panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 758 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *515135 24703 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827861b7) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff8280282b,ffffffff828275d3,2f6,ffffffff82757424) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd8069796c48) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82d26280) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82d26280) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215e9aa0) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 758 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827861b7) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff8280282b,ffffffff828275d3,2f6,ffffffff82757424) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd8069796c48) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82d26280) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82d26280) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215e9aa0) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000215f6aa0 rbx 0 rdx 0 rcx 0 rax 0xffff8000215e9aa0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x9fefff3be99d5256 r11 0xcffc58ed1293a2d5 r12 0 r13 0xfffffd806eb526e0 r14 0 r15 0x1 rip 0xffffffff81263cec db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000215f6a90 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (softclock) tid=515135 pid=24703 tcnt=1 stat=onproc flags process=14000 proc=40000200 runpri=0, usrpri=50, slppri=0, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff8000215ea298,0xffff8000215e9808 process=0xffff8000ffffe7e0 user=0xffff8000215f1000, vmspace=0xffffffff82d2ab28 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 27335 231135 70630 0 2 0x480 syz-executor.6 27335 457682 70630 0 3 0x4000080 nanoslp syz-executor.6 43935 441163 37499 0 3 0x80 nanoslp syz-executor.5 43935 414642 37499 0 3 0x4000080 bell syz-executor.5 43935 14493 37499 0 3 0x4000080 wsevent_read syz-executor.5 48757 248630 14354 0 3 0x82 piperd syz-executor.1 73558 36201 14354 0 3 0x82 piperd syz-executor.2 56865 193444 0 0 3 0x14280 nfsidl nfsio 28548 466425 0 0 3 0x14280 nfsidl nfsio 97660 85383 0 0 3 0x14280 nfsidl nfsio 35145 139882 0 0 3 0x14280 nfsidl nfsio 50157 153898 0 0 3 0x14280 nfsidl nfsio 77632 493792 0 0 3 0x14280 nfsidl nfsio 66806 207322 0 0 3 0x14280 nfsidl nfsio 4499 245606 0 0 3 0x14280 nfsidl nfsio 53227 298547 0 0 3 0x14280 nfsidl nfsio 6937 135156 0 0 3 0x14280 nfsidl nfsio 73287 387554 0 0 3 0x14280 nfsidl nfsio 91166 438741 0 0 3 0x14280 nfsidl nfsio 12110 195150 0 0 3 0x14280 nfsidl nfsio 33599 186317 0 0 3 0x14280 nfsidl nfsio 4144 201713 0 0 3 0x14280 nfsidl nfsio 39473 352074 0 0 3 0x14280 nfsidl nfsio 67441 498575 0 0 3 0x14280 nfsidl nfsio 10967 465281 0 0 3 0x14280 nfsidl nfsio 27324 198840 0 0 3 0x14280 nfsidl nfsio 18094 141957 0 0 3 0x14280 nfsidl nfsio 15301 3432 14354 0 3 0x82 piperd syz-executor.7 6967 371530 14354 0 3 0x82 piperd syz-executor.3 5787 53103 14354 0 3 0x82 piperd syz-executor.4 29150 277332 0 0 3 0x14200 bored sosplice 37499 327251 14354 0 3 0x82 nanoslp syz-executor.5 70630 257349 14354 0 3 0x82 nanoslp syz-executor.6 14354 361652 52799 0 3 0x2000082 thrsleep syz-fuzzer 14354 402368 52799 0 3 0x6000082 thrsleep syz-fuzzer 14354 405938 52799 0 3 0x6000082 thrsleep syz-fuzzer 14354 254113 52799 0 3 0x6000082 thrsleep syz-fuzzer 14354 403016 52799 0 3 0x6000082 wait syz-fuzzer 14354 123554 52799 0 3 0x6000082 kqread