panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 718 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *181220 86519 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8239e292) at panic+0x15e sys/kern/subr_prf.c:218 __assert(ffffffff82408fc4,ffffffff824252bf,2ce,ffffffff82374aed) at __assert+0x2b sys/kern/subr_prf.c:162 arptfree(fffffd8056e01238) at arptfree+0x10d sys/netinet/if_ether.c:718 arptimer(ffffffff82779178) at arptimer+0x80 sys/netinet/if_ether.c:120 timeout_run(ffffffff82779178) at timeout_run+0x8b sys/kern/kern_timeout.c:482 softclock_thread(ffff8000ffffe768) at softclock_thread+0xe4 sys/kern/kern_timeout.c:580 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 718 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8239e292) at panic+0x15e sys/kern/subr_prf.c:218 __assert(ffffffff82408fc4,ffffffff824252bf,2ce,ffffffff82374aed) at __assert+0x2b sys/kern/subr_prf.c:162 arptfree(fffffd8056e01238) at arptfree+0x10d sys/netinet/if_ether.c:718 arptimer(ffffffff82779178) at arptimer+0x80 sys/netinet/if_ether.c:120 timeout_run(ffffffff82779178) at timeout_run+0x8b sys/kern/kern_timeout.c:482 softclock_thread(ffff8000ffffe768) at softclock_thread+0xe4 sys/kern/kern_timeout.c:580 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001d6644c0 rbx 0xffff80001d6644d0 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffff80001d664480 r9 0xffffffff81403e00 kprintf+0x140 r10 0x1 r11 0x104cb08d4836c45 r12 0x3000000008 r13 0xffff80001d664570 r14 0x100 r15 0x1 rip 0xffffffff8199f828 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001d6644b0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=181220 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffec58,0xffff8000ffffe500 process=0xffff8000ffffcec0 user=0xffff80001d65f000, vmspace=0xffffffff8281f6c8 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 18704 494889 0 0 3 0x14200 acct acct 47490 282817 80661 0 3 0x82 piperd syz-executor.0 50190 439222 1 0 3 0x100083 ttyin getty 92656 106159 80661 0 3 0x82 piperd syz-executor.1 98443 143393 0 0 3 0x14200 bored sosplice 77836 152932 0 0 3 0x14280 nfsidl nfsio 82759 508208 0 0 3 0x14280 nfsidl nfsio 32458 312945 0 0 3 0x14280 nfsidl nfsio 42782 418347 0 0 3 0x14280 nfsidl nfsio 6795 260881 0 0 3 0x14280 nfsidl nfsio 95274 348573 0 0 3 0x14280 nfsidl nfsio 22122 419071 0 0 3 0x14280 nfsidl nfsio 54109 68908 0 0 3 0x14280 nfsidl nfsio 50601 315245 0 0 3 0x14280 nfsidl nfsio 13851 124353 0 0 3 0x14280 nfsidl nfsio 4671 115136 0 0 3 0x14280 nfsidl nfsio 34166 239369 0 0 3 0x14280 nfsidl nfsio 99079 204202 0 0 3 0x14280 nfsidl nfsio 49298 420478 0 0 3 0x14280 nfsidl nfsio 63716 381522 0 0 3 0x14280 nfsidl nfsio 32821 462805 0 0 3 0x14280 nfsidl nfsio 80951 104475 0 0 3 0x14280 nfsidl nfsio 98000 123472 0 0 3 0x14280 nfsidl nfsio 55655 344863 0 0 3 0x14280 nfsidl nfsio 89421 272713 0 0 3 0x14280 nfsidl nfsio 80661 59692 1379 0 3 0x82 thrsleep syz-fuzzer 80661 15894 1379 0 3 0x4000082 nanosleep syz-fuzzer 80661 282317 1379 0 2 0x4000002 syz-fuzzer 80661 490502 1379 0 3 0x4000082 thrsleep syz-fuzzer 80661 215074 1379 0 3 0x4000082 thrsleep syz-fuzzer 80661 423095 1379 0 3 0x4000082 thrsleep syz-fuzzer 80661 11260 1379 0 3 0x4000082 thrsleep syz-fuzzer 1379 204808 16639 0 3 0x10008a pause ksh 16639 343996 20716 0 3 0x92 select sshd 20716 69319 1 0 3 0x80 select sshd 73078 151134 63843 73 3 0x100090 kqread syslogd 63843 170578 1 0 3 0x100082 netio syslogd 43170 321548 1 77 3 0x100090 poll dhclient 18703 517496 1 0 3 0x80 poll dhclient 90974 186954 0 0 3 0x14200 bored smr 2199 283067 0 0 2 0x14200 zerothread 70667 7077 0 0 3 0x14200 aiodoned aiodoned 57131 498826 0 0 3 0x14200 syncer update 75505 226383 0 0 3 0x14200 cleaner cleaner 28988 49354 0 0 3 0x14200 reaper reaper 62075 71493 0 0 3 0x14200 pgdaemon pagedaemon 52422 409258 0 0 3 0x14200 bored crynlk 24915 470627 0 0 3 0x14200 bored crypto 25588 345337 0 0 3 0x40014200 acpi0 acpi0 30637 154866 0 0 3 0x14200 bored softnet 23190 378421 0 0 3 0x14200 bored systqmp 99463 458770 0 0 3 0x14200 bored systq *86519 181220 0 0 7 0x40014200 softclock 56118 105431 0 0 3 0x40014200 idle0 1 179576 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9536 6381K 6845K 78643K 14762 0 pcb 13 8K 8K 78643K 1484 0 rtable 144 15K 19K 78643K 1587 0 ifaddr 113 21K 22K 78643K 416 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 61 0 ioctlops 0 0K 4K 78643K 1154 0 iov 0 0K 16K 78643K 225 0 mount 1 1K 1K 78643K 1 0 vnodes 1220 77K 77K 78643K 2561 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 32 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 1K 78643K 198 0 dirhash 6 1K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 4 9K 25K 78643K 2195 0 sigio 0 0K 0K 78643K 86 0 proc 55 39K 62K 78643K 885 0 subproc 32 2K 2K 78643K 187 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 385 0 in_multi 31 2K 2K 78643K 334 0 ether_multi 1 0K 0K 78643K 54 0 mrt 0 0K 0K 78643K 9 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 679 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 170 172K 175K 78643K 5711 0 UVM aobj 74 5K 5K 78643K 121 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 288 0 NDP 17 0K 0K 78643K 85 0 temp 171 3997K 4061K 78643K 30760 0 kqueue 3 4K 12K 78643K 103 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 34 0 27 1 0 1 1 0 8 0 rtpcb 88 137 0 135 1 0 1 1 0 8 0 rtentry 112 211 0 177 2 0 2 2 0 8 0 unpcb 120 791 0 783 1 0 1 1 0 8 0 syncache 272 19 0 19 9 9 0 1 0 8 0 tcpqe 32 30 0 30 4 4 0 1 0 8 0 tcpcb 592 2201 0 2197 24 23 1 4 0 8 0 ipq 40 7 0 7 3 3 0 1 0 8 0 ipqe 40 102 0 102 3 3 0 1 0 8 0 inpcb 296 5861 0 5854 12 11 1 2 0 8 0 rttmr 72 4 0 4 4 4 0 1 0 8 0 ip6q 72 3 0 3 2 2 0 1 0 8 0 ip6af 40 8 0 8 2 2 0 1 0 8 0 nd6 48 45 0 39 1 0 1 1 0 8 0 pkpcb 40 14 0 14 4 4 0 1 0 8 0 swfcl 56 1 0 0 1 0 1 1 0 8 0 ppxss 1136 3 0 3 3 3 0 1 0 8 0 pfstscr 40 16 0 14 2 1 1 1 0 8 0 pfosfp 40 2 0 0 1 0 1 1 0 8 0 pfosfpen 112 3 0 0 1 0 1 1 0 8 0 pfrktable 1344 273 0 250 9 7 2 3 0 8 0 pftag 88 44 0 34 1 0 1 1 0 8 0 pfstitem 24 14 0 12 1 0 1 1 0 8 0 pfstkey 112 25 0 23 2 1 1 1 0 8 0 pfstate 328 13 0 12 2 1 1 1 0 8 0 pfrule 1360 114 0 65 10 5 5 5 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 929 0 772 20 9 11 17 0 8 0 art_table 32 931 0 773 3 1 2 3 0 8 0 art_node 16 209 0 182 1 0 1 1 0 8 0 sysvmsgpl 40 25 0 16 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 194 0 184 1 0 1 1 0 8 0 shmpl 112 118 0 47 3 0 3 3 0 8 0 dirhash 1024 17 0 13 3 1 2 3 0 8 0 dino2pl 256 4063 0 2664 88 0 88 88 0 8 0 ffsino 240 4063 0 2664 83 0 83 83 0 8 0 nchpl 144 7119 0 5542 60 0 60 60 0 8 0 uvmvnodes 72 5240 0 0 96 0 96 96 0 8 0 vnodes 208 5240 0 0 276 0 276 276 0 8 0 namei 1024 20970 0 20970 11 11 0 1 0 8 0 vcpupl 1984 16 0 0 2 0 2 2 0 8 0 vmpool 528 30 0 14 2 0 2 2 0 8 0 pfiaddrpl 120 156 0 118 4 2 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 200 36120 0 36120 30 29 1 1 0 8 1 plimitpl 152 145 0 138 1 0 1 1 0 8 0 sigapl 424 2378 0 2329 6 0 6 6 0 8 0 futexpl 56 45700 0 45700 10 10 0 1 0 8 0 knotepl 112 287 0 267 1 0 1 1 0 8 0 kqueuepl 152 218 0 216 1 0 1 1 0 8 0 pipepl 272 423 0 412 11 10 1 2 0 8 0 fdescpl 432 2342 0 2329 2 0 2 2 0 8 0 filepl 120 15744 0 15647 10 7 3 4 0 8 0 lockfpl 104 422 0 421 1 0 1 1 0 8 0 lockfspl 48 143 0 142 1 0 1 1 0 8 0 sessionpl 120 28 0 18 1 0 1 1 0 8 0 pgrppl 48 39 0 29 1 0 1 1 0 8 0 ucredpl 96 1080 0 1073 1 0 1 1 0 8 0 zombiepl 144 2329 0 2329 8 8 0 1 0 8 0 processpl 944 2378 0 2329 7 0 7 7 0 8 0 procpl 632 4846 0 4791 12 7 5 6 0 8 0 sosppl 144 6 0 6 3 3 0 1 0 8 0 sockpl 400 6813 0 6796 23 21 2 4 0 8 0 mcl64k 65536 107 0 107 24 24 0 1 0 8 0 mcl16k 16384 16 0 16 9 9 0 1 0 8 0 mcl12k 12288 62 0 62 22 22 0 1 0 8 0 mcl9k 9216 22 0 22 14 14 0 1 0 8 0 mcl8k 8192 80 0 80 24 24 0 1 0 8 0 mcl4k 4096 227 0 227 18 18 0 1 0 8 0 mcl2k2 2112 28 0 28 21 21 0 1 0 8 0 mcl2k 2048 91405 0 91360 23 16 7 13 0 8 0 mtagpl 96 174 0 168 2 1 1 1 0 8 0 mbufpl 256 159452 0 159364 46 38 8 22 0 8 0 bufpl 280 9232 0 3858 384 0 384 384 0 8 0 anonpl 16 256784 0 240087 150 71 79 96 0 107 0 amapchunkpl 152 10490 0 10254 48 38 10 23 0 158 0 amappl16 192 9793 0 8808 118 68 50 62 0 8 0 amappl15 184 74 0 72 1 0 1 1 0 8 0 amappl14 176 247 0 240 1 0 1 1 0 8 0 amappl13 168 338 0 337 1 0 1 1 0 8 0 amappl12 160 485 0 483 2 1 1 1 0 8 0 amappl11 152 81 0 71 1 0 1 1 0 8 0 amappl10 144 17 0 13 1 0 1 1 0 8 0 amappl9 136 909 0 908 4 3 1 1 0 8 0 amappl8 128 789 0 732 2 0 2 2 0 8 0 amappl7 120 343 0 338 1 0 1 1 0 8 0 amappl6 112 167 0 151 1 0 1 1 0 8 0 amappl5 104 2307 0 2296 1 0 1 1 0 8 0 amappl4 96 616 0 587 1 0 1 1 0 8 0 amappl3 88 549 0 541 1 0 1 1 0 8 0 amappl2 80 16013 0 15956 2 0 2 2 0 8 0 amappl1 72 67902 0 67495 24 14 10 18 0 8 0 amappl 80 5222 0 5152 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 120 0 47 2 0 2 2 0 8 0 uaddrrnd 24 2372 0 2343 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2372 0 2343 1 0 1 1 0 8 0 vmmpekpl 168 17094 0 17061 2 0 2 2 0 8 0 vmmpepl 168 296176 0 294130 384 288 96 134 0 357 0 vmsppl 272 2371 0 2343 4 2 2 3 0 8 0 pdppl 4096 4750 0 4702 8 1 7 7 0 8 0 pvpl 32 734310 0 714758 459 275 184 330 0 265 0 pmappl 200 2371 0 2343 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 418 0 201 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8239e292) at panic+0x15e sys/kern/subr_prf.c:218 __assert(ffffffff82408fc4,ffffffff824252bf,2ce,ffffffff82374aed) at __assert+0x2b sys/kern/subr_prf.c:162 arptfree(fffffd8056e01238) at arptfree+0x10d sys/netinet/if_ether.c:718 arptimer(ffffffff82779178) at arptimer+0x80 sys/netinet/if_ether.c:120 timeout_run(ffffffff82779178) at timeout_run+0x8b sys/kern/kern_timeout.c:482 softclock_thread(ffff8000ffffe768) at softclock_thread+0xe4 sys/kern/kern_timeout.c:580 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8239e292) at panic+0x15e sys/kern/subr_prf.c:218 __assert(ffffffff82408fc4,ffffffff824252bf,2ce,ffffffff82374aed) at __assert+0x2b sys/kern/subr_prf.c:162 arptfree(fffffd8056e01238) at arptfree+0x10d sys/netinet/if_ether.c:718 arptimer(ffffffff82779178) at arptimer+0x80 sys/netinet/if_ether.c:120 timeout_run(ffffffff82779178) at timeout_run+0x8b sys/kern/kern_timeout.c:482 softclock_thread(ffff8000ffffe768) at softclock_thread+0xe4 sys/kern/kern_timeout.c:580 end trace frame: 0x0, count: -7