panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 315 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *254392 20194 0 0x2 0 0K ifconfig db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827cd2be,ffffffff82818b32,13b,ffffffff827e01fc) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000e68800) at tun_clone_destroy+0x278 sys/net/if_tun.c:315 if_clone_destroy(ffff80002c9f3c90) at if_clone_destroy+0x132 sys/net/if.c:1247 ifioctl(fffffd807c7865d0,80206979,ffff80002c9f3c90,ffff800021200dd0) at ifioctl+0x3b4 sys/net/if.c:1924 sys_ioctl(ffff800021200dd0,ffff80002c9f3da0,ffff80002c9f3df0) at sys_ioctl+0x4a2 syscall(ffff80002c9f3e70) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002c9f3e70) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 315 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827cd2be,ffffffff82818b32,13b,ffffffff827e01fc) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000e68800) at tun_clone_destroy+0x278 sys/net/if_tun.c:315 if_clone_destroy(ffff80002c9f3c90) at if_clone_destroy+0x132 sys/net/if.c:1247 ifioctl(fffffd807c7865d0,80206979,ffff80002c9f3c90,ffff800021200dd0) at ifioctl+0x3b4 sys/net/if.c:1924 sys_ioctl(ffff800021200dd0,ffff80002c9f3da0,ffff80002c9f3df0) at sys_ioctl+0x4a2 syscall(ffff80002c9f3e70) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002c9f3e70) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002c9f3a40 rbx 0xffffffff82b25b8f cpu_info_full_primary+0x2b8f rdx 0 rcx 0 rax 0xffff800021200dd0 r8 0 r9 0x8080808080808080 r10 0x24cfeb90817bdacf r11 0xf0ebb64aa0fd5d2d r12 0xffffffff82b25990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff81b420b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002c9f3a30 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (ifconfig) pid=254392 stat=onproc flags process=2 proc=0 pri=65, usrpri=65, nice=20 forw=0xffffffffffffffff, list=0xffff800021201b68,0xffffffff82ca0df8 process=0xffff80002fed25d0 user=0xffff80002c9ee000, vmspace=0xfffffd80089b2000 estcpu=15, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *20194 254392 5769 0 7 0x2 ifconfig 5769 86101 20017 0 3 0x10008a sigsusp sh 20017 274333 73872 0 3 0x82 wait syz-executor.0 85001 24687 1372 0 2 0x480 syz-executor.3 85001 122454 1372 0 3 0x4000080 ttyin syz-executor.3 85001 278833 1372 0 3 0x4000080 fsleep syz-executor.3 85001 184137 1372 0 3 0x4000080 fsleep syz-executor.3 21300 174123 73872 0 3 0x82 piperd syz-executor.4 68015 332814 73872 0 3 0x82 piperd syz-executor.1 72309 99345 73872 0 3 0x82 piperd syz-executor.6 38986 62356 73872 0 3 0x82 piperd syz-executor.5 71924 68911 0 0 3 0x14280 nfsidl nfsio 37786 284662 0 0 3 0x14280 nfsidl nfsio 88014 289471 0 0 3 0x14280 nfsidl nfsio 26313 134096 0 0 3 0x14280 nfsidl nfsio 20357 154338 0 0 3 0x14280 nfsidl nfsio 57419 322049 0 0 3 0x14280 nfsidl nfsio 8106 139712 0 0 3 0x14280 nfsidl nfsio 51201 318071 0 0 3 0x14280 nfsidl nfsio 36573 251358 0 0 3 0x14280 nfsidl nfsio 43005 414242 0 0 3 0x14280 nfsidl nfsio 89540 487271 0 0 3 0x14280 nfsidl nfsio 15750 481576 0 0 3 0x14280 nfsidl nfsio 11604 356446 0 0 3 0x14280 nfsidl nfsio 88169 59144 0 0 3 0x14280 nfsidl nfsio 71889 354856 0 0 3 0x14280 nfsidl nfsio 50113 225162 0 0 3 0x14280 nfsidl nfsio 71662 194222 0 0 3 0x14280 nfsidl nfsio 10534 79599 0 0 3 0x14280 nfsidl nfsio 63175 147520 0 0 3 0x14280 nfsidl nfsio 9770 348458 0 0 3 0x14280 nfsidl nfsio 57587 318794 73872 0 3 0x82 piperd syz-executor.2 23014 381597 1 0 3 0x100083 ttyin getty 52812 464868 73872 0 3 0x82 piperd syz-executor.7 1372 278280 73872 0 2 0x482 syz-executor.3 71610 80826 0 0 3 0x14200 bored sosplice 15887 464749 56493 0 2 0x100082 arp 56493 25477 1 0 3 0x10008a sigsusp sh 73872 310304 32437 0 3 0x82 thrsleep syz-fuzzer 73872 40301 32437 0 2 0x4000482 syz-fuzzer 73872 147733 32437 0 3 0x4000082 wait syz-fuzzer 73872 341687 32437 0 3 0x4000082 thrsleep syz-fuzzer 73872 32255 32437 0 3 0x4000082 thrsleep syz-fuzzer 73872 329663 32437 0 3 0x4000082 thrsleep syz-fuzzer 73872 172668 32437 0 3 0x4000082 wait syz-fuzzer 73872 492645 32437 0 3 0x4000082 thrsleep syz-fuzzer 73872 480663 32437 0 3 0x4000082 wait syz-fuzzer 73872 334609 32437 0 3 0x4000082 wait syz-fuzzer 73872 479967 32437 0 3 0x4000082 thrsleep syz-fuzzer 73872 181891 32437 0 3 0x4000082 wait syz-fuzzer 73872 332189 32437 0 3 0x4000082 kqread syz-fuzzer 73872 279346 32437 0 3 0x4000082 wait syz-fuzzer 73872 45445 32437 0 3 0x4000082 wait syz-fuzzer 73872 248527 32437 0 3 0x4000082 wait syz-fuzzer 32437 353470 62892 0 3 0x10008a sigsusp ksh 62892 73970 34514 0 3 0x9a kqread sshd 34514 214475 1 0 3 0x88 kqread sshd 10894 104498 14296 74 3 0x1100092 bpf pflogd 14296 473050 1 0 3 0x80 netio pflogd 25433 268893 90629 73 3 0x1100090 kqread syslogd 90629 431699 1 0 3 0x100082 netio syslogd 77394 433116 1 0 3 0x100080 kqread resolvd 12406 234791 48105 77 2 0x100092 dhcpleased 34850 188565 48105 77 3 0x100092 kqread dhcpleased 48105 241012 1 0 3 0x80 kqread dhcpleased 86015 299598 0 0 3 0x14200 bored smr 79361 364758 0 0 2 0x14200 zerothread 97761 229158 0 0 3 0x14200 aiodoned aiodoned 55705 418558 0 0 3 0x14200 syncer update 98323 328413 0 0 3 0x14200 cleaner cleaner 93572 129783 0 0 3 0x14200 reaper reaper 55647 515043 0 0 3 0x14200 pgdaemon pagedaemon 29274 302119 0 0 3 0x14200 bored viomb 86917 144553 0 0 3 0x40014200 acpi0 acpi0 68939 383170 0 0 7 0x40014200 idle1 22471 86201 0 0 3 0x14200 bored softnet 6069 52816 0 0 3 0x14200 bored softnet 31236 248610 0 0 3 0x14200 bored softnet 76514 441867 0 0 3 0x14200 bored softnet 87244 442389 0 0 3 0x14200 bored systqmp 41566 363864 0 0 3 0x14200 bored systq 53791 50771 0 0 3 0x40014200 bored softclock 51041 335191 0 0 3 0x40014200 idle0 1 26225 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10263 6536K 7342K 78643K 56233 0 pcb 13 18K 23K 78643K 6029 0 rtable 137 16K 19K 78643K 6871 0 ifaddr 80 32K 39K 78643K 2977 0 sysctl 3 1K 1K 78643K 11 0 counters 54 35K 36K 78643K 2600 0 ioctlops 0 0K 4K 78643K 5714 0 iov 0 0K 40K 78643K 3992 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1615 101K 101K 78643K 24674 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 17K 78643K 535 0 VM map 2 1K 1K 78643K 2 0 sem 19 21K 40K 78643K 6053 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 89K 78643K 33507 0 sigio 0 0K 0K 78643K 425 0 proc 79 103K 127K 78643K 5682 0 subproc 117 7K 7K 78643K 1905 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1745 0 in_multi 44 2K 6K 78643K 2350 0 ether_multi 1 0K 0K 78643K 166 0 mrt 1 0K 0K 78643K 188 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 259 1155K 1155K 78643K 259 0 exec 0 0K 1K 78643K 6912 0 pfkey data 0 0K 0K 78643K 49 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 487 103K 119K 78643K 217463 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1088 0 NDP 16 0K 1K 78643K 960 0 temp 147 5779K 6803K 78643K 269403 0 kqueue 12 18K 30K 78643K 2423 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 3083 0 3079 50 49 1 4 0 8 0 rtentry 112 2250 0 2206 5 2 3 4 0 8 0 unpcb 144 27821 0 27806 286 282 4 10 0 8 3 syncache 296 61 0 61 19 19 0 1 0 8 0 tcpqe 32 172 0 172 9 9 0 1 0 8 0 tcpcb 776 18708 0 18704 413 405 8 14 0 8 7 arp 120 345 0 337 1 0 1 1 0 8 0 inpcb 368 39775 0 39767 487 480 7 19 0 8 6 nd6 48 480 0 471 1 0 1 1 0 8 0 pkpcb 40 100 0 100 18 18 0 1 0 8 0 kcovpl 48 146 0 137 1 0 1 1 0 8 0 mppekey 1024 49 0 49 14 14 0 1 0 8 0 ppxss 1256 804 0 804 54 54 0 1 0 8 0 pppxif 1456 537 0 537 48 48 0 1 0 8 0 pfstscr 40 6 0 6 1 1 0 1 0 8 0 pffrag 232 376 0 374 13 12 1 1 0 482 0 pffrnode 88 375 0 373 13 12 1 1 0 8 0 pffrent 40 1056 0 1054 14 13 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1280 573 0 132 37 0 37 37 0 8 0 pfqueue 264 2 0 2 1 1 0 1 0 8 0 pfstitem 24 58 0 56 1 0 1 1 0 8 0 pfstkey 128 70 0 68 1 0 1 1 0 8 0 pfstate 384 64 0 62 3 2 1 3 0 8 0 pfrule 1344 21 0 20 2 1 1 2 0 8 0 rttmr 136 43 0 43 12 12 0 1 0 8 0 art_heap8 4096 21 0 20 18 17 1 3 0 8 0 art_heap4 256 9599 0 9371 106 81 25 31 0 8 4 art_table 32 9620 0 9391 7 3 4 4 0 8 0 art_node 16 2207 0 2170 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 3 1 0 1 1 0 8 0 semupl 112 4 0 4 2 2 0 1 0 8 0 semapl 112 6047 0 6030 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 51161 0 49600 99 0 99 99 0 8 0 ffsino 272 51161 0 49600 105 0 105 105 0 8 0 nchpl 144 100895 0 99246 63 0 63 63 0 8 0 rtmask 32 18 0 18 8 8 0 1 0 8 0 uvmvnodes 80 8540 0 0 175 0 175 175 0 8 0 vnodes 216 8540 0 0 475 0 475 475 0 8 0 namei 1024 368155 0 368155 10 9 1 2 0 8 1 percpumem 16 1313 0 1273 1 0 1 1 0 8 0 vmpool 696 207 0 207 19 19 0 1 0 8 0 kstatmem 264 1304 0 1272 3 0 3 3 0 8 0 scsiplug 72 43 0 43 14 14 0 1 0 8 0 scxspl 216 290993 0 290993 45 43 2 8 0 8 2 plimitpl 152 3881 0 3864 1 0 1 1 0 8 0 sigapl 424 33581 0 33515 13 5 8 9 0 8 0 futexpl 64 381153 0 381151 6 5 1 1 0 8 0 knotepl 120 1728 0 0 18 1 17 18 0 8 0 kqueuepl 216 6530 0 6522 111 110 1 8 0 8 0 pipepl 320 9485 0 9454 226 223 3 13 0 8 0 fdescpl 496 33519 0 33491 5 0 