syzbot

 sign-in | mailing list | source | docs
🐞 Open [9]
🐞 Fixed [562]
🐞 Invalid [423]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in packetmmap.(*Endpoint).Init (5)

Status: fixed on 2025/05/16 18:16
Fix commit: a98032f6cc71 Add locking around ringbuffer fields and reserve in packetmmap endpoint.
First crash: 299d, last: 298d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor DATA RACE in packetmmap.(*Endpoint).Init (2) -1 C 9 393d 393d 26/26 fixed on 2025/02/08 00:18
gvisor DATA RACE in packetmmap.(*Endpoint).Init (4) -1 C 9 306d 311d 26/26 fixed on 2025/05/07 14:16
gvisor DATA RACE in packetmmap.(*Endpoint).Init (3) -1 syz 3 331d 331d 26/26 fixed on 2025/04/10 23:54
gvisor DATA RACE in packetmmap.(*Endpoint).Init -1 C 7 393d 394d 26/26 fixed on 2025/02/07 11:57

Sample crash report:
WARNING: DATA RACE
Write at 0x00c0020da3e0 by goroutine 2306:
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).Init()
      pkg/sentry/socket/netstack/packetmmap/endpoint.go:108 +0x2a8
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.setSockOptPacket()
      pkg/sentry/socket/netstack/netstack.go:2974 +0xc5e
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.SetSockOpt()
      pkg/sentry/socket/netstack/netstack.go:1940 +0x2e4
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*sock).SetSockOpt()
      pkg/sentry/socket/netstack/netstack.go:672 +0x607
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.SetSockOpt()
      pkg/sentry/syscalls/linux/sys_socket.go:551 +0x3b4
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:143 +0x994
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:323 +0x71
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:283 +0x93
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:258 +0x4af
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:269 +0x1fa7
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x4fa
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.gowrap1()
      pkg/sentry/kernel/task_start.go:412 +0x44

Previous read at 0x00c0020da3e0 by goroutine 2310:
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).HandlePacket()
      pkg/sentry/socket/netstack/packetmmap/endpoint.go:228 +0x332
  gvisor.dev/gvisor/pkg/tcpip/transport/packet.(*endpoint).HandlePacket()
      pkg/tcpip/transport/packet/endpoint.go:495 +0x122
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket.func2()
      pkg/tcpip/stack/nic.go:826 +0x311
  gvisor.dev/gvisor/pkg/tcpip/stack.(*packetEndpointList).forEach()
      pkg/tcpip/stack/nic.go:147 +0xf3
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket()
      pkg/tcpip/stack/nic.go:841 +0x284
  gvisor.dev/gvisor/pkg/tcpip/link/nested.(*Endpoint).DeliverLinkPacket()
      pkg/tcpip/link/nested/nested.go:71 +0x98
  gvisor.dev/gvisor/pkg/tcpip/link/packetsocket.(*Endpoint).DeliverNetworkPacket()
      pkg/tcpip/link/packetsocket/packetsocket.go:48 +0x3a
  gvisor.dev/gvisor/pkg/tcpip/link/channel.(*Endpoint).InjectInbound()
      pkg/tcpip/link/channel/channel.go:208 +0x98
  gvisor.dev/gvisor/pkg/tcpip/link/tun.(*Device).Write()
      pkg/tcpip/link/tun/device.go:275 +0xe91
  gvisor.dev/gvisor/pkg/sentry/devices/tundev.(*tunFD).Write()
      pkg/sentry/devices/tundev/tundev.go:174 +0x3c4
  gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Write()
      pkg/sentry/vfs/file_description.go:682 +0x118
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.write()
      pkg/sentry/syscalls/linux/sys_read_write.go:347 +0x90
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Write()
      pkg/sentry/syscalls/linux/sys_read_write.go:316 +0x2b1
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:143 +0x994
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:323 +0x71
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:283 +0x93
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:258 +0x4af
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:269 +0x1fa7
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x4fa
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.gowrap1()
      pkg/sentry/kernel/task_start.go:412 +0x44

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/12 09:52 gvisor e4c059533a2a 77908e5f .config console log report syz / log ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*Endpoint).Init
2025/05/13 22:00 gvisor ab0097c4d068 9497799b .config console log report info ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*Endpoint).Init
* Struck through repros no longer work on HEAD.