syzbot

 sign-in | mailing list | source | docs
🐞 Open [570] 🐞 Fixed [32] 🐞 Invalid [301] Missing Backports [45] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

panic: replaceArg: group fields don't match: NUM/NUM

Status: upstream: reported on 2024/03/09 00:25
Reported-by: syzbot+f9e5d8c213f34549b280@syzkaller.appspotmail.com
First crash: 59d, last: 59d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream panic: replaceArg: group fields don't match: NUM/NUM 387 59d 60d 0/26 closed as invalid on 2024/03/12 09:36
android-5-15 panic: replaceArg: group fields don't match: NUM/NUM 7 59d 59d 0/2 premoderation: reported on 2024/03/08 19:23
linux-6.1 panic: replaceArg: group fields don't match: NUM/NUM 3 59d 59d 0/3 upstream: reported on 2024/03/08 17:59
android-5-10 panic: replaceArg: group fields don't match: NUM/NUM 13 59d 59d 0/2 auto-obsoleted due to no activity on 2024/04/28 04:20

Sample crash report:
6cd67e17e7e0706aefb9e937085773ddf266cd2764550ac03667769ba998f911533798cd00ba670828c38608b35d9045237d1f3918fc51d047638"}}, {0x70, &(0x7f00000014c0)=@string={0x70, 0x3, "ba03bff38435ced35718c863ff098a119aba67c6c3dcb5db1d842b401e1b895159131d2f1e525d573e9e29f09b3d774fbd4f04ba65d8e4601dec1df96ea4e2c11b53d659f7027b9b2d3cf575e5b9ea4ec6d8f5897d3fdbfb8fb31fc2d161c8604caaecd2543a50e2fc06c2ad0fa0"}}]})
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
panic: replaceArg: group fields don't match: 1/0

goroutine 35 [running]:
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd00?}, {0xe56770?, 0xc01970aa60?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:377 +0x425
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd20?}, {0xe56770?, 0xc01970a9e0?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd40?}, {0xe56770?, 0xc01970a960?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd60?}, {0xe56770?, 0xc01970a940?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bd80?}, {0xe56770?, 0xc01970a920?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bda0?}, {0xe56770?, 0xc01970a900?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bdc0?}, {0xe56770?, 0xc01970a8e0?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7bde0?}, {0xe56770?, 0xc01970a8c0?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.replaceArg({0xe56770?, 0xc012d7be00?}, {0xe56770?, 0xc01970a8a0?})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:382 +0x345
github.com/google/syzkaller/prog.(*StructType).mutate(0x16d4620, 0xc012d7b3e0, 0xc0132c0b90, {0xe56770, 0xc012d7be20?}, {0xc0132c09b8, {0x1db7580, 0x4, 0x4}, 0xc01366e7e0, ...})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:490 +0x185
github.com/google/syzkaller/prog.(*Target).mutateArg(0x0?, 0xc01ba8eb80?, 0xc002e35ce0?, {0xe56770, 0xc012d7be20}, {0xc0132c09b8, {0x1db7580, 0x4, 0x4}, 0xc01366e7e0, ...}, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:245 +0xe2
github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc002e35d60)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:196 +0x245
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc022ad8600, {0xe52aa8?, 0xc0236d1a10}, 0x1e, 0xc0232e40c0, 0xc0003e2fc0, {0xc022180000, 0xecc7, 0x11000})
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:51 +0x2ba
main.(*Proc).smashInput(0xc0232e42c0, 0xc015cc1d00)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:221 +0x165
main.(*Proc).loop(0xc0232e42c0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2
created by main.main in goroutine 1
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:336 +0x1665

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/09 00:25 linux-5.15.y 574362648507 8e75c913 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan panic: replaceArg: group fields don't match: NUM/NUM
2024/03/09 03:20 linux-5.15.y 574362648507 8e75c913 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 panic: replaceArg: group fields don't match: NUM/NUM
* Struck through repros no longer work on HEAD.