syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in fsutil.(*InodeSimpleExtendedAttributes).RemoveXattr

Status: fixed on 2020/03/10 21:06
Fix commit: 62bd3ca8a375 Take write lock when removing xattr
First crash: 1731d, last: 1731d

Sample crash report:
WARNING: DATA RACE
Write at 0x00c0006d20f0 by goroutine 247:
  runtime.mapdelete_faststr()
      GOROOT/src/runtime/map_faststr.go:297 +0x0
  gvisor.dev/gvisor/pkg/sentry/fs/fsutil.(*InodeSimpleExtendedAttributes).RemoveXattr()
      pkg/sentry/fs/fsutil/inode.go:265 +0x13f
  gvisor.dev/gvisor/pkg/sentry/fs/tmpfs.(*fileInodeOperations).RemoveXattr()
      <autogenerated>:1 +0x83
DIAGNOSIS:
I0301 11:52:56.471789   37191 main.go:305] ***************************
I0301 11:52:56.471999   37191 main.go:306] Args: [/syzkaller/managers/ptrace-direct-overlay-host-race/current/image -root /syzkaller/managers/ptrace-direct-overlay-host-race/workdir/gvisor_root -watchdog-action=panic -network=none -debug -alsologtostderr -platform=ptrace -file-access=exclusive -overlay -network=host -TESTONLY-unsafe-nonroot debug -stacks --ps ci-gvisor-ptrace-direct-overlay-host-race-3]
I0301 11:52:56.472294   37191 main.go:307] Version release-20200219.0-72-gce4d1e45bb88
I0301 11:52:56.472428   37191 main.go:308] PID: 37191
I0301 11:52:56.472537   37191 main.go:309] UID: 0, GID: 0
I0301 11:52:56.472619   37191 main.go:310] Configuration:
I0301 11:52:56.472718   37191 main.go:311] 		RootDir: /syzkaller/managers/ptrace-direct-overlay-host-race/workdir/gvisor_root
I0301 11:52:56.472836   37191 main.go:312] 		Platform: ptrace
I0301 11:52:56.472971   37191 main.go:313] 		FileAccess: exclusive, overlay: true
I0301 11:52:56.473113   37191 main.go:314] 		Network: host, logging: false
I0301 11:52:56.473195   37191 main.go:315] 		Strace: false, max size: 1024, syscalls: []
I0301 11:52:56.473301   37191 main.go:316] ***************************
W0301 11:52:56.473375   37191 main.go:321] Block the TERM signal. This is only safe in tests!
D0301 11:52:56.473596   37191 container.go:159] Load container "/syzkaller/managers/ptrace-direct-overlay-host-race/workdir/gvisor_root" "ci-gvisor-ptrace-direct-overlay-host-race-3"
D0301 11:52:56.482210   37191 container.go:592] Signal container "ci-gvisor-ptrace-direct-overlay-host-race-3": signal 0
D0301 11:52:56.482415   37191 sandbox.go:806] Signal sandbox "ci-gvisor-ptrace-direct-overlay-host-race-3"
D0301 11:52:56.482596   37191 sandbox.go:318] Connecting to sandbox "ci-gvisor-ptrace-direct-overlay-host-race-3"
D0301 11:52:56.483212   37191 urpc.go:534] urpc: successfully marshalled 123 bytes.
D0301 11:52:56.484469   37191 urpc.go:577] urpc: unmarshal success.
I0301 11:52:56.484667   37191 debug.go:122] Found sandbox "ci-gvisor-ptrace-direct-overlay-host-race-3", PID: 34796
I0301 11:52:56.484877   37191 debug.go:131] Retrieving sandbox stacks
D0301 11:52:56.484972   37191 sandbox.go:924] Stacks sandbox "ci-gvisor-ptrace-direct-overlay-host-race-3"
D0301 11:52:56.485087   37191 sandbox.go:318] Connecting to sandbox "ci-gvisor-ptrace-direct-overlay-host-race-3"
D0301 11:52:56.485360   37191 urpc.go:534] urpc: successfully marshalled 36 bytes.
D0301 11:52:56.533485   37191 urpc.go:577] urpc: unmarshal success.
I0301 11:52:56.533707   37191 debug.go:136]      *** Stack dump ***
goroutine 535 [running]:
gvisor.dev/gvisor/pkg/log.Stacks(0x469801, 0x4e7d1a, 0xc000408768, 0x12b7080)
	pkg/log/log.go:314 +0xb6
gvisor.dev/gvisor/runsc/boot.(*debug).Stacks(0x25433b8, 0x25433b8, 0xc0003e4740, 0x0, 0x0)
	runsc/boot/debug.go:26 +0x38
reflect.Value.call(0xc000408720, 0xc0004061d0, 0x13, 0x12d9570, 0x4, 0xc00068fe60, 0x3, 0x3, 0x1480001, 0xc0003e4740, ...)
	GOROOT/src/reflect/value.go:460 +0x967
reflect.Value.Call(0xc000408720, 0xc0004061d0, 0x13, 0xc00068fe60, 0x3, 0x3, 0x0, 0x25433b8, 0x16)
	GOROOT/src/reflect/value.go:321 +0xd4
gvisor.dev/gvisor/pkg/urpc.(*Server).handleOne(0xc00040a660, 0xc0009910b0, 0x0, 0x0)
	pkg/urpc/urpc.go:325 +0x688
gvisor.dev/gvisor/pkg/urpc.(*Server).handleRegistered(0xc00040a660, 0xc0009910b0, 0x100000001, 0xc000590c60)
	pkg/urpc/urpc.go:420 +0x43
gvisor.dev/gvisor/pkg/urpc.(*Server).StartHandling.func1(0xc00040a660, 0xc0009910b0)
	pkg/urpc/urpc.go:440 +0x90
created by gvisor.dev/gvisor/pkg/urpc.(*Server).StartHandling
	pkg/urpc/urpc.go:438 +0x6f

goroutine 1 [semacquire, 1 minutes]:
sync.runtime_Semacquire(0xc00042e124)
	GOROOT/src/runtime/sema.go:56 +0x42
sync.(*WaitGroup).Wait(0xc00042e124)
	GOROOT/src/sync/waitgroup.go:130 +0xd4
gvisor.dev/gvisor/pkg/sentry/kernel.(*Kernel).WaitExited(...)
	pkg/sentry/kernel/kernel.go:1145
gvisor.dev/gvisor/runsc/boot.(*Loader).WaitExit(0xc000464000, 0x0, 0x0)
	runsc/boot/loader.go:905 +0x73
gvisor.dev/gvisor/runsc/cmd.(*Boot).Execute(0xc0002ae3f0, 0x14676a0, 0xc000220000, 0xc0002c82a0, 0xc0002c6da0, 0x2, 0x2, 0x0)
	runsc/cmd/boot.go:254 +0x14b3
github.com/google/subcommands.(*Commander).Execute(0xc000238000, 0x14676a0, 0xc000220000, 0xc0002c6da0, 0x2, 0x2, 0x0)
	external/com_github_google_subcommands/subcommands.go:200 +0x51d
github.com/google/subcommands.Execute(...)
	external/com_github_google_subcommands/subcommands.go:481
main.main()
	runsc/main.go:327 +0x2c21

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/01 11:54 gvisor ce4d1e45bb88 c88c7b75 .config console log report syz ci-gvisor-ptrace-direct-overlay-host-race
2020/03/01 05:51 gvisor ce4d1e45bb88 c88c7b75 .config console log report syz ci-gvisor-ptrace-proxy-sandbox-race
* Struck through repros no longer work on HEAD.