syzbot

 sign-in | mailing list | source | docs
🐞 Open [12]
🐞 Fixed [522]
🐞 Invalid [405]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: runtime error: slice bounds out of range [NUM:NUM] (3)

Status: fixed on 2025/04/10 00:40
Fix commit: e3ca602624c1 Check for bad values of the packet mmap reserve option.
First crash: 117d, last: 116d
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor panic: runtime error: slice bounds out of range [2:LINE] 2 1 1473d 1473d 14/26 fixed on 2021/08/16 21:45
gvisor panic: runtime error: slice bounds out of range [12:LINE] 2 C 63 625d 1404d 26/26 fixed on 2023/11/17 13:01
gvisor panic: runtime error: slice bounds out of range [40:LINE] 2 3 1460d 1464d 14/26 fixed on 2021/09/25 08:25
gvisor panic: runtime error: slice bounds out of range [NUM:NUM] 2 C 666 359d 371d 0/26 closed as invalid on 2024/12/13 00:11
gvisor panic: runtime error: slice bounds out of range [NUM:NUM] (2) 2 C 606 176d 177d 26/26 fixed on 2025/02/06 21:42

Sample crash report:
panic: runtime error: slice bounds out of range [2:0]

goroutine 322 gp=0xc0005e5880 m=21 mp=0xc0003fe308 [running]:
panic({0x12d0de0?, 0xc00059e2a0?})
	bazel-out/k8-fastbuild/bin/external/io_bazel_rules_go/stdlib_/src/runtime/panic.go:804 +0x168 fp=0xc00065ebb0 sp=0xc00065eb00 pc=0x4740c8
runtime.goPanicSliceB(0x2, 0x0)
	bazel-out/k8-fastbuild/bin/external/io_bazel_rules_go/stdlib_/src/runtime/panic.go:155 +0x74 fp=0xc00065ebf0 sp=0xc00065ebb0 pc=0x438f34
gvisor.dev/gvisor/pkg/abi/linux.(*TpacketHdr).MarshalBytes(0x10b32bec?, {0xc0007447c0?, 0x21455e0?, 0x48ab1d?})
	bazel-out/k8-fastbuild/bin/pkg/abi/linux/linux_abi_autogen_unsafe.go:19180 +0x233 fp=0xc00065ec10 sp=0xc00065ebf0 pc=0x60f373
gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).marshalFrameHeader(0xc0001f1408, {{0xc000881140, 0xc000881140}, 0x2d1}, 0x10, 0x10, 0x2d1, 0xc000881110)
	pkg/sentry/socket/netstack/packetmmap/endpoint.go:446 +0x371 fp=0xc00065ece8 sp=0xc00065ec10 pc=0xae8451
gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).HandlePacket(0xc0001f1408, 0x2, 0x0, 0xc000b82640)
	pkg/sentry/socket/netstack/packetmmap/endpoint.go:276 +0x465 fp=0xc00065f310 sp=0xc00065ece8 pc=0xae6cc5
gvisor.dev/gvisor/pkg/tcpip/transport/packet.(*endpoint).HandlePacket(0xc0007ae000, 0x0?, 0x0?, 0x0?)
	pkg/tcpip/transport/packet/endpoint.go:489 +0xe9 fp=0xc00065f358 sp=0xc00065f310 pc=0xafb909
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket.func2({0x15ca1a0, 0xc0007ae000})
	pkg/tcpip/stack/nic.go:826 +0x18a fp=0xc00065f408 sp=0xc00065f358 pc=0x9d470a
gvisor.dev/gvisor/pkg/tcpip/stack.(*packetEndpointList).forEach(0xc000880a20, 0xc00065f498)
	pkg/tcpip/stack/nic.go:147 +0x7c fp=0xc00065f458 sp=0xc00065f408 pc=0x9d121c
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket(0xc000430248, 0x0, 0xc000b823c0)
	pkg/tcpip/stack/nic.go:841 +0x15f fp=0xc00065f4e8 sp=0xc00065f458 pc=0x9d451f
gvisor.dev/gvisor/pkg/tcpip/link/nested.(*Endpoint).DeliverLinkPacket(0x751267?, 0x0, 0xc000b823c0)
	pkg/tcpip/link/nested/nested.go:71 +0x7b fp=0xc00065f520 sp=0xc00065f4e8 pc=0xb9237b
gvisor.dev/gvisor/pkg/tcpip/link/packetsocket.(*endpoint).DeliverNetworkPacket(0xc000a06230, 0x0, 0xc000b823c0)
	pkg/tcpip/link/packetsocket/packetsocket.go:45 +0x25 fp=0xc00065f548 sp=0xc00065f520 pc=0xb93c65
gvisor.dev/gvisor/pkg/tcpip/link/channel.(*Endpoint).InjectInbound(0xc0001b6300, 0x0, 0xc000b823c0)
	pkg/tcpip/link/channel/channel.go:208 +0x6d fp=0xc00065f580 sp=0xc00065f548 pc=0xb975cd
gvisor.dev/gvisor/pkg/tcpip/link/tun.(*Device).Write(0xc0006c45a8, 0xc000880a50)
	pkg/tcpip/link/tun/device.go:250 +0x566 fp=0xc00065f6a0 sp=0xc00065f580 pc=0xb99d06
gvisor.dev/gvisor/pkg/sentry/devices/tundev.(*tunFD).Write(0xc0007ae184?, {0x15eb580, 0xc0004fe588}, {{0x15e26f8, 0xc000374008}, {0x0, 0x1, 0x200000000300, 0x2df}, {0x0, ...}}, ...)
	pkg/sentry/devices/tundev/tundev.go:163 +0x2d7 fp=0xc00065f760 sp=0xc00065f6a0 pc=0xed2077
gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Write(0xc0006c4540, {0x15eb580, 0xc0004fe588}, {{0x15e26f8, 0xc000374008}, {0x0, 0x1, 0x200000000300, 0x2df}, {0x0, ...}}, ...)
	pkg/sentry/vfs/file_description.go:682 +0x8b fp=0xc00065f7e0 sp=0xc00065f760 pc=0x7dee6b
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.write(0xc0004fe588, 0xc0006c4540, {{0x15e26f8, 0xc000374008}, {0x0, 0x1, 0x200000000300, 0x2df}, {0x0, 0x1}}, ...)
	pkg/sentry/syscalls/linux/sys_read_write.go:347 +0x78 fp=0xc00065f970 sp=0xc00065f7e0 pc=0xc222b8
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Write(0xc0004fe588, 0xc00065fb10?, {{0xc8}, {0x200000000300}, {0x2df}, {0x200000000180}, {0x1c}, {0x0}})
	pkg/sentry/syscalls/linux/sys_read_write.go:316 +0x1a5 fp=0xc00065fa78 sp=0xc00065f970 pc=0xc21525
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0004fe588, 0x1, {{0xc8}, {0x200000000300}, {0x2df}, {0x200000000180}, {0x1c}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:143 +0x657 fp=0xc00065fca8 sp=0xc00065fa78 pc=0xa7b7b7
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0004fe588, 0x1, {{0xc8}, {0x200000000300}, {0x2df}, {0x200000000180}, {0x1c}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:323 +0x45 fp=0xc00065fd00 sp=0xc00065fca8 pc=0xa7c925
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0004fe588, 0x1, {{0xc8}, {0x200000000300}, {0x2df}, {0x200000000180}, {0x1c}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:283 +0x65 fp=0xc00065fd50 sp=0xc00065fd00 pc=0xa7c625
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0005a4b60?)
	pkg/sentry/kernel/task_syscall.go:258 +0x2a5 fp=0xc00065fe28 sp=0xc00065fd50 pc=0xa7c3a5
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc000795200?, 0xc0004fe588)
	pkg/sentry/kernel/task_run.go:269 +0xefc fp=0xc00065ff30 sp=0xc00065fe28 pc=0xa71b9c
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0004fe588, 0xd)
	pkg/sentry/kernel/task_run.go:97 +0x214 fp=0xc00065ffc0 sp=0xc00065ff30 pc=0xa70614
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.gowrap1()
	pkg/sentry/kernel/task_start.go:412 +0x25 fp=0xc00065ffe0 sp=0xc00065ffc0 pc=0xa7a1c5
runtime.goexit({})
	src/runtime/asm_amd64.s:1700 +0x1 fp=0xc00065ffe8 sp=0xc00065ffe0 pc=0x47d181
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 235
	pkg/sentry/kernel/task_start.go:412 +0xc5

