)w'5ubW(⤟,<3 6c%\ hz\?LU!mɻ_?Jq^G2TzīhQ"ˮ{=3AUp)lHeQW+})JQ9jq?Oo.Ae\͞naky6F-Xjej^sd:A1j4(*ϙ!D<[,y~i{R)O,0;y/?qN>X,Ԫ{XX\Q_Z mYW>eͫ\5۱spoiG6OV`;&<bjםQ`xy,8 TC=c|"j)w'5ubW(⤟,<3 6c%\ hz\?LU!mɻ_?Jq^G2TzīhQ"ˮ{=3AUp)lHeQW+})JQ9jq?Oo.Ae\͞naky6F-Xjej^sd:A1j4(*ϙ!D<[,y~i{R)O,0;y/?qN>X,Ԫ{XX\Q_Z mYW>)w'5ubW(⤟,<3 6c%\ hz\?LU!mɻ_?Jq^G2TzīhQ"ˮ{=3AUp)lHeQW+})JQ9jq?Oo.Ae\͞naky6F-Xjej^sd:A1j4(*ϙ!D<[,y~i{R)O,0;y/?qN>X,Ԫ{XX\Q_Z mYW>)w'5ubW(⤟,<3 6c%\ hz\?LU!mɻ_?Jq^G2TzīhQ"ˮ{=3AUp)lHeQW+})JQ9jq?Oo.Ae\͞naky6F-Xjej^spanic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *217054 21145 0 0x2 0 0 ifconfig db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d2d800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002e871f60) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000216de2e0,ffff80002e872070,ffff80002e8720c0) at sys_ioctl+0x49e syscall(ffff80002e872140) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd34f0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d2d800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002e871f60) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000216de2e0,ffff80002e872070,ffff80002e8720c0) at sys_ioctl+0x49e syscall(ffff80002e872140) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd34f0, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002e871df0 rbx 0x80206979 __kernel_virt_to_phys+0x206979 rdx 0 rcx 0 rax 0xffff8000216de2e0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xaa5d36c7ce6996b3 r11 0x62f04ec3c2967b00 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff81a69eb8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e871de0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (ifconfig) pid=217054 stat=onproc flags process=2 proc=0 pri=84, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff8000216df5e8,0xffffffff82cf3498 process=0xffff8000fffeebe0 user=0xffff80002e86d000, vmspace=0xfffffd8069b7ac28 estcpu=34, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *21145 217054 15872 0 7 0x2 ifconfig 15872 428276 63936 0 3 0x10008a sigsusp sh 63936 220613 73400 0 3 0x82 wait syz-executor.0 2094 32493 73400 0 3 0x82 piperd syz-executor.2 35214 268503 0 0 3 0x14200 acct acct 92441 205143 73400 0 3 0x82 piperd syz-executor.5 93306 390226 0 0 3 0x14280 nfsidl nfsio 10773 358067 0 0 3 0x14280 nfsidl nfsio 54528 394468 0 0 3 0x14280 nfsidl nfsio 23414 240352 0 0 3 0x14280 nfsidl nfsio 43199 291602 0 0 3 0x14280 nfsidl nfsio 56549 472619 0 0 3 0x14280 nfsidl nfsio 87703 225541 0 0 3 0x14280 nfsidl nfsio 35173 105912 0 0 3 0x14280 nfsidl nfsio 86269 441103 0 0 3 0x14280 nfsidl nfsio 32429 362589 0 0 3 0x14280 nfsidl nfsio 25905 397509 0 0 3 0x14280 nfsidl nfsio 81524 218911 0 0 3 0x14280 nfsidl nfsio 88816 276427 0 0 3 0x14280 nfsidl nfsio 67107 286452 0 0 3 0x14280 nfsidl nfsio 38903 188918 0 0 3 0x14280 nfsidl nfsio 17685 287028 0 0 3 0x14280 nfsidl nfsio 78471 439204 0 0 3 0x14280 nfsidl nfsio 39804 243639 0 0 3 0x14280 nfsidl nfsio 90343 173673 0 0 3 0x14280 nfsidl nfsio 56293 503110 0 0 3 0x14280 nfsidl nfsio 47050 256007 73400 0 3 0x82 piperd syz-executor.4 84090 348636 73400 0 3 0x82 piperd syz-executor.3 208 300150 73400 0 3 0x82 piperd syz-executor.1 83772 206487 73400 0 3 0x82 piperd syz-executor.7 41967 54934 1 0 3 0x100083 ttyin getty 1988 125456 0 0 3 0x14200 bored sosplice 89825 325984 73400 0 3 0x82 piperd syz-executor.6 73400 70891 72075 0 3 0x82 thrsleep syz-fuzzer 73400 275273 72075 0 3 0x4000082 nanoslp syz-fuzzer 73400 89122 72075 0 3 0x4000082 thrsleep syz-fuzzer 73400 58360 72075 0 3 0x4000082 thrsleep syz-fuzzer 73400 53738 72075 0 3 0x4000082 wait syz-fuzzer 73400 406897 