panic: bad arg kind: <nil> (7)
0 views
Skip to first unread message
syzbot
Mar 8, 2020, 6:49:11 PM3/8/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 6b2c09b1 Initialise only the components list for "list-io"
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10a38fb5e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=5f7ba2422fd2e0dcfcbf
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5f7ba2...@syzkaller.appspotmail.com
panic: bad arg kind: <nil>
goroutine 29 [running]:
github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc003007770, 0xc002fb8ff0, 0xc0030febc0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x954
github.com/google/syzkaller/prog.(*Prog).Clone(0xc0005139c0, 0x8f4e57)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279
github.com/google/syzkaller/prog.resourceCentric(0xcb61a0, 0xc0037f2780, 0xc002bf5800, 0x8f1801, 0x5, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:848 +0xbf
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcb61a0, 0xc002bf5800, 0xc0037f2780, 0x10, 0x8792c0, 0x8f0181, 0xc000042380, 0x10)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x920
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc002bf5800, 0xc0037f2780, 0x9aeb20, 0xcb61a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:674 +0x506
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:623
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc002bf5800, 0xc0037f2780, 0xc97ff0, 0x1, 0x1, 0xc003007d58, 0x4510b1af, 0x88e9a72a90891b87, 0xc003007d90, 0x789ede, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:611 +0x107
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc002bf5800, 0xc0037f2780, 0xcebd40, 0x137, 0xc0037f2780, 0xc000082d80)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:555 +0xc6
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc002bf5800, 0xc0037f2780, 0xc002bea100, 0xe, 0xc002bea100, 0xc002bea740, 0xc0037f2780)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:547 +0xb2
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc003007ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:137 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002bea100, 0x9a2220, 0xc002b1e4b0, 0x1e, 0xc002afc3c0, 0xc002f52000, 0x1e5b, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:42 +0x29b
main.(*Proc).loop(0xc002afc440)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
login:
OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00)
login: uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e
in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914
end trace frame: 0xffff800021b7b890, count: 0
ddb{0}> trace
in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000aabe00) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff800000a1f800) at in_ifdetach+0x74 sys/netinet/in.c:969
if_detach(ffff800000a1f800) at if_detach+0x140 sys/net/if.c:1150
tun_clone_destroy(ffff800000a1f800) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329
tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:480
spec_close(ffff800021b7ba70) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd806e3310d8,7,fffffd807f7bf8a0,ffff800020ac7878) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614
fdrop(fffffd8066df7998,ffff800020ac7878) at fdrop+0xc2 sys/kern/kern_descrip.c:1276
closef(fffffd8066df7998,ffff800020ac7878) at closef+0x11c sys/kern/kern_descrip.c:1260
fdfree(ffff800020ac7878) at fdfree+0x101 sys/kern/kern_descrip.c:1192
