panic: runtime error: invalid memory address or nil pointer dereference (2)
6 views
Skip to first unread message
syzbot
Nov 5, 2019, 3:46:09 PM11/5/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 1f857ec2 Give some END()s to assembly symbols.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=165d1658e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=98309c4721954276878b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+98309c...@syzkaller.appspotmail.com
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x7a0381]
goroutine 24 [running]:
github.com/google/syzkaller/prog.chooseCall.func1(0x9a6240, 0xc00306eb40,
0xc003ac0b60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:198
+0x51
github.com/google/syzkaller/prog.foreachArgImpl(0x9a6240, 0xc00306eb40,
0xc003035fc8, 0x0, 0x0, 0x0, 0xc002effd60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125
+0xbe
github.com/google/syzkaller/prog.ForeachArg(0xc003035fc0, 0xc002effd60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120
+0x9e
github.com/google/syzkaller/prog.chooseCall(0xc002fc8080, 0xc003ac9420,
0xc002c616b0, 0xc002effdc0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:197
+0x10d
github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc002effec0, 0xa)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:161
+0x67
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002fc8080, 0x9a0ac0,
0xc002c0d560, 0x1e, 0xc002e96980, 0xc003022000, 0x1e78, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:44
+0x2da
main.(*Proc).loop(0xc002fe2500)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259
+0x114c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 1f857ec2 Give some END()s to assembly symbols.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=165d1658e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=98309c4721954276878b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+98309c...@syzkaller.appspotmail.com
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x7a0381]
goroutine 24 [running]:
github.com/google/syzkaller/prog.chooseCall.func1(0x9a6240, 0xc00306eb40,
0xc003ac0b60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:198
+0x51
github.com/google/syzkaller/prog.foreachArgImpl(0x9a6240, 0xc00306eb40,
0xc003035fc8, 0x0, 0x0, 0x0, 0xc002effd60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125
+0xbe
github.com/google/syzkaller/prog.ForeachArg(0xc003035fc0, 0xc002effd60)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120
+0x9e
github.com/google/syzkaller/prog.chooseCall(0xc002fc8080, 0xc003ac9420,
0xc002c616b0, 0xc002effdc0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:197
+0x10d
github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc002effec0, 0xa)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:161
+0x67
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002fc8080, 0x9a0ac0,
0xc002c0d560, 0x1e, 0xc002e96980, 0xc003022000, 0x1e78, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:44
+0x2da
main.(*Proc).loop(0xc002fe2500)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x434
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259
+0x114c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Nov 6, 2019, 3:14:12 AM11/6/19
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Dmitry Vyukov
Nov 6, 2019, 5:43:59 AM11/6/19
to Anton Lindqvist, syzbot, syzkaller-o...@googlegroups.com
I wasn't able to reproduce this by running prog mutation tests in a
loop. Presumably another memory corruption.
We had a long standing issue to detect syzkaller panics on all OS (on
most they go into "lost connection" bucket and are ignored). I've
added this feature for all OSes:
https://github.com/google/syzkaller/commit/da505f84d3e8fc3bb7c54fea76eb5574987ee01a
Let's see what happens on e.g. linux...
On Wed, Nov 6, 2019 at 9:14 AM Anton Lindqvist <an...@basename.se> wrote:
>
> #syz invalid
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/20191106081410.GA80695%40amd64.basename.se.
loop. Presumably another memory corruption.
We had a long standing issue to detect syzkaller panics on all OS (on
most they go into "lost connection" bucket and are ignored). I've
added this feature for all OSes:
https://github.com/google/syzkaller/commit/da505f84d3e8fc3bb7c54fea76eb5574987ee01a
Let's see what happens on e.g. linux...
On Wed, Nov 6, 2019 at 9:14 AM Anton Lindqvist <an...@basename.se> wrote:
>
> #syz invalid
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/20191106081410.GA80695%40amd64.basename.se.
Reply all
Reply to author
Forward
0 new messages