syzbot


panic: bad arg kind: <nil> (7)

Status: closed as invalid on 2020/03/09 08:30
Reported-by: syzbot+5f7ba2422fd2e0dcfcbf@syzkaller.appspotmail.com
First crash: 1480d, last: 1480d
Similar bugs (12)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd panic: bad arg kind: <nil> (9) 1 1464d 1464d 0/3 closed as invalid on 2020/03/25 07:28
openbsd panic: bad arg kind: <nil> (5) 1 1499d 1499d 0/3 closed as invalid on 2020/02/19 07:30
openbsd panic: bad arg kind: <nil> (11) 1 1440d 1440d 0/3 closed as invalid on 2020/04/18 07:57
openbsd panic: bad arg kind: <nil> 1 1555d 1555d 0/3 closed as invalid on 2019/12/25 09:50
openbsd panic: bad arg kind: <nil> (10) 1 1461d 1461d 0/3 closed as invalid on 2020/03/28 07:25
openbsd panic: bad arg kind: <nil> (6) 1 1486d 1486d 0/3 closed as invalid on 2020/03/04 07:53
openbsd panic: bad arg kind: <nil> (3) 1 1540d 1540d 0/3 closed as invalid on 2020/01/09 08:12
openbsd panic: bad arg kind: <nil> (12) 24 1333d 1423d 0/3 closed as dup on 2020/05/04 21:03
openbsd panic: bad arg kind: <nil> (13) 1 14d 14d 0/3 upstream: reported on 2024/03/14 00:27
openbsd panic: bad arg kind: <nil> (4) 1 1510d 1510d 0/3 closed as invalid on 2020/02/09 09:06
openbsd panic: bad arg kind: <nil> (2) 1 1552d 1552d 0/3 closed as invalid on 2019/12/29 09:40
openbsd panic: bad arg kind: <nil> (8) 1 1476d 1476d 0/3 closed as invalid on 2020/03/13 09:30

Sample crash report:
panic: bad arg kind: <nil>

goroutine 29 [running]:
github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc003007770, 0xc002fb8ff0, 0xc0030febc0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x954
github.com/google/syzkaller/prog.(*Prog).Clone(0xc0005139c0, 0x8f4e57)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279
github.com/google/syzkaller/prog.resourceCentric(0xcb61a0, 0xc0037f2780, 0xc002bf5800, 0x8f1801, 0x5, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:848 +0xbf
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcb61a0, 0xc002bf5800, 0xc0037f2780, 0x10, 0x8792c0, 0x8f0181, 0xc000042380, 0x10)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x920
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc002bf5800, 0xc0037f2780, 0x9aeb20, 0xcb61a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:674 +0x506
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:623
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc002bf5800, 0xc0037f2780, 0xc97ff0, 0x1, 0x1, 0xc003007d58, 0x4510b1af, 0x88e9a72a90891b87, 0xc003007d90, 0x789ede, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:611 +0x107
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc002bf5800, 0xc0037f2780, 0xcebd40, 0x137, 0xc0037f2780, 0xc000082d80)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:555 +0xc6
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc002bf5800, 0xc0037f2780, 0xc002bea100, 0xe, 0xc002bea100, 0xc002bea740, 0xc0037f2780)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:547 +0xb2
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc003007ec0, 0x14)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:137 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002bea100, 0x9a2220, 0xc002b1e4b0, 0x1e, 0xc002afc3c0, 0xc002f52000, 0x1e5b, 0x2400)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:42 +0x29b
main.(*Proc).loop(0xc002afc440)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
login: 

OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00)

login: uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      in_delmulti+0x8d:       movl    0xc(%r14),%r15d
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e
in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914
end trace frame: 0xffff800021b7b890, count: 0
ddb{0}> trace
in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000aabe00) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff800000a1f800) at in_ifdetach+0x74 sys/netinet/in.c:969
if_detach(ffff800000a1f800) at if_detach+0x140 sys/net/if.c:1150
tun_clone_destroy(ffff800000a1f800) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329
tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:480
spec_close(ffff800021b7ba70) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd806e3310d8,7,fffffd807f7bf8a0,ffff800020ac7878) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614
fdrop(fffffd8066df7998,ffff800020ac7878) at fdrop+0xc2 sys/kern/kern_descrip.c:1276
closef(fffffd8066df7998,ffff800020ac7878) at closef+0x11c sys/kern/kern_descrip.c:1260
fdfree(ffff800020ac7878) at fdfree+0x101 sys/kern/kern_descrip.c:1192
exit1(ffff800020ac7878,0,d,1) at exit1+0x344 sys/kern/kern_exit.c:196
postsig(ffff800020ac7878,d) at postsig+0x4e5 sigexit sys/kern/kern_sig.c:1444 [inline]
postsig(ffff800020ac7878,d) at postsig+0x4e5 sys/kern/kern_sig.c:1376
userret(ffff800020ac7878) at userret+0x199 sys/kern/kern_sig.c:1828
syscall(ffff800021b7bef0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff800021b7bef0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc41a0, count: -17
ddb{0}> show registers
rdi                              0x2
rsi                                0
rbp               0xffff800021b7b840
rbx                                0
rdx               0xffff800020ac7878
rcx                                0
rax                                0
r8                0xffffffff81cacd73    rt_ifa_purge+0x153
r9                               0x5
r10                             0x2f
r11               0x9c2712a70733b204
r12                                0
r13                              0x3
r14                           0x1df0    __ALIGN_SIZE+0xdf0
r15                              0x1
rip               0xffffffff8134424d    in_delmulti+0x8d
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff800021b7b7e0
ss                              0x10
in_delmulti+0x8d:       movl    0xc(%r14),%r15d
ddb{0}> show proc
PROC (syz-executor.1) pid=399659 stat=onproc
    flags process=a<EXEC,EXITING> proc=2000<WEXIT>
    pri=32, usrpri=79, nice=20
    forw=0xffffffffffffffff, list=0xffff800020a6c008,0xffff800020ac69e8
    process=0xffff800020a81690 user=0xffff800021b76000, vmspace=0xfffffd807f000730
    estcpu=36, cpticks=3, pctcpu=0.5
    user=0, sys=1, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 95038   91613      1      0  3    0x100083  ttyin         getty
 88913  480173      0      0  3     0x14200  bored         sosplice
 55799    1865  83056      0  3    0x10008a  pause         ksh
 83056  483905  37674      0  3        0x92  select        sshd
 37674  179609      1      0  3        0x80  select        sshd
  7148  317327  35397     74  3    0x100092  bpf           pflogd
 35397  297185      1      0  3        0x80  netio         pflogd
 34062   74303  17262     73  3    0x100090  kqread        syslogd
 17262  294045      1      0  3    0x100082  netio         syslogd
 62704  318895      1     77  2    0x100090                dhclient
 33948  232931      1      0  3        0x80  poll          dhclient
 45958  466469      0      0  3     0x14200  bored         smr
 38300  467132      0      0  2     0x14200                zerothread
 20056  401954      0      0  3     0x14200  aiodoned      aiodoned
 21815  237848      0      0  3     0x14200  syncer        update
 58836   19363      0      0  3     0x14200  cleaner       cleaner
 64653  409307      0      0  2     0x14200                reaper
 51922  123254      0      0  3     0x14200  pgdaemon      pagedaemon
 95801  500340      0      0  3     0x14200  bored         crynlk
 85020  468639      0      0  3     0x14200  bored         crypto
 39972  418163      0      0  3  0x40014200  acpi0         acpi0
 65970  379052      0      0  3  0x40014200                idle1
 51621  203596      0      0  3     0x14200  bored         softnet
 63569  266368      0      0  2     0x14200                systqmp
 27546  473990      0      0  3     0x14200  bored         systq
 11570  443320      0      0  3  0x40014200  bored         softclock
 78308   47391      0      0  3  0x40014200                idle0
     1  413044      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf  9528   6427K    7193K  78643K     11386        0
            pcb    13      8K       8K  78643K       109        0
         rtable   100      3K       3K  78643K       301        0
         ifaddr    80     15K      16K  78643K       118        0
       counters    43     33K      34K  78643K        51        0
       ioctlops     0      0K       4K  78643K      1492        0
            iov     0      0K      36K  78643K        64        0
          mount     1      1K       1K  78643K         1        0
         vnodes  1218     77K      77K  78643K      1432        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       5K  78643K         9        0
         VM map     2      1K       1K  78643K         2        0
            sem    12      1K       1K  78643K        53        0
        dirhash    12      2K       2K  78643K        12        0
           ACPI  1809    196K     290K  78643K     12766        0
      file desc     3      8K      25K  78643K       338        0
          sigio     0      0K       0K  78643K         8        0
           proc    62     63K      83K  78643K       476        0
        subproc    14      0K       2K  78643K        34        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K        52        0
       in_multi    64      3K       3K  78643K        96        0
    ether_multi     1      0K       0K  78643K        11        0
            mrt     0      0K       0K  78643K         7        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys    73    334K     334K  78643K        73        0
           exec     0      0K       1K  78643K       227        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     7     26K      26K  78643K         7        0
       UVM amap    84     69K      71K  78643K      2129        0
       UVM aobj    32      6K       6K  78643K        36        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       0K  78643K        67        0
            NDP    13      0K       0K  78643K        21        0
           temp   136   3030K    3094K  78643K     19288        0
         kqueue     2      2K      18K  78643K        26        0
      SYN cache     2     16K      16K  78643K         2        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64        8    0        3     1     0     1     1     0     8    0
plcache    128       20    0        0     1     0     1     1     0     8    0
rtpcb       80       61    0       59     1     0     1     1     0     8    0
rtentry    112       60    0       19     2     0     2     2     0     8    0
unpcb      120      388    0      378     1     0     1     1     0     8    0
syncache   264        8    0        8     3     2     1     1     0     8    1
tcpqe       32      160    0      160     1     1     0     1     0     8    0
tcpcb      544      214    0      211     2     0     2     2     0     8    1
inpcb      280      887    0      881     2     0     2     2     0     8    1
rttmr       72        3    0        3     2     1     1     1     0     8    1
nd6         48        6    0        0     1     0     1     1     0     8    0
pkpcb       40        5    0        5     3     2     1     1     0     8    1
swfcl       56        2    0        0     1     0     1     1     0     8    0
pffrag     232       15    0       15     1     1     0     1     0   482    0
pffrnode    88       15    0       15     1     1     0     1     0     8    0
pffrent     40      421    0      421     1     1     0     1     0     8    0
pfosfp      40      846    0      423     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24       52    0        7     1     0     1     1     0     8    0
pfstkey    112       52    0        7     2     0     2     2     0     8    0
pfstate    328       52    0        7     4     0     4     4     0     8    0
pfrule     1360      21    0       16     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      215    0       15    13     0    13    13     0     8    0
art_table   32      216    0       15     2     0     2     2     0     8    0
art_node    16       59    0       18     1     0     1     1     0     8    0
sysvmsgpl   40       11    0        4     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112       51    0       41     1     0     1     1     0     8    0
shmpl      112       34    0        4     1     0     1     1     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino1pl    128     1905    0      496    46     0    46    46     0     8    0
ffsino     272     1905    0      496    95     0    95    95     0     8    0
nchpl      144     2589    0      970    61     0    61    61     0     8    0
uvmvnodes   72     2079    0        0    38     0    38    38     0     8    0
vnodes     208     2079    0        0   110     0   110   110     0     8    0
namei      1024    8095    0     8095     1     0     1     1     0     8    1
percpumem   16       36    0        4     1     0     1     1     0     8    0
vcpupl     1984       5    0        0     1     0     1     1     0     8    0
vmpool     560        5    0        0     1     0     1     1     0     8    0
scxspl     192     7516    0     7516    10     7     3     7     0     8    3
plimitpl   152       46    0       38     1     0     1     1     0     8    0
sigapl     424      555    0      525     4     0     4     4     0     8    0
futexpl     56     7913    0     7913     1     0     1     1     0     8    1
knotepl    112       77    0       72     1     0     1     1     0     8    0
kqueuepl   144       90    0       89     1     0     1     1     0     8    0
pipelkpl    48      162    0      154     1     0     1     1     0     8    0
pipepl     120      324    0      313     1     0     1     1     0     8    0
fdescpl    496      539    0      525     3     0     3     3     0     8    0
filepl     152     4851    0     4783     7     1     6     6     0     8    1
lockfpl    104      112    0      111     1     0     1     1     0     8    0
lockfspl    48       33    0       32     1     0     1     1     0     8    0
sessionpl  112       19    0        8     1     0     1     1     0     8    0
pgrppl      48       23    0       12     1     0     1     1     0     8    0
ucredpl     96      810    0      801     1     0     1     1     0     8    0
zombiepl   144      527    0      524     1     0     1     1     0     8    0
processpl  960      555    0      524     5     0     5     5     0     8    0
procpl     624     1349    0     1318     4     0     4     4     0     8    0
sosppl     128       26    0       26     1     0     1     1     0     8    1
sockpl     400     1361    0     1343     6     1     5     5     0     8    3
mcl64k     65536     15    0        0     2     0     2     2     0     8    0
mcl16k     16384      4    0        0     1     0     1     1     0     8    0
mcl12k     12288      5    0        0     1     0     1     1     0     8    0
mcl9k      9216       2    0        0     1     0     1     1     0     8    0
mcl8k      8192       6    0        0     1     0     1     1     0     8    0
mcl4k      4096       9    0        0     2     0     2     2     0     8    0
mcl2k2     2112       2    0        0     1     0     1     1     0     8    0
mcl2k      2048     151    0        0    18     0    18    18     0     8    0
mtagpl      80       31    0        0     1     0     1     1     0     8    0
mbufpl     256      736    0        0    46     0    46    46     0     8    0
bufpl      280     4695    0      173   323     0   323   323     0     8    0
anonpl      16    71222    0    68415    90     6    84    87     0   124   16
amapchunkpl 152    3117    0     3053    12     5     7    10     0   158    1
amappl16   192     2868    0     2778    66    17    49    61     0     8   27
amappl15   184        2    0        1     1     0     1     1     0     8    0
amappl14   176      152    0      151     2     1     1     1     0     8    0
amappl13   168       26    0       24     1     0     1     1     0     8    0
amappl12   160      167    0      166     2     1     1     1     0     8    0
amappl11   152       74    0       56     1     0     1     1     0     8    0
amappl10   144       20    0       18     1     0     1     1     0     8    0
amappl9    136      401    0      397     1     0     1     1     0     8    0
amappl8    128      323    0      318     1     0     1     1     0     8    0
amappl7    120      120    0      111     1     0     1     1     0     8    0
amappl6    112       28    0       25     1     0     1     1     0     8    0
amappl5    104      447    0      429     1     0     1     1     0     8    0
amappl4     96      506    0      477     1     0     1     1     0     8    0
amappl3     88      269    0      261     1     0     1     1     0     8    0
amappl2     80     3557    0     3498     3     1     2     3     0     8    0
amappl1     72    21782    0    21362    26    16    10    20     0     8    0
amappl      80     1601    0     1569     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      64       35    0        4     1     0     1     1     0     8    0
uaddrrnd    24      544    0      525     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      544    0      525     1     0     1     1     0     8    0
vmmpekpl   168     8539    0     8507     2     0     2     2     0     8    0
vmmpepl    168    73429    0    72381   125    21   104   116     0   357   25
vmsppl     368      543    0      524     2     0     2     2     0     8    0
pdppl      4096    1096    0     1053     7     0     7     7     0     8    1
pvpl        32   214059    0   210894   209     7   202   206     0   265  157
pmappl     232      543    0      524     3     1     2     2     0     8    0
extentpl    40       46    0       29     1     0     1     1     0     8    0
phpool     112      208    0        4     6     0     6     6     0     8    0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/08 22:48 openbsd 6b2c09b17e9a 2e9971bb .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.