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/07 13:36 gvisor 7ff7451cb52d 2f0c9720 console log report syz / log C ci-gvisor-ptrace-2 panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/07 13:26 gvisor 7ff7451cb52d 2f0c9720 console log report syz / log C ci-gvisor-kvm panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/07 11:06 gvisor 7ff7451cb52d 2f0c9720 .config console log report syz / log C ci-gvisor-ptrace-2-race panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/07 02:58 gvisor 7ff7451cb52d 1c65791e console log report syz / log C ci-gvisor-ptrace-1 panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:58 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-ptrace-2-race-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:58 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-systrap-1-race-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:49 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-ptrace-2-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:49 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-ptrace-1-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:49 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-systrap-1-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:49 gvisor 7ff7451cb52d 1c65791e console log report syz / log C ci-gvisor-systrap-1 panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:48 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-ptrace-1-race-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:40 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-systrap-1-race panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:39 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-ptrace-1-race panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:25 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-kvm-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/07 14:36 gvisor 7ff7451cb52d 2f0c9720 console log report syz / log C ci-gvisor-arm64-ptrace-1 panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 17:49 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-arm64-ptrace-1-race-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:39 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-arm64-systrap-1-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:39 gvisor 7ff7451cb52d 1c65791e .config console log report syz / log C ci-gvisor-arm64-ptrace-1-cover panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:39 gvisor 7ff7451cb52d 1c65791e console log report syz / log C ci-gvisor-arm64-systrap-1 panic: runtime error: slice bounds out of range [NUM:NUM]
2025/04/06 16:15 gvisor 7ff7451cb52d 1c65791e .config console log report info ci-gvisor-kvm-cover panic: runtime error: slice bounds out of range [NUM:NUM]
* Struck through repros no longer work on HEAD.