panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *397058 13530 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257d2ca) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4da8,ffffffff8261822e,308,ffffffff825534b6) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806f389d90) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a831d8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a831d8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffed20) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 776 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257d2ca) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4da8,ffffffff8261822e,308,ffffffff825534b6) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806f389d90) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a831d8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a831d8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffed20) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800021683f90 rbx 0 rdx 0 rcx 0 rax 0xffff8000ffffed20 r8 0x101010101010101 r9 0x8080808080808080 r10 0x59dfa9e577c51827 r11 0x829c9b95bd6b92d8 r12 0 r13 0xfffffd806ec15d10 r14 0 r15 0x1 rip 0xffffffff8134cd68 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021683f80 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=397058 stat=onproc flags process=14000 proc=40000200 pri=50, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffefc0,0xffff8000ffffe010 process=0xffff8000ffffcfc0 user=0xffff80002167f000, vmspace=0xffffffff82a7ca58 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 87751 67655 35756 0 3 0x2 biowait syz-executor.2 95815 293899 35756 0 3 0x82 piperd syz-executor.3 18209 474578 1 0 3 0x100083 ttyin getty 47874 273953 35756 0 3 0x82 piperd syz-executor.0 91801 39610 0 0 3 0x14280 nfsidl nfsio 86529 231897 0 0 3 0x14280 nfsidl nfsio 22152 9139 0 0 3 0x14280 nfsidl nfsio 18950 99610 0 0 3 0x14280 nfsidl nfsio 10379 59368 0 0 3 0x14280 nfsidl nfsio 57643 235439 0 0 3 0x14280 nfsidl nfsio 53130 101407 0 0 3 0x14280 nfsidl nfsio 13570 477580 0 0 3 0x14280 nfsidl nfsio 94886 397283 0 0 3 0x14280 nfsidl nfsio 26889 76670 0 0 3 0x14280 nfsidl nfsio 49529 115156 0 0 3 0x14280 nfsidl nfsio 55308 454947 0 0 3 0x14280 nfsidl nfsio 91501 448859 0 0 3 0x14280 nfsidl nfsio 25736 38139 0 0 3 0x14280 nfsidl nfsio 86223 35342 0 0 3 0x14280 nfsidl nfsio 8519 393058 0 0 3 0x14280 nfsidl nfsio 4637 397613 0 0 3 0x14280 nfsidl nfsio 47789 249349 0 0 3 0x14280 nfsidl nfsio 95349 100170 0 0 3 0x14280 nfsidl nfsio 15292 257447 0 0 3 0x14280 nfsidl nfsio 7627 508849 35756 0 3 0x82 piperd syz-executor.7 650 148070 0 0 2 0x14600 acct 10335 363388 0 0 3 0x14200 bored sosplice 35756 427727 99480 0 3 0x82 wait syz-fuzzer 35756 378793 99480 0 3 0x4000082 nanoslp syz-fuzzer 35756 16774 99480 0 3 0x4000082 wait syz-fuzzer 35756 199623 99480 0 3 0x4000082 wait syz-fuzzer 35756 475917 99480 0 3 0x4000082 thrsleep syz-fuzzer 35756 318207 99480 0 3 0x4000082 thrsleep syz-fuzzer 35756 257020 99480 0 3 0x4000082 thrsleep syz-fuzzer 35756 355045 99480 0 3 0x4000082 thrsleep syz-fuzzer 35756 426867 99480 0 3 0x4000082 wait syz-fuzzer 35756 416772 99480 0 3 0x4000082 wait syz-fuzzer 35756 71292 99480 0 3 0x4000082 thrsleep syz-fuzzer 35756 403745 99480 0 2 0x4000482 syz-fuzzer 35756 192589 99480 0 3 0x4000082 wait syz-fuzzer 35756 334683 99480 0 3 0x4000082 wait syz-fuzzer 99480 246039 61335 0 3 0x10008a sigsusp ksh 61335 153529 25781 0 3 0x9a kqread sshd 25781 291420 1 0 3 0x88 kqread sshd 51730 464178 59552 73 3 0x1100010 ffs_fsync syslogd 59552 205195 1 0 3 0x100082 netio syslogd 23712 470386 1 0 3 0x100080 kqread resolvd 93980 368909 0 0 3 0x14200 bored smr 80291 298287 0 0 2 0x14200 zerothread 55318 496410 0 0 3 0x14200 aiodoned aiodoned 46675 16222 0 0 2 0x14600 update 8463 73808 0 0 3 0x14200 cleaner cleaner 37087 274375 0 0 2 0x14200 reaper 39826 497181 0 0 3 0x14200 pgdaemon pagedaemon 71965 344643 0 0 3 0x14200 bored viomb 97 509043 0 0 3 0x40014200 acpi0 acpi0 91405 214633 0 0 3 0x14200 bored softnet 89556 333418 0 0 3 0x14200 bored softnet 30087 515844 0 0 3 0x14200 bored softnet 75315 286318 0 0 3 0x14200 bored softnet 8521 295060 0 0 2 0x14200 systqmp 4430 65890 0 0 3 0x14200 bored systq *13530 397058 0 0 7 0x40014200 softclock 44179 388657 0 0 3 0x40014200 idle0 1 380621 0 0 3 0x82 wait init 0 0 -1 0 2 0x10200 swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10216 6425K 7215K 78643K 13831 0 pcb 13 16K 18K 78643K 1968 0 rtable 153 15K 16K 78643K 2881 0 ifaddr 79 19K 23K 78643K 1142 0 sysctl 3 1K 5K 78643K 38 0 counters 25 17K 17K 78643K 350 0 ioctlops 0 0K 4K 78643K 1723 0 iov 0 0K 24K 78643K 2075 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1627 102K 103K 78643K 7292 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 83 0 VM map 2 0K 0K 78643K 2 0 sem 13 10K 20K 78643K 1595 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 8 22K 73K 78643K 9977 0 sigio 0 0K 0K 78643K 136 0 proc 52 42K 75K 78643K 2363 0 subproc 65 4K 6K 78643K 757 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 626 0 in_multi 42 2K 6K 78643K 1038 0 ether_multi 1 0K 0K 78643K 82 0 mrt 1 0K 0K 78643K 33 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 277 1235K 1235K 78643K 277 0 exec 0 0K 1K 78643K 2700 0 pfkey data 0 0K 0K 78643K 5 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 436 882K 892K 78643K 67139 0 UVM aobj 131 4K 4K 78643K 143 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 335 0 NDP 12 0K 2K 78643K 367 0 temp 125 4690K 70226K 78643K 145389 0 kqueue 6 10K 22K 78643K 1031 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 925 0 924 15 14 1 3 0 8 0 rtentry 112 903 0 846 4 1 3 4 0 8 0 unpcb 144 11391 0 11385 126 125 1 10 0 8 0 syncache 296 79 0 79 17 17 0 1 0 8 0 tcpqe 32 168 0 168 18 18 0 1 0 8 0 tcpcb 776 3947 0 3943 150 149 1 14 0 8 0 arp 88 122 0 112 1 0 1 1 0 8 0 ipq 40 46 0 46 4 4 0 1 0 8 0 ipqe 40 175 0 175 4 4 0 1 0 8 0 inpcb 336 10495 0 10491 178 177 1 15 0 8 0 nd6 48 198 0 185 1 0 1 1 0 8 0 pkpcb 40 15 0 15 3 3 0 1 0 8 0 kcovpl 48 58 0 53 1 0 1 1 0 8 0 mppekey 1024 5 0 5 2 2 0 1 0 8 0 ppxss 1160 139 0 139 26 26 0 1 0 8 0 pppxif 1352 95 0 95 21 21 0 1 0 8 0 pfstscr 40 97 0 81 1 0 1 1 0 8 0 pfanchor 1280 19 0 0 2 0 2 2 0 8 0 pfstitem 24 40 0 14 1 0 1 1 0 8 0 pfstkey 128 180 0 167 1 0 1 1 0 8 0 pfstate 352 90 0 77 4 2 2 2 0 8 0 rttmr 136 9 0 9 2 2 0 1 0 8 0 art_heap8 4096 16 0 14 10 8 2 3 0 8 0 art_heap4 256 4123 0 3857 61 41 20 30 0 8 2 art_table 32 4139 0 3871 4 0 4 4 0 8 0 art_node 16 902 0 853 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 5 1 0 1 1 0 8 0 semupl 112 4 0 4 2 2 0 1 0 8 0 semapl 112 1581 0 1570 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 17009 0 15529 93 0 93 93 0 8 0 ffsino 240 17009 0 15529 88 0 88 88 0 8 0 nchpl 144 31572 0 29948 63 0 63 63 0 8 0 uvmvnodes 80 5929 0 0 121 0 121 121 0 8 0 vnodes 216 5929 0 0 330 0 330 330 0 8 0 namei 1024 133760 0 133759 11 10 1 2 0 8 0 vcpupl 2048 217 0 0 28 0 28 28 0 8 0 vmpool 536 262 