panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 758 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 480524 85832 0 0 0 1 syz-executor.7 *368607 69422 0 0x14000 0x40000200 0K softclock db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827acd80) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82828396,ffffffff82821d08,2f6,ffffffff827749b3) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd8067fe4af8) at arptfree+0x132 sys/netinet/if_ether.c:758 arptimer(ffffffff82c67d58) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c67d58) at timeout_run+0xd0 sys/kern/kern_timeout.c:665 softclock_thread(ffff800021159540) at softclock_thread+0x114 sys/kern/kern_timeout.c:809 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 758 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827acd80) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82828396,ffffffff82821d08,2f6,ffffffff827749b3) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd8067fe4af8) at arptfree+0x132 sys/netinet/if_ether.c:758 arptimer(ffffffff82c67d58) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c67d58) at timeout_run+0xd0 sys/kern/kern_timeout.c:665 softclock_thread(ffff800021159540) at softclock_thread+0x114 sys/kern/kern_timeout.c:809 end trace frame: 0x0, count: -7 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021165cc0 rbx 0xffffffff82ba2ba7 cpu_info_full_primary+0x2ba7 rdx 0 rcx 0xffff800021159540 rax 0xffffffff82ba1ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xce676cf1cad5c1ae r11 0x7e6cd9774bd07fef r12 0xffffffff82ba29a8 cpu_info_full_primary+0x29a8 r13 0 r14 0 r15 0x1 rip 0xffffffff8243b6fc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800021165cb0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{0}> show proc PROC (softclock) tid=368607 pid=69422 tcnt=1 stat=onproc flags process=14000 proc=40000200 runpri=50, usrpri=51, slppri=0, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff800021159a90,0xffff8000211592a8 process=0xffff8000fffff240 user=0xffff800021160000, vmspace=0xffffffff82d3d230 estcpu=1, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 10351 302646 87909 0 2 0 syz-executor.5 52660 102182 30249 0 2 0 syz-executor.2 52660 298951 30249 0 2 0x4000000 syz-executor.2 85832 480524 94239 0 7 0 syz-executor.7 85832 70880 94239 0 3 0x4000080 fsleep syz-executor.7 85832 17493 94239 0 3 0x4000080 fsleep syz-executor.7 91089 101703 85031 0 2 0x480 syz-executor.4 91089 519814 85031 0 3 0x4000080 netcon syz-executor.4 91089 227749 85031 0 3 0x4000080 fsleep syz-executor.4 30249 6811 21383 0 2 0x482 syz-executor.2 1370 143978 0 0 3 0x14280 nfsidl nfsio 85221 43028 0 0 3 0x14280 nfsidl nfsio 89044 524178 0 0 3 0x14280 nfsidl nfsio 12747 499239 0 0 3 0x14280 nfsidl nfsio 28797 489579 0 0 3 0x14280 nfsidl nfsio 65482 332001 0 0 3 0x14280 nfsidl nfsio 43975 180241 0 0 3 0x14280 nfsidl nfsio 22299 382986 0 0 3 0x14280 nfsidl nfsio 66963 231697 0 0 3 0x14280 nfsidl nfsio 24431 278766 0 0 3 0x14280 nfsidl nfsio 66689 229737 0 0 3 0x14280 nfsidl nfsio 90928 47310 0 0 3 0x14280 nfsidl nfsio 98782 426155 0 0 3 0x14280 nfsidl nfsio 15235 91852 0 0 3 0x14280 nfsidl nfsio 62015 467211 0 0 3 0x14280 nfsidl nfsio 27794 284149 0 0 3 0x14280 nfsidl nfsio 94891 152718 0 0 3 0x14280 nfsidl nfsio 82960 395205 0 0 3 0x14280 nfsidl nfsio 90287 392636 0 0 3 0x14280 nfsidl nfsio 36652 146989 0 0 3 0x14280 nfsidl nfsio 85031 484524 21383 0 3 0x82 nanoslp syz-executor.4 87909 321068 21383 0 2 0x482 syz-executor.5 94239 256123 21383 0 3 0x82 nanoslp syz-executor.7 72306 494177 21383 0 3 0x82 piperd syz-executor.6 40513 170318 0 0 3 0x14200 bored sosplice 5191 247169 0 0 3 0x14200 acct acct 77046 168430 21383 0 2 0x482 syz-executor.3 75575 520519 21383 0 3 0x82 piperd syz-executor.1 21383 171583 51700 0 3 0x2000082 wait syz-fuzzer 21383 70142 51700 0 3 0x6000082 thrsleep syz-fuzzer 21383 41207 51700 0 3 0x6000082 wait syz-fuzzer 21383 365729 51700 0 3 0x6000082 wait syz-fuzzer 21383 348683 51700 0 3 0x6000082 thrsleep syz-fuzzer 21383 228540 51700 0 3 0x6000082 kqread syz-fuzzer 21383 378439 51700 0 3 0x6000082 thrsleep syz-fuzzer 21383 365016 51700 0 3 0x6000082 thrsleep syz-fuzzer 21383 318174 51700 0 3 0x6000082 thrsleep syz-fuzzer 21383 295669 51700 0 3 0x6000082 thrsleep syz-fuzzer 21383 161921 51700 0 3 0x6000082 wait syz-fuzzer 21383 237142 51700 0 3 0x6000082 wait syz-fuzzer 21383 14416 51700 0 3 0x6000082 wait syz-fuzzer 21383 465671 51700 0 3 0x6000082 wait syz-fuzzer 21383 43012 51700 0 3 0x6000082 wait syz-fuzzer 51700 393466 1947 0 3 0x10008a sigsusp ksh 1947 163137 40824 0 3 0x9a kqread sshd 88251 520399 1 0 3 0x100083 ttyin getty 40824 221003 1 0 3 0x88 kqread sshd 16466 500043 97438 74 3 0x1100092 bpf pflogd 97438 342186 1 0 3 0x80 netio pflogd 78446 143484 85112 73 3 0x1100090 kqread syslogd 85112 366917 1 0 3 0x100082 netio syslogd 20648 169291 1 0 3 0x100080 kqread resolvd 9970 471957 87781 77 3 0x100092 kqread dhcpleased 33526 110061 87781 77 3 0x100092 kqread dhcpleased 87781 474798 1 0 3 0x80 kqread dhcpleased 86689 350845 0 0 3 0x14200 bored smr 74736 403878 0 0 3 0x14200 pgzero zerothread 55069 34977 0 0 3 0x14200 aiodoned aiodoned 87663 486304 0 0 3 0x14200 syncer update 58862 174679 0 0 3 0x14200 cleaner cleaner 59694 110185 0 0 3 0x14200 reaper reaper 65703 151504 0 0 3 0x14200 pgdaemon pagedaemon 45404 213067 0 0 3 0x14200 bored viomb 94297 177119 0 0 3 0x40014200 acpi0 acpi0 88051 507997 0 0 3 0x40014200 idle1 22108 446043 0 0 3 0x14200 bored softnet3 26946 470013 0 0 3 0x14200 bored softnet2 309 297582 0 0 3 0x14200 bored softnet1 85058 84737 0 0 3 0x14200 bored softnet0 75031 505329 0 0 3 0x14200 bored systqmp 58766 56334 0 0 3 0x14200 bored systq 10944 187009 0 0 3 0x14200 tmoslp softclockmp *69422 368607 0 0 7 0x40014200 softclock 62055 475321 0 0 3 0x40014200 idle0 1 69339 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 85832 (syz-executor.7) thread 0xffff80002127e008 (480524) shared rwlock vmmaplk r = 0 (0xfffffd806977bc10) #0 witness_lock+0x447 #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1785 #2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:672 #3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600 #4 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 #5 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 #6 recall_trap+0x8 Process 69422 (softclock) thread 0xffff800021159540 (368607) exclusive rwlock netlock r = 0 (0xffffffff82b7fe40) #0 witness_lock+0x447 #1 arptimer+0x26 sys/netinet/if_ether.c:132 #2 timeout_run+0xd0 sys/kern/kern_timeout.c:665 #3 softclock_thread+0x114 sys/kern/kern_timeout.c:809 #4 proc_trampoline+0x10 shared rwlock timeout r = 0 (0xffffffff82c46b68) #0 witness_lock+0x447 #1 timeout_run+0xbb sys/kern/kern_timeout.c:661 #2 softclock_thread+0x114 sys/kern/kern_timeout.c:809 #3 proc_trampoline+0x10 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d3e750) #0 witness_lock+0x447 #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x46d sys/kern/sched_bsd.c:470 #3 sleep_finish+0x19b sys/kern/kern_synch.c:414 #4 msleep+0xea sys/kern/kern_synch.c:249 #5 softclock_thread+0xd0 sys/kern/kern_timeout.c:805 #6 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10233 6486K 7406K 78643K 19988 0 pcb 13 12K 14K 78643K 415 0 rtable 247 7K 7K 78643K 672 0 pf 37 10K 10K 78643K 111 0 ifaddr 47 16K 16K 78643K 101 0 ifgroup 64 2K 2K 78643K 165 0 sysctl 4 1K 1K 78643K 4 0 counters 64 36K 36K 78643K 124 0 ioctlops 0 0K 4K 78643K 1564 0 iov 0 0K 16K 78643K 208 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1407 88K 88K 78643K 4064 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 52 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 407 0 dirhash 12 2K 2K 78643K 24 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 85K 78643K 4643 0 sigio 0 0K 0K 78643K 82 0 proc 69 91K 115K 78643K 892 0 subproc 104 6K 6K 78643K 188 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 368 0 in_multi 99 7K 7K 78643K 201 0 ether_multi 1 0K 0K 78643K 5 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 259 1155K 1155K 78643K 259 0 exec 0 0K 1K 78643K 838 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 398 127K 131K 78643K 48139 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 143 0 NDP 14 0K 2K 78643K 72 0 temp 73 5920K 6000K 78643K 42225 0 kqueue 12 18K 29K 78643K 425 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 240 0 237 5 4 1 3 0 8 0 rtentry 112 186 0 71 4 0 4 4 0 8 0 unpcb 144 4179 0 4164 52 42 10 10 0 8 9 syncache 304 35 0 35 8 7 1 1 0 8 1 tcpqe 32 204 0 204 7 6 1 1 0 8 1 tcpcb 808 2129 0 2111 61 52 9 9 0 8 5 arp 120 31 0 12 1 0 1 1 0 8 0 inpcb 368 3634 0 3612 53 45 8 8 0 8 4 nd6 136 50 0 22 1 0 1 1 0 8 0 pkpcb 40 13 0 13 2 2 0 1 0 8 0 kcovpl 48 14 0 6 1 0 1 1 0 8 0 ppxss 1256 11 0 11 4 4 0 1 0 8 0 pffrag 232 44 0 41 1 0 1 1 0 482 0 pffrnode 88 44 0 41 1 0 1 1 0 8 0 pffrent 40 94 0 91 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 134 0 125 1 0 1 1 0 8 0 pfstkey 128 134 0 125 2 0 2 2 0 8 0 pfstate 376 134 0 125 5 2 3 5 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 762 0 295 31 1 30 30 0 8 0 art_table 32 763 0 295 4 0 4 4 0 8 0 art_node 16 185 0 80 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0 semapl 112 392 0 382 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 7624 0 6161 92 0 92 92 0 8 0 ffsino 272 7624 0 6161 98 0 98 98 0 8 0 nchpl 144 14876 0 14299 63 40 23 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 58540 0 58540 5 4 1 2 0 8 1 percpumem 16 75 0 30 1 0 1 1 0 8 0 vcpupl 2048 14 0 0 2 0 2 2 0 8 0 vmpool 696 21 0 7 2 0 2 2 0 8 0 kstatmem 264 88 0 60 6 4 2 3 0 8 0 scxspl 216 46255 0 46255 18 17 1 8 1 8 1 plimitpl 152 512 0 496 1 0 1 1 0 8 0 sigapl 424 5062 0 4994 10 2 8 8 0 8 0 futexpl 64 39198 0 39195 1 0 1 1 0 8 0 knotepl 120 552 0 0 10 0 10 10 0 8 0 kqueuepl 216 1419 0 1409 23 18 5 5 0 8 4 pipepl 320 1197 0 1168 34 31 3 8 0 8 0 fdescpl 496 4942 0 4915 5 1 4 5 0 8 0 filepl 152 37684 0 37434 68 49 19 22 0 8 6 lockfpl 104 2571 0 2569 7 6 1 3 0 8 0 lockfspl 48 1092 0 1090 2 1 1 2 0 8 0 sessionpl 144 30 0 13 1 0 1 1 0 8 0 