5 5 0 8 0 filepl 152 267580 0 267320 362 343 19 24 0 8 7 lockfpl 104 8140 0 8138 13 12 1 2 0 8 0 lockfspl 48 2940 0 2938 1 0 1 1 0 8 0 sessionpl 144 168 0 150 1 0 1 1 0 8 0 pgrppl 48 720 0 702 1 0 1 1 0 8 0 ucredpl 104 31471 0 31457 1 0 1 1 0 8 0 zombiepl 144 33515 0 33515 6 5 1 1 0 8 1 processpl 1072 33581 0 33515 5 0 5 5 0 8 0 procpl 696 84883 0 84799 24 14 10 11 0 8 1 srpgc 96 218 0 218 52 51 1 1 0 8 1 sosppl 168 365 0 365 48 48 0 1 0 8 0 sockpl 488 70960 0 70933 1332 1320 12 37 0 8 8 mcl64k 65536 11 0 0 2 0 2 2 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 15 0 0 2 0 2 2 0 8 0 mcl9k 9216 12 0 0 1 0 1 1 0 8 0 mcl8k 8192 18 0 0 3 0 3 3 0 8 0 mcl4k 4096 19 0 0 3 0 3 3 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 541 0 0 42 9 33 42 0 8 0 mtagpl 96 1628 0 0 16 0 16 16 0 8 0 mbufpl 256 5265 0 0 308 0 308 308 0 8 0 bufpl 288 61271 0 52731 612 1 611 611 0 8 0 anonpl 24 6431018 0 6414831 343 202 141 162 0 186 0 amapchunkpl 152 623555 0 622806 201 160 41 48 0 158 5 amappl16 200 58645 0 58065 332 292 40 57 0 8 6 amappl15 192 22 0 22 6 6 0 1 0 8 0 amappl14 184 586 0 570 2 1 1 2 0 8 0 amappl13 176 12 0 12 4 4 0 1 0 8 0 amappl12 168 2071 0 2064 1 0 1 1 0 8 0 amappl11 160 60 0 43 1 0 1 1 0 8 0 amappl10 152 180 0 171 1 0 1 1 0 8 0 amappl9 144 1120 0 1119 2 1 1 1 0 8 0 amappl8 136 1757 0 1533 8 0 8 8 0 8 0 amappl7 128 516 0 489 2 0 2 2 0 8 0 amappl6 120 1012 0 985 2 1 1 2 0 8 0 amappl5 112 1140 0 1130 1 0 1 1 0 8 0 amappl4 104 2417 0 2368 2 0 2 2 0 8 0 amappl3 96 96418 0 96364 2 0 2 2 0 8 0 amappl2 88 36457 0 36371 5 2 3 4 0 8 0 amappl1 80 748284 0 747525 30 11 19 28 0 8 0 amappl 88 214743 0 214531 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 33726 0 33698 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 33726 0 33698 1 0 1 1 0 8 0 vmmpekpl 168 247411 0 247344 4 0 4 4 0 8 0 vmmpepl 168 3105838 0 3102958 613 441 172 187 0 357 5 vmsppl 440 33725 0 33698 6 2 4 5 0 8 0 rwobjpl 56 779028 0 768361 209 56 153 155 0 8 1 pdppl 4096 67459 0 67396 1361 1292 69 81 0 8 6 pvpl 32 12748552 0 12726516 845 605 240 365 0 265 9 pmappl 248 33725 0 33698 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3233 0 1959 37 0 37 37 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827cd2be,ffffffff82818b32,13b,ffffffff827e01fc) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000e68800) at tun_clone_destroy+0x278 sys/net/if_tun.c:315 if_clone_destroy(ffff80002c9f3c90) at if_clone_destroy+0x132 sys/net/if.c:1247 ifioctl(fffffd807c7865d0,80206979,ffff80002c9f3c90,ffff800021200dd0) at ifioctl+0x3b4 sys/net/if.c:1924 sys_ioctl(ffff800021200dd0,ffff80002c9f3da0,ffff80002c9f3df0) at sys_ioctl+0x4a2 syscall(ffff80002c9f3e70) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002c9f3e70) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d68ff0) at sched_idle+0x417 sys/kern/kern_sched.c:175 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d68ff0) at sched_idle+0x417 sys/kern/kern_sched.c:175 end trace frame: 0x0, count: -5