panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *130001 24923 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e3d7) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2d2a,ffffffff82617292,308,ffffffff8254fd3a) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807519e410) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82ac5b50) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82ac5b50) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffea80) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e3d7) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2d2a,ffffffff82617292,308,ffffffff8254fd3a) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807519e410) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82ac5b50) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82ac5b50) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffea80) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800021684c00 rbx 0 rdx 0 rcx 0 rax 0xffff8000ffffea80 r8 0x101010101010101 r9 0x8080808080808080 r10 0x47e29dcbf328c8e1 r11 0x4a79bc7cc1f69cc0 r12 0 r13 0xfffffd806ec0c580 r14 0 r15 0x1 rip 0xffffffff81208648 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021684bf0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=130001 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff7a0,0xffff8000ffffe7f0 process=0xffff8000ffffcfa0 user=0xffff80002167f000, vmspace=0xffffffff829ff400 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 17841 466677 82915 0 2 0 syz-executor.4 17841 132734 82915 0 2 0x4000000 syz-executor.4 68247 202816 77861 0 2 0 syz-executor.3 68247 180738 77861 0 3 0x4000080 pipewr syz-executor.3 68247 282900 77861 0 2 0x4000000 syz-executor.3 99145 352308 33962 0 2 0 syz-executor.2 99145 208447 33962 0 2 0x4000000 syz-executor.2 99145 279359 33962 0 3 0x4000080 fsleep syz-executor.2 28318 180251 69600 0 2 0 syz-executor.7 28318 42963 69600 0 3 0x4000080 fsleep syz-executor.7 79734 219417 69249 0 2 0x480 syz-executor.6 79734 466188 69249 0 3 0x4000080 wsevent_read syz-executor.6 82915 297290 1850 0 2 0x482 syz-executor.4 43956 322535 0 0 3 0x14280 nfsidl nfsio 92298 49074 0 0 3 0x14280 nfsidl nfsio 47305 332487 0 0 3 0x14280 nfsidl nfsio 39756 380065 0 0 3 0x14280 nfsidl nfsio 95500 187316 0 0 3 0x14280 nfsidl nfsio 29238 425343 0 0 3 0x14280 nfsidl nfsio 84266 371272 0 0 3 0x14280 nfsidl nfsio 67833 221222 0 0 3 0x14280 nfsidl nfsio 38049 337790 0 0 3 0x14280 nfsidl nfsio 20618 384704 0 0 3 0x14280 nfsidl nfsio 45700 347986 0 0 3 0x14280 nfsidl nfsio 23985 43723 0 0 3 0x14280 nfsidl nfsio 20589 516675 0 0 3 0x14280 nfsidl nfsio 99846 99792 0 0 3 0x14280 nfsidl nfsio 55554 351287 0 0 3 0x14280 nfsidl nfsio 45326 300864 0 0 3 0x14280 nfsidl nfsio 46249 141836 0 0 3 0x14280 nfsidl nfsio 81127 393273 0 0 3 0x14280 nfsidl nfsio 94963 204739 0 0 3 0x14280 nfsidl nfsio 79188 46573 0 0 3 0x14280 nfsidl nfsio 70718 494536 1850 0 2 0x2 syz-executor.1 57282 479321 1850 0 2 0x2 syz-executor.5 33962 274553 1850 0 2 0x482 syz-executor.2 69249 304858 1850 0 2 0x482 syz-executor.6 69600 430180 1850 0 2 0x482 syz-executor.7 77861 237128 1850 0 2 0x482 syz-executor.3 61605 146595 0 0 3 0x14200 bored sosplice 1850 152919 42830 0 3 0x82 wait syz-fuzzer 1850 185069 42830 0 2 0x4000482 syz-fuzzer 1850 8775 42830 0 3 0x4000082 thrsleep syz-fuzzer 1850 169547 42830 0 3 0x4000082 thrsleep syz-fuzzer 1850 457267 42830 0 3 0x4000082 thrsleep syz-fuzzer 1850 204465 42830 0 3 0x4000082 wait syz-fuzzer 1850 120601 42830 0 3 0x4000082 wait syz-fuzzer 1850 156028 42830 0 3 0x4000082 thrsleep syz-fuzzer 1850 126279 42830 0 3 0x4000082 wait syz-fuzzer 1850 137459 42830 0 3 0x4000082 wait syz-fuzzer 1850 88204 42830 0 3 0x4000082 wait syz-fuzzer 1850 502035 42830 0 3 0x4000082 wait syz-fuzzer 1850 511526 42830 0 3 0x4000082 wait syz-fuzzer 1850 75645 42830 0 3 0x4000082 kqread syz-fuzzer 42830 472383 94995 0 3 0x10008a sigsusp ksh 94995 127627 481 0 3 0x9a kqread sshd 93833 191803 1 0 3 0x100083 ttyin getty 481 197598 1 0 3 0x88 kqread sshd 3492 68760 49947 73 3 0x1100090 kqread syslogd 49947 24745 1 0 3 0x100082 netio syslogd 56857 110180 1 0 3 0x100080 kqread resolvd 376 501705 67735 77 3 0x100092 kqread dhcpleased 64876 155295 67735 77 3 0x100092 kqread dhcpleased 67735 472574 1 0 3 0x80 kqread dhcpleased 94028 341952 0 0 2 0x14200 smr 17065 118758 0 0 2 0x14200 zerothread 99168 72192 0 0 3 0x14200 aiodoned aiodoned 86882 255434 0 0 3 0x14200 syncer update 90579 321313 0 0 3 0x14200 cleaner cleaner 41041 139576 0 0 3 0x14200 reaper reaper 83491 464202 0 0 3 0x14200 pgdaemon pagedaemon 81716 348647 0 0 3 0x14200 bored viomb 60898 80158 0 0 3 0x40014200 acpi0 acpi0 13295 495610 0 0 3 0x14200 bored softnet 43711 224575 0 0 3 0x14200 bored softnet 38744 367037 0 0 3 0x14200 bored softnet 64272 501863 0 0 2 0x14200 softnet 90244 436179 0 0 3 0x14200 bored systqmp 43990 384199 0 0 3 0x14200 bored systq *24923 130001 0 0 7 0x40014200 softclock 26913 311235 0 0 3 0x40014200 idle0 1 376322 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10249 6765K 7922K 78643K 49222 0 pcb 16 18K 22K 78643K 2611 0 rtable 243 17K 17K 78643K 1870 0 ifaddr 134 29K 30K 78643K 797 0 sysctl 3 1K 3K 78643K 6 0 counters 29 17K 17K 78643K 311 0 ioctlops 0 0K 4K 78643K 1423 0 iov 0 0K 32K 78643K 1393 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1642 103K 103K 78643K 11547 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 58 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 2400 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 69K 78643K 7678 0 sigio 0 0K 0K 78643K 1926 0 proc 59 59K 75K 78643K 1644 0 subproc 104 6K 7K 78643K 484 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 312 0 in_multi 103 6K 6K 78643K 575 0 ether_multi 1 0K 0K 78643K 30 0 mrt 1 0K 0K 78643K 101 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 253 1129K 1129K 78643K 253 0 exec 0 0K 1K 78643K 1575 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 385 609K 610K 78643K 51229 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 462 0 NDP 14 0K 1K 78643K 213 0 temp 137 4694K 70224K 78643K 141146 0 kqueue 13 20K 26K 78643K 678 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 604 0 601 9 8 1 3 0 8 0 rtentry 112 554 0 448 5 1 4 4 0 8 0 unpcb 144 11949 0 11934 131 125 6 11 0 8 5 syncache 296 39 0 39 13 13 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 77 0 77 7 7 0 1 0 8 0 tcpcb 776 2415 0 2411 110 108 2 14 0 8 1 arp 88 84 0 65 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 4 0 4 1 1 0 1 0 8 0 inpcb 336 8624 0 8614 170 164 6 13 0 8 4 nd6 48 117 0 91 1 0 1 1 0 8 0 pkpcb 40 42 0 42 7 7 0 1 0 8 0 kcovpl 48 37 0 29 1 0 1 1 0 8 0 mppekey 1024 47 0 47 5 5 0 1 0 8 0 ppxss 1160 197 0 197 19 18 1 1 0 8 1 pppxif 1608 152 0 152 13 12 1 1 0 8 1 pfosfp 40 6 0 4 1 0 1 1 0 8 0 pfosfpen 112 6 0 4 1 0 1 1 0 8 0 pfanchor 1280 373 0 0 32 0 32 32 0 8 0 rttmr 136 26 0 26 4 4 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2757 0 2300 52 22 30 30 0 8 1 art_table 32 2758 0 2300 5 1 4 4 0 8 0 art_node 16 553 0 460 1 0 1 1 0 8 0 sysvmsgpl 40 64 0 52 1 0 1 1 0 8 0 semupl 112 21 0 21 1 1 0 1 0 8 0 semapl 112 2396 0 2386 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 11523 0 10071 92 0 92 92 0 8 0 ffsino 240 11523 0 10071 86 0 86 86 0 8 0 nchpl 144 21719 0 20090 63 1 62 63 0 8 0 rtmask 32 3 0 3 1 1 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 91487 0 91487 8 7 1 2 0 8 1 vcpupl 2048 164 0 0 21 0 21 21 0 8 0 vmpool 536 173 0 9 11 0 11 11 0 8 0 kstatmem 264 272 0 244 2 0 2 2 0 8 0 scsiplug 72 7 0 7 2 2 0 1 0 8 0 scxspl 216 72180 0 72180 16 15 1 8 0 8 1 plimitpl 152 1278 0 1263 1 0 1 1 0 8 0 sigapl 424 8047 0 7984 8 0 8 8 0 8 0 futexpl 64 89466 0 89464 6 5 1 1 0 8 0 knotepl 120 147703 0 147432 82 71 11 15 0 8 2 kqueuepl 184 2167 0 2156 42 41 1 4 0 8 0 pipepl 288 6626 0 6598 108 99 9 11 0 8 6 fdescpl 432 7889 0 7863 5 1 4 4 0 8 0 filepl 120 77984 0 77738 167 151 16 21 0 8 8 lockfpl 104 2636 0 2634 11 10 1 4 0 8 0 lockfspl 48 735 0 733 1 0 1 1 0 8 0 sessionpl 144 52 0 36 1 0 1 1 0 8 0 pgrppl 48 71 0 55 1 0 1 1 0 8 0 ucredpl 104 7799 0 7787 1 0 1 1 0 8 0 zombiepl 144 7985 0 7984 3 2 1 1 0 8 0 processpl 1000 8047 0 7984 12 3 9 9 0 8 0 procpl 672 20445 0 20362 21 13 8 9 0 8 0 sosppl 168 51 0 51 11 11 0 1 0 8 0 sockpl 456 21228 0 21200 588 577 11 37 0 8 7 mcl64k 65536 337 0 337 21 20 1 1 0 8 1 mcl16k 16384 114 0 114 25 25 0 1 0 8 0 mcl12k 12288 253 0 253 24 24 0 1 0 8 0 mcl9k 9216 79 0 79 18 17 1 1 0 8 1 mcl8k 8192 441 0 441 23 22 1 1 0 8 1 mcl4k 4096 1134 0 1134 13 12 1 1 0 8 1 mcl2k2 2112 78 0 78 29 28 1 1 0 8 1 mcl2k 2048 90307 0 90232 50 39 11 30 0 8 1 mtagpl 96 7673 0 6559 48 16 32 32 0 8 0 mbufpl 256 211526 0 210180 323 226 97 120 0 8 0 bufpl 288 16561 0 10157 458 0 458 458 0 8 0 anonpl 24 1523144 0 1505625 209 94 115 130 0 188 0 amapchunkpl 152 143435 0 142714 74 37 37 40 0 158 0 amappl16 200 13488 0 12904 76 44 32 43 0 8 0 amappl15 192 14 0 12 1 0 1 1 0 8 0 amappl14 184 260 0 246 2 0 2 2 0 8 0 amappl13 176 6 0 6 2 1 1 1 0 8 1 amappl12 168 752 0 747 1 0 1 1 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 67 0 55 1 0 1 1 0 8 0 amappl9 144 967 0 966 2 1 1 1 0 8 0 amappl8 136 349 0 259 4 0 4 4 0 8 0 amappl7 128 71 0 52 1 0 1 1 0 8 0 amappl6 120 585 0 570 2 1 1 2 0 8 0 amappl5 112 209 0 201 1 0 1 1 0 8 0 amappl4 104 946 0 919 1 0 1 1 0 8 0 amappl3 96 22300 0 22252 2 0 2 2 0 8 0 amappl2 88 8588 0 8520 3 1 2 3 0 8 0 amappl1 80 178543 0 177858 24 8 16 21 0 8 0 amappl 88 50406 0 50199 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 8062 0 7872 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8062 0 7872 2 0 2 2 0 8 0 vmmpekpl 168 79798 0 79713 5 0 5 5 0 8 0 vmmpepl 168 723822 0 720870 320 173 147 169 0 357 0 vmsppl 272 8061 0 7872 14 1 13 13 0 8 0 rwobjpl 24 190912 0 183132 51 3 48 49 0 8 0 pdppl 4096 16130 0 15908 580 352 228 228 0 8 6 pvpl 32 3085657 0 3063087 424 225 199 255 0 265 0 pmappl 216 8061 0 7872 11 0 11 11 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2056 0 996 31 0 31 31 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e3d7) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2d2a,ffffffff82617292,308,ffffffff8254fd3a) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807519e410) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82ac5b50) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82ac5b50) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffea80) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e3d7) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2d2a,ffffffff82617292,308,ffffffff8254fd3a) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd807519e410) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82ac5b50) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82ac5b50) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffea80) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7