panic: bad arg kind: goroutine 29 [running]: github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc003007770, 0xc002fb8ff0, 0xc0030febc0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x954 github.com/google/syzkaller/prog.(*Prog).Clone(0xc0005139c0, 0x8f4e57) /syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279 github.com/google/syzkaller/prog.resourceCentric(0xcb61a0, 0xc0037f2780, 0xc002bf5800, 0x8f1801, 0x5, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:848 +0xbf github.com/google/syzkaller/prog.(*ResourceType).generate(0xcb61a0, 0xc002bf5800, 0xc0037f2780, 0x10, 0x8792c0, 0x8f0181, 0xc000042380, 0x10) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x920 github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc002bf5800, 0xc0037f2780, 0x9aeb20, 0xcb61a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:674 +0x506 github.com/google/syzkaller/prog.(*randGen).generateArg(...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:623 github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc002bf5800, 0xc0037f2780, 0xc97ff0, 0x1, 0x1, 0xc003007d58, 0x4510b1af, 0x88e9a72a90891b87, 0xc003007d90, 0x789ede, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:611 +0x107 github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc002bf5800, 0xc0037f2780, 0xcebd40, 0x137, 0xc0037f2780, 0xc000082d80) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:555 +0xc6 github.com/google/syzkaller/prog.(*randGen).generateCall(0xc002bf5800, 0xc0037f2780, 0xc002bea100, 0xe, 0xc002bea100, 0xc002bea740, 0xc0037f2780) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:547 +0xb2 github.com/google/syzkaller/prog.(*mutator).insertCall(0xc003007ec0, 0x14) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:137 +0xf2 github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002bea100, 0x9a2220, 0xc002b1e4b0, 0x1e, 0xc002afc3c0, 0xc002f52000, 0x1e5b, 0x2400) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:42 +0x29b main.(*Proc).loop(0xc002afc440) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c login: OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00) login: uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e kernel: page fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd807f000730, 0x1dfc, 0, 1) -> e in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914 end trace frame: 0xffff800021b7b890, count: 0 ddb{0}> trace in_delmulti(1df0) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000aabe00) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000a1f800) at in_ifdetach+0x74 sys/netinet/in.c:969 if_detach(ffff800000a1f800) at if_detach+0x140 sys/net/if.c:1150 tun_clone_destroy(ffff800000a1f800) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:480 spec_close(ffff800021b7ba70) at spec_close+0x311 sys/kern/spec_vnops.c:555 VOP_CLOSE(fffffd806e3310d8,7,fffffd807f7bf8a0,ffff800020ac7878) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd8066df7998,ffff800020ac7878) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd8066df7998,ffff800020ac7878) at fdrop+0xc2 sys/kern/kern_descrip.c:1276 closef(fffffd8066df7998,ffff800020ac7878) at closef+0x11c sys/kern/kern_descrip.c:1260 fdfree(ffff800020ac7878) at fdfree+0x101 sys/kern/kern_descrip.c:1192 exit1(ffff800020ac7878,0,d,1) at exit1+0x344 sys/kern/kern_exit.c:196 postsig(ffff800020ac7878,d) at postsig+0x4e5 sigexit