syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: error when reading RouterAlert option's data bytes: EOF

Status: fixed on 2020/12/30 01:06
Fix commit: c55e5bda4d45 Validate router alert's data length
First crash: 1444d, last: 1442d

Sample crash report:
panic: error when reading RouterAlert option's data bytes: EOF

goroutine 380 [running]:
panic(0x10ae8c0, 0xc000282930)
	GOROOT/src/runtime/panic.go:1064 +0x470 fp=0xc000961de0 sp=0xc000961d28 pc=0x437030
gvisor.dev/gvisor/pkg/tcpip/header.(*IPv6OptionsExtHdrOptionsIterator).Next(0xc000285d70, 0x0, 0xc00029f260, 0x0, 0x0, 0x0)
	pkg/tcpip/header/ipv6_extension_headers.go:389 +0xb5f fp=0xc000961ef8 sp=0xc000961de0 pc=0x94d97f
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).handlePacket(0xc0003161c0, 0xc000ab21e0)
	pkg/tcpip/network/ipv6/ipv6.go:1044 +0x19ba fp=0xc000962dd8 sp=0xc000961ef8 pc=0xbab35a
gvisor.dev/gvisor/pkg/tcpip/network/ipv6.(*endpoint).HandlePacket(0xc0003161c0, 0xc000ab21e0)
	pkg/tcpip/network/ipv6/ipv6.go:935 +0x17a fp=0xc0009635d0 sp=0xc000962dd8 pc=0xba985a
gvisor.dev/gvisor/pkg/tcpip/stack.(*NIC).DeliverNetworkPacket(0xc000ab0180, 0xc00020c960, 0x6, 0x0, 0x0, 0x86dd, 0xc000ab21e0)
	pkg/tcpip/stack/nic.go:829 +0x6c2 fp=0xc0009636c0 sp=0xc0009635d0 pc=0x995b02
gvisor.dev/gvisor/pkg/tcpip/link/channel.(*Endpoint).InjectLinkAddr(...)
	pkg/tcpip/link/channel/channel.go:222
gvisor.dev/gvisor/pkg/tcpip/link/tun.(*Device).Write(0xc000ab0128, 0xc0002f2400, 0x3e, 0x3e, 0x200000c0, 0x3e, 0x100)
	pkg/tcpip/link/tun/device.go:272 +0x474 fp=0xc0009637b8 sp=0xc0009636c0 pc=0xd9caf4
gvisor.dev/gvisor/pkg/sentry/devices/tundev.(*tunFD).Write(0xc000ab00c0, 0x141c740, 0xc0005cb500, 0x14178e0, 0xc0005ec000, 0x0, 0x1, 0x200000c0, 0x3e, 0x100, ...)
	pkg/sentry/devices/tundev/tundev.go:173 +0x1a9 fp=0xc000963888 sp=0xc0009637b8 pc=0xf33889
gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Write(0xc000ab00c0, 0x141c740, 0xc0005cb500, 0x14178e0, 0xc0005ec000, 0x0, 0x1, 0x200000c0, 0x3e, 0x100, ...)
	pkg/sentry/vfs/file_description.go:710 +0xb5 fp=0xc000963908 sp=0xc000963888 pc=0x7d6675
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.write(0xc0005cb500, 0xc000ab00c0, 0x14178e0, 0xc0005ec000, 0x0, 0x1, 0x200000c0, 0x3e, 0x100, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/read_write.go:454 +0xa5 fp=0xc000963a98 sp=0xc000963908 pc=0xe5e845
gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.Write(0xc0005cb500, 0xf0, 0x200000c0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	pkg/sentry/syscalls/linux/vfs2/read_write.go:417 +0x21e fp=0xc000963b90 sp=0xc000963a98 pc=0xe5e0de
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0005cb500, 0x1, 0xf0, 0x200000c0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x1283d40, ...)
	pkg/sentry/kernel/task_syscall.go:116 +0x1b9 fp=0xc000963c50 sp=0xc000963b90 pc=0xa49119
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0005cb500, 0x1, 0xf0, 0x200000c0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0)
	pkg/sentry/kernel/task_syscall.go:291 +0x70 fp=0xc000963cd8 sp=0xc000963c50 pc=0xa4a3d0
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0005cb500, 0x1, 0xf0, 0x200000c0, 0x3e, 0x0, 0x0, 0x0, 0xc0007ed828, 0xc0006f91d0)
	pkg/sentry/kernel/task_syscall.go:238 +0xb4 fp=0xc000963d38 sp=0xc000963cd8 pc=0xa49ed4
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0005cb500, 0x2, 0xc0005cb500)
	pkg/sentry/kernel/task_syscall.go:205 +0x198 fp=0xc000963e08 sp=0xc000963d38 pc=0xa497b8
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc0005cb500, 0x13eed60, 0x0)
	pkg/sentry/kernel/task_run.go:327 +0xd95 fp=0xc000963f60 sp=0xc000963e08 pc=0xa3c275
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0005cb500, 0xc)
	pkg/sentry/kernel/task_run.go:100 +0x1e2 fp=0xc000963fd0 sp=0xc000963f60 pc=0xa3ad82
runtime.goexit()
	src/runtime/asm_amd64.s:1374 +0x1 fp=0xc000963fd8 sp=0xc000963fd0 pc=0x4705a1
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:374 +0x116

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/12/13 10:45 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1-cover
2020/12/13 10:25 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1-cover
2020/12/13 10:15 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1-cover
2020/12/13 10:05 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1-cover
2020/12/13 09:49 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2-cover
2020/12/13 09:39 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2-cover
2020/12/13 09:25 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2-cover
2020/12/13 08:54 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2-race
2020/12/13 07:32 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2-cover
2020/12/13 07:18 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2-race
2020/12/13 07:08 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2-race
2020/12/13 06:38 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2
2020/12/13 06:34 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1-race
2020/12/13 06:34 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1
2020/12/13 06:21 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1-race
2020/12/13 06:20 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1
2020/12/13 06:02 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-2
2020/12/13 06:00 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1-race
2020/12/13 05:59 gvisor 08d36b6c6308 bca53db9 .config console log report syz C ci-gvisor-ptrace-1
2020/12/15 11:55 gvisor b2a697334890 b22a7ec3 .config console log report info ci-gvisor-ptrace-2-race
2020/12/15 10:42 gvisor b2a697334890 b22a7ec3 .config console log report info ci-gvisor-ptrace-2
2020/12/15 10:39 gvisor b2a697334890 b22a7ec3 .config console log report info ci-gvisor-ptrace-1
2020/12/15 09:57 gvisor 2e191cb3f728 97183ed7 .config console log report info ci-gvisor-kvm
2020/12/15 09:54 gvisor b2a697334890 b22a7ec3 .config console log report info ci-gvisor-ptrace-1-race
2020/12/13 15:52 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-1-cover
2020/12/13 15:08 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-2-cover
2020/12/13 14:52 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-2-race
2020/12/13 14:48 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-1-race
2020/12/13 14:46 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-1
2020/12/13 14:45 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-2
2020/12/13 06:07 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-1-cover
2020/12/13 05:56 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-2
2020/12/13 05:53 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-1-race
2020/12/13 05:53 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-1
2020/12/13 05:42 gvisor 08d36b6c6308 bca53db9 .config console log report info ci-gvisor-ptrace-2-cover
* Struck through repros no longer work on HEAD.