x100092 bpf pflogd 5406 255822 1 0 3 0x80 netio pflogd 36901 379335 22908 73 3 0x100090 kqread syslogd 22908 438969 1 0 3 0x100082 netio syslogd 39868 140252 1 77 3 0x100090 poll dhclient 74978 131842 1 0 3 0x80 poll dhclient 83738 236312 0 0 3 0x14200 bored smr 6806 229012 0 0 3 0x14200 pgzero zerothread 20792 224363 0 0 3 0x14200 aiodoned aiodoned 74743 164909 0 0 3 0x14200 syncer update 3398 3789 0 0 3 0x14200 cleaner cleaner 76202 48317 0 0 3 0x14200 reaper reaper 90922 323296 0 0 3 0x14200 pgdaemon pagedaemon 98097 234274 0 0 3 0x14200 bored crynlk 28255 52822 0 0 3 0x14200 bored crypto 44587 239775 0 0 3 0x40014200 acpi0 acpi0 24936 105563 0 0 3 0x40014200 idle1 25522 499744 0 0 3 0x14200 bored softnet 54482 443976 0 0 3 0x14200 bored systqmp 48837 397433 0 0 3 0x14200 bored systq *37681 68870 0 0 7 0x40014200 softclock 78334 517091 0 0 3 0x40014200 idle0 1 286577 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 37681 (softclock) thread 0xffff800020d99638 (68870) exclusive rwlock netlock r = 0 (0xffffffff826d6a30) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 arptimer+0x22 sys/netinet/if_ether.c:119 #2 timeout_run+0xcc sys/kern/kern_timeout.c:482 #3 softclock_thread+0x124 sys/kern/kern_timeout.c:580 #4 proc_trampoline+0x1c shared rwlock timeout r = 0 (0xffffffff826aadb0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 timeout_run+0xb3 sys/kern/kern_timeout.c:477 #2 softclock_thread+0x124 sys/kern/kern_timeout.c:580 #3 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82885db0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 #2 mi_switch+0x390 sys/kern/sched_bsd.c:435 #3 sleep_finish+0x111 sys/kern/kern_synch.c:418 #4 softclock_thread+0xd6 sys/kern/kern_timeout.c:575 #5 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9556 6516K 8389K 78643K 166694 0 pcb 13 8K 8K 78643K 486 0 rtable 100 4K 11K 78643K 1387 0 ifaddr 86 17K 20K 78643K 590 0 sysctl 2 0K 1K 78643K 588 0 counters 43 33K 34K 78643K 219 0 ioctlops 0 0K 4K 78643K 7155 0 iov 0 0K 16K 78643K 1242 0 mount 1 1K 1K 78643K 1 0 vnodes 1227 77K 77K 78643K 54327 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 146 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 827 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 83260 0 sigio 0 0K 0K 78643K 63 0 proc 67 63K 95K 78643K 1246 0 subproc 32 2K 2K 78643K 136 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 539 0 in_multi 35 2K 2K 78643K 446 0 ether_multi 1 0K 0K 78643K 121 0 mrt 0 0K 0K 78643K 35 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 2K 78643K 833 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 381 321K 321K 78643K 185551 0 UVM aobj 131 9K 9K 78643K 142 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 598 0 NDP 15 0K 0K 78643K 120 0 temp 143 3963K 4040K 78643K 255298 0 kqueue 3 4K 22K 78643K 9033 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 31 0 23 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 88 328 0 326 1 0 1 1 0 8 0 rtentry 112 193 0 155 2 0 2 2 0 8 0 unpcb 120 6869 0 6856 2 1 1 2 0 8 0 syncache 272 38 