syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: nested locking: transport.endpointMutex:

Status: fixed on 2023/05/15 23:52
Fix commit: a7e1fe92f588 Don't hold baseEndpoint.mu when calling receiver.Recv.
First crash: 568d, last: 568d

Sample crash report:
panic: nested locking: transport.endpointMutex:
goroutine 250 [running]:
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*endpointMutex).Lock(0xc0008f42c8)
	bazel-out/k8-fastbuild-ST-3dcbe13c9b87/bin/pkg/sentry/socket/unix/transport/endpoint_mutex.go:35 +0x45
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Close(0xc0008f42c0, {0x82c058, 0xc000812a80})
	pkg/sentry/socket/unix/transport/connectioned.go:234 +0x55
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*Socket).DecRef.func1()
	pkg/sentry/socket/unix/unix.go:112 +0xc2
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*socketRefs).DecRef(0xc00064c080, 0xc000899930)
	bazel-out/k8-fastbuild-ST-3dcbe13c9b87/bin/pkg/sentry/socket/unix/socket_refs.go:131 +0x5f
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*Socket).DecRef(0xc00064c000, {0x82c058, 0xc000812a80})
	pkg/sentry/socket/unix/unix.go:110 +0x85
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*Socket).Release(0xc00064c000?, {0x82c058, 0xc000812a80})
	pkg/sentry/socket/unix/unix.go:123 +0x45
gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).DecRef.func1()
	pkg/sentry/vfs/file_description.go:197 +0x3ca
gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescriptionRefs).DecRef(0xc00064c000, 0xc000899b38)
	bazel-out/k8-fastbuild-ST-3dcbe13c9b87/bin/pkg/sentry/vfs/file_description_refs.go:131 +0x5f
gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).DecRef(0xc00064c000, {0x82c058, 0xc000812a80})
	pkg/sentry/vfs/file_description.go:161 +0x6f
gvisor.dev/gvisor/pkg/sentry/socket/control.(*RightsFiles).Release(0xc0002d4138, {0x82c058, 0xc000812a80})
	pkg/sentry/socket/control/control.go:707 +0x85
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*streamQueueReceiver).Recv(0xc00060eba0, {0x82c058, 0xc000812a80}, {0xc000abc048, 0x1, 0x1}, 0x0, 0x0, 0x0)
	pkg/sentry/socket/unix/transport/unix.go:552 +0x902
gvisor.dev/gvisor/pkg/sentry/socket/unix/transport.(*baseEndpoint).RecvMsg(0xc0008f4420, {0x82c058, 0xc000812a80}, {0xc000abc048, 0x1, 0x1}, 0x5?, 0xc000899f80?, 0x2b?, 0x0)
	pkg/sentry/socket/unix/transport/unix.go:871 +0x10b
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*EndpointReader).ReadToBlocks.func1({0xc000abc048, 0x1, 0x1})
	pkg/sentry/socket/unix/io.go:115 +0x14d
gvisor.dev/gvisor/pkg/safemem.FromVecReaderFunc.ReadToBlocks({0x3c0?}, {0x7f42b74003c0?, 0x0?, 0x1000?, 0xffffffffffffffff?})
	pkg/safemem/io.go:282 +0x38c
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*EndpointReader).ReadToBlocks(0xc000468500, {0x7f42b74003c0?, 0x0?, 0x200013c0?, 0x200003c0?})
	pkg/sentry/socket/unix/io.go:124 +0x7f
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).withInternalMappings(0xc0008da000, {0x82c058, 0xc000812a80}, {0x14ab432?, 0x12d2819?}, {0xd7?, 0x43?, 0x2d?}, 0x1?, 0xc00089a648)
	pkg/sentry/mm/io.go:522 +0x196
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).withVecInternalMappings(0xc0008da000, {0x82c058, 0xc000812a80}, {0x0?, 0xc00089a680?, 0xc000812a80?, 0x2764c00?}, {0x0, 0x1, 0x0}, ...)
	pkg/sentry/mm/io.go:591 +0x6c5
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).CopyOutFrom(0xc0008da000, {0x82c058, 0xc000812a80}, {0x0?, 0x0?, 0xc00020a3c0?, 0x0?}, {0x80fe40?, 0xc000468500?}, {0x0, ...})
	pkg/sentry/mm/io.go:273 +0x2a9
gvisor.dev/gvisor/pkg/usermem.IOSequence.CopyOutFrom(...)
	pkg/usermem/usermem.go:508
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*Socket).RecvMsg.func1()
	pkg/sentry/socket/unix/unix.go:715 +0xf9
gvisor.dev/gvisor/pkg/sentry/socket/unix.(*Socket).RecvMsg(0xc00064c0c0, 0xc000812a80, {{0x826250, 0xc0008da000}, {0x0, 0x1, 0x200003c0, 0x1000}, {0x0, 0x1}}, ...)
	pkg/sentry/socket/unix/unix.go:772 +0x886
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.recvSingleMsg(0xc000812a80, {0x83cd48, 0xc00064c0c0}, 0x20001580, 0x0, 0x0?, {0xc000611860?})
	pkg/sentry/syscalls/linux/sys_socket.go:812 +0x268
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.RecvMMsg(0xc000812a80, 0x0?, {{0x4}, {0x20001580}, {0x1}, {0x0}, {0x0}, {0x0}})
	pkg/sentry/syscalls/linux/sys_socket.go:730 +0x905
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc000812a80, 0x12b, {{0x4}, {0x20001580}, {0x1}, {0x0}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:142 +0x9c2
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc000812a80, 0x0?, {{0x4}, {0x20001580}, {0x1}, {0x0}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:322 +0x7d
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc0006a29c0?, 0xc0002d61e0?, {{0x4}, {0x20001580}, {0x1}, {0x0}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:282 +0x8f
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc000812a80)
	pkg/sentry/kernel/task_syscall.go:257 +0x4c5
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc000812a80?, 0xc000812a80)
	pkg/sentry/kernel/task_run.go:269 +0x1d4b
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000812a80, 0x9)
	pkg/sentry/kernel/task_run.go:98 +0x41b
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:377 +0x1ad

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/08 11:35 gvisor 0b76fe6c0038 90c93c40 .config console log report syz C ci-gvisor-ptrace-2-race panic: nested locking: transport.endpointMutex:
* Struck through repros no longer work on HEAD.