panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 322 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 414937 14710 0 0 0 0 syz-executor *504511 82322 0 0 0x4000000 1K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83469027) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff834162c4,ffffffff833eafbe,142,ffffffff833f4a98) at __assert+0x29 sys/kern/subr_prf.c:-1 tun_clone_destroy(ffff8000014a1000) at tun_clone_destroy+0x38a sys/net/if_tun.c:322 if_clone_destroy(ffff80003c454ff0) at if_clone_destroy+0x1d7 sys/net/if.c:1403 ifioctl(ffff800010fdf9a8,80206979,ffff80003c454ff0,ffff80002a284ce8) at ifioctl+0x5c5 sys/net/if.c:-1 sys_ioctl(ffff80002a284ce8,ffff80003c4551d0,ffff80003c455120) at sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1 syscall(ffff80003c4551d0) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4551d0) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x82f634a9290, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 322 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83469027) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff834162c4,ffffffff833eafbe,142,ffffffff833f4a98) at __assert+0x29 sys/kern/subr_prf.c:-1 tun_clone_destroy(ffff8000014a1000) at tun_clone_destroy+0x38a sys/net/if_tun.c:322 if_clone_destroy(ffff80003c454ff0) at if_clone_destroy+0x1d7 sys/net/if.c:1403 ifioctl(ffff800010fdf9a8,80206979,ffff80003c454ff0,ffff80002a284ce8) at ifioctl+0x5c5 sys/net/if.c:-1 sys_ioctl(ffff80002a284ce8,ffff80003c4551d0,ffff80003c455120) at sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1 syscall(ffff80003c4551d0) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4551d0) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x82f634a9290, count: -9 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c454da0 rbx 0xffff8000299dedd7 rdx 0 rcx 0xffff80002a284ce8 rax 0xffff8000299ddff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xd7769c3e2a5a84d1 r11 0xf4b28769d15c6ea r12 0xffff8000299debd8 r13 0 r14 0 r15 0x1 rip 0xffffffff825b2705 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c454d90 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=504511 pid=82322 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a285498,0xffff80003a406a88 process=0xffff80003a41d858 user=0xffff80003c450000, vmspace=0xfffffd806c16f798 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 62748 210945 14142 0 2 0 syz-executor 62748 233751 14142 0 3 0x4000080 fsleep syz-executor 14710 414937 67894 0 7 0 syz-executor 14710 521786 67894 0 2 0x4000080 syz-executor 82322 13567 27235 0 3 0x80 nanoslp syz-executor *82322 504511 27235 0 7 0x4000000 syz-executor 82322 195465 27235 0 3 0x4000080 fsleep syz-executor 72882 1738 91648 0 3 0x80 nanoslp syz-executor 72882 77366 91648 0 3 0x4000080 kqsel syz-executor 72882 161463 91648 0 3 0x4000080 fsleep syz-executor 74261 487319 38562 0 4 0x82000 syz-executor 74261 67719 38562 0 4 0x4082000 syz-executor 74261 500783 38562 0 2 0x4002000 syz-executor 38562 320201 45197 0 2 0x2 syz-executor 5474 349450 45197 0 3 0x2 biowait syz-executor 14142 447948 45197 0 3 0x82 nanoslp syz-executor 19281 179044 1 0 3 0x100083 ttyin getty 98154 212105 45197 0 3 0x82 nanoslp syz-executor 91648 277917 45197 0 3 0x82 nanoslp syz-executor 67894 139176 45197 0 2 0x2 syz-executor 51699 194499 45197 0 3 0x82 nanoslp syz-executor 27235 435160 45197 0 3 0x82 nanoslp syz-executor 47132 226932 0 0 3 0x14280 nfsidl nfsio 38270 197909 0 0 3 0x14280 nfsidl nfsio 70721 383505 0 0 3 0x14280 nfsidl nfsio 51304 307187 0 0 3 0x14280 nfsidl nfsio 15045 326290 0 0 3 0x14280 nfsidl nfsio 22174 366231 0 0 3 0x14280 nfsidl nfsio 90174 99064 0 0 3 0x14280 nfsidl nfsio 6709 218112 0 0 3 0x14280 nfsidl nfsio 54703 64161 0 0 3 0x14280 nfsidl nfsio 56201 70293 0 0 3 0x14280 nfsidl nfsio 94238 76014 0 0 3 0x14280 nfsidl nfsio 7875 383865 0 0 3 0x14280 nfsidl nfsio 91863 149103 0 0 3 0x14280 nfsidl nfsio 51788 210552 0 0 3 0x14280 nfsidl nfsio 95131 251004 0 0 3 0x14280 nfsidl nfsio 47908 396226 0 0 3 0x14280 nfsidl nfsio 31139 435769 0 0 3 0x14280 nfsidl nfsio 68613 269019 0 0 3 0x14280 nfsidl nfsio 64836 521318 0 0 3 0x14280 nfsidl nfsio 94989 501942 0 0 3 0x14280 nfsidl nfsio 96431 364608 0 0 3 0x14200 bored sosplice 45197 245632 75452 0 2 0x2 syz-executor 75452 439123 12980 0 3 0x10008a sigsusp ksh 12980 104998 66898 0 3 0x98 kqread sshd-session 66898 452209 18257 0 3 0x92 kqread sshd-session 18257 410759 1 0 3 0x88 kqread sshd 43202 42129 43337 74 3 0x1100092 bpf pflogd 43337 206843 1 0 3 0x80 sbwait pflogd 42889 147917 82039 73 3 0x1100090 kqread syslogd 82039 325562 1 0 3 0x100082 sbwait syslogd 20052 336468 1 0 3 0x100080 kqread resolvd 42878 149105 97971 77 2 0x100092 dhcpleased 7803 239559 97971 77 3 0x100092 kqread dhcpleased 97971 319733 1 0 3 0x80 kqread dhcpleased 60822 180167 0 0 3 0x14200 bored smr 32680 419486 0 0 2 0x14200 zerothread 78026 416502 0 0 3 0x14200 aiodoned aiodoned 53619 82395 0 0 3 0x14200 syncer update 29563 484639 0 0 3 0x14200 cleaner cleaner 63133 498652 0 0 3 0x14200 reaper reaper 26731 284961 0 0 3 0x14200 pgdaemon pagedaemon 70516 384456 0 0 3 0x14200 bored viomb 52080 3418 0 0 3 0x40014200 acpi0 acpi0 6726 523816 0 0 3 0x40014200 idle1 25874 69766 0 0 3 0x14200 bored softnet3 37327 283354 0 0 3 0x14200 bored softnet2 9698 123263 0 0 3 0x14200 bored softnet1 52063 307344 0 0 3 0x14200 bored softnet0 38628 307129 0 0 3 0x14200 bored systqmp 79176 115482 0 0 3 0x14200 syncxs systq 47477 152038 0 0 3 0x14200 tmoslp softclockmp 48252 159006 0 0 3 0x40014200 tmoslp softclock 95432 116254 0 0 3 0x40014200 idle0 1 220884 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 82322 (syz-executor) thread 0xffff80002a284ce8 (504511) Process 5474 (syz-executor) thread 0xffff80003a4062c8 (349450) Process 79176 (systq) thread 0xffff8000fffff1f0 (115482) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10259 11139K 11744K 166960K 20213 0 pcb 17 22K 30K 166960K 1849 0 rtable 214 12K 14K 166960K 2299 0 pf 43 19K 82K 166960K 591 0 ifaddr 41 8K 11K 166960K 469 0 ifgroup 62 2K 3K 166960K 706 0 sysctl 4 1K 9K 166960K 58 0 counters 76 37K 38K 166960K 830 0 ioctlops 0 0K 4K 166960K 3240 0 iov 0 0K 32K 166960K 609 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1551 97K 98K 166960K 7443 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 113 0 VM map 2 1K 1K 166960K 2 0 sem 20 3K 3K 166960K 25 0 dirhash 12 2K 3K 166960K 192 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 7718 0 sigio 0 0K 0K 166960K 223 0 proc 75 91K 140K 166960K 2101 0 subproc 72 4K 4K 166960K 321 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1272 0 in_multi 75 5K 7K 166960K 586 0 ether_multi 1 0K 0K 166960K 63 0 mrt 4 0K 0K 166960K 57 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 307 1367K 1367K 166960K 307 0 exec 0 0K 1K 166960K 1767 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 18 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 259 170K 209K 166960K 69450 0 UVM aobj 78 10K 10K 166960K 90 0 pinsyscall 42 84K 108K 166960K 9507 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 371 0 NDP 14 0K 2K 166960K 303 0 temp 93 8696K 8824K 166960K 386716 0 kqueue 15 24K 33K 166960K 1383 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle vscsiccb 40 1 0 0 1 0 1 1 0 8 0 plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 810 0 807 10 9 1 3 0 8 0 rtentry 176 760 0 676 7 1 6 6 0 8 0 unpcb 144 5374 0 5352 34 33 1 6 0 8 0 syncache 336 8 0 8 2 2 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 736 2777 0 2766 52 50 2 13 0 8 0 arp 128 136 0 118 1 0 1 1 0 8 0 inpcb 328 9158 0 9140 74 70 4 13 0 8 0 nd6 144 127 0 108 1 0 1 1 0 8 0 pkpcb 40 179 0 179 15 14 1 1 0 8 1 kcovpl 48 35 0 27 1 0 1 1 0 8 0 mppekey 1024 10 0 10 6 6 0 1 0 8 0 ppxss 1192 295 0 292 12 11 1 1 0 8 0 pppxif 1504 93 0 93 15 15 0 1 0 8 0 pfstscr 40 13 0 13 4 4 0 1 0 8 0 pffrag 232 44 0 38 1 0 1 1 0 482 0 pffrnode 88 35 0 31 1 0 1 1 0 8 0 pffrent 40 78 0 72 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 427 0 286 1 0 1 1 0 8 0 pfstkey 128 456 0 315 5 0 5 5 0 8 0 pfstate 384 444 0 304 16 1 15 16 0 8 0 pfrule 1344 57 0 52 2 1 1 2 0 8 0 rttmr 136 17 0 17 11 11 0 1 0 8 0 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 2713 0 2364 54 27 27 32 0 8 1 art_table 32 2718 0 2364 5 1 4 5 0 8 0 art_node 16 665 0 593 1 0 1 1 0 8 0 sysvmsgpl 40 117 0 110 2 1 1 1 0 8 0 semapl 112 21 0 3 1 0 1 1 0 8 0 shmpl 112 87 0 12 3 0 3 3 0 8 0 dirhash 1024 140 0 123 3 0 3 3 0 8 0 dino2pl 256 15496 0 13923 100 1 99 99 0 8 0 ffsino 288 15496 0 13923 113 0 113 113 0 8 0 nchpl 144 26106 0 25478 64 39 25 64 0 8 0 rtmask 32 31 0 30 10 9 1 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 95836 0 95836 10 9 1 2 0 8 1 percpumem 16 430 0 377 1 0 1 1 0 8 0 kstatmem 264 462 0 430 6 3 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 43 0 43 16 15 1 1 0 8 1 scxspl 216 173972 0 173970 21 20 1 8 1 8 0 plimitpl 152 2123 0 2106 1 0 1 1 0 8 0 sigapl 424 7964 0 7894 9 0 9 9 0 8 0 knotepl 120 719 0 0 18 0 18 18 0 8 0 kqueuepl 224 2811 0 2796 27 25 2 5 0 8 1 pipepl 336 1201 0 1174 25 22 3 8 0 8 0 fdescpl 520 7902 0 7871 3 0 3 3 0 8 0 filepl 160 57257 0 57034 52 37 15 21 0 8 0 lockfpl 104 2854 0 2852 2 1 1 2 0 8 0 lockfspl 48 1117 0 1115 1 0 1 1 0 8 0 sessionpl 144 57 0 48 1 0 1 1 0 8 0 pgrppl 48 241 0 224 1 0 1 1 0 8 0 ucredpl 104 10352 0 10338 1 0 1 1 0 8 0 zombiepl 144 7896 0 7894 1 0 1 1 0 8 0 processpl 1240 7964 0 7894 6 0 6 6 0 8 0 procpl 656 20321 0 20243 9 1 8 9 0 8 0 srpgc 96 66 0 66 15 14 1 1 0 8 1 sosppl 168 47 0 46 1 0 1 1 0 8 0 sockpl 728 15822 0 15779 107 101 6 19 0 8 0 mcl64k 65536 8 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 132 0 0 17 0 17 17 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 54 0 0 5 0 5 5 0 8 0 mtagpl 96 85 0 0 2 0 2 2 0 8 0 mbufpl 256 1324 0 0 76 0 76 76 0 8 0 bufpl 280 69762 0 63620 440 1 439 440 0 8 0 anonpl 32 16666 0 0 134 0 134 134 0 246 0 amapchunkpl 152 248481 0 247846 106 74 32 40 0 158 0 amappl16 200 24784 0 24693 185 165 20 33 0 8 1 amappl15 192 9 0 9 4 4 0 1 0 8 0 amappl14 184 183 0 171 1 0 1 1 0 8 0 amappl13 176 8 0 7 3 2 1 1 0 8 0 amappl12 168 8989 0 8958 3 1 2 2 0 8 0 amappl11 160 50 0 36 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 248 0 248 2 2 0 1 0 8 0 amappl8 136 89 0 85 1 0 1 1 0 8 0 amappl7 128 177 0 163 1 0 1 1 0 8 0 amappl6 120 457 0 453 1 0 1 1 0 8 0 amappl5 112 238 0 228 1 0 1 1 0 8 0 amappl4 104 438 0 416 1 0 1 1 0 8 0 amappl3 96 51055 0 50935 5 1 4 4 0 8 0 amappl2 88 1148 0 1082 2 0 2 2 0 8 0 amappl1 80 41610 0 41010 19 1 18 19 0 8 0 amappl 88 66908 0 66725 6 0 6 6 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 272 0 272 13 12 1 1 0 8 1 dma64 64 12 0 12 6 6 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 23 0 22 1 0 1 1 0 8 0 aobjpl 72 89 0 12 2 0 2 2 0 8 0 uaddrrnd 24 7902 0 7871 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7902 0 7871 1 0 1 1 0 8 0 vmmpekpl 168 53930 0 53862 4 0 4 4 0 8 0 vmmpepl 168 492377 0 490264 176 63 113 135 0 357 0 vmsppl 480 7901 0 7871 5 0 5 5 0 8 0 rwobjpl 72 122500 0 115470 147 5 142 143 0 8 0 pdppl 4096 15811 0 15742 179 106 73 87 0 8 4 pvpl 32 25997 0 0 209 0 209 209 0 265 0 pmappl 256 7901 0 7871 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 661 0 230 13 0 13 13 0 8 0 ddb{1}> machine ddbcpu 0