panic: bad arg kind: <nil> (12)
1 view
Skip to first unread message
syzbot
May 4, 2020, 4:47:14 PM5/4/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 9962cf41 Use strftime() rather than ctime() to generate ti..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1650b0f4100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=919d26804d02b1f6bd80
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+919d26...@syzkaller.appspotmail.com
panic: bad arg kind: <nil>
goroutine 33 [running]:
github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc001960570, 0xc002fd1700, 0xc002fde680)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x95a
github.com/google/syzkaller/prog.(*Prog).Clone(0xc0012cef40, 0x8fc14c)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc001ff42e0, 0xc000099680, 0xca26a0, 0xc001954700, 0x0, 0x0, 0x888320, 0x1, 0xc001d81be0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:845 +0xc2
github.com/google/syzkaller/prog.(*ResourceType).generate(0xca26a0, 0xc001ff42e0, 0xc000099680, 0xc000090c00, 0x9ad480, 0xc001d81be0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x2a5
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b3000, 0xca26a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xd30780, 0xc, 0xc, 0x0, 0xaaaaaaaaaaaaaaaa, 0x38, 0x8, 0x791934, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcabba0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x20, 0x884660, 0x20, 0x30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xcabba0, 0xc001eb0000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xcabd20, 0x2, 0x2, 0x0, 0x0, 0x22f9b8fff, 0x203000, 0x40010000000000, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcabce0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x0, 0x0, 0x20, 0x30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xcabce0, 0xc002290000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*UnionType).generate(0xca5160, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0xc002200ab0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:794 +0xbf
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b3180, 0xca5160, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xcaab20, 0x2, 0x2, 0x5800000000, 0xaaaaaaaaaaaaaaaa, 0xc0019550a8, 0x40c698, 0x20, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcaaae0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0xc001d80120, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xcaaae0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xca9ba0, 0x2, 0x2, 0x0, 0xc0019553c0, 0x7903f9, 0xcac4a0, 0xc001ff42e0, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xca9b60, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x8, 0x203000, 0x20, 0x8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xca9b60, 0x9b0000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*UnionType).generate(0xca4fe0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x10, 0x884660, 0x0, 0x203000)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:794 +0xbf
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b3180, 0xca4fe0, 0x243150000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xca1360, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9ad500, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xca9ca0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0xc002177da0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xca9ca0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xcc1860, 0x4, 0x4, 0xc001955a00, 0x76c206, 0x9ad480, 0xc001de1180, 0xc001fa8700, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xca9c60, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x203000, 0x203000, 0x203000, 0x203000)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xca9c60, 0xaaaaaaaaaaaa0000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*PtrType).generate(0xca4120, 0xc001ff42e0, 0xc000099680, 0xc001dbab00, 0x9ad480, 0xc001dbac20, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:803 +0x9d
