panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *463312 36425 0 0x2 0 0 ifconfig db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d70000) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002174c710) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff80002841b8c8,ffff80002174c820,ffff80002174c870) at sys_ioctl+0x49e syscall(ffff80002174c8f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe8d90, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d70000) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002174c710) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff80002841b8c8,ffff80002174c820,ffff80002174c870) at sys_ioctl+0x49e syscall(ffff80002174c8f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe8d90, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002174c5a0 rbx 0x80206979 __kernel_virt_to_phys+0x206979 rdx 0 rcx 0 rax 0xffff80002841b8c8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x3228e26694123e31 r11 0xf3f510c11c673f6d r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff81a69eb8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002174c590 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (ifconfig) pid=463312 stat=onproc flags process=2 proc=0 pri=83, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002841a308,0xffffffff82cf3498 process=0xffff800021720000 user=0xffff800021747000, vmspace=0xfffffd807bb36568 estcpu=33, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *36425 463312 68908 0 7 0x2 ifconfig 68908 88922 24574 0 3 0x10008a sigsusp sh 24574 481573 44863 0 3 0x82 wait syz-executor.0 80628 91532 44863 0 3 0x82 piperd syz-executor.2 27876 194344 1 0 3 0x100083 ttyin getty 63514 351374 44863 0 3 0x82 piperd syz-executor.6 44507 113259 0 0 3 0x14280 nfsidl nfsio 95935 513426 0 0 3 0x14280 nfsidl nfsio 49331 60356 0 0 3 0x14280 nfsidl nfsio 45844 77868 0 0 3 0x14280 nfsidl nfsio 79346 362831 0 0 3 0x14280 nfsidl nfsio 90969 105588 0 0 3 0x14280 nfsidl nfsio 78627 193319 0 0 3 0x14280 nfsidl nfsio 63019 226758 0 0 3 0x14280 nfsidl nfsio 27225 517310 0 0 3 0x14280 nfsidl nfsio 81420 234990 0 0 3 0x14280 nfsidl nfsio 31469 159931 0 0 3 0x14280 nfsidl nfsio 49667 452004 0 0 3 0x14280 nfsidl nfsio 30754 118711 0 0 3 0x14280 nfsidl nfsio 64179 299874 0 0 3 0x14280 nfsidl nfsio 42683 404357 0 0 3 0x14280 nfsidl nfsio 1930 342024 0 0 3 0x14280 nfsidl nfsio 83615 507635 0 0 3 0x14280 nfsidl nfsio 43627 293897 0 0 3 0x14280 nfsidl nfsio 85663 459132 0 0 3 0x14280 nfsidl nfsio 42831 231025 0 0 3 0x14280 nfsidl nfsio 20415 346964 44863 0 3 0x82 piperd syz-executor.3 91516 171826 0 0 3 0x14200 bored sosplice 16739 430394 44863 0 3 0x82 piperd syz-executor.5 38478 153748 44863 0 3 0x82 piperd syz-executor.4 90071 142443 44863 0 3 0x82 piperd syz-executor.7 57291 351427 44863 0 3 0x82 piperd syz-executor.1 44863 170798 1501 0 3 0x82 thrsleep syz-fuzzer 44863 449521 1501 0 3 0x4000082 nanoslp syz-fuzzer 44863 212284 1501 0 3 0x4000082 thrsleep syz-fuzzer 44863 44413 1501 0 3 0x4000082 wait syz-fuzzer 44863 199075 1501 0 3 0x4000082 wait syz-fuzzer 44863 323929 1501 0 3 0x4000082 thrsleep syz-fuzzer 44863 296268 1501 0 3 0x4000082 wait syz-fuzzer 44863 46904 1501 0 3 0x4000082 thrsleep syz-fuzzer 44863 125250 1501 0 3 0x4000082 wait syz-fuzzer 44863 183511 1501 0 3 0x4000082 wait syz-fuzzer 44863 298338 1501 0 3 0x4000082 thrsleep syz-fuzzer 44863 804 1501 0 3 0x4000082 wait syz-fuzzer 44863 471867 1501 0 3 0x4000082 wait syz-fuzzer 44863 522320 1501 0 3 0x4000082 wait syz-fuzzer 44863 232238 1501 0 3 0x4000082 thrsleep syz-fuzzer 1501 117183 40363 0 3 0x10008a sigsusp ksh 40363 500571 63206 0 3 0x9a kqread sshd 63206 282277 1 0 3 0x88 kqread sshd 57728 256920 44423 73 3 0x1100090 kqread syslogd 44423 6875 1 0 3 0x100082 netio syslogd 39211 58147 1 0 3 0x100080 kqread resolvd 2396 361218 53723 77 2 0x100092 dhcpleased 78923 438214 53723 77 3 0x100092 kqread dhcpleased 53723 459188 1 0 3 0x80 kqread dhcpleased 16073 46240 0 0 3 0x14200 bored smr 72969 422750 0 0 2 0x14200 zerothread 81951 287002 0 0 3 0x14200 aiodoned aiodoned 46717 461753 0 0 3 0x14200 syncer update 36263 58565 0 0 3 0x14200 cleaner cleaner 57398 502090 0 0 3 0x14200 reaper reaper 60753 20168 0 0 3 0x14200 pgdaemon pagedaemon 21063 292652 0 0 3 0x14200 bored viomb 59950 398911 0 0 3 0x40014200 acpi0 acpi0 36280 401666 0 0 3 0x14200 bored softnet 65635 256696 0 0 3 0x14200 bored softnet 63000 482745 0 0 3 0x14200 bored softnet 54750 181402 0 0 3 0x14200 bored softnet 18987 355259 0 0 3 0x14200 bored systqmp 75942 384574 0 0 3 0x14200 bored systq 17241 223003 0 0 3 0x40014200 bored softclock 40947 201949 0 0 3 0x40014200 idle0 1 325510 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10198 6420K 6871K 78643K 13808 0 pcb 13 12K 13K 78643K 214 0 rtable 175 14K 15K 78643K 539 0 ifaddr 67 19K 21K 78643K 151 0 counters 27 17K 17K 78643K 45 0 ioctlops 0 0K 2K 78643K 146 0 iov 0 0K 28K 78643K 135 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1401 88K 88K 78643K 2026 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 4 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 123 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 73K 78643K 1059 0 sigio 0 0K 0K 78643K 81 0 proc 64 67K 83K 78643K 620 0 subproc 104 6K 6K 78643K 169 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 313 0 in_multi 74 5K 6K 78643K 181 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 121 546K 546K 78643K 121 0 exec 0 0K 1K 78643K 536 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 251 83K 98K 78643K 8324 0 UVM aobj 10 2K 2K 78643K 10 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 95 0 NDP 11 0K 2K 78643K 55 0 temp 113 5767K 6785K 78643K 11723 0 kqueue 12 18K 22K 78643K 94 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 62 0 59 1 0 1 1 0 8 0 rtentry 112 175 0 99 4 0 4 4 0 8 0 unpcb 144 1389 0 1376 25 24 1 8 0 8 0 syncache 296 10 0 10 2 2 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 526 0 526 3 3 0 2 0 8 0 tcpcb 776 256 0 252 14 13 1 7 0 8 0 arp 88 29 0 15 1 0 1 1 0 8 0 inpcb 336 901 0 893 20 18 2 7 0 8 1 nd6 48 39 0 21 1 0 1 1 0 8 0 kcovpl 48 13 0 5 1 0 1 1 0 8 0 ppxss 1160 6 0 6 2 2 0 1 0 8 0 pfstscr 40 5 0 4 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfqueue 264 3 0 3 1 1 0 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 10 0 8 1 0 1 1 0 8 0 pfstate 352 5 0 4 1 0 1 1 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 779 0 447 34 7 27 29 0 8 3 art_table 32 781 0 448 4 0 4 4 0 8 0 art_node 16 174 0 109 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 8 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 119 0 109 1 0 1 1 0 8 0 shmpl 112 7 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2681 