panic: runtime error: invalid memory address or nil pointer dereference (4)
5 views
Skip to first unread message
syzbot
Jun 26, 2023, 1:22:55 PM6/26/23
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: dad9774deaf1 Merge tag 'timers-urgent-2023-06-21' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11fd5733280000
kernel config: https://syzkaller.appspot.com/x/.config?x=2cbd298d0aff1140
dashboard link: https://syzkaller.appspot.com/bug?extid=7fae0dbd2cba53aa03b2
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fd1a285f59ed/disk-dad9774d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3121ad3d6486/vmlinux-dad9774d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6a57f0b6184a/bzImage-dad9774d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7fae0d...@syzkaller.appspotmail.com
(&(0x7f0000000000)='./file2\x00', &(0x7f0000000080), &(0x7f0000000200)={0x0, 0xfb, 0x4f, 0x0, 0x0, "14313579615e678cf38fd892972ec844", "5da1514c08ba69e7c97dbab57fecf950b6c9f9dad4af38e42336991057a83751a52e72ade305092e6fe9cb715c15d62e129ccb7b1dd9e601d78c"}, 0x4f, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x0, 0x0, 0xb00)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x46a658]
goroutine 10 [running]:
fmt.(*buffer).writeString(...)
/usr/local/go/src/fmt/print.go:108
fmt.(*pp).doPrintf(0xc03703a0d0, {0xaa1619, 0x14}, {0xc0029477f8?, 0x2, 0x2})
/usr/local/go/src/fmt/print.go:1034 +0x176
fmt.Fprintf({0xcbb120, 0xc0282cd1e0}, {0xaa1619, 0x14}, {0xc0029477f8, 0x2, 0x2})
/usr/local/go/src/fmt/print.go:224 +0x75
github.com/google/syzkaller/pkg/log.message({0x0, 0x0}, {0xaa1619, 0x14}, {0xc0029477f8, 0x2, 0x2})
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/log/log.go:104 +0x14d
github.com/google/syzkaller/pkg/log.Logf(0x0?, {0xaa1619?, 0x0?}, {0xc0029477f8?, 0xc0029477d0?, 0x40da48?})
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/log/log.go:76 +0x3b
main.(*Proc).executeRaw(0xc02c1dc100, 0x20?, 0xa39560?, 0x6)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:345 +0x3f4
main.(*Proc).execute(0xc02c1dc100, 0xad8fa1?, 0xb2?, 0xc0029479e0?, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x49
main.(*Proc).executeHintSeed.func1(0x14?)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:250 +0x85
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1()
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:79 +0x6d
github.com/google/syzkaller/prog.checkConstArg(0xc01f3df700, 0xc017c72db0?, 0xc002947d18)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:136 +0xef
github.com/google/syzkaller/prog.generateHints(0xc01f848d20?, {0xcbe990, 0xc01f3df700}, 0xc002947ab0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:120 +0x13c
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func2({0xcbe990?, 0xc01f3df700?}, 0xc01f5bf880?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:82 +0x34
github.com/google/syzkaller/prog.foreachArgImpl({0xcbe990?, 0xc01f3df700?}, 0xc01f5bf880, 0xc002947d00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:134 +0x139
github.com/google/syzkaller/prog.ForeachArg(0xc01f470910, 0x1?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:127 +0xde
github.com/google/syzkaller/prog.(*Prog).MutateWithHints(0xc02c1dc100?, 0x3, 0xc01f825c20, 0xc002947d80)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:81 +0xaa
main.(*Proc).executeHintSeed(0xc02c1dc100, 0xc027380600?, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:248 +0xd2
main.(*Proc).smashInput(0xc02c1dc100, 0xc008340ec0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:214 +0x88
main.(*Proc).loop(0xc02c1dc100)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x15e5
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000200000000 = 8192 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 4f529eef-28bc-79ad-2a9e-d197f2e1e7a4
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2830: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: dad9774deaf1 Merge tag 'timers-urgent-2023-06-21' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11fd5733280000
kernel config: https://syzkaller.appspot.com/x/.config?x=2cbd298d0aff1140
dashboard link: https://syzkaller.appspot.com/bug?extid=7fae0dbd2cba53aa03b2
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fd1a285f59ed/disk-dad9774d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3121ad3d6486/vmlinux-dad9774d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6a57f0b6184a/bzImage-dad9774d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7fae0d...@syzkaller.appspotmail.com
(&(0x7f0000000000)='./file2\x00', &(0x7f0000000080), &(0x7f0000000200)={0x0, 0xfb, 0x4f, 0x0, 0x0, "14313579615e678cf38fd892972ec844", "5da1514c08ba69e7c97dbab57fecf950b6c9f9dad4af38e42336991057a83751a52e72ade305092e6fe9cb715c15d62e129ccb7b1dd9e601d78c"}, 0x4f, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x0, 0x0, 0xb00)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x46a658]
goroutine 10 [running]:
fmt.(*buffer).writeString(...)
/usr/local/go/src/fmt/print.go:108
fmt.(*pp).doPrintf(0xc03703a0d0, {0xaa1619, 0x14}, {0xc0029477f8?, 0x2, 0x2})
/usr/local/go/src/fmt/print.go:1034 +0x176
fmt.Fprintf({0xcbb120, 0xc0282cd1e0}, {0xaa1619, 0x14}, {0xc0029477f8, 0x2, 0x2})
/usr/local/go/src/fmt/print.go:224 +0x75
github.com/google/syzkaller/pkg/log.message({0x0, 0x0}, {0xaa1619, 0x14}, {0xc0029477f8, 0x2, 0x2})
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/log/log.go:104 +0x14d
github.com/google/syzkaller/pkg/log.Logf(0x0?, {0xaa1619?, 0x0?}, {0xc0029477f8?, 0xc0029477d0?, 0x40da48?})
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/log/log.go:76 +0x3b
main.(*Proc).executeRaw(0xc02c1dc100, 0x20?, 0xa39560?, 0x6)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:345 +0x3f4
main.(*Proc).execute(0xc02c1dc100, 0xad8fa1?, 0xb2?, 0xc0029479e0?, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x49
main.(*Proc).executeHintSeed.func1(0x14?)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:250 +0x85
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1()
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:79 +0x6d
github.com/google/syzkaller/prog.checkConstArg(0xc01f3df700, 0xc017c72db0?, 0xc002947d18)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:136 +0xef
github.com/google/syzkaller/prog.generateHints(0xc01f848d20?, {0xcbe990, 0xc01f3df700}, 0xc002947ab0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:120 +0x13c
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func2({0xcbe990?, 0xc01f3df700?}, 0xc01f5bf880?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:82 +0x34
github.com/google/syzkaller/prog.foreachArgImpl({0xcbe990?, 0xc01f3df700?}, 0xc01f5bf880, 0xc002947d00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:134 +0x139
github.com/google/syzkaller/prog.ForeachArg(0xc01f470910, 0x1?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:127 +0xde
github.com/google/syzkaller/prog.(*Prog).MutateWithHints(0xc02c1dc100?, 0x3, 0xc01f825c20, 0xc002947d80)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:81 +0xaa
main.(*Proc).executeHintSeed(0xc02c1dc100, 0xc027380600?, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:248 +0xd2
main.(*Proc).smashInput(0xc02c1dc100, 0xc008340ec0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:214 +0x88
main.(*Proc).loop(0xc02c1dc100)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x15e5
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000200000000 = 8192 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 4f529eef-28bc-79ad-2a9e-d197f2e1e7a4
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2830: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 20, 2023, 1:18:43 PM9/20/23
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages