syzbot


panic: invalid range: [ADDR, ADDR)

Status: moderation: reported C repro on 2020/06/13 11:44
Reported-by: syzbot+7134270f6ba5529123cf@syzkaller.appspotmail.com
First crash: 1634d, last: 1624d

Sample crash report:
panic: invalid range: [0xffff800080000000, 0x7ffff000)

goroutine 447 [running]:
panic(0xdf3ae0, 0xc00030f820)
	GOROOT/src/runtime/panic.go:1064 +0x46d fp=0xc0001556f8 sp=0xc000155640 pc=0x43432d
gvisor.dev/gvisor/pkg/sentry/pgalloc.(*MemoryFile).DecRef(0xc0002af500, 0xffff800080000000, 0x7ffff000)
	pkg/sentry/pgalloc/pgalloc.go:597 +0x521 fp=0xc0001557e8 sp=0xc0001556f8 pc=0x6c4701
gvisor.dev/gvisor/pkg/sentry/mm.(*SpecialMappable).DecRef.func1()
	pkg/sentry/mm/special_mappable.go:56 +0x5d fp=0xc000155818 sp=0xc0001557e8 pc=0x845b8d
gvisor.dev/gvisor/pkg/refs.(*AtomicRefCount).DecRefWithDestructor(0xc000164980, 0xc000155868)
	pkg/refs/refcounter.go:459 +0x153 fp=0xc000155858 sp=0xc000155818 pc=0x59f413
gvisor.dev/gvisor/pkg/sentry/mm.(*SpecialMappable).DecRef(0xc000164980)
	pkg/sentry/mm/special_mappable.go:55 +0x50 fp=0xc000155888 sp=0xc000155858 pc=0x82e780
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).MMap(0xc000157000, 0x113a040, 0xc0008bca80, 0x7ffffffff000, 0x112f220, 0xc000164980, 0x112dba0, 0xc000164980, 0x0, 0x20003000, ...)
	pkg/sentry/mm/syscalls.go:137 +0x4b1 fp=0xc000155980 sp=0xc000155888 pc=0x82f571
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Mmap(0xc0008bca80, 0x20003000, 0x7ffffffff000, 0x0, 0x2831, 0xffffffff, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/syscalls/linux/sys_mmap.go:105 +0x29a fp=0xc000155b40 sp=0xc000155980 pc=0x8eedda
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0008bca80, 0x9, 0x20003000, 0x7ffffffff000, 0x0, 0x2831, 0xffffffff, 0x0, 0x0, 0xfa0640, ...)
	pkg/sentry/kernel/task_syscall.go:170 +0x122 fp=0xc000155ca0 sp=0xc000155b40 pc=0x895d82
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0008bca80, 0x9, 0x20003000, 0x7ffffffff000, 0x0, 0x2831, 0xffffffff, 0x0, 0xffffffff, 0x0)
	pkg/sentry/kernel/task_syscall.go:305 +0x66 fp=0xc000155d28 sp=0xc000155ca0 pc=0x896f66
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0008bca80, 0x9, 0x20003000, 0x7ffffffff000, 0x0, 0x2831, 0xffffffff, 0x0, 0xc00012e360, 0x1)
	pkg/sentry/kernel/task_syscall.go:265 +0x96 fp=0xc000155d88 sp=0xc000155d28 pc=0x896af6
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0008bca80, 0x2, 0xc0004a5440)
	pkg/sentry/kernel/task_syscall.go:240 +0x15c fp=0xc000155e48 sp=0xc000155d88 pc=0x89648c
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc0008bca80, 0x1117ca0, 0x0)
	pkg/sentry/kernel/task_run.go:259 +0xec8 fp=0xc000155f60 sp=0xc000155e48 pc=0x88b598
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0008bca80, 0x9)
	pkg/sentry/kernel/task_run.go:92 +0x18b fp=0xc000155fd0 sp=0xc000155f60 pc=0x889fbb
runtime.goexit()
	src/runtime/asm_amd64.s:1373 +0x1 fp=0xc000155fd8 sp=0xc000155fd0 pc=0x467d01
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:318 +0xfe

Crashes (42):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/06 13:42 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-main
2020/06/06 13:32 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host
2020/06/06 13:31 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host-race
2020/06/06 13:28 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-proxy-sandbox-race
2020/06/06 13:22 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-main
2020/06/06 13:16 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-main
2020/06/06 12:36 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host-race
2020/06/06 12:33 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-proxy-sandbox-race
2020/06/06 12:31 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host
2020/06/06 12:21 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host
2020/06/06 12:17 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host
2020/06/06 12:13 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-proxy-sandbox-race
2020/06/06 11:46 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host-race
2020/06/06 11:42 gvisor 427d2082165e e6b89e4e .config console log report syz C ci-gvisor-ptrace-direct-overlay-host-race
2020/06/16 12:07 gvisor 3b0b1f104d96 4ea9d964 .config console log report ci-gvisor-main
2020/06/16 12:06 gvisor 3b0b1f104d96 4ea9d964 .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2020/06/16 12:04 gvisor 3b0b1f104d96 4ea9d964 .config console log report ci-gvisor-ptrace-direct-overlay-host
2020/06/15 16:13 gvisor f23f62c2c2bc 8e3ab941 .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2020/06/15 16:11 gvisor f23f62c2c2bc 8e3ab941 .config console log report ci-gvisor-ptrace-direct-overlay-host-race
2020/06/15 16:11 gvisor f23f62c2c2bc 8e3ab941 .config console log report ci-gvisor-ptrace-direct-overlay-host
2020/06/15 16:09 gvisor f23f62c2c2bc 8e3ab941 .config console log report ci-gvisor-main
2020/06/10 00:40 gvisor 4950ccde75b3 860c4de9 .config console log report ci-gvisor-main
2020/06/08 07:07 gvisor 626030417920 7751efd0 .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2020/06/08 07:07 gvisor 626030417920 7751efd0 .config console log report ci-gvisor-ptrace-direct-overlay-host
2020/06/08 07:07 gvisor 626030417920 7751efd0 .config console log report ci-gvisor-ptrace-direct-overlay-host-race
2020/06/08 07:05 gvisor 626030417920 7751efd0 .config console log report ci-gvisor-main
2020/06/07 09:58 gvisor 427d2082165e 2c2b926c .config console log report ci-gvisor-main
2020/06/07 08:54 gvisor 427d2082165e 2c2b926c .config console log report ci-gvisor-main
2020/06/07 07:08 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2020/06/07 06:55 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-main
2020/06/07 06:55 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-main
2020/06/07 05:33 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-ptrace-direct-overlay-host
2020/06/07 05:33 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-ptrace-direct-overlay-host-race
2020/06/07 05:32 gvisor 9aaca5a6da39 e6b89e4e .config console log report ci-gvisor-kvm-proxy-overlay-sandbox
2020/06/07 05:12 gvisor 9aaca5a6da39 e6b89e4e .config console log report ci-gvisor-kvm-proxy-overlay-sandbox
2020/06/07 05:11 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-kvm-direct-sandbox
2020/06/07 05:10 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2020/06/07 00:33 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-kvm-direct-sandbox
2020/06/06 12:23 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-main
2020/06/06 11:30 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-ptrace-direct-overlay-host-race
2020/06/06 11:17 gvisor 427d2082165e e6b89e4e .config console log report ci-gvisor-ptrace-direct-overlay-host
* Struck through repros no longer work on HEAD.