panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 716 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 438758 95636 0 0x2 0x480 1 syz-executor.0 *125822 84630 0 0x14000 0x40000200 0K softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82208f7b,ffffffff82203cad,2cc,ffffffff8218d4f3) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd8065dc80e8) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff82526658) at arptimer+0x95 sys/netinet/if_ether.c:120 timeout_run(ffffffff82526658) at timeout_run+0xc4 timeout_sync_leave sys/kern/kern_timeout.c:178 [inline] timeout_run(ffffffff82526658) at timeout_run+0xc4 sys/kern/kern_timeout.c:479 softclock_thread(ffff800020a11148) at softclock_thread+0x16a sys/kern/kern_timeout.c:564 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 716 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82208f7b,ffffffff82203cad,2cc,ffffffff8218d4f3) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd8065dc80e8) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff82526658) at arptimer+0x95 sys/netinet/if_ether.c:120 timeout_run(ffffffff82526658) at timeout_run+0xc4 timeout_sync_leave sys/kern/kern_timeout.c:178 [inline] timeout_run(ffffffff82526658) at timeout_run+0xc4 sys/kern/kern_timeout.c:479 softclock_thread(ffff800020a11148) at softclock_thread+0x16a sys/kern/kern_timeout.c:564 end trace frame: 0x0, count: -7 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020a25a30 rbx 0xffff800020a25ae0 rdx 0xffff800020a11148 rcx 0 rax 0 r8 0xffffffff8141f94f kprintf+0x16f r9 0x1 r10 0x25 r11 0xcf8e82cbdb1d0f9a r12 0x3000000008 r13 0xffff800020a25a40 r14 0x100 r15 0x1 rip 0xffffffff814c4808 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020a25a20 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softclock) pid=125822 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020a113c0,0xffff800020a109f0 process=0xffff800020a12a80 user=0xffff800020a20000, vmspace=0xffffffff8265b4e0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 4588 438984 95636 0 2 0x480 syz-executor.0 4588 212428 95636 0 3 0x4000080 kqread syz-executor.0 4588 213208 95636 0 3 0x4000080 fsleep syz-executor.0 67210 205126 37443 0 3 0x82 piperd syz-executor.1 68537 17916 1 0 3 0x100083 ttyin getty 95636 438758 37443 0 7 0x482 syz-executor.0 41642 212080 0 0 3 0x14200 acct acct 89998 357120 0 0 3 0x14200 bored sosplice 37443 330562 60550 0 3 0x82 thrsleep syz-fuzzer 37443 286266 60550 0 3 0x4000082 thrsleep syz-fuzzer 37443 266968 60550 0 3 0x4000082 thrsleep syz-fuzzer 37443 514936 60550 0 3 0x4000082 thrsleep syz-fuzzer 37443 94453 60550 0 3 0x4000082 thrsleep syz-fuzzer 37443 498882 60550 0 3 0x4000082 thrsleep syz-fuzzer 37443 402482 60550 0 3 0x4000082 thrsleep syz-fuzzer 37443 285029 60550 0 3 0x4000082 thrsleep syz-fuzzer 37443 122483 60550 0 3 0x4000082 kqread syz-fuzzer 37443 266665 60550 0 3 0x4000082 thrsleep syz-fuzzer 60550 7186 19225 0 3 0x10008a pause ksh 19225 329087 33540 0 3 0x92 select sshd 33540 253705 1 0 3 0x80 select sshd 2836 497203 10309 74 3 0x100092 bpf pflogd 10309 18798 1 0 3 0x80 netio pflogd 32733 233479 74174 73 3 0x100090 kqread syslogd 74174 197283 1 0 3 0x100082 netio syslogd 42947 112765 1 77 3 0x100090 poll dhclient 28917 92778 1 0 3 0x80 poll dhclient 52855 334863 0 0 3 0x14200 pgzero zerothread 86253 485275 0 0 3 0x14200 aiodoned aiodoned 38371 55120 0 0 3 0x14200 syncer update 25059 292456 0 0 3 0x14200 cleaner cleaner 87180 256835 0 0 3 0x14200 reaper reaper 75479 518556 0 0 3 0x14200 pgdaemon pagedaemon 46891 355520 0 0 3 0x14200 bored crynlk 91084 36808 0 0 3 0x14200 bored crypto 71308 488013 0 0 3 0x40014200 acpi0 acpi0 75278 75863 0 0 3 0x40014200 idle1 89999 170521 0 0 3 0x14200 bored softnet 4900 386510 0 0 3 0x14200 bored systqmp 49292 468682 0 0 3 0x14200 bored systq *84630 125822 0 0 7 0x40014200 softclock 89485 268194 0 0 3 0x40014200 idle0 5565 78172 0 0 3 0x14200 bored smr 1 447965 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 84630 (softclock) thread 0xffff800020a11148 (125822) exclusive rwlock netlock r = 0 (0xffffffff824dc718) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 arptimer+0x22 sys/netinet/if_ether.c:119 #2 timeout_run+0xc4 timeout_sync_leave sys/kern/kern_timeout.c:178 [inline] #2 timeout_run+0xc4 sys/kern/kern_timeout.c:479 #3 softclock_thread+0x16a sys/kern/kern_timeout.c:564 #4 proc_trampoline+0x1c shared rwlock timeout r = 0 (0xffffffff824dcba0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 timeout_run+0xb9 sys/kern/kern_timeout.c:478 #2 softclock_thread+0x16a sys/kern/kern_timeout.c:564 #3 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82648ec0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227 #2 mi_switch+0x392 sys/kern/sched_bsd.c:434 #3 sleep_finish+0x113 sys/kern/kern_synch.c:373 #4 softclock_thread+0x103 sys/kern/kern_timeout.c:559 #5 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9610 6455K 8675K 78643K 20931 0 0 pcb 13 11K 13K 78643K 2082 0 0 rtable 129 14K 14K 78643K 2183 0 0 ifaddr 100 22K 22K 78643K 640 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1682 0 0 iov 0 0K 32K 78643K 734 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1232 77K 78K 78643K 5208 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 47 0 0 VM map 29 14K 14K 78643K 33 0 0 sem 12 0K 1K 78643K 1514 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 5 13K 25K 78643K 3294 0 0 sigio 0 0K 0K 78643K 71 0 0 proc 60 63K 95K 78643K 1672 0 0 subproc 32 2K 2K 78643K 374 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 1K 78643K 329 0 0 in_multi 32 2K 2K 78643K 433 0 0 ether_multi 1 0K 0K 78643K 50 0 0 mrt 0 0K 0K 78643K 30 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 840 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 187 228K 228K 78643K 12763 0 0 UVM aobj 130 4K 4K 78643K 138 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 2K 78643K 683 0 0 NDP 23 0K 1K 78643K 200 0 0 temp 252 3563K 4192K 78643K 103136 0 0 kqueue 0 0K 0K 78643K 21 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 74 0 67 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 310 0 308 1 0 1 1 0 8 0 rtentry 112 356 0 309 2 0 2 2 0 8 0 unpcb 120 2088 0 2075 2 1 1 2 0 8 0 syncache 264 15 0 15 7 7 0 1 0 8 0 tcpqe 32 6 0 6 5 5 0 1 0 8 0 tcpcb 544 1461 0 1457 19 18 1 14 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 280 5922 0 5915 19 17 2 9 0 8 1 rttmr 72 9 0 9 7 7 0 1 0 8 0 nd6 48 53 0 50 2 1 1 1 0 8 0 pkpcb 40 12 0 12 5 5 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 70 0 70 10 9 1 1 0 8 1 pffrag 232 81 0 81 15 14 1 1 0 482 1 pffrnode 88 81 0 81 15 14 1 1 0 8 1 pffrent 40 2475 0 2475 15 14 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 248 0 204 1 0 1 1 0 8 0 pfstkey 112 248 0 204 3 0 3 3 0 8 1 pfstate 328 248 0 204 7 1 6 7 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1495 0 1272 33 18 15 16 0 8 0 art_table 32 1497 0 1272 2 0 2 2 0 8 0 art_node 16 354 0 312 1 0 1 1 0 8 0 sysvmsgpl 40 51 0 34 1 0 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 1508 0 1498 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 6437 0 5011 47 0 47 47 0 8 0 ffsino 272 6437 0 5011 97 1 96 96 0 8 0 nchpl 144 11681 0 11196 60 41 19 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 44153 0 44153 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 27 0 0 4 0 4 4 0 8 0 vmpool 552 31 0 4 2 0 2 2 0 8 0 scsiplug 64 5 0 5 3 3 0 1 0 8 0 scxspl 192 37148 0 37148 27 24 3 7 0 8 3 plimitpl 152 326 0 318 1 0 1 1 0 8 0 sigapl 432 3435 0 3420 3 1 2 3 0 8 0 futexpl 56 80331 0 80330 1 0 1 1 0 8 0 knotepl 112 746 0 726 3 2 1 3 0 8 0 kqueuepl 104 917 0 914 4 3 1 4 0 8 0 pipepl 112 2372 0 2353 5 3 2 2 0 8 0 fdescpl 488 3436 0 3420 3 0 3 3 0 8 0 filepl 152 32790 0 32687 29 23 6 13 0 8 1 lockfpl 104 6465 0 6464 1 0 1 1 0 8 0 lockfspl 48 1210 0 1209 1 0 1 1 0 8 0 sessionpl 112 41 0 30 1 0 1 1 0 8 0 pgrppl 48 75 0 64 1 0 1 1 0 8 0 ucredpl 96 3726 0 3717 1 0 1 1 0 8 0 zombiepl 144 3420 0 3420 2 1 1 1 0 8 1 processpl 896 3453 0 3420 4 0 4 4 0 8 0 procpl 632 10883 0 10839 6 1 5 5 0 8 0 srpgc 64 32 0 32 10 10 0 1 0 8 0 sosppl 128 86 0 86 7 7 0 1 0 8 0 sockpl 384 8399 0 8377 36 31 5 14 0 8 1 mcl64k 65536 260 0 0 33 17 16 33 0 8 2 mcl16k 16384 20 0 0 3 1 2 3 0 8 0 mcl12k 12288 22 0 0 2 0 2 2 0 8 0 mcl9k 9216 16 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 21 0 0 3 1 2 3 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 164 0 0 20 1 19 20 0 8 0 mtagpl 80 62 0 0 1 0 1 1 0 8 0 mbufpl 256 555 0 0 25 0 25 25 0 8 0 bufpl 256 16304 0 9246 442 0 442 442 0 8 0 anonpl 16 396767 0 375962 144 52 92 102 0 124 5 amapchunkpl 152 26382 0 26207 39 27 12 15 0 158 0 amappl16 192 16667 0 15509 119 59 60 71 0 8 1 amappl15 184 298 0 298 2 2 0 1 0 8 0 amappl14 176 1172 0 1164 1 0 1 1 0 8 0 amappl13 168 469 0 469 4 4 0 1 0 8 0 amappl12 160 122 0 121 1 0 1 1 0 8 0 amappl11 152 514 0 499 1 0 1 1 0 8 0 amappl10 144 20 0 13 1 0 1 1 0 8 0 amappl9 136 1690 0 1686 1 0 1 1 0 8 0 amappl8 128 1332 0 1271 3 0 3 3 0 8 0 amappl7 120 129 0 121 1 0 1 1 0 8 0 amappl6 112 458 0 446 1 0 1 1 0 8 0 amappl5 104 513 0 497 1 0 1 1 0 8 0 amappl4 96 3739 0 3705 1 0 1 1 0 8 0 amappl3 88 1160 0 1155 1 0 1 1 0 8 0 amappl2 80 25840 0 25761 3 1 2 3 0 8 0 amappl1 72 87518 0 87068 24 13 11 20 0 8 0 amappl 80 11508 0 11447 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 137 0 8 3 0 3 3 0 8 0 uaddrrnd 24 3467 0 3420 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3467 0 3420 1 0 1 1 0 8 0 vmmpekpl 168 32239 0 32203 2 0 2 2 0 8 0 vmmpepl 168 444866 0 442442 260 113 147 151 0 357 33 vmsppl 368 3435 0 3420 2 0 2 2 0 8 0 pdppl 4096 6941 0 6875 9 0 9 9 0 8 0 pvpl 32 1084660 0 1061350 314 96 218 228 0 265 24 pmappl 232 3466 0 3424 5 2 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 699 0 60 19 0 19 19 0 8 0