syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

panic: runtime error: invalid memory address or nil pointer dereference (2)

Status: auto-closed as invalid on 2020/12/20 16:18
Reported-by: syzbot+9c07a9b32d8f2d38fe9a@syzkaller.appspotmail.com
First crash: 1336d, last: 1336d
Similar bugs (11)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 panic: runtime error: invalid memory address or nil pointer dereference (2) 2 1443d 1490d 0/1 auto-closed as invalid on 2020/09/04 07:47
android-54 panic: runtime error: invalid memory address or nil pointer dereference 233 1075d 1075d 0/2 closed as invalid on 2021/05/10 12:09
upstream panic: runtime error: invalid memory address or nil pointer dereference (3) 127 1075d 1075d 0/26 closed as invalid on 2021/05/10 12:38
linux-4.14 panic: runtime error: invalid memory address or nil pointer dereference (3) 219 1075d 1075d 0/1 closed as invalid on 2021/05/10 12:09
upstream panic: runtime error: invalid memory address or nil pointer dereference (2) 1894 1075d 1075d 0/26 closed as invalid on 2021/05/10 12:18
upstream panic: runtime error: invalid memory address or nil pointer dereference (5) 1 184d 180d 0/26 auto-obsoleted due to no activity on 2024/01/16 09:30
upstream panic: runtime error: invalid memory address or nil pointer dereference 1 1508d 1508d 0/26 auto-closed as invalid on 2020/06/01 17:49
linux-4.14 panic: runtime error: invalid memory address or nil pointer dereference 1 1614d 1614d 0/1 auto-closed as invalid on 2020/03/17 06:44
linux-4.19 panic: runtime error: invalid memory address or nil pointer dereference (3) 219 997d 1085d 0/1 auto-closed as invalid on 2021/10/25 16:30
linux-4.19 panic: runtime error: invalid memory address or nil pointer dereference 1 1476d 1476d 0/1 auto-closed as invalid on 2020/08/02 09:10
upstream panic: runtime error: invalid memory address or nil pointer dereference (4) 1 302d 298d 0/26 auto-obsoleted due to no activity on 2023/09/20 17:18

Sample crash report:
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendfile(r1, r0, &(0x7f0000000040)=0x100060, 0xa808)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x76f6be]

goroutine 13 [running]:
github.com/google/syzkaller/prog.foreachArgImpl(0xb1e8e0, 0xc02864e600, 0xc0286a4380, 0xc0270c8708)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:142 +0x2ae
github.com/google/syzkaller/prog.foreachArgImpl(0xb1e920, 0xc02865f800, 0xc0286a4380, 0xc0270c8708)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x656
github.com/google/syzkaller/prog.ForeachArg(0xc028647e00, 0xc0270c8708)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0xdd
github.com/google/syzkaller/prog.getCompatibleResources(0xc028647d80, 0x924972, 0x5, 0xc024d67b60, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:892 +0xb9
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc024d67b60, 0xc024d7c7d0, 0xef3d80, 0x2, 0x0, 0xc01f2c2b40, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:840 +0xfe
github.com/google/syzkaller/prog.(*ResourceType).generate(0xef3d80, 0xc024d67b60, 0xc024d7c7d0, 0x2, 0xb1e960, 0xc01f2c2b40, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:669 +0x27d
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb24660, 0xef3d80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024d67b60, 0xc024d7c7d0, 0x10f79c0, 0x2, 0x2, 0xc023dde002, 0x41291b, 0xc0270c8bb0, 0x1976dcf4, 0x666fa24d6b720a65, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:596 +0x179
github.com/google/syzkaller/prog.(*StructType).generate(0xf76d60, 0xc024d67b60, 0xc024d7c7d0, 0x2, 0x1988c20, 0xc01f2ca140, 0xc028dfbde0, 0x3, 0xc00002e800)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:780 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb24740, 0xf76d60, 0xc028df0002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*ArrayType).generate(0x10f4120, 0xc024d67b60, 0xc024d7c7d0, 0x2, 0xb1e860, 0xc020c5beb0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:772 +0x180
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb23e80, 0x10f4120, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024d67b60, 0xc024d7c7d0, 0x13e60e0, 0x4, 0x4, 0x2, 0x41291b, 0xc00359efe0, 0x1976dcf4, 0x11d3e820c3cf74d1, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:596 +0x179
github.com/google/syzkaller/prog.(*StructType).generate(0xf76d00, 0xc024d67b60, 0xc024d7c7d0, 0x2, 0x1988c20, 0xc0049ae000, 0x1244753ea2fb76f3, 0xc00359f028, 0x4f71a3)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:780 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb24740, 0xf76d00, 0x400002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*PtrType).generate(0xf277c0, 0xc024d67b60, 0xc024d7c7d0, 0x0, 0xb1e860, 0xc020c5bea0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:797 +0x123
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb24580, 0xf277c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024d67b60, 0xc024d7c7d0, 0x1367c00, 0x3, 0x3, 0xc020abfe00, 0xc00359f338, 0x4f71a3, 0xc0049ae000, 0x5977a9fcd792b5ea, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:596 +0x179
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc024d67b60, 0xc024d7c7d0, 0x15a7980, 0x4, 0x5, 0xc028458880)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:551 +0xd5
github.com/google/syzkaller/prog.(*randGen).createResource(0xc024d67b60, 0xc024d7c7d0, 0xef3d80, 0x203002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:388 +0x5b0
github.com/google/syzkaller/prog.(*ResourceType).generate(0xef3d80, 0xc024d67b60, 0xc024d7c7d0, 0x2, 0x40, 0xc024d8fe00, 0x203009, 0x420835, 0xc00009d180)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x1e8
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb24660, 0xef3d80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024d67b60, 0xc024d7c7d0, 0x13e6180, 0x4, 0x4, 0x2, 0x41291b, 0xc00359f928, 0x1976dcf4, 0x6558d9fd4200165e, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:596 +0x179
github.com/google/syzkaller/prog.(*StructType).generate(0xf76e20, 0xc024d67b60, 0xc024d7c7d0, 0x2, 0x1988c20, 0x1e9, 0xc00359f9e8, 0xc00359f970, 0x4f71a3)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:780 +0x7c
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb24740, 0xf76e20, 0x400002, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*PtrType).generate(0xf27840, 0xc024d67b60, 0xc024d7c7d0, 0xc0095c0300, 0xb1e860, 0xc024d89e90, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:797 +0x123
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc024d67b60, 0xc024d7c7d0, 0xb24580, 0xf27840, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x3f8
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:608
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc024d67b60, 0xc024d7c7d0, 0x1367d80, 0x3, 0x3, 0xc01ce96000, 0xe6c, 0xe6c, 0x1a76, 0x252, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:596 +0x179
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc024d67b60, 0xc024d7c7d0, 0x15a7c80, 0x252, 0xc024d7c7d0, 0xc024889b80)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:551 +0xd5
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc024d67b60, 0xc024d7c7d0, 0xc024d8e4c0, 0x0, 0xc024d8e4c0, 0xc024d8e500, 0xc024d7c7d0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:540 +0x95
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc0270c9e18, 0x14)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf2
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc024d8e4c0, 0xb17d20, 0xc003652180, 0x14, 0xc01589e180, 0xc012a80000, 0xb55b, 0xc000)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).smashInput(0xc015a0a7c0, 0xc023e58090)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:213 +0x131
main.(*Proc).loop(0xc015a0a7c0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x1d7
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:267 +0x1187

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/22 16:17 linux-4.19.y d18b78abc0c6 6436ce4b .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.