syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:

Status: fixed on 2023/11/28 20:07
Fix commit: 7cf14b7c8b5e Add equality function for BPF instructions.
First crash: 368d, last: 368d

Sample crash report:
panic: attempted to rewrite jump target to a different return instruction: from={pc=1: {6 0 0 0}}, to={pc=3: {6 0 181 0}}

goroutine 246 [running]:
panic({0x299540?, 0xc0003df310?})
	GOROOT/src/runtime/panic.go:1017 +0x3ac fp=0xc0005deea0 sp=0xc0005dedf0 pc=0x12e10ec
gvisor.dev/gvisor/pkg/bpf.rewriteAllJumpsToReturn({0xc00012a7e0, 0x4, 0x4}, 0x1, 0x3)
	pkg/bpf/optimizer.go:298 +0x9b4 fp=0xc0005defb8 sp=0xc0005deea0 pc=0x17a6814
gvisor.dev/gvisor/pkg/bpf.optimizeJumpsToSmallestSetOfReturns({0xc00012a7e0?, 0x4, 0x4})
	pkg/bpf/optimizer.go:534 +0x5d8 fp=0xc0005df2a0 sp=0xc0005defb8 pc=0x17a72d8
gvisor.dev/gvisor/pkg/bpf.optimize({0xc00012a7e0, 0x4, 0x4}, {0xc0005df368, 0x7, 0x20?})
	pkg/bpf/optimizer.go:556 +0x10f fp=0xc0005df300 sp=0xc0005df2a0 pc=0x17a79af
gvisor.dev/gvisor/pkg/bpf.Optimize(...)
	pkg/bpf/optimizer.go:569
gvisor.dev/gvisor/pkg/bpf.Compile({0xc00012a7e0, 0x4, 0x4}, 0x1)
	pkg/bpf/interpreter.go:220 +0xb8d fp=0xc0005df3b0 sp=0xc0005df300 pc=0x17a48ad
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.seccomp(0x131d491?, 0x1, 0x0, 0xc0005df4c8?)
	pkg/sentry/syscalls/linux/sys_seccomp.go:70 +0x29b fp=0xc0005df490 sp=0xc0005df3b0 pc=0x1e62bfb
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Seccomp(0x131d2e9?, 0xc0005df598?, {{0x1}, {0x0}, {0x20000000}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/syscalls/linux/sys_seccomp.go:81 +0x36 fp=0xc0005df4d8 sp=0xc0005df490 pc=0x1e62dd6
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0007e9500, 0x13d, {{0x1}, {0x0}, {0x20000000}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:142 +0x8b5 fp=0xc0005df8f8 sp=0xc0005df4d8 pc=0x1c40ed5
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0007e9500, 0x257bb00?, {{0x1}, {0x0}, {0x20000000}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:322 +0x6c fp=0xc0005df998 sp=0xc0005df8f8 pc=0x1c42d0c
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0005dfb58?, 0x2182599?, {{0x1}, {0x0}, {0x20000000}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:282 +0x87 fp=0xc0005dfa10 sp=0xc0005df998 pc=0x1c426c7
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0007e9500)
	pkg/sentry/kernel/task_syscall.go:257 +0x4f0 fp=0xc0005dfb68 sp=0xc0005dfa10 pc=0x1c42250
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc0007e9500?, 0xc0007e9500)
	pkg/sentry/kernel/task_run.go:269 +0x1e08 fp=0xc0005dfe70 sp=0xc0005dfb68 pc=0x1c2cac8
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0007e9500, 0x7)
	pkg/sentry/kernel/task_run.go:98 +0x43b fp=0xc0005dffb0 sp=0xc0005dfe70 pc=0x1c2a3db
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.func1()
	pkg/sentry/kernel/task_start.go:391 +0x45 fp=0xc0005dffe0 sp=0xc0005dffb0 pc=0x1c3ec65
runtime.goexit()
	src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0005dffe8 sp=0xc0005dffe0 pc=0x131a101
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 276
	pkg/sentry/kernel/task_start.go:391 +0x1ae

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/24 04:45 gvisor 722ddab51ebf 5b429f39 .config console log report syz C ci-gvisor-ptrace-2-race panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
2023/11/24 03:40 gvisor 722ddab51ebf 5b429f39 console log report syz C ci-gvisor-kvm panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
2023/11/24 02:32 gvisor 722ddab51ebf 5b429f39 .config console log report syz C ci-gvisor-ptrace-3-race panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
2023/11/24 02:28 gvisor 722ddab51ebf 5b429f39 .config console log report syz C ci-gvisor-systrap-1-cover panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
2023/11/24 02:27 gvisor 722ddab51ebf 5b429f39 console log report syz C ci-gvisor-ptrace-1 panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
2023/11/24 02:06 gvisor 722ddab51ebf 5b429f39 .config console log report syz C ci-gvisor-arm64-ptrace-1-cover panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
2023/11/24 02:13 gvisor 722ddab51ebf 5b429f39 .config console log report info ci-gvisor-arm64-systrap-1-cover panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
2023/11/24 02:00 gvisor 722ddab51ebf 5b429f39 .config console log report info ci-gvisor-arm64-ptrace-1-cover panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
* Struck through repros no longer work on HEAD.