syz-fuzzer 14354 250045 52799 0 3 0x6000082 wait syz-fuzzer 14354 13946 52799 0 3 0x6000082 thrsleep syz-fuzzer 14354 337552 52799 0 3 0x6000082 wait syz-fuzzer 14354 372980 52799 0 3 0x6000082 wait syz-fuzzer 14354 102163 52799 0 3 0x6000082 thrsleep syz-fuzzer 14354 8634 52799 0 3 0x6000082 wait syz-fuzzer 14354 468504 52799 0 3 0x6000082 wait syz-fuzzer 14354 492607 52799 0 3 0x6000082 wait syz-fuzzer 52799 2529 771 0 3 0x10008a sigsusp ksh 771 42326 90377 0 3 0x9a kqread sshd 60182 160012 1 0 3 0x100083 ttyin getty 90377 14000 1 0 3 0x88 kqread sshd 94105 200414 68489 73 3 0x1100090 kqread syslogd 68489 396167 1 0 3 0x100082 netio syslogd 47567 225929 1 0 3 0x100080 kqread resolvd 28700 241021 20691 77 3 0x100092 kqread dhcpleased 71414 454962 20691 77 3 0x100092 kqread dhcpleased 20691 167852 1 0 3 0x80 kqread dhcpleased 57831 286296 0 0 3 0x14200 bored smr 45799 307590 0 0 3 0x14200 pgzero zerothread 10858 274165 0 0 3 0x14200 aiodoned aiodoned 62891 422377 0 0 3 0x14200 syncer update 66343 99008 0 0 3 0x14200 cleaner cleaner 51354 254682 0 0 3 0x14200 reaper reaper 27463 42360 0 0 3 0x14200 pgdaemon pagedaemon 71706 430460 0 0 3 0x14200 bored viomb 54538 174228 0 0 3 0x40014200 acpi0 acpi0 58404 51594 0 0 3 0x14200 bored softnet3 46314 455510 0 0 3 0x14200 bored softnet2 10246 410681 0 0 3 0x14200 bored softnet1 99884 264626 0 0 3 0x14200 bored softnet0 2700 440647 0 0 3 0x14200 bored systqmp 20744 251466 0 0 3 0x14200 bored systq *24703 515135 0 0 7 0x40014200 softclock 42046 203160 0 0 3 0x40014200 idle0 1 11938 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10177 6415K 7668K 78643K 21308 0 pcb 13 12K 14K 78643K 330 0 rtable 243 7K 7K 78643K 4546 0 pf 32 9K 10K 78643K 127 0 ifaddr 44 11K 12K 78643K 115 0 ifgroup 55 2K 2K 78643K 216 0 sysctl 3 0K 0K 78643K 3 0 counters 29 17K 17K 78643K 76 0 ioctlops 0 0K 2K 78643K 166 0 iov 1 0K 24K 78643K 445 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1611 101K 101K 78643K 4590 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 43 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 663 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 81K 78643K 4351 0 sigio 0 0K 0K 78643K 2313 0 proc 56 58K 83K 78643K 755 0 subproc 104 6K 6K 78643K 182 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 83 0 in_multi 99 7K 7K 78643K 174 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 1K 78643K 1253 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 321 89K 92K 78643K 42068 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 111 0 NDP 12 0K 1K 78643K 87 0 temp 74 5912K 5988K 78643K 36975 0 kqueue 12 18K 28K 78643K 298 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 4405 0 4402 22 19 3 5 0 8 2 rtentry 112 189 0 76 4 0 4 4 0 8 0 unpcb 144 2999 0 2986 42 36 6 8 0 8 5 syncache 304 55 0 55 9 8 1 1 0 8 1 tcpqe 32 157 0 157 7 7 0 1 0 8 0 tcpcb 808 1153 0 1143 45 41 4 10 0 8 2 arp 88 31 0 12 1 0 1 1 0 8 0 ipq 40 7 0 7 3 3 0 1 0 8 0 ipqe 40 19 0 19 3 3 0 1 0 8 0 inpcb 336 2728 0 2715 42 35 7 9 0 8 4 nd6 104 46 0 20 1 0 1 1 0 8 0 pkpcb 40 8 0 8 1 1 0 1 0 8 0 kcovpl 48 14 0 6 1 0 1 1 0 8 0 ppxss 1160 14 0 14 3 3 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 747 0 281 31 1 30 31 0 8 0 art_table 32 748 0 281 4 0 4 4 0 8 0 art_node 16 181 0 78 1 0 1 1 0 8 0 sysvmsgpl 40 37 0 13 1 0 1 1 0 8 0 semapl 112 626 0 616 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 7182 0 5698 94 0 94 94 0 8 0 ffsino 240 7182 0 5698 88 0 88 88 0 8 0 nchpl 144 13198 0 12713 63 41 22 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 44259 0 44259 4 3 1 2 0 8 1 kstatmem 264 118 0 94 2 0 2 2 0 8 0 scxspl 216 42766 0 42766 12 11 1 8 1 8 1 plimitpl 152 523 0 508 1 0 1 1 0 8 0 sigapl 424 4657 0 4597 8 0 8 8 0 8 0 futexpl 64 43460 0 43460 3 2 1 1 0 8 1 knotepl 120 56078 0 56004 15 10 5 10 0 8 0 kqueuepl 184 714 0 706 13 9 4 4 0 8 3 pipepl 288 2506 0 2481 45 38 7 11 0 8 5 fdescpl 432 4619 0 4596 4 0 4 4 0 8 0 filepl 120 34709 0 34480 50 38 12 17 0 8 4 lockfpl 104 3262 0 3260 14 12 2 4 0 8 1 lockfspl 48 1465 0 1463 3 2 1 2 0 8 0 sessionpl 144 29 0 13 1 0 1 1 0 8 0 pgrppl 48 52 0 36 1 0 1 1 0 8 0 ucredpl 104 3872 0 3862 1 0 1 1 0 8 0 zombiepl 144 4598 0 4597 2 1 1 1 0 8 0 processpl 1008 4657 0 4597 11 2 9 9 0 8 0 procpl 680 11136 0 11060 14 5 9 9 0 8 1 sosppl 168 66 0 66 5 4 1 1 0 8 1 sockpl 456 10149 0 10120 177 164 13 30 0 8 8 mcl64k 65536 220 0 220 10 9 1 1 0 8 1 mcl16k 16384 104 0 104 9 8 1 1 0 8 1 mcl12k 12288 216 0 216 9 8 1 1 0 8 1 mcl9k 9216 65 0 65 12 11 1 1 0 8 1 mcl8k 8192 319 0 319 8 7 1 1 0 8 1 mcl4k 4096 813 0 813 7 6 1 4 0 8 1 mcl2k2 2112 27 0 27 9 8 1 1 0 8 1 mcl2k 2048 72488 0 72425 40 30 10 29 0 8 0 mtagpl 96 1392 0 685 25 3 22 22 0 8 1 mbufpl 256 171458 0 170621 342 274 68 124 0 8 1 bufpl 288 11213 0 4812 458 0 458 458 0 8 0 anonpl 24 595058 0 583988 186 78 108 111 0 188 11 amapchunkpl 152 134425 0 133685 68 30 38 44 0 158 3 amappl16 200 14384 0 13937 89 65 24 37 0 8 0 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 165 0 153 2 1 1 2 0 8 0 amappl13 176 10 0 10 1 1 0 1 0 8 0 amappl12 168 5349 0 5322 2 0 2 2 0 8 0 amappl11 160 61 0 48 1 0 1 1 0 8 0 amappl10 152 33 0 25 2 1 1 1 0 8 0 amappl9 144 188 0 188 11 10 1 1 0 8 1 amappl8 136 258 0 189 3 0 3 3 0 8 0 amappl7 128 72 0 59 1 0 1 1 0 8 0 amappl6 120 289 0 267 2 1 1 2 0 8 0 amappl5 112 272 0 263 1 0 1 1 0 8 0 amappl4 104 610 0 577 2 1 1 2 0 8 0 amappl3 96 27033 0 26972 3 0 3 3 0 8 0 amappl2 88 5009 0 4949 3 1 2 3 0 8 0 amappl1 80 25232 0 24734 22 11 11 22 0 8 0 amappl 88 41407 0 41214 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 4619 0 4596 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4619 0 4596 1 0 1 1 0 8 0 vmmpekpl 168 43758 0 43697 3 0 3 3 0 8 0 vmmpepl 168 289246 0 287191 185 81 104 115 0 357 0 vmsppl 368 4618 0 4596 3 0 3 3 0 8 0 rwobjpl 24 80265 0 72776 48 1 47 47 0 8 0 pdppl 4096 9244 0 9192 234 170 64 72 0 8 12 pvpl 32 1449936 0 1433734 486 279 207 357 0 265 36 pmappl 216 4618 0 4596 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1481 0 629 26 0 26 26 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827861b7) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff8280282b,ffffffff828275d3,2f6,ffffffff82757424) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd8069796c48) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82d26280) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82d26280) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215e9aa0) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827861b7) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff8280282b,ffffffff828275d3,2f6,ffffffff82757424) at __assert+0x29 sys/kern/subr_prf.c:157 arptfree(fffffd8069796c48) at arptfree+0x131 sys/netinet/if_ether.c:758 arptimer(ffffffff82d26280) at arptimer+0x88 sys/netinet/if_ether.c:135 timeout_run(ffffffff82d26280) at timeout_run+0x8f sys/kern/kern_timeout.c:640 softclock_thread(ffff8000215e9aa0) at softclock_thread+0xd4 sys/kern/kern_timeout.c:763 end trace frame: 0x0, count: -7