Hi, syzkaller has found a crash in dtclose().
panic: kernel diagnostic assertion "suser(curproc) == 0" failed: file "/syzkaller/managers/main/kernel/sys/dev/dt/dt_dev.c", line 431 https://syzkaller.appspot.com/bug?id=5d0d657ba9f3a16981aad2a6c50667918de4c955 Basically it does an open, setuid and close with /dev/dt . dt_ioctl_record_stop() can be reached from dtclose(). The other asserts are useless, suser is checked in dtioctl(). ok? bluhm Index: dev/dt/dt_dev.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/dev/dt/dt_dev.c,v retrieving revision 1.16 diff -u -p -r1.16 dt_dev.c --- dev/dt/dt_dev.c 25 Oct 2021 19:51:12 -0000 1.16 +++ dev/dt/dt_dev.c 20 Dec 2021 17:40:59 -0000 @@ -428,8 +428,6 @@ dt_ioctl_record_stop(struct dt_softc *sc { struct dt_pcb *dp; - KASSERT(suser(curproc) == 0); - if (!sc->ds_recording) return; @@ -459,8 +457,6 @@ dt_ioctl_probe_enable(struct dt_softc *s struct dt_probe *dtp; int error; - KASSERT(suser(curproc) == 0); - if (!dtioc_req_isvalid(dtrq)) return EINVAL; @@ -491,7 +487,6 @@ dt_ioctl_probe_disable(struct dt_softc * struct dt_probe *dtp; int error; - KASSERT(suser(curproc) == 0); if (!dtioc_req_isvalid(dtrq)) return EINVAL;
