syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in fs.(*UnstableAttr).SetOwner

Status: fixed on 2019/12/20 13:42
Fix commit: bb00438f36eb Make masterInodeOperations.Truncate take a pointer receiver.
First crash: 1804d, last: 1804d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor DATA RACE in fs.(*UnstableAttr).SetOwner (2) syz 3 1767d 1760d 0/26 fixed on 2020/02/27 21:02

Sample crash report:
WARNING: DATA RACE
Write at 0x00c00023218c by goroutine 416:
  gvisor.dev/gvisor/pkg/sentry/fs.(*UnstableAttr).SetOwner()
      pkg/sentry/fs/attr.go:254 +0xc9
  gvisor.dev/gvisor/pkg/sentry/fs/fsutil.(*InodeSimpleAttributes).SetOwner()
      pkg/sentry/fs/fsutil/inode.go:139 +0x7d
  gvisor.dev/gvisor/pkg/sentry/fs/tty.(*masterInodeOperations).SetOwner()
      <autogenerated>:1 +0x79
  gvisor.dev/gvisor/pkg/sentry/fs.(*Inode).SetOwner()
      pkg/sentry/fs/inode.go:342 +0x147
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.chown()
      pkg/sentry/syscalls/linux/sys_file.go:1682 +0x222
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Fchown()
      pkg/sentry/syscalls/linux/sys_file.go:1744 +0x14a
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:170 +0x455
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:291 +0xb4
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:252 +0x109
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:227 +0x1b3
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:222 +0x1819
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:92 +0x308

DIAGNOSIS:
I1219 11:48:58.376818   16251 x:0] ***************************
I1219 11:48:58.376911   16251 x:0] Args: [/syzkaller/managers/ptrace-direct-overlay-host-race/current/image -root /syzkaller/managers/ptrace-direct-overlay-host-race/workdir/gvisor_root -watchdog-action=panic -network=none -debug -alsologtostderr -platform=ptrace -file-access=exclusive -overlay -network=host -TESTONLY-unsafe-nonroot debug -stacks --ps ci-gvisor-ptrace-direct-overlay-host-race-0]
I1219 11:48:58.377083   16251 x:0] Version release-20191210.0-52-g628948b1e197
I1219 11:48:58.377131   16251 x:0] PID: 16251
I1219 11:48:58.377199   16251 x:0] UID: 0, GID: 0
I1219 11:48:58.377255   16251 x:0] Configuration:
I1219 11:48:58.377296   16251 x:0] 		RootDir: /syzkaller/managers/ptrace-direct-overlay-host-race/workdir/gvisor_root
I1219 11:48:58.377356   16251 x:0] 		Platform: ptrace
I1219 11:48:58.377410   16251 x:0] 		FileAccess: exclusive, overlay: true
I1219 11:48:58.377456   16251 x:0] 		Network: host, logging: false
I1219 11:48:58.377491   16251 x:0] 		Strace: false, max size: 1024, syscalls: []
I1219 11:48:58.377535   16251 x:0] ***************************
W1219 11:48:58.377571   16251 x:0] Block the TERM signal. This is only safe in tests!
D1219 11:48:58.378006   16251 x:0] Load container "/syzkaller/managers/ptrace-direct-overlay-host-race/workdir/gvisor_root" "ci-gvisor-ptrace-direct-overlay-host-race-0"
D1219 11:48:58.387718   16251 x:0] Signal container "ci-gvisor-ptrace-direct-overlay-host-race-0": signal 0
D1219 11:48:58.387886   16251 x:0] Signal sandbox "ci-gvisor-ptrace-direct-overlay-host-race-0"
D1219 11:48:58.388079   16251 x:0] Connecting to sandbox "ci-gvisor-ptrace-direct-overlay-host-race-0"
D1219 11:48:58.406392   16251 x:0] urpc: successfully marshalled 123 bytes.
D1219 11:48:58.410380   16251 x:0] urpc: unmarshal success.
I1219 11:48:58.410515   16251 x:0] Found sandbox "ci-gvisor-ptrace-direct-overlay-host-race-0", PID: 39680
I1219 11:48:58.410679   16251 x:0] Retrieving sandbox stacks
D1219 11:48:58.411534   16251 x:0] Stacks sandbox "ci-gvisor-ptrace-direct-overlay-host-race-0"
D1219 11:48:58.411621   16251 x:0] Connecting to sandbox "ci-gvisor-ptrace-direct-overlay-host-race-0"
D1219 11:48:58.411843   16251 x:0] urpc: successfully marshalled 36 bytes.
D1219 11:48:58.856649   16251 x:0] urpc: unmarshal success.
I1219 11:48:58.857811   16251 x:0]      *** Stack dump ***
goroutine 551995 [running]:
gvisor.dev/gvisor/pkg/log.Stacks(0x461301, 0xc000302720, 0xc001c7fc80, 0xc0003de700)
	pkg/log/log.go:272 +0xb6
gvisor.dev/gvisor/runsc/boot.(*debug).Stacks(0x2468668, 0x2468668, 0xc00137e6f0, 0x0, 0x0)
	runsc/boot/debug.go:26 +0x38
reflect.Value.call(0xc000302720, 0xc0003001c0, 0x13, 0x1267857, 0x4, 0xc001afde78, 0x3, 0x3, 0x10cdf01, 0xc00137e6f0, ...)
	GOROOT/src/reflect/value.go:460 +0x62b
reflect.Value.Call(0xc000302720, 0xc0003001c0, 0x13, 0xc001afde78, 0x3, 0x3, 0x0, 0x2468668, 0x16)
	GOROOT/src/reflect/value.go:321 +0xd4
gvisor.dev/gvisor/pkg/urpc.(*Server).handleOne(0xc0002f26c0, 0xc0029ab320, 0x0, 0x0)
	pkg/urpc/urpc.go:325 +0x688
gvisor.dev/gvisor/pkg/urpc.(*Server).handleRegistered(0xc0002f26c0, 0xc0029ab320, 0xc00069e6e0, 0xc000830ba0)
	pkg/urpc/urpc.go:420 +0x43
gvisor.dev/gvisor/pkg/urpc.(*Server).StartHandling.func1(0xc0002f26c0, 0xc0029ab320)
	pkg/urpc/urpc.go:440 +0x81
created by gvisor.dev/gvisor/pkg/urpc.(*Server).StartHandling
	pkg/urpc/urpc.go:438 +0x6f

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/19 11:49 https://gvisor.googlesource.com/gvisor master 628948b1e197 79b211f7 .config console log report ci-gvisor-ptrace-direct-overlay-host-race
* Struck through repros no longer work on HEAD.