syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: Start ADDR + offset ADDR overflows?

Status: fixed on 2021/02/10 20:40
Fix commit: bf4968e17d7d exec: don't panic if an elf file is malformed
First crash: 1716d, last: 1410d

Sample crash report:
panic: Start 0x447398728003 + offset 0x557398728000 overflows?

goroutine 677 [running]:
panic(0x10ab560, 0xc000642040)
	GOROOT/src/runtime/panic.go:1064 +0x470 fp=0xc000b3e728 sp=0xc000b3e670 pc=0x437110
gvisor.dev/gvisor/pkg/sentry/loader.loadParsedELF(0x141c960, 0xc000877500, 0xc000b29000, 0x1414b40, 0xc000130040, 0x0, 0x0, 0x40, 0xc00014a100, 0x1, ...)
	pkg/sentry/loader/elf.go:629 +0x1ba5 fp=0xc000b3eb10 sp=0xc000b3e728 pc=0x9f0d45
gvisor.dev/gvisor/pkg/sentry/loader.loadInitialELF(0x141c960, 0xc000877500, 0xc000b29000, 0xc0001af5c0, 0x1414b40, 0xc000130040, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/loader/elf.go:738 +0x608 fp=0xc000b3ed38 sp=0xc000b3eb10 pc=0x9f13e8
gvisor.dev/gvisor/pkg/sentry/loader.loadELF(0x141c960, 0xc000877500, 0xc000b29000, 0xc000194088, 0x1, 0xc00065a400, 0x7, 0x1414b40, 0xc000130040, 0x13eeaa0, ...)
	pkg/sentry/loader/elf.go:790 +0xe7 fp=0xc000b3ef88 sp=0xc000b3ed38 pc=0x9f1d67
gvisor.dev/gvisor/pkg/sentry/loader.loadExecutable(0x141c960, 0xc000877500, 0xc000b29000, 0xc000194088, 0x1, 0xc00065a400, 0x7, 0x1414b40, 0xc000130040, 0x13eeaa0, ...)
	pkg/sentry/loader/loader.go:206 +0x85f fp=0xc000b3f1c8 sp=0xc000b3ef88 pc=0x9f41df
gvisor.dev/gvisor/pkg/sentry/loader.Load(0x141c960, 0xc000877500, 0xc000b29000, 0xc000194088, 0x1, 0xc00065a400, 0x7, 0x0, 0x0, 0x13eeaa0, ...)
	pkg/sentry/loader/loader.go:260 +0xd8 fp=0xc000b3f638 sp=0xc000b3f1c8 pc=0x9f4ab8
gvisor.dev/gvisor/pkg/sentry/kernel.(*Kernel).LoadTaskImage(0xc0000fe280, 0x141c960, 0xc000877500, 0xc000b29000, 0xc000194088, 0x1, 0xc00065a400, 0x7, 0x0, 0x0, ...)
	pkg/sentry/kernel/task_image.go:172 +0x198 fp=0xc000b3f7a0 sp=0xc000b3f638 pc=0xa395d8
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.execveat(0xc000877500, 0xffffff9c, 0x20000280, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0)
	pkg/sentry/syscalls/linux/vfs2/execve.go:151 +0x598 fp=0xc000b3fb30 sp=0xc000b3f7a0 pc=0xe4d2f8
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.Execveat(0xc000877500, 0xffffff9c, 0x20000280, 0x0, 0x0, 0x1000, 0x0, 0x78, 0x0, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/execve.go:48 +0xa5 fp=0xc000b3fb90 sp=0xc000b3fb30 pc=0xe4cd05
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc000877500, 0x142, 0xffffff9c, 0x20000280, 0x0, 0x0, 0x1000, 0x0, 0xeaded7, 0x1282be0, ...)
	pkg/sentry/kernel/task_syscall.go:116 +0x1b9 fp=0xc000b3fc50 sp=0xc000b3fb90 pc=0xa4ab19
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc000877500, 0x142, 0xffffff9c, 0x20000280, 0x0, 0x0, 0x1000, 0x0, 0x1000, 0x0)
	pkg/sentry/kernel/task_syscall.go:291 +0x70 fp=0xc000b3fcd8 sp=0xc000b3fc50 pc=0xa4bdd0
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc000877500, 0x142, 0xffffff9c, 0x20000280, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0)
	pkg/sentry/kernel/task_syscall.go:238 +0xb4 fp=0xc000b3fd38 sp=0xc000b3fcd8 pc=0xa4b8d4
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc000877500, 0x2, 0xc000877500)
	pkg/sentry/kernel/task_syscall.go:205 +0x198 fp=0xc000b3fe08 sp=0xc000b3fd38 pc=0xa4b1b8
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc000877500, 0x13eee40, 0x0)
	pkg/sentry/kernel/task_run.go:327 +0xd95 fp=0xc000b3ff60 sp=0xc000b3fe08 pc=0xa3dc75
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000877500, 0x1b)
	pkg/sentry/kernel/task_run.go:100 +0x1e2 fp=0xc000b3ffd0 sp=0xc000b3ff60 pc=0xa3c782
runtime.goexit()
	src/runtime/asm_amd64.s:1374 +0x1 fp=0xc000b3ffd8 sp=0xc000b3ffd0 pc=0x470681
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:374 +0x116

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/01/16 08:02 gvisor 833516c139b5 65a7a854 .config console log report syz C ci-gvisor-kvm-cover
2021/01/16 08:02 gvisor 833516c139b5 65a7a854 .config console log report syz C ci-gvisor-kvm
2021/01/16 07:52 gvisor cd75bb163f46 65a7a854 .config console log report syz C ci-gvisor-ptrace-2-race
2021/01/16 07:46 gvisor cd75bb163f46 65a7a854 .config console log report syz C ci-gvisor-ptrace-2
2021/01/16 07:44 gvisor e57ebcd37a7b 65a7a854 .config console log report syz C ci-gvisor-ptrace-1-race
2021/01/16 07:42 gvisor cd75bb163f46 65a7a854 .config console log report syz C ci-gvisor-ptrace-3
2021/01/16 07:42 gvisor cd75bb163f46 65a7a854 .config console log report syz C ci-gvisor-ptrace-3-race
2021/01/16 07:41 gvisor e57ebcd37a7b 65a7a854 .config console log report syz C ci-gvisor-ptrace-2-cover
2021/01/16 07:39 gvisor e57ebcd37a7b 65a7a854 .config console log report syz C ci-gvisor-ptrace-3-cover
2021/01/16 07:36 gvisor cd75bb163f46 65a7a854 .config console log report syz C ci-gvisor-ptrace-1
2021/01/16 07:26 gvisor cd75bb163f46 65a7a854 .config console log report syz C ci-gvisor-ptrace-1-cover
2020/04/10 13:13 gvisor 981a587476e1 a8c6a3f8 .config console log report syz ci-gvisor-kvm-proxy-overlay-sandbox
2020/04/08 23:46 gvisor 71c7e24e5cb8 db9bcd4b .config console log report syz ci-gvisor-kvm-direct-sandbox
2020/03/16 10:00 gvisor 97127750289b 749688d2 .config console log report syz ci-gvisor-ptrace-proxy-sandbox-race
2020/03/16 08:10 gvisor 97127750289b 749688d2 .config console log report syz ci-gvisor-ptrace-direct-overlay-host
2020/03/16 08:03 gvisor 97127750289b 749688d2 .config console log report syz ci-gvisor-main
2020/03/16 07:50 gvisor 97127750289b 749688d2 .config console log report syz ci-gvisor-ptrace-direct-overlay-host-race
2021/01/16 07:18 gvisor cd75bb163f46 65a7a854 .config console log report info ci-gvisor-ptrace-1-cover
2020/03/16 07:38 gvisor 97127750289b 749688d2 .config console log report ci-gvisor-ptrace-direct-overlay-host-race
* Struck through repros no longer work on HEAD.