panic: bad group arg size 29, should be <= 32 for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:LINEx2c0, dir:LINEx0}, Inn
2 views
Skip to first unread message
syzbot
May 21, 2020, 1:54:17 AM5/21/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: cec60a45 Replace fixed 128-byte fields for search domains,..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11769b81100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=5333b317bb5f3d0d8e9b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5333b3...@syzkaller.appspotmail.com
panic: bad group arg size 29, should be <= 32 for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2c0, dir:0x0}, Inner:[]prog.Arg{(*prog.DataArg)(0xc0020248a0), (*prog.ConstArg)(0xc002026130), (*prog.ConstArg)(0xc002026140), (*prog.ConstArg)(0xc002026150)}} type &prog.StructType{TypeCommon:prog.TypeCommon{TypeName:"ifreq_name", TypeSize:0x20, IsOptional:false, IsVarlen:false, self:0x2c0}, Fields:[]prog.Field{prog.Field{Name:"ifr_name", Type:(*prog.BufferType)(0xcc4f60)}, prog.Field{Name:"tapindex", Type:(*prog.ProcType)(0xcba960)}, prog.Field{Name:"z", Type:(*prog.ConstType)(0xcb6880)}, prog.Field{Name:"", Type:(*prog.ConstType)(0xcba6c0)}}, AlignAttr:0x0}
goroutine 25 [running]:
github.com/google/syzkaller/prog.foreachArgImpl(0x9b0b20, 0xc002211a40, 0xc002023180, 0xc0005e1908)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:149 +0x765
github.com/google/syzkaller/prog.foreachArgImpl(0x9b0b60, 0xc002024870, 0xc002023180, 0xc0005e1908)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x5e5
github.com/google/syzkaller/prog.ForeachArg(0xc002022f80, 0xc0005e1908)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0xdd
github.com/google/syzkaller/prog.getCompatibleResources(0xc002022ec0, 0x8f9fd0, 0x7, 0xc00282d8c0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:898 +0xb9
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc00282d8c0, 0xc001b7b310, 0xca87a0, 0x0, 0x0, 0x0, 0x924940, 0xc0005e1b18, 0x40)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:846 +0xfe
github.com/google/syzkaller/prog.(*ResourceType).generate(0xca87a0, 0xc00282d8c0, 0xc001b7b310, 0x0, 0x886a00, 0x0, 0xc001c66600, 0x10, 0x10)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x27c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc00282d8c0, 0xc001b7b310, 0x9b6e40, 0xca87a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc00282d8c0, 0xc001b7b310, 0xca7260, 0x1, 0x1, 0x49f700, 0xc001f0e000, 0x155, 0x155, 0x2070, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc00282d8c0, 0xc001b7b310, 0xd29600, 0x137, 0xc001b7b310, 0xc001be5da0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xd5
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc00282d8c0, 0xc001b7b310, 0xc001c630c0, 0xa, 0xc001c630c0, 0xc001c634c0, 0xc001b7b310)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:546 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc0005e1ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001c630c0, 0x9aa1a0, 0xc001560bd0, 0x14, 0xc001514880, 0xc001eb6000, 0x2113, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).loop(0xc0015148c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: cec60a45 Replace fixed 128-byte fields for search domains,..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11769b81100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=5333b317bb5f3d0d8e9b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5333b3...@syzkaller.appspotmail.com
panic: bad group arg size 29, should be <= 32 for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2c0, dir:0x0}, Inner:[]prog.Arg{(*prog.DataArg)(0xc0020248a0), (*prog.ConstArg)(0xc002026130), (*prog.ConstArg)(0xc002026140), (*prog.ConstArg)(0xc002026150)}} type &prog.StructType{TypeCommon:prog.TypeCommon{TypeName:"ifreq_name", TypeSize:0x20, IsOptional:false, IsVarlen:false, self:0x2c0}, Fields:[]prog.Field{prog.Field{Name:"ifr_name", Type:(*prog.BufferType)(0xcc4f60)}, prog.Field{Name:"tapindex", Type:(*prog.ProcType)(0xcba960)}, prog.Field{Name:"z", Type:(*prog.ConstType)(0xcb6880)}, prog.Field{Name:"", Type:(*prog.ConstType)(0xcba6c0)}}, AlignAttr:0x0}
goroutine 25 [running]:
github.com/google/syzkaller/prog.foreachArgImpl(0x9b0b20, 0xc002211a40, 0xc002023180, 0xc0005e1908)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:149 +0x765
github.com/google/syzkaller/prog.foreachArgImpl(0x9b0b60, 0xc002024870, 0xc002023180, 0xc0005e1908)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x5e5
github.com/google/syzkaller/prog.ForeachArg(0xc002022f80, 0xc0005e1908)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0xdd
github.com/google/syzkaller/prog.getCompatibleResources(0xc002022ec0, 0x8f9fd0, 0x7, 0xc00282d8c0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:898 +0xb9
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc00282d8c0, 0xc001b7b310, 0xca87a0, 0x0, 0x0, 0x0, 0x924940, 0xc0005e1b18, 0x40)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:846 +0xfe
github.com/google/syzkaller/prog.(*ResourceType).generate(0xca87a0, 0xc00282d8c0, 0xc001b7b310, 0x0, 0x886a00, 0x0, 0xc001c66600, 0x10, 0x10)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x27c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc00282d8c0, 0xc001b7b310, 0x9b6e40, 0xca87a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc00282d8c0, 0xc001b7b310, 0xca7260, 0x1, 0x1, 0x49f700, 0xc001f0e000, 0x155, 0x155, 0x2070, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc00282d8c0, 0xc001b7b310, 0xd29600, 0x137, 0xc001b7b310, 0xc001be5da0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xd5
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc00282d8c0, 0xc001b7b310, 0xc001c630c0, 0xa, 0xc001c630c0, 0xc001c634c0, 0xc001b7b310)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:546 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc0005e1ec0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001c630c0, 0x9aa1a0, 0xc001560bd0, 0x14, 0xc001514880, 0xc001eb6000, 0x2113, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).loop(0xc0015148c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
May 22, 2020, 2:30:07 AM5/22/20
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages