panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *382054 3571 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257f018) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f483b,ffffffff82615013,308,ffffffff82550d36) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806eccc930) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a9b410) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a9b410) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff500) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257f018) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f483b,ffffffff82615013,308,ffffffff82550d36) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806eccc930) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a9b410) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a9b410) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff500) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800021684180 rbx 0 rdx 0 rcx 0 rax 0xffff8000fffff500 r8 0x101010101010101 r9 0x8080808080808080 r10 0x7ae76c2f375b4d6e r11 0xe1e2e01ff3acd843 r12 0 r13 0xfffffd806ee42b58 r14 0 r15 0x1 rip 0xffffffff8253c728 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021684170 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=382054 stat=onproc flags process=14000 proc=40000200 pri=50, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff7a0,0xffff8000fffff270 process=0xffff8000ffffd3b0 user=0xffff80002167f000, vmspace=0xffffffff82ad1c90 estcpu=1, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 57585 166480 41039 0 2 0 syz-executor.1 57585 116364 41039 0 3 0x4000080 fsleep syz-executor.1 87381 495568 44771 0 2 0 syz-executor.7 87381 180411 44771 0 3 0x4000080 kqread syz-executor.7 87381 150508 44771 0 2 0x4000000 syz-executor.7 53094 57085 95172 0 2 0x480 syz-executor.0 53094 375622 95172 0 3 0x4000080 fsleep syz-executor.0 53094 95517 95172 0 3 0x4000080 fsleep syz-executor.0 53094 239972 95172 0 3 0x4000080 fsleep syz-executor.0 44771 501198 98663 0 2 0x482 syz-executor.7 90583 169956 98663 0 2 0x2 syz-executor.3 40087 148579 1 0 3 0x100083 ttyin getty 75014 518319 98663 0 2 0x482 syz-executor.5 78996 30929 98663 0 2 0x482 syz-executor.4 57325 245039 98663 0 2 0x482 syz-executor.6 17523 152219 0 0 3 0x14280 nfsidl nfsio 95663 149572 0 0 3 0x14280 nfsidl nfsio 16397 458292 0 0 3 0x14280 nfsidl nfsio 37398 390658 0 0 3 0x14280 nfsidl nfsio 13765 380982 0 0 3 0x14280 nfsidl nfsio 13885 430713 0 0 3 0x14280 nfsidl nfsio 76442 456433 0 0 3 0x14280 nfsidl nfsio 32572 481175 0 0 3 0x14280 nfsidl nfsio 94754 338522 0 0 3 0x14280 nfsidl nfsio 33727 380375 0 0 3 0x14280 nfsidl nfsio 42913 62737 0 0 3 0x14280 nfsidl nfsio 76058 214287 0 0 3 0x14280 nfsidl nfsio 5136 221236 0 0 3 0x14280 nfsidl nfsio 1029 383013 0 0 3 0x14280 nfsidl nfsio 57219 85226 0 0 3 0x14280 nfsidl nfsio 68837 174867 0 0 3 0x14280 nfsidl nfsio 17687 308915 0 0 3 0x14280 nfsidl nfsio 78331 417456 0 0 3 0x14280 nfsidl nfsio 93723 360058 0 0 3 0x14280 nfsidl nfsio 9647 27104 0 0 3 0x14280 nfsidl nfsio 41039 297560 98663 0 2 0x482 syz-executor.1 95172 81425 98663 0 2 0x482 syz-executor.0 76667 111372 0 0 3 0x14200 bored sosplice 98663 365132 38 0 3 0x82 thrsleep syz-fuzzer 98663 433793 38 0 3 0x4000082 nanoslp syz-fuzzer 98663 131601 38 0 3 0x4000082 wait syz-fuzzer 98663 5612 38 0 3 0x4000082 wait syz-fuzzer 98663 68500 38 0 3 0x4000082 thrsleep syz-fuzzer 98663 42993 38 0 3 0x4000082 wait syz-fuzzer 98663 215844 38 0 3 0x4000082 thrsleep syz-fuzzer 98663 76172 38 0 3 0x4000082 thrsleep syz-fuzzer 98663 292308 38 0 2 0x4000482 syz-fuzzer 98663 380297 38 0 3 0x4000082 wait syz-fuzzer 98663 161080 38 0 3 0x4000082 wait syz-fuzzer 98663 87729 38 0 3 0x4000082 wait syz-fuzzer 