exit1(ffff800020ac7878,0,d,1) at exit1+0x344 sys/kern/kern_exit.c:196
postsig(ffff800020ac7878,d) at postsig+0x4e5 sigexit sys/kern/kern_sig.c:1444 [inline]
postsig(ffff800020ac7878,d) at postsig+0x4e5 sys/kern/kern_sig.c:1376
userret(ffff800020ac7878) at userret+0x199 sys/kern/kern_sig.c:1828
syscall(ffff800021b7bef0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff800021b7bef0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc41a0, count: -17
ddb{0}> show registers
rdi 0x2
rsi 0
rbp 0xffff800021b7b840
rbx 0
rdx 0xffff800020ac7878
rcx 0
rax 0
r8 0xffffffff81cacd73 rt_ifa_purge+0x153
r9 0x5
r10 0x2f
r11 0x9c2712a70733b204
r12 0
r13 0x3
r14 0x1df0 __ALIGN_SIZE+0xdf0
r15 0x1
rip 0xffffffff8134424d in_delmulti+0x8d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800021b7b7e0
ss 0x10
in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{0}> show proc
PROC (syz-executor.1) pid=399659 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=32, usrpri=79, nice=20
forw=0xffffffffffffffff, list=0xffff800020a6c008,0xffff800020ac69e8
process=0xffff800020a81690 user=0xffff800021b76000, vmspace=0xfffffd807f000730
estcpu=36, cpticks=3, pctcpu=0.5
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
95038 91613 1 0 3 0x100083 ttyin getty
88913 480173 0 0 3 0x14200 bored sosplice
55799 1865 83056 0 3 0x10008a pause ksh
83056 483905 37674 0 3 0x92 select sshd
37674 179609 1 0 3 0x80 select sshd
7148 317327 35397 74 3 0x100092 bpf pflogd
35397 297185 1 0 3 0x80 netio pflogd
34062 74303 17262 73 3 0x100090 kqread syslogd
17262 294045 1 0 3 0x100082 netio syslogd
62704 318895 1 77 2 0x100090 dhclient
33948 232931 1 0 3 0x80 poll dhclient
45958 466469 0 0 3 0x14200 bored smr
38300 467132 0 0 2 0x14200 zerothread
20056 401954 0 0 3 0x14200 aiodoned aiodoned
21815 237848 0 0 3 0x14200 syncer update
58836 19363 0 0 3 0x14200 cleaner cleaner
64653 409307 0 0 2 0x14200 reaper
51922 123254 0 0 3 0x14200 pgdaemon pagedaemon
95801 500340 0 0 3 0x14200 bored crynlk
85020 468639 0 0 3 0x14200 bored crypto
39972 418163 0 0 3 0x40014200 acpi0 acpi0
65970 379052 0 0 3 0x40014200 idle1
51621 203596 0 0 3 0x14200 bored softnet
63569 266368 0 0 2 0x14200 systqmp
27546 473990 0 0 3 0x14200 bored systq
11570 443320 0 0 3 0x40014200 bored softclock
78308 47391 0 0 3 0x40014200 idle0
1 413044 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9528 6427K 7193K 78643K 11386 0
pcb 13 8K 8K 78643K 109 0
rtable 100 3K 3K 78643K 301 0
ifaddr 80 15K 16K 78643K 118 0
counters 43 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1492 0
iov 0 0K 36K 78643K 64 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1432 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 9 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 53 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 3 8K 25K 78643K 338 0
sigio 0 0K 0K 78643K 8 0
proc 62 63K 83K 78643K 476 0
subproc 14 0K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 52 0
in_multi 64 3K 3K 78643K 96 0
ether_multi 1 0K 0K 78643K 11 0
mrt 0 0K 0K 78643K 7 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 73 334K 334K 78643K 73 0
exec 0 0K 1K 78643K 227 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 84 69K 71K 78643K 2129 0
UVM aobj 32 6K 6K 78643K 36 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 67 0
NDP 13 0K 0K 78643K 21 0
temp 136 3030K 3094K 78643K 19288 0
kqueue 2 2K 18K 78643K 26 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 3 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 61 0 59 1 0 1 1 0 8 0
rtentry 112 60 0 19 2 0 2 2 0 8 0
unpcb 120 388 0 378 1 0 1 1 0 8 0
syncache 264 8 0 8 3 2 1 1 0 8 1
tcpqe 32 160 0 160 1 1 0 1 0 8 0
tcpcb 544 214 0 211 2 0 2 2 0 8 1
inpcb 280 887 0 881 2 0 2 2 0 8 1
rttmr 72 3 0 3 2 1 1 1 0 8 1
nd6 48 6 0 0 1 0 1 1 0 8 0
pkpcb 40 5 0 5 3 2 1 1 0 8 1
swfcl 56 2 0 0 1 0 1 1 0 8 0
pffrag 232 15 0 15 1 1 0 1 0 482 0
pffrnode 88 15 0 15 1 1 0 1 0 8 0
pffrent 40 421 0 421 1 1 0 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 52 0 7 1 0 1 1 0 8 0
pfstkey 112 52 0 7 2 0 2 2 0 8 0
pfstate 328 52 0 7 4 0 4 4 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 215 0 15 13 0 13 13 0 8 0
art_table 32 216 0 15 2 0 2 2 0 8 0
art_node 16 59 0 18 1 0 1 1 0 8 0
sysvmsgpl 40 11 0 4 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 51 0 41 1 0 1 1 0 8 0
shmpl 112 34 0 4 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1905 0 496 46 0 46 46 0 8 0
ffsino 272 1905 0 496 95 0 95 95 0 8 0
nchpl 144 2589 0 970 61 0 61 61 0 8 0
uvmvnodes 72 2079 0 0 38 0 38 38 0 8 0
vnodes 208 2079 0 0 110 0 110 110 0 8 0
namei 1024 8095 0 8095 1 0 1 1 0 8 1
percpumem 16 36 0 4 1 0 1 1 0 8 0
vcpupl 1984 5 0 0 1 0 1 1 0 8 0
vmpool 560 5 0 0 1 0 1 1 0 8 0
scxspl 192 7516 0 7516 10 7 3 7 0 8 3
plimitpl 152 46 0 38 1 0 1 1 0 8 0
sigapl 424 555 0 525 4 0 4 4 0 8 0
futexpl 56 7913 0 7913 1 0 1 1 0 8 1
knotepl 112 77 0 72 1 0 1 1 0 8 0
kqueuepl 144 90 0 89 1 0 1 1 0 8 0
pipelkpl 48 162 0 154 1 0 1 1 0 8 0
pipepl 120 324 0 313 1 0 1 1 0 8 0
fdescpl 496 539 0 525 3 0 3 3 0 8 0
filepl 152 4851 0 4783 7 1 6 6 0 8 1
lockfpl 104 112 0 111 1 0 1 1 0 8 0
lockfspl 48 33 0 32 1 0 1 1 0 8 0
sessionpl 112 19 0 8 1 0 1 1 0 8 0
pgrppl 48 23 0 12 1 0 1 1 0 8 0
ucredpl 96 810 0 801 1 0 1 1 0 8 0
zombiepl 144 527 0 524 1 0 1 1 0 8 0
processpl 960 555 0 524 5 0 5 5 0 8 0
procpl 624 1349 0 1318 4 0 4 4 0 8 0
sosppl 128 26 0 26 1 0 1 1 0 8 1
sockpl 400 1361 0 1343 6 1 5 5 0 8 3
mcl64k 65536 15 0 0 2 0 2 2 0 8 0
mcl16k 16384 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 9 0 0 2 0 2 2 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 151 0 0 18 0 18 18 0 8 0
mtagpl 80 31 0 0 1 0 1 1 0 8 0
mbufpl 256 736 0 0 46 0 46 46 0 8 0
bufpl 280 4695 0 173 323 0 323 323 0 8 0
anonpl 16 71222 0 68415 90 6 84 87 0 124 16
amapchunkpl 152 3117 0 3053 12 5 7 10 0 158 1
amappl16 192 2868 0 2778 66 17 49 61 0 8 27
amappl15 184 2 0 1 1 0 1 1 0 8 0
amappl14 176 152 0 151 2 1 1 1 0 8 0
amappl13 168 26 0 24 1 0 1 1 0 8 0
amappl12 160 167 0 166 2 1 1 1 0 8 0
amappl11 152 74 0 56 1 0 1 1 0 8 0
amappl10 144 20 0 18 1 0 1 1 0 8 0
amappl9 136 401 0 397 1 0 1 1 0 8 0
amappl8 128 323 0 318 1 0 1 1 0 8 0
amappl7 120 120 0 111 1 0 1 1 0 8 0
amappl6 112 28 0 25 1 0 1 1 0 8 0
amappl5 104 447 0 429 1 0 1 1 0 8 0
amappl4 96 506 0 477 1 0 1 1 0 8 0
amappl3 88 269 0 261 1 0 1 1 0 8 0
amappl2 80 3557 0 3498 3 1 2 3 0 8 0
amappl1 72 21782 0 21362 26 16 10 20 0 8 0
amappl 80 1601 0 1569 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 35 0 4 1 0 1 1 0 8 0
uaddrrnd 24 544 0 525 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 544 0 525 1 0 1 1 0 8 0
vmmpekpl 168 8539 0 8507 2 0 2 2 0 8 0
vmmpepl 168 73429 0 72381 125 21 104 116 0 357 25
vmsppl 368 543 0 524 2 0 2 2 0 8 0
pdppl 4096 1096 0 1053 7 0 7 7 0 8 1
pvpl 32 214059 0 210894 209 7 202 206 0 265 157
pmappl 232 543 0 524 3 1 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 208 0 4 6 0 6 6 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 6b2c09b1 Initialise only the components list for "list-io"
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10a38fb5e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=5f7ba2422fd2e0dcfcbf
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5f7ba2...@syzkaller.appspotmail.com
panic: bad arg kind: <nil>
goroutine 29 [running]:
github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc003007770, 0xc002fb8ff0, 0xc0030febc0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x954
github.com/google/syzkaller/prog.(*Prog).Clone(0xc0005139c0, 0x8f4e57)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279
github.com/google/syzkaller/prog.resourceCentric(0xcb61a0, 0xc0037f2780, 0xc002bf5800, 0x8f1801, 0x5, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:848 +0xbf
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcb61a0, 0xc002bf5800, 0xc0037f2780, 0x10, 0x8792c0, 0x8f0181, 0xc000042380, 0x10)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x920
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc002bf5800, 0xc0037f2780, 0x9aeb20, 0xcb61a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:674 +0x506
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:623
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc002bf5800, 0xc0037f2780, 0xc97ff0, 0x1, 0x1, 0xc003007d58, 0x4510b1af, 0x88e9a72a90891b87, 0xc003007d90, 0x789ede, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:611 +0x107
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc002bf5800, 0xc0037f2780, 0xcebd40, 0x137, 0xc0037f2780, 0xc000082d80)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:555 +0xc6
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc002bf5800, 0xc0037f2780, 0xc002bea100, 0xe, 0xc002bea100, 0xc002bea740, 0xc0037f2780)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:547 +0xb2
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc003007ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:137 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002bea100, 0x9a2220, 0xc002b1e4b0, 0x1e, 0xc002afc3c0, 0xc002f52000, 0x1e5b, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:42 +0x29b
main.(*Proc).loop(0xc002afc440)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
login:
OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00)
login: uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e
in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914
end trace frame: 0xffff800021b7b890, count: 0
ddb{0}> trace
in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000aabe00) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff800000a1f800) at in_ifdetach+0x74 sys/netinet/in.c:969
if_detach(ffff800000a1f800) at if_detach+0x140 sys/net/if.c:1150
tun_clone_destroy(ffff800000a1f800) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329
tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:480
spec_close(ffff800021b7ba70) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd806e3310d8,7,fffffd807f7bf8a0,ffff800020ac7878) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614
fdrop(fffffd8066df7998,ffff800020ac7878) at fdrop+0xc2 sys/kern/kern_descrip.c:1276
closef(fffffd8066df7998,ffff800020ac7878) at closef+0x11c sys/kern/kern_descrip.c:1260
fdfree(ffff800020ac7878) at fdfree+0x101 sys/kern/kern_descrip.c:1192
exit1(ffff800020ac7878,0,d,1) at exit1+0x344 sys/kern/kern_exit.c:196
postsig(ffff800020ac7878,d) at postsig+0x4e5 sigexit sys/kern/kern_sig.c:1444 [inline]
postsig(ffff800020ac7878,d) at postsig+0x4e5 sys/kern/kern_sig.c:1376
userret(ffff800020ac7878) at userret+0x199 sys/kern/kern_sig.c:1828
syscall(ffff800021b7bef0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff800021b7bef0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc41a0, count: -17
ddb{0}> show registers
rdi 0x2
rsi 0
rbp 0xffff800021b7b840
rbx 0
rdx 0xffff800020ac7878
rcx 0
rax 0
r8 0xffffffff81cacd73 rt_ifa_purge+0x153
r9 0x5
r10 0x2f
r11 0x9c2712a70733b204
r12 0
r13 0x3
r14 0x1df0 __ALIGN_SIZE+0xdf0
r15 0x1
rip 0xffffffff8134424d in_delmulti+0x8d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800021b7b7e0
ss 0x10
in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{0}> show proc
PROC (syz-executor.1) pid=399659 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=32, usrpri=79, nice=20
forw=0xffffffffffffffff, list=0xffff800020a6c008,0xffff800020ac69e8
process=0xffff800020a81690 user=0xffff800021b76000, vmspace=0xfffffd807f000730
estcpu=36, cpticks=3, pctcpu=0.5
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
95038 91613 1 0 3 0x100083 ttyin getty
88913 480173 0 0 3 0x14200 bored sosplice
55799 1865 83056 0 3 0x10008a pause ksh
83056 483905 37674 0 3 0x92 select sshd
37674 179609 1 0 3 0x80 select sshd
7148 317327 35397 74 3 0x100092 bpf pflogd
35397 297185 1 0 3 0x80 netio pflogd
34062 74303 17262 73 3 0x100090 kqread syslogd
17262 294045 1 0 3 0x100082 netio syslogd
62704 318895 1 77 2 0x100090 dhclient
33948 232931 1 0 3 0x80 poll dhclient
45958 466469 0 0 3 0x14200 bored smr
38300 467132 0 0 2 0x14200 zerothread
20056 401954 0 0 3 0x14200 aiodoned aiodoned
21815 237848 0 0 3 0x14200 syncer update
58836 19363 0 0 3 0x14200 cleaner cleaner
64653 409307 0 0 2 0x14200 reaper
51922 123254 0 0 3 0x14200 pgdaemon pagedaemon
95801 500340 0 0 3 0x14200 bored crynlk
85020 468639 0 0 3 0x14200 bored crypto
39972 418163 0 0 3 0x40014200 acpi0 acpi0
65970 379052 0 0 3 0x40014200 idle1
51621 203596 0 0 3 0x14200 bored softnet
63569 266368 0 0 2 0x14200 systqmp
27546 473990 0 0 3 0x14200 bored systq
11570 443320 0 0 3 0x40014200 bored softclock
78308 47391 0 0 3 0x40014200 idle0
1 413044 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9528 6427K 7193K 78643K 11386 0
pcb 13 8K 8K 78643K 109 0
rtable 100 3K 3K 78643K 301 0
ifaddr 80 15K 16K 78643K 118 0
counters 43 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1492 0
iov 0 0K 36K 78643K 64 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1432 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 9 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 53 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 3 8K 25K 78643K 338 0
sigio 0 0K 0K 78643K 8 0
proc 62 63K 83K 78643K 476 0
subproc 14 0K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 52 0
in_multi 64 3K 3K 78643K 96 0
ether_multi 1 0K 0K 78643K 11 0
mrt 0 0K 0K 78643K 7 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 73 334K 334K 78643K 73 0
exec 0 0K 1K 78643K 227 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 84 69K 71K 78643K 2129 0
UVM aobj 32 6K 6K 78643K 36 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 67 0
NDP 13 0K 0K 78643K 21 0
temp 136 3030K 3094K 78643K 19288 0
kqueue 2 2K 18K 78643K 26 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 3 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 61 0 59 1 0 1 1 0 8 0
rtentry 112 60 0 19 2 0 2 2 0 8 0
unpcb 120 388 0 378 1 0 1 1 0 8 0