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b2f40, 0xca4120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xca9420, 0x2, 0x2, 0x100, 0x49f7f0, 0xc0026f3400, 0x153, 0x153, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc001ff42e0, 0xc000099680, 0xd23b00, 0x145, 0xc000099680, 0xc003379900)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xd5
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc001ff42e0, 0xc000099680, 0xc001e8ea80, 0x8, 0xc001e8ea80, 0xc001f79740, 0xc000099680)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:546 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc001961ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001e8ea80, 0x9a69c0, 0xc0025e8180, 0x14, 0xc000efe2c0, 0xc002694000, 0x1f6c, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).loop(0xc000efe300)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155
OpenBSD/amd64 (ci-openbsd-multicore-5.c.syzkaller.internal) (tty00)
login: kernel: protection fault trap, code=0
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
in_delmulti(bfbff7ffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000a23400) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff8000009d5000) at in_ifdetach+0x74 sys/netinet/in.c:971
if_detach(ffff8000009d5000) at if_detach+0x140 sys/net/if.c:1149
tun_clone_destroy(ffff8000009d5000) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329
tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:480
spec_close(ffff800020f6ae70) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd8077d6e348,7,fffffd807f7bf2a0,ffff800020e6dd48) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614
fdrop(fffffd8066b20608,ffff800020e6dd48) at fdrop+0xc2 sys/kern/kern_descrip.c:1276
closef(fffffd8066b20608,ffff800020e6dd48) at closef+0x11c sys/kern/kern_descrip.c:1260
fdfree(ffff800020e6dd48) at fdfree+0x101 sys/kern/kern_descrip.c:1192
exit1(ffff800020e6dd48,0,d,1) at exit1+0x32c sys/kern/kern_exit.c:197
postsig(ffff800020e6dd48,d) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline]
postsig(ffff800020e6dd48,d) at postsig+0x4ed sys/kern/kern_sig.c:1415
userret(ffff800020e6dd48) at userret+0x199 sys/kern/kern_sig.c:1867
syscall(ffff800020f6b2f0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff800020f6b2f0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc8930, count: -17
ddb{1}> show registers
rdi 0x2
rsi 0
rbp 0xffff800020f6ac40
rbx 0
rdx 0xffff800020e6dd48
rcx 0
rax 0
r8 0xffffffff81972b03 rt_ifa_purge+0x153
r9 0x5
r10 0x2f
r11 0x409c88b1aa1cd4a5
r12 0
r13 0x3
r14 0xbfbff7ffffffffff
r15 0x1
rip 0xffffffff814d03bd in_delmulti+0x8d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800020f6abe0
ss 0x10
in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> show proc
PROC (syz-executor.0) pid=46543 stat=onproc
flags process=a<EXEC,EXITING,8ORPHAN> proc=2000<WEXIT>
pri=32, usrpri=77, nice=20
forw=0xffffffffffffffff, list=0xffff800020ed0010,0xffff800020ec7888
process=0xffff800020e807c0 user=0xffff800020f66000, vmspace=0xfffffd807f000cf0
estcpu=36, cpticks=1, pctcpu=0.20
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
49273 235132 0 0 3 0x14200 bored sosplice
22780 329974 59145 0 7 0x100002 ksh
59145 55316 64460 0 3 0x92 select sshd
28016 352145 1 0 3 0x100083 ttyin getty
64460 137876 1 0 3 0x80 select sshd
91050 371936 87012 74 3 0x100092 bpf pflogd
