panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *394152 39608 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e4717,ffffffff821fba7b,2cc,ffffffff8216bf37) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802d559d28) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff82524d58) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e4717,ffffffff821fba7b,2cc,ffffffff8216bf37) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802d559d28) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff82524d58) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffe768) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: -6 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014811d90 rbx 0xffff800014811e40 rdx 0x2 rcx 0 rax 0 r8 0xffff800014811d50 r9 0x1 r10 0 r11 0x5f0182e8ca102d32 r12 0x3000000008 r13 0xffff800014811da0 r14 0x100 r15 0x1 rip 0xffffffff821640e8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014811d80 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=394152 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffeed0,0xffff8000ffffe288 process=0xffff8000ffffc360 user=0xffff80001480d000, vmspace=0xffffffff82584c78 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 94438 34818 72205 0 3 0x3000 suspend syz-executor.0 94438 141128 72205 0 2 0x4081000 syz-executor.0 72205 99469 57555 0 3 0x82 wait syz-executor.0 44223 106965 57555 0 3 0x82 piperd syz-executor.1 88233 231374 1 0 3 0x100083 ttyin getty 21057 330402 0 0 3 0x14200 acct acct 76094 485595 0 0 3 0x14200 bored sosplice 57555 371634 82636 0 3 0x82 thrsleep syz-fuzzer 57555 391359 82636 0 3 0x4000082 thrsleep syz-fuzzer 57555 266260 82636 0 3 0x4000082 thrsleep syz-fuzzer 57555 142806 82636 0 3 0x4000082 thrsleep syz-fuzzer 57555 436341 82636 0 3 0x4000082 kqread syz-fuzzer 57555 451504 82636 0 3 0x4000082 thrsleep syz-fuzzer 57555 213818 82636 0 3 0x4000082 thrsleep syz-fuzzer 82636 181990 27905 0 3 0x10008a pause ksh 27905 363285 34695 0 3 0x92 select sshd 34695 483596 1 0 3 0x80 select sshd 92090 248929 6208 73 3 0x100090 kqread syslogd 6208 42576 1 0 3 0x100082 netio syslogd 25494 337985 1 77 3 0x100090 poll dhclient 31443 497565 1 0 3 0x80 poll dhclient 20118 412793 0 0 2 0x14200 zerothread 81580 192751 0 0 3 0x14200 aiodoned aiodoned 89732 301819 0 0 3 0x14200 syncer update 75957 397337 0 0 3 0x14200 cleaner cleaner 87419 278536 0 0 3 0x14200 reaper reaper 53758 414598 0 0 3 0x14200 pgdaemon pagedaemon 49828 332134 0 0 3 0x14200 bored crynlk 48475 244416 0 0 3 0x14200 bored crypto 56402 522255 0 0 3 0x40014200 acpi0 acpi0 79772 429103 0 0 3 0x14200 bored softnet 59253 434551 0 0 2 0x14200 systqmp 38204 442658 0 0 3 0x14200 bored systq *39608 394152 0 0 7 0x40014200 softclock 74592 21988 0 0 3 0x40014200 idle0 77057 244303 0 0 3 0x14200 bored smr 1 148392 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9598 6398K 7183K 78643K 16183 0 0 pcb 13 10K 12K 78643K 562 0 0 rtable 101 12K 13K 78643K 1848 0 0 ifaddr 92 18K 19K 78643K 474 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 154 0 0 iov 0 0K 40K 78643K 669 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1211 76K 77K 78643K 3547 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 51 0 0 VM map 29 7K 7K 78643K 42 0 0 sem 12 1K 1K 78643K 727 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 2684 0 0 sigio 0 0K 0K 78643K 46 0 0 proc 49 38K 55K 78643K 1278 0 0 subproc 32 2K 2K 78643K 272 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 268 0 0 in_multi 21 1K 2K 78643K 342 0 0 ether_multi 1 0K 0K 78643K 22 0 0 mrt 1 0K 0K 78643K 13 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 108 477K 477K 78643K 108 0 0 exec 0 0K 1K 78643K 707 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 150 217K 218K 78643K 7632 0 0 UVM aobj 130 6K 6K 78643K 