login: panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*463127 41359 0 0x2 0 0 ifconfig
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157
tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315
if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247
sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e
syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffbc80, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157
tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315
if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247
sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e
syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffbc80, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002b415e40
rbx 0x80206979 __kernel_virt_to_phys+0x206979
rdx 0
rcx 0
rax 0xffff800021701078
r8 0
r9 0x8080808080808080
r10 0x4fc78f09246130ea
r11 0xe2ab1ad940094561
r12 0
r13 0
r14 0
r15 0x1
rip 0xffffffff81a69eb8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002b415e30
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (ifconfig) pid=463127 stat=onproc
flags process=2<EXEC> proc=0
pri=84, usrpri=85, nice=20
forw=0xffffffffffffffff, list=0xffff800021701330,0xffffffff82cf3498
process=0xffff8000216dc7e0 user=0xffff80002b411000, vmspace=0xfffffd8069b98d80
estcpu=35, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*41359 463127 87755 0 7 0x2 ifconfig
87755 243699 99934 0 3 0x10008a sigsusp sh
99934 80403 88375 0 3 0x82 wait syz-executor.0
2427 403738 88375 0 3 0x82 piperd syz-executor.4
46101 356032 1 0 3 0x100083 ttyin getty
30745 331324 0 0 3 0x14200 acct acct
85851 414153 88375 0 3 0x82 piperd syz-executor.2
66454 503207 88375 0 3 0x82 piperd syz-executor.7
41732 413310 88375 0 3 0x82 piperd syz-executor.6
71614 512784 88375 0 3 0x82 piperd syz-executor.3
61367 56948 88375 0 3 0x82 piperd syz-executor.1
61824 162378 0 0 3 0x14280 nfsidl nfsio
40117 328973 0 0 3 0x14280 nfsidl nfsio
93869 274836 0 0 3 0x14280 nfsidl nfsio
82297 128937 0 0 3 0x14280 nfsidl nfsio
8566 327125 0 0 3 0x14280 nfsidl nfsio
16952 358227 0 0 3 0x14280 nfsidl nfsio
40315 109006 0 0 3 0x14280 nfsidl nfsio
31992 23824 0 0 3 0x14280 nfsidl nfsio
30769 424767 0 0 3 0x14280 nfsidl nfsio
29118 500453 0 0 3 0x14280 nfsidl nfsio
66832 181404 0 0 3 0x14280 nfsidl nfsio
22293 451748 0 0 3 0x14280 nfsidl nfsio
61562 9003 0 0 3 0x14280 nfsidl nfsio
96275 29955 0 0 3 0x14280 nfsidl nfsio
37712 276292 0 0 3 0x14280 nfsidl nfsio
52935 400296 0 0 3 0x14280 nfsidl nfsio
94537 179379 0 0 3 0x14280 nfsidl nfsio
43159 500438 0 0 3 0x14280 nfsidl nfsio
78985 33303 0 0 3 0x14280 nfsidl nfsio
46618 120824 0 0 3 0x14280 nfsidl nfsio
96400 207201 88375 0 3 0x82 piperd syz-executor.5
59059 237402 0 0 3 0x14200 bored sosplice
88375 352467 41949 0 3 0x82 wait syz-fuzzer
88375 3931 41949 0 3 0x4000082 nanoslp syz-fuzzer
88375 34625 41949 0 3 0x4000082 wait syz-fuzzer
88375 500608 41949 0 3 0x4000082 thrsleep syz-fuzzer
88375 308587 41949 0 3 0x4000082 wait syz-fuzzer
88375 121799 41949 0 3 0x4000082 wait syz-fuzzer
88375 269424 41949 0 3 0x4000082 thrsleep syz-fuzzer
88375 284959 41949 0 3 0x4000082 thrsleep syz-fuzzer
88375 290421 41949 0 3 0x4000082 wait syz-fuzzer
88375 411626 41949 0 3 0x4000082 wait syz-fuzzer
88375 330558 41949 0 3 0x4000082 thrsleep syz-fuzzer
88375 480524 41949 0 3 0x4000082 thrsleep syz-fuzzer
88375 449485 41949 0 3 0x4000082 wait syz-fuzzer
88375 475143 41949 0 3 0x4000082 wait syz-fuzzer
41949 204202 84337 0 3 0x10008a sigsusp ksh
84337 192770 16843 0 3 0x9a kqread sshd
16843 187441 1 0 3 0x88 kqread sshd
87112 272856 95950 73 3 0x1100090 kqread syslogd
95950 107293 1 0 3 0x100082 netio syslogd
83859 266229 1 0 3 0x100080 kqread resolvd
50444 252372 5832 77 2 0x100092 dhcpleased
47132 334117 5832 77 3 0x100092 kqread dhcpleased
5832 336751 1 0 3 0x80 kqread dhcpleased
83236 416658 0 0 3 0x14200 bored smr
99086 491767 0 0 2 0x14200 zerothread
48156 359735 0 0 3 0x14200 aiodoned aiodoned
23758 128713 0 0 3 0x14200 syncer update
33129 259724 0 0 3 0x14200 cleaner cleaner
62614 461767 0 0 3 0x14200 reaper reaper
99966 165604 0 0 3 0x14200 pgdaemon pagedaemon
4337 443884 0 0 3 0x14200 bored viomb
71096 268588 0 0 3 0x40014200 acpi0 acpi0
95391 73029 0 0 3 0x14200 bored softnet
50178 317341 0 0 3 0x14200 bored softnet
4658 326492 0 0 3 0x14200 bored softnet
6665 93455 0 0 3 0x14200 bored softnet
26563 320645 0 0 3 0x14200 bored systqmp
90194 193842 0 0 3 0x14200 bored systq
94247 519545 0 0 3 0x40014200 bored softclock
37201 207437 0 0 3 0x40014200 idle0
1 413623 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10231 6428K 7228K 78643K 20713 0
pcb 13 16K 18K 78643K 1892 0
rtable 196 15K 16K 78643K 3200 0
ifaddr 82 24K 24K 78643K 772 0
sysctl 2 0K 2K 78643K 519 0
counters 28 17K 17K 78643K 263 0
ioctlops 0 0K 4K 78643K 4390 0
iov 0 0K 28K 78643K 1229 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1592 100K 100K 78643K 20515 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 88 0
VM map 2 1K 1K 78643K 2 0
sem 13 10K 11K 78643K 135 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 12 41K 65K 78643K 15002 0
sigio 0 0K 0K 78643K 153 0
proc 69 67K 75K 78643K 2105 0
subproc 104 6K 6K 78643K 767 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 265 0
in_multi 77 5K 6K 78643K 1071 0
ether_multi 1 0K 0K 78643K 44 0
mrt 1 0K 0K 78643K 56 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 241 1076K 1076K 78643K 241 0
exec 0 0K 1K 78643K 1682 0
pfkey data 0 0K 0K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 326 92K 101K 78643K 96608 0
UVM aobj 32 3K 3K 78643K 35 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 340 0
NDP 13 0K 2K 78643K 309 0
temp 132 5770K 39562K 78643K 119781 0
kqueue 12 18K 24K 78643K 712 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 2318 0 2315 25 24 1 4 0 8 0
rtentry 112 936 0 855 5 2 3 4 0 8 0
unpcb 144 10943 0 10930 103 99 4 11 0 8 3
syncache 296 650 0 650 14 13 1 1 0 8 1
tcpqe 32 81 0 81 12 11 1 1 0 8 1
tcpcb 776 6351 0 6345 97 95 2 11 0 8 1
arp 88 120 0 106 1 0 1 1 0 8 0
ipq 40 5 0 5 3 3 0 1 0 8 0
ipqe 40 14 0 14 3 3 0 1 0 8 0
inpcb 336 16281 0 16271 141 139 2 16 0 8 1
nd6 48 227 0 209 1 0 1 1 0 8 0
pkpcb 40 20 0 20 6 5 1 1 0 8 1
kcovpl 48 59 0 51 1 0 1 1 0 8 0
mppekey 1024 3 0 3 1 1 0 1 0 8 0
ppxss 1160 120 0 120 10 9 1 1 0 8 1
pppxif 1360 98 0 98 8 8 0 1 0 8 0
pfstscr 40 95 0 89 2 1 1 1 0 8 0
pfanchor 1280 1096 82 584 47 4 43 43 0 8 0
pfstitem 24 19 0 7 1 0 1 1 0 8 0
pfstkey 128 187 0 179 2 1 1 1 0 8 0
pfstate 352 95 0 89 2 1 1 1 0 8 0
rttmr 136 17 0 17 7 7 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 4942 0 4578 60 37 23 31 0 8 0
art_table 32 4943 0 4578 4 0 4 4 0 8 0
art_node 16 924 0 854 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 5 1 0 1 1 0 8 0
semapl 112 131 0 120 1 0 1 1 0 8 0
shmpl 112 32 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 24235 0 22805 90 0 90 90 0 8 0
ffsino 240 24235 0 22805 85 0 85 85 0 8 0
nchpl 144 46205 0 44575 63 1 62 63 0 8 0
rtmask 32 2 0 2 1 1 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 158497 0 158497 8 7 1 3 0 8 1
vmpool 664 124 0 124 9 9 0 1 0 8 0
kstatmem 264 296 0 270 2 0 2 2 0 8 0
scsiplug 72 3 0 3 1 1 0 1 0 8 0
scxspl 216 123933 0 123933 17 16 1 8 0 8 1
plimitpl 152 1267 0 1252 1 0 1 1 0 8 0
sigapl 424 15300 0 15239 8 0 8 8 0 8 0
futexpl 64 197745 0 197745 4 3 1 1 0 8 1
knotepl 120 156947 0 156864 40 35 5 11 0 8 1
kqueuepl 184 1736 0 1728 23 22 1 4 0 8 0
pipepl 288 3448 0 3420 48 45 3 7 0 8 0
fdescpl 432 15181 0 15158 4 0 4 4 0 8 0
filepl 120 117402 0 117168 134 123 11 19 0 8 2
lockfpl 104 2091 0 2089 5 4 1 2 0 8 0
lockfspl 48 705 0 703 1 0 1 1 0 8 0
sessionpl 144 77 0 61 1 0 1 1 0 8 0
pgrppl 48 105 0 89 1 0 1 1 0 8 0
ucredpl 104 11761 0 11749 1 0 1 1 0 8 0
zombiepl 144 15239 0 15239 2 1 1 1 0 8 1
processpl 1008 15300 0 15239 10 1 9 9 0 8 0
procpl 696 35831 0 35757 12 3 9 10 0 8 0
sosppl 168 97 0 97 17 17 0 1 0 8 0
sockpl 456 29568 0 29542 522 510 12 50 0 8 8
mcl64k 65536 360 0 360 22 21 1 1 0 8 1
mcl16k 16384 234 0 234 25 25 0 1 0 8 0
mcl12k 12288 670 0 670 23 22 1 1 0 8 1
mcl9k 9216 165 0 165 27 26 1 1 0 8 1
mcl8k 8192 2613 0 2613 8 7 1 1 0 8 1
mcl4k 4096 2167 0 2167 10 9 1 1 0 8 1
mcl2k2 2112 124 0 124 25 25 0 1 0 8 0
mcl2k 2048 108335 0 108272 49 38 11 35 0 8 1
mtagpl 96 891 0 864 12 10 2 9 0 8 0
mbufpl 256 311725 0 311474 1203 1162 41 436 0 8 10
bufpl 288 25477 0 19083 457 0 457 457 0 8 0
anonpl 24 2805552 0 2791454 219 88 131 136 0 188 12
amapchunkpl 152 260518 0 259932 79 44 35 39 0 158 5
amappl16 200 27705 0 27118 124 89 35 46 0 8 3
amappl15 192 75 0 74 1 0 1 1 0 8 0
amappl14 184 383 0 369 2 0 2 2 0 8 0
amappl13 176 6 0 6 1 1 0 1 0 8 0
amappl12 168 1010 0 1005 1 0 1 1 0 8 0
amappl11 160 52 0 41 1 0 1 1 0 8 0
amappl10 152 90 0 80 1 0 1 1 0 8 0
amappl9 144 998 0 997 2 1 1 1 0 8 0
amappl8 136 476 0 376 4 0 4 4 0 8 0
amappl7 128 277 0 250 2 0 2 2 0 8 0
amappl6 120 452 0 434 2 1 1 2 0 8 0
amappl5 112 474 0 467 1 0 1 1 0 8 0
amappl4 104 1170 0 1140 2 1 1 2 0 8 0
amappl3 96 42248 0 42208 2 0 2 2 0 8 0
amappl2 88 17652 0 17577 3 1 2 3 0 8 0
amappl1 80 334938 0 334322 31 14 17 25 0 8 0
amappl 88 92850 0 92693 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 34 0 3 1 0 1 1 0 8 0
uaddrrnd 24 15305 0 15282 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 15305 0 15282 1 0 1 1 0 8 0
vmmpekpl 168 105665 0 105613 3 0 3 3 0 8 0
vmmpepl 168 1382310 0 1379953 282 140 142 145 0 357 13
vmsppl 344 15304 0 15282 3 0 3 3 0 8 0
rwobjpl 24 347891 0 340274 52 4 48 49 0 8 0
pdppl 4096 30616 0 30564 639 579 60 66 0 8 8
pvpl 32 5963595 0 5944387 512 271 241 286 0 265 41
pmappl 216 15304 0 15282 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2861 0 2080 36 11 25 33 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157
tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315
if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247
sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e
syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffbc80, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157
tun_clone_destroy(ffff800000e32800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315
if_clone_destroy(ffff80002b415fb0) at if_clone_destroy+0x132 sys/net/if.c:1247
sys_ioctl(ffff800021701078,ffff80002b4160c0,ffff80002b416110) at sys_ioctl+0x49e
syscall(ffff80002b416190) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffbc80, count: -8