87012 62757 1 0 3 0x80 netio pflogd
57087 289391 64984 73 3 0x100090 kqread syslogd
64984 134133 1 0 3 0x100082 netio syslogd
82453 210507 1 77 2 0x100090 dhclient
81407 476618 1 0 3 0x80 poll dhclient
78803 83949 0 0 3 0x14200 bored smr
73471 285635 0 0 3 0x14200 pgzero zerothread
18685 135566 0 0 3 0x14200 aiodoned aiodoned
16095 471362 0 0 3 0x14200 syncer update
81358 96573 0 0 3 0x14200 cleaner cleaner
92668 112142 0 0 3 0x14200 reaper reaper
80610 145317 0 0 3 0x14200 pgdaemon pagedaemon
67766 207040 0 0 3 0x14200 bored crynlk
56800 22816 0 0 3 0x14200 bored crypto
28729 95508 0 0 3 0x40014200 acpi0 acpi0
48798 74427 0 0 3 0x40014200 idle1
92255 126601 0 0 3 0x14200 bored softnet
65711 98435 0 0 2 0x14200 systqmp
93554 276688 0 0 3 0x14200 bored systq
36981 410725 0 0 3 0x40014200 bored softclock
26767 379949 0 0 3 0x40014200 idle0
1 431963 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9530 6421K 6671K 78643K 10923 0
pcb 13 8K 8K 78643K 82 0
rtable 72 3K 4K 78643K 270 0
ifaddr 76 14K 16K 78643K 118 0
counters 41 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1483 0
iov 0 0K 16K 78643K 38 0
mount 1 1K 1K 78643K 1 0
vnodes 1217 77K 77K 78643K 1323 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 52 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 3 8K 25K 78643K 263 0
proc 60 63K 95K 78643K 461 0
subproc 14 0K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 42 0
in_multi 48 2K 3K 78643K 97 0
ether_multi 1 0K 0K 78643K 9 0
mrt 0 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 225 0
pfkey data 0 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 70 36K 55K 78643K 1757 0
UVM aobj 13 2K 2K 78643K 20 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 48 0
NDP 13 0K 0K 78643K 23 0
temp 106 3039K 3103K 78643K 7547 0
kqueue 2 2K 18K 78643K 26 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 7 0 5 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 41 0 39 1 0 1 1 0 8 0
rtentry 112 52 0 26 2 0 2 2 0 8 0
unpcb 120 151 0 141 1 0 1 1 0 8 0
syncache 264 6 0 6 2 1 1 1 0 8 1
tcpqe 32 108 0 108 1 1 0 1 0 8 0
tcpcb 544 115 0 112 1 0 1 1 0 8 0
inpcb 280 681 0 675 2 0 2 2 0 8 1
rttmr 72 2 0 2 2 1 1 1 0 8 1
nd6 48 7 0 6 1 0 1 1 0 8 0
pkpcb 40 291 0 291 1 0 1 1 0 8 1
ppxss 1128 1 0 1 1 0 1 1 0 8 1
pffrag 232 2 0 2 1 0 1 1 0 482 1
pffrnode 88 2 0 2 1 0 1 1 0 8 1
pffrent 40 4 0 4 1 0 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 35 0 4 1 0 1 1 0 8 0
pfstkey 112 35 0 4 1 0 1 1 0 8 0
pfstate 328 35 0 4 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 212 0 84 12 1 11 12 0 8 1
art_table 32 213 0 84 2 0 2 2 0 8 0
art_node 16 51 0 23 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 4 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 46 0 36 1 0 1 1 0 8 0
shmpl 112 18 0 7 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1764 0 360 89 0 89 89 0 8 0
ffsino 272 1764 0 360 94 0 94 94 0 8 0
nchpl 144 2308 0 703 60 0 60 60 0 8 0
uvmvnodes 72 1870 0 0 34 0 34 34 0 8 0
vnodes 208 1870 0 0 99 0 99 99 0 8 0
namei 1024 6127 0 6127 1 0 1 1 0 8 1
percpumem 16 36 0 5 1 0 1 1 0 8 0
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 560 4 0 2 1 0 1 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 6612 0 6612 5 4 1 4 0 8 1
plimitpl 152 25 0 17 1 0 1 1 0 8 0
sigapl 424 479 0 449 4 0 4 4 0 8 0
futexpl 56 4787 0 4787 1 0 1 1 0 8 1
knotepl 112 83 0 78 1 0 1 1 0 8 0
kqueuepl 144 54 0 53 1 0 1 1 0 8 0
pipelkpl 48 109 0 101 1 0 1 1 0 8 0
pipepl 120 218 0 207 1 0 1 1 0 8 0
fdescpl 496 463 0 449 3 0 3 3 0 8 0
filepl 152 3066 0 2998 5 0 5 5 0 8 1
lockfpl 104 94 0 93 1 0 1 1 0 8 0
lockfspl 48 28 0 27 1 0 1 1 0 8 0
sessionpl 112 18 0 7 1 0 1 1 0 8 0
