panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 34351 58764 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e5822,ffffffff821fe0bc,2cc,ffffffff8216ea8c) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802bd3cd98) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff8251e040) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e5822,ffffffff821fe0bc,2cc,ffffffff8216ea8c) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802bd3cd98) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff8251e040) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: -6 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014812650 rbx 0xffff800014812700 rdx 0x2 rcx 0 rax 0 r8 0xffff800014812610 r9 0x1 r10 0 r11 0x3de47fa246a8ac3d r12 0x3000000008 r13 0xffff800014812660 r14 0x100 r15 0x1 rip 0xffffffff81605488 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014812640 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=34351 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff3c0,0xffff8000ffffe9f0 process=0xffff8000ffffc360 user=0xffff80001480d000, vmspace=0xffffffff82582420 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 69693 151176 72443 0 2 0x480 syz-executor.0 69693 381054 72443 0 3 0x4000080 ttyout syz-executor.0 69693 378891 72443 0 3 0x4000080 ttyout syz-executor.0 69693 150465 72443 0 3 0x4000080 fsleep syz-executor.0 34818 92562 44530 0 2 0x480 syz-executor.1 34818 75482 44530 0 3 0x4000080 netio syz-executor.1 34818 177266 44530 0 3 0x4000080 fsleep syz-executor.1 72443 237289 46543 0 2 0x482 syz-executor.0 44530 473863 46543 0 2 0x482 syz-executor.1 63641 315738 0 0 3 0x14200 acct acct 24556 447734 0 0 3 0x14200 bored sosplice 46543 117277 67408 0 3 0x82 thrsleep syz-fuzzer 46543 213026 67408 0 3 0x4000082 thrsleep syz-fuzzer 46543 478723 67408 0 3 0x4000082 thrsleep syz-fuzzer 46543 99925 67408 0 3 0x4000082 thrsleep syz-fuzzer 46543 232494 67408 0 3 0x4000082 thrsleep syz-fuzzer 46543 321833 67408 0 3 0x4000082 kqread syz-fuzzer 46543 42459 67408 0 3 0x4000082 thrsleep syz-fuzzer 67408 400280 72113 0 3 0x10008a pause ksh 72113 418460 47079 0 3 0x92 select sshd 68436 436208 1 0 3 0x100083 ttyopn getty 47079 358580 1 0 3 0x80 select sshd 58867 352055 12442 73 3 0x100090 kqread syslogd 12442 505552 1 0 3 0x100082 netio syslogd 54483 10249 1 77 3 0x100090 poll dhclient 18148 508686 1 0 3 0x80 poll dhclient 78521 427083 0 0 3 0x14200 pgzero zerothread 75585 306240 0 0 3 0x14200 aiodoned aiodoned 59520 417056 0 0 3 0x14200 syncer update 53255 481172 0 0 3 0x14200 cleaner cleaner 35033 369069 0 0 3 0x14200 reaper reaper 80680 362952 0 0 3 0x14200 pgdaemon pagedaemon 54968 3281 0 0 3 0x14200 bored crynlk 41591 469086 0 0 3 0x14200 bored crypto 23982 161278 0 0 3 0x40014200 acpi0 acpi0 52148 518289 0 0 3 0x14200 bored softnet 15187 360639 0 0 3 0x14200 bored systqmp 52474 60622 0 0 3 0x14200 bored systq *58764 34351 0 0 7 0x40014200 softclock 33702 97210 0 0 3 0x40014200 idle0 34480 100409 0 0 3 0x14200 bored smr 1 437767 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9619 6385K 7284K 78643K 15493 0 0 pcb 13 8K 9K 78643K 576 0 0 rtable 124 8K 9K 78643K 1922 0 0 ifaddr 87 19K 22K 78643K 564 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 193 0 0 iov 0 0K 24K 78643K 663 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1228 77K 78K 78643K 3269 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 31 0 0 VM map 29 7K 7K 78643K 35 0 0 sem 12 0K 1K 78643K 1249 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 2636 0 0 sigio 0 0K 0K 78643K 72 0 0 proc 49 38K 55K 78643K 1081 0 0 subproc 32 2K 2K 78643K 272 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 309 0 0 in_multi 30 2K 2K 78643K 383 0 0 ether_multi 1 0K 0K 78643K 15 0 0 mrt 0 0K 0K 78643K 6 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 348 1537K 1537K 78643K 348 0 0 exec 0 0K 1K 78643K 623 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 152 250K 250K 78643K 7552 0 0 UVM aobj 130 4K 4K 78643K 130 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 449 0 0 NDP 21 0K 1K 78643K 174 0 0 temp 234 3545K 3620K 78643K 50634 0 0 kqueue 0 0K 0K 78643K 16 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 77 0 69 1 0 1 1 0 8 0 rtpcb 80 259 0 257 1 0 1 1 0 8 0 rtentry 112 337 0 291 2 0 2 2 0 8 0 unpcb 120 2714 0 2704 3 2 1 2 0 8 0 syncache 264 20 0 20 7 7 0 1 0 8 0 tcpqe 32 56 0 56 5 5 0 1 0 8 0 tcpcb 544 1586 0 1582 10 9 1 2 0 8 0 ipq 40 24 0 24 7 7 0 1 0 8 0 ipqe 40 376 0 376 7 7 0 1 0 8 0 inpcb 280 3730 0 3720 12 10 2 4 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 6 0 6 1 1 0 1 0 8 0 nd6 48 39 0 36 2 1 1 1 0 8 0 pkpcb 40 18 0 18 5 5 0 1 0 8 0 swfcl 56 4 0 0 1 0 1 1 0 8 0 ppxss 1128 88 0 88 5 4 1 1 0 8 1 art_heap8 4096 6 0 5 4 3 1 3 0 8 0 art_heap4 256 1333 0 1120 29 14 15 17 0 8 0 art_table 32 1339 0 1125 3 0 3 3 0 8 0 art_node 16 334 0 291 1 0 1 1 0 8 0 sysvmsgpl 40 72 0 51 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1247 0 1237 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 6094 0 4680 46 0 46 46 0 8 0 ffsino 240 6094 0 4680 84 0 84 84 0 8 0 nchpl 144 10603 0 10110 61 40 21 61 0 8 0 uvmvnodes 72 6513 0 0 119 0 119 119 0 8 0 vnodes 208 6513 0 0 343 0 343 343 0 8 0 namei 1024 44221 0 44221 2 1 1 1 0 8 1 vcpupl 1984 27 0 0 4 0 4 4 0 8 0 vmpool 520 33 0 6 2 0 2 2 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 36670 0 36670 21 18 3 7 0 8 3 plimitpl 152 208 0 201 1 0 1 1 0 8 0 sigapl 432 2765 0 2751 2 0 2 2 0 8 0 futexpl 56 100400 0 100398 2 1 1 1 0 8 0 knotepl 112 759 0 740 3 2 1 3 0 8 0 kqueuepl 104 1348 0 1346 1 0 1 1 0 8 0 pipepl 112 2170 0 2151 6 5 1 2 0 8 0 fdescpl 424 2766 0 2751 2 0 2 2 0 8 0 filepl 120 33201 0 33098 20 15 5 8 0 8 1 lockfpl 104 1081 0 1080 1 0 1 1 0 8 0 lockfspl 48 322 0 321 1 0 1 1 0 8 0 sessionpl 112 31 0 21 1 0 1 1 0 8 0 pgrppl 48 55 0 45 1 0 1 1 0 8 0 ucredpl 96 6321 0 6313 1 0 1 1 0 8 0 zombiepl 144 2751 0 2751 1 0 1 1 0 8 1 processpl 864 2782 0 2751 4 0 4 4 0 8 0 procpl 632 6089 0 6047 4 0 4 4 0 8 0 sosppl 128 71 0 71 8 7 1 1 0 8 1 sockpl 384 6770 0 6748 23 18 5 7 0 8 2 mcl64k 65536 813 0 813 66 65 1 33 0 8 1 mcl16k 16384 47 0 47 10 9 1 1 0 8 1 mcl12k 12288 75 0 75 7 6 1 1 0 8 1 mcl9k 9216 46 0 46 9 8 1 1 0 8 1 mcl8k 8192 171 0 171 4 3 1 1 0 8 1 mcl4k 4096 509 0 509 2 1 1 1 0 8 1 mcl2k2 2112 32 0 32 10 9 1 1 0 8 1 mcl2k 2048 74005 0 73966 16 10 6 13 0 8 0 mtagpl 80 96 0 94 5 4 1 1 0 8 0 mbufpl 256 143376 0 143275 88 73 15 39 0 8 3 bufpl 256 16572 0 10060 408 0 408 408 0 8 0 anonpl 16 353380 0 334732 168 74 94 94 0 62 15 amapchunkpl 152 14791 0 14674 45 36 9 15 0 158 4 amappl16 192 16127 0 15027 139 76 63 66 0 8 5 amappl15 184 116 0 116 5 4 1 1 0 8 1 amappl14 176 240 0 235 1 0 1 1 0 8 0 amappl13 168 129 0 127 6 5 1 1 0 8 0 amappl12 160 183 0 179 1 0 1 1 0 8 0 amappl11 152 733 0 722 1 0 1 1 0 8 0 amappl10 144 282 0 280 1 0 1 1 0 8 0 amappl9 136 1763 0 1754 1 0 1 1 0 8 0 amappl8 128 1322 0 1280 2 0 2 2 0 8 0 amappl7 120 371 0 364 1 0 1 1 0 8 0 amappl6 112 707 0 698 1 0 1 1 0 8 0 amappl5 104 490 0 480 1 0 1 1 0 8 0 amappl4 96 3134 0 3105 1 0 1 1 0 8 0 amappl3 88 308 0 298 1 0 1 1 0 8 0 amappl2 80 20580 0 20506 3 1 2 3 0 8 0 amappl1 72 60295 0 59852 27 18 9 20 0 8 0 amappl 80 6601 0 6545 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 129 0 0 3 0 3 3 0 8 0 uaddrrnd 24 2799 0 2751 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2799 0 2751 1 0 1 1 0 8 0 vmmpekpl 168 21552 0 21523 2 0 2 2 0 8 0 vmmpepl 168 343989 0 341619 269 125 144 144 0 357 40 vmsppl 272 2765 0 2751 3 1 2 2 0 8 1 pdppl 4096 5604 0 5541 11 2 9 9 0 8 1 pvpl 32 947783 0 926377 415 133 282 317 0 265 100 pmappl 200 2798 0 2757 3 0 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 742 0 193 17 0 17 17 0 8 0