syzbot


panic: broken type ref

Status: auto-closed as invalid on 2020/12/09 12:02
First crash: 1312d, last: 1312d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 panic: broken type ref 1 1435d 1435d 0/1 auto-closed as invalid on 2020/09/06 23:46
linux-4.14 panic: broken type ref (2) 1 1200d 1200d 0/1 auto-closed as invalid on 2021/04/30 09:05

Sample crash report:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xaf, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x4000000080002, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000000)={'HL\x00'}, &(0x7f00000000c0)=0x1e)
panic: broken type ref

goroutine 38 [running]:
github.com/google/syzkaller/prog.ArgCommon.Type(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:39
github.com/google/syzkaller/prog.foreachArgImpl(0xb22ac0, 0xc02f898c00, 0xc02f89b6c0, 0xc02f72d050)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:135 +0x878
github.com/google/syzkaller/prog.foreachArgImpl(0xb22b00, 0xc02f89f320, 0xc02f89b6c0, 0xc02f72d050)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x656
github.com/google/syzkaller/prog.ForeachArg(0xc02f89b2c0, 0xc02f72d050)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0xdd
github.com/google/syzkaller/prog.getCompatibleResources(0xc02f89b100, 0x9249fb, 0x5, 0xc024998a00, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:894 +0xb9
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc024998a00, 0xc0197f7400, 0xef8420, 0x2, 0x0, 0xc02e8f1890, 0x420835, 0xc02e8f3160, 0x7f0e3f8df201)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:842 +0xfe
github.com/google/syzkaller/prog.(*ResourceType).generate(0xef8420, 0xc024998a00, 0xc0197f7400, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x32d
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024998a00, 0xc0197f7400, 0xb28840, 0xef8420, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:652 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024998a00, 0xc0197f7400, 0x10fd620, 0x2, 0x2, 0x2, 0x41291b, 0xc02f3a34f8, 0x5031abd4, 0x3e8019dea193de08, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:590 +0x179
github.com/google/syzkaller/prog.(*StructType).generate(0xf7c120, 0xc024998a00, 0xc0197f7400, 0x2, 0x1998ca0, 0xc02e8f3140, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:782 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024998a00, 0xc0197f7400, 0xb28920, 0xf7c120, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:652 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602
github.com/google/syzkaller/prog.(*ArrayType).generate(0x10f9cc0, 0xc024998a00, 0xc0197f7400, 0x2, 0xb22a40, 0xc0242a0320, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:774 +0x180
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024998a00, 0xc0197f7400, 0xb28060, 0x10f9cc0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:652 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024998a00, 0xc0197f7400, 0x13ee1c0, 0x4, 0x4, 0xc02414d702, 0x41291b, 0xc024ee5928, 0x5031abd4, 0xfa3f4e636a08c60c, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:590 +0x179
github.com/google/syzkaller/prog.(*StructType).generate(0xf7c0c0, 0xc024998a00, 0xc0197f7400, 0x2, 0x1998ca0, 0xc003090a00, 0x60d9fcdb816681b4, 0xc024ee5970, 0x4f7253)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:782 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024998a00, 0xc0197f7400, 0xb28920, 0xf7c0c0, 0x400002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:652 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602
github.com/google/syzkaller/prog.(*PtrType).generate(0xf2c1a0, 0xc024998a00, 0xc0197f7400, 0x0, 0xb22a40, 0xc0242a0310, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:799 +0x123
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024998a00, 0xc0197f7400, 0xb28760, 0xf2c1a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:652 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024998a00, 0xc0197f7400, 0x1371060, 0x3, 0x3, 0xc002534000, 0xe72, 0xe72, 0x4eb2, 0x250, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:590 +0x179
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc024998a00, 0xc0197f7400, 0x15b2f20, 0x250, 0xc0197f7400, 0xc019575d00)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:545 +0xd5
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc024998a00, 0xc0197f7400, 0xc012e85340, 0xb, 0xc012e85340, 0xc01fffc5c0, 0xc0197f7400)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:534 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc02f72de18, 0x14)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc012e85340, 0xb1bf00, 0xc01bdc12c0, 0x14, 0xc01bda8100, 0xc01231e000, 0xc401, 0xf000)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).smashInput(0xc01be21380, 0xc0129dae80)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:213 +0x131
main.(*Proc).loop(0xc01be21380)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x1d7
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:267 +0x1187

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/09/10 11:56 upstream 34d4ddd359db 409809d8 .config console log report ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.