panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 758 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 63695 25336 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 758 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000215f6940 rbx 0 rdx 0 rcx 0 rax 0xffff8000215ea540 r8 0x101010101010101 r9 0x8080808080808080 r10 0xbf077ebeab368f34 r11 0x69fce1e1317286d7 r12 0 r13 0xfffffd806ef28478 r14 0 r15 0x1 rip 0xffffffff813ff5fc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000215f6930 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (softclock) tid=63695 pid=25336 tcnt=1 stat=onproc flags process=14000 proc=40000200 runpri=0, usrpri=50, slppri=0, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff8000215ea7e8,0xffff8000215ea2a8 process=0xffff8000ffffefc0 user=0xffff8000215f1000, vmspace=0xffffffff82c2ecb0 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 33177 362015 33300 0 3 0x80 fsleep syz-executor.3 33177 451145 33300 0 3 0x4000080 netio syz-executor.3 20565 337995 21770 0 3 0x80 fsleep syz-executor.6 20565 225512 21770 0 3 0x4000080 netio syz-executor.6 20565 437657 21770 0 3 0x4000080 netio syz-executor.6 20565 63945 21770 0 3 0x4000080 netio syz-executor.6 48334 366229 52951 0 3 0x80 fsleep syz-executor.4 48334 228405 52951 0 3 0x4000080 netio syz-executor.4 82969 422780 86734 0 3 0x80 fsleep syz-executor.5 82969 186137 86734 0 3 0x4000080 ttyin syz-executor.5 52787 206140 75346 0 3 0x80 fsleep syz-executor.2 52787 398523 75346 0 3 0x4000080 netio syz-executor.2 75346 327896 36313 0 2 0x482 syz-executor.2 19363 25263 1 0 3 0x80 fsleep syz-executor.2 19363 162577 1 0 3 0x4000080 netio syz-executor.2 76411 465863 36313 0 3 0x82 piperd syz-executor.1 91633 148316 1 0 3 0x80 fsleep syz-executor.1 91633 301872 1 0 3 0x4000080 netio syz-executor.1 21770 429111 36313 0 2 0x482 syz-executor.6 33300 136996 36313 0 3 0x82 nanoslp syz-executor.3 52759 6496 36313 0 3 0x82 piperd syz-executor.7 86734 444237 36313 0 2 0x482 syz-executor.5 50791 123075 0 0 3 0x14200 acct acct 80573 230101 0 0 3 0x14280 nfsidl nfsio 92965 314477 0 0 3 0x14280 nfsidl nfsio 30461 216092 0 0 3 0x14280 nfsidl nfsio 16850 273997 0 0 3 0x14280 nfsidl nfsio 93565 36203 0 0 3 0x14280 nfsidl nfsio 74449 308817 0 0 3 0x14280 nfsidl nfsio 22959 76870 0 0 3 0x14280 nfsidl nfsio 94238 255436 0 0 3 0x14280 nfsidl nfsio 51362 294779 0 0 3 0x14280 nfsidl nfsio 61711 327318 0 0 3 0x14280 nfsidl nfsio 7264 123074 0 0 3 0x14280 nfsidl nfsio 12832 497427 0 0 3 0x14280 nfsidl nfsio 41197 379511 0 0 3 0x14280 nfsidl nfsio 92444 311751 0 0 3 0x14280 nfsidl nfsio 15403 286534 0 0 3 0x14280 nfsidl nfsio 60557 518737 0 0 3 0x14280 nfsidl nfsio 9204 295046 0 0 3 0x14280 nfsidl nfsio 45024 23496 0 0 3 0x14280 nfsidl nfsio 81104 73394 0 0 3 0x14280 nfsidl nfsio 84364 54712 0 0 3 0x14280 nfsidl nfsio 87357 136051 0 0 3 0x14200 bored sosplice 52951 113478 36313 0 3 0x82 nanoslp syz-executor.4 36313 86101 21546 0 3 0x2000082 thrsleep syz-fuzzer 36313 150314 21546 0 3 0x6000082 thrsleep syz-fuzzer 36313 97340 21546 0 3 0x6000082 wait syz-fuzzer 36313 313600 21546 0 3 0x6000082 thrsleep syz-fuzzer 36313 140591 21546 0 3 0x6000082 kqread syz-fuzzer 36313 384792 21546 0 3 0x6000082 wait syz-fuzzer 36313 239782 21546 0 3 0x6000082 wait syz-fuzzer 36313 213816 21546 0 3 0x6000082 wait syz-fuzzer 36313 467396 21546 0 3 0x6000082 thrsleep syz-fuzzer 36313 237852 21546 0 3 0x6000082 wait syz-fuzzer 36313 71664 21546 0 3 0x6000082 thrsleep syz-fuzzer 36313 520590 21546 0 3 0x6000082 wait syz-fuzzer 36313 296716 21546 0 3 0x6000082 wait syz-fuzzer 36313 311775 21546 0 3 0x6000082 wait syz-fuzzer 21546 217447 91928 0 3 0x10008a sigsusp ksh 91928 145945 52103 0 3 0x9a kqread sshd 39439 127415 1 0 3 0x100083 ttyin getty 52103 505061 1 0 3 0x88 kqread sshd 40566 335534 43517 73 3 0x1100090 kqread syslogd 43517 270237 1 0 3 0x100082 netio syslogd 21815 106497 1 0 3 0x100080 kqread resolvd 94999 4150 46423 77 3 0x100092 kqread dhcpleased 84962 11150 46423 77 3 0x100092 kqread dhcpleased 46423 225262 1 0 3 0x80 kqread dhcpleased 67417 522242 0 0 3 0x14200 bored smr 16333 488324 0 0 3 0x14200 pgzero zerothread 99668 372037 0 0 3 0x14200 aiodoned aiodoned 90697 519521 0 0 3 0x14200 syncer update 89160 509839 0 0 3 0x14200 cleaner cleaner 98375 279810 0 0 3 0x14200 reaper reaper 99740 517108 0 0 3 0x14200 pgdaemon pagedaemon 53470 139218 0 0 3 0x14200 bored viomb 48714 493077 0 0 3 0x40014200 acpi0 acpi0 73080 169056 0 0 3 0x14200 bored softnet3 67351 89223 0 0 3 0x14200 bored softnet2 30434 449032 0 0 3 0x14200 bored softnet1 63965 308099 0 0 3 0x14200 bored softnet0 67504 33282 0 0 3 0x14200 bored systqmp 49380 183851 0 0 3 0x14200 bored systq *25336 63695 0 0 7 0x40014200 softclock 51010 436527 0 0 3 0x40014200 idle0 1 235630 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10174 6427K 14606K 78643K 14875 0 pcb 13 14K 16K 78643K 219 0 rtable 239 7K 7K 78643K 902 0 pf 29 8K 9K 78643K 121 0 ifaddr 43 11K 12K 78643K 104 0 ifgroup 50 2K 2K 78643K 204 0 sysctl 2 0K 0K 78643K 2 0 counters 28 17K 17K 78643K 62 0 ioctlops 0 0K 2K 78643K 116 0 iov 0 0K 16K 78643K 241 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1470 92K 92K 78643K 2765 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 13K 78643K 136 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 49 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 73K 78643K 3554 0 sigio 0 0K 0K 78643K 22 0 proc 57 59K 75K 78643K 733 0 subproc 130 8K 8K 78643K 195 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 197 0 in_multi 99 7K 7K 78643K 254 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 1K 78643K 1267 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 386 107K 108K 78643K 36628 0 UVM aobj 131 4K 4K 78643K 137 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 90 0 NDP 11 0K 2K 78643K 75 0 temp 83 5912K 5990K 78643K 36114 0 kqueue 13 20K 26K 78643K 373 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 115 0 112 1 0 1 1 0 8 0 rtentry 112 194 0 83 4 0 4 4 0 8 0 unpcb 144 8886 0 8852 51 49 2 12 0 8 0 syncache 304 23 0 23 7 7 0 1 0 8 0 tcpqe 32 165 0 165 6 6 0 1 0 8 0 tcpcb 808 793 0 783 30 27 3 9 0 8 0 arp 88 33 0 14 1 0 1 1 0 8 0 inpcb 336 3074 0 3061 44 41 3 11 0 8 0 nd6 104 50 0 26 1 0 1 1 0 8 0 pkpcb 40 9 0 9 2 2 0 1 0 8 0 kcovpl 48 15 0 5 1 0 1 1 0 8 0 ppxss 1160 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 782 0 323 30 1 29 30 0 8 0 art_table 32 783 0 323 4 0 4 4 0 8 0 art_node 16 193 0 92 1 0 1 1 0 8 0 sysvmsgpl 40 35 0 0 1 0 1 1 0 8 0 semapl 112 42 0 32 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5884 0 4409 93 0 93 93 0 8 0 ffsino 240 5884 0 4409 87 0 87 87 0 8 0 nchpl 144 11325 0 10836 63 42 21 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 37866 0 37866 4 3 1 3 0 8 1 vmpool 664 42 0 42 3 3 0 1 0 8 0 kstatmem 264 90 0 68 2 0 2 2 0 8 0 scxspl 216 32083 0 32083 13 12 1 8 1 8 1 plimitpl 152 570 0 552 1 0 1 1 0 8 0 sigapl 424 3938 0 3872 8 0 8 8 0 8 0 futexpl 64 36607 0 36600 1 0 1 1 0 8 0 knotepl 120 35009 0 34930 24 21 3 10 0 8 0 kqueuepl 184 1315 0 1306 23 22 1 7 0 8 0 pipepl 288 630 0 601 12 9 3 7 0 8 0 fdescpl 432 3820 0 3792 4 0 4 4 0 8 0 filepl 120 27424 0 27131 63 51 12 21 0 8 3 lockfpl 104 867 0 864 2 1 1 2 0 8 0 lockfspl 48 314 0 311 1 0 1 1 0 8 0 sessionpl 144 30 0 12 1 0 1 1 0 8 0 pgrppl 48 74 0 56 1 0 1 1 0 8 0 ucredpl 104 3618 0 3608 1 0 1 1 0 8 0 zombiepl 144 3873 0 3872 1 0 1 1 0 8 0 processpl 1008 3938 0 3872 10 1 9 9 0 8 0 procpl 680 10241 0 10153 14 5 9 10 0 8 0 sosppl 168 50 0 50 8 7 1 1 0 8 1 sockpl 456 12087 0 12037 312 305 7 46 0 8 0 mcl64k 65536 966 0 966 2 1 1 1 0 8 1 mcl16k 16384 473 0 473 6 5 1 1 0 8 1 mcl12k 12288 142 0 142 9 8 1 1 0 8 1 mcl9k 9216 79 0 79 11 10 1 1 0 8 1 mcl8k 8192 976 0 969 8 7 1 2 0 8 0 mcl4k 4096 447 0 447 8 7 1 4 0 8 1 mcl2k2 2112 33 0 33 12 11 1 1 0 8 1 mcl2k 2048 78641 0 78593 56 48 8 29 0 8 1 mtagpl 96 397 0 365 8 4 4 7 0 8 1 mbufpl 256 185326 0 185130 163 134 29 74 0 8 3 bufpl 288 9756 0 3361 457 0 457 457 0 8 0 anonpl 24 473768 0 460121 112 25 87 103 0 188 0 amapchunkpl 152 115853 0 114990 64 26 38 42 0 158 0 amappl16 200 9577 0 9162 45 23 22 35 0 8 0 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 168 0 156 2 1 1 2 0 8 0 amappl13 176 47 0 47 2 2 0 1 0 8 0 amappl12 168 4548 0 4519 2 0 2 2 0 8 0 amappl11 160 56 0 45 1 0 1 1 0 8 0 amappl10 152 36 0 24 1 0 1 1 0 8 0 amappl9 144 627 0 626 1 0 1 1 0 8 0 amappl8 136 358 0 265 4 0 4 4 0 8 0 amappl7 128 114 0 103 1 0 1 1 0 8 0 amappl6 120 327 0 308 1 0 1 1 0 8 0 amappl5 112 534 0 526 1 0 1 1 0 8 0 amappl4 104 619 0 583 2 0 2 2 0 8 0 amappl3 96 23430 0 23344 3 0 3 3 0 8 0 amappl2 88 4132 0 4069 3 1 2 3 0 8 0 amappl1 80 22158 0 21647 22 10 12 22 0 8 0 amappl 88 35967 0 35726 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 3862 0 3834 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3862 0 3834 1 0 1 1 0 8 0 vmmpekpl 168 33572 0 33504 4 0 4 4 0 8 0 vmmpepl 168 245369 0 243090 224 119 105 127 0 357 0 vmsppl 368 3861 0 3834 3 0 3 3 0 8 0 rwobjpl 24 70573 0 63030 47 0 47 47 0 8 0 pdppl 4096 7730 0 7668 294 226 68 68 0 8 6 pvpl 32 1185342 0 1166043 386 221 165 330 0 265 0 pmappl 216 3861 0 3834 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1318 0 516 25 0 25 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8277c927) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff827fc6b1,ffffffff82821897,2f6,ffffffff8274f9eb) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd806b687a98) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82cd0e38) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82cd0e38) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215ea540) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: -7