panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *245002 73387 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8272591e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a2089,ffffffff827c4bac,308,ffffffff826f4fdb) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806c0141d8) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c371f8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c371f8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff050) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8272591e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a2089,ffffffff827c4bac,308,ffffffff826f4fdb) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806c0141d8) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c371f8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c371f8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff050) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800021604a30 rbx 0 rdx 0 rcx 0 rax 0xffff8000fffff050 r8 0x101010101010101 r9 0x8080808080808080 r10 0x8f20bf5e37a83997 r11 0x5fdfb9c515a3b690 r12 0 r13 0xfffffd8079ac0790 r14 0 r15 0x1 rip 0xffffffff8167da08 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021604a20 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=245002 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff5c0,0xffff8000ffffeda8 process=0xffff8000ffffcbd0 user=0xffff8000215ff000, vmspace=0xffffffff82be92a0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 64897 29857 63089 0 3 0x80 nanoslp syz-executor.5 64897 21437 63089 0 3 0x4000000 smrbar syz-executor.5 64897 190994 63089 0 3 0x4000080 fsleep syz-executor.5 63089 197226 39298 0 2 0x482 syz-executor.5 43687 99573 1 0 3 0x100083 ttyin getty 84517 15433 0 0 3 0x14200 bored sosplice 39298 494288 82125 0 3 0x82 wait syz-fuzzer 39298 76780 82125 0 2 0x4000482 syz-fuzzer 39298 522339 82125 0 3 0x4000082 thrsleep syz-fuzzer 39298 428009 82125 0 3 0x4000082 thrsleep syz-fuzzer 39298 162338 82125 0 3 0x4000082 wait syz-fuzzer 39298 509742 82125 0 3 0x4000082 kqread syz-fuzzer 39298 169906 82125 0 3 0x4000082 thrsleep syz-fuzzer 39298 494620 82125 0 3 0x4000082 thrsleep syz-fuzzer 39298 266235 82125 0 3 0x4000082 wait syz-fuzzer 39298 490229 82125 0 3 0x4000082 thrsleep syz-fuzzer 39298 515302 82125 0 3 0x4000082 wait syz-fuzzer 39298 406056 82125 0 2 0x4000002 syz-fuzzer 39298 468839 82125 0 3 0x4000082 wait syz-fuzzer 39298 299350 82125 0 3 0x4000082 wait syz-fuzzer 39298 77089 82125 0 3 0x4000082 thrsleep syz-fuzzer 82125 152548 14248 0 3 0x10008a sigsusp ksh 14248 492251 24175 0 3 0x9a kqread sshd 24175 51960 1 0 3 0x88 kqread sshd 15111 464669 46306 73 2 0x1100010 syslogd 46306 47410 1 0 3 0x100082 netio syslogd 64881 330203 1 0 3 0x100080 kqread resolvd 40063 58117 60324 77 3 0x100092 kqread dhcpleased 76803 493301 60324 77 3 0x100092 kqread dhcpleased 60324 340694 1 0 3 0x80 kqread dhcpleased 44532 156761 0 0 3 0x14200 bored smr 30516 320358 0 0 2 0x14200 zerothread 38550 333925 0 0 3 0x14200 aiodoned aiodoned 98159 199359 0 0 3 0x14200 syncer update 46044 294021 0 0 3 0x14200 cleaner cleaner 41035 194050 0 0 3 0x14200 reaper reaper 53447 390576 0 0 3 0x14200 pgdaemon pagedaemon 85975 341578 0 0 3 0x14200 bored viomb 55317 446041 0 0 3 0x40014200 acpi0 acpi0 5686 