syzbot

 sign-in | mailing list | source | docs
🐞 Open [7]
🐞 Fixed [500]
🐞 Invalid [396]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in packetmmap.(*ringBuffer).currFrameStatus (2)

Status: fixed on 2025/02/08 00:18
Fix commit: da7cd03064d7 Lock around packet mmap fields.
First crash: 14d, last: 13d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor DATA RACE in packetmmap.(*ringBuffer).currFrameStatus C 3 14d 15d 26/26 fixed on 2025/02/07 11:57

Sample crash report:
WARNING: DATA RACE
Read at 0x00c0002371b0 by goroutine 362:
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*ringBuffer).currFrameStatus()
      pkg/sentry/socket/netstack/packetmmap/ring_buffer.go:179 +0x44
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*ringBuffer).hasRoom()
      pkg/sentry/socket/netstack/packetmmap/ring_buffer.go:211 +0x37
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).HandlePacket()
      pkg/sentry/socket/netstack/packetmmap/endpoint.go:181 +0x84
  gvisor.dev/gvisor/pkg/tcpip/transport/packet.(*endpoint).HandlePacket()
      pkg/tcpip/transport/packet/endpoint.go:470 +0x1ee
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket.func2()
      pkg/tcpip/stack/nic.go:815 +0x391
  gvisor.dev/gvisor/pkg/tcpip/stack.(*packetEndpointList).forEach()
      pkg/tcpip/stack/nic.go:146 +0x142
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket()
      pkg/tcpip/stack/nic.go:830 +0x2e6
  gvisor.dev/gvisor/pkg/tcpip/link/nested.(*Endpoint).DeliverLinkPacket()
      pkg/tcpip/link/nested/nested.go:71 +0xc1
  gvisor.dev/gvisor/pkg/tcpip/link/packetsocket.(*endpoint).DeliverNetworkPacket()
      pkg/tcpip/link/packetsocket/packetsocket.go:45 +0x4b
  gvisor.dev/gvisor/pkg/tcpip/link/channel.(*Endpoint).InjectInbound()
      pkg/tcpip/link/channel/channel.go:208 +0xc1
  gvisor.dev/gvisor/pkg/tcpip/link/tun.(*Device).Write()
      pkg/tcpip/link/tun/device.go:250 +0x805
  gvisor.dev/gvisor/pkg/sentry/devices/tundev.(*tunFD).Write()
      pkg/sentry/devices/tundev/tundev.go:163 +0x591
  gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Write()
      pkg/sentry/vfs/file_description.go:682 +0x144
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.write()
      pkg/sentry/syscalls/linux/sys_read_write.go:347 +0xa4
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Write()
      pkg/sentry/syscalls/linux/sys_read_write.go:316 +0x38e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:143 +0xb9e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:323 +0x84
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:283 +0xc6
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:258 +0x549
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:269 +0x2294
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x41a
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.gowrap1()
      pkg/sentry/kernel/task_start.go:412 +0x44

Previous write at 0x00c0002371b0 by goroutine 360:
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*ringBuffer).init()
      pkg/sentry/socket/netstack/packetmmap/ring_buffer.go:68 +0x2ac
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).Init()
      pkg/sentry/socket/netstack/packetmmap/endpoint.go:128 +0x912
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.setSockOptPacket()
      pkg/sentry/socket/netstack/netstack.go:2749 +0x734
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.SetSockOpt()
      pkg/sentry/socket/netstack/netstack.go:1873 +0x365
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*sock).SetSockOpt()
      pkg/sentry/socket/netstack/netstack.go:634 +0x6a9
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.SetSockOpt()
      pkg/sentry/syscalls/linux/sys_socket.go:551 +0x46b
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:143 +0xb9e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:323 +0x84
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:283 +0xc6
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:258 +0x549
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:269 +0x2294
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x41a
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.gowrap1()
      pkg/sentry/kernel/task_start.go:412 +0x44

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/07 15:55 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-systrap-1-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 15:53 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 15:43 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 15:43 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-2-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 15:43 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-systrap-1-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 15:24 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-2-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 13:24 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-systrap-1-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 13:08 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 13:03 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 13:02 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-2-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 12:59 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-systrap-1-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 12:41 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-2-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 12:22 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 12:12 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 12:04 gvisor 53d6f3dd2a22 a4f327c2 .config console log report syz / log C ci-gvisor-ptrace-2-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 22:40 gvisor da7cd03064d7 94926c8d .config console log report syz / log C ci-gvisor-arm64-ptrace-1-race DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 20:05 gvisor 53d6f3dd2a22 a4f327c2 .config console log report info ci-gvisor-systrap-1-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 13:40 gvisor 53d6f3dd2a22 a4f327c2 .config console log report info ci-gvisor-systrap-1-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
2025/02/07 12:23 gvisor 53d6f3dd2a22 a4f327c2 .config console log report info ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
* Struck through repros no longer work on HEAD.