assert "ifp != NULL" failed in if_ether.c (4)
1 view
Skip to first unread message
syzbot
Dec 7, 2021, 3:40:29 AM12/7/21
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ad110f3f2f3f In the next major bump, some BN macros will b..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15f13641b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=b6a04be5154cb5dab782
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b6a04b...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*219715 66261 0 0x14000 0x40000200 0K softclock
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161
arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725
arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131
timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678
softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802
end trace frame: 0x0, count: 8
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161
arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725
arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131
timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678
softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802
end trace frame: 0x0, count: -7
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800021155780
rbx 0xffffffff8276fbff cpu_info_full_primary+0x2bff
rdx 0x8b
rcx 0x2
rax 0x86
r8 0xffffffff81e8cde4 kprintf+0x144
r9 0x1
r10 0x1082dd03b042cd0e
r11 0x540da99f1c8dcf
r12 0xffffffff8276fa00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff823b2108 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021155770
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (softclock) pid=219715 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800021148fc0,0xffff8000211487f0
process=0xffff8000ffffe180 user=0xffff800021150000, vmspace=0xffffffff8299e7f0
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
92521 427754 22507 0 2 0x480 syz-executor.0
92521 33276 22507 0 3 0x4000080 kqsel syz-executor.0
92521 420212 22507 0 3 0x4000080 fsleep syz-executor.0
65550 121282 0 0 3 0x14280 nfsidl nfsio
57801 374475 0 0 3 0x14280 nfsidl nfsio
86473 342328 0 0 3 0x14280 nfsidl nfsio
81068 64480 0 0 3 0x14280 nfsidl nfsio
64882 241113 0 0 3 0x14280 nfsidl nfsio
37592 254067 0 0 3 0x14280 nfsidl nfsio
53197 413439 0 0 3 0x14280 nfsidl nfsio
84303 46662 0 0 3 0x14280 nfsidl nfsio
18432 387243 0 0 3 0x14280 nfsidl nfsio
28957 226895 0 0 3 0x14280 nfsidl nfsio
30820 303412 0 0 3 0x14280 nfsidl nfsio
2225 370882 0 0 3 0x14280 nfsidl nfsio
88894 327112 0 0 3 0x14280 nfsidl nfsio
9318 392261 0 0 3 0x14280 nfsidl nfsio
94929 157114 0 0 3 0x14280 nfsidl nfsio
56558 306059 0 0 3 0x14280 nfsidl nfsio
11629 401613 0 0 3 0x14280 nfsidl nfsio
45165 332606 0 0 3 0x14280 nfsidl nfsio
8141 31209 0 0 3 0x14280 nfsidl nfsio
26093 292291 0 0 3 0x14280 nfsidl nfsio
7338 484425 19922 0 3 0x82 piperd syz-executor.1
22507 66289 19922 0 2 0x482 syz-executor.0
53927 358211 1 0 3 0x100083 ttyin getty
3805 423787 0 0 3 0x14200 bored sosplice
19922 167684 80382 0 3 0x82 thrsleep syz-fuzzer
19922 42556 80382 0 2 0x4000482 syz-fuzzer
