panic: broken type ref
0 views
Skip to first unread message
syzbot
May 8, 2020, 1:00:16 PM5/8/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 7bb4371d Do not wait indefinitely for flushing when closin..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=138c2642100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=ff5af360e40a4353c405
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ff5af3...@syzkaller.appspotmail.com
panic: broken type ref
goroutine 25 [running]:
github.com/google/syzkaller/prog.ArgCommon.Type(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:39
github.com/google/syzkaller/prog.foreachArgImpl(0x9b07e0, 0xc0022ef560, 0xc002a8d388, 0xcbcac0, 0x3, 0x3, 0xc002a88ea0, 0x0, 0x0, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:133 +0x8f5
github.com/google/syzkaller/prog.foreachArgImpl(0x9b08a0, 0xc0022ef540, 0xc002a8d388, 0xcbcac0, 0x3, 0x3, 0xc002a88ea0, 0x0, 0x0, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:157 +0x6f2
github.com/google/syzkaller/prog.foreachArgImpl(0x9b0820, 0xc002a88ea0, 0xc002a8d388, 0xcbcac0, 0x3, 0x3, 0x0, 0x0, 0x0, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:154 +0x646
github.com/google/syzkaller/prog.ForeachArg(0xc002a8d380, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0x112
github.com/google/syzkaller/prog.getCompatibleResources(0xc002a8d200, 0x8fe58d, 0xb, 0xc0025bba40, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:898 +0xb9
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc0025bba40, 0xc001b4cfa0, 0xca88e0, 0x0, 0x0, 0x0, 0xc001c6b980, 0xc0023f34f0, 0x792919)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:846 +0xfe
github.com/google/syzkaller/prog.(*ResourceType).generate(0xca88e0, 0xc0025bba40, 0xc001b4cfa0, 0x0, 0x9b0760, 0xc001c6b980, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x27c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0025bba40, 0xc001b4cfa0, 0x9b6a20, 0xca88e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0025bba40, 0xc001b4cfa0, 0xd36f80, 0xc, 0xc, 0xaaaaaaaaaaaaaa00, 0x38, 0x8, 0x0, 0xc0023f37a8, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcb1fa0, 0xc0025bba40, 0xc001b4cfa0, 0x0, 0xd6efe0, 0x839940, 0xc00000d1e0, 0x20, 0x20)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0025bba40, 0xc001b4cfa0, 0x9b6ae0, 0xcb1fa0, 0x760000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0025bba40, 0xc001b4cfa0, 0xcb2120, 0x2, 0x2, 0x78b200, 0xc0025bb860, 0x30, 0xcaf7a0, 0x2, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcb20e0, 0xc0025bba40, 0xc001b4cfa0, 0x0, 0xd6efe0, 0x78b7c1, 0xc0025bb820, 0x32, 0x2)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0025bba40, 0xc001b4cfa0, 0x9b6ae0, 0xcb20e0, 0xd60000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*UnionType).mutate(0xcab5e0, 0xc0025bba40, 0xc001b4cfa0, 0x9b08a0, 0xc0025bb9a0, 0xc0025bb948, 0xcb1260, 0x2, 0x2, 0xc001cd0120, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:474 +0x178
github.com/google/syzkaller/prog.(*Target).mutateArg(0xc0000e0000, 0xc0025bba40, 0xc001b4cfa0, 0x9b08a0, 0xc0025bb9a0, 0xc0025bb948, 0xcb1260, 0x2, 0x2, 0xc001cd0120, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:246 +0xe3
github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc0016a1ec0, 0xa)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:183 +0x322
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001ced100, 0x9a9ba0, 0xc001dc6720, 0x14, 0xc001d80c40, 0xc002298000, 0x207f, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:47 +0x32c
main.(*Proc).loop(0xc001d80c80)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 7bb4371d Do not wait indefinitely for flushing when closin..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=138c2642100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=ff5af360e40a4353c405
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ff5af3...@syzkaller.appspotmail.com
panic: broken type ref
goroutine 25 [running]:
github.com/google/syzkaller/prog.ArgCommon.Type(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:39
github.com/google/syzkaller/prog.foreachArgImpl(0x9b07e0, 0xc0022ef560, 0xc002a8d388, 0xcbcac0, 0x3, 0x3, 0xc002a88ea0, 0x0, 0x0, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:133 +0x8f5
github.com/google/syzkaller/prog.foreachArgImpl(0x9b08a0, 0xc0022ef540, 0xc002a8d388, 0xcbcac0, 0x3, 0x3, 0xc002a88ea0, 0x0, 0x0, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:157 +0x6f2
github.com/google/syzkaller/prog.foreachArgImpl(0x9b0820, 0xc002a88ea0, 0xc002a8d388, 0xcbcac0, 0x3, 0x3, 0x0, 0x0, 0x0, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:154 +0x646
github.com/google/syzkaller/prog.ForeachArg(0xc002a8d380, 0xc0016a12e8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0x112
github.com/google/syzkaller/prog.getCompatibleResources(0xc002a8d200, 0x8fe58d, 0xb, 0xc0025bba40, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:898 +0xb9
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc0025bba40, 0xc001b4cfa0, 0xca88e0, 0x0, 0x0, 0x0, 0xc001c6b980, 0xc0023f34f0, 0x792919)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:846 +0xfe
github.com/google/syzkaller/prog.(*ResourceType).generate(0xca88e0, 0xc0025bba40, 0xc001b4cfa0, 0x0, 0x9b0760, 0xc001c6b980, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x27c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0025bba40, 0xc001b4cfa0, 0x9b6a20, 0xca88e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0025bba40, 0xc001b4cfa0, 0xd36f80, 0xc, 0xc, 0xaaaaaaaaaaaaaa00, 0x38, 0x8, 0x0, 0xc0023f37a8, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcb1fa0, 0xc0025bba40, 0xc001b4cfa0, 0x0, 0xd6efe0, 0x839940, 0xc00000d1e0, 0x20, 0x20)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0025bba40, 0xc001b4cfa0, 0x9b6ae0, 0xcb1fa0, 0x760000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0025bba40, 0xc001b4cfa0, 0xcb2120, 0x2, 0x2, 0x78b200, 0xc0025bb860, 0x30, 0xcaf7a0, 0x2, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*StructType).generate(0xcb20e0, 0xc0025bba40, 0xc001b4cfa0, 0x0, 0xd6efe0, 0x78b7c1, 0xc0025bb820, 0x32, 0x2)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0025bba40, 0xc001b4cfa0, 0x9b6ae0, 0xcb20e0, 0xd60000, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*UnionType).mutate(0xcab5e0, 0xc0025bba40, 0xc001b4cfa0, 0x9b08a0, 0xc0025bb9a0, 0xc0025bb948, 0xcb1260, 0x2, 0x2, 0xc001cd0120, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:474 +0x178
github.com/google/syzkaller/prog.(*Target).mutateArg(0xc0000e0000, 0xc0025bba40, 0xc001b4cfa0, 0x9b08a0, 0xc0025bb9a0, 0xc0025bb948, 0xcb1260, 0x2, 0x2, 0xc001cd0120, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:246 +0xe3
github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc0016a1ec0, 0xa)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:183 +0x322
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001ced100, 0x9a9ba0, 0xc001dc6720, 0x14, 0xc001d80c40, 0xc002298000, 0x207f, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:47 +0x32c
main.(*Proc).loop(0xc001d80c80)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
May 11, 2020, 6:47:54 PM5/11/20
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages