panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 758
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 63695 25336 0 0x14000 0x40000200 0 softclock
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157
arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758
arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135
timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640
softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763
end trace frame: 0x0, count: 8
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 758
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157
arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758
arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135
timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640
softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763
end trace frame: 0x0, count: -7
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000215f6940
rbx 0
rdx 0
rcx 0
rax 0xffff8000215ea540
r8 0x101010101010101
r9 0x8080808080808080
r10 0xbf077ebeab368f34
r11 0x69fce1e1317286d7
r12 0
r13 0xfffffd806ef28478
r14 0
r15 0x1
rip 0xffffffff813ff5fc db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff8000215f6930
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
PROC (softclock) tid=63695 pid=25336 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
runpri=0, usrpri=50, slppri=0, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff8000215ea7e8,0xffff8000215ea2a8
process=0xffff8000ffffefc0 user=0xffff8000215f1000, vmspace=0xffffffff82c2ecb0
estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
33177 362015 33300 0 3 0x80 fsleep syz-executor.3
33177 451145 33300 0 3 0x4000080 netio syz-executor.3
20565 337995 21770 0 3 0x80 fsleep syz-executor.6
20565 225512 21770 0 3 0x4000080 netio syz-executor.6
20565 437657 21770 0 3 0x4000080 netio syz-executor.6
20565 63945 21770 0 3 0x4000080 netio syz-executor.6
48334 366229 52951 0 3 0x80 fsleep syz-executor.4
48334 228405 52951 0 3 0x4000080 netio syz-executor.4
82969 422780 86734 0 3 0x80 fsleep syz-executor.5
82969 186137 86734 0 3 0x4000080 ttyin syz-executor.5
52787 206140 75346 0 3 0x80 fsleep syz-executor.2
52787 398523 75346 0 3 0x4000080 netio syz-executor.2
75346 327896 36313 0 2 0x482 syz-executor.2
19363 25263 1 0 3 0x80 fsleep syz-executor.2
19363 162577 1 0 3 0x4000080 netio syz-executor.2
76411 465863 36313 0 3 0x82 piperd syz-executor.1
91633 148316 1 0 3 0x80 fsleep syz-executor.1
91633 301872 1 0 3 0x4000080 netio syz-executor.1
21770 429111 36313 0 2 0x482 syz-executor.6
33300 136996 36313 0 3 0x82 nanoslp syz-executor.3
52759 6496 36313 0 3 0x82 piperd syz-executor.7
86734 444237 36313 0 2 0x482 syz-executor.5
50791 123075 0 0 3 0x14200 acct acct
80573 230101 0 0 3 0x14280 nfsidl nfsio
92965 314477 0 0 3 0x14280 nfsidl nfsio
30461 216092 0 0 3 0x14280 nfsidl nfsio
16850 273997 0 0 3 0x14280 nfsidl nfsio
93565 36203 0 0 3 0x14280 nfsidl nfsio
74449 308817 0 0 3 0x14280 nfsidl nfsio
22959 76870 0 0 3 0x14280 nfsidl nfsio
94238 255436 0 0 3 0x14280 nfsidl nfsio
51362 294779 0 0 3 0x14280 nfsidl nfsio
61711 327318 0 0 3 0x14280 nfsidl nfsio
7264 123074 0 0 3 0x14280 nfsidl nfsio
12832 497427 0 0 3 0x14280 nfsidl nfsio
41197 379511 0 0 3 0x14280 nfsidl nfsio
92444 311751 0 0 3 0x14280 nfsidl nfsio
15403 286534 0 0 3 0x14280 nfsidl nfsio
60557 518737 0 0 3 0x14280 nfsidl nfsio
9204 295046 0 0 3 0x14280 nfsidl nfsio
45024 23496 0 0 3 0x14280 nfsidl nfsio
81104 73394 0 0 3 0x14280 nfsidl nfsio
84364 54712 0 0 3 0x14280 nfsidl nfsio
