syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in kernfs.(*OrderedChildren).checkExistingLocked

Status: fixed on 2022/03/24 01:49
Fix commit: 9085d334deed kernfs: Handle duplicate unlink on orphaned directories.
First crash: 1000d, last: 1000d

Sample crash report:
WARNING: DATA RACE
Read at 0x00c0034df368 by goroutine 319:
  reflect.typedmemmove()
      GOROOT/src/runtime/mbarrier.go:178 +0x0
  reflect.packEface()
      GOROOT/src/reflect/value.go:123 +0xae
  reflect.valueInterface()
      GOROOT/src/reflect/value.go:1394 +0x18a
  reflect.Value.Interface()
      GOROOT/src/reflect/value.go:1364 +0xc9
  fmt.(*pp).printValue()
      GOROOT/src/fmt/print.go:722 +0xca
  fmt.(*pp).printValue()
      GOROOT/src/fmt/print.go:876 +0x12be
  fmt.(*pp).printArg()
      GOROOT/src/fmt/print.go:712 +0xdf4
  fmt.(*pp).doPrintf()
      GOROOT/src/fmt/print.go:1026 +0x46f
  fmt.Sprintf()
      GOROOT/src/fmt/print.go:219 +0x67
  gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*OrderedChildren).checkExistingLocked()
      pkg/sentry/fsimpl/kernfs/inode_impl_util.go:593 +0x20f
  gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*OrderedChildren).Unlink()
      pkg/sentry/fsimpl/kernfs/inode_impl_util.go:605 +0x114
  gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*OrderedChildren).RmDir()
      pkg/sentry/fsimpl/kernfs/inode_impl_util.go:617 +0x386
  gvisor.dev/gvisor/pkg/sentry/fsimpl/cgroupfs.(*dir).RmDir()
      pkg/sentry/fsimpl/cgroupfs/cgroupfs.go:534 +0x34e
  gvisor.dev/gvisor/pkg/sentry/fsimpl/cgroupfs.(*cgroupInode).RmDir()
      <autogenerated>:1 +0x8b
  gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*Filesystem).RmdirAt()
      pkg/sentry/fsimpl/kernfs/filesystem.go:793 +0x52a
  gvisor.dev/gvisor/pkg/sentry/fsimpl/cgroupfs.(*filesystem).RmdirAt()
      <autogenerated>:1 +0x64
  gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).RmdirAt()
      pkg/sentry/vfs/vfs.go:562 +0x1f3
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.rmdirat()
      pkg/sentry/syscalls/linux/vfs2/filesystem.go:263 +0x1e8
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.Unlinkat()
      pkg/sentry/syscalls/linux/vfs2/filesystem.go:296 +0x53
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:103 +0x4db
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:238 +0x69
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:198 +0x8e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:173 +0x3c4
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:254 +0x1697
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x35a
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start·dwrap·235()
      pkg/sentry/kernel/task_start.go:339 +0x47

Previous write at 0x00c0034df368 by goroutine 290:
  sync/atomic.AddInt32()
      src/runtime/race_amd64.s:305 +0xb
  sync/atomic.AddInt32()
      <autogenerated>:1 +0x1a
  gvisor.dev/gvisor/pkg/sync.(*CrossGoroutineMutex).Unlock()
      pkg/sync/mutex_unsafe.go:44 +0x30
  gvisor.dev/gvisor/pkg/sync.(*Mutex).Unlock()
      pkg/sync/mutex_unsafe.go:91 +0x25
  gvisor.dev/gvisor/pkg/sentry/fs/lock.(*Locks).UnlockRegion·dwrap·3()
      pkg/sentry/fs/lock/lock.go:197 +0x39
  gvisor.dev/gvisor/pkg/sentry/fs/lock.(*Locks).UnlockRegion()
      pkg/sentry/fs/lock/lock.go:204 +0xf4
  gvisor.dev/gvisor/pkg/sentry/vfs.(*FileLocks).UnlockPOSIX()
      pkg/sentry/vfs/lock.go:70 +0x6e
  gvisor.dev/gvisor/pkg/sentry/vfs.(*LockFD).UnlockPOSIX()
      pkg/sentry/vfs/file_description_impl_util.go:461 +0x37
  gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*GenericDirectoryFD).UnlockPOSIX()
      <autogenerated>:1 +0x8b
  gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).UnlockPOSIX()
      pkg/sentry/vfs/file_description.go:855 +0xd3
  gvisor.dev/gvisor/pkg/sentry/kernel.(*FDTable).dropVFS2()
      pkg/sentry/kernel/fd_table.go:162 +0x8a
  gvisor.dev/gvisor/pkg/sentry/kernel.(*FDTable).RemoveIf()
      pkg/sentry/kernel/fd_table.go:714 +0x204
  gvisor.dev/gvisor/pkg/sentry/kernel.(*FDTable).DecRef.func1()
      pkg/sentry/kernel/fd_table.go:184 +0x53
  gvisor.dev/gvisor/pkg/sentry/kernel.(*FDTableRefs).DecRef()
      bazel-out/k8-fastbuild-ST-fa7f2b6368d1/bin/pkg/sentry/kernel/fd_table_refs.go:131 +0x5e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*FDTable).DecRef()
      pkg/sentry/kernel/fd_table.go:183 +0x6e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runExitMain).execute()
      pkg/sentry/kernel/task_exit.go:248 +0x4f3
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x35a
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start·dwrap·235()
      pkg/sentry/kernel/task_start.go:339 +0x47

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/03/02 15:35 gvisor 5cfaa79a1a20 45a13a73 .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in kernfs.(*OrderedChildren).checkExistingLocked
* Struck through repros no longer work on HEAD.