SIGSEGV: segmentation violation k8s.(*cluster).ClusterNameVersion

[chen-keinan]

Discussed in #6637

^{Originally posted by corinz May 6, 2024}

Description

I get a seg fault on the following command.

trivy k8s gke-primary-dv --kubeconfig .kubeconfig --report all

The cluster is a new/pretty vanilla GKE Autopilot cluster created using the GKE terraform module.

Here's a little clue. I have never seen the "name" show up as n/a in k9s. Seems related to the func throwing the error: ClusteNameVersion ... However, in the GKE console this cluster has a "name". What even is the cluster "name" anyway, if not some arbitrary name we assign to the context or cloud resource?

 Context: gke-primary-dv                           <?> Help                                              ____  __.________        
 Cluster: n/a                                      <r> Rename                                           |    |/ _/   __   \______ 
 User:    gke-primary-dv                                                                                |      < \____    /  ___/ 
 K9s Rev: v0.32.4                                                                                       |    |  \   /    /\___ \  
 K8s Rev: v1.28.7-gke.1026000                                                                           |____|__ \ /____//____  > 
 CPU:     10%                                                                                                   \/            \/  
 MEM:     41%     

There is a couple related bugs/discussions but they were merged last year. Since I am using a later version, it is appropriate to reopen e.g. #5621
Thanks for looking into this!

Desired Behavior

The scan works.

Actual Behavior

% trivy k8s gke-primary-dv --kubeconfig .kubeconfig  --report all                  
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x10 pc=0x108a7b1cc]

goroutine 1 [running]:
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).ClusterNameVersion(0x140014596c0)
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/k8s/k8s.go:582 +0xcc
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).getClusterBomInfo(0x14001185088?, {0x14001318408, 0x23, 0x26}, {0x14001977ea0, 0x2, 0x2})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/k8s/k8s.go:560 +0x34
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).CreateClusterBom(0x140014596c0, {0x10ba42250, 0x14001459730})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/k8s/k8s.go:383 +0x3c8
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListClusterBomInfo(0x140025fcc30, {0x10ba42250?, 0x14001459730?})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/trivyk8s/trivyk8s.go:363 +0x38
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListArtifacts(0x140025fcc30, {0x10ba42250, 0x14001459730})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/trivyk8s/trivyk8s.go:224 +0x2b4
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListArtifactAndNodeInfo(0x140025fcc30, {0x10ba42250, 0x14001459730}, {0x14003977cc8, 0x4, 0x29?})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/trivyk8s/trivyk8s.go:304 +0x88
github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun({_, _}, {{{0x108d0f06a, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x1400327db00, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/k8s/commands/cluster.go:38 +0x72c
github.com/aquasecurity/trivy/pkg/k8s/commands.Run({_, _}, {_, _, _}, {{{0x108d0f06a, 0xa}, 0x0, 0x0, 0x0, ...}, ...})
        github.com/aquasecurity/trivy/pkg/k8s/commands/run.go:46 +0x32c
github.com/aquasecurity/trivy/pkg/commands.NewKubernetesCommand.func2(0x14003520f08, {0x140035666e0, 0x1, 0x5})
        github.com/aquasecurity/trivy/pkg/commands/app.go:970 +0x160
github.com/spf13/cobra.(*Command).execute(0x14003520f08, {0x14003566690, 0x5, 0x5})
        github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x1400085fb08)
        github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(0x108d7c397?)
        github.com/spf13/cobra@v1.8.0/command.go:1039 +0x1c
main.run()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:41 +0x158
main.main()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:19 +0x20

Reproduction Steps

1. Create GKE autopilot cluster
2. Execute scan
3. Observe

Target

Kubernetes

Scanner

None

Output Format

None

Mode

None

Debug Output

% trivy k8s gke-primary-dv --kubeconfig .kubeconfig  --report summary --debug
2024-05-06T09:12:15-04:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-05-06T09:12:15-04:00       DEBUG   Ignore statuses statuses=[]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x10 pc=0x1062c31cc]

goroutine 1 [running]:
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).ClusterNameVersion(0x1400054b340)
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/k8s/k8s.go:582 +0xcc
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).getClusterBomInfo(0x14000a9c008?, {0x14000b45c08, 0x23, 0x26}, {0x140010142a0, 0x2, 0x2})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/k8s/k8s.go:560 +0x34
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).CreateClusterBom(0x1400054b340, {0x10928a250, 0x1400054b3b0})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/k8s/k8s.go:383 +0x3c8
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListClusterBomInfo(0x140033ca960, {0x10928a250?, 0x1400054b3b0?})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/trivyk8s/trivyk8s.go:363 +0x38
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListArtifacts(0x140033ca960, {0x10928a250, 0x1400054b3b0})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/trivyk8s/trivyk8s.go:224 +0x2b4
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListArtifactAndNodeInfo(0x140033ca960, {0x10928a250, 0x1400054b3b0}, {0x140031f9cc8, 0x4, 0x29?})
        github.com/aquasecurity/trivy-kubernetes@v0.6.7-0.20240425111126-a549f8de71bb/pkg/trivyk8s/trivyk8s.go:304 +0x88
github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun({_, _}, {{{0x10655706a, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0x14003143560, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/k8s/commands/cluster.go:38 +0x72c
github.com/aquasecurity/trivy/pkg/k8s/commands.Run({_, _}, {_, _, _}, {{{0x10655706a, 0xa}, 0x0, 0x0, 0x1, ...}, ...})
        github.com/aquasecurity/trivy/pkg/k8s/commands/run.go:46 +0x32c
github.com/aquasecurity/trivy/pkg/commands.NewKubernetesCommand.func2(0x140033f0f08, {0x140030d7ec0, 0x1, 0x6})
        github.com/aquasecurity/trivy/pkg/commands/app.go:970 +0x160
github.com/spf13/cobra.(*Command).execute(0x140033f0f08, {0x140030d7e60, 0x6, 0x6})
        github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x1400101b208)
        github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(0x1065c4397?)
        github.com/spf13/cobra@v1.8.0/command.go:1039 +0x1c
main.run()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:41 +0x158
main.main()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:19 +0x20

Operating System

mac OS Sonoma 14.3

Version

Version: 0.51.1
Check Bundle:
  Digest: sha256:6d0771effa53c6cf8130861fc3ac28f5515c35a028edb4bb1e67261b9218c80e
  DownloadedAt: 2024-05-06 12:48:56.05702 +0000 UTC

Checklist

• Run trivy image --reset
• Read the troubleshooting