19922 408913 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 16421 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 76253 80382 0 2 0x4000482 syz-fuzzer
19922 44429 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 286037 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 346994 80382 0 3 0x4000082 kqread syz-fuzzer
80382 229677 225 0 3 0x10008a sigsusp ksh
225 258349 34893 0 3 0x9a kqread sshd
34893 91639 1 0 3 0x88 kqread sshd
91329 282701 16903 74 3 0x100092 bpf pflogd
16903 317028 1 0 3 0x80 netio pflogd
97723 337411 37127 73 3 0x100090 kqread syslogd
37127 56557 1 0 3 0x100082 netio syslogd
10930 260354 1 0 3 0x100080 kqread resolvd
58316 460249 0 0 3 0x14200 bored smr
26521 487557 0 0 3 0x14200 pgzero zerothread
58326 382891 0 0 3 0x14200 aiodoned aiodoned
5749 395600 0 0 3 0x14200 syncer update
765 348284 0 0 3 0x14200 cleaner cleaner
56395 348603 0 0 3 0x14200 reaper reaper
26137 360890 0 0 3 0x14200 pgdaemon pagedaemon
65476 484672 0 0 3 0x14200 bored viomb
41232 478150 0 0 3 0x40014200 acpi0 acpi0
45157 166636 0 0 7 0x40014200 idle1
76738 120084 0 0 3 0x14200 bored softnet
73433 220241 0 0 3 0x14200 bored systqmp
79015 329875 0 0 3 0x14200 bored systq
*66261 219715 0 0 7 0x40014200 softclock
32922 17937 0 0 3 0x40014200 idle0
1 249863 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 66261 (softclock) thread 0xffff800021148d20 (219715)
exclusive rwlock netlock r = 0 (0xffffffff827d4c70)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 arptimer+0x22 sys/netinet/if_ether.c:129
#2 timeout_run+0xcc sys/kern/kern_timeout.c:678
#3 softclock_thread+0x134 sys/kern/kern_timeout.c:802
#4 proc_trampoline+0x1c
shared rwlock timeout r = 0 (0xffffffff827f2a68)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 timeout_run+0xb7 sys/kern/kern_timeout.c:674
#2 softclock_thread+0x134 sys/kern/kern_timeout.c:802
#3 proc_trampoline+0x1c
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829f8c18)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227
#2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416
#3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433
#4 softclock_thread+0xd9 sys/kern/kern_timeout.c:797
#5 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10131 6511K 7082K 78643K 16077 0
pcb 13 8K 8K 78643K 1577 0
rtable 78 11K 12K 78643K 3184 0
ifaddr 48 14K 17K 78643K 1173 0
sysctl 3 1K 2K 78643K 5 0
counters 44 34K 34K 78643K 438 0
ioctlops 0 0K 4K 78643K 3353 0
iov 0 0K 24K 78643K 945 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1270 80K 80K 78643K 4864 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 98 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 1685 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 12208 0
sigio 0 0K 0K 78643K 83 0
proc 66 63K 111K 78643K 2072 0
subproc 66 4K 4K 78643K 1361 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1159 0
in_multi 16 1K 2K 78643K 1721 0
ether_multi 1 0K 0K 78643K 219 0
mrt 1 0K 0K 78643K 67 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 97 440K 440K 78643K 97 0
exec 0 0K 2K 78643K 2196 0
pfkey data 0 0K 1K 78643K 10 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 590 1542K 1546K 78643K 144486 0