0 1247 90 0 90 90 0 8 0 ffsino 240 2681 0 1247 85 0 85 85 0 8 0 nchpl 144 4385 0 2755 63 0 63 63 0 8 0 uvmvnodes 80 3396 0 0 70 0 70 70 0 8 0 vnodes 216 3396 0 0 189 0 189 189 0 8 0 namei 1024 16018 0 16018 4 3 1 3 0 8 1 vmpool 664 5 0 5 1 1 0 1 0 8 0 kstatmem 264 56 0 34 2 0 2 2 0 8 0 scxspl 216 17851 0 17851 14 12 2 8 0 8 2 plimitpl 152 196 0 181 1 0 1 1 0 8 0 sigapl 424 1359 0 1299 8 0 8 8 0 8 0 futexpl 64 10436 0 10436 2 1 1 1 0 8 1 knotepl 120 13931 0 13849 4 0 4 4 0 8 0 kqueuepl 184 190 0 182 2 1 1 2 0 8 0 pipepl 288 523 0 495 12 9 3 9 0 8 1 fdescpl 432 1322 0 1299 4 0 4 4 0 8 0 filepl 120 9890 0 9657 28 20 8 15 0 8 0 lockfpl 104 243 0 241 2 1 1 2 0 8 0 lockfspl 48 50 0 48 1 0 1 1 0 8 0 sessionpl 144 29 0 13 1 0 1 1 0 8 0 pgrppl 48 32 0 16 1 0 1 1 0 8 0 ucredpl 104 1074 0 1064 1 0 1 1 0 8 0 zombiepl 144 1299 0 1299 1 0 1 1 0 8 1 processpl 1008 1359 0 1299 10 1 9 9 0 8 0 procpl 696 2796 0 2722 11 2 9 9 0 8 0 sosppl 168 20 0 20 2 2 0 1 0 8 0 sockpl 456 2352 0 2328 98 93 5 28 0 8 2 mcl64k 65536 35 0 35 4 3 1 1 0 8 1 mcl16k 16384 26 0 26 4 3 1 1 0 8 1 mcl12k 12288 44 0 44 7 6 1 1 0 8 1 mcl9k 9216 10 0 10 2 2 0 1 0 8 0 mcl8k 8192 73 0 73 5 4 1 1 0 8 1 mcl4k 4096 101 0 101 6 5 1 1 0 8 1 mcl2k2 2112 5 0 5 3 2 1 1 0 8 1 mcl2k 2048 77800 0 77720 65 53 12 33 0 8 0 mtagpl 96 96 0 24 3 1 2 2 0 8 0 mbufpl 256 130577 0 130267 34 12 22 22 0 8 1 bufpl 288 6369 0 148 445 0 445 445 0 8 0 anonpl 24 315708 0 301898 157 32 125 131 0 188 15 amapchunkpl 152 31161 0 30565 53 16 37 40 0 158 6 amappl16 200 4132 0 3587 41 10 31 40 0 8 0 amappl15 192 9 0 8 1 0 1 1 0 8 0 amappl14 184 169 0 157 2 1 1 2 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 448 0 444 1 0 1 1 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 37 0 27 1 0 1 1 0 8 0 amappl9 144 969 0 967 1 0 1 1 0 8 0 amappl8 136 176 0 121 2 0 2 2 0 8 0 amappl7 128 145 0 123 2 0 2 2 0 8 0 amappl6 120 173 0 160 2 1 1 2 0 8 0 amappl5 112 155 0 148 1 0 1 1 0 8 0 amappl4 104 526 0 497 2 1 1 2 0 8 0 amappl3 96 3272 0 3234 2 0 2 2 0 8 0 amappl2 88 1721 0 1655 3 0 3 3 0 8 0 amappl1 80 31950 0 31337 26 10 16 26 0 8 0 amappl 88 7788 0 7646 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 9 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1327 0 1304 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1327 0 1304 1 0 1 1 0 8 0 vmmpekpl 168 16305 0 16253 3 0 3 3 0 8 0 vmmpepl 168 131496 0 129268 177 46 131 146 0 357 13 vmsppl 344 1326 0 1304 3 0 3 3 0 8 0 rwobjpl 24 38992 0 34030 31 0 31 31 0 8 0 pdppl 4096 2660 0 2608 150 90 60 68 0 8 8 pvpl 32 696620 0 677903 360 97 263 360 0 265 72 pmappl 216 1326 0 1304 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 966 0 210 22 0 22 22 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d70000) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002174c710) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff80002841b8c8,ffff80002174c820,ffff80002174c870) at sys_ioctl+0x49e syscall(ffff80002174c8f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe8d90, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000d70000) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002174c710) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff80002841b8c8,ffff80002174c820,ffff80002174c870) at sys_ioctl+0x49e syscall(ffff80002174c8f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe8d90, count: -8