pgrppl 48 20 0 9 1 0 1 1 0 8 0
ucredpl 96 197 0 188 1 0 1 1 0 8 0
zombiepl 144 451 0 448 1 0 1 1 0 8 0
processpl 984 479 0 448 5 0 5 5 0 8 1
procpl 624 977 0 946 5 1 4 5 0 8 0
srpgc 64 2 0 2 1 1 0 1 0 8 0
sosppl 128 2 0 2 1 1 0 1 0 8 0
sockpl 400 1168 0 1150 5 1 4 5 0 8 2
mcl64k 65536 14 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 7 0 0 1 0 1 1 0 8 0
mcl2k 2048 158 0 0 19 0 19 19 0 8 0
mtagpl 80 12 0 0 1 0 1 1 0 8 0
mbufpl 256 220 0 0 13 0 13 13 0 8 0
bufpl 280 3916 0 133 271 0 271 271 0 8 0
anonpl 16 55297 0 53997 66 1 65 65 0 124 49
amapchunkpl 152 2509 0 2470 13 5 8 11 0 158 5
amappl16 192 1925 0 1907 44 0 44 44 0 8 38
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 213 0 209 1 0 1 1 0 8 0
amappl13 168 216 0 214 1 0 1 1 0 8 0
amappl12 160 49 0 46 1 0 1 1 0 8 0
amappl11 152 66 0 50 1 0 1 1 0 8 0
amappl10 144 20 0 18 1 0 1 1 0 8 0
amappl9 136 380 0 379 1 0 1 1 0 8 0
amappl8 128 351 0 350 2 0 2 2 0 8 1
amappl7 120 120 0 112 1 0 1 1 0 8 0
amappl6 112 27 0 27 1 0 1 1 0 8 1
amappl5 104 218 0 202 1 0 1 1 0 8 0
amappl4 96 685 0 657 1 0 1 1 0 8 0
amappl3 88 305 0 298 1 0 1 1 0 8 0
amappl2 80 2761 0 2703 2 0 2 2 0 8 0
amappl1 72 19844 0 19420 23 13 10 18 0 8 0
amappl 80 1232 0 1207 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 19 0 7 1 0 1 1 0 8 0
uaddrrnd 24 467 0 451 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 467 0 451 1 0 1 1 0 8 0
vmmpekpl 168 7407 0 7376 2 0 2 2 0 8 0
vmmpepl 168 63396 0 62445 118 25 93 114 0 357 40
vmsppl 368 466 0 451 2 0 2 2 0 8 0
pdppl 4096 942 0 904 6 0 6 6 0 8 0
pvpl 32 184604 0 181468 158 2 156 158 0 265 104
pmappl 232 466 0 451 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 260 0 6 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff82521ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82655450) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82655450) at __mp_lock+0x127 sys/kern/kern_lock.c:147
pageflttrap(ffff800020f0de80,1) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180
usertrap(ffff800020f0de80) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:384
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffc1ea0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> trace
in_delmulti(bfbff7ffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000a23400) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff8000009d5000) at in_ifdetach+0x74 sys/netinet/in.c:971
if_detach(ffff8000009d5000) at if_detach+0x140 sys/net/if.c:1149
tun_clone_destroy(ffff8000009d5000) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329
tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:480
spec_close(ffff800020f6ae70) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd8077d6e348,7,fffffd807f7bf2a0,ffff800020e6dd48) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614
fdrop(fffffd8066b20608,ffff800020e6dd48) at fdrop+0xc2 sys/kern/kern_descrip.c:1276
closef(fffffd8066b20608,ffff800020e6dd48) at closef+0x11c sys/kern/kern_descrip.c:1260
fdfree(ffff800020e6dd48) at fdfree+0x101 sys/kern/kern_descrip.c:1192
exit1(ffff800020e6dd48,0,d,1) at exit1+0x32c sys/kern/kern_exit.c:197
postsig(ffff800020e6dd48,d) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline]
postsig(ffff800020e6dd48,d) at postsig+0x4ed sys/kern/kern_sig.c:1415
userret(ffff800020e6dd48) at userret+0x199 sys/kern/kern_sig.c:1867
syscall(ffff800020f6b2f0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff800020f6b2f0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc8930, count: -17
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 9962cf41 Use strftime() rather than ctime() to generate ti..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1650b0f4100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=919d26804d02b1f6bd80
