panic: bad arg kind: <nil> (6)
6 views
Skip to first unread message
syzbot
Mar 3, 2020, 7:50:12 AM3/3/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: af3cc7ce previous commit accidentally aliased two unique t..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15d33681e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=f5ede58517d5cff07adb
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f5ede5...@syzkaller.appspotmail.com
panic: bad arg kind: <nil>
goroutine 23 [running]:
github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc002925770, 0x9a7820, 0xc0029993c0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x954
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae420, 0xc002925770, 0x9a78a0, 0xc00298eed0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae4b0, 0xc002925770, 0x9a78a0, 0xc00298edb0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae540, 0xc002925770, 0x9a7820, 0xc002998a60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae570, 0xc002925770, 0xc0029257e8, 0x40be26)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78e0, 0xc0002ae5a0, 0xc002925770, 0x9a7820, 0xc002998a00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:44 +0x58f
github.com/google/syzkaller/prog.(*Prog).Clone(0xc00028dc40, 0x8f4d92)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279
github.com/google/syzkaller/prog.resourceCentric(0xcb5fe0, 0xc001e2b860, 0xc0024508e0, 0x8f1701, 0x203000, 0x448dbe, 0xc0024b50e0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:848 +0xbf
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcb5fe0, 0xc0024508e0, 0xc001e2b860, 0x10, 0x879280, 0x8f00c1, 0xc000138380, 0x10)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x920
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0024508e0, 0xc001e2b860, 0x9ae9e0, 0xcb5fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:674 +0x506
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:623
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0024508e0, 0xc001e2b860, 0xc97f40, 0x1, 0x1, 0xc002925d58, 0x7fb5c91c, 0xfecabf60c5f89feb, 0xc002925d90, 0x789e4e, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:611 +0x107
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc0024508e0, 0xc001e2b860, 0xceb860, 0x136, 0xc001e2b860, 0xc002367a40)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:555 +0xc6
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc0024508e0, 0xc001e2b860, 0xc002408c80, 0xa, 0xc002408c80, 0xc002409480, 0xc001e2b860)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:547 +0xb2
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc002925ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:137 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002408c80, 0x9a2120, 0xc002465320, 0x1e, 0xc002919780, 0xc0025d8000, 0x1e2f, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:42 +0x29b
main.(*Proc).loop(0xc0029197c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: af3cc7ce previous commit accidentally aliased two unique t..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15d33681e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=f5ede58517d5cff07adb
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f5ede5...@syzkaller.appspotmail.com
panic: bad arg kind: <nil>
goroutine 23 [running]:
github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc002925770, 0x9a7820, 0xc0029993c0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:79 +0x954
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae420, 0xc002925770, 0x9a78a0, 0xc00298eed0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae4b0, 0xc002925770, 0x9a78a0, 0xc00298edb0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae540, 0xc002925770, 0x9a7820, 0xc002998a60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78a0, 0xc0002ae570, 0xc002925770, 0xc0029257e8, 0x40be26)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:57 +0x17c
github.com/google/syzkaller/prog.clone(0x9a78e0, 0xc0002ae5a0, 0xc002925770, 0x9a7820, 0xc002998a00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:44 +0x58f
github.com/google/syzkaller/prog.(*Prog).Clone(0xc00028dc40, 0x8f4d92)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279
github.com/google/syzkaller/prog.resourceCentric(0xcb5fe0, 0xc001e2b860, 0xc0024508e0, 0x8f1701, 0x203000, 0x448dbe, 0xc0024b50e0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:848 +0xbf
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcb5fe0, 0xc0024508e0, 0xc001e2b860, 0x10, 0x879280, 0x8f00c1, 0xc000138380, 0x10)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x920
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0024508e0, 0xc001e2b860, 0x9ae9e0, 0xcb5fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:674 +0x506
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:623
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0024508e0, 0xc001e2b860, 0xc97f40, 0x1, 0x1, 0xc002925d58, 0x7fb5c91c, 0xfecabf60c5f89feb, 0xc002925d90, 0x789e4e, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:611 +0x107
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc0024508e0, 0xc001e2b860, 0xceb860, 0x136, 0xc001e2b860, 0xc002367a40)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:555 +0xc6
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc0024508e0, 0xc001e2b860, 0xc002408c80, 0xa, 0xc002408c80, 0xc002409480, 0xc001e2b860)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:547 +0xb2
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc002925ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:137 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002408c80, 0x9a2120, 0xc002465320, 0x1e, 0xc002919780, 0xc0025d8000, 0x1e2f, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:42 +0x29b
main.(*Proc).loop(0xc0029197c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Mar 4, 2020, 2:53:57 AM3/4/20
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Dmitry Vyukov
Mar 4, 2020, 3:07:41 AM3/4/20
to syzbot, 'Dmitry Vyukov' via syzkaller-openbsd-bugs
On Wed, Mar 4, 2020 at 8:53 AM Anton Lindqvist <an...@basename.se> wrote:
>
> #syz invalid
My current hypothesis is that these happen due to kernel memory
corruption. I've looked at a number of these, stared at the code, run
stress tests for prolonged periods. I don't have any other
explanations. We don't have KASAN for OpenBSD and have a number of
known bugs, so memory corruptions are quite likely.
>
> #syz invalid
My current hypothesis is that these happen due to kernel memory
corruption. I've looked at a number of these, stared at the code, run
stress tests for prolonged periods. I don't have any other
explanations. We don't have KASAN for OpenBSD and have a number of
known bugs, so memory corruptions are quite likely.
Anton Lindqvist
Mar 4, 2020, 3:13:01 AM3/4/20
to Dmitry Vyukov, syzbot, 'Dmitry Vyukov' via syzkaller-openbsd-bugs
Dmitry Vyukov
Mar 4, 2020, 3:17:34 AM3/4/20
to Dmitry Vyukov, syzbot, 'Dmitry Vyukov' via syzkaller-openbsd-bugs
probably don't contain info about real root cause, and addressing
other known bugs and implementing KASAN would be more practical time
investment :)
Reply all
Reply to author
Forward
0 new messages