UVM aobj 131 8K 8K 78643K 143 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 1K 78643K 1582 0
NDP 7 0K 0K 78643K 387 0
temp 85 4196K 8292K 78643K 179569 0
kqueue 7 12K 28K 78643K 796 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 782 0 781 1 0 1 1 0 8 0
rtentry 112 1158 0 1132 3 1 2 2 0 8 0
unpcb 128 4794 0 4786 12 11 1 3 0 8 0
syncache 296 10 0 10 3 3 0 1 0 8 0
tcpqe 32 84 0 84 1 1 0 1 0 8 0
tcpcb 736 3570 0 3562 49 47 2 3 0 8 1
arp 120 125 0 118 1 0 1 1 0 8 0
inpcb 304 19898 0 19894 31 29 2 2 0 8 1
rttmr 72 4 0 4 4 4 0 1 0 8 0
nd6 48 265 0 263 4 3 1 1 0 8 0
pkpcb 40 79 0 79 23 23 0 1 0 8 0
kcovpl 48 41 0 39 1 0 1 1 0 8 0
ppxss 1248 42 0 42 23 23 0 1 0 8 0
pffrag 232 67 0 67 18 18 0 1 0 482 0
pffrnode 88 67 0 67 18 18 0 1 0 8 0
pffrent 40 798 0 798 20 20 0 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 79 0 77 1 0 1 1 0 8 0
pfstkey 112 79 0 77 1 0 1 1 0 8 0
pfstate 320 79 0 77 3 2 1 3 0 8 0
pfrule 1360 31 0 25 2 1 1 2 0 8 0
art_heap8 4096 12 0 11 11 10 1 3 0 8 0
art_heap4 256 7212 0 7093 66 55 11 16 0 8 0
art_table 32 7224 0 7104 2 0 2 2 0 8 0
art_node 16 1150 0 1131 1 0 1 1 0 8 0
sysvmsgpl 40 57 0 17 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 1679 0 1669 1 0 1 1 0 8 0
shmpl 112 140 0 12 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 16806 0 15380 90 0 90 90 0 8 0
ffsino 272 16806 0 15380 96 0 96 96 0 8 0
nchpl 144 33221 0 32780 61 42 19 61 0 8 0
uvmvnodes 72 19156 0 0 349 0 349 349 0 8 0
vnodes 224 19156 0 0 1127 0 1127 1127 0 8 0
namei 1024 101662 0 101662 20 19 1 1 0 8 1
percpumem 16 231 0 197 1 0 1 1 0 8 0
vcpupl 2048 161 0 1 20 0 20 20 0 8 0
vmpool 560 184 0 24 14 2 12 12 0 8 0
scsiplug 72 7 0 7 5 5 0 1 0 8 0
scxspl 216 98257 0 98257 25 24 1 8 0 8 1
plimitpl 152 746 0 738 1 0 1 1 0 8 0
sigapl 424 12415 0 12365 14 8 6 7 0 8 0
futexpl 64 216944 0 216943 17 16 1 1 0 8 0
knotepl 112 154 0 0 4 1 3 3 0 8 0
kqueuepl 216 2860 0 2846 24 23 1 2 0 8 0
pipepl 336 1855 0 1845 22 20 2 2 0 8 0
fdescpl 496 12330 0 12315 3 0 3 3 0 8 0
filepl 152 73628 0 73500 34 27 7 9 0 8 2
lockfpl 104 2871 0 2870 1 0 1 1 0 8 0
lockfspl 48 858 0 857 1 0 1 1 0 8 0
sessionpl 144 61 0 51 1 0 1 1 0 8 0
pgrppl 48 99 0 89 1 0 1 1 0 8 0
ucredpl 96 8681 0 8670 1 0 1 1 0 8 0
zombiepl 144 12365 0 12365 6 5 1 1 0 8 1
processpl 1072 12415 0 12365 6 2 4 4 0 8 0
procpl 672 26668 0 26609 13 7 6 6 0 8 0
srpgc 96 26 0 26 13 13 0 1 0 8 0
sosppl 168 134 0 134 42 42 0 1 0 8 0
sockpl 480 25706 0 25693 81 75 6 11 0 8 3
mcl64k 65536 13 0 0 2 0 2 2 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 11 0 0 2 0 2 2 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 9 0 0 2 0 2 2 0 8 0
mcl4k 4096 10 0 0 2 0 2 2 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 283 0 0 21 1 20 21 0 8 0
mtagpl 96 35 0 0 1 0 1 1 0 8 0
mbufpl 256 1372 0 0 34 5 29 32 0 8 0
bufpl 280 26151 0 19822 453 0 453 453 0 8 0
anonpl 24 3314255 0 3294920 275 154 121 138 0 186 0
amapchunkpl 152 357948 0 357205 285 254 31 44 0 158 1
amappl16 200 29307 0 28632 221 185 36 48 0 8 0
amappl15 192 1815 0 1809 1 0 1 1 0 8 0
amappl14 184 2471 0 2468 5 4 1 1 0 8 0
amappl13 176 2385 0 2384 1 0 1 1 0 8 0
amappl12 168 1989 0 1985 1 0 1 1 0 8 0
amappl11 160 1230 0 1217 1 0 1 1 0 8 0
amappl10 152 520 0 513 1 0 1 1 0 8 0
amappl9 144 756 0 754 1 0 1 1 0 8 0
amappl8 136 3341 0 3214 5 0 5 5 0 8 0
amappl7 128 2227 0 2219 1 0 1 1 0 8 0
amappl6 120 763 0 749 1 0 1 1 0 8 0
amappl5 112 11186 0 11167 1 0 1 1 0 8 0
amappl4 104 3767 0 3733 1 0 1 1 0 8 0
amappl3 96 3280 0 3264 1 0 1 1 0 8 0
amappl2 88 15022 0 14949 5 3 2 2 0 8 0
amappl1 80 199616 0 199211 14 4 10 13 0 8 0
amappl 88 143061 0 142766 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 142 0 12 3 0 3 3 0 8 0
uaddrrnd 24 12514 0 12339 2 0 2 2 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 12514 0 12339 2 0 2 2 0 8 0
vmmpekpl 168 64573 0 64521 3 0 3 3 0 8 0
vmmpepl 168 1097375 0 1095112 705 601 104 135 0 357 0
vmsppl 368 12513 0 12339 18 2 16 16 0 8 0
rwobjpl 56 241357 0 239732 69 45 24 27 0 8 0
pdppl 4096 25036 0 24838 278 78 200 200 0 8 2
pvpl 32 5770122 0 5748572 457 274 183 215 0 265 0
pmappl 224 12513 0 12339 11 0 11 11 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 740 0 240 15 0 15 15 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161
arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725
arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131
timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678
softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802
end trace frame: 0x0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: -5
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: ad110f3f2f3f In the next major bump, some BN macros will b..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15f13641b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=b6a04be5154cb5dab782
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b6a04b...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*219715 66261 0 0x14000 0x40000200 0K softclock
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161
arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725
arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131
timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678
softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802
end trace frame: 0x0, count: 8
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 725
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161
arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725
arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131
timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678
softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802
end trace frame: 0x0, count: -7
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800021155780
rbx 0xffffffff8276fbff cpu_info_full_primary+0x2bff
rdx 0x8b
rcx 0x2
rax 0x86
r8 0xffffffff81e8cde4 kprintf+0x144
r9 0x1
r10 0x1082dd03b042cd0e
r11 0x540da99f1c8dcf
r12 0xffffffff8276fa00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff823b2108 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021155770
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (softclock) pid=219715 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800021148fc0,0xffff8000211487f0
