syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in queue.(*Queue).Enqueue

Status: fixed on 2018/06/27 08:03
Fix commit: 5f7f78c1d7ee Fix data races in Unix sockets
First crash: 2347d, last: 2345d

Sample crash report:
WARNING: DATA RACE
Write at 0x00c42030a2f0 by goroutine 128:
  gvisor.googlesource.com/gvisor/pkg/tcpip/transport/queue.(*Queue).Enqueue()
      pkg/tcpip/transport/queue/queue.go:103 +0x164
  gvisor.googlesource.com/gvisor/pkg/tcpip/transport/unix.(*connectedEndpoint).Send()
      pkg/tcpip/transport/unix/unix.go:611 +0x402
  gvisor.googlesource.com/gvisor/pkg/tcpip/transport/unix.(*baseEndpoint).SendMsg()
      pkg/tcpip/transport/unix/unix.go:761 +0x183
  gvisor.googlesource.com/gvisor/pkg/tcpip/transport/unix.(*connectionedEndpoint).SendMsg()
      pkg/tcpip/transport/unix/connectioned.go:405 +0xe6
  gvisor.googlesource.com/gvisor/pkg/sentry/socket/unix.(*EndpointWriter).WriteFromBlocks.func1()
      pkg/sentry/socket/unix/io.go:41 +0xfe
  gvisor.googlesource.com/gvisor/pkg/sentry/safemem.FromVecWriterFunc.WriteFromBlocks()
      pkg/sentry/safemem/io.go:334 +0x3b5
  gvisor.googlesource.com/gvisor/pkg/sentry/socket/unix.(*EndpointWriter).WriteFromBlocks()
      pkg/sentry/socket/unix/io.go:46 +0xcb
  gvisor.googlesource.com/gvisor/pkg/sentry/safemem.(Writer).WriteFromBlocks-fm()
      pkg/sentry/mm/io.go:309 +0x75
  gvisor.googlesource.com/gvisor/pkg/sentry/mm.(*MemoryManager).withInternalMappings()
      pkg/sentry/mm/io.go:464 +0x88e
  gvisor.googlesource.com/gvisor/pkg/sentry/mm.(*MemoryManager).withVecInternalMappings()
      pkg/sentry/mm/io.go:533 +0x973
  gvisor.googlesource.com/gvisor/pkg/sentry/mm.(*MemoryManager).CopyInTo()
      pkg/sentry/mm/io.go:309 +0x210
  gvisor.googlesource.com/gvisor/pkg/sentry/usermem.IOSequence.CopyInTo()
      pkg/sentry/usermem/usermem.go:528 +0xce
  gvisor.googlesource.com/gvisor/pkg/sentry/socket/unix.(*SocketOperations).SendMsg()
      pkg/sentry/socket/unix/unix.go:377 +0x1e1
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.sendTo()
      pkg/sentry/syscalls/linux/sys_socket.go:1056 +0x3ae
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.SendTo()
      pkg/sentry/syscalls/linux/sys_socket.go:1069 +0x87
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:162 +0x14e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:278 +0x7d
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:241 +0xc3
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:216 +0x19c
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:217 +0x157c
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x264

Previous read at 0x00c42030a2f0 by goroutine 126:
  gvisor.googlesource.com/gvisor/pkg/tcpip/transport/unix.(*queueReceiver).RecvQueuedSize()
      pkg/tcpip/transport/queue/queue.go:160 +0x52
  gvisor.googlesource.com/gvisor/pkg/tcpip/transport/unix.(*baseEndpoint).GetSockOpt()
      pkg/tcpip/transport/unix/unix.go:808 +0x6b6
  gvisor.googlesource.com/gvisor/pkg/tcpip/transport/unix.(*connectionedEndpoint).GetSockOpt()
      <autogenerated>:1 +0x57
  gvisor.googlesource.com/gvisor/pkg/sentry/socket/epsocket.Ioctl()
      pkg/sentry/socket/epsocket/epsocket.go:1100 +0x3e1
  gvisor.googlesource.com/gvisor/pkg/sentry/socket/unix.(*SocketOperations).Ioctl()
      pkg/sentry/socket/unix/unix.go:136 +0xea
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.Ioctl()
      pkg/sentry/syscalls/linux/sys_file.go:560 +0x1e4
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:162 +0x14e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:278 +0x7d
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:241 +0xc3
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:216 +0x19c
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:217 +0x157c
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x264

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/24 07:29 https://github.com/dvyukov/gvisor.git race 60dbbdc2d54b 2064fc5c .config console log report syz C ci-gvisor-ptrace-proxy-sandbox-race
2018/06/26 10:22 https://github.com/dvyukov/gvisor.git race 60dbbdc2d54b 2064fc5c .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2018/06/26 06:55 https://github.com/dvyukov/gvisor.git race 60dbbdc2d54b 2064fc5c .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2018/06/25 09:40 https://github.com/dvyukov/gvisor.git race 60dbbdc2d54b 2064fc5c .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2018/06/24 12:09 https://github.com/dvyukov/gvisor.git race 60dbbdc2d54b 2064fc5c .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2018/06/24 07:21 https://github.com/dvyukov/gvisor.git race 60dbbdc2d54b 2064fc5c .config console log report ci-gvisor-ptrace-proxy-sandbox-race
2018/06/24 00:19 https://github.com/dvyukov/gvisor.git race 60dbbdc2d54b 2064fc5c .config console log report ci-gvisor-ptrace-proxy-sandbox-race
* Struck through repros no longer work on HEAD.