panic: broken type ref goroutine 25 [running]: github.com/google/syzkaller/prog.ArgCommon.Type(...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:39 github.com/google/syzkaller/prog.(*ConstArg).Size(0xc0035d1c30, 0xc0035d1c30) /syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:59 +0xed github.com/google/syzkaller/prog.foreachArgImpl(0x9b32e0, 0xc0035d46a0, 0xc0035cca00, 0xc00011d320) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:142 +0x2ba github.com/google/syzkaller/prog.foreachArgImpl(0x9b32e0, 0xc0035d4680, 0xc0035cca00, 0xc00011d320) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:141 +0x2a3 github.com/google/syzkaller/prog.foreachArgImpl(0x9b3320, 0xc0035e8840, 0xc0035cca00, 0xc00011d320) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x5e5 github.com/google/syzkaller/prog.foreachArgImpl(0x9b32e0, 0xc0035d4660, 0xc0035cca00, 0xc00011d320) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:141 +0x2a3 github.com/google/syzkaller/prog.foreachArgImpl(0x9b3320, 0xc0035e87e0, 0xc0035cca00, 0xc00011d320) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x5e5 github.com/google/syzkaller/prog.ForeachArg(0xc0035cc800, 0xc00011d320) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0xdd github.com/google/syzkaller/prog.getCompatibleResources(0xc0035cc740, 0x9002b6, 0xb, 0xc00275dee0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:892 +0xb9 github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc00275dee0, 0xc0012aeff0, 0xcac820, 0x0, 0x0, 0x0, 0xc0012d3980, 0xc00011d528, 0x792d59) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:840 +0xfe github.com/google/syzkaller/prog.(*ResourceType).generate(0xcac820, 0xc00275dee0, 0xc0012aeff0, 0x0, 0x9b3260, 0xc0012d3980, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:669 +0x27c github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc00275dee0, 0xc0012aeff0, 0x9b9600, 0xcac820, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x450 github.com/google/syzkaller/prog.(*randGen).generateArg(...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608 github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc00275dee0, 0xc0012aeff0, 0xd425a0, 0xc, 0xc, 0xaaaaaaaaaaaaaa00, 0x38, 0x8, 0x0, 0x0, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:596 +0x116 github.com/google/syzkaller/prog.(*StructType).generate(0xcb70a0, 0xc00275dee0, 0xc0012aeff0, 0x0, 0xd7bd40, 0x0, 0x0, 0x20, 0x20) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:780 +0x7c github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc00275dee0, 0xc0012aeff0, 0x9b96c0, 0xcb70a0, 0x420000, 0x0, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x450 github.com/google/syzkaller/prog.(*randGen).generateArg(...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608 github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc00275dee0, 0xc0012aeff0, 0xcb7220, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:596 +0x116 github.com/google/syzkaller/prog.(*StructType).generate(0xcb71e0, 0xc00275dee0, 0xc0012aeff0, 0x0, 0xd7bd40, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:780 +0x7c github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc00275dee0, 0xc0012aeff0, 0x9b96c0, 0xcb71e0, 0xd70000, 0x0, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x450 github.com/google/syzkaller/prog.(*randGen).generateArg(...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608 github.com/google/syzkaller/prog.(*UnionType).mutate(0xcafea0, 0xc00275dee0, 0xc0012aeff0, 0x9b33a0, 0xc00275dbc0, 0xc00275dac8, 0xcb63a0, 0x2, 0x2, 0xc00142aa20, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:457 +0x178 github.com/google/syzkaller/prog.(*Target).mutateArg(0xc000079520, 0xc00275dee0, 0xc0012aeff0, 0x9b33a0, 0xc00275dbc0, 0xc00275dac8, 0xcb63a0, 0x2, 0x2, 0xc00142aa20, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:229 +0xe3 github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc00011dec0, 0xa) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:182 +0x288 github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001431a00, 0x9ac960, 0xc002562bd0, 0x14, 0xc00201ba00, 0xc0024c6000, 0x272c, 0x3000) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:47 +0x32c main.(*Proc).loop(0xc00201bc80) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:260 +0x1188