syzbot

 sign-in | mailing list | source | docs
🐞 Open [13]
🐞 Fixed [525]
🐞 Invalid [406]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in packetmmap.(*Endpoint).HandlePacket (5)

Status: fixed on 2025/05/15 22:29
Fix commit: a98032f6cc71 Add locking around ringbuffer fields and reserve in packetmmap endpoint.
First crash: 114d, last: 109d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor DATA RACE in packetmmap.(*Endpoint).HandlePacket (2) -1 C 1 204d 204d 26/26 fixed on 2025/02/11 14:03
gvisor DATA RACE in packetmmap.(*Endpoint).HandlePacket (3) -1 C 4 142d 142d 26/26 fixed on 2025/04/10 23:54
gvisor DATA RACE in packetmmap.(*Endpoint).HandlePacket -1 syz 3 205d 206d 26/26 fixed on 2025/02/07 11:57
gvisor DATA RACE in packetmmap.(*Endpoint).HandlePacket (4) -1 C 4 118d 119d 26/26 fixed on 2025/05/07 21:58

Sample crash report:
WARNING: DATA RACE
Read at 0x00c0007a0160 by goroutine 373:
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).HandlePacket()
      pkg/sentry/socket/netstack/packetmmap/endpoint.go:223 +0x2ad
  gvisor.dev/gvisor/pkg/tcpip/transport/packet.(*endpoint).HandlePacket()
      pkg/tcpip/transport/packet/endpoint.go:495 +0x122
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket.func2()
      pkg/tcpip/stack/nic.go:826 +0x311
  gvisor.dev/gvisor/pkg/tcpip/stack.(*packetEndpointList).forEach()
      pkg/tcpip/stack/nic.go:147 +0xf3
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverLinkPacket()
      pkg/tcpip/stack/nic.go:841 +0x284
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverNetworkPacket()
      pkg/tcpip/stack/nic.go:782 +0x1fe
  gvisor.dev/gvisor/pkg/tcpip/link/nested.(*Endpoint).DeliverNetworkPacket()
      pkg/tcpip/link/nested/nested.go:61 +0x98
  gvisor.dev/gvisor/pkg/tcpip/link/ethernet.(*Endpoint).DeliverNetworkPacket()
      pkg/tcpip/link/ethernet/ethernet.go:79 +0x284
  gvisor.dev/gvisor/pkg/tcpip/link/loopback.(*endpoint).WritePackets()
      pkg/tcpip/link/loopback/loopback.go:124 +0x1c9
  gvisor.dev/gvisor/pkg/tcpip/link/nested.(*Endpoint).WritePackets()
      pkg/tcpip/link/nested/nested.go:131 +0x77
  gvisor.dev/gvisor/pkg/tcpip/link/ethernet.(*Endpoint).WritePackets()
      <autogenerated>:1 +0x24
  gvisor.dev/gvisor/pkg/tcpip/stack.(*delegatingQueueingDiscipline).WritePacket()
      pkg/tcpip/stack/nic.go:164 +0x92
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).writeRawPacket()
      pkg/tcpip/stack/nic.go:432 +0xc2
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).writePacket()
      pkg/tcpip/stack/nic.go:414 +0x56
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).WritePacket()
      pkg/tcpip/stack/nic.go:375 +0x207
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).writePacketPostRouting()
      pkg/tcpip/network/ipv4/ipv4.go:608 +0x4f3
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).writePacket()
      pkg/tcpip/network/ipv4/ipv4.go:558 +0x2d0
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).WritePacket()
      pkg/tcpip/network/ipv4/ipv4.go:526 +0x1e4
  gvisor.dev/gvisor/pkg/tcpip/stack.(*Route).WritePacket()
      pkg/tcpip/stack/route.go:507 +0x121
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*protocol).returnError()
      pkg/tcpip/network/ipv4/icmp.go:801 +0x1058
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).deliverPacketLocally()
      pkg/tcpip/network/ipv4/ipv4.go:1359 +0x1113
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).handleValidatedPacket()
      pkg/tcpip/network/ipv4/ipv4.go:1175 +0xe4c
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).HandlePacket()
      pkg/tcpip/network/ipv4/ipv4.go:882 +0x719
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverNetworkPacket()
      pkg/tcpip/stack/nic.go:785 +0x216
  gvisor.dev/gvisor/pkg/tcpip/link/nested.(*Endpoint).DeliverNetworkPacket()
      pkg/tcpip/link/nested/nested.go:61 +0x98
  gvisor.dev/gvisor/pkg/tcpip/link/ethernet.(*Endpoint).DeliverNetworkPacket()
      pkg/tcpip/link/ethernet/ethernet.go:79 +0x284
  gvisor.dev/gvisor/pkg/tcpip/link/loopback.(*endpoint).WritePackets()
      pkg/tcpip/link/loopback/loopback.go:124 +0x1c9
  gvisor.dev/gvisor/pkg/tcpip/link/nested.(*Endpoint).WritePackets()
      pkg/tcpip/link/nested/nested.go:131 +0x77
  gvisor.dev/gvisor/pkg/tcpip/link/ethernet.(*Endpoint).WritePackets()
      <autogenerated>:1 +0x24
  gvisor.dev/gvisor/pkg/tcpip/stack.(*delegatingQueueingDiscipline).WritePacket()
      pkg/tcpip/stack/nic.go:164 +0x92
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).writeRawPacket()
      pkg/tcpip/stack/nic.go:432 +0xc2
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).writePacket()
      pkg/tcpip/stack/nic.go:414 +0x56
  gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).WritePacket()
      pkg/tcpip/stack/nic.go:375 +0x207
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).writePacketPostRouting()
      pkg/tcpip/network/ipv4/ipv4.go:608 +0x4f3
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).writePacket()
      pkg/tcpip/network/ipv4/ipv4.go:558 +0x2d0
  gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).WritePacket()
      pkg/tcpip/network/ipv4/ipv4.go:526 +0x1e4
  gvisor.dev/gvisor/pkg/tcpip/stack.(*Route).WritePacket()
      pkg/tcpip/stack/route.go:507 +0x121
  gvisor.dev/gvisor/pkg/tcpip/transport/internal/network.(*WriteContext).WritePacket()
      pkg/tcpip/transport/internal/network/endpoint.go:359 +0x35c
  gvisor.dev/gvisor/pkg/tcpip/transport/udp.(*endpoint).write()
      pkg/tcpip/transport/udp/endpoint.go:517 +0x924
  gvisor.dev/gvisor/pkg/tcpip/transport/udp.(*endpoint).Write()
      pkg/tcpip/transport/udp/endpoint.go:362 +0x84
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*sock).Write()
      pkg/sentry/socket/netstack/netstack.go:546 +0x465
  gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Write()
      pkg/sentry/vfs/file_description.go:682 +0x118
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.write()
      pkg/sentry/syscalls/linux/sys_read_write.go:347 +0x90
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Write()
      pkg/sentry/syscalls/linux/sys_read_write.go:316 +0x2b1
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:143 +0x994
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:323 +0x71
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:283 +0x93
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:258 +0x4af
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:269 +0x1fa7
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x4fa
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.gowrap1()
      pkg/sentry/kernel/task_start.go:412 +0x44

Previous write at 0x00c0007a0160 by goroutine 371:
  gvisor.dev/gvisor/pkg/sentry/socket/netstack/packetmmap.(*Endpoint).Init()
      pkg/sentry/socket/netstack/packetmmap/endpoint.go:108 +0x2a8
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.setSockOptPacket()
      pkg/sentry/socket/netstack/netstack.go:2974 +0xc5e
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.SetSockOpt()
      pkg/sentry/socket/netstack/netstack.go:1940 +0x2e4
  gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*sock).SetSockOpt()
      pkg/sentry/socket/netstack/netstack.go:672 +0x607
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.SetSockOpt()
      pkg/sentry/syscalls/linux/sys_socket.go:551 +0x3b4
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:143 +0x994
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:323 +0x71
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:283 +0x93
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:258 +0x4af
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:269 +0x1fa7
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x4fa
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.gowrap1()
      pkg/sentry/kernel/task_start.go:412 +0x44

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/13 22:30 gvisor ab0097c4d068 9497799b .config console log report syz / log C ci-gvisor-ptrace-2-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/13 22:30 gvisor ab0097c4d068 9497799b .config console log report syz / log C ci-gvisor-systrap-1-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/13 22:12 gvisor ab0097c4d068 9497799b .config console log report syz / log C ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/11 03:56 gvisor e4c059533a2a 77908e5f .config console log report syz / log C ci-gvisor-systrap-1-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/11 03:55 gvisor e4c059533a2a 77908e5f .config console log report syz / log C ci-gvisor-ptrace-2-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/11 03:26 gvisor e4c059533a2a 77908e5f .config console log report syz / log C ci-gvisor-systrap-1-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/09 13:02 gvisor f585db6bbfc5 03411e4e .config console log report syz / log C ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/09 12:58 gvisor f585db6bbfc5 03411e4e .config console log report syz / log C ci-gvisor-ptrace-2-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/09 12:53 gvisor f585db6bbfc5 03411e4e .config console log report syz / log C ci-gvisor-systrap-1-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/09 12:40 gvisor f585db6bbfc5 03411e4e .config console log report syz / log C ci-gvisor-systrap-1-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/08 21:02 gvisor 06acafc42203 bb813bcc .config console log report syz / log C ci-gvisor-ptrace-2-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/08 20:47 gvisor 06acafc42203 bb813bcc .config console log report syz / log C ci-gvisor-ptrace-1-race DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/08 19:43 gvisor 06acafc42203 bb813bcc .config console log report syz / log C ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/13 22:41 gvisor ab0097c4d068 9497799b .config console log report syz / log ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/09 15:12 gvisor f585db6bbfc5 03411e4e .config console log report syz / log ci-gvisor-ptrace-2-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/09 15:11 gvisor f585db6bbfc5 03411e4e .config console log report syz / log ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/08 20:11 gvisor 06acafc42203 bb813bcc .config console log report syz / log ci-gvisor-ptrace-2-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/14 02:18 gvisor ab0097c4d068 9497799b .config console log report info ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
2025/05/08 19:09 gvisor 06acafc42203 bb813bcc .config console log report info ci-gvisor-ptrace-1-race-cover DATA RACE in packetmmap.(*Endpoint).HandlePacket
* Struck through repros no longer work on HEAD.