syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: runtime error: makeslice: len out of range (3)

Status: fixed on 2021/09/01 20:11
Fix commit: 927ea16dd384 unix: handle a case when a buffer is overflowed
First crash: 1182d, last: 1182d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor panic: runtime error: makeslice: len out of range (2) C 5 1474d 1501d 0/26 fixed on 2020/11/13 09:22
gvisor panic: runtime error: makeslice: len out of range (4) 36 1112d 1116d 14/26 fixed on 2021/11/10 12:39
gvisor panic: runtime error: makeslice: len out of range syz 49 1691d 1713d 0/26 fixed on 2020/04/10 14:44

Sample crash report:
panic: runtime error: makeslice: len out of range

goroutine 551 [running]:
panic(0x10c4ee0, 0x13b8070)
	GOROOT/src/runtime/panic.go:1065 +0x565 fp=0xc000834ea0 sp=0xc000834dd8 pc=0x437c65
runtime.panicmakeslicelen(...)
	GOROOT/src/runtime/slice.go:27
runtime.makeslice(0x106ffa0, 0xfffffffffffcd000, 0xfffffffffffcd000, 0x0)
	GOROOT/src/runtime/slice.go:93 +0xc5 fp=0xc000834ed0 sp=0xc000834ea0 pc=0x450cc5
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*queue).Enqueue(0xc00019a2d0, 0x13f8fa0, 0xc0005b4a80, 0xc00000ceb8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/socket/unix/transport/queue.go:160 +0x10d fp=0xc000834f48 sp=0xc000834ed0 pc=0x70abcd
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*connectedEndpoint).Send(0xc00000cd20, 0x13f8fa0, 0xc0005b4a80, 0xc00000ceb8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/socket/unix/transport/unix.go:690 +0x115 fp=0xc000834fe8 sp=0xc000834f48 pc=0x70e195
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*baseEndpoint).SendMsg(0xc00033ec80, 0x13f8fa0, 0xc0005b4a80, 0xc00000ceb8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/socket/unix/transport/unix.go:855 +0x139 fp=0xc0008350b0 sp=0xc000834fe8 pc=0x70ed19
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*connectionedEndpoint).SendMsg(0xc00033ec80, 0x13f8fa0, 0xc0005b4a80, 0xc00000ceb8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/socket/unix/transport/connectioned.go:474 +0xd9 fp=0xc000835130 sp=0xc0008350b0 pc=0x709039
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*EndpointWriter).WriteFromBlocks.func1(0xc00000ceb8, 0x1, 0x1, 0x1001, 0x0, 0x0)
	pkg/sentry/socket/unix/io.go:43 +0xa8 fp=0xc0008351b8 sp=0xc000835130 pc=0xb5b388
gvisor.dev/gvisor/pkg/safemem.FromVecWriterFunc.WriteFromBlocks(0xc000835310, 0x7fb2bba7b380, 0xffffffffffffffff, 0x0, 0x1001, 0x0, 0x0, 0x0)
	pkg/safemem/io.go:335 +0x3e3 fp=0xc0008352d0 sp=0xc0008351b8 pc=0x6c8283
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*EndpointWriter).WriteFromBlocks(0xc00019a410, 0x7fb2bba7b380, 0xffffffffffffffff, 0x0, 0x1001, 0x0, 0x1, 0xc000252600)
	pkg/sentry/socket/unix/io.go:48 +0x78 fp=0xc000835330 sp=0xc0008352d0 pc=0xb520b8
gvisor.dev/gvisor/pkg/safemem.Writer.WriteFromBlocks-fm(0x7fb2bba7b380, 0xffffffffffffffff, 0x0, 0x1001, 0x20001381, 0x7fb2bba7b380, 0xffffffffffffffff)
	pkg/safemem/io.go:46 +0x62 fp=0xc000835380 sp=0xc000835330 pc=0x8b58c2
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).withInternalMappings(0xc000194000, 0x13f8fa0, 0xc0005b4a80, 0x20000380, 0x20001381, 0x1, 0xc000835640, 0x0, 0xc000547508, 0x8ad8d6)
	pkg/sentry/mm/io.go:507 +0x859 fp=0xc000835490 sp=0xc000835380 pc=0x884899
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).withVecInternalMappings(0xc000194000, 0x13f8fa0, 0xc0005b4a80, 0x0, 0x1, 0x20000380, 0x1001, 0x1, 0xc000547640, 0x70e7b2, ...)
	pkg/sentry/mm/io.go:576 +0x84d fp=0xc000835588 sp=0xc000835490 pc=0x8851ad
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).CopyInTo(0xc000194000, 0x13f8fa0, 0xc0005b4a80, 0x0, 0x1, 0x20000380, 0x1001, 0x13ceb60, 0xc00019a410, 0xffffffffffff0100, ...)
	pkg/sentry/mm/io.go:310 +0x189 fp=0xc000835668 sp=0xc000835588 pc=0x882d29
gvisor.dev/gvisor/pkg/usermem.IOSequence.CopyInTo(...)
	pkg/usermem/usermem.go:515
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*SocketVFS2).Write(0xc00032c480, 0x13f8fa0, 0xc0005b4a80, 0x13f3db0, 0xc000194000, 0x0, 0x1, 0x20000380, 0x1001, 0x100, ...)
	pkg/sentry/socket/unix/unix_vfs2.go:304 +0x30f fp=0xc000835780 sp=0xc000835668 pc=0xb597ef
gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Write(0xc00032c480, 0x13f8fa0, 0xc0005b4a80, 0x13f3db0, 0xc000194000, 0x0, 0x1, 0x20000380, 0x1001, 0x100, ...)
	pkg/sentry/vfs/file_description.go:657 +0xb4 fp=0xc000835818 sp=0xc000835780 pc=0x73e154
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.write(0xc0005b4a80, 0xc00032c480, 0x13f3db0, 0xc000194000, 0x0, 0x1, 0x20000380, 0x1001, 0x100, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/read_write.go:345 +0x9b fp=0xc0008359d0 sp=0xc000835818 pc=0xdf92fb
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.Write(0xc0005b4a80, 0x3, 0x20000380, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/read_write.go:314 +0x245 fp=0xc000835b00 sp=0xc0008359d0 pc=0xdf8be5
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0005b4a80, 0x1, 0x3, 0x20000380, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x12657a0, ...)
	pkg/sentry/kernel/task_syscall.go:103 +0x13c fp=0xc000835c60 sp=0xc000835b00 pc=0x9c401c
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0005b4a80, 0x1, 0x3, 0x20000380, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0)
	pkg/sentry/kernel/task_syscall.go:238 +0x66 fp=0xc000835ce8 sp=0xc000835c60 pc=0x9c51a6
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0005b4a80, 0x1, 0x3, 0x20000380, 0x1001, 0x0, 0x0, 0x0, 0xc00032c760, 0xc00032c6c0)
	pkg/sentry/kernel/task_syscall.go:198 +0x98 fp=0xc000835d48 sp=0xc000835ce8 pc=0x9c4d98
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0005b4a80, 0x2, 0xc0005b4a80)
	pkg/sentry/kernel/task_syscall.go:173 +0x15c fp=0xc000835e18 sp=0xc000835d48 pc=0x9c473c
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc0005b4a80, 0x13ce600, 0x0)
	pkg/sentry/kernel/task_run.go:282 +0xc8c fp=0xc000835f60 sp=0xc000835e18 pc=0x9b93cc
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0005b4a80, 0xd)
	pkg/sentry/kernel/task_run.go:97 +0x1af fp=0xc000835fd0 sp=0xc000835f60 pc=0x9b804f
runtime.goexit()
	src/runtime/asm_amd64.s:1371 +0x1 fp=0xc000835fd8 sp=0xc000835fd0 pc=0x472821
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:327 +0xfe

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/09/01 03:12 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-ptrace-2 panic: runtime error: makeslice: len out of range
2021/09/01 03:12 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-ptrace-1 panic: runtime error: makeslice: len out of range
2021/09/01 03:11 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-ptrace-2-race panic: runtime error: makeslice: len out of range
2021/09/01 03:09 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-ptrace-1-race panic: runtime error: makeslice: len out of range
2021/09/01 03:08 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-kvm-cover panic: runtime error: makeslice: len out of range
2021/09/01 03:08 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-ptrace-3-cover panic: runtime error: makeslice: len out of range
2021/09/01 03:06 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-ptrace-3-race panic: runtime error: makeslice: len out of range
2021/09/01 03:04 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-kvm panic: runtime error: makeslice: len out of range
2021/09/01 02:45 gvisor 976ac9710fad 7eb7e152 .config console log report syz C ci-gvisor-ptrace-3 panic: runtime error: makeslice: len out of range
2021/09/01 02:31 gvisor 976ac9710fad 7eb7e152 .config console log report info ci-gvisor-ptrace-3 panic: runtime error: makeslice: len out of range
* Struck through repros no longer work on HEAD.