0 45 15 0 15 15 0 8 0 kstatmem 264 472 0 448 4 1 3 3 0 8 0 scsiplug 72 8 0 8 3 3 0 1 0 8 0 scxspl 216 80658 0 80656 20 19 1 8 0 8 0 plimitpl 152 1392 0 1377 1 0 1 1 0 8 0 sigapl 424 10275 0 10216 8 0 8 8 0 8 0 futexpl 64 107500 0 107500 2 2 0 1 0 8 0 knotepl 120 142342 0 142284 83 79 4 11 0 8 0 kqueuepl 184 2638 0 2633 35 34 1 7 0 8 0 pipepl 288 2614 0 2590 40 37 3 11 0 8 0 fdescpl 432 10157 0 10141 5 2 3 4 0 8 0 filepl 120 94781 0 94620 159 150 9 19 0 8 0 lockfpl 104 5857 0 5856 7 6 1 2 0 8 0 lockfspl 48 1822 0 1821 1 0 1 1 0 8 0 sessionpl 144 76 0 62 1 0 1 1 0 8 0 pgrppl 48 213 0 199 1 0 1 1 0 8 0 ucredpl 104 13410 0 13400 1 0 1 1 0 8 0 zombiepl 144 10223 0 10216 3 2 1 1 0 8 0 processpl 1008 10275 0 10216 10 1 9 9 0 8 0 procpl 672 27099 0 27020 10 1 9 9 0 8 0 sosppl 168 108 0 108 17 17 0 1 0 8 0 sockpl 456 22922 0 22910 594 591 3 32 0 8 0 mcl64k 65536 353 0 353 28 28 0 1 0 8 0 mcl16k 16384 214 0 214 20 20 0 1 0 8 0 mcl12k 12288 320 0 320 24 24 0 1 0 8 0 mcl9k 9216 121 0 121 26 26 0 1 0 8 0 mcl8k 8192 610 0 610 23 23 0 1 0 8 0 mcl4k 4096 1380 0 1380 14 14 0 1 0 8 0 mcl2k2 2112 83 0 83 28 28 0 1 0 8 0 mcl2k 2048 93988 0 93943 51 44 7 32 0 8 0 mtagpl 96 54 0 54 6 6 0 1 0 8 0 mbufpl 256 264168 0 264112 1668 1658 10 964 0 8 0 bufpl 288 20187 0 13781 458 0 458 458 0 8 0 anonpl 24 1995413 0 1976491 333 156 177 183 0 188 59 amapchunkpl 152 189064 0 188162 143 90 53 59 0 158 15 amappl16 200 17294 0 16642 125 90 35 47 0 8 0 amappl15 192 14 0 10 1 0 1 1 0 8 0 amappl14 184 294 0 287 1 0 1 1 0 8 0 amappl13 176 5 0 4 1 0 1 1 0 8 0 amappl12 168 1011 0 1005 1 0 1 1 0 8 0 amappl11 160 45 0 41 1 0 1 1 0 8 0 amappl10 152 79 0 70 1 0 1 1 0 8 0 amappl9 144 989 0 989 13 13 0 1 0 8 0 amappl8 136 521 0 449 4 1 3 3 0 8 0 amappl7 128 271 0 250 2 0 2 2 0 8 0 amappl6 120 398 0 382 1 0 1 1 0 8 0 amappl5 112 442 0 439 1 0 1 1 0 8 0 amappl4 104 1152 0 1122 2 1 1 2 0 8 0 amappl3 96 29105 0 29064 2 0 2 2 0 8 0 amappl2 88 11309 0 11262 3 1 2 3 0 8 0 amappl1 80 230355 0 229816 22 8 14 22 0 8 0 amappl 88 65744 0 65533 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 10419 0 10183 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10419 0 10183 2 0 2 2 0 8 0 vmmpekpl 168 80609 0 80523 5 0 5 5 0 8 0 vmmpepl 168 947547 0 944912 408 250 158 163 0 357 21 vmsppl 272 10418 0 10182 20 3 17 17 0 8 0 rwobjpl 24 246368 0 238704 55 7 48 49 0 8 0 pdppl 4096 20844 0 20581 857 590 267 275 0 8 4 pvpl 32 3876562 0 3851256 611 307 304 314 0 265 91 pmappl 216 10418 0 10182 14 0 14 14 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3656 0 2657 56 25 31 54 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257d2ca) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4da8,ffffffff8261822e,308,ffffffff825534b6) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806f389d90) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a831d8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a831d8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffed20) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257d2ca) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4da8,ffffffff8261822e,308,ffffffff825534b6) at __assert+0x25 sys/kern/subr_prf.c:157 arptfree(fffffd806f389d90) at arptfree+0x12d sys/netinet/if_ether.c:776 arptimer(ffffffff82a831d8) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82a831d8) at timeout_run+0x8b sys/kern/kern_timeout.c:641 softclock_thread(ffff8000ffffed20) at softclock_thread+0xf4 sys/kern/kern_timeout.c:765 end trace frame: 0x0, count: -7