panic: kernel diagnostic assertion "la != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 342 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 261168 8133 0 0x14000 0x200 1 reaper *284037 24666 0 0x14000 0x200 0 softnet db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:212 __assert(ffffffff81f9f98e,ffffffff81f9d06c,156,ffffffff81f7a131) at __assert+0x2e sys/kern/subr_prf.c:159 arpresolve(ffff8000001732a8,fffffd80680fd7e8,fffffd806f29c500,ffff800020ae7a58,ffff800020ae79d8) at arpresolve+0x839 sys/netinet/if_ether.c:342 ether_resolve(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8,ffff800020ae79d8) at ether_resolve+0x20d sys/net/if_ethersubr.c:211 ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline] ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8) at ether_output+0x47 sys/net/if_ethersubr.c:336 ip_output(fffffd806f29c500,0,0,800,0,0) at ip_output+0x1167 sys/netinet/ip_output.c:470 tcp_respond(0,fffffd8007ac181a,fffffd8007ac182e,0,9fd33e71,4) at tcp_respond+0x581 sys/netinet/tcp_subr.c:406 tcp_input(ffff800020ae7e50,ffff800020ae7e5c,6,2) at tcp_input+0x2512 ip_deliver(ffff800020ae7e50,ffff800020ae7e5c,6,2) at ip_deliver+0x353 sys/netinet/ip_input.c:705 ipintr() at ipintr+0x77 sys/netinet/ip_input.c:239 if_netisr(0) at if_netisr+0x10a sys/net/if.c:1001 taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:345 end trace frame: 0x0, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel diagnostic assertion "la != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 342 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:212 __assert(ffffffff81f9f98e,ffffffff81f9d06c,156,ffffffff81f7a131) at __assert+0x2e sys/kern/subr_prf.c:159 arpresolve(ffff8000001732a8,fffffd80680fd7e8,fffffd806f29c500,ffff800020ae7a58,ffff800020ae79d8) at arpresolve+0x839 sys/netinet/if_ether.c:342 ether_resolve(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8,ffff800020ae79d8) at ether_resolve+0x20d sys/net/if_ethersubr.c:211 ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline] ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8) at ether_output+0x47 sys/net/if_ethersubr.c:336 ip_output(fffffd806f29c500,0,0,800,0,0) at ip_output+0x1167 sys/netinet/ip_output.c:470 tcp_respond(0,fffffd8007ac181a,fffffd8007ac182e,0,9fd33e71,4) at tcp_respond+0x581 sys/netinet/tcp_subr.c:406 tcp_input(ffff800020ae7e50,ffff800020ae7e5c,6,2) at tcp_input+0x2512 ip_deliver(ffff800020ae7e50,ffff800020ae7e5c,6,2) at ip_deliver+0x353 sys/netinet/ip_input.c:705 ipintr() at ipintr+0x77 sys/netinet/ip_input.c:239 if_netisr(0) at if_netisr+0x10a sys/net/if.c:1001 taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:345 end trace frame: 0x0, count: -13 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020ae77a0 rbx 0xffff800020ae7850 rdx 0xffff800020ac0000 rcx 0 rax 0 r8 0xffffffff8174e1a3 kprintf+0x173 r9 0x1 r10 0x25 r11 0x2f9769b41e14b9d1 r12 0x3000000008 r13 0xffff800020ae77b0 r14 0x100 r15 0x1 rip 0xffffffff81c63ee8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020ae7790 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softnet) pid=284037 stat=onproc flags process=14000 proc=200 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020ac0258,0xffff800020ac0bc8 process=0xffff800020ac2348 user=0xffff800020ae2000, vmspace=0xffffffff823984c0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 68523 442136 1 0 3 0x100083 ttyin getty 43356 457736 0 0 3 0x14200 bored sosplice 695 121543 1 0 2 0x2 syz-executor.1 51511 133922 52922 0 3 0x10008a pause ksh 52922 267629 55064 0 3 0x92 select sshd 55064 43016 1 0 3 0x80 select sshd 70926 141909 31354 74 3 0x100092 bpf pflogd 31354 483861 1 0 3 0x80 netio pflogd 5003 224356 97777 73 3 0x100090 kqread syslogd 97777 120095 1 0 3 0x100082 netio syslogd 53905 372942 1 77 3 0x100090 poll dhclient 38107 408680 1 0 3 0x80 poll dhclient 40596 348684 0 0 3 0x14200 pgzero zerothread 22512 169901 0 0 3 0x14200 aiodoned aiodoned 63716 319263 0 0 3 0x14200 syncer update 98369 52607 0 0 3 0x14200 cleaner cleaner 8133 261168 0 0 7 0x14200 reaper 39941 436352 0 0 3 0x14200 pgdaemon pagedaemon 80836 173983 0 0 3 0x14200 bored crynlk 81999 215596 0 0 3 0x14200 bored crypto 32879 416857 0 0 3 0x40014200 acpi0 acpi0 30095 345012 0 0 3 0x40014200 idle1 *24666 284037 0 0 7 0x14200 softnet 42607 60441 0 0 3 0x14200 bored systqmp 15267 283200 0 0 3 0x14200 bored systq 38700 466658 0 0 2 0x40014200 softclock 35517 394750 0 0 3 0x40014200 idle0 16967 332384 0 0 3 0x14200 bored smr 1 416353 0 0 2 0x82 init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd800744c6b8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1161 #1 mtx_enter_try+0x102 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 pmap_remove_ptes+0x22b pmap_remove_pv sys/arch/amd64/amd64/pmap.c:984 [inline] #3 pmap_remove_ptes+0x22b sys/arch/amd64/amd64/pmap.c:1577 #4 pmap_do_remove+0x400 sys/arch/amd64/amd64/pmap.c:1785 #5 uvm_map_teardown+0x195 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:206 [inline] #5 uvm_map_teardown+0x195 sys/uvm/uvm_map.c:2650 #6 uvmspace_free+0x86 sys/uvm/uvm_map.c:3519 #7 uvm_exit+0x29 sys/uvm/uvm_glue.c:297 #8 reaper+0x170 sys/kern/kern_exit.c:433 #9 proc_trampoline+0x1c exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd807effd498) #0 witness_lock+0x52e sys/kern/subr_witness.c:1161 #1 mtx_enter_try+0x102 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 pmap_do_remove+0x88 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:141 [inline] #3 pmap_do_remove+0x88 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:418 [inline] #3 pmap_do_remove+0x88 sys/arch/amd64/amd64/pmap.c:1689 #4 uvm_map_teardown+0x195 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:206 [inline] #4 uvm_map_teardown+0x195 sys/uvm/uvm_map.c:2650 #5 uvmspace_free+0x86 sys/uvm/uvm_map.c:3519 #6 uvm_exit+0x29 sys/uvm/uvm_glue.c:297 #7 reaper+0x170 sys/kern/kern_exit.c:433 #8 proc_trampoline+0x1c Process 24666 (softnet) thread 0xffff800020ac0000 (284037) exclusive rwlock netlock r = 0 (0xffffffff8220efe8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1161 #1 if_netisr+0x1e sys/net/if.c:981 #2 taskq_thread+0x9c sys/kern/kern_task.c:345 #3 proc_trampoline+0x1c shared rwlock softnet r = 0 (0xffff8000000230d8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1161 #1 taskq_thread+0x8f sys/kern/kern_task.c:344 #2 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9525 6431K 7052K 78643K 14456 0 0 pcb 25 9K 11K 78643K 3704 0 0 rtable 241 23K 26K 78643K 4864 0 0 ifaddr 55 12K 14K 78643K 282 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1529 0 0 iov 0 0K 24K 78643K 197 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1200 75K 76K 78643K 2977 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 25 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 148 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12628 0 0 file desc 2 4K 25K 78643K 3763 0 0 sigio 0 0K 0K 78643K 20 0 0 proc 54 51K 83K 78643K 1161 0 0 subproc 16 1K 2K 78643K 221 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 181 0 0 in_multi 22 1K 2K 78643K 199 0 0 ether_multi 1 0K 0K 78643K 7 0 0 mrt 0 0K 0K 78643K 20 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 713 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 93 13K 31K 78643K 11348 0 0 UVM aobj 99 4K 4K 78643K 110 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 96 0 0 NDP 12 0K 0K 78643K 89 0 0 temp 155 2732K 2807K 78643K 13940 0 0 kqueue 0 0K 0K 78643K 15 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 28 0 24 1 0 1 1 0 8 0 inpcbpl 280 863 0 857 1 0 1 1 0 8 0 plimitpl 152 62 0 55 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 277 0 242 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 301 0 297 1 0 1 1 0 8 0 rttmr 72 7 0 7 4 4 0 1 0 8 0 nd6 48 39 0 36 1 0 1 1 0 8 0 ppxss 1128 36 0 36 9 9 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 27 0 23 1 0 1 1 0 8 0 pfstkey 112 27 0 23 1 0 1 1 0 8 0 pfstate 328 27 0 23 2 1 1 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 737 0 561 14 0 14 14 0 8 1 art_table 32 738 0 561 2 0 2 2 0 8 0 art_node 16 173 0 142 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 5 1 0 1 1 0 8 0 semapl 112 146 0 136 1 0 1 1 0 8 0 shmpl 112 108 0 11 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 6359 0 4926 47 0 47 47 0 8 0 ffsino 272 6359 0 4926 96 0 96 96 0 8 0 nchpl 144 11108 0 9489 63 1 62 62 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 31406 0 31406 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 4 0 4 3 3 0 1 0 8 0 scxspl 192 33365 0 33365 16 15 1 6 0 8 1 sigapl 432 3931 0 3919 3 1 2 3 0 8 0 futexpl 56 27979 0 27979 1 0 1 1 0 8 1 knotepl 112 678 0 673 1 0 1 1 0 8 0 kqueuepl 104 510 0 509 1 0 1 1 0 8 0 pipepl 112 1472 0 1462 3 2 1 2 0 8 0 fdescpl 488 3932 0 3919 3 0 3 3 0 8 0 filepl 152 17570 0 17503 9 4 5 7 0 8 1 lockfpl 104 550 0 550 5 5 0 1 0 8 0 lockfspl 48 193 0 193 5 5 0 1 0 8 0 sessionpl 112 30 0 20 1 0 1 1 0 8 0 pgrppl 48 45 0 35 1 0 1 1 0 8 0 ucredpl 96 2714 0 2705 1 0 1 1 0 8 0 zombiepl 144 3919 0 3918 2 1 1 1 0 8 0 processpl 840 3948 0 3918 4 0 4 4 0 8 0 procpl 600 10066 0 10036 4 0 4 4 0 8 0 srpgc 64 77 0 77 5 4 1 1 0 8 1 sosppl 128 23 0 23 8 8 0 1 0 8 0 sockpl 384 4413 0 4395 5 2 3 4 0 8 1 mcl64k 65536 258 0 0 33 18 15 33 0 8 1 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 15 0 0 2 0 2 2 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 11 0 0 2 0 2 2 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 138 0 0 16 0 16 16 0 8 0 mtagpl 80 3 0 0 1 0 1 1 0 8 0 mbufpl 256 425 0 0 25 0 25 25 0 8 0 bufpl 256 12203 0 5195 439 0 439 439 0 8 0 anonpl 16 329686 0 321937 113 70 43 57 0 125 0 amapchunkpl 152 19618 0 19490 31 24 7 10 0 158 1 amappl16 192 19065 0 18535 118 90 28 38 0 8 0 amappl15 184 17 0 17 1 0 1 1 0 8 1 amappl14 176 128 0 123 2 1 1 1 0 8 0 amappl13 168 20 0 20 1 0 1 1 0 8 1 amappl12 160 30 0 29 1 0 1 1 0 8 0 amappl11 152 87 0 69 1 0 1 1 0 8 0 amappl10 144 111 0 108 1 0 1 1 0 8 0 amappl9 136 4283 0 4279 1 0 1 1 0 8 0 amappl8 128 3779 0 3763 1 0 1 1 0 8 0 amappl7 120 86 0 80 1 0 1 1 0 8 0 amappl6 112 74 0 64 1 0 1 1 0 8 0 amappl5 104 223 0 208 1 0 1 1 0 8 0 amappl4 96 4053 0 4024 2 1 1 2 0 8 0 amappl3 88 324 0 312 1 0 1 1 0 8 0 amappl2 80 29732 0 29672 3 1 2 3 0 8 0 amappl1 72 91044 0 90628 26 16 10 20 0 8 0 amappl 80 10494 0 10455 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 109 0 11 2 0 2 2 0 8 0 uaddrrnd 24 3932 0 3919 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3932 0 3919 1 0 1 1 0 8 0 vmmpekpl 168 32014 0 31982 2 0 2 2 0 8 0 vmmpepl 168 414579 0 413124 155 65 90 90 0 357 15 vmsppl 360 3931 0 3918 2 0 2 2 0 8 0 pdppl 4096 7872 0 7836 6 0 6 6 0 8 0 pvpl 32 917810 0 913208 224 106 118 144 0 265 8 pmappl 232 3931 0 3918 2 1 1 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 644 0 22 19 0 19 19 0 8 0