140 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 573 0 0 NDP 23 0K 1K 78643K 158 0 0 temp 248 3545K 3673K 78643K 115372 0 0 kqueue 0 0K 0K 78643K 46 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 81 0 75 1 0 1 1 0 8 0 rtpcb 80 291 0 289 1 0 1 1 0 8 0 rtentry 112 368 0 335 2 0 2 2 0 8 0 unpcb 120 1610 0 1596 1 0 1 1 0 8 0 syncache 264 18 0 18 7 7 0 1 0 8 0 tcpqe 32 171 0 171 6 6 0 1 0 8 0 tcpcb 544 1469 0 1465 32 31 1 15 0 8 0 ipq 40 25 0 25 10 10 0 1 0 8 0 ipqe 40 866 0 866 10 10 0 1 0 8 0 inpcb 280 3567 0 3559 26 25 1 9 0 8 0 rttmr 72 4 0 4 3 3 0 1 0 8 0 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 6 0 6 1 1 0 1 0 8 0 nd6 48 45 0 44 4 3 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 48 0 48 12 12 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1487 0 1323 29 16 13 15 0 8 0 art_table 32 1488 0 1323 2 0 2 2 0 8 0 art_node 16 367 0 336 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 17 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 719 0 709 1 0 1 1 0 8 0 shmpl 112 138 0 10 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5680 0 4280 46 0 46 46 0 8 0 ffsino 240 5680 0 4280 83 0 83 83 0 8 0 nchpl 144 11294 0 10838 60 41 19 60 0 8 0 uvmvnodes 72 6381 0 0 117 0 117 117 0 8 0 vnodes 208 6381 0 0 336 0 336 336 0 8 0 namei 1024 37920 0 37920 2 1 1 1 0 8 1 vcpupl 1984 28 0 1 4 0 4 4 0 8 0 vmpool 520 40 0 13 3 1 2 2 0 8 0 scsiplug 64 2 0 2 2 2 0 1 0 8 0 scxspl 192 33930 0 33930 25 24 1 6 0 8 1 plimitpl 152 260 0 251 1 0 1 1 0 8 0 sigapl 432 2823 0 2810 2 0 2 2 0 8 0 futexpl 56 78275 0 78275 2 2 0 1 0 8 0 knotepl 112 909 0 890 6 5 1 3 0 8 0 kqueuepl 104 1107 0 1105 7 6 1 4 0 8 0 pipepl 112 2618 0 2599 8 7 1 2 0 8 0 fdescpl 424 2824 0 2810 2 0 2 2 0 8 0 filepl 120 27576 0 27478 24 21 3 11 0 8 0 lockfpl 104 1038 0 1037 1 0 1 1 0 8 0 lockfspl 48 328 0 327 1 0 1 1 0 8 0 sessionpl 112 41 0 31 1 0 1 1 0 8 0 pgrppl 48 63 0 53 1 0 1 1 0 8 0 ucredpl 96 3328 0 3320 1 0 1 1 0 8 0 zombiepl 144 2814 0 2813 1 0 1 1 0 8 0 processpl 864 2843 0 2813 4 0 4 4 0 8 0 procpl 632 6086 0 6049 4 0 4 4 0 8 0 sosppl 128 57 0 57 13 13 0 1 0 8 0 sockpl 384 5501 0 5478 38 35 3 14 0 8 0 mcl64k 65536 514 0 514 32 32 0 29 0 8 0 mcl16k 16384 24 0 24 11 11 0 1 0 8 0 mcl12k 12288 92 0 92 5 5 0 1 0 8 0 mcl9k 9216 61 0 61 9 9 0 1 0 8 0 mcl8k 8192 132 0 132 5 5 0 1 0 8 0 mcl4k 4096 323 0 323 5 5 0 1 0 8 0 mcl2k2 2112 28 0 28 8 8 0 1 0 8 0 mcl2k 2048 75243 0 75197 21 14 7 17 0 8 1 mtagpl 80 129 0 127 3 2 1 1 0 8 0 mbufpl 256 152645 0 152519 130 120 10 45 0 8 0 bufpl 256 18601 0 12222 400 0 400 400 0 8 0 anonpl 16 390852 0 370130 199 110 89 115 0 62 0 amapchunkpl 152 15759 0 15632 55 49 6 15 0 158 0 amappl16 192 18729 0 17354 178 109 69 82 0 8 0 amappl15 184 386 0 386 3 3 0 1 0 8 0 amappl14 176 122 0 117 1 0 1 1 0 8 0 amappl13 168 903 0 903 4 4 0 1 0 8 0 amappl12 160 573 0 569 1 0 1 1 0 8 0 amappl11 152 129 0 117 1 0 1 1 0 8 0 amappl10 144 474 0 472 1 0 1 1 0 8 0 amappl9 136 927 0 919 1 0 1 1 0 8 0 amappl8 128 458 0 423 3 1 2 2 0 8 0 amappl7 120 555 0 549 1 0 1 1 0 8 0 amappl6 112 103 0 92 1 0 1 1 0 8 0 amappl5 104 842 0 831 1 0 1 1 0 8 0 amappl4 96 3669 0 3646 1 0 1 1 0 8 0 amappl3 88 512 0 505 1 0 1 1 0 8 0 amappl2 80 21363 0 21295 3 1 2 3 0 8 0 amappl1 72 60554 0 60138 26 17 9 20 0 8 0 amappl 80 6600 0 6546 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 139 0 10 3 0 3 3 0 8 0 uaddrrnd 24 2864 0 2810 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2864 0 2810 1 0 1 1 0 8 0 vmmpekpl 168 23048 0 23013 2 0 2 2 0 8 0 vmmpepl 168 351856 0 349301 293 154 139 149 0 357 26 vmsppl 272 2823 0 2810 3 2 1 2 0 8 0 pdppl 4096 5734 0 5673 11 3 8 9 0 8 0 pvpl 32 996044 0 972736 376 174 202 285 0 265 12 pmappl 200 2863 0 2823 5 2 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 770 0 242 17 0 17 17 0 8 0