Hello,
syzbot found the following issue on:
HEAD commit: 17529385 Linux 4.14.213
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=16d2614f500000
kernel config:
https://syzkaller.appspot.com/x/.config?x=f94010bb59bd4675
dashboard link:
https://syzkaller.appspot.com/bug?extid=ff330024a88df473d60b
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+ff3300...@syzkaller.appspotmail.com
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$gfs2(&(0x7f0000000140)='gfs2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
panic: broken type ref
goroutine 36 [running]:
github.com/google/syzkaller/prog.ArgCommon.Type(...)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/prog.go:39
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd530a0, 0xc013b528c0, 0xa9a7f8)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/analysis.go:135 +0x878
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd53080, 0xc013b528c0, 0xa9a7f8)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/analysis.go:141 +0x2a9
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd53060, 0xc013b528c0, 0xa9a7f8)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/analysis.go:141 +0x2a9
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c060, 0xc02dd60930, 0xc013b528c0, 0xa9a7f8)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/analysis.go:156 +0x656
github.com/google/syzkaller/prog.ForeachSubArg(...)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/analysis.go:111
github.com/google/syzkaller/prog.removeArg(0xb7c060, 0xc02dd60930)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/prog.go:369 +0x5b
github.com/google/syzkaller/prog.(*Prog).removeCall(0xc02a30bd40, 0x8)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/prog.go:392 +0x86
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc02b249e18, 0x14)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/mutation.go:144 +0x13d
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc02a30bd40, 0xb76020, 0xc01a06e120, 0x14, 0xc01a07c000, 0xc0155c6000, 0x99ba, 0xc000)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).smashInput(0xc01a538800, 0xc0179ed630)
/syzkaller/gopath/src/
github.com/google/syzkaller/syz-fuzzer/proc.go:213 +0x131
main.(*Proc).loop(0xc01a538800)
/syzkaller/gopath/src/
github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x1d7
created by main.main
/syzkaller/gopath/src/
github.com/google/syzkaller/syz-fuzzer/fuzzer.go:275 +0x1246
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.