72075 0 3 0x4000082 wait syz-fuzzer 73400 396435 72075 0 3 0x4000082 thrsleep syz-fuzzer 73400 60094 72075 0 3 0x4000082 wait syz-fuzzer 73400 348940 72075 0 3 0x4000082 wait syz-fuzzer 73400 325468 72075 0 3 0x4000082 thrsleep syz-fuzzer 73400 480362 72075 0 3 0x4000082 wait syz-fuzzer 73400 380687 72075 0 3 0x4000082 wait syz-fuzzer 73400 414614 72075 0 3 0x4000082 wait syz-fuzzer 73400 64653 72075 0 3 0x4000082 wait syz-fuzzer 72075 455077 3357 0 3 0x10008a sigsusp ksh 3357 41984 22277 0 3 0x9a kqread sshd 22277 19066 1 0 3 0x88 kqread sshd 68676 292560 99216 73 3 0x1100090 kqread syslogd 99216 22739 1 0 3 0x100082 netio syslogd 93596 110634 1 0 3 0x100080 kqread resolvd 67519 400165 91760 77 2 0x100092 dhcpleased 71210 268115 91760 77 3 0x100092 kqread dhcpleased 91760 294781 1 0 3 0x80 kqread dhcpleased 95992 440799 0 0 3 0x14200 bored smr 59014 175281 0 0 2 0x14200 zerothread 85288 435267 0 0 3 0x14200 aiodoned aiodoned 81577 396118 0 0 3 0x14200 syncer update 60057 350165 0 0 3 0x14200 cleaner cleaner 24175 5524 0 0 3 0x14200 reaper reaper 60458 74859 0 0 3 0x14200 pgdaemon pagedaemon 50970 158279 0 0 3 0x14200 bored viomb 78924 227204 0 0 3 0x40014200 acpi0 acpi0 48374 271626 0 0 3 0x14200 bored softnet 74288 5409 0 0 3 0x14200 bored softnet 32457 167980 0 0 3 0x14200 bored softnet 44142 151958 0 0 3 0x14200 bored softnet 19195 148077 0 0 3 0x14200 bored systqmp 51050 138005 0 0 3 0x14200 bored systq 95571 245640 0 0 2 0x40014200 softclock 96690 309151 0 0 3 0x40014200 idle0 1 444530 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10214 6426K 7327K 78643K 17447 0 pcb 13 16K 18K 78643K 1095 0 rtable 195 15K 16K 78643K 2041 0 ifaddr 83 24K 25K 78643K 719 0 sysctl 2 0K 2K 78643K 6 0 counters 28 17K 17K 78643K 322 0 ioctlops 0 0K 2K 78643K 551 0 iov 0 0K 32K 78643K 630 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1584 99K 99K 78643K 5342 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 158 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 510 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 73K 78643K 5347 0 sigio 0 0K 0K 78643K 182 0 proc 65 67K 75K 78643K 1454 0 subproc 104 6K 7K 78643K 494 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 119 0 in_multi 75 5K 7K 78643K 714 0 ether_multi 1 0K 0K 78643K 26 0 mrt 1 0K 0K 78643K 39 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 163 731K 731K 78643K 163 0 exec 0 0K 1K 78643K 1500 0 pfkey data 0 0K 0K 78643K 4 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 283 88K 93K 78643K 34854 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 209 0 NDP 13 0K 2K 78643K 245 0 temp 132 5770K 6798K 78643K 43054 0 kqueue 12 18K 26K 78643K 519 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 690 0 687 10 8 2 3 0 8 1 rtentry 112 681 0 599 4 0 4 4 0 8 0 unpcb 144 5072 0 5059 53 48 5 9 0 8 4 syncache 296 50 0 50 13 12 1 1 0 8 1 tcpqe 32 98 0 98 7 7 0 1 0 8 0 tcpcb 776 1800 0 1796 71 65 6 14 0 8 5 arp 88 83 0 68 1 0 1 1 0 8 0 ipq 40 3 0 2 3 2 1 1 0 8 0 ipqe 40 8 0 7 3 2 1 1 0 8 0 inpcb 336 5526 0 5518 71 66 5 12 0 8 4 nd6 48 147 0 127 1 0 1 1 0 8 0 pkpcb 40 39 0 39 6 6 0 1 0 8 0 kcovpl 48 38 0 30 1 0 1 1 0 8 0 mppekey 1024 5 0 5 1 1 0 1 0 8 0 ppxss 1160 196 0 196 13 12 1 1 0 8 1 pppxif 1360 156 0 156 9 8 1 1 0 8 1 pfstscr 40 22 0 13 2 1 1 1 0 8 0 pfanchor 1280 685 110 173 47 4 43 43 0 8 0 pfqueue 264 16 0 16 4 4 0 1 0 8 0 pfstitem 24 17 0 0 1 0 1 1 0 8 0 pfstkey 128 41 0 36 2 1 1 1 0 8 0 pfstate 352 22 0 13 2 1 1 1 0 8 0 rttmr 136 8 0 8 2 2 0 1 0 8 0 art_heap8 4096 5 0 3 4 2 2 3 0 8 0 art_heap4 256 3178 0 2815 56 30 26 31 0 8 2 art_table 32 3183 0 2818 4 0 