0 38 8 8 0 1 0 8 0 tcpqe 32 117 0 117 11 11 0 1 0 8 0 tcpcb 592 3873 0 3869 52 51 1 5 0 8 0 inpcb 296 9693 0 9686 10 9 1 3 0 8 0 rttmr 72 6 0 6 1 1 0 1 0 8 0 nd6 48 26 0 20 1 0 1 1 0 8 0 pkpcb 40 37 0 37 6 6 0 1 0 8 0 kcovpl 48 8 0 6 1 0 1 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1136 29 0 29 7 7 0 1 0 8 0 pfstscr 40 58 0 58 2 2 0 1 0 8 0 pffrag 232 21 0 21 4 4 0 1 0 482 0 pffrnode 88 21 0 21 4 4 0 1 0 8 0 pffrent 40 601 0 601 4 4 0 1 0 8 0 pfosfp 40 860 0 423 5 0 5 5 0 8 0 pfosfpen 112 1444 0 714 21 0 21 21 0 8 0 pfrktable 1344 50 0 50 5 5 0 2 0 8 0 pftag 88 5 0 3 2 1 1 1 0 8 0 pfqueue 264 11 0 10 1 0 1 1 0 8 0 pfstitem 24 87 0 85 1 0 1 1 0 8 0 pfstkey 112 156 0 154 2 1 1 2 0 8 0 pfstate 328 122 0 120 6 5 1 6 0 8 0 pfsrctr 152 31 0 31 4 4 0 1 0 8 0 pfrule 1360 135 0 134 5 4 1 4 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 599 0 414 17 5 12 13 0 8 0 art_table 32 600 0 414 2 0 2 2 0 8 0 art_node 16 181 0 151 1 0 1 1 0 8 0 sysvmsgpl 40 32 0 10 1 0 1 1 0 8 0 semapl 112 825 0 815 1 0 1 1 0 8 0 shmpl 112 139 0 11 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 87908 0 86510 95 7 88 89 0 8 0 ffsino 272 87908 0 86510 95 0 95 95 0 8 0 nchpl 144 176642 0 175048 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 433048 0 433048 4 3 1 1 0 8 1 percpumem 16 120 0 88 1 0 1 1 0 8 0 vcpupl 1984 22 0 0 3 0 3 3 0 8 0 vmpool 560 22 0 0 2 0 2 2 0 8 0 pfiaddrpl 120 38 0 38 1 1 0 1 0 8 0 scsiplug 72 4 0 4 1 1 0 1 0 8 0 scxspl 200 523693 0 523693 11 10 1 7 0 8 1 plimitpl 152 487 0 479 1 0 1 1 0 8 0 sigapl 424 83485 0 83433 8 2 6 7 0 8 0 futexpl 56 541014 0 541014 5 4 1 1 0 8 1 knotepl 112 5029 0 5009 3 2 1 2 0 8 0 kqueuepl 152 81572 0 81542 15 13 2 2 0 8 0 pipepl 304 8882 0 8870 13 11 2 2 0 8 0 fdescpl 496 83443 0 83427 3 0 3 3 0 8 0 filepl 152 284420 0 284313 10 5 5 7 0 8 0 lockfpl 104 13847 0 13845 1 0 1 1 0 8 0 lockfspl 48 5762 0 5760 1 0 1 1 0 8 0 sessionpl 120 25 0 14 1 0 1 1 0 8 0 pgrppl 48 88 0 77 1 0 1 1 0 8 0 ucredpl 96 5768 0 5758 1 0 1 1 0 8 0 zombiepl 144 83434 0 83433 3 2 1 1 0 8 0 processpl 1008 83485 0 83433 7 0 7 7 0 8 0 procpl 632 172373 0 172314 6 0 6 6 0 8 0 sosppl 144 54 0 54 8 8 0 1 0 8 0 sockpl 400 16953 0 16930 27 24 3 6 0 8 0 mcl64k 65536 25 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 25 0 0 2 0 2 2 0 8 0 mcl8k 8192 33 0 0 4 1 3 3 0 8 0 mcl4k 4096 37 0 0 4 1 3 3 0 8 0 mcl2k2 2112 17 0 0 2 0 2 2 0 8 0 mcl2k 2048 1006 0 0 22 2 20 21 0 8 0 mtagpl 96 698 0 0 13 0 13 13 0 8 0 mbufpl 256 2147 0 0 79 0 79 79 0 8 0 bufpl 280 92405 0 86147 448 0 448 448 0 8 0 anonpl 16 5424507 0 5410069 153 94 59 67 0 124 0 amapchunkpl 152 264106 0 263785 23 10 13 15 0 158 0 amappl16 192 263699 0 263094 145 114 31 39 0 8 0 amappl15 184 2944 0 2944 3 3 0 1 0 8 0 amappl14 176 37 0 24 1 0 1 1 0 8 0 amappl13 168 288 0 286 1 0 1 1 0 8 0 amappl12 160 25 0 21 2 1 1 1 0 8 0 amappl11 152 1508 0 1492 1 0 1 1 0 8 0 amappl10 144 38353 0 38347 1 0 1 1 0 8 0 amappl9 136 235 0 234 1 0 1 1 0 8 0 amappl8 128 821 0 569 9 0 9 9 0 8 0 amappl7 120 38666 0 38657 1 0 1 1 0 8 0 amappl6 112 1602 0 1579 1 0 1 1 0 8 0 amappl5 104 85303 0 85288 1 0 1 1 0 8 0 amappl4 96 1185 0 1151 1 0 1 1 0 8 0 amappl3 88 1454 0 1447 1 0 1 1 0 8 0 amappl2 80 586495 0 586422 3 1 2 3 0 8 0 amappl1 72 2204052 0 2203566 25 15 10 19 0 8 0 amappl 80 172788 0 172688 3 0 3 3 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 141 0 11 3 0 3 3 0 8 0 uaddrrnd 24 83465 0 83427 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 83465 0 83427 1 0 1 1 0 8 0 vmmpekpl 168 371959 0 371912 3 0 3 3 0 8 0 vmmpepl 168 10109316 0 10107148 243 143 100 104 0 357 1 vmsppl 368 83464 0 83427 4 0 4 4 0 8 0 pdppl 4096 166937 0 166876 11 3 8 9 0 8 0 pvpl 32 18962341 0 18944461 455 308 147 165 0 265 0 pmappl 232 83464 0 83427 3 0 3 3 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 387 0 60 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823bfea9) at panic+0x15e sys/kern/subr_prf.c:218 __assert(ffffffff8242eaed,ffffffff8242b5ea,2ce,ffffffff823965c0) at __assert+0x2b sys/kern/subr_prf.c:162 arptfree(fffffd806f32fa10) at arptfree+0x10d sys/netinet/if_ether.c:718 arptimer(ffffffff8282bca8) at arptimer+0x80 sys/netinet/if_ether.c:120 timeout_run(ffffffff8282bca8) at timeout_run+0xcc sys/kern/kern_timeout.c:482 softclock_thread(ffff800020d99638) at softclock_thread+0x124 sys/kern/kern_timeout.c:580 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d80ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc __mp_acquire_count(ffffffff82885ba8,1) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 mi_switch() at mi_switch+0x390 sys/kern/sched_bsd.c:435 sleep_finish(ffff800021eee800,1) at sleep_finish+0x111 sys/kern/kern_synch.c:418 sleep_finish_all(ffff800021eee800,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline] sleep_finish_all(ffff800021eee800,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:393 tsleep(ffffffff8282c214,120,ffffffff823b5402,2) at tsleep+0x1c2 sys/kern/kern_synch.c:155 sys_nanosleep(ffff800021fc6ef8,ffff800021eee930,ffff800021eee980) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:297 syscall(ffff800021eeea00) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021eeea00) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe3050, count: 3 ddb{1}> trace x86_ipi_db(ffff800020d80ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc __mp_acquire_count(ffffffff82885ba8,1) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 mi_switch() at mi_switch+0x390 sys/kern/sched_bsd.c:435 sleep_finish(ffff800021eee800,1) at sleep_finish+0x111 sys/kern/kern_synch.c:418 sleep_finish_all(ffff800021eee800,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline] sleep_finish_all(ffff800021eee800,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:393 tsleep(ffffffff8282c214,120,ffffffff823b5402,2) at tsleep+0x1c2 sys/kern/kern_synch.c:155 sys_nanosleep(ffff800021fc6ef8,ffff800021eee930,ffff800021eee980) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:297 syscall(ffff800021eeea00) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021eeea00) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe3050, count: -12