[v6.1] panic: replaceArg: group fields don't match: NUM/NUM
0 views
Skip to first unread message
syzbot
Mar 8, 2024, 12:59:36 PMMar 8
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 61adba85cc40 Linux 6.1.81
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12dda8da180000
kernel config: https://syzkaller.appspot.com/x/.config?x=8da5a35c67a34fd5
dashboard link: https://syzkaller.appspot.com/bug?extid=1869c0272d9fc7ddf891
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/61c8045dd77d/disk-61adba85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1620a2c15322/vmlinux-61adba85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/68d3cf583201/Image-61adba85.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1869c0...@syzkaller.appspotmail.com
panic: replaceArg: group fields don't match: 1/0
goroutine 14 [running]:
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21080?}, {0x9fabc8?, 0x4017878420?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:377 +0x3fc
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21320?}, {0x9fabc8?, 0x4017878400?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21340?}, {0x9fabc8?, 0x40178783e0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21360?}, {0x9fabc8?, 0x40178783c0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21380?}, {0x9fabc8?, 0x40178783a0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b213a0?}, {0x9fabc8?, 0x4017878380?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b213c0?}, {0x9fabc8?, 0x4017878360?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b213e0?}, {0x9fabc8?, 0x4017878340?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.(*StructType).mutate(0x1251ae0, 0x4016b20f00, 0x401762ed20, {0x9fabc8, 0x4016b21400?}, {0x401762eb48, {0x1914440, 0x4, 0x4}, 0x40176635f0, ...})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:490 +0x170
github.com/google/syzkaller/prog.(*Target).mutateArg(0x400a39a100?, 0x4017663170?, 0x4?, {0x9fabc8, 0x4016b21400}, {0x401762eb48, {0x1914440, 0x4, 0x4}, 0x40176635f0, ...}, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:245 +0xc0
github.com/google/syzkaller/prog.(*mutator).mutateArg(0x4001cdfd48)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:196 +0x1f4
github.com/google/syzkaller/prog.(*Prog).Mutate(0x40189a3800, {0x9f6e48?, 0x4018c165d0}, 0x1e, 0x4017c8e000, 0x40003e2e70, {0x4015b82000, 0xde2f, 0x11000})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:51 +0x224
main.(*Proc).smashInput(0x4017c8e0c0, 0x4011c81050)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:221 +0x10c
main.(*Proc).loop(0x4017c8e0c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf4
created by main.main in goroutine 1
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:336 +0x1288
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 61adba85cc40 Linux 6.1.81
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12dda8da180000
kernel config: https://syzkaller.appspot.com/x/.config?x=8da5a35c67a34fd5
dashboard link: https://syzkaller.appspot.com/bug?extid=1869c0272d9fc7ddf891
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/61c8045dd77d/disk-61adba85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1620a2c15322/vmlinux-61adba85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/68d3cf583201/Image-61adba85.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1869c0...@syzkaller.appspotmail.com
panic: replaceArg: group fields don't match: 1/0
goroutine 14 [running]:
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21080?}, {0x9fabc8?, 0x4017878420?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:377 +0x3fc
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21320?}, {0x9fabc8?, 0x4017878400?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21340?}, {0x9fabc8?, 0x40178783e0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21360?}, {0x9fabc8?, 0x40178783c0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b21380?}, {0x9fabc8?, 0x40178783a0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b213a0?}, {0x9fabc8?, 0x4017878380?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b213c0?}, {0x9fabc8?, 0x4017878360?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.replaceArg({0x9fabc8?, 0x4016b213e0?}, {0x9fabc8?, 0x4017878340?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x328
github.com/google/syzkaller/prog.(*StructType).mutate(0x1251ae0, 0x4016b20f00, 0x401762ed20, {0x9fabc8, 0x4016b21400?}, {0x401762eb48, {0x1914440, 0x4, 0x4}, 0x40176635f0, ...})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:490 +0x170
github.com/google/syzkaller/prog.(*Target).mutateArg(0x400a39a100?, 0x4017663170?, 0x4?, {0x9fabc8, 0x4016b21400}, {0x401762eb48, {0x1914440, 0x4, 0x4}, 0x40176635f0, ...}, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:245 +0xc0
github.com/google/syzkaller/prog.(*mutator).mutateArg(0x4001cdfd48)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:196 +0x1f4
github.com/google/syzkaller/prog.(*Prog).Mutate(0x40189a3800, {0x9f6e48?, 0x4018c165d0}, 0x1e, 0x4017c8e000, 0x40003e2e70, {0x4015b82000, 0xde2f, 0x11000})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:51 +0x224
main.(*Proc).smashInput(0x4017c8e0c0, 0x4011c81050)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:221 +0x10c
main.(*Proc).loop(0x4017c8e0c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf4
created by main.main in goroutine 1
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:336 +0x1288
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Mar 8, 2024, 7:25:31 PMMar 8
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 574362648507 Linux 5.15.151
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16d5861e180000
kernel config: https://syzkaller.appspot.com/x/.config?x=6c9a42d9e3519ca9
dashboard link: https://syzkaller.appspot.com/bug?extid=f9e5d8c213f34549b280
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f00d4062000b/disk-57436264.raw.xz
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/3a74c2b6ca62/vmlinux-57436264.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93bd706dc219/bzImage-57436264.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
6cd67e17e7e0706aefb9e937085773ddf266cd2764550ac03667769ba998f911533798cd00ba670828c38608b35d9045237d1f3918fc51d047638"}}, {0x70, &(0x7f00000014c0)=@string={0x70, 0x3, "ba03bff38435ced35718c863ff098a119aba67c6c3dcb5db1d842b401e1b895159131d2f1e525d573e9e29f09b3d774fbd4f04ba65d8e4601dec1df96ea4e2c11b53d659f7027b9b2d3cf575e5b9ea4ec6d8f5897d3fdbfb8fb31fc2d161c8604caaecd2543a50e2fc06c2ad0fa0"}}]})
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
panic: replaceArg: group fields don't match: 1/0
goroutine 35 [running]:
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd00?}, {0xe56770?, 0xc01970aa60?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:377 +0x425
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd20?}, {0xe56770?, 0xc01970a9e0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd40?}, {0xe56770?, 0xc01970a960?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd60?}, {0xe56770?, 0xc01970a940?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd80?}, {0xe56770?, 0xc01970a920?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bda0?}, {0xe56770?, 0xc01970a900?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bdc0?}, {0xe56770?, 0xc01970a8e0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bde0?}, {0xe56770?, 0xc01970a8c0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7be00?}, {0xe56770?, 0xc01970a8a0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.(*StructType).mutate(0x16d4620, 0xc012d7b3e0, 0xc0132c0b90, {0xe56770, 0xc012d7be20?}, {0xc0132c09b8, {0x1db7580, 0x4, 0x4}, 0xc01366e7e0, ...})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:490 +0x185
github.com/google/syzkaller/prog.(*Target).mutateArg(0x0?, 0xc01ba8eb80?, 0xc002e35ce0?, {0xe56770, 0xc012d7be20}, {0xc0132c09b8, {0x1db7580, 0x4, 0x4}, 0xc01366e7e0, ...}, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:245 +0xe2
github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc002e35d60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:196 +0x245
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc022ad8600, {0xe52aa8?, 0xc0236d1a10}, 0x1e, 0xc0232e40c0, 0xc0003e2fc0, {0xc022180000, 0xecc7, 0x11000})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:51 +0x2ba
main.(*Proc).smashInput(0xc0232e42c0, 0xc015cc1d00)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:221 +0x165
main.(*Proc).loop(0xc0232e42c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2
created by main.main in goroutine 1
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:336 +0x1665
Reply all
Reply to author
Forward
0 new messages