panic: broken type ref (2)

panic: broken type ref (2)

Status: auto-closed as invalid on 2021/04/30 09:05
Reported-by: syzbot+ff330024a88df473d60b@syzkaller.appspotmail.com
First crash: 1423d, last: 1423d

▶ ▼ Similar bugs (2)

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	panic: broken type ref				1	1534d	1534d	0/28	auto-closed as invalid on 2020/12/09 12:02
linux-4.14	panic: broken type ref				1	1658d	1658d	0/1	auto-closed as invalid on 2020/09/06 23:46

Sample crash report:

ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$gfs2(&(0x7f0000000140)='gfs2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
panic: broken type ref

goroutine 36 [running]:
github.com/google/syzkaller/prog.ArgCommon.Type(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:39
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd530a0, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:135 +0x878
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd53080, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:141 +0x2a9
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd53060, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:141 +0x2a9
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c060, 0xc02dd60930, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x656
github.com/google/syzkaller/prog.ForeachSubArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:111
github.com/google/syzkaller/prog.removeArg(0xb7c060, 0xc02dd60930)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:369 +0x5b
github.com/google/syzkaller/prog.(*Prog).removeCall(0xc02a30bd40, 0x8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:392 +0x86
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc02b249e18, 0x14)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:144 +0x13d
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc02a30bd40, 0xb76020, 0xc01a06e120, 0x14, 0xc01a07c000, 0xc0155c6000, 0x99ba, 0xc000)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).smashInput(0xc01a538800, 0xc0179ed630)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:213 +0x131
main.(*Proc).loop(0xc01a538800)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x1d7
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:275 +0x1246

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2020/12/31 09:04	linux-4.14.y	1752938529c6	5cc121d6	.config	console log	report			info		ci2-linux-4-14

* ~~Struck through~~ repros no longer work on HEAD.