panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *472019 23586 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e6642,ffffffff821fe30e,2cc,ffffffff8216f095) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd803a6ff008) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff8252f348) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffe9e0) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffe9e0) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e6642,ffffffff821fe30e,2cc,ffffffff8216f095) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd803a6ff008) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff8252f348) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffe9e0) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffe9e0) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: -6 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000148120c0 rbx 0xffff800014812170 rdx 0x2 rcx 0 rax 0 r8 0xffff800014812080 r9 0x1 r10 0 r11 0x75449018edd4c7e r12 0x3000000008 r13 0xffff8000148120d0 r14 0x100 r15 0x1 rip 0xffffffff81939468 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000148120b0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=472019 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff3c0,0xffff8000ffffe778 process=0xffff8000ffffca20 user=0xffff80001480d000, vmspace=0xffffffff82571ae8 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 49344 132779 85603 0 3 0x82 piperd syz-executor.1 52336 283816 85603 0 3 0x82 wait syz-executor.0 62111 121598 0 0 3 0x14200 bored sosplice 85603 195051 35384 0 3 0x82 thrsleep syz-fuzzer 85603 126763 35384 0 2 0x4000482 syz-fuzzer 85603 38830 35384 0 3 0x4000082 thrsleep syz-fuzzer 85603 144831 35384 0 3 0x4000082 thrsleep syz-fuzzer 85603 178562 35384 0 3 0x4000082 kqread syz-fuzzer 85603 412220 35384 0 2 0x4000482 syz-fuzzer 85603 443418 35384 0 3 0x4000082 thrsleep syz-fuzzer 85603 65115 35384 0 3 0x4000082 thrsleep syz-fuzzer 35384 148042 98390 0 3 0x10008a pause ksh 98390 284495 9555 0 3 0x92 select sshd 63630 440956 1 0 3 0x100083 ttyin getty 9555 296758 1 0 3 0x80 select sshd 90891 285585 2701 73 2 0x100010 syslogd 2701 492603 1 0 3 0x100082 netio syslogd 85292 116675 1 77 3 0x100090 poll dhclient 92548 160211 1 0 3 0x80 poll dhclient 91811 117930 0 0 2 0x14200 zerothread 42672 188452 0 0 3 0x14200 aiodoned aiodoned 74903 337264 0 0 2 0x14200 update 32598 201089 0 0 3 0x14200 cleaner cleaner 77966 47697 0 0 2 0x14200 reaper 51780 347754 0 0 3 0x14200 pgdaemon pagedaemon 76004 185334 0 0 3 0x14200 bored crynlk 33870 166461 0 0 3 0x14200 bored crypto 62495 91638 0 0 3 0x40014200 acpi0 acpi0 73903 321348 0 0 3 0x14200 bored softnet 57862 99116 0 0 2 0x14200 systqmp 52582 48751 0 0 3 0x14200 bored systq *23586 472019 0 0 7 0x40014200 softclock 67506 376272 0 0 3 0x40014200 idle0 89358 135427 0 0 3 0x14200 bored smr 1 160939 0 0 3 0x82 wait init 0 0 -1 0 2 0x10200 swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9571 6362K 8355K 78643K 23258 0 0 pcb 13 10K 12K 78643K 568 0 0 rtable 90 11K 12K 78643K 1524 0 0 ifaddr 81 17K 19K 78643K 435 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 145 0 0 iov 0 0K 28K 78643K 612 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1226 77K 78K 78643K 5022 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 34 0 0 VM map 26 6K 6K 78643K 38 0 0 sem 12 0K 1K 78643K 480 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 4 9K 25K 78643K 2319 0 0 sigio 1 0K 0K 78643K 130 0 0 proc 49 38K 63K 78643K 1141 0 0 subproc 32 2K 2K 78643K 272 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 332 0 0 in_multi 13 0K 2K 78643K 250 0 0 ether_multi 1 0K 0K 78643K 19 0 0 mrt 0 0K 0K 78643K 19 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 641 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 146 219K 227K 78643K 7616 0 0 UVM aobj 100 6K 6K 78643K 115 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 580 0 0 NDP 19 0K 0K 78643K 137 0 0 temp 219 3544K 3616K 78643K 132297 0 0 kqueue 0 0K 0K 78643K 9 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 60 0 55 1 0 1 1 0 8 0 rtpcb 80 213 0 211 1 0 1 1 0 8 0 rtentry 112 262 0 233 2 0 2 2 0 8 0 unpcb 120 1152 0 1140 1 0 1 1 0 8 0 syncache 264 11 0 11 5 5 0 1 0 8 0 tcpqe 32 276 0 276 4 4 0 1 0 8 0 tcpcb 544 1159 0 1155 29 28 1 15 0 8 0 ipq 40 14 0 14 7 7 0 1 0 8 0 ipqe 40 422 0 422 7 7 0 1 0 8 0 inpcb 280 2996 0 2988 35 34 1 9 0 8 0 rttmr 72 7 0 7 4 4 0 1 0 8 0 ip6q 72 3 0 3 2 2 0 1 0 8 0 ip6af 40 8 0 8 2 2 0 1 0 8 0 nd6 48 31 0 31 3 3 0 1 0 8 0 ppxss 1128 49 0 49 14 14 0 1 0 8 0 art_heap8 4096 3 0 2 2 1 1 2 0 8 0 art_heap4 256 996 0 856 27 14 13 15 0 8 0 art_table 32 999 0 858 2 0 2 2 0 8 0 art_node 16 261 0 234 1 0 1 1 0 8 0 sysvmsgpl 40 30 0 18 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 478 0 468 1 0 1 1 0 8 0 shmpl 112 113 0 15 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4953 0 3563 46 0 46 46 0 8 0 ffsino 240 4953 0 3563 83 0 83 83 0 8 0 nchpl 144 8360 0 7884 61 41 20 61 0 8 0 uvmvnodes 72 7418 0 0 135 0 135 135 0 8 0 vnodes 208 7418 0 0 391 0 391 391 0 8 0 namei 1024 29701 0 29701 3 3 0 1 0 8 0 vcpupl 1984 24 0 0 3 0 3 3 0 8 0 vmpool 520 36 0 12 2 0 2 2 0 8 0 scsiplug 64 2 0 2 2 2 0 1 0 8 0 scxspl 192 37777 0 37777 17 16 1 7 0 8 1 plimitpl 152 235 0 227 1 0 1 1 0 8 0 sigapl 432 2448 0 2436 2 0 2 2 0 8 0 futexpl 56 63406 0 63406 3 3 0 1 0 8 0 knotepl 112 614 0 595 1 0 1 1 0 8 0 kqueuepl 104 786 0 784 7 6 1 4 0 8 0 pipepl 112 4578 0 4559 14 13 1 2 0 8 0 fdescpl 424 2449 0 2436 2 0 2 2 0 8 0 filepl 120 22915 0 22820 26 22 4 11 0 8 0 lockfpl 104 762 0 761 1 0 1 1 0 8 0 lockfspl 48 271 0 270 1 0 1 1 0 8 0 sessionpl 112 31 0 21 1 0 1 1 0 8 0 pgrppl 48 63 0 53 1 0 1 1 0 8 0 ucredpl 96 2447 0 2440 1 0 1 1 0 8 0 zombiepl 144 2436 0 2435 1 0 1 1 0 8 0 processpl 864 2464 0 2435 4 0 4 4 0 8 0 procpl 632 6160 0 6124 8 4 4 5 0 8 0 sosppl 128 29 0 29 11 11 0 1 0 8 0 sockpl 384 4377 0 4356 41 37 4 14 0 8 0 mcl64k 65536 1482 0 1482 127 127 0 33 0 8 0 mcl16k 16384 20 0 20 11 11 0 1 0 8 0 mcl12k 12288 71 0 71 17 17 0 1 0 8 0 mcl9k 9216 40 0 40 17 17 0 1 0 8 0 mcl8k 8192 88 0 88 15 15 0 1 0 8 0 mcl4k 4096 276 0 276 7 7 0 1 0 8 0 mcl2k2 2112 24 0 24 14 14 0 1 0 8 0 mcl2k 2048 70927 0 70878 17 10 7 15 0 8 0 mtagpl 80 86 0 86 6 6 0 1 0 8 0 mbufpl 256 139265 0 139195 139 131 8 34 0 8 0 bufpl 256 17311 0 9893 464 0 464 464 0 8 0 anonpl 16 368880 0 344919 241 144 97 109 0 62 0 amapchunkpl 152 17310 0 16903 95 79 16 19 0 158 0 amappl16 192 16732 0 15586 200 142 58 70 0 8 0 amappl15 184 471 0 471 4 4 0 1 0 8 0 amappl14 176 118 0 115 1 0 1 1 0 8 0 amappl13 168 744 0 742 1 0 1 1 0 8 0 amappl12 160 56 0 55 1 0 1 1 0 8 0 amappl11 152 367 0 356 1 0 1 1 0 8 0 amappl10 144 96 0 94 1 0 1 1 0 8 0 amappl9 136 1214 0 1206 1 0 1 1 0 8 0 amappl8 128 741 0 705 2 0 2 2 0 8 0 amappl7 120 185 0 177 1 0 1 1 0 8 0 amappl6 112 375 0 365 1 0 1 1 0 8 0 amappl5 104 317 0 306 1 0 1 1 0 8 0 amappl4 96 3159 0 3132 1 0 1 1 0 8 0 amappl3 88 251 0 244 1 0 1 1 0 8 0 amappl2 80 18373 0 18300 3 1 2 3 0 8 0 amappl1 72 57470 0 57035 27 18 9 20 0 8 0 amappl 80 6640 0 6588 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 114 0 15 2 0 2 2 0 8 0 uaddrrnd 24 2485 0 2436 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2485 0 2436 1 0 1 1 0 8 0 vmmpekpl 168 28812 0 28781 2 0 2 2 0 8 0 vmmpepl 168 315075 0 312783 379 273 106 147 0 357 0 vmsppl 272 2448 0 2435 8 7 1 2 0 8 0 pdppl 4096 4976 0 4918 9 1 8 8 0 8 0 pvpl 32 1121763 0 1099110 677 367 310 344 0 265 117 pmappl 200 2484 0 2447 6 4 2 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 946 0 357 19 1 18 19 0 8 0