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+919d26...@syzkaller.appspotmail.com
panic: bad arg kind: <nil>
goroutine 33 [running]:
github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc001960570, 0xc002fd1700, 0xc002fde680)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x95a
github.com/google/syzkaller/prog.(*Prog).Clone(0xc0012cef40, 0x8fc14c)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc001ff42e0, 0xc000099680, 0xca26a0, 0xc001954700, 0x0, 0x0, 0x888320, 0x1, 0xc001d81be0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:845 +0xc2
github.com/google/syzkaller/prog.(*ResourceType).generate(0xca26a0, 0xc001ff42e0, 0xc000099680, 0xc000090c00, 0x9ad480, 0xc001d81be0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x2a5
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b3000, 0xca26a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xd30780, 0xc, 0xc, 0x0, 0xaaaaaaaaaaaaaaaa, 0x38, 0x8, 0x791934, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcabba0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x20, 0x884660, 0x20, 0x30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xcabba0, 0xc001eb0000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xcabd20, 0x2, 0x2, 0x0, 0x0, 0x22f9b8fff, 0x203000, 0x40010000000000, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcabce0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x0, 0x0, 0x20, 0x30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xcabce0, 0xc002290000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*UnionType).generate(0xca5160, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0xc002200ab0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:794 +0xbf
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b3180, 0xca5160, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xcaab20, 0x2, 0x2, 0x5800000000, 0xaaaaaaaaaaaaaaaa, 0xc0019550a8, 0x40c698, 0x20, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcaaae0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0xc001d80120, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xcaaae0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xca9ba0, 0x2, 0x2, 0x0, 0xc0019553c0, 0x7903f9, 0xcac4a0, 0xc001ff42e0, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xca9b60, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x8, 0x203000, 0x20, 0x8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xca9b60, 0x9b0000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*UnionType).generate(0xca4fe0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x10, 0x884660, 0x0, 0x203000)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:794 +0xbf
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b3180, 0xca4fe0, 0x243150000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xca1360, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9ad500, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xca9ca0, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0xc002177da0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xca9ca0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xcc1860, 0x4, 0x4, 0xc001955a00, 0x76c206, 0x9ad480, 0xc001de1180, 0xc001fa8700, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xca9c60, 0xc001ff42e0, 0xc000099680, 0x0, 0xd686e0, 0x203000, 0x203000, 0x203000, 0x203000)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b30c0, 0xca9c60, 0xaaaaaaaaaaaa0000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*PtrType).generate(0xca4120, 0xc001ff42e0, 0xc000099680, 0xc001dbab00, 0x9ad480, 0xc001dbac20, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:803 +0x9d
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc001ff42e0, 0xc000099680, 0x9b2f40, 0xca4120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x552
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc001ff42e0, 0xc000099680, 0xca9420, 0x2, 0x2, 0x100, 0x49f7f0, 0xc0026f3400, 0x153, 0x153, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc001ff42e0, 0xc000099680, 0xd23b00, 0x145, 0xc000099680, 0xc003379900)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xd5
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc001ff42e0, 0xc000099680, 0xc001e8ea80, 0x8, 0xc001e8ea80, 0xc001f79740, 0xc000099680)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:546 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc001961ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001e8ea80, 0x9a69c0, 0xc0025e8180, 0x14, 0xc000efe2c0, 0xc002694000, 0x1f6c, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).loop(0xc000efe300)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155
OpenBSD/amd64 (ci-openbsd-multicore-5.c.syzkaller.internal) (tty00)
login: kernel: protection fault trap, code=0
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
in_delmulti(bfbff7ffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000a23400) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff8000009d5000) at in_ifdetach+0x74 sys/netinet/in.c:971
if_detach(ffff8000009d5000) at if_detach+0x140 sys/net/if.c:1149
tun_clone_destroy(ffff8000009d5000) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329
tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:480
spec_close(ffff800020f6ae70) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd8077d6e348,7,fffffd807f7bf2a0,ffff800020e6dd48) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614
fdrop(fffffd8066b20608,ffff800020e6dd48) at fdrop+0xc2 sys/kern/kern_descrip.c:1276
closef(fffffd8066b20608,ffff800020e6dd48) at closef+0x11c sys/kern/kern_descrip.c:1260
fdfree(ffff800020e6dd48) at fdfree+0x101 sys/kern/kern_descrip.c:1192
exit1(ffff800020e6dd48,0,d,1) at exit1+0x32c sys/kern/kern_exit.c:197
postsig(ffff800020e6dd48,d) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline]
postsig(ffff800020e6dd48,d) at postsig+0x4ed sys/kern/kern_sig.c:1415
userret(ffff800020e6dd48) at userret+0x199 sys/kern/kern_sig.c:1867
syscall(ffff800020f6b2f0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff800020f6b2f0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc8930, count: -17
ddb{1}> show registers
rdi 0x2
rsi 0
rbp 0xffff800020f6ac40
rbx 0
rdx 0xffff800020e6dd48
rcx 0
rax 0
r8 0xffffffff81972b03 rt_ifa_purge+0x153
r9 0x5
r10 0x2f
r11 0x409c88b1aa1cd4a5
r12 0
r13 0x3
r14 0xbfbff7ffffffffff
r15 0x1
rip 0xffffffff814d03bd in_delmulti+0x8d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800020f6abe0
ss 0x10
in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> show proc
PROC (syz-executor.0) pid=46543 stat=onproc
flags process=a<EXEC,EXITING,8ORPHAN> proc=2000<WEXIT>
pri=32, usrpri=77, nice=20
forw=0xffffffffffffffff, list=0xffff800020ed0010,0xffff800020ec7888
process=0xffff800020e807c0 user=0xffff800020f66000, vmspace=0xfffffd807f000cf0
estcpu=36, cpticks=1, pctcpu=0.20
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
49273 235132 0 0 3 0x14200 bored sosplice
22780 329974 59145 0 7 0x100002 ksh
59145 55316 64460 0 3 0x92 select sshd
28016 352145 1 0 3 0x100083 ttyin getty
64460 137876 1 0 3 0x80 select sshd
91050 371936 87012 74 3 0x100092 bpf pflogd
87012 62757 1 0 3 0x80 netio pflogd
57087 289391 64984 73 3 0x100090 kqread syslogd
64984 134133 1 0 3 0x100082 netio syslogd
82453 210507 1 77 2 0x100090 dhclient
81407 476618 1 0 3 0x80 poll dhclient
78803 83949 0 0 3 0x14200 bored smr
73471 285635 0 0 3 0x14200 pgzero zerothread
18685 135566 0 0 3 0x14200 aiodoned aiodoned
16095 471362 0 0 3 0x14200 syncer update
81358 96573 0 0 3 0x14200 cleaner cleaner
92668 112142 0 0 3 0x14200 reaper reaper
80610 145317 0 0 3 0x14200 pgdaemon pagedaemon
67766 207040 0 0 3 0x14200 bored crynlk
56800 22816 0 0 3 0x14200 bored crypto
28729 95508 0 0 3 0x40014200 acpi0 acpi0
48798 74427 0 0 3 0x40014200 idle1
92255 126601 0 0 3 0x14200 bored softnet
65711 98435 0 0 2 0x14200 systqmp
93554 276688 0 0 3 0x14200 bored systq
36981 410725 0 0 3 0x40014200 bored softclock
26767 379949 0 0 3 0x40014200 idle0
1 431963 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9530 6421K 6671K 78643K 10923 0
pcb 13 8K 8K 78643K 82 0
rtable 72 3K 4K 78643K 270 0
ifaddr 76 14K 16K 78643K 118 0
counters 41 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1483 0
iov 0 0K 16K 78643K 38 0
mount 1 1K 1K 78643K 1 0
vnodes 1217 77K 77K 78643K 1323 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 52 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 3 8K 25K 78643K 263 0
proc 60 63K 95K 78643K 461 0
subproc 14 0K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 42 0
in_multi 48 2K 3K 78643K 97 0
ether_multi 1 0K 0K 78643K 9 0
mrt 0 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 225 0
pfkey data 0 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 70 36K 55K 78643K 1757 0
UVM aobj 13 2K 2K 78643K 20 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 48 0
NDP 13 0K 0K 78643K 23 0
temp 106 3039K 3103K 78643K 7547 0
kqueue 2 2K 18K 78643K 26 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 7 0 5 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 41 0 39 1 0 1 1 0 8 0
rtentry 112 52 0 26 2 0 2 2 0 8 0
unpcb 120 151 0 141 1 0 1 1 0 8 0
syncache 264 6 0 6 2 1 1 1 0 8 1
tcpqe 32 108 0 108 1 1 0 1 0 8 0
tcpcb 544 115 0 112 1 0 1 1 0 8 0
inpcb 280 681 0 675 2 0 2 2 0 8 1
rttmr 72 2 0 2 2 1 1 1 0 8 1
nd6 48 7 0 6 1 0 1 1 0 8 0
pkpcb 40 291 0 291 1 0 1 1 0 8 1
ppxss 1128 1 0 1 1 0 1 1 0 8 1
pffrag 232 2 0 2 1 0 1 1 0 482 1
pffrnode 88 2 0 2 1 0 1 1 0 8 1
pffrent 40 4 0 4 1 0 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 35 0 4 1 0 1 1 0 8 0
pfstkey 112 35 0 4 1 0 1 1 0 8 0
pfstate 328 35 0 4 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 212 0 84 12 1 11 12 0 8 1
art_table 32 213 0 84 2 0 2 2 0 8 0
art_node 16 51 0 23 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 4 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 46 0 36 1 0 1 1 0 8 0
shmpl 112 18 0 7 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1764 0 360 89 0 89 89 0 8 0
ffsino 272 1764 0 360 94 0 94 94 0 8 0
nchpl 144 2308 0 703 60 0 60 60 0 8 0
uvmvnodes 72 1870 0 0 34 0 34 34 0 8 0
vnodes 208 1870 0 0 99 0 99 99 0 8 0
namei 1024 6127 0 6127 1 0 1 1 0 8 1
percpumem 16 36 0 5 1 0 1 1 0 8 0
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 560 4 0 2 1 0 1 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 6612 0 6612 5 4 1 4 0 8 1
plimitpl 152 25 0 17 1 0 1 1 0 8 0
sigapl 424 479 0 449 4 0 4 4 0 8 0
futexpl 56 4787 0 4787 1 0 1 1 0 8 1
knotepl 112 83 0 78 1 0 1 1 0 8 0
kqueuepl 144 54 0 53 1 0 1 1 0 8 0
pipelkpl 48 109 0 101 1 0 1 1 0 8 0
pipepl 120 218 0 207 1 0 1 1 0 8 0
fdescpl 496 463 0 449 3 0 3 3 0 8 0
filepl 152 3066 0 2998 5 0 5 5 0 8 1
lockfpl 104 94 0 93 1 0 1 1 0 8 0
lockfspl 48 28 0 27 1 0 1 1 0 8 0
sessionpl 112 18 0 7 1 0 1 1 0 8 0
pgrppl 48 20 0 9 1 0 1 1 0 8 0
ucredpl 96 197 0 188 1 0 1 1 0 8 0
zombiepl 144 451 0 448 1 0 1 1 0 8 0
processpl 984 479 0 448 5 0 5 5 0 8 1
procpl 624 977 0 946 5 1 4 5 0 8 0
srpgc 64 2 0 2 1 1 0 1 0 8 0
sosppl 128 2 0 2 1 1 0 1 0 8 0
sockpl 400 1168 0 1150 5 1 4 5 0 8 2
mcl64k 65536 14 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 7 0 0 1 0 1 1 0 8 0
mcl2k 2048 158 0 0 19 0 19 19 0 8 0
mtagpl 80 12 0 0 1 0 1 1 0 8 0
mbufpl 256 220 0 0 13 0 13 13 0 8 0
bufpl 280 3916 0 133 271 0 271 271 0 8 0
anonpl 16 55297 0 53997 66 1 65 65 0 124 49
amapchunkpl 152 2509 0 2470 13 5 8 11 0 158 5
amappl16 192 1925 0 1907 44 0 44 44 0 8 38
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 213 0 209 1 0 1 1 0 8 0
amappl13 168 216 0 214 1 0 1 1 0 8 0
amappl12 160 49 0 46 1 0 1 1 0 8 0
amappl11 152 66 0 50 1 0 1 1 0 8 0
amappl10 144 20 0 18 1 0 1 1 0 8 0
amappl9 136 380 0 379 1 0 1 1 0 8 0
amappl8 128 351 0 350 2 0 2 2 0 8 1
amappl7 120 120 0 112 1 0 1 1 0 8 0
amappl6 112 27 0 27 1 0 1 1 0 8 1
amappl5 104 218 0 202 1 0 1 1 0 8 0
amappl4 96 685 0 657 1 0 1 1 0 8 0
amappl3 88 305 0 298 1 0 1 1 0 8 0
amappl2 80 2761 0 2703 2 0 2 2 0 8 0
amappl1 72 19844 0 19420 23 13 10 18 0 8 0
amappl 80 1232 0 1207 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 19 0 7 1 0 1 1 0 8 0
uaddrrnd 24 467 0 451 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 467 0 451 1 0 1 1 0 8 0
vmmpekpl 168 7407 0 7376 2 0 2 2 0 8 0
vmmpepl 168 63396 0 62445 118 25 93 114 0 357 40
vmsppl 368 466 0 451 2 0 2 2 0 8 0
pdppl 4096 942 0 904 6 0 6 6 0 8 0
pvpl 32 184604 0 181468 158 2 156 158 0 265 104
pmappl 232 466 0 451 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 260 0 6 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff82521ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82655450) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82655450) at __mp_lock+0x127 sys/kern/kern_lock.c:147
pageflttrap(ffff800020f0de80,1) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180
usertrap(ffff800020f0de80) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:384
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffc1ea0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> trace
in_delmulti(bfbff7ffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000a23400) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff8000009d5000) at in_ifdetach+0x74 sys/netinet/in.c:971
if_detach(ffff8000009d5000) at if_detach+0x140 sys/net/if.c:1149
tun_clone_destroy(ffff8000009d5000) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329
tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:480
spec_close(ffff800020f6ae70) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd8077d6e348,7,fffffd807f7bf2a0,ffff800020e6dd48) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8066b20608,ffff800020e6dd48) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614
fdrop(fffffd8066b20608,ffff800020e6dd48) at fdrop+0xc2 sys/kern/kern_descrip.c:1276
closef(fffffd8066b20608,ffff800020e6dd48) at closef+0x11c sys/kern/kern_descrip.c:1260
fdfree(ffff800020e6dd48) at fdfree+0x101 sys/kern/kern_descrip.c:1192
exit1(ffff800020e6dd48,0,d,1) at exit1+0x32c sys/kern/kern_exit.c:197
postsig(ffff800020e6dd48,d) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline]
postsig(ffff800020e6dd48,d) at postsig+0x4ed sys/kern/kern_sig.c:1415
userret(ffff800020e6dd48) at userret+0x199 sys/kern/kern_sig.c:1867
syscall(ffff800020f6b2f0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff800020f6b2f0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc8930, count: -17
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Greg Steuck
May 4, 2020, 5:03:00 PM5/4/20
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: uvm_fault: in_delmulti
Reply all
Reply to author
Forward
0 new messages