panic: runtime error: invalid memory address or nil pointer dereference (2)
8 views
Skip to first unread message
syzbot
Mar 21, 2020, 7:04:19 PM3/21/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 01364dad Linux 4.14.174
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10a09013e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=664dd71881ab2b2d
dashboard link: https://syzkaller.appspot.com/bug?extid=cd697623e4479fcc5ebe
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cd6976...@syzkaller.appspotmail.com
fd0ee11023837a39048823f0100984398f8e6cfb05e5188a6a5fe1843b7185207bc6fda94e15cfd774ed56cc46a5d05e633e4cc72ed043d457db206f237e9b9f50182e4fc3ef88abe085bbb3608ed9a169ff7d52e5844842acfa58899fe8067cbc7e7269e12dc44c9d4bbd8c4fa372db3783f084c462a734b7a8e10d0b81829495c36bdec7fdab444fcb55f0b3e32539e252a2547ceed71b7f39f7d2cd3a704790adeddbec03261ac698b87db28d41f482615b8fc6a9bbd4802d0a8e723692f0b119c80f53b780befe867a13fd7710bd68bd6184d8f5bed3e60620479263d303fcb6ecd665c852736840808c7a5ffbcc1fd025acce2012dbdf9bb122722"})
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x72f315]
goroutine 29 [running]:
github.com/google/syzkaller/prog.(*ConstArg).Type(0x0, 0x20, 0x85fd40)
<autogenerated>:1 +0x5
github.com/google/syzkaller/prog.(*Target).CallContainsAny.func1(0xa44d20, 0x0, 0xc443405b60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:187 +0x47
github.com/google/syzkaller/prog.foreachArgImpl(0xa44d20, 0x0, 0xc4523d9f30, 0xc4523d9f50, 0x120, 0xc436593900, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125 +0xbf
github.com/google/syzkaller/prog.foreachArgImpl(0xa44da0, 0xc4523d9ef0, 0xc4523d9f30, 0xc4523d9f50, 0x0, 0xc436593a00, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:136 +0x1b0
github.com/google/syzkaller/prog.foreachArgImpl(0xa44da0, 0xc4523d9f20, 0xc4496b6b88, 0xc4523d9f50, 0x0, 0x0, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:136 +0x1b0
github.com/google/syzkaller/prog.foreachArgImpl(0xa44de0, 0xc4523d9f50, 0xc4496b6b88, 0x0, 0x0, 0xc436593c00, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:151 +0x375
github.com/google/syzkaller/prog.ForeachArg(0xc4496b6b80, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120 +0x88
github.com/google/syzkaller/prog.(*Target).CallContainsAny(0xc42009f380, 0xc4496b6b80, 0x300)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:186 +0x5a
main.signalPrio(0xc4496b6680, 0xc436593db8, 0x5, 0x323)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:523 +0x6a
main.(*Fuzzer).checkNewCallSignal(0xc4200a6000, 0xc4496b6680, 0xc436593db8, 0x5, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:503 +0x43
main.(*Fuzzer).checkNewSignal(0xc4200a6000, 0xc4496b6680, 0xc4433d8c60, 0xc4348cd318, 0x1, 0x1, 0xc4202f4000)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:494 +0x182
main.(*Proc).execute(0xc43a7d2500, 0xc420098660, 0xc4496b6680, 0x1, 0x2, 0xc45378b1a0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:252 +0x9a
main.(*Proc).loop(0xc43a7d2500)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:76 +0x21d
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x1071
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 01364dad Linux 4.14.174
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10a09013e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=664dd71881ab2b2d
dashboard link: https://syzkaller.appspot.com/bug?extid=cd697623e4479fcc5ebe
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cd6976...@syzkaller.appspotmail.com
fd0ee11023837a39048823f0100984398f8e6cfb05e5188a6a5fe1843b7185207bc6fda94e15cfd774ed56cc46a5d05e633e4cc72ed043d457db206f237e9b9f50182e4fc3ef88abe085bbb3608ed9a169ff7d52e5844842acfa58899fe8067cbc7e7269e12dc44c9d4bbd8c4fa372db3783f084c462a734b7a8e10d0b81829495c36bdec7fdab444fcb55f0b3e32539e252a2547ceed71b7f39f7d2cd3a704790adeddbec03261ac698b87db28d41f482615b8fc6a9bbd4802d0a8e723692f0b119c80f53b780befe867a13fd7710bd68bd6184d8f5bed3e60620479263d303fcb6ecd665c852736840808c7a5ffbcc1fd025acce2012dbdf9bb122722"})
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x72f315]
goroutine 29 [running]:
github.com/google/syzkaller/prog.(*ConstArg).Type(0x0, 0x20, 0x85fd40)
<autogenerated>:1 +0x5
github.com/google/syzkaller/prog.(*Target).CallContainsAny.func1(0xa44d20, 0x0, 0xc443405b60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:187 +0x47
github.com/google/syzkaller/prog.foreachArgImpl(0xa44d20, 0x0, 0xc4523d9f30, 0xc4523d9f50, 0x120, 0xc436593900, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125 +0xbf
github.com/google/syzkaller/prog.foreachArgImpl(0xa44da0, 0xc4523d9ef0, 0xc4523d9f30, 0xc4523d9f50, 0x0, 0xc436593a00, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:136 +0x1b0
github.com/google/syzkaller/prog.foreachArgImpl(0xa44da0, 0xc4523d9f20, 0xc4496b6b88, 0xc4523d9f50, 0x0, 0x0, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:136 +0x1b0
github.com/google/syzkaller/prog.foreachArgImpl(0xa44de0, 0xc4523d9f50, 0xc4496b6b88, 0x0, 0x0, 0xc436593c00, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:151 +0x375
github.com/google/syzkaller/prog.ForeachArg(0xc4496b6b80, 0xc436593ca8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120 +0x88
github.com/google/syzkaller/prog.(*Target).CallContainsAny(0xc42009f380, 0xc4496b6b80, 0x300)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:186 +0x5a
main.signalPrio(0xc4496b6680, 0xc436593db8, 0x5, 0x323)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:523 +0x6a
main.(*Fuzzer).checkNewCallSignal(0xc4200a6000, 0xc4496b6680, 0xc436593db8, 0x5, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:503 +0x43
main.(*Fuzzer).checkNewSignal(0xc4200a6000, 0xc4496b6680, 0xc4433d8c60, 0xc4348cd318, 0x1, 0x1, 0xc4202f4000)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:494 +0x182
main.(*Proc).execute(0xc43a7d2500, 0xc420098660, 0xc4496b6680, 0x1, 0x2, 0xc45378b1a0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:252 +0x9a
main.(*Proc).loop(0xc43a7d2500)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:76 +0x21d
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x1071
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 4, 2020, 3:47:10 AM9/4/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages