panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 305 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *359372 4705 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c620) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825df7ee,ffffffff8260e46f,131,ffffffff825f0458) at __assert+0x25 sys/kern/subr_prf.c:161 tun_clone_destroy(ffff800000cea000) at tun_clone_destroy+0x234 sys/net/if_tun.c:305 if_clone_destroy(ffff80002b3ab540) at if_clone_destroy+0x132 sys/net/if.c:1218 sys_ioctl(ffff8000215f9cf0,ffff80002b3ab658,ffff80002b3ab6b0) at sys_ioctl+0x49e syscall(ffff80002b3ab720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x379526d9170, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/main/kernel/sys/net/if_tun.c", line 305 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c620) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825df7ee,ffffffff8260e46f,131,ffffffff825f0458) at __assert+0x25 sys/kern/subr_prf.c:161 tun_clone_destroy(ffff800000cea000) at tun_clone_destroy+0x234 sys/net/if_tun.c:305 if_clone_destroy(ffff80002b3ab540) at if_clone_destroy+0x132 sys/net/if.c:1218 sys_ioctl(ffff8000215f9cf0,ffff80002b3ab658,ffff80002b3ab6b0) at sys_ioctl+0x49e syscall(ffff80002b3ab720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x379526d9170, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002b3ab3d0 rbx 0x80206979 __kernel_virt_to_phys+0x206979 rdx 0xffff800000c2f840 rcx 0 rax 0xffff8000215f9cf0 r8 0 r9 0x8080808080808080 r10 0x382f688f7fcd4f2b r11 0x188d4261f71b3f92 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff8124f068 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002b3ab3c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) pid=359372 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff8000215f87f0,0xffff80002167ed38 process=0xffff80002168f798 user=0xffff80002b3a6000, vmspace=0xfffffd805ae0e990 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 56580 184004 90701 0 2 0 syz-executor.7 56580 248942 90701 0 3 0x4000080 fsleep syz-executor.7 33853 241732 47370 0 2 0 syz-executor.4 33853 169975 47370 0 3 0x4000080 fsleep syz-executor.4 40679 257622 49906 0 2 0 syz-executor.3 40679 130060 49906 0 3 0x4000080 fsleep syz-executor.3 4705 328006 67432 0 2 0 syz-executor.2 * 4705 359372 67432 0 7 0x4000000 syz-executor.2 89945 299678 86958 0 2 0x482 syz-executor.0 47370 348097 86958 0 2 0x482 syz-executor.4 87220 66580 0 0 3 0x14200 acct acct 49906 398247 86958 0 2 0x482 syz-executor.3 90701 290989 86958 0 3 0x82 nanoslp syz-executor.7 67432 191703 86958 0 2 0x482 syz-executor.2 51994 513473 86958 0 2 0x2 syz-executor.5 33489 155088 86958 0 2 0x482 syz-executor.6 43675 342458 86958 0 2 0x2 syz-executor.1 98042 147224 1 0 3 0x100083 ttyin getty 67723 163983 0 0 3 0x14200 bored sosplice 86958 260389 38668 0 3 0x82 thrsleep syz-fuzzer 86958 5850 38668 0 2 0x4000482 syz-fuzzer 86958 218477 38668 0 3 0x4000082 thrsleep syz-fuzzer 86958 357291 38668 0 3 0x4000082 kqread syz-fuzzer 86958 126832 38668 0 3 0x4000082 thrsleep syz-fuzzer 86958 30710 38668 0 3 0x4000082 thrsleep syz-fuzzer 86958 468231 38668 0 3 0x4000082 thrsleep syz-fuzzer 86958 29409 38668 0 3 0x4000082 thrsleep syz-fuzzer 86958 283225 38668 0 3 0x4000082 thrsleep syz-fuzzer 38668 418044 40326 0 3 0x10008a sigsusp ksh 40326 173964 3841 0 3 0x9a kqread sshd 3841 21348 1 0 3 0x88 kqread sshd 83429 522969 29071 73 2 0x1100090 syslogd 29071 77841 1 0 3 0x100082 netio syslogd 61727 347210 1 0 3 0x100080 kqread resolvd 22805 403353 44015 77 2 0x100092 dhcpleased 26333 474774 44015 77 3 0x100092 kqread dhcpleased 44015 319521 1 0 3 0x80 kqread dhcpleased 93139 455415 0 0 3 0x14200 bored smr 9713 393261 0 0 2 0x14200 zerothread 35528 300436 0 0 3 0x14200 aiodoned aiodoned 86097 202534 0 0 3 0x14200 syncer update 36487 137679 0 0 3 0x14200 cleaner cleaner 22825 321395 0 0 3 0x14200 reaper reaper 96204 95967 0 0 3 0x14200 pgdaemon pagedaemon 95097 34719 0 0 3 0x14200 bored viomb 87622 390403 0 0 3 0x40014200 acpi0 acpi0 51260 219319 0 0 3 0x14200 bored softnet 30286 146752 0 0 3 0x14200 bored systqmp 76888 312485 0 0 3 0x14200 bored systq 72988 301909 0 0 2 0x40014200 softclock 42575 105776 0 0 3 0x40014200 idle0 1 81161 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10220 6574K 8037K 78643K 41638 0 pcb 14 20K 24K 78643K 4078 0 rtable 241 21K 23K 78643K 14756 0 ifaddr 709 176K 265K 78643K 4445 0 sysctl 3 1K 3K 78643K 8 0 counters 28 17K 17K 78643K 163 0 ioctlops 0 0K 4K 78643K 21811 0 iov 0 0K 36K 78643K 4064 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1625 102K 102K 78643K 11641 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 250 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 4059 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 77K 78643K 44247 0 sigio 0 0K 0K 78643K 2050 0 proc 64 59K 91K 78643K 2011 0 subproc 104 6K 6K 78643K 624 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 18951 0 in_multi 80 5K 7K 78643K 12056 0 ether_multi 1 0K 0K 78643K 172 0 mrt 3 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 181 811K 811K 78643K 181 0 exec 0 0K 2K 78643K 2876 0 pfkey data 0 0K 1K 78643K 14 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 544 375K 391K 78643K 230310 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 656 0 NDP 13 0K 2K 78643K 2299 0 temp 159 4776K 4852K 78643K 169968 0 kqueue 12 18K 28K 78643K 2266 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1684 0 1679 17 14 3 3 0 8 2 rtentry 112 6401 0 6306 4 0 4 4 0 8 0 unpcb 136 30041 0 30028 161 160 1 10 0 8 0 syncache 296 7 0 7 2 2 0 1 0 8 0 tcpqe 32 7 0 7 1 1 0 1 0 8 0 tcpcb 736 38585 0 38506 744 733 11 29 0 8 3 arp 88 123 0 98 1 0 1 1 0 8 0 ipq 40 26 0 24 8 7 1 1 0 8 0 ipqe 40 304 0 302 8 7 1 1 0 8 0 inpcb 312 58718 0 58693 400 388 12 17 0 8 10 ip6q 72 11 0 11 6 6 0 1 0 8 0 ip6af 40 17 0 17 4 4 0 1 0 8 0 nd6 48 1612 0 1595 1 0 1 1 0 8 0 pkpcb 40 678 0 676 11 10 1 1 0 8 0 kcovpl 48 48 0 40 1 0 1 1 0 8 0 ppxss 1152 32 0 32 9 9 0 1 0 8 0 pfstscr 40 8739 0 8125 7 0 7 7 0 8 0 pffrag 232 194 0 194 10 10 0 8 0 482 0 pffrnode 88 142 0 142 3 3 0 3 0 8 0 pffrent 40 2662 0 2662 2 2 0 2 0 8 0 pfosfp 40 3959 0 3957 5 4 1 1 0 8 0 pfosfpen 112 3959 0 3957 15 14 1 8 0 8 0 pfrktable 1344 546 0 533 15 13 2 2 0 8 0 pftag 88 12 0 3 1 0 1 1 0 8 0 pfqueue 264 16 0 16 15 15 0 1 0 8 0 pfstitem 24 3168 0 2274 6 0 6 6 0 8 0 pfstkey 112 14763 0 14572 6 0 6 6 0 8 0 pfstate 336 8402 0 7788 56 4 52 52 0 8 0 pfrule 1360 1157 0 1117 13 9 4 4 0 8 0 rttmrq 48 114 0 110 1 0 1 1 0 8 0 art_heap8 4096 3 0 2 3 2 1 2 0 8 0 art_heap4 256 39357 0 38927 57 27 30 30 0 8 0 art_table 32 39360 0 38929 4 0 4 4 0 8 0 art_node 16 6399 0 6314 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 11 1 1 0 1 0 8 0 semapl 112 4047 0 4037 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 52688 0 51199 94 0 94 94 0 8 0 ffsino 240 52689 0 51199 88 0 88 88 0 8 0 nchpl 144 108590 0 106957 63 1 62 63 0 8 0 uvmvnodes 80 61089 0 0 1247 0 1247 1247 0 8 0 vnodes 224 61089 0 0 3594 0 3594 3594 0 8 0 namei 1024 309149 0 309147 14 13 1 2 0 8 0 vcpupl 1984 19 0 0 3 0 3 3 0 8 0 vmpool 528 59 0 40 3 1 2 2 0 8 0 pfiaddrpl 120 206 0 188 5 4 1 1 0 8 0 kstatmem 264 296 0 270 2 0 2 2 0 8 0 scsiplug 72 11 0 11 3 3 0 1 0 8 0 scxspl 216 307600 0 307600 31 30 1 8 0 8 1 plimitpl 152 1169 0 1155 1 0 1 1 0 8 0 sigapl 424 44461 0 44419 6 1 5 6 0 8 0 futexpl 64 385684 0 385681 7 6 1 1 0 8 0 knotepl 120 642920 0 642840 81 77 4 15 0 8 0 kqueuepl 184 7271 0 7263 71 70 1 4 0 8 0 pipepl 304 8351 0 8323 192 189 3 15 0 8 0 fdescpl 432 44434 0 44409 4 0 4 4 0 8 0 filepl 120 249777 0 249534 297 285 12 21 0 8 3 lockfpl 104 8196 0 8194 17 16 1 2 0 8 0 lockfspl 48 2308 0 2306 1 0 1 1 0 8 0 sessionpl 144 66 0 50 1 0 1 1 0 8 0 pgrppl 48 91 0 75 1 0 1 1 0 8 0 ucredpl 96 18151 0 18136 1 0 1 1 0 8 0 zombiepl 144 44421 0 44419 2 1 1 1 0 8 0 processpl 1000 44461 0 44419 6 0 6 6 0 8 0 procpl 672 104857 0 104803 36 30 6 7 0 8 0 sosppl 168 65 0 65 16 16 0 1 0 8 0 sockpl 448 91133 0 91104 1200 1182 18 44 0 8 14 mcl64k 65536 707 0 707 78 77 1 1 0 8 1 mcl16k 16384 240 0 240 59 58 1 1 0 8 1 mcl12k 12288 741 0 741 78 77 1 1 0 8 1 mcl9k 9216 367 0 367 71 71 0 1 0 8 0 mcl8k 8192 1343 0 1343 60 59 1 1 0 8 1 mcl4k 4096 3435 0 3435 39 38 1 1 0 8 1 mcl2k2 2112 273 0 273 64 63 1 1 0 8 1 mcl2k 2048 127063 0 126976 199 183 16 26 0 8 1 mtagpl 96 3463 0 3141 40 30 10 17 0 8 0 mbufpl 256 558484 0 556337 921 766 155 542 0 8 5 bufpl 288 60090 0 53689 458 0 458 458 0 8 0 anonpl 24 7450325 0 7434405 422 310 112 123 0 188 10 amapchunkpl 152 658434 0 657867 108 83 25 37 0 158 0 amappl16 200 98526 0 97949 203 170 33 44 0 8 1 amappl15 192 11254 0 11249 1 0 1 1 0 8 0 amappl14 184 3787 0 3779 1 0 1 1 0 8 0 amappl13 176 10478 0 10477 1 0 1 1 0 8 0 amappl12 168 1711 0 1707 2 1 1 1 0 8 0 amappl11 160 4154 0 4136 1 0 1 1 0 8 0 amappl10 152 6055 0 6047 1 0 1 1 0 8 0 amappl9 144 6929 0 6925 1 0 1 1 0 8 0 amappl8 136 6348 0 6034 11 0 11 11 0 8 0 amappl7 128 4360 0 4349 1 0 1 1 0 8 0 amappl6 120 6983 0 6948 7 5 2 2 0 8 0 amappl5 112 35823 0 35807 1 0 1 1 0 8 0 amappl4 104 12477 0 12433 2 0 2 2 0 8 0 amappl3 96 130792 0 130751 2 0 2 2 0 8 0 amappl2 88 57629 0 57558 3 1 2 3 0 8 0 amappl1 80 1022625 0 1022035 32 17 15 19 0 8 0 amappl 88 226119 0 225942 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 44493 0 44449 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 44493 0 44449 1 0 1 1 0 8 0 vmmpekpl 168 272337 0 272268 5 1 4 4 0 8 0 vmmpepl 168 4143848 0 4141161 421 287 134 150 0 357 2 vmsppl 272 44492 0 44449 7 3 4 4 0 8 0 rwobjpl 24 1004214 0 941204 381 0 381 381 0 8 0 pdppl 4096 88992 0 88917 1507 1424 83 83 0 8 8 pvpl 32 15234500 0 15214139 785 590 195 255 0 265 22 pmappl 216 44492 0 44449 3 0 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 6003 0 4968 41 8 33 41 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c620) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825df7ee,ffffffff8260e46f,131,ffffffff825f0458) at __assert+0x25 sys/kern/subr_prf.c:161 tun_clone_destroy(ffff800000cea000) at tun_clone_destroy+0x234 sys/net/if_tun.c:305 if_clone_destroy(ffff80002b3ab540) at if_clone_destroy+0x132 sys/net/if.c:1218 sys_ioctl(ffff8000215f9cf0,ffff80002b3ab658,ffff80002b3ab6b0) at sys_ioctl+0x49e syscall(ffff80002b3ab720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x379526d9170, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256c620) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825df7ee,ffffffff8260e46f,131,ffffffff825f0458) at __assert+0x25 sys/kern/subr_prf.c:161 tun_clone_destroy(ffff800000cea000) at tun_clone_destroy+0x234 sys/net/if_tun.c:305 if_clone_destroy(ffff80002b3ab540) at if_clone_destroy+0x132 sys/net/if.c:1218 sys_ioctl(ffff8000215f9cf0,ffff80002b3ab658,ffff80002b3ab6b0) at sys_ioctl+0x49e syscall(ffff80002b3ab720) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x379526d9170, count: -8