4 4 0 8 0 art_node 16 653 0 582 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 2 1 0 1 1 0 8 0 semupl 112 8 0 8 1 1 0 1 0 8 0 semapl 112 507 0 497 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 8269 0 6830 91 0 91 91 0 8 0 ffsino 240 8269 0 6830 85 0 85 85 0 8 0 nchpl 144 16949 0 15316 63 0 63 63 0 8 0 rtmask 32 1 0 1 1 1 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 61609 0 61609 6 5 1 3 0 8 1 vmpool 664 18 0 18 5 5 0 1 0 8 0 kstatmem 264 284 0 258 3 1 2 3 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 42854 0 42854 20 19 1 8 0 8 1 plimitpl 152 929 0 914 1 0 1 1 0 8 0 sigapl 424 5650 0 5589 8 0 8 8 0 8 0 futexpl 64 55570 0 55570 1 0 1 1 0 8 1 knotepl 120 64060 0 63978 39 32 7 11 0 8 1 kqueuepl 184 1385 0 1377 18 15 3 6 0 8 2 pipepl 288 1180 0 1152 19 16 3 7 0 8 1 fdescpl 432 5567 0 5544 4 0 4 4 0 8 0 filepl 120 43516 0 43283 79 62 17 20 0 8 8 lockfpl 104 1547 0 1545 5 4 1 2 0 8 0 lockfspl 48 596 0 594 1 0 1 1 0 8 0 sessionpl 144 55 0 39 1 0 1 1 0 8 0 pgrppl 48 72 0 56 1 0 1 1 0 8 0 ucredpl 104 4850 0 4840 1 0 1 1 0 8 0 zombiepl 144 5589 0 5589 4 3 1 1 0 8 1 processpl 1008 5650 0 5589 10 1 9 9 0 8 0 procpl 696 13242 0 13168 14 4 10 10 0 8 1 sosppl 168 83 0 83 13 12 1 1 0 8 1 sockpl 456 11329 0 11305 235 224 11 30 0 8 8 mcl64k 65536 164 0 164 16 15 1 1 0 8 1 mcl16k 16384 90 0 90 13 12 1 1 0 8 1 mcl12k 12288 152 0 152 18 17 1 1 0 8 1 mcl9k 9216 82 0 82 15 14 1 1 0 8 1 mcl8k 8192 237 0 237 10 9 1 1 0 8 1 mcl4k 4096 561 0 561 10 9 1 1 0 8 1 mcl2k2 2112 49 0 49 14 13 1 1 0 8 1 mcl2k 2048 85826 0 85689 50 31 19 33 0 8 0 mtagpl 96 969 0 666 15 6 9 14 0 8 0 mbufpl 256 194323 0 193820 1041 998 43 554 0 8 8 bufpl 288 11758 0 5361 458 0 458 458 0 8 0 anonpl 24 1035574 0 1021747 133 22 111 121 0 188 0 amapchunkpl 152 96323 0 95723 52 22 30 35 0 158 0 amappl16 200 8818 0 8259 46 14 32 36 0 8 0 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 263 0 249 2 1 1 2 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 741 0 738 1 0 1 1 0 8 0 amappl11 160 45 0 34 1 0 1 1 0 8 0 amappl10 152 62 0 52 1 0 1 1 0 8 0 amappl9 144 980 0 978 1 0 1 1 0 8 0 amappl8 136 283 0 210 4 1 3 3 0 8 0 amappl7 128 207 0 184 2 0 2 2 0 8 0 amappl6 120 309 0 296 2 1 1 2 0 8 0 amappl5 112 301 0 294 1 0 1 1 0 8 0 amappl4 104 854 0 829 2 1 1 2 0 8 0 amappl3 96 15046 0 15006 2 0 2 2 0 8 0 amappl2 88 6148 0 6081 3 1 2 3 0 8 0 amappl1 80 125009 0 124394 32 15 17 26 0 8 0 amappl 88 34001 0 33850 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 5585 0 5562 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5585 0 5562 1 0 1 1 0 8 0 vmmpekpl 168 42900 0 42842 3 0 3 3 0 8 0 vmmpepl 168 514844 0 512578 254 120 134 151 0 357 6 vmsppl 344 5584 0 5562 3 0 3 3 0 8 0 rwobjpl 24 133929 0 126277 48 0 48 48 0 8 0 pdppl 4096 11176 0 11124 447 385 62 68 0 8 10 pvpl 32 2131762 0 2112992 396 201 195 361 0 265 1 pmappl 216 5584 0 5562 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2393 0 1589 42 13 29 35 0 8 1 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d2d800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002e871f60) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000216de2e0,ffff80002e872070,ffff80002e8720c0) at sys_ioctl+0x49e syscall(ffff80002e872140) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd34f0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d2d800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002e871f60) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000216de2e0,ffff80002e872070,ffff80002e8720c0) at sys_ioctl+0x49e syscall(ffff80002e872140) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd34f0, count: -8