pgrppl 48 96 0 79 1 0 1 1 0 8 0 ucredpl 104 4014 0 4002 1 0 1 1 0 8 0 zombiepl 144 4996 0 4994 1 0 1 1 0 8 0 processpl 1072 5062 0 4994 5 0 5 5 0 8 0 procpl 680 13399 0 13312 10 1 9 9 0 8 0 sosppl 168 39 0 36 6 5 1 1 0 8 0 sockpl 488 8069 0 8029 230 196 34 36 0 8 26 mcl64k 65536 16 0 0 2 0 2 2 0 8 0 mcl16k 16384 14 0 0 2 0 2 2 0 8 0 mcl12k 12288 14 0 0 2 0 2 2 0 8 0 mcl9k 9216 13 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 24 0 0 3 1 2 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 287 0 0 35 5 30 35 0 8 0 mtagpl 96 721 0 0 17 0 17 17 0 8 0 mbufpl 256 1692 0 0 94 0 94 94 0 8 0 bufpl 288 12288 0 5967 452 0 452 452 0 8 0 anonpl 24 590870 0 568598 154 19 135 135 0 186 0 amapchunkpl 152 152321 0 151386 67 29 38 47 0 158 0 amappl16 200 12178 0 11298 66 19 47 47 0 8 0 amappl15 192 11 0 10 1 0 1 1 0 8 0 amappl14 184 278 0 266 2 1 1 2 0 8 0 amappl13 176 15 0 15 1 1 0 1 0 8 0 amappl12 168 5702 0 5674 3 1 2 2 0 8 0 amappl11 160 60 0 46 1 0 1 1 0 8 0 amappl10 152 65 0 54 1 0 1 1 0 8 0 amappl9 144 202 0 201 1 0 1 1 0 8 0 amappl8 136 371 0 270 4 0 4 4 0 8 0 amappl7 128 226 0 198 2 0 2 2 0 8 0 amappl6 120 394 0 380 1 0 1 1 0 8 0 amappl5 112 203 0 192 1 0 1 1 0 8 0 amappl4 104 567 0 534 2 1 1 2 0 8 0 amappl3 96 29756 0 29673 3 0 3 3 0 8 0 amappl2 88 5570 0 5492 3 1 2 3 0 8 0 amappl1 80 26281 0 25734 25 12 13 23 0 8 0 amappl 88 47388 0 47153 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 4964 0 4923 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4964 0 4923 1 0 1 1 0 8 0 vmmpekpl 168 41910 0 41839 4 0 4 4 0 8 0 vmmpepl 168 309408 0 306646 207 85 122 156 0 357 0 vmsppl 464 4963 0 4923 8 2 6 6 0 8 0 rwobjpl 56 85175 0 77110 114 0 114 114 0 8 0 pdppl 4096 9936 0 9860 369 287 82 84 0 8 6 pvpl 32 1621083 0 1592921 406 177 229 340 0 265 0 pmappl 248 4963 0 4923 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1323 0 402 27 0 27 27 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827acd80) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82828396,ffffffff82821d08,2f6,ffffffff827749b3) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd8067fe4af8) at arptfree+0x132 sys/netinet/if_ether.c:758 arptimer(ffffffff82c67d58) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c67d58) at timeout_run+0xd0 sys/kern/kern_timeout.c:665 softclock_thread(ffff800021159540) at softclock_thread+0x114 sys/kern/kern_timeout.c:809 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d48ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d3e548) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d3e548) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_fault(fffffd806977bb18,3a178bf1000,0,1) at uvm_fault+0x181 sys/uvm/uvm_fault.c:622 upageflttrap(ffff8000232e75b0,3a178bf1000) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff8000232e75b0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7d68055fd910, count: 7 ddb{1}> trace x86_ipi_db(ffff800020d48ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d3e548) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d3e548) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_fault(fffffd806977bb18,3a178bf1000,0,1) at uvm_fault+0x181 sys/uvm/uvm_fault.c:622 upageflttrap(ffff8000232e75b0,3a178bf1000) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff8000232e75b0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7d68055fd910, count: -8