assert "sc->sc_dev == NUM" failed in if_tun.c
3 peržiūros
Praleisti ir pereiti prie pirmo neskaityto pranešimo
syzbot
2022-01-13 22:54:232022-01-13
kam: syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a5505455aa34 Implement powerdown. This involves writing a..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13429088700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=5df2ad232f5f8b671442
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5df2ad...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 305
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 68481 40350 0 0 0x4000000 0K syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82456eb9) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824c4e7e,ffffffff8250c92d,131,ffffffff824d9aa7) at __assert+0x25 sys/kern/subr_prf.c:161
tun_clone_destroy(ffff800000d50000) at tun_clone_destroy+0x278 sys/net/if_tun.c:305
if_clone_destroy(ffff800023593170) at if_clone_destroy+0x132 sys/net/if.c:1218
soo_ioctl(fffffd8067bcd7d0,80206979,ffff800023593170,ffff800021264540) at soo_ioctl+0x26c
sys_ioctl(ffff800021264540,ffff800023593288,ffff8000235932e0) at sys_ioctl+0x4a2
syscall(ffff800023593350) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023593350) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xeb46f1f0420, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 305
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82456eb9) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824c4e7e,ffffffff8250c92d,131,ffffffff824d9aa7) at __assert+0x25 sys/kern/subr_prf.c:161
tun_clone_destroy(ffff800000d50000) at tun_clone_destroy+0x278 sys/net/if_tun.c:305
if_clone_destroy(ffff800023593170) at if_clone_destroy+0x132 sys/net/if.c:1218
soo_ioctl(fffffd8067bcd7d0,80206979,ffff800023593170,ffff800021264540) at soo_ioctl+0x26c
sys_ioctl(ffff800021264540,ffff800023593288,ffff8000235932e0) at sys_ioctl+0x4a2
syscall(ffff800023593350) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023593350) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xeb46f1f0420, count: -9
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800023592f80
rbx 0xffffffff82780bff cpu_info_full_primary+0x2bff
rdx 0xffff800000c33980
rcx 0
rax 0xffff800021264540
r8 0
r9 0x8080808080808080
r10 0xbc8d4008d88b25d6
r11 0x9d2ca1d0dd41cf4b
r12 0xffffffff82780a00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81d4f0b8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800023592f70
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=68481 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=82, nice=20
forw=0xffffffffffffffff, list=0xffff800021264d20,0xffff8000212647f0
process=0xffff800027af7a48 user=0xffff80002358e000, vmspace=0xfffffd80668652f0
estcpu=32, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
87752 339432 57119 0 2 0 syz-executor.1
87752 411327 57119 0 3 0x4000080 fsleep syz-executor.1
40350 364391 1840 0 2 0 syz-executor.0
*40350 68481 1840 0 7 0x4000000 syz-executor.0
20655 59925 0 0 3 0x14200 acct acct
92100 83796 8426 0 2 0x482 syz-executor.3
57119 466723 8426 0 2 0x482 syz-executor.1
1840 33813 8426 0 2 0x482 syz-executor.0
70017 82396 1 0 3 0x100083 ttyopn getty
91234 406599 0 0 3 0x14280 nfsidl nfsio
88018 154963 0 0 3 0x14280 nfsidl nfsio
9418 343454 0 0 3 0x14280 nfsidl nfsio
82308 105496 0 0 3 0x14280 nfsidl nfsio
32492 377730 0 0 3 0x14280 nfsidl nfsio
50897 100018 0 0 3 0x14280 nfsidl nfsio
32546 277245 0 0 3 0x14280 nfsidl nfsio
47692 106893 0 0 3 0x14280 nfsidl nfsio
68803 219485 0 0 3 0x14280 nfsidl nfsio
54556 102964 0 0 3 0x14280 nfsidl nfsio
43306 257940 0 0 3 0x14280 nfsidl nfsio
90336 499910 0 0 3 0x14280 nfsidl nfsio
48472 240206 0 0 3 0x14280 nfsidl nfsio
91940 86549 0 0 3 0x14280 nfsidl nfsio
24716 218328 0 0 3 0x14280 nfsidl nfsio
90350 70256 0 0 3 0x14280 nfsidl nfsio
15725 229089 0 0 3 0x14280 nfsidl nfsio
77106 471131 0 0 3 0x14280 nfsidl nfsio
35842 259538 0 0 3 0x14280 nfsidl nfsio
15954 364439 0 0 3 0x14280 nfsidl nfsio
47646 41175 0 0 3 0x14200 bored sosplice
8426 173910 89321 0 3 0x82 thrsleep syz-fuzzer
8426 195930 89321 0 2 0x4000482 syz-fuzzer
8426 235936 89321 0 2 0x4000482 syz-fuzzer
8426 268889 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 114396 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 173029 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 425049 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 38452 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 186470 89321 0 3 0x4000082 thrsleep syz-fuzzer
89321 102403 61769 0 3 0x10008a sigsusp ksh
61769 190720 95063 0 3 0x9a poll sshd
95063 503454 1 0 3 0x88 poll sshd
18505 477454 62583 74 3 0x100092 bpf pflogd
62583 79847 1 0 3 0x80 netio pflogd
7526 284241 24117 73 3 0x100090 kqread syslogd
24117 196539 1 0 3 0x100082 netio syslogd
81981 138531 1 0 3 0x100080 kqread resolvd
50789 138548 55336 77 3 0x100092 kqread dhcpleased
30428 431662 55336 77 3 0x100092 kqread dhcpleased
55336 147665 1 0 3 0x80 kqread dhcpleased
52985 287492 0 0 3 0x14200 bored smr
14367 52986 0 0 2 0x14200 zerothread
3690 30503 0 0 3 0x14200 aiodoned aiodoned
71706 297900 0 0 3 0x14200 syncer update
79546 256640 0 0 3 0x14200 cleaner cleaner
97567 7148 0 0 3 0x14200 reaper reaper
52413 510938 0 0 3 0x14200 pgdaemon pagedaemon
83380 358154 0 0 3 0x14200 bored viomb
79471 360164 0 0 3 0x40014200 acpi0 acpi0
18643 265902 0 0 7 0x40014200 idle1
986 198268 0 0 3 0x14200 bored softnet
61774 104496 0 0 3 0x14200 bored systqmp
46217 405236 0 0 3 0x14200 bored systq
32287 395068 0 0 3 0x40014200 bored softclock
98304 160253 0 0 3 0x40014200 idle0
1 167502 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 40350 (syz-executor.0) thread 0xffff800021264540 (68481)
exclusive rwlock clonelk r = 0 (0xffffffff8277a460)
#0 witness_lock+0x44d
#1 if_clone_destroy+0x49
#2 soo_ioctl+0x26c
#3 sys_ioctl+0x4a2
#4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8293aef8)
#0 witness_lock+0x44d
#1 soo_ioctl+0x25a sys/kern/sys_socket.c:136
#2 sys_ioctl+0x4a2
#3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10205 6494K 14808K 78643K 100243 0
pcb 13 20K 25K 78643K 4045 0
rtable 212 33K 35K 78643K 7158 0
ifaddr 77 24K 27K 78643K 2217 0
sysctl 3 1K 1K 78643K 3 0
counters 48 34K 35K 78643K 710 0
ioctlops 0 0K 4K 78643K 8007 0
iov 0 0K 28K 78643K 2545 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1807 113K 114K 78643K 35379 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 161 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 2857 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 7 21K 49K 78643K 24069 0
sigio 0 0K 0K 78643K 134 0
proc 82 88K 112K 78643K 4652 0
subproc 39 4K 6K 78643K 1553 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1516 0
in_multi 35 2K 3K 78643K 2193 0
ether_multi 1 0K 0K 78643K 324 0
mrt 2 0K 0K 78643K 117 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 253 1129K 1129K 78643K 253 0
exec 0 0K 2K 78643K 6358 0
pfkey data 0 0K 0K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 619 1680K 1689K 78643K 289376 0
UVM aobj 131 6K 6K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1810 0
NDP 10 0K 1K 78643K 612 0
temp 116 4228K 4296K 78643K 238141 0
kqueue 10 14K 24K 78643K 979 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 2024 0 2021 26 25 1 3 0 8 0
rtentry 112 1730 0 1682 2 0 2 2 0 8 0
unpcb 136 18400 0 18385 187 181 6 9 0 8 5
syncache 296 22 0 22 7 7 0 1 0 8 0
tcpqe 32 3 0 3 2 2 0 1 0 8 0
tcpcb 736 9767 0 9757 367 365 2 25 0 8 0
arp 120 301 0 293 1 0 1 1 0 8 0
inpcb 304 26200 0 26189 352 346 6 15 0 8 5
rttmr 72 26 0 26 7 7 0 1 0 8 0
ip6q 72 7 0 7 2 2 0 1 0 8 0
ip6af 40 53 0 53 2 2 0 1 0 8 0
nd6 48 419 0 410 1 0 1 1 0 8 0
pkpcb 40 32 0 32 8 8 0 1 0 8 0
kcovpl 48 119 0 116 1 0 1 1 0 8 0
ppxss 1248 57 0 57 19 19 0 1 0 8 0
pfstscr 40 108 0 108 10 10 0 1 0 8 0
pffrag 232 115 0 113 9 8 1 1 0 482 0
pffrnode 88 113 0 111 9 8 1 1 0 8 0
pffrent 40 778 0 776 10 9 1 1 0 8 0
pfosfp 40 1454 0 1028 5 0 5 5 0 8 0
pfosfpen 112 1454 0 730 21 0 21 21 0 8 0
pfrke_plain 168 61 0 61 4 4 0 1 0 8 0
pfrktable 1344 646 0 607 7 3 4 4 0 8 0
pftag 88 12 0 4 2 1 1 1 0 8 0
pfstitem 24 50 0 48 1 0 1 1 0 8 0
pfstkey 112 262 0 260 1 0 1 1 0 8 0
pfstate 320 158 0 156 2 1 1 2 0 8 0
pfrule 1360 1377 0 1147 28 8 20 20 0 8 0
art_heap8 4096 3 0 1 3 1 2 2 0 8 0
art_heap4 256 7146 0 6970 59 45 14 22 0 8 0
art_table 32 7149 0 6971 4 1 3 3 0 8 0
art_node 16 1724 0 1685 1 0 1 1 0 8 0
sysvmsgpl 40 35 0 18 1 0 1 1 0 8 0
semapl 112 2855 0 2845 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 32455 0 30985 93 0 93 93 0 8 0
ffsino 272 32455 0 30985 99 0 99 99 0 8 0
nchpl 144 62808 0 61220 61 0 61 61 0 8 0
rtmask 32 60 0 60 4 4 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 250785 0 250785 11 10 1 2 0 8 1
percpumem 16 367 0 331 1 0 1 1 0 8 0
vcpupl 2048 406 0 0 51 0 51 51 0 8 0
vmpool 560 459 0 53 32 3 29 29 0 8 0
pfiaddrpl 120 348 0 234 9 5 4 4 0 8 0
scsiplug 72 3 0 3 1 1 0 1 0 8 0
scxspl 216 185810 0 185810 27 26 1 8 0 8 1
plimitpl 152 3085 0 3075 1 0 1 1 0 8 0
sigapl 424 23997 0 23941 7 0 7 7 0 8 0
futexpl 64 235626 0 235625 10 9 1 1 0 8 0
knotepl 112 201 0 0 4 0 4 4 0 8 0
kqueuepl 216 10144 0 10134 173 172 1 8 0 8 0
pipepl 336 5127 0 5114 124 122 2 12 0 8 0
fdescpl 496 23949 0 23929 8 5 3 4 0 8 0
filepl 152 189931 0 189796 312 300 12 17 0 8 6
lockfpl 104 8713 0 8711 18 17 1 2 0 8 0
lockfspl 48 3018 0 3016 1 0 1 1 0 8 0
sessionpl 144 136 0 124 1 0 1 1 0 8 0
pgrppl 48 233 0 221 1 0 1 1 0 8 0
ucredpl 96 20316 0 20303 1 0 1 1 0 8 0
zombiepl 144 23941 0 23940 6 5 1 1 0 8 0
processpl 1064 23997 0 23940 8 4 4 5 0 8 0
procpl 672 60000 0 59933 35 28 7 8 0 8 0
srpgc 96 122 0 122 30 30 0 1 0 8 0
sosppl 168 174 0 174 31 30 1 1 0 8 1
sockpl 480 46680 0 46651 1035 1023 12 33 0 8 8
mcl64k 65536 20 0 0 3 0 3 3 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 18 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 13 0 0 2 0 2 2 0 8 0
mcl4k 4096 16 0 0 2 0 2 2 0 8 0
mcl2k2 2112 5 0 0 1 0 1 1 0 8 0
mcl2k 2048 420 0 0 23 2 21 23 0 8 0
mtagpl 96 1303 0 0 13 0 13 13 0 8 0
mbufpl 256 7557 0 0 401 0 401 401 0 8 0
bufpl 288 44326 0 37982 454 0 454 454 0 8 0
anonpl 24 6807867 0 6786893 363 205 158 184 0 186 0
amapchunkpl 152 714576 0 713831 154 121 33 46 0 158 0
amappl16 200 76235 0 75193 397 341 56 66 0 8 0
amappl15 192 5031 0 5030 1 0 1 1 0 8 0
amappl14 184 2467 0 2461 1 0 1 1 0 8 0
amappl13 176 2657 0 2651 1 0 1 1 0 8 0
amappl12 168 2398 0 2394 3 2 1 1 0 8 0
amappl11 160 3591 0 3577 1 0 1 1 0 8 0
amappl10 152 3984 0 3971 1 0 1 1 0 8 0
amappl9 144 3875 0 3873 1 0 1 1 0 8 0
amappl8 136 4792 0 4691 5 1 4 4 0 8 0
amappl7 128 2779 0 2767 1 0 1 1 0 8 0
amappl6 120 4266 0 4240 1 0 1 1 0 8 0
amappl5 112 22290 0 22272 1 0 1 1 0 8 0
amappl4 104 10593 0 10567 1 0 1 1 0 8 0
amappl3 96 4824 0 4802 1 0 1 1 0 8 0
amappl2 88 4372 0 4299 6 4 2 2 0 8 0
amappl1 80 422184 0 421708 22 10 12 13 0 8 0
amappl 88 286593 0 286272 9 1 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 24408 0 23982 3 0 3 3 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 24408 0 23982 3 0 3 3 0 8 0
vmmpekpl 168 145713 0 145639 4 0 4 4 0 8 0
vmmpepl 168 2222180 0 2218653 940 746 194 212 0 357 26
vmsppl 368 24407 0 23982 39 0 39 39 0 8 0
rwobjpl 56 519695 0 511556 186 70 116 119 0 8 0
pdppl 4096 48824 0 48370 611 151 460 460 0 8 6
pvpl 32 11186974 0 11164479 632 401 231 268 0 265 0
pmappl 248 24407 0 23982 31 4 27 27 0 8 0
extentpl 40 57 0 38 1 0 1 1 0 8 0
phpool 112 2377 0 706 48 0 48 48 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82456eb9) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824c4e7e,ffffffff8250c92d,131,ffffffff824d9aa7) at __assert+0x25 sys/kern/subr_prf.c:161
tun_clone_destroy(ffff800000d50000) at tun_clone_destroy+0x278 sys/net/if_tun.c:305
if_clone_destroy(ffff800023593170) at if_clone_destroy+0x132 sys/net/if.c:1218
soo_ioctl(fffffd8067bcd7d0,80206979,ffff800023593170,ffff800021264540) at soo_ioctl+0x26c
sys_ioctl(ffff800021264540,ffff800023593288,ffff8000235932e0) at sys_ioctl+0x4a2