98663 502704 38 0 3 0x4000082 wait syz-fuzzer 98663 484798 38 0 3 0x4000082 wait syz-fuzzer 98663 73463 38 0 3 0x4000082 thrsleep syz-fuzzer 38 512138 55975 0 3 0x10008a sigsusp ksh 55975 507335 71929 0 3 0x9a kqread sshd 71929 336073 1 0 3 0x88 kqread sshd 53940 479582 67735 73 2 0x1100010 syslogd 67735 480807 1 0 3 0x100082 netio syslogd 11232 210749 1 0 3 0x100080 kqread resolvd 26392 6542 1613 77 3 0x100092 kqread dhcpleased 74443 395574 1613 77 2 0x100492 dhcpleased 1613 181448 1 0 3 0x80 kqread dhcpleased 10004 241324 0 0 3 0x14200 bored smr 9642 203822 0 0 2 0x14200 zerothread 17494 493267 0 0 3 0x14200 aiodoned aiodoned 73310 183031 0 0 3 0x14200 syncer update 80321 79826 0 0 3 0x14200 cleaner cleaner 8474 356952 0 0 3 0x14200 reaper reaper 23024 107077 0 0 3 0x14200 pgdaemon pagedaemon 83483 39562 0 0 3 0x14200 bored viomb 86399 183310 0 0 3 0x40014200 acpi0 acpi0 46694 272149 0 0 3 0x14200 bored softnet 10868 502235 0 0 3 0x14200 bored softnet 92343 203565 0 0 3 0x14200 bored softnet 58537 463283 0 0 3 0x14200 bored softnet 82196 214885 0 0 3 0x14200 bored systqmp 35623 290071 0 0 2 0x14200 systq * 3571 382054 0 0 7 0x40014200 softclock 81486 392142 0 0 3 0x40014200 idle0 1 169300 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10227 6436K 6985K 78643K 29981 0 pcb 13 28K 36K 78643K 3824 0 rtable 177 15K 16K 78643K 4420 0 ifaddr 83 22K 25K 78643K 1399 0 sysctl 3 1K 1K 78643K 3 0 counters 27 17K 17K 78643K 515 0 ioctlops 0 0K 4K 78643K 3190 0 iov 0 0K 32K 78643K 3803 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1596 100K 100K 78643K 12961 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 131 0 VM map 2 0K 0K 78643K 2 0 sem 11 10K 20K 78643K 31 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 73K 78643K 17197 0 sigio 0 0K 0K 78643K 454 0 proc 63 59K 83K 78643K 3960 0 subproc 104 6K 6K 78643K 1326 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1510 0 in_multi 58 3K 7K 78643K 1488 0 ether_multi 1 0K 0K 78643K 97 0 mrt 1 0K 0K 78643K 71 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 1K 78643K 3948 0 pfkey data 0 0K 0K 78643K 4 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 710 2071K 2072K 78643K 109228 0 UVM aobj 6 2K 2K 78643K 9 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 523 0 NDP 13 0K 1K 78643K 512 0 temp 132 4694K 5718K 78643K 274489 0 kqueue 13 20K 28K 78643K 1404 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1102 0 1099 11 10 1 3 0 8 0 rtentry 112 1383 0 1310 4 1 3 4 0 8 0 unpcb 144 17615 0 17599 170 167 3 13 0 8 2 syncache 296 93 0 93 24 23 1 1 0 8 1 tcpqe 32 130 325 130 4 4 0 1 0 8 0 tcpcb 776 26439 0 26428 476 468 8 31 0 8 5 arp 88 217 0 203 1 0 1 1 0 8 0 ipq 40 9 0 9 4 4 0 1 0 8 0 ipqe 40 50 0 50 4 4 0 1 0 8 0 inpcb 336 38091 0 38076 435 428 7 26 0 8 5 nd6 48 325 0 309 1 0 1 1 0 8 0 pkpcb 40 23 0 23 5 5 0 1 0 8 0 kcovpl 48 102 0 94 1 0 1 1 0 8 0 mppekey 1024 8 0 8 4 4 0 1 0 8 0 ppxss 1160 267 0 267 26 26 0 1 0 8 0 pppxif 1352 86 0 86 17 17 0 1 0 8 0 pfstscr 40 47 0 38 1 0 1 1 0 8 0 pfosfp 40 11 0 9 1 0 1 1 0 8 0 pfosfpen 112 11 0 6 1 0 1 1 0 8 0 pfanchor 1280 1022 1 556 51 8 43 43 0 8 0 pfqueue 264 19 0 19 6 6 0 1 0 8 0 pfstitem 24 25 0 11 1 0 1 1 0 8 0 pfstkey 120 62 0 56 1 0 1 1 0 8 0 pfstate 352 32 0 24 1 0 1 1 0 8 0 rttmr 136 6 0 6 2 2 0 1 0 8 0 art_heap8 4096 6 0 4 6 3 3 3 0 8 1 art_heap4 256 5868 0 5579 81 57 24 30 0 8 0 art_table 32 5874 0 5583 6 2 4 4 0 8 0 art_node 16 1381 0 1318 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 0 1 0 1 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 6 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 24174 0 22620 98 0 98 98 0 8 0 ffsino 240 24174 0 22620 92 0 92 92 0 8 0 nchpl 144 47645 0 46020 63 1 62 63 0 8 0 rtmask 32 15 0 15 4 4 0 1 0 8 0 uvmvnodes 80 6353 0 0 130 0 130 130 0 8 0 vnodes 216 6353 0 0 353 0 353 353 0 8 0 namei 1024 182178 0 182177 9 8 1 2 0 8 0 vcpupl 2048 310 0 0 39 0 39 39 0 8 0 vmpool 536 396 0 86 23 2 21 21 0 8 0 kstatmem 264 598 0 572 6 4 2 3 0 8 0 scsiplug 72 7 0 7 2 2 0 1 0 8 0 scxspl 216 132148 0 132148 55 54 1 8 0 8 1 plimitpl 152 2133 0 2118 1 0 1 1 0 8 0 sigapl 424 17683 0 17619 9 1 8 8 0 8 0 futexpl 64 179910 0 179906 1 0 1 1 0 8 0 knotepl 120 279086 0 279006 125 118 7 17 0 8 3 kqueuepl 184 2914 0 2905 31 30 1 4 0 8 0 pipepl 288 4167 0 4140 84 81 3 9 0 8 0 fdescpl 432 17285 0 17261 4 0 4 4 0 8 0 filepl 120 144832 0 144588 217 206 11 19 0 8 2 lockfpl 104 4883 0 4881 12 11 1 2 0 8 0 lockfspl 48 1326 0 1324 1 0 1 1 0 8 0 sessionpl 144 123 0 107 1 0 1 1 0 8 0 pgrppl 48 265 0 249 1 0 1 1 0 8 0 ucredpl 104 17592 0 17576 1 0 1 1 0 8 0 zombiepl 144 17623 0 17619 2 1 1 1 0 8 0 processpl 1008 17683 0 17619 12 3 9 9 0 8 0 procpl 672 42774 0 42690 32 23 9 9 0 8 0 sosppl 168 156 0 155 11 10 1 1 0 8 0 sockpl 456 56844 0 56810 1256 1242 14 45 0 8 8 mcl64k 65536 494 0 494 38 37 1 1 0 8 1 mcl16k 16384 287 0 287 42 42 0 1 0 8 0 mcl12k 12288 594 0 594 35 34 1 1 0 8 1 mcl9k 9216 173 0 173 39 39 0 1 0 8 0 mcl8k 8192 1116 0 1116 35 34 1 2 0 8 1 mcl4k 4096 2254 0 2254 20 19 1 1 0 8 1 mcl2k2 2112 96 0 96 37 37 0 1 0 8 0 mcl2k 2048 108352 0 108280 66 50 16 32 0 8 4 mtagpl 96 1673 0 1618 23 19 4 8 0 8 0 mbufpl 256 381513 0 380504 779 714 65 92 0 8 0 bufpl 288 32788 0 26383 458 0 458 458 0 8 0 anonpl 24 3290352 0 3271469 356 229 127 150 0 188 0 amapchunkpl 152 305440 0 304672 164 130 34 46 0 158 0 amappl16 200 32002 0 31304 234 196 38 58 0 8 0 amappl15 192 12 0 7 2 1 1 1 0 8 0 amappl14 184 509 0 496 2 1 1 2 0 8 0 amappl13 176 8 0 8 2 2 0 1 0 8 0 amappl12 168 1538 0 1530 1 0 1 1 0 8 0 amappl11 160 45 0 34 1 0 1 1 0 8 0 amappl10 152 120 0 110 1 0 1 1 0 8 0 amappl9 144 1012 0 1011 2 1 1 1 0 8 0 amappl8 136 632 0 528 6 2 4 4 0 8 0 amappl7 128 362 0 336 2 0 2 2 0 8 0 amappl6 120 642 0 624 1 0 1 1 0 8 0 amappl5 112 666 0 659 1 0 1 1 0 8 0 amappl4 104 1569 0 1541 2 1 1 2 0 8 0 amappl3 96 48084 0 48038 2 0 2 2 0 8 0 amappl2 88 18755 0 18683 3 1 2 3 0 8 0 amappl1 80 382782 0 382110 38 21 17 22 0 8 1 amappl 88 107292 0 106988 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 8 0 3 1 0 1 1 0 8 0 uaddrrnd 24 17681 0 17347 3 0 3 3 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 17681 0 17347 3 0 3 3 0 8 0 vmmpekpl 168 123339 0 123245 5 0 5 5 0 8 0 vmmpepl 168 1593420 0 1590177 434 274 160 179 0 357 1 vmsppl 272 17680 0 17347 25 2 23 23 0 8 0 rwobjpl 24 401369 0 393056 58 7 51 52 0 8 0 pdppl 4096 35368 0 35004 1389 1015 374 374 0 8 10 pvpl 32 6388713 0 6366110 552 348 204 269 0 265 0 pmappl 216 17680 0 17347 22 3 19 19 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3706 0 2496 35 0 35 35 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257f018) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f483b,ffffffff82615013,308,ffffffff82550d36) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806eccc930) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a9b410) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a9b410) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff500) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257f018) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f483b,ffffffff82615013,308,ffffffff82550d36) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806eccc930) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a9b410) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a9b410) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000fffff500) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7