syncache 264 8 0 8 3 2 1 1 0 8 1
tcpqe 32 160 0 160 1 1 0 1 0 8 0
tcpcb 544 214 0 211 2 0 2 2 0 8 1
inpcb 280 887 0 881 2 0 2 2 0 8 1
rttmr 72 3 0 3 2 1 1 1 0 8 1
nd6 48 6 0 0 1 0 1 1 0 8 0
pkpcb 40 5 0 5 3 2 1 1 0 8 1
swfcl 56 2 0 0 1 0 1 1 0 8 0
pffrag 232 15 0 15 1 1 0 1 0 482 0
pffrnode 88 15 0 15 1 1 0 1 0 8 0
pffrent 40 421 0 421 1 1 0 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 52 0 7 1 0 1 1 0 8 0
pfstkey 112 52 0 7 2 0 2 2 0 8 0
pfstate 328 52 0 7 4 0 4 4 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 215 0 15 13 0 13 13 0 8 0
art_table 32 216 0 15 2 0 2 2 0 8 0
art_node 16 59 0 18 1 0 1 1 0 8 0
sysvmsgpl 40 11 0 4 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 51 0 41 1 0 1 1 0 8 0
shmpl 112 34 0 4 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1905 0 496 46 0 46 46 0 8 0
ffsino 272 1905 0 496 95 0 95 95 0 8 0
nchpl 144 2589 0 970 61 0 61 61 0 8 0
uvmvnodes 72 2079 0 0 38 0 38 38 0 8 0
vnodes 208 2079 0 0 110 0 110 110 0 8 0
namei 1024 8095 0 8095 1 0 1 1 0 8 1
percpumem 16 36 0 4 1 0 1 1 0 8 0
vcpupl 1984 5 0 0 1 0 1 1 0 8 0
vmpool 560 5 0 0 1 0 1 1 0 8 0
scxspl 192 7516 0 7516 10 7 3 7 0 8 3
plimitpl 152 46 0 38 1 0 1 1 0 8 0
sigapl 424 555 0 525 4 0 4 4 0 8 0
futexpl 56 7913 0 7913 1 0 1 1 0 8 1
knotepl 112 77 0 72 1 0 1 1 0 8 0
kqueuepl 144 90 0 89 1 0 1 1 0 8 0
pipelkpl 48 162 0 154 1 0 1 1 0 8 0
pipepl 120 324 0 313 1 0 1 1 0 8 0
fdescpl 496 539 0 525 3 0 3 3 0 8 0
filepl 152 4851 0 4783 7 1 6 6 0 8 1
lockfpl 104 112 0 111 1 0 1 1 0 8 0
lockfspl 48 33 0 32 1 0 1 1 0 8 0
sessionpl 112 19 0 8 1 0 1 1 0 8 0
pgrppl 48 23 0 12 1 0 1 1 0 8 0
ucredpl 96 810 0 801 1 0 1 1 0 8 0
zombiepl 144 527 0 524 1 0 1 1 0 8 0
processpl 960 555 0 524 5 0 5 5 0 8 0
procpl 624 1349 0 1318 4 0 4 4 0 8 0
sosppl 128 26 0 26 1 0 1 1 0 8 1
sockpl 400 1361 0 1343 6 1 5 5 0 8 3
mcl64k 65536 15 0 0 2 0 2 2 0 8 0
mcl16k 16384 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 9 0 0 2 0 2 2 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 151 0 0 18 0 18 18 0 8 0
mtagpl 80 31 0 0 1 0 1 1 0 8 0
mbufpl 256 736 0 0 46 0 46 46 0 8 0
bufpl 280 4695 0 173 323 0 323 323 0 8 0
anonpl 16 71222 0 68415 90 6 84 87 0 124 16
amapchunkpl 152 3117 0 3053 12 5 7 10 0 158 1
amappl16 192 2868 0 2778 66 17 49 61 0 8 27
amappl15 184 2 0 1 1 0 1 1 0 8 0
amappl14 176 152 0 151 2 1 1 1 0 8 0
amappl13 168 26 0 24 1 0 1 1 0 8 0
amappl12 160 167 0 166 2 1 1 1 0 8 0
amappl11 152 74 0 56 1 0 1 1 0 8 0
amappl10 144 20 0 18 1 0 1 1 0 8 0
amappl9 136 401 0 397 1 0 1 1 0 8 0
amappl8 128 323 0 318 1 0 1 1 0 8 0
amappl7 120 120 0 111 1 0 1 1 0 8 0
amappl6 112 28 0 25 1 0 1 1 0 8 0
amappl5 104 447 0 429 1 0 1 1 0 8 0
amappl4 96 506 0 477 1 0 1 1 0 8 0
amappl3 88 269 0 261 1 0 1 1 0 8 0
amappl2 80 3557 0 3498 3 1 2 3 0 8 0
amappl1 72 21782 0 21362 26 16 10 20 0 8 0
amappl 80 1601 0 1569 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 35 0 4 1 0 1 1 0 8 0
uaddrrnd 24 544 0 525 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 544 0 525 1 0 1 1 0 8 0
vmmpekpl 168 8539 0 8507 2 0 2 2 0 8 0
vmmpepl 168 73429 0 72381 125 21 104 116 0 357 25
vmsppl 368 543 0 524 2 0 2 2 0 8 0
pdppl 4096 1096 0 1053 7 0 7 7 0 8 1
pvpl 32 214059 0 210894 209 7 202 206 0 265 157
pmappl 232 543 0 524 3 1 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 208 0 4 6 0 6 6 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Mar 9, 2020, 4:30:59 AM3/9/20
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages