syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: runtime error: slice bounds out of range [255:LINE]

Status: fixed on 2020/11/20 14:14
Fix commit: 49adf36ed7d3 Fix possible panic due to bad data.
First crash: 1471d, last: 1470d

Sample crash report:
panic: runtime error: slice bounds out of range [255:28]

goroutine 447 [running]:
panic(0x17d2840, 0xc000576060)
	GOROOT/src/runtime/panic.go:1064 +0x470 fp=0xc00069a830 sp=0xc00069a778 pc=0x439090
runtime.goPanicSliceB(0xff, 0x1c)
	GOROOT/src/runtime/panic.go:116 +0xa5 fp=0xc00069a878 sp=0xc00069a830 pc=0x437025
gvisor.dev/gvisor/pkg/tcpip/header.(*IPv4OptionTimestamp).UpdateTimestamp(0xc00069a988, 0xc00040cd8c, 0x4, 0x1a6eea0, 0xc000128000)
	pkg/tcpip/header/ipv4.go:796 +0x8d7 fp=0xc00069a928 sp=0xc00069a878 pc=0xbe85d7
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.handleTimestamp(0xc0003c80ba, 0x1c, 0x28, 0xc00040cd8c, 0x4, 0x1a6eea0, 0xc000128000, 0x1a52340, 0x2cda9e8, 0x0, ...)
	pkg/tcpip/network/ipv4/ipv4.go:1217 +0x2ba fp=0xc00069a988 sp=0xc00069a928 pc=0xf0e7fa
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).processIPOptions(0xc00014e500, 0xc000646000, 0xc000274072, 0x1c, 0x1c, 0x1a52340, 0x2cda9e8, 0xffff, 0x0, 0x0, ...)
	pkg/tcpip/network/ipv4/ipv4.go:1353 +0x9f1 fp=0xc00069b2d8 sp=0xc00069a988 pc=0xf0f511
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).handleICMP(0xc00014e500, 0xc000646000)
	pkg/tcpip/network/ipv4/icmp.go:109 +0x3fb fp=0xc00069bde0 sp=0xc00069b2d8 pc=0xf01e3b
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).handlePacket(0xc00014e500, 0xc000646000)
	pkg/tcpip/network/ipv4/ipv4.go:713 +0xc65 fp=0xc00069c750 sp=0xc00069bde0 pc=0xf0aea5
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).HandlePacket(0xc00014e500, 0xc000646000)
	pkg/tcpip/network/ipv4/ipv4.go:555 +0x1a5 fp=0xc00069ce38 sp=0xc00069c750 pc=0xf0a0e5
gvisor.dev/gvisor/pkg/tcpip/stack.(*NIC).DeliverNetworkPacket(0xc00014c840, 0xc00002006a, 0x6, 0x0, 0x0, 0x800, 0xc000646000)
	pkg/tcpip/stack/nic.go:644 +0xd48 fp=0xc00069d008 sp=0xc00069ce38 pc=0xc4eea8
gvisor.dev/gvisor/pkg/tcpip/link/channel.(*Endpoint).InjectLinkAddr(...)
	pkg/tcpip/link/channel/channel.go:191
gvisor.dev/gvisor/pkg/tcpip/link/tun.(*Device).Write(0xc0005ec1e8, 0xc000274050, 0x46, 0x46, 0x0, 0x1, 0x20000080)
	pkg/tcpip/link/tun/device.go:239 +0x5da fp=0xc00069d1a8 sp=0xc00069d008 pc=0x105f7da
gvisor.dev/gvisor/pkg/sentry/devices/tundev.(*tunFD).Write(0xc0005ec180, 0x1a7f000, 0xc0005eea80, 0x1a7a160, 0xc0003f3000, 0x0, 0x1, 0x20000080, 0x46, 0x100, ...)
	pkg/sentry/devices/tundev/tundev.go:158 +0x22b fp=0xc00069d2d8 sp=0xc00069d1a8 pc=0x141faeb
gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Write(0xc0005ec180, 0x1a7f000, 0xc0005eea80, 0x1a7a160, 0xc0003f3000, 0x0, 0x1, 0x20000080, 0x46, 0x100, ...)
	pkg/sentry/vfs/file_description.go:615 +0x131 fp=0xc00069d3a8 sp=0xc00069d2d8 pc=0x9eccd1
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.write(0xc0005eea80, 0xc0005ec180, 0x1a7a160, 0xc0003f3000, 0x0, 0x1, 0x20000080, 0x46, 0x100, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/read_write.go:364 +0xee fp=0xc00069d5c0 sp=0xc00069d3a8 pc=0x12f5ece
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.Write(0xc0005eea80, 0xf0, 0x20000080, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/read_write.go:333 +0x2a5 fp=0xc00069d740 sp=0xc00069d5c0 pc=0x12f5765
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0005eea80, 0x1, 0xf0, 0x20000080, 0x46, 0x0, 0x0, 0x0, 0x13, 0x1375340, ...)
	pkg/sentry/kernel/task_syscall.go:104 +0x453 fp=0xc00069d9e0 sp=0xc00069d740 pc=0xd59873
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0005eea80, 0x1, 0xf0, 0x20000080, 0x46, 0x0, 0x0, 0x0, 0x408638, 0xc0005ef35f)
	pkg/sentry/kernel/task_syscall.go:239 +0xba fp=0xc00069dac0 sp=0xc00069d9e0 pc=0xd5affa
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0005eea80, 0x1, 0xf0, 0x20000080, 0x46, 0x0, 0x0, 0x0, 0x136a8eb, 0x2cda4d4)
	pkg/sentry/kernel/task_syscall.go:199 +0x10f fp=0xc00069db70 sp=0xc00069dac0 pc=0xd5a90f
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0005eea80, 0x2, 0xc0005eea80)
	pkg/sentry/kernel/task_syscall.go:174 +0x1ea fp=0xc00069dcb0 sp=0xc00069db70 pc=0xd5a0aa
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc0005eea80, 0x1a513e0, 0x0)
	pkg/sentry/kernel/task_run.go:282 +0x1267 fp=0xc00069ded8 sp=0xc00069dcb0 pc=0xd45d87
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0005eea80, 0xb)
	pkg/sentry/kernel/task_run.go:97 +0x398 fp=0xc00069dfd0 sp=0xc00069ded8 pc=0xd43ef8
runtime.goexit()
	src/runtime/asm_amd64.s:1374 +0x1 fp=0xc00069dfd8 sp=0xc00069dfd0 pc=0x4745e1
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:323 +0x1a5

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/11/16 08:20 gvisor 182c126013a2 1bf9a662 .config console log report syz C ci-gvisor-ptrace-proxy-sandbox-race
2020/11/16 07:11 gvisor 182c126013a2 1bf9a662 .config console log report syz C ci-gvisor-main
2020/11/16 17:50 gvisor 43dd7a200569 1bf9a662 .config console log report info ci-gvisor-kvm-direct-sandbox
2020/11/16 17:29 gvisor 43dd7a200569 1bf9a662 .config console log report info ci-gvisor-main
2020/11/16 07:05 gvisor 182c126013a2 1bf9a662 .config console log report info ci-gvisor-main
* Struck through repros no longer work on HEAD.