panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 31419 95017 0 0x2 0 0 ifconfig db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cae800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff8000231687f0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000fffe7098,ffff800023168900,ffff800023168950) at sys_ioctl+0x49e syscall(ffff8000231689d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cae800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff8000231687f0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000fffe7098,ffff800023168900,ffff800023168950) at sys_ioctl+0x49e syscall(ffff8000231689d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800023168680 rbx 0x80206979 __kernel_virt_to_phys+0x206979 rdx 0 rcx 0 rax 0xffff8000fffe7098 r8 0 r9 0x8080808080808080 r10 0xf9238e60b80a64fa r11 0x3c6ff0233afe52b2 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff81a69eb8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800023168670 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (ifconfig) pid=31419 stat=onproc flags process=2 proc=0 pri=71, usrpri=71, nice=20 forw=0xffffffffffffffff, list=0xffff80002ce3eb18,0xffffffff82cf3498 process=0xffff8000ffff33b0 user=0xffff800023163000, vmspace=0xfffffd8069b5f570 estcpu=21, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *95017 31419 87910 0 7 0x2 ifconfig 87910 116411 30044 0 3 0x10008a sigsusp sh 2902 446919 70891 0 2 0 syz-executor.3 2902 87894 70891 0 2 0x4000000 syz-executor.3 30044 284408 63621 0 3 0x82 wait syz-executor.0 69272 16125 98003 0 2 0 syz-executor.5 69272 294308 98003 0 2 0x4000000 syz-executor.5 69272 386241 98003 0 3 0x4000080 fsleep syz-executor.5 71443 13424 42825 0 2 0 syz-executor.4 71443 76214 42825 0 3 0x4000080 ttyin syz-executor.4 63283 47457 48911 0 3 0x3000 suspend syz-executor.1 63283 102971 48911 0 2 0x4081000 syz-executor.1 48911 201310 63621 0 3 0x82 wait syz-executor.1 42825 401931 63621 0 2 0x482 syz-executor.4 4923 471762 63621 0 3 0x82 piperd syz-executor.7 42304 495369 63621 0 3 0x82 piperd syz-executor.2 35562 70877 63621 0 2 0x2 syz-executor.6 70891 106114 63621 0 2 0x2 syz-executor.3 98003 141393 63621 0 2 0x482 syz-executor.5 78608 193444 0 0 3 0x14280 nfsidl nfsio 49492 486436 0 0 3 0x14280 nfsidl nfsio 2409 410966 0 0 3 0x14280 nfsidl nfsio 94929 488234 0 0 3 0x14280 nfsidl nfsio 39161 404183 0 0 3 0x14280 nfsidl nfsio 20114 131024 0 0 3 0x14280 nfsidl nfsio 64898 433557 0 0 3 0x14280 nfsidl nfsio 34703 180136 0 0 3 0x14280 nfsidl nfsio 75777 307247 0 0 3 0x14280 nfsidl nfsio 51821 77566 0 0 3 0x14280 nfsidl nfsio 99369 399956 0 0 3 0x14280 nfsidl nfsio 13301 196828 0 0 3 0x14280 nfsidl nfsio 28499 254880 0 0 3 0x14280 nfsidl nfsio 89746 440467 0 0 3 0x14280 nfsidl nfsio 22226 236716 0 0 3 0x14280 nfsidl nfsio 27746 60093 0 0 3 0x14280 nfsidl nfsio 11337 130499 0 0 3 0x14280 nfsidl nfsio 89375 318285 0 0 3 0x14280 nfsidl nfsio 31783 206264 0 0 3 0x14280 nfsidl nfsio 65720 464079 0 0 3 0x14280 nfsidl nfsio 39328 409364 0 0 3 0x14200 bored sosplice 63621 181162 39681 0 3 0x82 kqread syz-fuzzer 63621 57849 39681 0 2 0x4000482 syz-fuzzer 63621 296654 39681 0 3 0x4000082 wait syz-fuzzer 63621 191195 39681 0 3 0x4000082 thrsleep syz-fuzzer 63621 38431 39681 0 3 0x4000082 thrsleep syz-fuzzer 63621 89246 39681 0 3 0x4000082 thrsleep syz-fuzzer 63621 78259 39681 0 3 0x4000082 wait syz-fuzzer 63621 88619 39681 0 3 0x4000082 wait syz-fuzzer 63621 336438 39681 0 3 0x4000082 wait syz-fuzzer 63621 130609 39681 0 3 0x4000082 wait syz-fuzzer 63621 521760 39681 0 3 0x4000082 thrsleep syz-fuzzer 63621 276261 39681 0 3 0x4000082 wait syz-fuzzer 63621 161189 39681 0 3 0x4000082 wait syz-fuzzer 63621 173795 39681 0 3 0x4000082 wait syz-fuzzer 39681 248398 51379 0 3 0x10008a sigsusp ksh 51379 394081 24459 0 3 0x9a kqread sshd 35877 496111 1 0 3 0x100083 ttyopn getty 24459 69754 1 0 3 0x88 kqread sshd 66986 112860 27171 73 3 0x1100090 kqread syslogd 27171 315532 1 0 3 0x100082 netio syslogd 55211 260520 1 0 3 0x100080 kqread resolvd 51965 301237 0 0 3 0x14200 bored smr 37313 521521 0 0 2 0x14200 zerothread 54387 493728 0 0 3 0x14200 aiodoned aiodoned 36586 447141 0 0 3 0x14200 syncer update 84929 99919 0 0 3 0x14200 cleaner cleaner 68524 157144 0 0 3 0x14200 reaper reaper 36411 338350 0 0 3 0x14200 pgdaemon pagedaemon 21641 325782 0 0 3 0x14200 bored viomb 85257 338708 0 0 3 0x40014200 acpi0 acpi0 85241 141007 0 0 3 0x14200 bored softnet 43634 167565 0 0 3 0x14200 bored softnet 40750 376860 0 0 3 0x14200 bored softnet 50113 451510 0 0 3 0x14200 bored softnet 47127 470551 0 0 3 0x14200 bored systqmp 99097 25074 0 0 3 0x14200 bored systq 5946 363421 0 0 3 0x40014200 bored softclock 96529 183481 0 0 3 0x40014200 idle0 1 396580 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10213 6434K 7053K 78643K 15603 0 pcb 13 18K 22K 78643K 2316 0 rtable 166 14K 16K 78643K 3244 0 ifaddr 69 21K 24K 78643K 1148 0 sysctl 3 1K 1K 78643K 5 0 counters 26 17K 17K 78643K 345 0 ioctlops 0 0K 4K 78643K 1632 0 iov 1 16K 40K 78643K 2471 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1521 95K 95K 78643K 7840 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 72 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 2027 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 73K 78643K 9848 0 sigio 0 0K 0K 78643K 5625 0 proc 68 51K 75K 78643K 2195 0 subproc 104 6K 6K 78643K 762 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 668 0 in_multi 60 4K 6K 78643K 1156 0 ether_multi 1 0K 0K 78643K 60 0 mrt 2 0K 0K 78643K 47 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 223 996K 996K 78643K 223 0 exec 0 0K 1K 78643K 2999 0 pfkey data 0 0K 0K 78643K 4 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 281 88K 216K 78643K 64258 0 UVM aobj 131 8K 8K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 342 0 NDP 11 0K 1K 78643K 413 0 temp 130 5770K 6794K 78643K 177343 0 kqueue 6 10K 26K 78643K 980 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 990 0 989 13 12 1 3 0 8 0 rtentry 112 1106 0 1037 4 1 3 4 0 8 0 unpcb 144 9238 0 9231 111 110 1 10 0 8 0 syncache 296 24 0 24 8 8 0 1 0 8 0 tcpqe 32 187 0 187 5 5 0 2 0 8 0 tcpcb 776 9715 0 9711 284 278 6 18 0 8 5 arp 88 137 0 125 1 0 1 1 0 8 0 ipq 40 7 0 7 3 3 0 1 0 8 0 ipqe 40 47 0 47 3 3 0 1 0 8 0 inpcb 336 19272 0 19264 260 254 6 17 0 8 4 nd6 48 211 0 199 1 0 1 1 0 8 0 pkpcb 40 24 0 24 6 6 0 1 0 8 0 kcovpl 48 58 0 50 1 0 1 1 0 8 0 mppekey 1024 5 0 5 2 2 0 1 0 8 0 ppxss 1160 154 0 154 23 23 0 1 0 8 0 pppxif 1360 73 0 73 17 17 0 1 0 8 0 pfstscr 40 147 0 145 1 0 1 1 0 8 0 pfanchor 1280 641 0 139 47 5 42 43 0 8 0 pfqueue 264 13 0 13 4 4 0 1 0 8 0 pfstitem 24 206 0 202 1 0 1 1 0 8 0 pfstkey 128 294 0 157 5 0 5 5 0 8 0 pfstate 352 147 0 145 1 0 1 1 0 8 0 rttmr 136 3 0 3 2 2 0 1 0 8 0 art_heap8 4096 73 0 72 7 6 1 3 0 8 0 art_heap4 256 5468 0 5138 59 35 24 30 0 8 0 art_table 32 5541 0 5210 5 1 4 4 0 8 0 art_node 16 1086 0 1026 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 3 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 2025 