syzbot

 sign-in | mailing list | source | docs
🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

panic: broken type ref

Status: auto-closed as invalid on 2020/09/06 23:46
Reported-by: syzbot+b45544f372d0b3080c3b@syzkaller.appspotmail.com
First crash: 1447d, last: 1447d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream panic: broken type ref 1 1323d 1323d 0/26 auto-closed as invalid on 2020/12/09 12:02
linux-4.14 panic: broken type ref (2) 1 1212d 1212d 0/1 auto-closed as invalid on 2021/04/30 09:05

Sample crash report:
panic: broken type ref

goroutine 11 [running]:
github.com/google/syzkaller/prog.ArgCommon.Type(0x0, 0x4, 0xfbce80)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:39 +0xe4
github.com/google/syzkaller/prog.(*PointerArg).Size(0xc433e58300, 0xc433e58300)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:132 +0x34
github.com/google/syzkaller/prog.foreachArgImpl(0xa19920, 0xc434059720, 0xc433e5af08, 0xf08580, 0x3, 0x3, 0xc433e58210, 0x0, 0x0, 0xc446ffea30)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:140 +0x220
github.com/google/syzkaller/prog.foreachArgImpl(0xa19960, 0xc433e58210, 0xc433e5af08, 0xf08580, 0x3, 0x3, 0x0, 0x0, 0x0, 0xc446ffea30)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:154 +0x445
github.com/google/syzkaller/prog.ForeachArg(0xc433e5af00, 0xc446ffea30)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0xf3
github.com/google/syzkaller/prog.getCompatibleResources(0xc433e5aec0, 0x8caabd, 0xe, 0xc433094640, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:898 +0xb9
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc433094640, 0xc4361ac6e0, 0xcc3420, 0x7ffffffc33091e02, 0xc446ffec10, 0x4e0325, 0xc43308f770, 0x5, 0x3)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:846 +0x100
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcc3420, 0xc433094640, 0xc4361ac6e0, 0x2, 0xa198a0, 0xc433091e30, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x27b
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc433094640, 0xc4361ac6e0, 0xa1cb60, 0xcc3420, 0xc446ff0002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc433094640, 0xc4361ac6e0, 0xa1cb60, 0xcc3420, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc433094640, 0xc4361ac6e0, 0xff5d80, 0x4, 0x4, 0xb0ee6b5b7c7a9402, 0xa1cb60, 0xb000000000cc3f60, 0x0, 0xc43308ff50, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*StructType).generate(0xd3bfe0, 0xc433094640, 0xc4361ac6e0, 0x2, 0x14bacc0, 0xc42b6f0a00, 0x7a77315ee31518c9, 0xc446ffef50, 0x4dfe63)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x71
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc433094640, 0xc4361ac6e0, 0xa1cc20, 0xd3bfe0, 0xc400000002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc433094640, 0xc4361ac6e0, 0xa1cc20, 0xd3bfe0, 0x714502, 0x84d260, 0xc433091e20, 0xcee3308fe00, 0xc446fff070, 0x71c529)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*PtrType).generate(0xcf26e0, 0xc433094640, 0xc4361ac6e0, 0x0, 0xa198a0, 0xc433091e20, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:803 +0x11f
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc433094640, 0xc4361ac6e0, 0xa1caa0, 0xcf26e0, 0xc446ff0000, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc433094640, 0xc4361ac6e0, 0xa1caa0, 0xcf26e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc433094640, 0xc4361ac6e0, 0xf0e040, 0x3, 0x3, 0xc439246000, 0x60035dd7b7c33917, 0xc446fff300, 0x4dff9b, 0xc43308f770, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc433094640, 0xc4361ac6e0, 0x11d4b40, 0x1, 0x2, 0xc423850670)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xe7
github.com/google/syzkaller/prog.(*randGen).createResource(0xc433094640, 0xc4361ac6e0, 0xcc3420, 0x7ffffffc33091800, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:394 +0x516
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcc3420, 0xc433094640, 0xc4361ac6e0, 0x0, 0xa198a0, 0xc4330918a0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x1e9
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc433094640, 0xc4361ac6e0, 0xa1cb60, 0xcc3420, 0xc446ff0000, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc433094640, 0xc4361ac6e0, 0xa1cb60, 0xcc3420, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc433094640, 0xc4361ac6e0, 0xff5d80, 0x4, 0x4, 0xb0ee6b5b7c7a9400, 0xa1cb60, 0xb000000000cc3f60, 0x0, 0xc43308fa40, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*StructType).generate(0xd3bfe0, 0xc433094640, 0xc4361ac6e0, 0x0, 0x14bacc0, 0xc42b6f0a00, 0x6d5acb3e43bdae4, 0xc446fff950, 0x4dfe63)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x71
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc433094640, 0xc4361ac6e0, 0xa1cc20, 0xd3bfe0, 0xc400000000, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc433094640, 0xc4361ac6e0, 0xa1cc20, 0xd3bfe0, 0x714500, 0x84d260, 0xc433091890, 0xa0a3308f8f0, 0xc446fffa70, 0x71c529)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*PtrType).generate(0xcd71e0, 0xc433094640, 0xc4361ac6e0, 0x0, 0xa198a0, 0xc433091890, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:803 +0x11f
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc433094640, 0xc4361ac6e0, 0xa1caa0, 0xcd71e0, 0xc446ff0000, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc433094640, 0xc4361ac6e0, 0xa1caa0, 0xcd71e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc433094640, 0xc4361ac6e0, 0xf0e160, 0x3, 0x3, 0x200, 0x4d32d0, 0xc43d264000, 0xd21, 0xd21, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc433094640, 0xc4361ac6e0, 0x11d4d80, 0x26d, 0xc4361ac6e0, 0xc4361ac5f0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xe7
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc433094640, 0xc4361ac6e0, 0xc440c5d780, 0x7, 0xc440c5d780, 0xc440c5d9c0, 0xc4361ac6e0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:546 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc446fffeb0, 0x14)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf5
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc440c5d780, 0xa16ce0, 0xc439246030, 0x14, 0xc439242040, 0xc434f90000, 0xb7eb, 0xc000)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2fe
main.(*Proc).loop(0xc439242440)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x465
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1096

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/09 23:45 linux-4.14.y d71f695ce745 88cb3e92 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.