panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *202557 9259 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827224e4) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff8279ff11,ffffffff827c4256,308,ffffffff826f5f81) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807aac6230) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c22b68) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c22b68) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffefc0) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827224e4) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff8279ff11,ffffffff827c4256,308,ffffffff826f5f81) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807aac6230) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c22b68) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c22b68) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffefc0) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800021604020 rbx 0 rdx 0 rcx 0 rax 0xffff8000ffffefc0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x2a63e079b77c3376 r11 0x435342ad76b07d08 r12 0 r13 0xfffffd80700f74d0 r14 0 r15 0x1 rip 0xffffffff81f07168 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021604010 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=202557 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff260,0xffff8000ffffe010 process=0xffff8000ffffd3b0 user=0xffff8000215ff000, vmspace=0xffffffff82c04aa0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 39381 426924 350 0 2 0 syz-executor.5 34606 158193 35719 0 2 0 syz-executor.0 34606 148483 35719 0 2 0x4000000 syz-executor.0 34606 232868 35719 0 2 0x4000000 syz-executor.0 34606 74137 35719 0 2 0x4000000 syz-executor.0 55733 451912 27485 0 2 0 syz-executor.4 55733 100560 27485 0 3 0x4000080 fsleep syz-executor.4 55733 154375 27485 0 3 0x4000080 fsleep syz-executor.4 55733 30584 27485 0 3 0x4000080 fsleep syz-executor.4 66668 363803 18710 0 2 0 syz-executor.3 66668 9087 18710 0 3 0x4000080 fsleep syz-executor.3 66668 175428 18710 0 3 0x4000080 fsleep syz-executor.3 950 283518 13629 0 2 0 syz-executor.7 950 520568 13629 0 3 0x4000080 fsleep syz-executor.7 950 519681 13629 0 3 0x4000080 fsleep syz-executor.7 97505 342725 88640 0 2 0 syz-executor.6 97505 370334 88640 0 3 0x4000080 fsleep syz-executor.6 97505 69585 88640 0 3 0x4000080 fsleep syz-executor.6 18710 280515 57284 0 2 0x482 syz-executor.3 88640 483046 57284 0 2 0x482 syz-executor.6 13629 246081 57284 0 2 0x482 syz-executor.7 35719 168709 57284 0 3 0x82 nanoslp syz-executor.0 350 213601 57284 0 3 0x82 nanoslp syz-executor.5 41008 43327 57284 0 2 0x482 syz-executor.1 27485 497928 57284 0 2 0x482 syz-executor.4 58861 476537 1 0 3 0x100083 ttyin getty 44333 243715 0 0 3 0x14200 bored sosplice 40512 379983 30537 0 3 0x100082 netio ndp 30537 158139 1 0 3 0x10008a sigsusp sh 57284 33727 84821 0 3 0x82 wait syz-fuzzer 57284 486754 84821 0 2 0x4000482 syz-fuzzer 57284 105065 84821 0 3 0x4000082 thrsleep syz-fuzzer 57284 69509 84821 0 3 0x4000082 wait syz-fuzzer 57284 462371 84821 0 3 0x4000082 thrsleep syz-fuzzer 57284 15154 84821 0 3 0x4000082 thrsleep syz-fuzzer 57284 412210 84821 0 3 0x4000082 wait syz-fuzzer 57284 34409 84821 0 3 0x4000082 wait syz-fuzzer 57284 179619 84821 0 3 0x4000082 thrsleep syz-fuzzer 57284 271011 84821 0 3 0x4000082 wait syz-fuzzer 57284 128055 84821 0 3 0x4000082 wait syz-fuzzer 57284 318878 84821 0 3 0x4000082 thrsleep syz-fuzzer 57284 288938 84821 0 3 0x4000082 kqread syz-fuzzer 57284 359794 84821 0 3 0x4000082 wait syz-fuzzer 57284 340782 84821 0 3 0x4000082 wait syz-fuzzer 84821 317523 28402 0 3 0x10008a sigsusp ksh 28402 57619 94766 0 3 0x9a kqread sshd 94766 133607 1 0 3 0x88 kqread sshd 43466 360117 19737 73 3 0x1100090 kqread syslogd 19737 256950 1 0 3 0x100082 netio syslogd 33985 297783 1 0 3 0x100080 kqread resolvd 18505 401694 0 0 3 0x14200 bored smr 82543 243335 0 0 2 0x14200 zerothread 15577 232661 0 0 3 0x14200 aiodoned aiodoned 30767 464070 0 0 3 0x14200 syncer update 20121 453524 0 0 3 0x14200 cleaner cleaner 97403 34982 0 0 3 0x14200 reaper reaper 81707 275957 0 0 3 0x14200 pgdaemon pagedaemon 52875 189392 0 0 3 0x14200 bored viomb 83568 297136 0 0 3 0x40014200 acpi0 acpi0 74704 401464 0 0 3 0x14200 bored softnet 90892 137792 0 0 3 0x14200 bored softnet 98383 193415 0 0 3 0x14200 bored softnet 47779 74913 0 0 3 0x14200 bored softnet 26965 174297 0 0 3 0x14200 bored systqmp 96171 256220 0 0 3 0x14200 bored systq * 9259 202557 0 0 7 0x40014200 softclock 94399 504803 0 0 3 0x40014200 idle0 1 381036 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10219 6419K 6873K 78643K 18438 0 pcb 13 20K 25K 78643K 2281 0 rtable 233 17K 18K 78643K 3505 0 ifaddr 119 28K 29K 78643K 1224 0 sysctl 3 1K 2K 78643K 10 0 counters 27 17K 17K 78643K 445 0 ioctlops 0 0K 4K 78643K 1669 0 iov 0 0K 28K 78643K 1838 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1539 96K 96K 78643K 8456 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 13K 78643K 158 0 VM map 2 0K 0K 78643K 2 0 sem 29 11K 21K 78643K 1357 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 18 65K 81K 78643K 11242 0 sigio 1 0K 0K 78643K 3777 0 proc 57 43K 75K 78643K 2521 0 subproc 117 7K 7K 78643K 806 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 1K 78643K 7250 0 in_multi 92 6K 7K 78643K 1150 0 ether_multi 1 0K 0K 78643K 70 0 mrt 1 0K 0K 78643K 22 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 235 1049K 1049K 78643K 235 0 exec 0 0K 1K 78643K 3929 0 pfkey data 0 0K 0K 78643K 4 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 332 92K 105K 78643K 72989 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 561 0 NDP 16 0K 2K 78643K 370 0 temp 146 5766K 6790K 78643K 178211 0 kqueue 6 10K 24K 78643K 981 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1002 0 1000 15 14 1 3 0 8 0 rtentry 112 1020 0 925 5 2 3 4 0 8 0 unpcb 144 17864 0 17855 147 146 1 12 0 8 0 syncache 296 86 0 86 22 22 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 467 0 467 17 17 0 2 0 8 0 tcpcb 776 4285 0 4281 156 149 7 14 0 8 6 arp 88 136 0 119 1 0 1 1 0 8 0 ipq 40 8 0 8 3 3 0 1 0 8 0 ipqe 40 23 0 23 3 3 0 1 0 8 0 inpcb 336 22150 0 22145 253 244 9 15 0 8 8 nd6 48 217 0 195 1 0 1 1 0 8 0 pkpcb 40 85 0 85 4 4 0 1 0 8 0 kcovpl 48 62 0 53 1 0 1 1 0 8 0 mppekey 1024 17 0 17 7 7 0 1 0 8 0 ppxss 1160 263 0 263 18 18 0 1 0 8 0 pppxif 1352 185 0 185 12 12 0 1 0 8 0 pfstscr 40 55 0 29 1 0 1 1 0 8 0 pfosfp 40 10 0 8 1 0 1 1 0 8 0 pfosfpen 112 10 0 5 1 0 1 1 0 8 0 pfanchor 1280 512 17 0 43 0 43 43 0 8 0 pfqueue 264 3 0 3 1 1 0 1 0 8 0 pfstitem 24 73 0 20 1 0 1 1 0 8 0 pfstkey 128 96 0 71 1 0 1 1 0 8 0 pfstate 352 51 0 23 4 1 3 3 0 8 0 rttmr 136 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 7 0 6 7 6 1 2 0 8 0 art_heap4 256 4861 0 4446 85 59 26 31 0 8 0 art_table 32 4868 0 4452 9 5 4 4 0 8 0 art_node 16 1016 0 934 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 1339 0 1312 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 17117 0 15611 95 0 95 95 0 8 0 ffsino 240 17117 0 15611 89 0 89 89 0 8 0 nchpl 144 32983 0 31352 63 1 62 63 0 8 0 rtmask 32 7 0 7 3 3 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 136577 0 136577 11 10 1 2 0 8 1 vmpool 664 196 0 196 10 10 0 1 0 8 0 kstatmem 264 458 0 426 4 1 3 3 0 8 0 scxspl 216 96894 0 96894 35 34 1 8 0 8 1 plimitpl 152 1332 0 1317 1 0 1 1 0 8 0 sigapl 424 11508 0 11464 9 1 8 8 0 8 0 futexpl 64 123619 0 123610 2 1 1 1 0 8 0 knotepl 120 200153 0 200091 111 108 3 14 0 8 0 kqueuepl 184 2380 0 2375 31 30 1 4 0 8 0 pipepl 288 3573 0 3543 78 75 3 8 0 8 0 fdescpl 432 11406 0 11380 4 0 4 4 0 8 0 filepl 120 110248 0 110011 177 165 12 20 0 8 3 lockfpl 104 3559 0 3558 10 9 1 2 0 8 0 lockfspl 48 802 0 801 1 0 1 1 0 8 0 sessionpl 144 79 0 63 1 0 1 1 0 8 0 pgrppl 48 240 0 224 1 0 1 1 0 8 0 ucredpl 104 14525 0 14515 1 0 1 1 0 8 0 zombiepl 144 11466 0 11464 4 3 1 1 0 8 0 processpl 1008 11508 0 11464 11 2 9 9 0 8 0 procpl 672 28702 0 28632 27 19 8 9 0 8 0 sosppl 168 148 0 148 20 20 0 1 0 8 0 sockpl 456 41184 0 41168 963 948 15 42 0 8 12 mcl64k 65536 545 0 545 29 29 0 1 0 8 0 mcl16k 16384 236 0 236 28 28 0 1 0 8 0 mcl12k 12288 420 0 420 33 32 1 1 0 8 1 mcl9k 9216 149 0 149 33 33 0 1 0 8 0 mcl8k 8192 679 0 679 27 26 1 1 0 8 1 mcl4k 4096 1468 0 1468 17 16 1 1 0 8 1 mcl2k2 2112 99 0 99 33 33 0 1 0 8 0 mcl2k 2048 100458 0 100411 81 74 7 38 0 8 0 mtagpl 96 521 0 521 10 10 0 6 0 8 0 mbufpl 256 311421 0 311329 1370 1362 8 427 0 8 1 bufpl 288 24101 0 17707 458 0 458 458 0 8 0 anonpl 24 2171658 0 2156031 192 75 117 135 0 188 0 amapchunkpl 152 204939 0 204259 94 65 29 40 0 158 1 amappl16 200 19950 0 19336 131 98 33 46 0 8 0 amappl15 192 12 0 12 2 2 0 1 0 8 0 amappl14 184 349 0 339 2 0 2 2 0 8 0 amappl13 176 14 0 12 1 0 1 1 0 8 0 amappl12 168 1046 0 1043 1 0 1 1 0 8 0 amappl11 160 48 0 44 1 0 1 1 0 8 0 amappl10 152 93 0 81 1 0 1 1 0 8 0 amappl9 144 1003 0 1002 1 0 1 1 0 8 0 amappl8 136 461 0 369 5 1 4 4 0 8 0 amappl7 128 276 0 251 2 0 2 2 0 8 0 amappl6 120 472 0 459 1 0 1 1 0 8 0 amappl5 112 459 0 456 1 0 1 1 0 8 0 amappl4 104 1284 0 1256 2 1 1 2 0 8 0 amappl3 96 32103 0 32055 2 0 2 2 0 8 0 amappl2 88 12468 0 12412 3 1 2 3 0 8 0 amappl1 80 255360 0 254709 26 10 16 22 0 8 0 amappl 88 71696 0 71516 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 11602 0 11576 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 11602 0 11576 1 0 1 1 0 8 0 vmmpekpl 168 89383 0 89321 4 0 4 4 0 8 0 vmmpepl 168 1052154 0 1049534 418 285 133 157 0 357 0 vmsppl 272 11601 0 11576 7 4 3 3 0 8 0 rwobjpl 24 269617 0 261904 49 0 49 49 0 8 0 pdppl 4096 23210 0 23152 704 642 62 72 0 8 4 pvpl 32 4338570 0 4317689 454 257 197 245 0 265 0 pmappl 216 11601 0 11576 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3352 0 2584 38 13 25 35 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827224e4) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff8279ff11,ffffffff827c4256,308,ffffffff826f5f81) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807aac6230) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c22b68) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c22b68) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffefc0) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827224e4) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff8279ff11,ffffffff827c4256,308,ffffffff826f5f81) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807aac6230) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82c22b68) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82c22b68) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffefc0) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7