syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: runtime error: invalid memory address or nil pointer dereference (2)

Status: auto-closed as invalid on 2020/09/04 07:47
Reported-by: syzbot+cd697623e4479fcc5ebe@syzkaller.appspotmail.com
First crash: 1707d, last: 1661d
Similar bugs (11)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 panic: runtime error: invalid memory address or nil pointer dereference 233 1292d 1293d 0/2 closed as invalid on 2021/05/10 12:09
upstream panic: runtime error: invalid memory address or nil pointer dereference (3) 127 1292d 1292d 0/28 closed as invalid on 2021/05/10 12:38
linux-4.14 panic: runtime error: invalid memory address or nil pointer dereference (3) 219 1292d 1293d 0/1 closed as invalid on 2021/05/10 12:09
linux-4.19 panic: runtime error: invalid memory address or nil pointer dereference (2) 1 1553d 1553d 0/1 auto-closed as invalid on 2020/12/20 16:18
upstream panic: runtime error: invalid memory address or nil pointer dereference (2) 1894 1292d 1293d 0/28 closed as invalid on 2021/05/10 12:18
upstream panic: runtime error: invalid memory address or nil pointer dereference (5) 1 402d 398d 0/28 auto-obsoleted due to no activity on 2024/01/16 09:30
upstream panic: runtime error: invalid memory address or nil pointer dereference 1 1725d 1725d 0/28 auto-closed as invalid on 2020/06/01 17:49
linux-4.14 panic: runtime error: invalid memory address or nil pointer dereference 1 1832d 1832d 0/1 auto-closed as invalid on 2020/03/17 06:44
linux-4.19 panic: runtime error: invalid memory address or nil pointer dereference (3) 219 1214d 1303d 0/1 auto-closed as invalid on 2021/10/25 16:30
linux-4.19 panic: runtime error: invalid memory address or nil pointer dereference 1 1694d 1694d 0/1 auto-closed as invalid on 2020/08/02 09:10
upstream panic: runtime error: invalid memory address or nil pointer dereference (4) 1 519d 515d 0/28 auto-obsoleted due to no activity on 2023/09/20 17:18

Sample crash report:
r4 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000080)={0x23, 0x1, 0x2, 0x1002, 0x0, 0x0, 0x0})
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6fd5ae]

goroutine 28 [running]:
github.com/google/syzkaller/prog.clone(0xa198a0, 0x0, 0xc43b0f88f0, 0xc43b0f8988, 0xc4316293e0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:48 +0x2be
github.com/google/syzkaller/prog.clone(0xa19920, 0xc42e64c1e0, 0xc43b0f88f0, 0xc431629470, 0x3)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:44 +0x58e
github.com/google/syzkaller/prog.(*Prog).Clone(0xc42e60d900, 0x8caac1)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x19d
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc430dad480, 0xc440059c70, 0xcc3420, 0x7ffffffc45b7b102, 0xc43b0f8b68, 0x4e0325, 0xc429ff0cc0, 0x5, 0x1)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:845 +0xc4
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcc3420, 0xc430dad480, 0xc440059c70, 0x2, 0xa19860, 0xc445b7b140, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x27b
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc430dad480, 0xc440059c70, 0xa1cb20, 0xcc3420, 0xc43b0f0002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc430dad480, 0xc440059c70, 0xa1cb20, 0xcc3420, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc430dad480, 0xc440059c70, 0xff5d80, 0x4, 0x4, 0x5755618fe598a202, 0xc42002d790, 0x570000c43b0f8e30, 0x41e126, 0xc44a73ec60, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*StructType).generate(0xd3bfe0, 0xc430dad480, 0xc440059c70, 0x2, 0x14bacc0, 0xc42fa7ea00, 0x5dde5b8601c4fde8, 0xc43b0f8ea8, 0x4dfe63)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x71
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc430dad480, 0xc440059c70, 0xa1cbe0, 0xd3bfe0, 0xc400000002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc430dad480, 0xc440059c70, 0xa1cbe0, 0xd3bfe0, 0x714502, 0x84d260, 0xc445b7b130, 0xcee00000000, 0xc43b0f8fc8, 0x71c4d9)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*PtrType).generate(0xcf26e0, 0xc430dad480, 0xc440059c70, 0x0, 0xa19860, 0xc445b7b130, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:803 +0x11f
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc430dad480, 0xc440059c70, 0xa1ca60, 0xcf26e0, 0xc43b0f0000, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc430dad480, 0xc440059c70, 0xa1ca60, 0xcf26e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc430dad480, 0xc440059c70, 0xf0e040, 0x3, 0x3, 0xc437ae0200, 0x154cd41182fdc8cb, 0xc43b0f9258, 0x4dff9b, 0xc429ff0cc0, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc430dad480, 0xc440059c70, 0x11d4b40, 0x1, 0x2, 0xc429dfdef0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xe7
github.com/google/syzkaller/prog.(*randGen).createResource(0xc430dad480, 0xc440059c70, 0xcc3460, 0xc434485600, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:394 +0x516
github.com/google/syzkaller/prog.(*ResourceType).generate(0xcc3460, 0xc430dad480, 0xc440059c70, 0xc429ff0f00, 0xa19860, 0xc4344856e0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x1e9
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc430dad480, 0xc440059c70, 0xa1cb20, 0xcc3460, 0xc43b0f0000, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc430dad480, 0xc440059c70, 0xa1cb20, 0xcc3460, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc430dad480, 0xc440059c70, 0xd3cf20, 0x2, 0x2, 0x406200e949c3cb00, 0xc4397f9900, 0x402e00000040fff9, 0x2, 0x0, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*StructType).generate(0xd3cee0, 0xc430dad480, 0xc440059c70, 0x0, 0x14bacc0, 0xc42fa7ea00, 0x327de595022cf59c, 0xc43b0f98a8, 0x4dfe63)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:786 +0x71
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc430dad480, 0xc440059c70, 0xa1cbe0, 0xd3cee0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc430dad480, 0xc440059c70, 0xa1cbe0, 0xd3cee0, 0x714500, 0x84d260, 0xc4344856d0, 0xcc635da3320, 0xc43b0f99c8, 0x71c4d9)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*PtrType).generate(0xcd7fa0, 0xc430dad480, 0xc440059c70, 0xc434485600, 0xa19860, 0xc4344856d0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:803 +0x11f
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc430dad480, 0xc440059c70, 0xa1ca60, 0xcd7fa0, 0xc43b0f0000, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x1af
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc430dad480, 0xc440059c70, 0xa1ca60, 0xcd7fa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 +0x5e
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc430dad480, 0xc440059c70, 0xf0fd20, 0x3, 0x3, 0x200, 0x4d32d0, 0xc43da24a80, 0xd21, 0xd21, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x19f
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc430dad480, 0xc440059c70, 0x11d8740, 0x2b3, 0xc440059c70, 0xc43110b440)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xe7
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc430dad480, 0xc440059c70, 0xc4397f82c0, 0x3, 0xc4397f82c0, 0xc4397f83c0, 0xc440059c70)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:546 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc43b0f9e08, 0x14)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf5
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc4397f82c0, 0xa16ca0, 0xc437ae0270, 0x14, 0xc437ad4140, 0xc433a42000, 0xb229, 0xc000)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2fe
main.(*Proc).smashInput(0xc437ad4580, 0xc42d76a840)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:213 +0x131
main.(*Proc).loop(0xc437ad4580)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x194
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1096

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/07 07:46 linux-4.14.y d71f695ce745 4618eb2d .config console log report ci2-linux-4-14
2020/03/21 23:04 linux-4.14.y 01364dad1d45 78267cec .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.