sys/kern/kern_sig.c:1444 [inline] postsig(ffff800020ac7878,d) at postsig+0x4e5 sys/kern/kern_sig.c:1376 userret(ffff800020ac7878) at userret+0x199 sys/kern/kern_sig.c:1828 syscall(ffff800021b7bef0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff800021b7bef0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc41a0, count: -17 ddb{0}> show registers rdi 0x2 rsi 0 rbp 0xffff800021b7b840 rbx 0 rdx 0xffff800020ac7878 rcx 0 rax 0 r8 0xffffffff81cacd73 rt_ifa_purge+0x153 r9 0x5 r10 0x2f r11 0x9c2712a70733b204 r12 0 r13 0x3 r14 0x1df0 __ALIGN_SIZE+0xdf0 r15 0x1 rip 0xffffffff8134424d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021b7b7e0 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{0}> show proc PROC (syz-executor.1) pid=399659 stat=onproc flags process=a proc=2000 pri=32, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff800020a6c008,0xffff800020ac69e8 process=0xffff800020a81690 user=0xffff800021b76000, vmspace=0xfffffd807f000730 estcpu=36, cpticks=3, pctcpu=0.5 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 95038 91613 1 0 3 0x100083 ttyin getty 88913 480173 0 0 3 0x14200 bored sosplice 55799 1865 83056 0 3 0x10008a pause ksh 83056 483905 37674 0 3 0x92 select sshd 37674 179609 1 0 3 0x80 select sshd 7148 317327 35397 74 3 0x100092 bpf pflogd 35397 297185 1 0 3 0x80 netio pflogd 34062 74303 17262 73 3 0x100090 kqread syslogd 17262 294045 1 0 3 0x100082 netio syslogd 62704 318895 1 77 2 0x100090 dhclient 33948 232931 1 0 3 0x80 poll dhclient 45958 466469 0 0 3 0x14200 bored smr 38300 467132 0 0 2 0x14200 zerothread 20056 401954 0 0 3 0x14200 aiodoned aiodoned 21815 237848 0 0 3 0x14200 syncer update 58836 19363 0 0 3 0x14200 cleaner cleaner 64653 409307 0 0 2 0x14200 reaper 51922 123254 0 0 3 0x14200 pgdaemon pagedaemon 95801 500340 0 0 3 0x14200 bored crynlk 85020 468639 0 0 3 0x14200 bored crypto 39972 418163 0 0 3 0x40014200 acpi0 acpi0 65970 379052 0 0 3 0x40014200 idle1 51621 203596 0 0 3 0x14200 bored softnet 63569 266368 0 0 2 0x14200 systqmp 27546 473990 0 0 3 0x14200 bored systq 11570 443320 0 0 3 0x40014200 bored softclock 78308 47391 0 0 3 0x40014200 idle0 1 413044 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9528 6427K 7193K 78643K 11386 0 pcb 13 8K 8K 78643K 109 0 rtable 100 3K 3K 78643K 301 0 ifaddr 80 15K 16K 78643K 118 0 counters 43 33K 34K 78643K 51 0 ioctlops 0 0K 4K 78643K 1492 0 iov 0 0K 36K 78643K 64 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1432 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 9 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 53 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 3 8K 25K 78643K 338 0 sigio 0 0K 0K 78643K 8 0 proc 62 63K 83K 78643K 476 0 subproc 14 0K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 52 0 in_multi 64 3K 3K 78643K 96 0 ether_multi 1 0K 0K 78643K 11 0 mrt 0 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 1K 78643K 227 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 84 69K 71K 78643K 2129 0 UVM aobj 32 6K 6K 78643K 36 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 67 0 NDP 13 0K 0K 78643K 21 0 temp 136 3030K 3094K 78643K 19288 0 kqueue 2 2K 18K 78643K 26 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 3 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 61 0 59 1 0 1 1 0 8 0 rtentry 112 60 0 19 2 0 2 2 0 8 0 unpcb 120 388 0 378 1 0 1 1 0 8 0 syncache 264 8 0 8 3 2 1 1 0 8 1 tcpqe 32 160 0 160 1 1 0 1 0 8 0 tcpcb 544 214 0 211 2 0 2 2 0 8 1 inpcb 280 887 0 881 2 0 2 2 0 8 1 rttmr 72 3 0 3 2 1 1 1 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 pkpcb 40 5 0 5 3 2 1 1 0 8 1 swfcl 56 2 0 0 1 0 1 1 0 8 0 pffrag 232 15 0 15 1 1 0 1 0 482 0 pffrnode 88 15 0 15 1 1 0 1 0 8 0 pffrent 40 421 0 421 1 1 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 52 0 7 1 0 1 1 0 8 0 pfstkey 112 52 0 7 2 0 2 2 0 8 0 pfstate 328 52 0 7 4 0 4 4 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 215 0 15 13 0 13 13 0 8 0 art_table 32 216 0 15 2 0 2 2 0 8 0 art_node 16 59 0 18 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 4 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 51 0 41 1 0 1 1 0 8 0 shmpl 112 34 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1905 0 496 46 0 46 46 0 8 0 ffsino 272 1905 0 496 95 0 95 95 0 8 0 nchpl 144 2589 0 970 61 0 61 61 0 8 0 uvmvnodes 72 2079 0 0 38 0 38 38 0 8 0 vnodes 208 2079 0 0 110 0 110 110 0 8 0 namei 1024 8095 0 8095 1 0 1 1 0 8 1 percpumem 16 36 0 4 1 0 1 1 0 8 0 vcpupl 1984 5 0 0 1 0 1 1 0 8 0 vmpool 560 5 0 0 1 0 1 1 0 8 0 scxspl 192 7516 0 7516 10 7 3 7 0 8 3 plimitpl 152 46 0 38 1 0 1 1 0 8 0 sigapl 424 555 0 525 4 0 4 4 0 8 0 futexpl 56 7913 0 7913 1 0 1 1 0 8 1 knotepl 112 77 0 72 1 0 1 1 0 8 0 kqueuepl 144 90 0 89 1 0 1 1 0 8 0 pipelkpl 48 162 0 154 1 0 1 1 0 8 0 pipepl 120 324 0 313 1 0 1 1 0 8 0 fdescpl 496 539 0 525 3 0 3 3 0 8 0 filepl 152 4851 0 4783 7 1 6 6 0 8 1 lockfpl 104 112 0 111 1 0 1 1 0 8 0 lockfspl 48 33 0 32 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 23 0 12 1 0 1 1 0 8 0 ucredpl 96 810 0 801 1 0 1 1 0 8 0 zombiepl 144 527 0 524 1 0 1 1 0 8 0 processpl 960 555 0 524 5 0 5 5 0 8 0 procpl 624 1349 0 1318 4 0 4 4 0 8 0 sosppl 128 26 0 26 1 0 1 1 0 8 1 sockpl 400 1361 0 1343 6 1 5 5 0 8 3 mcl64k 65536 15 0 0 2 0 2 2 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 5 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 9 0 0 2 0 2 2 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 151 0 0 18 0 18 18 0 8 0 mtagpl 80 31 0 0 1 0 1 1 0 8 0 mbufpl 256 736 0 0 46 0 46 46 0 8 0 bufpl 280 4695 0 173 323 0 323 323 0 8 0 anonpl 16 71222 0 68415 90 6 84 87 0 124 16 amapchunkpl 152 3117 0 3053 12 5 7 10 0 158 1 amappl16 192 2868 0 2778 66 17 49 61 0 8 27 amappl15 184 2 0 1 1 0 1 1 0 8 0 amappl14 176 152 0 151 2 1 1 1 0 8 0 amappl13 168 26 0 24 1 0 1 1 0 8 0 amappl12 160 167 0 166 2 1 1 1 0 8 0 amappl11 152 74 0 56 1 0 1 1 0 8 0 amappl10 144 20 0 18 1 0 1 1 0 8 0 amappl9 136 401 0 397 1 0 1 1 0 8 0 amappl8 128 323 0 318 1 0 1 1 0 8 0 amappl7 120 120 0 111 1 0 1 1 0 8 0 amappl6 112 28 0 25 1 0 1 1 0 8 0 amappl5 104 447 0 429 1 0 1 1 0 8 0 amappl4 96 506 0 477 1 0 1 1 0 8 0 amappl3 88 269 0 261 1 0 1 1 0 8 0 amappl2 80 3557 0 3498 3 1 2 3 0 8 0 amappl1 72 21782 0 21362 26 16 10 20 0 8 0 amappl 80 1601 0 1569 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 35 0 4 1 0 1 1 0 8 0 uaddrrnd 24 544 0 525 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 544 0 525 1 0 1 1 0 8 0 vmmpekpl 168 8539 0 8507 2 0 2 2 0 8 0 vmmpepl 168 73429 0 72381 125 21 104 116 0 357 25 vmsppl 368 543 0 524 2 0 2 2 0 8 0 pdppl 4096 1096 0 1053 7 0 7 7 0 8 1 pvpl 32 214059 0 210894 209 7 202 206 0 265 157 pmappl 232 543 0 524 3 1 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 208 0 4 6 0 6 6 0 8 0