syscall(ffff800023593350) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023593350) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xeb46f1f0420, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: 10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: a5505455aa34 Implement powerdown. This involves writing a..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13429088700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=5df2ad232f5f8b671442
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5df2ad...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 305
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 68481 40350 0 0 0x4000000 0K syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82456eb9) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824c4e7e,ffffffff8250c92d,131,ffffffff824d9aa7) at __assert+0x25 sys/kern/subr_prf.c:161
tun_clone_destroy(ffff800000d50000) at tun_clone_destroy+0x278 sys/net/if_tun.c:305
if_clone_destroy(ffff800023593170) at if_clone_destroy+0x132 sys/net/if.c:1218
soo_ioctl(fffffd8067bcd7d0,80206979,ffff800023593170,ffff800021264540) at soo_ioctl+0x26c
sys_ioctl(ffff800021264540,ffff800023593288,ffff8000235932e0) at sys_ioctl+0x4a2
syscall(ffff800023593350) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023593350) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xeb46f1f0420, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "sc->sc_dev == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/net/if_tun.c", line 305
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82456eb9) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824c4e7e,ffffffff8250c92d,131,ffffffff824d9aa7) at __assert+0x25 sys/kern/subr_prf.c:161
tun_clone_destroy(ffff800000d50000) at tun_clone_destroy+0x278 sys/net/if_tun.c:305
if_clone_destroy(ffff800023593170) at if_clone_destroy+0x132 sys/net/if.c:1218
soo_ioctl(fffffd8067bcd7d0,80206979,ffff800023593170,ffff800021264540) at soo_ioctl+0x26c
sys_ioctl(ffff800021264540,ffff800023593288,ffff8000235932e0) at sys_ioctl+0x4a2
syscall(ffff800023593350) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023593350) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xeb46f1f0420, count: -9
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800023592f80
rbx 0xffffffff82780bff cpu_info_full_primary+0x2bff
rdx 0xffff800000c33980
rcx 0
rax 0xffff800021264540
r8 0
r9 0x8080808080808080
r10 0xbc8d4008d88b25d6
r11 0x9d2ca1d0dd41cf4b
r12 0xffffffff82780a00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81d4f0b8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800023592f70
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=68481 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=82, nice=20
forw=0xffffffffffffffff, list=0xffff800021264d20,0xffff8000212647f0
process=0xffff800027af7a48 user=0xffff80002358e000, vmspace=0xfffffd80668652f0
estcpu=32, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
87752 339432 57119 0 2 0 syz-executor.1
87752 411327 57119 0 3 0x4000080 fsleep syz-executor.1
40350 364391 1840 0 2 0 syz-executor.0
*40350 68481 1840 0 7 0x4000000 syz-executor.0
20655 59925 0 0 3 0x14200 acct acct
92100 83796 8426 0 2 0x482 syz-executor.3
57119 466723 8426 0 2 0x482 syz-executor.1
1840 33813 8426 0 2 0x482 syz-executor.0
70017 82396 1 0 3 0x100083 ttyopn getty
91234 406599 0 0 3 0x14280 nfsidl nfsio
88018 154963 0 0 3 0x14280 nfsidl nfsio
9418 343454 0 0 3 0x14280 nfsidl nfsio
82308 105496 0 0 3 0x14280 nfsidl nfsio
32492 377730 0 0 3 0x14280 nfsidl nfsio
50897 100018 0 0 3 0x14280 nfsidl nfsio
32546 277245 0 0 3 0x14280 nfsidl nfsio
47692 106893 0 0 3 0x14280 nfsidl nfsio
68803 219485 0 0 3 0x14280 nfsidl nfsio
54556 102964 0 0 3 0x14280 nfsidl nfsio
43306 257940 0 0 3 0x14280 nfsidl nfsio
90336 499910 0 0 3 0x14280 nfsidl nfsio
48472 240206 0 0 3 0x14280 nfsidl nfsio
91940 86549 0 0 3 0x14280 nfsidl nfsio
24716 218328 0 0 3 0x14280 nfsidl nfsio
90350 70256 0 0 3 0x14280 nfsidl nfsio
15725 229089 0 0 3 0x14280 nfsidl nfsio
77106 471131 0 0 3 0x14280 nfsidl nfsio
35842 259538 0 0 3 0x14280 nfsidl nfsio
15954 364439 0 0 3 0x14280 nfsidl nfsio
47646 41175 0 0 3 0x14200 bored sosplice
8426 173910 89321 0 3 0x82 thrsleep syz-fuzzer
8426 195930 89321 0 2 0x4000482 syz-fuzzer
8426 235936 89321 0 2 0x4000482 syz-fuzzer
8426 268889 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 114396 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 173029 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 425049 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 38452 89321 0 3 0x4000082 thrsleep syz-fuzzer
8426 186470 89321 0 3 0x4000082 thrsleep syz-fuzzer
89321 102403 61769 0 3 0x10008a sigsusp ksh
61769 190720 95063 0 3 0x9a poll sshd
95063 503454 1 0 3 0x88 poll sshd
18505 477454 62583 74 3 0x100092 bpf pflogd
62583 79847 1 0 3 0x80 netio pflogd
7526 284241 24117 73 3 0x100090 kqread syslogd
24117 196539 1 0 3 0x100082 netio syslogd
81981 138531 1 0 3 0x100080 kqread resolvd
50789 138548 55336 77 3 0x100092 kqread dhcpleased
30428 431662 55336 77 3 0x100092 kqread dhcpleased
55336 147665 1 0 3 0x80 kqread dhcpleased
52985 287492 0 0 3 0x14200 bored smr
14367 52986 0 0 2 0x14200 zerothread
3690 30503 0 0 3 0x14200 aiodoned aiodoned
71706 297900 0 0 3 0x14200 syncer update
79546 256640 0 0 3 0x14200 cleaner cleaner
97567 7148 0 0 3 0x14200 reaper reaper
52413 510938 0 0 3 0x14200 pgdaemon pagedaemon
83380 358154 0 0 3 0x14200 bored viomb
79471 360164 0 0 3 0x40014200 acpi0 acpi0
18643 265902 0 0 7 0x40014200 idle1
986 198268 0 0 3 0x14200 bored softnet
61774 104496 0 0 3 0x14200 bored systqmp
46217 405236 0 0 3 0x14200 bored systq
32287 395068 0 0 3 0x40014200 bored softclock
98304 160253 0 0 3 0x40014200 idle0
1 167502 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 40350 (syz-executor.0) thread 0xffff800021264540 (68481)
exclusive rwlock clonelk r = 0 (0xffffffff8277a460)
#0 witness_lock+0x44d
#1 if_clone_destroy+0x49
#2 soo_ioctl+0x26c
#3 sys_ioctl+0x4a2
#4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8293aef8)
#0 witness_lock+0x44d
#1 soo_ioctl+0x25a sys/kern/sys_socket.c:136
#2 sys_ioctl+0x4a2
#3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10205 6494K 14808K 78643K 100243 0
pcb 13 20K 25K 78643K 4045 0
rtable 212 33K 35K 78643K 7158 0
ifaddr 77 24K 27K 78643K 2217 0
sysctl 3 1K 1K 78643K 3 0
counters 48 34K 35K 78643K 710 0
ioctlops 0 0K 4K 78643K 8007 0
iov 0 0K 28K 78643K 2545 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1807 113K 114K 78643K 35379 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 161 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 2857 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 7 21K 49K 78643K 24069 0
sigio 0 0K 0K 78643K 134 0
proc 82 88K 112K 78643K 4652 0
subproc 39 4K 6K 78643K 1553 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1516 0
in_multi 35 2K 3K 78643K 2193 0
ether_multi 1 0K 0K 78643K 324 0
mrt 2 0K 0K 78643K 117 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 253 1129K 1129K 78643K 253 0
exec 0 0K 2K 78643K 6358 0
pfkey data 0 0K 0K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 619 1680K 1689K 78643K 289376 0
UVM aobj 131 6K 6K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1810 0
NDP 10 0K 1K 78643K 612 0
temp 116 4228K 4296K 78643K 238141 0
kqueue 10 14K 24K 78643K 979 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 2024 0 2021 26 25 1 3 0 8 0
rtentry 112 1730 0 1682 2 0 2 2 0 8 0
unpcb 136 18400 0 18385 187 181 6 9 0 8 5
syncache 296 22 0 22 7 7 0 1 0 8 0
tcpqe 32 3 0 3 2 2 0 1 0 8 0
tcpcb 736 9767 0 9757 367 365 2 25 0 8 0
arp 120 301 0 293 1 0 1 1 0 8 0
inpcb 304 26200 0 26189 352 346 6 15 0 8 5
rttmr 72 26 0 26 7 7 0 1 0 8 0
ip6q 72 7 0 7 2 2 0 1 0 8 0
ip6af 40 53 0 53 2 2 0 1 0 8 0
nd6 48 419 0 410 1 0 1 1 0 8 0
pkpcb 40 32 0 32 8 8 0 1 0 8 0
kcovpl 48 119 0 116 1 0 1 1 0 8 0
ppxss 1248 57 0 57 19 19 0 1 0 8 0
pfstscr 40 108 0 108 10 10 0 1 0 8 0
pffrag 232 115 0 113 9 8 1 1 0 482 0
pffrnode 88 113 0 111 9 8 1 1 0 8 0
pffrent 40 778 0 776 10 9 1 1 0 8 0
pfosfp 40 1454 0 1028 5 0 5 5 0 8 0
pfosfpen 112 1454 0 730 21 0 21 21 0 8 0
pfrke_plain 168 61 0 61 4 4 0 1 0 8 0
pfrktable 1344 646 0 607 7 3 4 4 0 8 0
pftag 88 12 0 4 2 1 1 1 0 8 0
pfstitem 24 50 0 48 1 0 1 1 0 8 0
pfstkey 112 262 0 260 1 0 1 1 0 8 0
pfstate 320 158 0 156 2 1 1 2 0 8 0
pfrule 1360 1377 0 1147 28 8 20 20 0 8 0
art_heap8 4096 3 0 1 3 1 2 2 0 8 0
art_heap4 256 7146 0 6970 59 45 14 22 0 8 0
art_table 32 7149 0 6971 4 1 3 3 0 8 0
art_node 16 1724 0 1685 1 0 1 1 0 8 0
sysvmsgpl 40 35 0 18 1 0 1 1 0 8 0
semapl 112 2855 0 2845 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 32455 0 30985 93 0 93 93 0 8 0
ffsino 272 32455 0 30985 99 0 99 99 0 8 0
nchpl 144 62808 0 61220 61 0 61 61 0 8 0
rtmask 32 60 0 60 4 4 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 250785 0 250785 11 10 1 2 0 8 1
percpumem 16 367 0 331 1 0 1 1 0 8 0
vcpupl 2048 406 0 0 51 0 51 51 0 8 0
vmpool 560 459 0 53 32 3 29 29 0 8 0
pfiaddrpl 120 348 0 234 9 5 4 4 0 8 0
scsiplug 72 3 0 3 1 1 0 1 0 8 0
scxspl 216 185810 0 185810 27 26 1 8 0 8 1
plimitpl 152 3085 0 3075 1 0 1 1 0 8 0
sigapl 424 23997 0 23941 7 0 7 7 0 8 0
futexpl 64 235626 0 235625 10 9 1 1 0 8 0
knotepl 112 201 0 0 4 0 4 4 0 8 0
kqueuepl 216 10144 0 10134 173 172 1 8 0 8 0
pipepl 336 5127 0 5114 124 122 2 12 0 8 0
fdescpl 496 23949 0 23929 8 5 3 4 0 8 0
filepl 152 189931 0 189796 312 300 12 17 0 8 6
lockfpl 104 8713 0 8711 18 17 1 2 0 8 0
lockfspl 48 3018 0 3016 1 0 1 1 0 8 0
sessionpl 144 136 0 124 1 0 1 1 0 8 0
pgrppl 48 233 0 221 1 0 1 1 0 8 0
ucredpl 96 20316 0 20303 1 0 1 1 0 8 0
zombiepl 144 23941 0 23940 6 5 1 1 0 8 0
processpl 1064 23997 0 23940 8 4 4 5 0 8 0
procpl 672 60000 0 59933 35 28 7 8 0 8 0
srpgc 96 122 0 122 30 30 0 1 0 8 0
sosppl 168 174 0 174 31 30 1 1 0 8 1
sockpl 480 46680 0 46651 1035 1023 12 33 0 8 8
mcl64k 65536 20 0 0 3 0 3 3 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 18 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 13 0 0 2 0 2 2 0 8 0
mcl4k 4096 16 0 0 2 0 2 2 0 8 0
mcl2k2 2112 5 0 0 1 0 1 1 0 8 0
mcl2k 2048 420 0 0 23 2 21 23 0 8 0
mtagpl 96 1303 0 0 13 0 13 13 0 8 0
mbufpl 256 7557 0 0 401 0 401 401 0 8 0
bufpl 288 44326 0 37982 454 0 454 454 0 8 0
anonpl 24 6807867 0 6786893 363 205 158 184 0 186 0
amapchunkpl 152 714576 0 713831 154 121 33 46 0 158 0
amappl16 200 76235 0 75193 397 341 56 66 0 8 0
amappl15 192 5031 0 5030 1 0 1 1 0 8 0
amappl14 184 2467 0 2461 1 0 1 1 0 8 0
amappl13 176 2657 0 2651 1 0 1 1 0 8 0
amappl12 168 2398 0 2394 3 2 1 1 0 8 0
amappl11 160 3591 0 3577 1 0 1 1 0 8 0
amappl10 152 3984 0 3971 1 0 1 1 0 8 0
amappl9 144 3875 0 3873 1 0 1 1 0 8 0
amappl8 136 4792 0 4691 5 1 4 4 0 8 0
amappl7 128 2779 0 2767 1 0 1 1 0 8 0
amappl6 120 4266 0 4240 1 0 1 1 0 8 0
amappl5 112 22290 0 22272 1 0 1 1 0 8 0
amappl4 104 10593 0 10567 1 0 1 1 0 8 0
amappl3 96 4824 0 4802 1 0 1 1 0 8 0
amappl2 88 4372 0 4299 6 4 2 2 0 8 0
amappl1 80 422184 0 421708 22 10 12 13 0 8 0
amappl 88 286593 0 286272 9 1 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 24408 0 23982 3 0 3 3 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 24408 0 23982 3 0 3 3 0 8 0
vmmpekpl 168 145713 0 145639 4 0 4 4 0 8 0
vmmpepl 168 2222180 0 2218653 940 746 194 212 0 357 26
vmsppl 368 24407 0 23982 39 0 39 39 0 8 0
rwobjpl 56 519695 0 511556 186 70 116 119 0 8 0
pdppl 4096 48824 0 48370 611 151 460 460 0 8 6
pvpl 32 11186974 0 11164479 632 401 231 268 0 265 0
pmappl 248 24407 0 23982 31 4 27 27 0 8 0
extentpl 40 57 0 38 1 0 1 1 0 8 0
phpool 112 2377 0 706 48 0 48 48 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82456eb9) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824c4e7e,ffffffff8250c92d,131,ffffffff824d9aa7) at __assert+0x25 sys/kern/subr_prf.c:161
tun_clone_destroy(ffff800000d50000) at tun_clone_destroy+0x278 sys/net/if_tun.c:305
if_clone_destroy(ffff800023593170) at if_clone_destroy+0x132 sys/net/if.c:1218
soo_ioctl(fffffd8067bcd7d0,80206979,ffff800023593170,ffff800021264540) at soo_ioctl+0x26c
sys_ioctl(ffff800021264540,ffff800023593288,ffff8000235932e0) at sys_ioctl+0x4a2
syscall(ffff800023593350) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023593350) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xeb46f1f0420, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: 10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Atsakyti visiems
Atsakyti autoriui
Persiųsti
0 naujų pranešimų