0 2015 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 15054 0 13584 93 0 93 93 0 8 0 ffsino 240 15054 0 13584 87 0 87 87 0 8 0 nchpl 144 28218 0 26587 63 0 63 63 0 8 0 rtmask 32 2 0 2 1 1 0 1 0 8 0 uvmvnodes 80 6277 0 0 129 0 129 129 0 8 0 vnodes 216 6277 0 0 349 0 349 349 0 8 0 namei 1024 115427 0 115427 18 17 1 3 0 8 1 vmpool 664 181 0 181 11 11 0 1 0 8 0 kstatmem 264 468 0 446 4 2 2 3 0 8 0 scsiplug 72 16 0 16 4 4 0 1 0 8 0 scxspl 216 90981 0 90981 37 36 1 8 0 8 1 plimitpl 152 1626 0 1611 1 0 1 1 0 8 0 sigapl 424 10072 0 10011 9 1 8 8 0 8 0 futexpl 64 113225 0 113224 3 2 1 1 0 8 0 knotepl 120 145385 0 145319 53 44 9 10 0 8 5 kqueuepl 184 2245 0 2239 31 30 1 4 0 8 0 pipepl 288 3101 0 3073 61 55 6 7 0 8 3 fdescpl 432 10028 0 10004 4 0 4 4 0 8 0 filepl 120 94368 0 94145 156 144 12 17 0 8 4 lockfpl 104 2755 0 2754 7 6 1 2 0 8 0 lockfspl 48 702 0 701 1 0 1 1 0 8 0 sessionpl 144 73 0 58 1 0 1 1 0 8 0 pgrppl 48 280 0 265 1 0 1 1 0 8 0 ucredpl 104 10187 0 10179 1 0 1 1 0 8 0 zombiepl 144 10012 0 10011 2 1 1 1 0 8 0 processpl 1008 10072 0 10011 12 4 8 9 0 8 0 procpl 696 24828 0 24749 38 29 9 10 0 8 1 sosppl 168 102 0 102 21 20 1 1 0 8 1 sockpl 456 29532 0 29519 724 715 9 33 0 8 7 mcl64k 65536 291 0 291 35 35 0 1 0 8 0 mcl16k 16384 172 0 172 36 36 0 1 0 8 0 mcl12k 12288 422 0 422 37 36 1 1 0 8 1 mcl9k 9216 132 0 132 31 31 0 1 0 8 0 mcl8k 8192 524 0 524 36 35 1 1 0 8 1 mcl4k 4096 1159 0 1159 22 21 1 1 0 8 1 mcl2k2 2112 80 0 80 32 32 0 1 0 8 0 mcl2k 2048 94446 0 94396 66 59 7 31 0 8 0 mtagpl 96 98 0 98 10 10 0 2 0 8 0 mbufpl 256 241999 0 241888 828 817 11 324 0 8 0 bufpl 288 23415 0 17021 457 0 457 457 0 8 0 anonpl 24 1914744 0 1899824 207 92 115 138 0 188 0 amapchunkpl 152 478465 0 477825 725 539 186 657 0 158 157 amappl16 200 17201 0 16615 98 65 33 44 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 322 0 314 2 1 1 2 0 8 0 amappl13 176 2 0 2 1 1 0 1 0 8 0 amappl12 168 992 0 989 1 0 1 1 0 8 0 amappl11 160 50 0 45 1 0 1 1 0 8 0 amappl10 152 116 0 106 1 0 1 1 0 8 0 amappl9 144 1002 0 1001 1 0 1 1 0 8 0 amappl8 136 479 0 409 3 0 3 3 0 8 0 amappl7 128 254 0 232 2 0 2 2 0 8 0 amappl6 120 407 0 394 2 1 1 2 0 8 0 amappl5 112 455 0 450 1 0 1 1 0 8 0 amappl4 104 1146 0 1115 2 1 1 2 0 8 0 amappl3 96 28287 0 28246 2 0 2 2 0 8 0 amappl2 88 10992 0 10939 3 0 3 3 0 8 0 amappl1 80 226901 0 226323 27 13 14 26 0 8 0 amappl 88 63097 0 62935 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 10209 0 10185 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10209 0 10185 1 0 1 1 0 8 0 vmmpekpl 168 79825 0 79783 4 1 3 3 0 8 0 vmmpepl 168 927312 0 924961 366 225 141 144 0 357 19 vmsppl 344 10208 0 10185 3 0 3 3 0 8 0 rwobjpl 24 240628 0 232701 51 2 49 49 0 8 0 pdppl 4096 20424 0 20370 698 644 54 68 0 8 0 pvpl 32 3905930 0 3885908 501 313 188 333 0 265 0 pmappl 216 10208 0 10185 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2788 0 2035 32 7 25 31 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cae800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff8000231687f0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000fffe7098,ffff800023168900,ffff800023168950) at sys_ioctl+0x49e syscall(ffff8000231689d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cae800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff8000231687f0) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000fffe7098,ffff800023168900,ffff800023168950) at sys_ioctl+0x49e syscall(ffff8000231689d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffbc80, count: -8