syzbot


panic: runtime error: slice bounds out of range [40:LINE]

Status: fixed on 2021/09/25 08:25
Fix commit: 6d0b40b1d159 [op] Make PacketBuffer Clone() do a deeper copy.
First crash: 1215d, last: 1212d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor panic: runtime error: slice bounds out of range [2:LINE] 1 1224d 1224d 14/26 fixed on 2021/08/16 21:45
gvisor panic: runtime error: slice bounds out of range [12:LINE] C 63 376d 1155d 26/26 fixed on 2023/11/17 13:01
gvisor panic: runtime error: slice bounds out of range [NUM:NUM] C 666 111d 123d 0/26 moderation: reported C repro on 2024/07/26 06:51

Sample crash report:
panic: runtime error: slice bounds out of range [40:0]

goroutine 1659583 [running]:
panic(0x1171180, 0xc01fe30468)
	GOROOT/src/runtime/panic.go:1065 +0x565 fp=0xc0a3496320 sp=0xc0a3496258 pc=0x437c65
runtime.goPanicSliceB(0x28, 0x0)
	GOROOT/src/runtime/panic.go:116 +0xa5 fp=0xc0a3496368 sp=0xc0a3496320 pc=0x435445
gvisor.dev/gvisor/pkg/tcpip/header.IPv6.Encode(0x0, 0x0, 0x0, 0xc0a3496420)
	pkg/tcpip/header/ipv6.go:274 +0x1e6 fp=0xc0a34963d0 sp=0xc0a3496368 pc=0x8f7ee6
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.addIPHeader(0xc01c987cd0, 0x10, 0xc01c987cc0, 0x10, 0xc01bb6f800, 0x4000000006, 0x0, 0x0, 0x0, 0xc0022eeff0, ...)
	pkg/tcpip/network/ipv6/ipv6.go:681 +0x205 fp=0xc0a3496480 sp=0xc0a34963d0 pc=0xb0a085
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).WritePacket(0xc000bd2800, 0xc0022eefa0, 0x4879004000000006, 0xc01bb6f800, 0x1414, 0xc01db137a6)
	pkg/tcpip/network/ipv6/ipv6.go:744 +0x85 fp=0xc0a34964e8 sp=0xc0a3496480 pc=0xb0a525
gvisor.dev/gvisor/pkg/tcpip/stack.(*Route).WritePacket(0xc0022eefa0, 0x4000000006, 0xc01bb6f800, 0x10, 0x4879)
	pkg/tcpip/stack/route.go:462 +0xad fp=0xc0a3496528 sp=0xc0a34964e8 pc=0x9389ed
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.sendTCP(0xc0022eefa0, 0x0, 0xc01c987cb0, 0x10, 0x4879, 0xc01c987ca0, 0x10, 0x140040, 0x137de674, 0x0, ...)
	pkg/tcpip/transport/tcp/connect.go:842 +0x285 fp=0xc0a3498378 sp=0xc0a3496528 pc=0xab9e65
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.replyWithReset(0xc0000e5500, 0xc015f72800, 0x0, 0x0, 0x0)
	pkg/tcpip/transport/tcp/protocol.go:195 +0x1e5 fp=0xc0a34984d0 sp=0xc0a3498378 pc=0xacb4e5
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*protocol).HandleUnknownDestinationPacket(0xc00032e0f0, 0x0, 0xc01c987cb0, 0x10, 0x4879, 0xc01c987ca0, 0x10, 0xc01bb6f700, 0x0)
	pkg/tcpip/transport/tcp/protocol.go:153 +0x13b fp=0xc0a3498550 sp=0xc0a34984d0 pc=0xacb2bb
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverTransportPacket(0xc000d68000, 0x6, 0xc01bb6f700, 0x1)
	pkg/tcpip/stack/nic.go:834 +0x351 fp=0xc0a3498658 sp=0xc0a3498550 pc=0x931711
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).processExtensionHeaders(0xc000bd2800, 0xc020a55cee, 0x28, 0x50, 0xc01bb6f700, 0x0, 0xc0001a2008, 0x7)
	pkg/tcpip/network/ipv6/ipv6.go:1556 +0x1923 fp=0xc0a3498fd8 sp=0xc0a3498658 pc=0xb0ede3
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).handleValidatedPacket(0xc000bd2800, 0xc020a55cee, 0x28, 0x50, 0xc01bb6f700, 0xc0001a2008, 0x7)
	pkg/tcpip/network/ipv6/ipv6.go:1190 +0x336 fp=0xc0a3499250 sp=0xc0a3498fd8 pc=0xb0d036
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).handleLocalPacket(0xc000bd2800, 0xc01bb6f600, 0x1)
	pkg/tcpip/network/ipv6/ipv6.go:1126 +0x19f fp=0xc0a3499470 sp=0xc0a3499250 pc=0xb0cc9f
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).writePacket(0xc000bd2800, 0xc0022eef00, 0xc01bb6f600, 0x6, 0x0, 0x0)
	pkg/tcpip/network/ipv6/ipv6.go:782 +0x4ae fp=0xc0a34996a8 sp=0xc0a3499470 pc=0xb0ac4e
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).WritePacket(0xc000bd2800, 0xc0022eef00, 0x4000000006, 0xc01bb6f600, 0x70800228, 0xc020a55d16)
	pkg/tcpip/network/ipv6/ipv6.go:774 +0x16c fp=0xc0a3499710 sp=0xc0a34996a8 pc=0xb0a60c
gvisor.dev/gvisor/pkg/tcpip/stack.(*Route).WritePacket(0xc0022eef00, 0x4000000006, 0xc01bb6f600, 0xc00064e458, 0x0)
	pkg/tcpip/stack/route.go:462 +0xad fp=0xc0a3499750 sp=0xc0a3499710 pc=0x9389ed
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.sendTCP(0xc0022eef00, 0x4879, 0xc00051f440, 0x10, 0x0, 0xc00051f440, 0x10, 0x137de67300020040, 0x708000000000, 0xc020a4c4b0, ...)
	pkg/tcpip/transport/tcp/connect.go:842 +0x285 fp=0xc0a349b5a0 sp=0xc0a3499750 pc=0xab9e65
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).sendTCP(0xc02207d500, 0xc0022eef00, 0x4879, 0xc00051f440, 0x10, 0x0, 0xc00051f440, 0x10, 0x137de67300020000, 0x708000000000, ...)
	pkg/tcpip/transport/tcp/connect.go:734 +0xea fp=0xc0a349b670 sp=0xc0a349b5a0 pc=0xab922a
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).sendSynTCP(0xc02207d500, 0xc0022eef00, 0x4879, 0xc00051f440, 0x10, 0x0, 0xc00051f440, 0x10, 0x137de67300020000, 0x708000000000, ...)
	pkg/tcpip/transport/tcp/connect.go:725 +0xdc fp=0xc0a349b750 sp=0xc0a349b670 pc=0xab907c
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*handshake).start(0xc020a31200)
	pkg/tcpip/transport/tcp/connect.go:502 +0x2da fp=0xc0a349b888 sp=0xc0a349b750 pc=0xab80da
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).connect(0xc02207d500, 0xc000000000, 0x0, 0x0, 0xc00a540000, 0x890101, 0x0, 0x0)
	pkg/tcpip/transport/tcp/endpoint.go:2338 +0x807 fp=0xc0a349cf30 sp=0xc0a349b888 pc=0xac5147
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).Connect(0xc02207d500, 0xc000000000, 0x0, 0x0, 0x0, 0x0, 0xc00a540000)
	pkg/tcpip/transport/tcp/endpoint.go:2074 +0x7c fp=0xc0a349d950 sp=0xc0a349cf30 pc=0xac483c
gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*socketOpsCommon).Connect(0xc022692b00, 0xc0226ab500, 0xc015907e20, 0x1c, 0x1c, 0x1, 0x0)
	pkg/sentry/socket/netstack/netstack.go:607 +0x364 fp=0xc0a349da50 sp=0xc0a349d950 pc=0xb28284
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.Connect(0xc0226ab500, 0x3, 0x20000600, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/socket.go:277 +0x1c8 fp=0xc0a349db00 sp=0xc0a349da50 pc=0xdf3ea8
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0226ab500, 0x2a, 0x3, 0x20000600, 0x1c, 0x0, 0x0, 0x0, 0xe34ff0, 0x12536a0, ...)
	pkg/sentry/kernel/task_syscall.go:104 +0x13c fp=0xc0a349dc60 sp=0xc0a349db00 pc=0x9be27c
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0226ab500, 0x2a, 0x3, 0x20000600, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0)
	pkg/sentry/kernel/task_syscall.go:239 +0x66 fp=0xc0a349dce8 sp=0xc0a349dc60 pc=0x9bf406
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0226ab500, 0x2a, 0x3, 0x20000600, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0)
	pkg/sentry/kernel/task_syscall.go:199 +0x98 fp=0xc0a349dd48 sp=0xc0a349dce8 pc=0x9beff8
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0226ab500, 0x2, 0xc0226ab500)
	pkg/sentry/kernel/task_syscall.go:174 +0x15c fp=0xc0a349de18 sp=0xc0a349dd48 pc=0x9be99c
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc0226ab500, 0x13b9f60, 0x0)
	pkg/sentry/kernel/task_run.go:282 +0xca5 fp=0xc0a349df60 sp=0xc0a349de18 pc=0x9b3565
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0226ab500, 0x76b3)
	pkg/sentry/kernel/task_run.go:97 +0x1af fp=0xc0a349dfd0 sp=0xc0a349df60 pc=0x9b21cf
runtime.goexit()
	src/runtime/asm_amd64.s:1371 +0x1 fp=0xc0a349dfd8 sp=0xc0a349dfd0 pc=0x472821
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:328 +0xfe

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/08/02 05:39 gvisor 4f6c1f30937e 6c236867 .config console log report info ci-gvisor-kvm panic: runtime error: slice bounds out of range [40:LINE]
2021/07/30 21:18 gvisor 62ea5c0a2212 6c236867 .config console log report info ci-gvisor-kvm panic: runtime error: slice bounds out of range [40:LINE]
2021/07/30 03:08 gvisor 095b0d834853 8a799410 .config console log report info ci-gvisor-kvm panic: runtime error: slice bounds out of range [40:LINE]
* Struck through repros no longer work on HEAD.