Skip to content

syz-manager: fix nil pointer dereference in VMLess mode #6445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pimyn-girgis merged 2 commits into from
Nov 4, 2025
Merged

syz-manager: fix nil pointer dereference in VMLess mode #6445

pimyn-girgis merged 2 commits into from
Nov 4, 2025

Conversation

@pimyn-girgis
Copy link
Collaborator

@pimyn-girgis pimyn-girgis commented Nov 4, 2025

When in VMLess mode, reproLoop is not initialized, but we try to dereference it anyways. Check if reproLoop is nil before trying to access it.

Fixes #6420

Before sending a pull request, please review Contribution Guidelines:
https://github.com/google/syzkaller/blob/master/docs/contributing.md

@pimyn-girgis pimyn-girgis requested a review from a-nogikh November 4, 2025 15:05
@pimyn-girgis pimyn-girgis force-pushed the vmless-nil-pointer-fix branch from adc5738 to 34f763a Compare November 4, 2025 15:13
@a-nogikh
Copy link
Collaborator

a-nogikh commented Nov 4, 2025

LGTM

Let's also add a check here that if VMLess is true, then Reproduce must be false. Otherwise it feels like we still risk hitting a much of nil derefs in the syz-manager code.

syzkaller/pkg/mgrconfig/load.go

Lines 211 to 212 in 34f763a

cfg.VMLess = cfg.Type == "none"
return nil

@pimyn-girgis pimyn-girgis force-pushed the vmless-nil-pointer-fix branch from 34f763a to 7fea6ca Compare November 4, 2025 15:47
@pimyn-girgis
syz-manager: fix nil pointer dereference in VMLess mode
d91139b 
When in VMLess mode, reproLoop is not initialized, but we try to dereference it anyways. Check if reproLoop is nil
before trying to access it.

Fixes google#6420
@pimyn-girgis
pkg/mgrconfig: ensure reproduce is set to false when type is set to none
729f401
@pimyn-girgis pimyn-girgis force-pushed the vmless-nil-pointer-fix branch from 7fea6ca to 729f401 Compare November 4, 2025 15:57
@pimyn-girgis pimyn-girgis added this pull request to the merge queue Nov 4, 2025
Merged via the queue into google:master with commit b60a859 Nov 4, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@a-nogikh a-nogikh a-nogikh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

pkg/manager: nil pointer panic when vmPool is nil in setPhaseLocked

2 participants

@pimyn-girgis @a-nogikh