process=0xffff8000ffffe180 user=0xffff800021150000, vmspace=0xffffffff8299e7f0
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
92521 427754 22507 0 2 0x480 syz-executor.0
92521 33276 22507 0 3 0x4000080 kqsel syz-executor.0
92521 420212 22507 0 3 0x4000080 fsleep syz-executor.0
65550 121282 0 0 3 0x14280 nfsidl nfsio
57801 374475 0 0 3 0x14280 nfsidl nfsio
86473 342328 0 0 3 0x14280 nfsidl nfsio
81068 64480 0 0 3 0x14280 nfsidl nfsio
64882 241113 0 0 3 0x14280 nfsidl nfsio
37592 254067 0 0 3 0x14280 nfsidl nfsio
53197 413439 0 0 3 0x14280 nfsidl nfsio
84303 46662 0 0 3 0x14280 nfsidl nfsio
18432 387243 0 0 3 0x14280 nfsidl nfsio
28957 226895 0 0 3 0x14280 nfsidl nfsio
30820 303412 0 0 3 0x14280 nfsidl nfsio
2225 370882 0 0 3 0x14280 nfsidl nfsio
88894 327112 0 0 3 0x14280 nfsidl nfsio
9318 392261 0 0 3 0x14280 nfsidl nfsio
94929 157114 0 0 3 0x14280 nfsidl nfsio
56558 306059 0 0 3 0x14280 nfsidl nfsio
11629 401613 0 0 3 0x14280 nfsidl nfsio
45165 332606 0 0 3 0x14280 nfsidl nfsio
8141 31209 0 0 3 0x14280 nfsidl nfsio
26093 292291 0 0 3 0x14280 nfsidl nfsio
7338 484425 19922 0 3 0x82 piperd syz-executor.1
22507 66289 19922 0 2 0x482 syz-executor.0
53927 358211 1 0 3 0x100083 ttyin getty
3805 423787 0 0 3 0x14200 bored sosplice
19922 167684 80382 0 3 0x82 thrsleep syz-fuzzer
19922 42556 80382 0 2 0x4000482 syz-fuzzer
19922 408913 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 16421 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 76253 80382 0 2 0x4000482 syz-fuzzer
19922 44429 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 286037 80382 0 3 0x4000082 thrsleep syz-fuzzer
19922 346994 80382 0 3 0x4000082 kqread syz-fuzzer
80382 229677 225 0 3 0x10008a sigsusp ksh
225 258349 34893 0 3 0x9a kqread sshd
34893 91639 1 0 3 0x88 kqread sshd
91329 282701 16903 74 3 0x100092 bpf pflogd
16903 317028 1 0 3 0x80 netio pflogd
97723 337411 37127 73 3 0x100090 kqread syslogd
37127 56557 1 0 3 0x100082 netio syslogd
10930 260354 1 0 3 0x100080 kqread resolvd
58316 460249 0 0 3 0x14200 bored smr
26521 487557 0 0 3 0x14200 pgzero zerothread
58326 382891 0 0 3 0x14200 aiodoned aiodoned
5749 395600 0 0 3 0x14200 syncer update
765 348284 0 0 3 0x14200 cleaner cleaner
56395 348603 0 0 3 0x14200 reaper reaper
26137 360890 0 0 3 0x14200 pgdaemon pagedaemon
65476 484672 0 0 3 0x14200 bored viomb
41232 478150 0 0 3 0x40014200 acpi0 acpi0
45157 166636 0 0 7 0x40014200 idle1
76738 120084 0 0 3 0x14200 bored softnet
73433 220241 0 0 3 0x14200 bored systqmp
79015 329875 0 0 3 0x14200 bored systq
*66261 219715 0 0 7 0x40014200 softclock
32922 17937 0 0 3 0x40014200 idle0
1 249863 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 66261 (softclock) thread 0xffff800021148d20 (219715)
exclusive rwlock netlock r = 0 (0xffffffff827d4c70)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 arptimer+0x22 sys/netinet/if_ether.c:129
#2 timeout_run+0xcc sys/kern/kern_timeout.c:678
#3 softclock_thread+0x134 sys/kern/kern_timeout.c:802
#4 proc_trampoline+0x1c
shared rwlock timeout r = 0 (0xffffffff827f2a68)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 timeout_run+0xb7 sys/kern/kern_timeout.c:674
#2 softclock_thread+0x134 sys/kern/kern_timeout.c:802
#3 proc_trampoline+0x1c
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829f8c18)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227
#2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416
#3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433
#4 softclock_thread+0xd9 sys/kern/kern_timeout.c:797
#5 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10131 6511K 7082K 78643K 16077 0
pcb 13 8K 8K 78643K 1577 0
rtable 78 11K 12K 78643K 3184 0
ifaddr 48 14K 17K 78643K 1173 0
sysctl 3 1K 2K 78643K 5 0
counters 44 34K 34K 78643K 438 0
ioctlops 0 0K 4K 78643K 3353 0
iov 0 0K 24K 78643K 945 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1270 80K 80K 78643K 4864 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 98 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 1685 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 12208 0
sigio 0 0K 0K 78643K 83 0
proc 66 63K 111K 78643K 2072 0
subproc 66 4K 4K 78643K 1361 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1159 0
in_multi 16 1K 2K 78643K 1721 0
ether_multi 1 0K 0K 78643K 219 0
mrt 1 0K 0K 78643K 67 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 97 440K 440K 78643K 97 0
exec 0 0K 2K 78643K 2196 0
pfkey data 0 0K 1K 78643K 10 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 590 1542K 1546K 78643K 144486 0
UVM aobj 131 8K 8K 78643K 143 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 1K 78643K 1582 0
NDP 7 0K 0K 78643K 387 0
temp 85 4196K 8292K 78643K 179569 0
kqueue 7 12K 28K 78643K 796 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 782 0 781 1 0 1 1 0 8 0
rtentry 112 1158 0 1132 3 1 2 2 0 8 0
unpcb 128 4794 0 4786 12 11 1 3 0 8 0
syncache 296 10 0 10 3 3 0 1 0 8 0
tcpqe 32 84 0 84 1 1 0 1 0 8 0
tcpcb 736 3570 0 3562 49 47 2 3 0 8 1
arp 120 125 0 118 1 0 1 1 0 8 0
inpcb 304 19898 0 19894 31 29 2 2 0 8 1
rttmr 72 4 0 4 4 4 0 1 0 8 0
nd6 48 265 0 263 4 3 1 1 0 8 0
pkpcb 40 79 0 79 23 23 0 1 0 8 0
kcovpl 48 41 0 39 1 0 1 1 0 8 0
ppxss 1248 42 0 42 23 23 0 1 0 8 0
pffrag 232 67 0 67 18 18 0 1 0 482 0
pffrnode 88 67 0 67 18 18 0 1 0 8 0
pffrent 40 798 0 798 20 20 0 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 79 0 77 1 0 1 1 0 8 0
pfstkey 112 79 0 77 1 0 1 1 0 8 0
pfstate 320 79 0 77 3 2 1 3 0 8 0
pfrule 1360 31 0 25 2 1 1 2 0 8 0
art_heap8 4096 12 0 11 11 10 1 3 0 8 0
art_heap4 256 7212 0 7093 66 55 11 16 0 8 0
art_table 32 7224 0 7104 2 0 2 2 0 8 0
art_node 16 1150 0 1131 1 0 1 1 0 8 0
sysvmsgpl 40 57 0 17 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 1679 0 1669 1 0 1 1 0 8 0
shmpl 112 140 0 12 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 16806 0 15380 90 0 90 90 0 8 0
ffsino 272 16806 0 15380 96 0 96 96 0 8 0
nchpl 144 33221 0 32780 61 42 19 61 0 8 0
uvmvnodes 72 19156 0 0 349 0 349 349 0 8 0
vnodes 224 19156 0 0 1127 0 1127 1127 0 8 0
namei 1024 101662 0 101662 20 19 1 1 0 8 1
percpumem 16 231 0 197 1 0 1 1 0 8 0
vcpupl 2048 161 0 1 20 0 20 20 0 8 0
vmpool 560 184 0 24 14 2 12 12 0 8 0
scsiplug 72 7 0 7 5 5 0 1 0 8 0
scxspl 216 98257 0 98257 25 24 1 8 0 8 1
plimitpl 152 746 0 738 1 0 1 1 0 8 0
sigapl 424 12415 0 12365 14 8 6 7 0 8 0
futexpl 64 216944 0 216943 17 16 1 1 0 8 0
knotepl 112 154 0 0 4 1 3 3 0 8 0
kqueuepl 216 2860 0 2846 24 23 1 2 0 8 0
pipepl 336 1855 0 1845 22 20 2 2 0 8 0
fdescpl 496 12330 0 12315 3 0 3 3 0 8 0
filepl 152 73628 0 73500 34 27 7 9 0 8 2
lockfpl 104 2871 0 2870 1 0 1 1 0 8 0
lockfspl 48 858 0 857 1 0 1 1 0 8 0
sessionpl 144 61 0 51 1 0 1 1 0 8 0
pgrppl 48 99 0 89 1 0 1 1 0 8 0
ucredpl 96 8681 0 8670 1 0 1 1 0 8 0
zombiepl 144 12365 0 12365 6 5 1 1 0 8 1
processpl 1072 12415 0 12365 6 2 4 4 0 8 0
procpl 672 26668 0 26609 13 7 6 6 0 8 0
srpgc 96 26 0 26 13 13 0 1 0 8 0
sosppl 168 134 0 134 42 42 0 1 0 8 0
sockpl 480 25706 0 25693 81 75 6 11 0 8 3
mcl64k 65536 13 0 0 2 0 2 2 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 11 0 0 2 0 2 2 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 9 0 0 2 0 2 2 0 8 0
mcl4k 4096 10 0 0 2 0 2 2 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 283 0 0 21 1 20 21 0 8 0
mtagpl 96 35 0 0 1 0 1 1 0 8 0
mbufpl 256 1372 0 0 34 5 29 32 0 8 0
bufpl 280 26151 0 19822 453 0 453 453 0 8 0
anonpl 24 3314255 0 3294920 275 154 121 138 0 186 0
amapchunkpl 152 357948 0 357205 285 254 31 44 0 158 1
amappl16 200 29307 0 28632 221 185 36 48 0 8 0
amappl15 192 1815 0 1809 1 0 1 1 0 8 0
amappl14 184 2471 0 2468 5 4 1 1 0 8 0
amappl13 176 2385 0 2384 1 0 1 1 0 8 0
amappl12 168 1989 0 1985 1 0 1 1 0 8 0
amappl11 160 1230 0 1217 1 0 1 1 0 8 0
amappl10 152 520 0 513 1 0 1 1 0 8 0
amappl9 144 756 0 754 1 0 1 1 0 8 0
amappl8 136 3341 0 3214 5 0 5 5 0 8 0
amappl7 128 2227 0 2219 1 0 1 1 0 8 0
amappl6 120 763 0 749 1 0 1 1 0 8 0
amappl5 112 11186 0 11167 1 0 1 1 0 8 0
amappl4 104 3767 0 3733 1 0 1 1 0 8 0
amappl3 96 3280 0 3264 1 0 1 1 0 8 0
amappl2 88 15022 0 14949 5 3 2 2 0 8 0
amappl1 80 199616 0 199211 14 4 10 13 0 8 0
amappl 88 143061 0 142766 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 142 0 12 3 0 3 3 0 8 0
uaddrrnd 24 12514 0 12339 2 0 2 2 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 12514 0 12339 2 0 2 2 0 8 0
vmmpekpl 168 64573 0 64521 3 0 3 3 0 8 0
vmmpepl 168 1097375 0 1095112 705 601 104 135 0 357 0
vmsppl 368 12513 0 12339 18 2 16 16 0 8 0
rwobjpl 56 241357 0 239732 69 45 24 27 0 8 0
pdppl 4096 25036 0 24838 278 78 200 200 0 8 2
pvpl 32 5770122 0 5748572 457 274 183 215 0 265 0
pmappl 224 12513 0 12339 11 0 11 11 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 740 0 240 15 0 15 15 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8244f3b8) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bdba5,ffffffff824bbcd4,2d5,ffffffff8241e14c) at __assert+0x25 sys/kern/subr_prf.c:161
arptfree(fffffd80688a0470) at arptfree+0x105 sys/netinet/if_ether.c:725
arptimer(ffffffff829d83b8) at arptimer+0x80 sys/netinet/if_ether.c:131
timeout_run(ffffffff829d83b8) at timeout_run+0xcc sys/kern/kern_timeout.c:678
softclock_thread(ffff800021148d20) at softclock_thread+0x134 sys/kern/kern_timeout.c:802
end trace frame: 0x0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: -5
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 21, 2022, 12:41:13 AM4/21/22
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages