panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 38822 70760 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e6d2f,ffffffff82202a57,2cc,ffffffff8216f65a) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802db3f238) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff82558270) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e6d2f,ffffffff82202a57,2cc,ffffffff8216f65a) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802db3f238) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff82558270) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: -6 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014812b00 rbx 0xffff800014812bb0 rdx 0x2 rcx 0 rax 0 r8 0xffff800014812ac0 r9 0x1 r10 0 r11 0x808e5e416e5556b7 r12 0x3000000008 r13 0xffff800014812b10 r14 0x100 r15 0x1 rip 0xffffffff820a1928 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014812af0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=38822 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffe9e0,0xffff8000ffffe288 process=0xffff8000ffffca20 user=0xffff80001480d000, vmspace=0xffffffff8259ece0 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 13969 118448 42581 60929 2 0x490 syz-executor.0 13969 22100 42581 60929 3 0x4000090 netio syz-executor.0 13969 263321 42581 60929 3 0x4000090 fsleep syz-executor.0 42581 22803 18487 0 2 0x482 syz-executor.0 21146 267758 1 0 3 0x100083 ttyin getty 39797 157085 18487 0 3 0x82 piperd syz-executor.1 91211 508318 0 0 3 0x14200 acct acct 33883 224967 0 0 3 0x14200 bored sosplice 18487 138008 67856 0 3 0x82 thrsleep syz-fuzzer 18487 155522 67856 0 3 0x4000082 thrsleep syz-fuzzer 18487 54450 67856 0 3 0x4000082 thrsleep syz-fuzzer 18487 96080 67856 0 3 0x4000082 thrsleep syz-fuzzer 18487 15844 67856 0 3 0x4000082 kqread syz-fuzzer 18487 122054 67856 0 3 0x4000082 thrsleep syz-fuzzer 18487 406533 67856 0 3 0x4000082 thrsleep syz-fuzzer 67856 49653 59493 0 3 0x10008a pause ksh 59493 134578 46196 0 3 0x92 select sshd 46196 23517 1 0 3 0x80 select sshd 83941 334696 65844 73 3 0x100090 kqread syslogd 65844 41245 1 0 3 0x100082 netio syslogd 4110 153297 1 77 3 0x100090 poll dhclient 1345 67180 1 0 3 0x80 poll dhclient 21813 253894 0 0 3 0x14200 pgzero zerothread 51764 215593 0 0 3 0x14200 aiodoned aiodoned 83136 9982 0 0 3 0x14200 syncer update 5515 425891 0 0 3 0x14200 cleaner cleaner 99669 64569 0 0 3 0x14200 reaper reaper 80788 186965 0 0 3 0x14200 pgdaemon pagedaemon 51576 392468 0 0 3 0x14200 bored crynlk 26199 442118 0 0 3 0x14200 bored crypto 23472 85210 0 0 3 0x40014200 acpi0 acpi0 96438 251206 0 0 3 0x14200 bored softnet 94441 297558 0 0 3 0x14200 bored systqmp 5565 155717 0 0 3 0x14200 bored systq *70760 38822 0 0 7 0x40014200 softclock 7795 41482 0 0 3 0x40014200 idle0 81645 445596 0 0 3 0x14200 bored smr 1 129735 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9574 7003K 8913K 78643K 21221 0 0 pcb 13 10K 12K 78643K 341 0 0 rtable 98 8K 9K 78643K 1285 0 0 ifaddr 84 17K 17K 78643K 402 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 225 0 0 iov 0 0K 24K 78643K 589 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1236 78K 78K 78643K 4049 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 28 0 0 VM map 11 2K 2K 78643K 17 0 0 sem 12 1K 1K 78643K 14 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 1798 0 0 sigio 0 0K 0K 78643K 26 0 0 proc 49 46K 63K 78643K 865 0 0 subproc 32 2K 2K 78643K 187 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 126 0 0 in_multi 14 0K 2K 78643K 215 0 0 ether_multi 1 0K 0K 78643K 19 0 0 mrt 1 0K 0K 78643K 13 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 522 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 120 103K 107K 78643K 5711 0 0 UVM aobj 130 6K 6K 78643K 134 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 359 0 0 NDP 21 0K 0K 78643K 125 0 0 temp 233 3545K 4184K 78643K 66974 0 0 kqueue 0 0K 0K 78643K 21 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 42 0 37 1 0 1 1 0 8 0 rtpcb 80 276 0 274 1 0 1 1 0 8 0 rtentry 112 227 0 194 2 0 2 2 0 8 0 unpcb 120 2137 0 2123 3 2 1 2 0 8 0 syncache 264 11 0 11 4 3 1 1 0 8 1 tcpqe 32 78 0 78 3 2 1 1 0 8 1 tcpcb 544 1204 0 1199 5 4 1 2 0 8 0 ipq 40 6 0 6 4 4 0 1 0 8 0 ipqe 40 60 0 60 4 4 0 1 0 8 0 inpcb 280 3038 0 3030 18 16 2 13 0 8 1 rttmr 72 4 0 4 4 4 0 1 0 8 0 nd6 48 27 0 27 2 2 0 1 0 8 0 pkpcb 40 12 0 12 4 4 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 40 0 40 11 10 1 1 0 8 1 art_heap8 4096 28 0 25 14 10 4 4 0 8 1 art_heap4 256 1100 0 947 24 9 15 18 0 8 0 art_table 32 1128 0 972 3 1 2 3 0 8 0 art_node 16 226 0 195 1 0 1 1 0 8 0 sysvmsgpl 40 58 0 38 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 12 0 2 1 0 1 1 0 8 0 shmpl 112 132 0 4 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4291 0 2897 46 0 46 46 0 8 0 ffsino 240 4291 0 2897 83 0 83 83 0 8 0 nchpl 144 7328 0 6872 60 41 19 60 0 8 0 uvmvnodes 72 6606 0 0 121 0 121 121 0 8 0 vnodes 208 6606 0 0 348 0 348 348 0 8 0 namei 1024 24702 0 24702 2 1 1 1 0 8 1 vcpupl 1984 10 0 1 2 0 2 2 0 8 0 vmpool 520 15 0 6 1 0 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 28023 0 28023 18 17 1 7 0 8 1 plimitpl 152 169 0 162 1 0 1 1 0 8 0 sigapl 432 1944 0 1931 2 0 2 2 0 8 0 futexpl 56 51873 0 51872 2 1 1 1 0 8 0 knotepl 112 465 0 446 1 0 1 1 0 8 0 kqueuepl 104 495 0 493 1 0 1 1 0 8 0 pipepl 112 1306 0 1287 7 6 1 2 0 8 0 fdescpl 424 1945 0 1931 2 0 2 2 0 8 0 filepl 120 18027 0 17928 18 14 4 11 0 8 1 lockfpl 104 814 0 813 1 0 1 1 0 8 0 lockfspl 48 280 0 279 1 0 1 1 0 8 0 sessionpl 112 28 0 18 1 0 1 1 0 8 0 pgrppl 48 40 0 30 1 0 1 1 0 8 0 ucredpl 96 1869 0 1861 1 0 1 1 0 8 0 zombiepl 144 1931 0 1931 1 0 1 1 0 8 1 processpl 864 1961 0 1931 4 0 4 4 0 8 0 procpl 632 4423 0 4385 5 1 4 5 0 8 0 sosppl 128 22 0 22 8 8 0 1 0 8 0 sockpl 384 5487 0 5463 28 23 5 22 0 8 1 mcl64k 65536 191 0 191 4 3 1 1 0 8 1 mcl16k 16384 25 0 25 10 10 0 1 0 8 0 mcl12k 12288 48 0 48 7 6 1 1 0 8 1 mcl9k 9216 23 0 23 10 9 1 1 0 8 1 mcl8k 8192 84 0 84 7 7 0 1 0 8 0 mcl4k 4096 228 0 228 3 2 1 1 0 8 1 mcl2k2 2112 17 0 17 6 5 1 1 0 8 1 mcl2k 2048 69413 0 69367 19 12 7 15 0 8 0 mtagpl 80 104 0 86 3 2 1 1 0 8 0 mbufpl 256 124811 0 124689 24 13 11 16 0 8 0 bufpl 256 14744 0 8139 413 0 413 413 0 8 0 anonpl 16 285023 0 266069 147 54 93 93 0 62 11 amapchunkpl 152 12503 0 12373 49 38 11 16 0 158 4 amappl16 192 12578 0 11520 142 81 61 65 0 8 8 amappl15 184 101 0 98 3 2 1 1 0 8 0 amappl14 176 498 0 494 1 0 1 1 0 8 0 amappl13 168 342 0 341 3 2 1 1 0 8 0 amappl12 160 511 0 510 1 0 1 1 0 8 0 amappl11 152 75 0 64 1 0 1 1 0 8 0 amappl10 144 18 0 16 1 0 1 1 0 8 0 amappl9 136 925 0 918 1 0 1 1 0 8 0 amappl8 128 508 0 473 3 1 2 2 0 8 0 amappl7 120 78 0 72 1 0 1 1 0 8 0 amappl6 112 83 0 68 1 0 1 1 0 8 0 amappl5 104 712 0 702 1 0 1 1 0 8 0 amappl4 96 2000 0 1968 1 0 1 1 0 8 0 amappl3 88 843 0 838 1 0 1 1 0 8 0 amappl2 80 14650 0 14581 3 1 2 3 0 8 0 amappl1 72 46002 0 45584 26 16 10 20 0 8 0 amappl 80 4848 0 4805 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 133 0 4 3 0 3 3 0 8 0 uaddrrnd 24 1960 0 1931 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1960 0 1931 1 0 1 1 0 8 0 vmmpekpl 168 15763 0 15731 2 0 2 2 0 8 0 vmmpepl 168 244361 0 242191 242 122 120 138 0 357 20 vmsppl 272 1944 0 1931 3 2 1 2 0 8 0 pdppl 4096 3926 0 3883 8 2 6 6 0 8 0 pvpl 32 754749 0 732931 359 144 215 290 0 265 33 pmappl 200 1959 0 1937 2 0 2 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 624 0 77 16 0 16 16 0 8 0