syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in safemem.Copy (4)

Status: fixed on 2022/11/18 03:22
Fix commit: 106f6ea96746 Re-enable process_vm_(read|write)v
First crash: 840d, last: 837d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor DATA RACE in safemem.Copy (3) C 3 1160d 1160d 14/26 fixed on 2021/09/28 10:18
gvisor DATA RACE in safemem.Copy C 4 1403d 1403d 14/26 fixed on 2021/01/26 10:37
gvisor DATA RACE in safemem.Copy (7) C 4 336d 336d 26/26 fixed on 2023/12/29 10:22
gvisor DATA RACE in safemem.Copy (6) C 121 727d 728d 26/26 fixed on 2023/10/05 23:05
gvisor DATA RACE in safemem.Copy (2) C 9 1208d 1208d 14/26 fixed on 2021/08/16 21:45
gvisor DATA RACE in safemem.Copy (5) C 3153 728d 738d 14/26 fixed on 2022/11/29 11:04

Sample crash report:
WARNING: DATA RACE
Write at 0x00c0028c5e44 by goroutine 220:
  runtime.slicecopy()
      GOROOT/src/runtime/slice.go:295 +0x0
  gvisor.dev/gvisor/pkg/safemem.Copy()
      pkg/safemem/block_unsafe.go:199 +0x39e
  gvisor.dev/gvisor/pkg/safemem.CopySeq()
      pkg/safemem/seq_unsafe.go:282 +0x22a
  gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).CopyIn.func1()
      pkg/sentry/mm/io.go:164 +0xb7
  gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).withInternalMappings()
      pkg/sentry/mm/io.go:562 +0x768
  gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).CopyIn()
      pkg/sentry/mm/io.go:163 +0x279
  gvisor.dev/gvisor/pkg/sentry/kernel.(*taskCopyContext).CopyInBytes()
      pkg/sentry/kernel/task_usermem.go:366 +0x197
  gvisor.dev/gvisor/pkg/sentry/kernel.makeIovec()
      pkg/sentry/kernel/task_usermem.go:261 +0xa3
  gvisor.dev/gvisor/pkg/sentry/kernel.copyInIovecs()
      pkg/sentry/kernel/task_usermem.go:231 +0x27e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*taskCopyContext).CopyInIovecs()
      pkg/sentry/kernel/task_usermem.go:387 +0x2d2
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.doProcessVMReadWrite()
      pkg/sentry/syscalls/linux/vfs2/mmap.go:162 +0x29d
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.processVMRW()
      pkg/sentry/syscalls/linux/vfs2/mmap.go:152 +0x1c4
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux/vfs2.ProcessVMWritev()
      pkg/sentry/syscalls/linux/vfs2/mmap.go:114 +0x58
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:142 +0x9b7
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:322 +0x7c
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:282 +0x8e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:257 +0x495
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:253 +0x18f8
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:94 +0x353
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.func1()
      pkg/sentry/kernel/task_start.go:370 +0x47

Previous read at 0x00c0028c5e44 by goroutine 209:
  encoding/binary.littleEndian.Uint64()
      GOROOT/src/encoding/binary/binary.go:78 +0xf1
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.copyTimespecIn()
      pkg/sentry/syscalls/linux/timespec.go:36 +0xc7
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Futex()
      pkg/sentry/syscalls/linux/sys_futex.go:192 +0x53a
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:142 +0x9b7
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:322 +0x7c
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:282 +0x8e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:257 +0x495
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:253 +0x18f8
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:94 +0x353
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.func1()
      pkg/sentry/kernel/task_start.go:370 +0x47

Crashes (1019):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/08/11 12:27 gvisor e06df74a657e 787ed7e0 .config console log report syz C ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 12:20 gvisor e06df74a657e 787ed7e0 .config console log report syz C ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/10 16:43 gvisor 241fd5344fa8 aaa9eaa0 .config console log report syz C ci-gvisor-ptrace-3-race-cover DATA RACE in safemem.Copy
2022/08/10 13:45 gvisor 241fd5344fa8 aaa9eaa0 .config console log report syz C ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/10 13:45 gvisor 241fd5344fa8 aaa9eaa0 .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/10 13:38 gvisor 241fd5344fa8 aaa9eaa0 .config console log report syz C ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/09 15:10 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/09 15:01 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/09 14:51 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/09 12:54 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-3-race-cover DATA RACE in safemem.Copy
2022/08/09 10:55 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/09 10:46 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/09 10:36 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/09 08:56 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-3-race-cover DATA RACE in safemem.Copy
2022/08/09 04:08 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/09 04:04 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/09 03:47 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/09 03:43 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/09 03:37 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/09 03:32 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/09 03:18 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/09 02:46 gvisor a963196f43de da700653 .config console log report syz C ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 14:29 gvisor e06df74a657e 787ed7e0 .config console log report syz ci-gvisor-ptrace-3-race-cover DATA RACE in safemem.Copy
2022/08/11 12:26 gvisor e06df74a657e 787ed7e0 .config console log report syz ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/12 07:51 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-1-race-cover DATA RACE in safemem.Copy
2022/08/12 06:47 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/12 06:07 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/12 04:38 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-2-race-cover DATA RACE in safemem.Copy
2022/08/12 04:19 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/12 03:14 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/12 03:01 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/12 01:49 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/12 01:24 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/12 00:18 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 22:59 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 21:55 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 21:19 gvisor 5852220509c8 21724cb2 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 20:16 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-1-race-cover DATA RACE in safemem.Copy
2022/08/11 19:55 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 18:55 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 18:25 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 18:12 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 17:05 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 16:51 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 15:45 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 15:31 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 14:08 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 13:47 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 12:38 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 12:19 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-1-race-cover DATA RACE in safemem.Copy
2022/08/11 11:50 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 10:39 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-3-race-cover DATA RACE in safemem.Copy
2022/08/11 10:21 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 09:20 gvisor e06df74a657e 787ed7e0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 08:16 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 08:13 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 07:06 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 06:01 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 05:36 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 04:13 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 03:09 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 02:37 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 02:16 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/11 01:15 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-2-race DATA RACE in safemem.Copy
2022/08/11 01:12 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/11 00:06 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/10 22:57 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/10 22:03 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-1-race DATA RACE in safemem.Copy
2022/08/10 21:08 gvisor 778db1d8bc5b a6201f11 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/10 20:04 gvisor 778db1d8bc5b aaa9eaa0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
2022/08/10 19:46 gvisor 778db1d8bc5b aaa9eaa0 .config console log report info ci-gvisor-ptrace-3-race DATA RACE in safemem.Copy
* Struck through repros no longer work on HEAD.