87357 136051 0 0 3 0x14200 bored sosplice
52951 113478 36313 0 3 0x82 nanoslp syz-executor.4
36313 86101 21546 0 3 0x2000082 thrsleep syz-fuzzer
36313 150314 21546 0 3 0x6000082 thrsleep syz-fuzzer
36313 97340 21546 0 3 0x6000082 wait syz-fuzzer
36313 313600 21546 0 3 0x6000082 thrsleep syz-fuzzer
36313 140591 21546 0 3 0x6000082 kqread syz-fuzzer
36313 384792 21546 0 3 0x6000082 wait syz-fuzzer
36313 239782 21546 0 3 0x6000082 wait syz-fuzzer
36313 213816 21546 0 3 0x6000082 wait syz-fuzzer
36313 467396 21546 0 3 0x6000082 thrsleep syz-fuzzer
36313 237852 21546 0 3 0x6000082 wait syz-fuzzer
36313 71664 21546 0 3 0x6000082 thrsleep syz-fuzzer
36313 520590 21546 0 3 0x6000082 wait syz-fuzzer
36313 296716 21546 0 3 0x6000082 wait syz-fuzzer
36313 311775 21546 0 3 0x6000082 wait syz-fuzzer
21546 217447 91928 0 3 0x10008a sigsusp ksh
91928 145945 52103 0 3 0x9a kqread sshd
39439 127415 1 0 3 0x100083 ttyin getty
52103 505061 1 0 3 0x88 kqread sshd
40566 335534 43517 73 3 0x1100090 kqread syslogd
43517 270237 1 0 3 0x100082 netio syslogd
21815 106497 1 0 3 0x100080 kqread resolvd
94999 4150 46423 77 3 0x100092 kqread dhcpleased
84962 11150 46423 77 3 0x100092 kqread dhcpleased
46423 225262 1 0 3 0x80 kqread dhcpleased
67417 522242 0 0 3 0x14200 bored smr
16333 488324 0 0 3 0x14200 pgzero zerothread
99668 372037 0 0 3 0x14200 aiodoned aiodoned
90697 519521 0 0 3 0x14200 syncer update
89160 509839 0 0 3 0x14200 cleaner cleaner
98375 279810 0 0 3 0x14200 reaper reaper
99740 517108 0 0 3 0x14200 pgdaemon pagedaemon
53470 139218 0 0 3 0x14200 bored viomb
48714 493077 0 0 3 0x40014200 acpi0 acpi0
73080 169056 0 0 3 0x14200 bored softnet3
67351 89223 0 0 3 0x14200 bored softnet2
30434 449032 0 0 3 0x14200 bored softnet1
63965 308099 0 0 3 0x14200 bored softnet0
67504 33282 0 0 3 0x14200 bored systqmp
49380 183851 0 0 3 0x14200 bored systq
*25336 63695 0 0 7 0x40014200 softclock
51010 436527 0 0 3 0x40014200 idle0
1 235630 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10174 6427K 14606K 78643K 14875 0
pcb 13 14K 16K 78643K 219 0
rtable 239 7K 7K 78643K 902 0
pf 29 8K 9K 78643K 121 0
ifaddr 43 11K 12K 78643K 104 0
ifgroup 50 2K 2K 78643K 204 0
sysctl 2 0K 0K 78643K 2 0
counters 28 17K 17K 78643K 62 0
ioctlops 0 0K 2K 78643K 116 0
iov 0 0K 16K 78643K 241 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1470 92K 92K 78643K 2765 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 136 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 49 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 73K 78643K 3554 0
sigio 0 0K 0K 78643K 22 0
proc 57 59K 75K 78643K 733 0
subproc 130 8K 8K 78643K 195 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 197 0
in_multi 99 7K 7K 78643K 254 0
ether_multi 1 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 67 307K 307K 78643K 67 0
exec 0 0K 1K 78643K 1267 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 386 107K 108K 78643K 36628 0
UVM aobj 131 4K 4K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 90 0
NDP 11 0K 2K 78643K 75 0
temp 83 5912K 5990K 78643K 36114 0
kqueue 13 20K 26K 78643K 373 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 115 0 112 1 0 1 1 0 8 0
rtentry 112 194 0 83 4 0 4 4 0 8 0
unpcb 144 8886 0 8852 51 49 2 12 0 8 0
syncache 304 23 0 23 7 7 0 1 0 8 0
tcpqe 32 165 0 165 6 6 0 1 0 8 0
tcpcb 808 793 0 783 30 27 3 9 0 8 0
arp 88 33 0 14 1 0 1 1 0 8 0
inpcb 336 3074 0 3061 44 41 3 11 0 8 0
nd6 104 50 0 26 1 0 1 1 0 8 0
pkpcb 40 9 0 9 2 2 0 1 0 8 0
kcovpl 48 15 0 5 1 0 1 1 0 8 0
ppxss 1160 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 782 0 323 30 1 29 30 0 8 0
art_table 32 783 0 323 4 0 4 4 0 8 0
art_node 16 193 0 92 1 0 1 1 0 8 0
sysvmsgpl 40 35 0 0 1 0 1 1 0 8 0
semapl 112 42 0 32 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5884 0 4409 93 0 93 93 0 8 0
ffsino 240 5884 0 4409 87 0 87 87 0 8 0
nchpl 144 11325 0 10836 63 42 21 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 37866 0 37866 4 3 1 3 0 8 1
vmpool 664 42 0 42 3 3 0 1 0 8 0
kstatmem 264 90 0 68 2 0 2 2 0 8 0
scxspl 216 32083 0 32083 13 12 1 8 1 8 1
plimitpl 152 570 0 552 1 0 1 1 0 8 0
sigapl 424 3938 0 3872 8 0 8 8 0 8 0
futexpl 64 36607 0 36600 1 0 1 1 0 8 0
knotepl 120 35009 0 34930 24 21 3 10 0 8 0
kqueuepl 184 1315 0 1306 23 22 1 7 0 8 0
pipepl 288 630 0 601 12 9 3 7 0 8 0
fdescpl 432 3820 0 3792 4 0 4 4 0 8 0
filepl 120 27424 0 27131 63 51 12 21 0 8 3
lockfpl 104 867 0 864 2 1 1 2 0 8 0
lockfspl 48 314 0 311 1 0 1 1 0 8 0
sessionpl 144 30 0 12 1 0 1 1 0 8 0
pgrppl 48 74 0 56 1 0 1 1 0 8 0
ucredpl 104 3618 0 3608 1 0 1 1 0 8 0
zombiepl 144 3873 0 3872 1 0 1 1 0 8 0
processpl 1008 3938 0 3872 10 1 9 9 0 8 0
procpl 680 10241 0 10153 14 5 9 10 0 8 0
sosppl 168 50 0 50 8 7 1 1 0 8 1
sockpl 456 12087 0 12037 312 305 7 46 0 8 0
mcl64k 65536 966 0 966 2 1 1 1 0 8 1
mcl16k 16384 473 0 473 6 5 1 1 0 8 1
mcl12k 12288 142 0 142 9 8 1 1 0 8 1
mcl9k 9216 79 0 79 11 10 1 1 0 8 1
mcl8k 8192 976 0 969 8 7 1 2 0 8 0
mcl4k 4096 447 0 447 8 7 1 4 0 8 1
mcl2k2 2112 33 0 33 12 11 1 1 0 8 1
mcl2k 2048 78641 0 78593 56 48 8 29 0 8 1
mtagpl 96 397 0 365 8 4 4 7 0 8 1
mbufpl 256 185326 0 185130 163 134 29 74 0 8 3
bufpl 288 9756 0 3361 457 0 457 457 0 8 0
anonpl 24 473768 0 460121 112 25 87 103 0 188 0
amapchunkpl 152 115853 0 114990 64 26 38 42 0 158 0
amappl16 200 9577 0 9162 45 23 22 35 0 8 0
amappl15 192 9 0 9 1 1 0 1 0 8 0
amappl14 184 168 0 156 2 1 1 2 0 8 0
amappl13 176 47 0 47 2 2 0 1 0 8 0
amappl12 168 4548 0 4519 2 0 2 2 0 8 0
amappl11 160 56 0 45 1 0 1 1 0 8 0
amappl10 152 36 0 24 1 0 1 1 0 8 0
amappl9 144 627 0 626 1 0 1 1 0 8 0
amappl8 136 358 0 265 4 0 4 4 0 8 0
amappl7 128 114 0 103 1 0 1 1 0 8 0
amappl6 120 327 0 308 1 0 1 1 0 8 0
amappl5 112 534 0 526 1 0 1 1 0 8 0
amappl4 104 619 0 583 2 0 2 2 0 8 0
amappl3 96 23430 0 23344 3 0 3 3 0 8 0
amappl2 88 4132 0 4069 3 1 2 3 0 8 0
amappl1 80 22158 0 21647 22 10 12 22 0 8 0
amappl 88 35967 0 35726 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 3862 0 3834 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3862 0 3834 1 0 1 1 0 8 0
vmmpekpl 168 33572 0 33504 4 0 4 4 0 8 0
vmmpepl 168 245369 0 243090 224 119 105 127 0 357 0
vmsppl 368 3861 0 3834 3 0 3 3 0 8 0
rwobjpl 24 70573 0 63030 47 0 47 47 0 8 0
pdppl 4096 7730 0 7668 294 226 68 68 0 8 6
pvpl 32 1185342 0 1166043 386 221 165 330 0 265 0
pmappl 216 3861 0 3834 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1318 0 516 25 0 25 25 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157
arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758
arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135
timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640
softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763
end trace frame: 0x0, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157
arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758
arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135
timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640
softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763
end trace frame: 0x0, count: -7