login: panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *463127 41359 0 0x2 0 0 ifconfig db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002b415e40 rbx 0x80206979 __kernel_virt_to_phys+0x206979 rdx 0 rcx 0 rax 0xffff800021701078 r8 0 r9 0x8080808080808080 r10 0x4fc78f09246130ea r11 0xe2ab1ad940094561 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff81a69eb8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002b415e30 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (ifconfig) pid=463127 stat=onproc flags process=2 proc=0 pri=84, usrpri=85, nice=20 forw=0xffffffffffffffff, list=0xffff800021701330,0xffffffff82cf3498 process=0xffff8000216dc7e0 user=0xffff80002b411000, vmspace=0xfffffd8069b98d80 estcpu=35, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *41359 463127 87755 0 7 0x2 ifconfig 87755 243699 99934 0 3 0x10008a sigsusp sh 99934 80403 88375 0 3 0x82 wait syz-executor.0 2427 403738 88375 0 3 0x82 piperd syz-executor.4 46101 356032 1 0 3 0x100083 ttyin getty 30745 331324 0 0 3 0x14200 acct acct 85851 414153 88375 0 3 0x82 piperd syz-executor.2 66454 503207 88375 0 3 0x82 piperd syz-executor.7 41732 413310 88375 0 3 0x82 piperd syz-executor.6 71614 512784 88375 0 3 0x82 piperd syz-executor.3 61367 56948 88375 0 3 0x82 piperd syz-executor.1 61824 162378 0 0 3 0x14280 nfsidl nfsio 40117 328973 0 0 3 0x14280 nfsidl nfsio 93869 274836 0 0 3 0x14280 nfsidl nfsio 82297 128937 0 0 3 0x14280 nfsidl nfsio 8566 327125 0 0 3 0x14280 nfsidl nfsio 16952 358227 0 0 3 0x14280 nfsidl nfsio 40315 109006 0 0 3 0x14280 nfsidl nfsio 31992 23824 0 0 3 0x14280 nfsidl nfsio 30769 424767 0 0 3 0x14280 nfsidl nfsio 29118 500453 0 0 3 0x14280 nfsidl nfsio 66832 181404 0 0 3 0x14280 nfsidl nfsio 22293 451748 0 0 3 0x14280 nfsidl nfsio 61562 9003 0 0 3 0x14280 nfsidl nfsio 96275 29955 0 0 3 0x14280 nfsidl nfsio 37712 276292 0 0 3 0x14280 nfsidl nfsio 52935 400296 0 0 3 0x14280 nfsidl nfsio 94537 179379 0 0 3 0x14280 nfsidl nfsio 43159 500438 0 0 3 0x14280 nfsidl nfsio 78985 33303 0 0 3 0x14280 nfsidl nfsio 46618 120824 0 0 3 0x14280 nfsidl nfsio 96400 207201 88375 0 3 0x82 piperd syz-executor.5 59059 237402 0 0 3 0x14200 bored sosplice 88375 352467 41949 0 3 0x82 wait syz-fuzzer 88375 3931 41949 0 3 0x4000082 nanoslp syz-fuzzer 88375 34625 41949 0 3 0x4000082 wait syz-fuzzer 88375 500608 41949 0 3 0x4000082 thrsleep syz-fuzzer 88375 308587 41949 0 3 0x4000082 wait syz-fuzzer 88375 121799 41949 0 3 0x4000082 wait syz-fuzzer 88375 269424 41949 0 3 0x4000082 thrsleep syz-fuzzer 88375 284959 41949 0 3 0x4000082 thrsleep syz-fuzzer 88375 290421 41949 0 3 0x4000082 wait syz-fuzzer 88375 411626 41949 0 3 0x4000082 wait syz-fuzzer 88375 330558 41949 0 3 0x4000082 thrsleep syz-fuzzer 88375 480524 41949 0 3 0x4000082 thrsleep syz-fuzzer 88375 449485 41949 0 3 0x4000082 wait syz-fuzzer 88375 475143 41949 0 3 0x4000082 wait syz-fuzzer 41949 204202 84337 0 3 0x10008a sigsusp ksh 84337 192770 16843 0 3 0x9a kqread sshd 16843 187441 1 0 3 0x88 kqread sshd 87112 272856 95950 73 3 0x1100090 kqread syslogd 95950 107293 1 0 3 0x100082 netio syslogd 83859 266229 1 0 3 0x100080 kqread resolvd 50444 252372 5832 77 2 0x100092 dhcpleased 47132 334117 5832 77 3 0x100092 kqread dhcpleased 5832 336751 1 0 3 0x80 kqread dhcpleased 83236 416658 0 0 3 0x14200 bored smr 99086 491767 0 0 2 0x14200 zerothread 48156 359735 0 0 3 0x14200 aiodoned aiodoned 23758 128713 0 0 3 0x14200 syncer update 33129 259724 0 0 3 0x14200 cleaner cleaner 62614 461767 0 0 3 0x14200 reaper reaper 99966 165604 0 0 3 0x14200 pgdaemon pagedaemon 4337 443884 0 0 3 0x14200 bored viomb 71096 268588 0 0 3 0x40014200 acpi0 acpi0 95391 73029 0 0 3 0x14200 bored softnet 50178 317341 0 0 3 0x14200 bored softnet 4658 326492 0 0 3 0x14200 bored softnet 6665 93455 0 0 3 0x14200 bored softnet 26563 320645 0 0 3 0x14200 bored systqmp 90194 193842 0 0 3 0x14200 bored systq 94247 519545 0 0 3 0x40014200 bored softclock 37201 207437 0 0 3 0x40014200 idle0 1 413623 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10231 6428K 7228K 78643K 20713 0 pcb 13 16K 18K 78643K 1892 0 rtable 196 15K 16K 78643K 3200 0 ifaddr 82 24K 24K 78643K 772 0 sysctl 2 0K 2K 78643K 519 0 counters 28 17K 17K 78643K 263 0 ioctlops 0 0K 4K 78643K 4390 0 iov 0 0K 28K 78643K 1229 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1592 100K 100K 78643K 20515 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 88 0 VM map 2 1K 1K 78643K 2 0 sem 13 10K 11K 78643K 135 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 65K 78643K 15002 0 sigio 0 0K 0K 78643K 153 0 proc 69 67K 75K 78643K 2105 0 subproc 104 6K 6K 78643K 767 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 265 0 in_multi 77 5K 6K 78643K 1071 0 ether_multi 1 0K 0K 78643K 44 0 mrt 1 0K 0K 78643K 56 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 1K 78643K 1682 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 326 92K 101K 78643K 96608 0 UVM aobj 32 3K 3K 78643K 35 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 340 0 NDP 13 0K 2K 78643K 309 0 temp 132 5770K 39562K 78643K 119781 0 kqueue 12 18K 24K 78643K 712 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 2318 0 2315 25 24 1 4 0 8 0 rtentry 112 936 0 855 5 2 3 4 0 8 0 unpcb 144 10943 0 10930 103 99 4 11 0 8 3 syncache 296 650 0 650 14 13 1 1 0 8 1 tcpqe 32 81 0 81 12 11 1 1 0 8 1 tcpcb 776 6351 0 6345 97 95 2 11 0 8 1 arp 88 120 0 106 1 0 1 1 0 8 0 ipq 40 5 0 5 3 3 0 1 0 8 0 ipqe 40 14 0 14 3 3 0 1 0 8 0 inpcb 336 16281 0 16271 141 139 2 16 0 8 1 nd6 48 227 0 209 1 0 1 1 0 8 0 pkpcb 40 20 0 20 6 5 1 1 0 8 1 kcovpl 48 59 0 51 1 0 1 1 0 8 0 mppekey 1024 3 0 3 1 1 0 1 0 8 0 ppxss 1160 120 0 120 10 9 1 1 0 8 1 pppxif 1360 98 0 98 8 8 0 1 0 8 0 pfstscr 40 95 0 89 2 1 1 1 0 8 0 pfanchor 1280 1096 82 584 47 4 43 43 0 8 0 pfstitem 24 19 0 7 1 0 1 1 0 8 0 pfstkey 128 187 0 179 2 1 1 1 0 8 0 pfstate 352 95 0 89 2 1 1 1 0 8 0 rttmr 136 17 0 17 7 7 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4942 0 4578 60 37 23 31 0 8 0 art_table 32 4943 0 4578 4 0 4 4 0 8 0 art_node 16 924 0 854 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 5 1 0 1 1 0 8 0 semapl 112 131 0 120 1 0 1 1 0 8 0 shmpl 112 32 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 24235 0 22805 90 0 90 90 0 8 0 ffsino 240 24235 0 22805 85 0 85 85 0 8 0 nchpl 144 46205 0 44575 63 1 62 63 0 8 0 rtmask 32 2 0 2 1 1 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 158497 0 158497 8 7 1 3 0 8 1 vmpool 664 124 0 124 9 9 0 1 0 8 0 kstatmem 264 296 0 270 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 123933 0 123933 17 16 1 8 0 8 1 plimitpl 152 1267 0 1252 1 0 1 1 0 8 0 sigapl 424 15300 0 15239 8 0 8 8 0 8 0 futexpl 64 197745 0 197745 4 3 1 1 0 8 1 knotepl 120 156947 0 156864 40 35 5 11 0 8 1 kqueuepl 184 1736 0 1728 23 22 1 4 0 8 0 pipepl 288 3448 0 3420 48 45 3 7 0 8 0 fdescpl 432 15181 0 15158 4 0 4 4 0 8 0 filepl 120 117402 0 117168 134 123 11 19 0 8 2 lockfpl 104 2091 0 2089 5 4 1 2 0 8 0 lockfspl 48 705 0 703 1 0 1 1 0 8 0 sessionpl 144 77 0 61 1 0 1 1 0 8 0 pgrppl 48 105 0 89 1 0 1 1 0 8 0 ucredpl 104 11761 0 11749 1 0 1 1 0 8 0 zombiepl 144 15239 0 15239 2 1 1 1 0 8 1 processpl 1008 15300 0 15239 10 1 9 9 0 8 0 procpl 696 35831 0 35757 12 3 9 10 0 8 0 sosppl 168 97 0 97 17 17 0 1 0 8 0 sockpl 456 29568 0 29542 522 510 12 50 0 8 8 mcl64k 65536 360 0 360 22 21 1 1 0 8 1 mcl16k 16384 234 0 234 25 25 0 1 0 8 0 mcl12k 12288 670 0 670 23 22 1 1 0 8 1 mcl9k 9216 165 0 165 27 26 1 1 0 8 1 mcl8k 8192 2613 0 2613 8 7 1 1 0 8 1 mcl4k 4096 2167 0 2167 10 9 1 1 0 8 1 mcl2k2 2112 124 0 124 25 25 0 1 0 8 0 mcl2k 2048 108335 0 108272 49 38 11 35 0 8 1 mtagpl 96 891 0 864 12 10 2 9 0 8 0 mbufpl 256 311725 0 311474 1203 1162 41 436 0 8 10 bufpl 288 25477 0 19083 457 0 457 457 0 8 0 anonpl 24 2805552 0 2791454 219 88 131 136 0 188 12 amapchunkpl 152 260518 0 259932 79 44 35 39 0 158 5 amappl16 200 27705 0 27118 124 89 35 46 0 8 3 amappl15 192 75 0 74 1 0 1 1 0 8 0 amappl14 184 383 0 369 2 0 2 2 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 1010 0 1005 1 0 1 1 0 8 0 amappl11 160 52 0 41 1 0 1 1 0 8 0 amappl10 152 90 0 80 1 0 1 1 0 8 0 amappl9 144 998 0 997 2 1 1 1 0 8 0 amappl8 136 476 0 376 4 0 4 4 0 8 0 amappl7 128 277 0 250 2 0 2 2 0 8 0 amappl6 120 452 0 434 2 1 1 2 0 8 0 amappl5 112 474 0 467 1 0 1 1 0 8 0 amappl4 104 1170 0 1140 2 1 1 2 0 8 0 amappl3 96 42248 0 42208 2 0 2 2 0 8 0 amappl2 88 17652 0 17577 3 1 2 3 0 8 0 amappl1 80 334938 0 334322 31 14 17 25 0 8 0 amappl 88 92850 0 92693 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 34 0 3 1 0 1 1 0 8 0 uaddrrnd 24 15305 0 15282 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 15305 0 15282 1 0 1 1 0 8 0 vmmpekpl 168 105665 0 105613 3 0 3 3 0 8 0 vmmpepl 168 1382310 0 1379953 282 140 142 145 0 357 13 vmsppl 344 15304 0 15282 3 0 3 3 0 8 0 rwobjpl 24 347891 0 340274 52 4 48 49 0 8 0 pdppl 4096 30616 0 30564 639 579 60 66 0 8 8 pvpl 32 5963595 0 5944387 512 271 241 286 0 265 41 pmappl 216 15304 0 15282 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2861 0 2080 36 11 25 33 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -8