panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *246602 81321 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cce800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff800027bb1f50) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000217062f0,ffff800027bb2068,ffff800027bb20b0) at sys_ioctl+0x49e syscall(ffff800027bb2130) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x24a73e6f690, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 315 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cce800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff800027bb1f50) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000217062f0,ffff800027bb2068,ffff800027bb20b0) at sys_ioctl+0x49e syscall(ffff800027bb2130) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x24a73e6f690, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800027bb1de0 rbx 0x80206979 __kernel_virt_to_phys+0x206979 rdx 0xffff800000d6a940 rcx 0 rax 0xffff8000217062f0 r8 0 r9 0x8080808080808080 r10 0x4b5ab1d3580132a1 r11 0xfdbeea038301d8d7 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff81a69eb8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800027bb1dd0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=246602 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800027fb7350,0xffff8000216ed600 process=0xffff8000216f77a0 user=0xffff800027bad000, vmspace=0xfffffd807e2e66c0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 95295 161163 85643 0 2 0 syz-executor.4 95295 143477 85643 0 2 0x4000000 syz-executor.4 95295 432888 85643 0 3 0x4000080 fsleep syz-executor.4 95295 363582 85643 0 3 0x4000080 fsleep syz-executor.4 27845 477727 56955 0 2 0x81000 syz-executor.6 27845 140225 56955 0 3 0x4003000 suspend syz-executor.6 5623 488324 88150 0 2 0 syz-executor.7 5623 303112 88150 0 3 0x4000080 fsleep syz-executor.7 22455 161474 85179 0 2 0 syz-executor.5 22455 177517 85179 0 3 0x4000080 fsleep syz-executor.5 81321 223440 40124 0 2 0 syz-executor.0 *81321 246602 40124 0 7 0x4000000 syz-executor.0 56955 494535 96574 0 2 0x482 syz-executor.6 47535 152617 96574 0 2 0x2 syz-executor.2 24606 492714 96574 0 2 0x482 syz-executor.1 40124 234197 96574 0 2 0x482 syz-executor.0 88150 384609 96574 0 2 0x482 syz-executor.7 71569 470426 0 0 3 0x14280 nfsidl nfsio 84065 66343 0 0 3 0x14280 nfsidl nfsio 18442 291591 0 0 3 0x14280 nfsidl nfsio 42366 336031 0 0 3 0x14280 nfsidl nfsio 42187 121758 0 0 3 0x14280 nfsidl nfsio 90224 4249 0 0 3 0x14280 nfsidl nfsio 309 128837 0 0 3 0x14280 nfsidl nfsio 75510 192157 0 0 3 0x14280 nfsidl nfsio 68680 323401 0 0 3 0x14280 nfsidl nfsio 41101 171800 0 0 3 0x14280 nfsidl nfsio 2900 482014 0 0 3 0x14280 nfsidl nfsio 11427 276401 0 0 3 0x14280 nfsidl nfsio 67493 196133 0 0 3 0x14280 nfsidl nfsio 41588 473331 0 0 3 0x14280 nfsidl nfsio 58931 239412 0 0 3 0x14280 nfsidl nfsio 62664 450144 0 0 3 0x14280 nfsidl nfsio 22985 76994 0 0 3 0x14280 nfsidl nfsio 91087 427709 0 0 3 0x14280 nfsidl nfsio 54676 237789 0 0 3 0x14280 nfsidl nfsio 32231 453345 0 0 3 0x14280 nfsidl nfsio 85179 399930 96574 0 2 0x482 syz-executor.5 85643 351085 96574 0 2 0x482 syz-executor.4 27860 51590 96574 0 2 0x482 syz-executor.3 83940 211908 1 0 3 0x100083 ttyin getty 23846 159492 0 0 3 0x14200 bored sosplice 96574 410822 32832 0 3 0x82 wait syz-fuzzer 96574 66017 32832 0 2 0x4000482 syz-fuzzer 96574 226470 32832 0 3 0x4000082 wait syz-fuzzer 96574 98710 32832 0 3 0x4000082 wait syz-fuzzer 96574 203809 32832 0 3 0x4000082 wait syz-fuzzer 96574 180325 32832 0 3 0x4000082 thrsleep syz-fuzzer 96574 383947 32832 0 3 0x4000082 wait syz-fuzzer 96574 426786 32832 0 3 0x4000082 thrsleep syz-fuzzer 96574 424719 32832 0 3 0x4000082 wait syz-fuzzer 96574 284476 32832 0 3 0x4000082 thrsleep syz-fuzzer 96574 365241 32832 0 3 0x4000082 kqread syz-fuzzer 96574 478986 32832 0 3 0x4000082 thrsleep syz-fuzzer 96574 90595 32832 0 3 0x4000082 wait syz-fuzzer 96574 498994 32832 0 3 0x4000082 wait syz-fuzzer 32832 429326 1460 0 3 0x10008a sigsusp ksh 1460 12370 79600 0 3 0x9a kqread sshd 79600 149070 1 0 3 0x88 kqread sshd 38102 132755 70943 73 3 0x1100090 kqread syslogd 70943 405830 1 0 3 0x100082 netio syslogd 54296 517816 1 0 3 0x100080 kqread resolvd 84943 54607 0 0 3 0x14200 bored smr 1683 430157 0 0 2 0x14200 zerothread 45600 452593 0 0 3 0x14200 aiodoned aiodoned 64627 476601 0 0 3 0x14200 syncer update 40186 364007 0 0 3 0x14200 cleaner cleaner 41858 422398 0 0 3 0x14200 reaper reaper 95833 415460 0 0 3 0x14200 pgdaemon pagedaemon 20915 286471 0 0 3 0x14200 bored viomb 28790 318691 0 0 3 0x40014200 acpi0 acpi0 95730 161333 0 0 3 0x14200 bored softnet 77254 39643 0 0 3 0x14200 bored softnet 79274 122895 0 0 3 0x14200 bored softnet 38650 98137 0 0 3 0x14200 bored softnet 25128 470468 0 0 3 0x14200 bored systqmp 58052 236038 0 0 3 0x14200 bored systq 19124 513386 0 0 3 0x40014200 bored softclock 98694 336901 0 0 3 0x40014200 idle0 1 149135 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10223 6433K 7243K 78643K 30219 0 pcb 13 18K 22K 78643K 3368 0 rtable 191 15K 16K 78643K 5090 0 ifaddr 92 28K 30K 78643K 2052 0 sysctl 2 0K 0K 78643K 8 0 counters 28 17K 17K 78643K 685 0 ioctlops 0 0K 4K 78643K 3605 0 iov 0 0K 40K 78643K 2209 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1684 105K 105K 78643K 16621 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 93 0 VM map 2 1K 1K 78643K 2 0 sem 17 2K 3K 78643K 113 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 77K 78643K 13513 0 sigio 0 0K 0K 78643K 534 0 proc 55 43K 75K 78643K 3570 0 subproc 104 6K 6K 78643K 1341 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 891 0 in_multi 78 5K 7K 78643K 1657 0 ether_multi 1 0K 0K 78643K 83 0 mrt 1 0K 0K 78643K 49 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 247 1102K 1102K 78643K 247 0 exec 0 0K 1K 78643K 3542 0 pfkey data 0 0K 0K 78643K 9 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 320 96K 106K 78643K 85827 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 517 0 NDP 13 0K 1K 78643K 721 0 temp 130 5770K 6798K 78643K 190369 0 kqueue 7 12K 26K 78643K 1217 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1157 0 1156 11 10 1 3 0 8 0 rtentry 112 1604 0 1524 4 1 3 4 0 8 0 unpcb 144 14669 0 14661 187 186 1 10 0 8 0 syncache 296 89 0 89 24 23 1 1 0 8 1 tcpqe 32 378 0 378 15 15 0 1 0 8 0 tcpcb 776 3752 0 3748 127 119 8 8 0 8 7 arp 88 259 0 245 1 0 1 1 0 8 0 ipq 40 12 0 12 4 4 0 1 0 8 0 ipqe 40 28 0 28 4 4 0 1 0 8 0 inpcb 336 14114 0 14107 259 253 6 17 0 8 5 nd6 48 352 0 334 1 0 1 1 0 8 0 pkpcb 40 67 0 67 11 11 0 1 0 8 0 kcovpl 48 102 0 94 1 0 1 1 0 8 0 mppekey 1024 5 0 5 3 2 1 1 0 8 1 ppxss 1160 292 0 291 33 32 1 1 0 8 0 pppxif 1360 69 0 69 21 20 1 1 0 8 1 pfstscr 40 51 0 37 1 0 1 1 0 8 0 pfosfp 40 7 0 5 1 0 1 1 0 8 0 pfosfpen 112 7 0 2 1 0 1 1 0 8 0 pfanchor 1280 659 2 203 43 2 41 43 0 8 0 pfqueue 264 24 0 24 8 8 0 1 0 8 0 pfstitem 24 26 0 0 1 0 1 1 0 8 0 pfstkey 128 93 0 80 1 0 1 1 0 8 0 pfstate 352 47 0 34 2 0 2 2 0 8 0 rttmr 136 10 0 10 3 3 0 1 0 8 0 art_heap8 4096 11 0 10 7 6 1 3 0 8 0 art_heap4 256 7553 0 7185 78 52 26 30 0 8 1 art_table 32 7564 0 7195 6 2 4 4 0 8 0 art_node 16 1575 0 1507 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 2 1 0 1 1 0 8 0 semapl 112 103 0 88 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 19686 0 18218 93 0 93 93 0 8 0 ffsino 240 19686 0 18218 87 0 87 87 0 8 0 nchpl 144 37054 0 35409 63 1 62 63 0 8 0 rtmask 32 7 0 7 2 2 0 1 0 8 0 uvmvnodes 80 6212 0 0 127 0 127 127 0 8 0 vnodes 216 6212 0 0 346 0 346 346 0 8 0 namei 1024 150524 0 150524 9 8 1 3 0 8 1 vmpool 664 50 0 50 12 12 0 1 0 8 0 kstatmem 264 974 0 948 3 0 3 3 0 8 0 scsiplug 72 16 0 16 4 4 0 1 0 8 0 scxspl 216 117755 0 117755 35 34 1 8 0 8 1 plimitpl 152 2281 0 2267 1 0 1 1 0 8 0 sigapl 424 13750 0 13688 8 0 8 8 0 8 0 futexpl 64 136516 0 136512 10 9 1 1 0 8 0 knotepl 120 172994 0 172797 89 82 7 12 0 8 1 kqueuepl 184 3026 0 3020 46 45 1 4 0 8 0 pipepl 288 3693 0 3665 65 62 3 9 0 8 0 fdescpl 432 13593 0 13570 4 0 4 4 0 8 0 filepl 120 112099 0 111878 200 191 9 18 0 8 1 lockfpl 104 2988 0 2987 11 10 1 2 0 8 0 lockfspl 48 875 0 874 1 0 1 1 0 8 0 sessionpl 144 118 0 103 1 0 1 1 0 8 0 pgrppl 48 136 0 121 1 0 1 1 0 8 0 ucredpl 104 12352 0 12345 1 0 1 1 0 8 0 zombiepl 144 13691 0 13688 3 2 1 1 0 8 0 processpl 1008 13750 0 13688 11 2 9 9 0 8 0 procpl 696 33089 0 33007 14 5 9 10 0 8 0 sosppl 168 170 0 170 25 24 1 1 0 8 1 sockpl 456 30024 0 30004 794 783 11 37 0 8 7 mcl64k 65536 799 0 799 38 37 1 1 0 8 1 mcl16k 16384 224 0 224 39 38 1 1 0 8 1 mcl12k 12288 626 0 626 42 41 1 1 0 8 1 mcl9k 9216 206 0 206 39 38 1 1 0 8 1 mcl8k 8192 961 0 961 28 27 1 2 0 8 1 mcl4k 4096 1508 0 1508 32 31 1 1 0 8 1 mcl2k2 2112 90 0 90 42 42 0 1 0 8 0 mcl2k 2048 103259 0 103211 97 89 8 31 0 8 1 mtagpl 96 572 0 572 10 10 0 3 0 8 0 mbufpl 256 306827 0 306714 1123 1099 24 225 0 8 8 bufpl 288 26823 0 20426 458 0 458 458 0 8 0 anonpl 24 2560340 0 2544402 269 142 127 168 0 188 2 amapchunkpl 152 240092 0 239427 125 94 31 58 0 158 0 amappl16 200 24638 0 23963 186 150 36 49 0 8 0 amappl15 192 13 0 13 1 1 0 1 0 8 0 amappl14 184 493 0 482 2 0 2 2 0 8 0 amappl13 176 11 0 11 2 2 0 1 0 8 0 amappl12 168 1527 0 1524 1 0 1 1 0 8 0 amappl11 160 44 0 39 1 0 1 1 0 8 0 amappl10 152 159 0 149 1 0 1 1 0 8 0 amappl9 144 1031 0 1030 1 0 1 1 0 8 0 amappl8 136 600 0 504 4 0 4 4 0 8 0 amappl7 128 369 0 347 2 0 2 2 0 8 0 amappl6 120 663 0 645 2 1 1 2 0 8 0 amappl5 112 683 0 678 1 0 1 1 0 8 0 amappl4 104 1598 0 1570 2 1 1 2 0 8 0 amappl3 96 37569 0 37523 2 0 2 2 0 8 0 amappl2 88 14865 0 14811 3 1 2 3 0 8 0 amappl1 80 301659 0 301069 30 16 14 26 0 8 0 amappl 88 84205 0 84027 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 13643 0 13620 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 13643 0 13620 1 0 1 1 0 8 0 vmmpekpl 168 101985 0 101923 4 0 4 4 0 8 0 vmmpepl 168 1274496 0 1271965 447 306 141 165 0 357 11 vmsppl 344 13642 0 13620 3 0 3 3 0 8 0 rwobjpl 24 318705 0 310716 54 3 51 51 0 8 0 pdppl 4096 27292 0 27240 1004 946 58 70 0 8 6 pvpl 32 5226032 0 5204975 618 413 205 361 0 265 2 pmappl 216 13642 0 13620 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3447 0 2672 29 4 25 28 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cce800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff800027bb1f50) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000217062f0,ffff800027bb2068,ffff800027bb20b0) at sys_ioctl+0x49e syscall(ffff800027bb2130) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x24a73e6f690, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82722f34) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff827a0c78,ffffffff827d347f,13b,ffffffff827b3ae6) at __assert+0x25 sys/kern/subr_prf.c:157 tun_clone_destroy(ffff800000cce800) at tun_clone_destroy+0x234 sys/net/if_tun.c:315 if_clone_destroy(ffff800027bb1f50) at if_clone_destroy+0x132 sys/net/if.c:1247 sys_ioctl(ffff8000217062f0,ffff800027bb2068,ffff800027bb20b0) at sys_ioctl+0x49e syscall(ffff800027bb2130) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x24a73e6f690, count: -8