121434 0 0 3 0x14200 bored softnet 55579 80369 0 0 3 0x14200 bored softnet 40979 92341 0 0 3 0x14200 bored softnet 76377 267459 0 0 3 0x14200 bored softnet 55053 339590 0 0 3 0x14200 bored systqmp 78515 296917 0 0 3 0x14200 bored systq *73387 245002 0 0 7 0x40014200 softclock 67374 177045 0 0 3 0x40014200 idle0 1 88099 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10236 6470K 7246K 78643K 47776 0 pcb 13 22K 27K 78643K 8199 0 rtable 169 15K 18K 78643K 6113 0 ifaddr 90 31K 37K 78643K 2761 0 sysctl 3 1K 1K 78643K 5 0 counters 29 17K 18K 78643K 1157 0 ioctlops 0 0K 4K 78643K 4458 0 iov 0 0K 33K 78643K 4315 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1692 106K 106K 78643K 25225 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 254 0 VM map 2 0K 0K 78643K 2 0 sem 20 20K 40K 78643K 798 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 9 29K 77K 78643K 25757 0 sigio 0 0K 0K 78643K 762 0 proc 61 59K 75K 78643K 4126 0 subproc 78 4K 7K 78643K 1378 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 4289 0 in_multi 49 3K 6K 78643K 2091 0 ether_multi 1 0K 0K 78643K 401 0 mrt 2 0K 0K 78643K 686 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 181 811K 811K 78643K 181 0 exec 0 0K 1K 78643K 5053 0 pfkey data 0 0K 0K 78643K 38 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 326 83K 121K 78643K 165403 0 UVM aobj 131 4K 4K 78643K 133 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 745 0 NDP 14 0K 2K 78643K 887 0 temp 129 5769K 6794K 78643K 307824 0 kqueue 12 18K 26K 78643K 2417 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 2080 0 2077 31 30 1 5 0 8 0 rtentry 112 1911 0 1845 5 2 3 4 0 8 0 unpcb 144 32068 0 32055 280 279 1 10 0 8 0 syncache 296 37 0 37 9 9 0 1 0 8 0 tcpqe 32 327 0 327 5 5 0 1 0 8 0 tcpcb 776 12304 0 12300 398 397 1 20 0 8 0 arp 88 244 0 231 1 0 1 1 0 8 0 ipq 40 7 0 7 5 5 0 1 0 8 0 ipqe 40 18 0 18 5 5 0 1 0 8 0 inpcb 336 34769 0 34762 489 487 2 18 0 8 1 ip6q 72 3 0 3 1 1 0 1 0 8 0 ip6af 40 6 0 6 1 1 0 1 0 8 0 nd6 48 376 0 363 1 0 1 1 0 8 0 pkpcb 40 253 0 253 20 20 0 1 0 8 0 kcovpl 48 106 0 100 1 0 1 1 0 8 0 mppekey 1024 117 0 117 7 7 0 1 0 8 0 ppxss 1160 664 0 662 40 39 1 1 0 8 0 pppxif 1360 363 0 363 24 24 0 1 0 8 0 pfstscr 40 11 0 10 3 2 1 1 0 8 0 pfosfp 40 106 0 102 1 0 1 1 0 8 0 pfosfpen 112 106 0 100 1 0 1 1 0 8 0 pfanchor 1280 908 5 396 47 4 43 43 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 16 0 14 3 2 1 1 0 8 0 pfstate 352 8 0 7 3 2 1 1 0 8 0 rttmr 136 45 0 45 3 3 0 1 0 8 0 art_heap8 4096 80 0 79 12 11 1 3 0 8 0 art_heap4 256 9879 0 9588 74 48 26 29 0 8 0 art_table 32 9959 0 9667 6 2 4 4 0 8 0 art_node 16 1827 0 1770 1 0 1 1 0 8 0 sysvmsgpl 40 29 0 15 1 0 1 1 0 8 0 semupl 112 5 0 5 2 2 0 1 0 8 0 semapl 112 762 0 744 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 37468 0 35957 96 0 96 96 0 8 0 ffsino 240 37468 0 35957 90 0 90 90 0 8 0 nchpl 144 81965 0 80327 63 1 62 63 0 8 0 rtmask 32 8 0 7 3 2 1 1 0 8 0 uvmvnodes 80 6433 0 0 132 0 132 132 0 8 0 vnodes 216 6433 0 0 358 0 358 358 0 8 0 namei 1024 303479 0 303479 10 9 1 2 0 8 1 vmpool 664 102 0 102 18 18 0 1 0 8 0 kstatmem 264 1220 0 1192 4 1 3 3 0 8 0 scsiplug 72 28 0 28 8 8 0 1 0 8 0 scxspl 216 193964 0 193964 44 43 1 8 0 8 1 plimitpl 152 4372 0 4359 1 0 1 1 0 8 0 sigapl 424 26122 0 26080 13 5 8 8 0 8 0 futexpl 64 289393 0 289392 2 1 1 1 0 8 0 knotepl 120 701928 0 701868 171 167 4 17 0 8 0 kqueuepl 184 6408 0 6400 85 84 1 4 0 8 0 pipepl 288 7102 0 7085 143 140 3 10 0 8 0 fdescpl 432 25843 0 25823 4 0 4 4 0 8 0 filepl 120 250457 0 250271 308 298 10 18 0 8 0 lockfpl 104 8145 0 8143 16 15 1 2 0 8 0 lockfspl 48 2686 0 2684 1 0 1 1 0 8 0 sessionpl 144 130 0 116 1 0 1 1 0 8 0 pgrppl 48 1439 0 1425 1 0 1 1 0 8 0 ucredpl 104 27722 0 27709 1 0 1 1 0 8 0 zombiepl 144 26090 0 26080 2 1 1 1 0 8 0 processpl 1008 26122 0 26080 15 7 8 9 0 8 1 procpl 696 65498 0 65440 37 28 9 11 0 8 1 sosppl 168 248 0 248 45 45 0 1 0 8 0 sockpl 456 69215 0 69192 1829 1820 9 37 0 8 6 mcl64k 65536 1166 0 1166 65 65 0 1 0 8 0 mcl16k 16384 408 0 408 72 72 0 1 0 8 0 mcl12k 12288 1050 0 1050 62 62 0 1 0 8 0 mcl9k 9216 250 0 250 65 65 0 1 0 8 0 mcl8k 8192 1461 0 1461 63 63 0 1 0 8 0 mcl4k 4096 2958 0 2958 29 29 0 1 0 8 0 mcl2k2 2112 198 0 198 74 74 0 1 0 8 0 mcl2k 2048 130659 0 130584 100 87 13 35 0 8 0 mtagpl 96 3794 0 3783 33 28 5 10 0 8 4 mbufpl 256 500460 0 500275 1735 1709 26 230 0 8 4 bufpl 288 45885 0 39026 491 0 491 491 0 8 0 anonpl 24 4863443 0 4849058 289 151 138 140 0 188 13 amapchunkpl 152 515547 0 514946 218 178 40 45 0 158 9 amappl16 200 46848 0 46241 292 257 35 48 0 8 1 amappl15 192 8 0 8 3 3 0 1 0 8 0 amappl14 184 531 0 519 2 0 2 2 0 8 0 amappl13 176 14 0 13 1 0 1 1 0 8 0 amappl12 168 1593 0 1591 1 0 1 1 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 131 0 123 1 0 1 1 0 8 0 amappl9 144 1045 0 1042 1 0 1 1 0 8 0 amappl8 136 852 0 748 5 1 4 4 0 8 0 amappl7 128 415 0 390 2 0 2 2 0 8 0 amappl6 120 694 0 677 1 0 1 1 0 8 0 amappl5 112 840 0 834 1 0 1 1 0 8 0 amappl4 104 1940 0 1909 1 0 1 1 0 8 0 amappl3 96 73670 0 73631 2 0 2 2 0 8 0 amappl2 88 27428 0 27361 3 1 2 3 0 8 0 amappl1 80 575562 0 574967 28 12 16 22 0 8 0 amappl 88 163363 0 163205 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 25945 0 25925 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 25945 0 25925 1 0 1 1 0 8 0 vmmpekpl 168 193267 0 193215 3 0 3 3 0 8 0 vmmpepl 168 2350756 0 2348430 598 458 140 162 0 357 2 vmsppl 272 25944 0 25925 4 2 2 3 0 8 0 rwobjpl 24 598026 0 589843 56 5 51 52 0 8 0 pdppl 4096 51896 0 51850 1450 1388 62 70 0 8 16 pvpl 32 9352878 0 9333730 635 375 260 263 0 265 52 pmappl 216 25944 0 25925 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 4960 0 4143 30 4 26 29 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8272591e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a2089,ffffffff827c4bac,308,ffffffff826f4fdb) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806c0141d8) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c371f8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c371f8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff050) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8272591e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a2089,ffffffff827c4bac,308,ffffffff826f4fdb) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806c0141d8) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c371f8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c371f8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff050) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7