|
panic: runtime error: invalid memory address or nil pointer dereference (28)
|
C |
|
|
21 |
44d |
44d
|
26/26 |
42d |
95ad423f8c05
Don't return empty translation in ring buffer during bus error.
|
|
panic: WARNING: circular locking detected: kernel.taskMutex -> mm.mappingRWMutex:
|
|
|
|
16 |
47d |
89d
|
26/26 |
44d |
d949e7177c2f
taskCopyContext should not require holding task.mu.
|
|
panic: runtime error: index out of range [NUM] with length NUM (5)
|
C |
|
|
165 |
45d |
48d
|
26/26 |
44d |
d6454b486f82
Lock around packetmmap cooked field and check for PACKET_RESERVE opt size.
|
|
DATA RACE in packetmmap.(*Endpoint).HandlePacket (2)
|
C |
|
|
1 |
48d |
48d
|
26/26 |
44d |
d6454b486f82
Lock around packetmmap cooked field and check for PACKET_RESERVE opt size.
|
|
DATA RACE in packetmmap.(*ringBuffer).init (2)
|
|
|
|
2 |
48d |
48d
|
26/26 |
48d |
25084ce9ed1e
Add locking around packetmmap initialization and mode.
|
|
DATA RACE in packetmmap.(*Endpoint).ConfigureMMap
|
C |
|
|
2 |
48d |
48d
|
26/26 |
48d |
25084ce9ed1e
Add locking around packetmmap initialization and mode.
|
|
DATA RACE in packetmmap.(*ringBuffer).internalMappingsForFrame
|
|
|
|
1 |
48d |
48d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packetmmap.(*Endpoint).Init (2)
|
C |
|
|
9 |
48d |
48d
|
26/26 |
48d |
25084ce9ed1e
Add locking around packetmmap initialization and mode.
|
|
DATA RACE in packetmmap.(*ringBuffer).currFrameStatus (2)
|
C |
|
|
19 |
48d |
48d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packet.(*endpoint).HandlePacket
|
C |
|
|
3 |
48d |
48d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packet.(*endpoint).GetPacketMMapOpts
|
C |
|
|
10 |
48d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packetmmap.(*Endpoint).Init
|
C |
|
|
7 |
48d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packetmmap.(*Endpoint).HandlePacket
|
syz |
|
|
3 |
48d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packet.(*endpoint).GetPacketMMapEndpoint
|
|
|
|
14 |
48d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packetmmap.(*ringBuffer).currFrameStatus
|
C |
|
|
3 |
48d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packet.(*endpoint).SetSockOptInt
|
C |
|
|
10 |
48d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packet.(*endpoint).SetPacketMMapEndpoint
|
C |
|
|
25 |
48d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
DATA RACE in packetmmap.(*ringBuffer).init
|
|
|
|
2 |
49d |
49d
|
26/26 |
48d |
da7cd03064d7
Lock around packet mmap fields.
|
|
panic: runtime error: integer divide by zero (4)
|
|
|
|
702 |
48d |
49d
|
26/26 |
48d |
213917f3eaf8
Don't switch to using the packet mmap endpoint for zero length requests.
|
|
panic: invalid allocation length: 0x0 (5)
|
|
|
|
32 |
48d |
49d
|
26/26 |
48d |
213917f3eaf8
Don't switch to using the packet mmap endpoint for zero length requests.
|
|
panic: runtime error: slice bounds out of range [NUM:NUM] (2)
|
C |
|
|
606 |
49d |
49d
|
26/26 |
49d |
d8518f299131
Validate PACKET_RX_RING and PACKET_VERSION socket option value size.
|
|
panic: runtime error: index out of range [NUM] with length NUM (4)
|
C |
|
|
174 |
49d |
49d
|
26/26 |
49d |
d8518f299131
Validate PACKET_RX_RING and PACKET_VERSION socket option value size.
|
|
panic: Sentry detected stuck tasks (27)
|
C |
|
|
14 |
83d |
103d
|
26/26 |
79d |
679c77e4f05e
proc: Allow interrupting generation of /proc/pid/mount{s,info}
|
|
panic: running on goroutine NUM (task goroutine for kernel.Task ADDR is NUM) (2)
|
C |
|
|
9 |
104d |
104d
|
26/26 |
101d |
c27c9a02aef5
kernel: use the kernel context to run task destroy actions
|
|
DATA RACE in buffer.(*Buffer).PullUp
|
C |
|
|
2 |
126d |
119d
|
26/26 |
104d |
afa323bd3070
Replace most instances of IncRef with Clone.
|
|
DATA RACE in buffer.(*ViewList).Remove
|
C |
|
|
4 |
126d |
125d
|
26/26 |
104d |
afa323bd3070
Replace most instances of IncRef with Clone.
|
|
panic: PullUp failed (3)
|
C |
|
|
19 |
105d |
125d
|
26/26 |
104d |
afa323bd3070
Replace most instances of IncRef with Clone.
|
|
panic: Sentry detected stuck tasks (26)
|
C |
|
|
17 |
107d |
108d
|
26/26 |
106d |
c88ffa321eb9
Returns ENOBUFS when writing to a veth device whose buffer is full.
|
|
kvm: panic: Sentry detected stuck tasks (24)
|
C |
|
|
9 |
107d |
150d
|
26/26 |
106d |
c88ffa321eb9
Returns ENOBUFS when writing to a veth device whose buffer is full.
|
|
panic: Sentry detected stuck tasks (25)
|
C |
|
|
78 |
108d |
137d
|
26/26 |
108d |
54eb79b6e80a
Acquire rlock when reading link address from the bridge.
|
|
panic: bytes only has space for NUM bytes but need space for NUM bytes (length = NUM) for extension header with id = NUM
|
C |
|
|
34 |
111d |
112d
|
26/26 |
108d |
ddaa99e5d4d2
Ignore the length field when processing the experiment extension header.
|
|
panic: nested locking: tmpfs.filesystemRWMutex: (3)
|
C |
|
|
88 |
126d |
122d
|
26/26 |
122d |
f66f0e235a0b
Fix memmap.MappingIdentity.Device/InodeID() lock ordering.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (27)
|
C |
|
|
1117 |
124d |
125d
|
26/26 |
124d |
2b55090a5813
Do not crash when creating thread group with already-exceeded soft CPU limit.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (26)
|
C |
|
|
7905 |
125d |
134d
|
26/26 |
125d |
ae1d4ccf0298
mm: validate vseg before using it
|
|
no output from test machine (13)
|
C |
|
|
86992 |
129d |
148d
|
26/26 |
128d |
336dc8504327
vfs: use ancestryMu in implementations of DentryImpl.InotifyWithParent
|
|
panic: nested locking: tmpfs.filesystemRWMutex: (2)
|
C |
|
|
33 |
129d |
132d
|
26/26 |
129d |
336dc8504327
vfs: use ancestryMu in implementations of DentryImpl.InotifyWithParent
|
|
DATA RACE in buffer.(*View).Write
|
|
|
|
1 |
254d |
254d
|
26/26 |
174d |
a446b45d4d05
Ensure views returned by PullUp are owned exclusively by their packet.
|
|
panic: runtime error: index out of range [ADDR] with length NUM (2)
|
C |
|
|
23 |
178d |
179d
|
26/26 |
178d |
9d41ac1ff0b2
Fix unsigned to signed integer conversion in syserr.getHostTranslation().
|
|
panic: unknown host errno "errno NUM" (NUM) (2)
|
C |
|
|
286 |
180d |
205d
|
26/26 |
178d |
3971ecbc6ccd
Remove linuxerr.IsValid and use syserr.IsValid instead.
|
|
panic: nested locking: stack.bridgeRWMutex:
|
|
|
|
2 |
193d |
186d
|
26/26 |
180d |
5e8dd6482cb7
Disallow setting a coordinator for a coordinator device.
|
|
lost connection to test machine (10)
|
syz |
|
|
11752 |
195d |
252d
|
26/26 |
195d |
2a413db73006
kvm: check CPL to find out if the Sentry is in VM
|
|
panic: unknown host errno "memory page has hardware error" (NUM)
|
|
|
|
10 |
202d |
209d
|
26/26 |
202d |
40bde6c617c7
Add EHWPOISON to host_linux.go
|
|
panic: unknown host errno "errno NUM" (NUM)
|
C |
|
|
397 |
212d |
249d
|
26/26 |
212d |
9ecb627726cf
Fix syzkaller panic for unknown error 58.
|
|
panic: No file type specified in 'mode' for InodeAttrs.Init(): mode=NUM (2)
|
C |
|
|
454 |
223d |
251d
|
26/26 |
223d |
834bef599679
fuse: Error out in case of unsupported file type instead of panicking.
|
|
panic: unknown host errno "operation not possible due to RF-kill" (NUM)
|
|
|
|
1 |
224d |
224d
|
26/26 |
223d |
e6cf09a18c7e
Add ERFKILL errno to host_linux file.
|
|
panic: running on goroutine NUM (task goroutine for kernel.Task ADDR is NUM)
|
|
|
|
1 |
234d |
234d
|
26/26 |
232d |
e30fa671774b
FUSE: Only block with a task if it is the task goroutine.
|
|
panic: unknown host errno "errno ADDR" (ADDR)
|
C |
|
|
88 |
232d |
250d
|
26/26 |
232d |
b1ade52f24be
fuse: handle bad response errors
|
|
panic: runtime error: invalid memory address or nil pointer dereference (25)
|
|
|
|
1 |
236d |
236d
|
26/26 |
233d |
2ef09d3bddc7
FUSE: Avoid panic when opening unknown file type.
|
|
panic: unknown host errno "no XENIX semaphores available" (NUM)
|
|
|
|
7 |
237d |
237d
|
26/26 |
237d |
0184ec4aacbc
Add ENAVAIL to host_linux.go.
|
|
DATA RACE in log.GoogleEmitter.Emit (4)
|
|
|
|
1 |
237d |
237d
|
26/26 |
237d |
742b914fcb82
Don't log mount.root because it leads to racy access.
|
|
panic: unknown host errno "is a named type file" (NUM)
|
|
|
|
7 |
237d |
238d
|
26/26 |
237d |
ef1ca17e5842
Add EISNAM to linuxHostTranslations and fix error message for ENOTNAM.
|
|
SYZFAIL: mount(proc) failed
|
|
|
|
54326 |
267d |
268d
|
26/26 |
251d |
e39ed91daaf9
sentry: support NULL mount source
|
|
gvisor test error: SYZFAIL: mount(proc) failed
|
|
|
|
58 |
268d |
268d
|
26/26 |
251d |
e39ed91daaf9
sentry: support NULL mount source
|
|
lost connection to test machine (9)
|
syz |
|
|
8441 |
252d |
591d
|
26/26 |
252d |
cd56935ddf77
runsc: pass the GLIBC_TUNABLES env to the sandbox process
|
|
DATA RACE in log.GoogleEmitter.Emit (3)
|
|
|
|
1 |
255d |
255d
|
26/26 |
253d |
ddfbb50ecc2d
Don't log the task in CgroupPrepareMigrate warning.
|
|
DATA RACE in binary.bigEndian.Uint16
|
|
|
|
1 |
269d |
269d
|
26/26 |
258d |
bd58900fba9e
Change veth WritePackets to deep clone its list of packets.
|
|
DATA RACE in binary.bigEndian.PutUint16 (2)
|
|
|
|
3 |
259d |
269d
|
26/26 |
258d |
bd58900fba9e
Change veth WritePackets to deep clone its list of packets.
|
|
no output from test machine (11)
|
C |
|
|
50911 |
261d |
383d
|
26/26 |
261d |
db9fab290c26
Fix a race condition in TCPDeferAcceptTimeout
|
|
panic: send on closed channel
|
|
|
|
1 |
270d |
263d
|
26/26 |
262d |
9d1849029e8e
tcpip/link/veth: don't send any packets if another end has been closed
|
|
SYZFAIL: tun: ioctl(TUNSETIFF) failed (2)
|
|
|
|
15 |
267d |
266d
|
26/26 |
265d |
c6d16988a984
Log endpoint type when SOL_IP options are not supported.
|
|
panic: WARNING: circular locking detected: stack.bridgeRWMutex -> stack.stackRWMutex:
|
C |
|
|
27 |
279d |
281d
|
26/26 |
274d |
c4dc0321aa40
Do not hold BridgeEndpoint.mu during dispatcher.DeliverNetworkPacket().
|
|
init process did not start
|
|
|
|
2 |
287d |
287d
|
26/26 |
282d |
80a501d8cc23
Avoid redundant work in `bpf.optimizeJumpsToSmallestSetOfReturns`.
|
|
DATA RACE in futex.(*waiterList).Front
|
C |
|
|
1 |
294d |
294d
|
26/26 |
287d |
b58e8a129d62
futex: add missing locking in lockBuckets()
|
|
DATA RACE in futex.(*waiterEntry).SetNext
|
C |
|
|
3 |
294d |
294d
|
26/26 |
287d |
b58e8a129d62
futex: add missing locking in lockBuckets()
|
|
DATA RACE in futex.(*waiterList).PushBack
|
C |
|
|
3 |
294d |
294d
|
26/26 |
287d |
b58e8a129d62
futex: add missing locking in lockBuckets()
|
|
gvisor test error: SYZFATAL: failed to connect to host: dial tcp: address stdin: missing port in address
|
|
|
|
1077 |
324d |
328d
|
26/26 |
321d |
a5b10b7dd04c
Fix some processes_test flakes.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (23)
|
C |
|
|
4239 |
374d |
379d
|
26/26 |
373d |
5f5e01d186b2
Fix panic while setting TCP_CORK off.
|
|
no output from test machine (10)
|
C |
|
|
19806 |
399d |
1322d
|
26/26 |
395d |
16dba7fa7677
systrap: handle stub thread crashes
|
|
panic: stub thread ADDR failed: err 0x-ADDR line NUM: sysmsg.Msg{msg: ADDR state NUM err -ADDR line NUM debug NUM app st
|
C |
|
|
5 |
441d |
441d
|
26/26 |
415d |
fe66cae2edc7
Enumerate known systrap stub failures to exit process cleanly.
|
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (4)
|
C |
|
|
22 |
432d |
439d
|
26/26 |
430d |
7b151e25d076
Don't drop the mountpoint reference in already umounted dead mountpoints.
|
|
DATA RACE in safemem.Copy (7)
|
C |
|
|
4 |
457d |
457d
|
26/26 |
454d |
de71aae89aed
`seccomp`: Use dedicated input buffer for populating seccomp cache.
|
|
kvm: panic: Sentry detected stuck tasks (22)
|
C |
|
|
8 |
478d |
489d
|
26/26 |
471d |
eaee2b213b2d
Add check to pivot_root that ensures the new root is underneath the old root.
|
|
fatal error: stack overflow (5)
|
C |
|
|
23 |
475d |
491d
|
26/26 |
471d |
eaee2b213b2d
Add check to pivot_root that ensures the new root is underneath the old root.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (22)
|
|
|
|
1 |
483d |
483d
|
26/26 |
482d |
4733e050ebec
Check that handshake.listenEP is non-nil.
|
|
panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
|
C |
|
|
8 |
489d |
489d
|
26/26 |
485d |
7cf14b7c8b5e
Add equality function for BPF instructions.
|
|
fatal error: stack overflow (4)
|
C |
|
|
12 |
492d |
496d
|
26/26 |
492d |
c16916e7d780
Move lockMountpoint to the beginning of pivot_root.
|
|
kvm: panic: Sentry detected stuck tasks (21)
|
C |
|
|
2 |
493d |
495d
|
26/26 |
492d |
c16916e7d780
Move lockMountpoint to the beginning of pivot_root.
|
|
fatal error: large allocation
|
C |
|
|
234 |
505d |
508d
|
26/26 |
493d |
917bee5b6d91
Add a size limit to `outputQueueTransformer.transform`.
|
|
panic: runtime error: slice bounds out of range [12:LINE]
|
C |
|
|
63 |
498d |
1277d
|
26/26 |
496d |
c96439ecd0b4
devpts: IterDirents has to check offset and return if it is out of range
|
|
kvm: panic: Sentry detected stuck tasks (20)
|
C |
|
|
2 |
497d |
497d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
fatal error: stack overflow (3)
|
|
|
|
2 |
497d |
498d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (3)
|
C |
|
|
16 |
498d |
498d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
panic: Decrementing non-positive ref count ADDR, owned by vfs.Filesystem
|
C |
|
|
152 |
497d |
498d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (21)
|
|
|
|
1 |
498d |
498d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
panic: Incrementing non-positive count ADDR on tmpfs.inode (4)
|
C |
|
|
24 |
497d |
498d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
panic: Incrementing non-positive count ADDR on vfs.Filesystem (3)
|
|
|
|
1 |
498d |
498d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
panic: tmpfs.inode.decLinksLocked() called with no existing links
|
|
|
|
1 |
497d |
497d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
panic: tmpfs.inode.incLinksLocked() called with no existing links
|
C |
|
|
1 |
498d |
498d
|
26/26 |
496d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
|
kvm: panic: Sentry detected stuck tasks (19)
|
|
|
|
3 |
500d |
498d
|
26/26 |
498d |
3ab01aedb874
Refactor the umount algorithm.
|
|
kvm: panic: Sentry detected stuck tasks (18)
|
C |
|
|
3 |
512d |
517d
|
26/26 |
510d |
429f7c439616
Move rootfs check to inside mountMu.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (20)
|
C |
|
|
8 |
512d |
519d
|
26/26 |
511d |
429f7c439616
Move rootfs check to inside mountMu.
|
|
panic: WARNING: circular locking detected: mm.activeRWMutex -> tmpfs.filesystemRWMutex:
|
|
|
|
1 |
525d |
525d
|
26/26 |
511d |
e1e7edcc1b67
Don't release unused RightsControlMessage in Recv.
|
|
panic: close of closed channel
|
C |
|
|
1192 |
1146d |
1154d
|
26/26 |
514d |
2e3e5b606789
Create a new test dimension that mounts a FUSE fs on /tmp.
|
|
DATA RACE in vfs.(*Mount).setMountOptions
|
C |
|
|
5 |
523d |
523d
|
26/26 |
519d |
ea4f0073d4a1
Fix data race between getting mount options and updating mount options.
|
|
gvisor boot error: init process did not start (5)
|
|
|
|
41 |
624d |
752d
|
26/26 |
521d |
2e8b96b4fd74
Automated rollback of changelist 514487900
|
|
panic: Sentry detected stuck tasks (24)
|
C |
|
|
13 |
525d |
531d
|
26/26 |
525d |
1407fdf120ab
Fix concurrent pivot_root bug.
|
|
panic: expected socket to exist at '!N
|
C |
|
|
23 |
528d |
528d
|
26/26 |
525d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
|
panic: expected socket to exist at '$N
|
C |
|
|
24 |
529d |
530d
|
26/26 |
525d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
|
panic: expected socket to exist at '#N
|
C |
|
|
23 |
527d |
528d
|
26/26 |
525d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
|
panic: expected socket to exist at ' N
|
C |
|
|
20 |
529d |
530d
|
26/26 |
525d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
|
panic: Sentry detected stuck tasks (23)
|
C |
|
|
23 |
532d |
537d
|
26/26 |
532d |
a8bc2e146626
Fix group id cleanup and tidy up some mount methods.
|
|
kvm: panic: Sentry detected stuck tasks (17)
|
|
|
|
14 |
536d |
567d
|
26/26 |
535d |
44e0d6d07246
Unlock putOldMp before retrying the mount checks in pivot_root.
|
|
panic: Sentry detected stuck tasks (22)
|
|
|
|
5 |
537d |
538d
|
26/26 |
537d |
44e0d6d07246
Unlock putOldMp before retrying the mount checks in pivot_root.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (19)
|
C |
|
|
79 |
540d |
554d
|
26/26 |
539d |
f744f443dd7d
Check before attempting to mount an anon mountpoint.
|
|
panic: nested locking: tmpfs.filesystemRWMutex:
|
|
|
|
1 |
555d |
548d
|
26/26 |
539d |
c74f5866cb75
Fix circular lock that can happen during unlink.
|
|
DATA RACE in kernel.(*Task).MemoryManager (3)
|
C |
|
|
12 |
540d |
540d
|
26/26 |
539d |
c39ecc4eb47a
The local task in process_vm_read|writev is just the calling task.
|
|
DATA RACE in kernel.(*runExitMain).execute (2)
|
C |
|
|
143 |
849d |
859d
|
26/26 |
539d |
b66713079526
Clean up and re-enable process_vm_readv/writev
|
|
DATA RACE in binary.littleEndian.Uint64 (2)
|
C |
|
|
48 |
849d |
859d
|
26/26 |
539d |
b66713079526
Clean up and re-enable process_vm_readv/writev
|
|
panic: Sentry detected stuck tasks (21)
|
|
|
|
64 |
539d |
586d
|
26/26 |
539d |
677d11f22fbe
Chunkify tmpfs Allocate().
|
|
DATA RACE in vfs.(*VirtualFilesystem).connectLocked (2)
|
|
|
|
2 |
552d |
552d
|
26/26 |
539d |
de5271b36007
Fix small data race in mount.
|
|
DATA RACE in safemem.Copy (6)
|
C |
|
|
121 |
849d |
849d
|
26/26 |
539d |
b66713079526
Clean up and re-enable process_vm_readv/writev
|
|
panic: Unknown syscall NUM error: strconv.ParseInt: parsing "./file1": invalid syntax
|
C |
|
|
19 |
562d |
555d
|
26/26 |
547d |
1910a4577f01
cgroupfs: do not return errors from strconv.ParseInt() to write()
|
|
panic: runtime error: invalid memory address or nil pointer dereference (18)
|
|
|
|
4 |
565d |
566d
|
26/26 |
562d |
bb4410f44e32
Rollback 6ceceae9385c and 206e88db3653.
|
|
gvisor test error: panic: interface conversion: vfs.DentryImpl is *tmpfs.dentry, not *kernfs.Dentry
|
|
|
|
38 |
567d |
567d
|
26/26 |
566d |
206e88db3653
Fix cwd/root update method during namespace cloning.
|
|
panic: nested locking: kernfs.filesystemRWMutex: (7)
|
|
|
|
4 |
580d |
582d
|
26/26 |
575d |
c80ab228d85b
Make vfs.PopDelayedDecRefs() clear vfs.toDecRef.
|
|
panic: nested locking: kernfs.filesystemRWMutex: (6)
|
C |
|
|
8 |
583d |
599d
|
26/26 |
582d |
755c1f242cd4
nsfs: mark inodes as anonymous
|
|
panic: Sentry detected stuck tasks (20)
|
C |
|
|
895 |
587d |
590d
|
26/26 |
587d |
960b564a6840
Fix small mount propagation bug.
|
|
kvm: panic: Sentry detected stuck tasks (15)
|
C |
|
|
186 |
587d |
590d
|
26/26 |
587d |
960b564a6840
Fix small mount propagation bug.
|
|
kvm: panic: Sentry detected stuck tasks (14)
|
syz |
|
|
4 |
602d |
608d
|
26/26 |
598d |
118a17d92dcf
kernfs: set DenySpliceIn for DynamicBytesFD
|
|
panic: runtime error: invalid memory address or nil pointer dereference (17)
|
|
|
|
2 |
602d |
602d
|
26/26 |
602d |
6f978d71856e
kernel: GetMountNamespace has to check that mntns isn't nil
|
|
DATA RACE in udp.(*endpoint).Connect.func1
|
C |
|
|
3 |
617d |
610d
|
26/26 |
602d |
5babda534107
Lock around endpoint info access in UDP onICMPError.
|
|
SYZFATAL: executor NUM failed NUM times: executor NUM: exit status NUM
|
syz |
|
|
48074 |
603d |
1022d
|
26/26 |
603d |
41bb04c14901
Implement mount namespaces
|
|
panic: runtime error: invalid memory address or nil pointer dereference (16)
|
C |
|
|
48 |
604d |
611d
|
26/26 |
603d |
ef95be6e1c10
kernel: check that a task has a network namespace
|
|
panic: kcov task work is registered, but no coverage data was found
|
|
|
|
6120 |
618d |
622d
|
26/26 |
615d |
f43a5fc63ac7
Remove panic in ConsumeCoverageData() when no coverage is observed.
|
|
panic: Sentry detected stuck tasks (18)
|
C |
|
|
625 |
619d |
678d
|
26/26 |
618d |
e54e3668b07c
Impose default tmpfs size limits correctly.
|
|
gvisor test error: FATAL ERROR: waiting on pid X: waiting on pid X in sandbox NAME failed: EOF (3)
|
|
|
|
124 |
623d |
624d
|
26/26 |
622d |
ffcbc70b9a4a
systrap: don't change an fpu state from the stub code
|
|
DATA RACE in pipefs.(*inode).UID
|
syz |
|
|
2 |
623d |
623d
|
26/26 |
622d |
02ed5839a762
Add a lock to pipefs's inode to protect a inode's attributes.
|
|
lost connection to test machine (8)
|
|
|
|
1964 |
622d |
955d
|
26/26 |
622d |
8b57c2e7402f
runsc/seccomp: allow sched_getaffinity if race is on
|
|
panic: runtime error: invalid memory address or nil pointer dereference (15)
|
|
|
|
1 |
651d |
651d
|
26/26 |
624d |
bb5ada8caffd
Defer dec refing mounts in InvalidateDentry.
|
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> fasync.fileMutex: (2)
|
|
|
|
2 |
647d |
647d
|
26/26 |
640d |
fedbf08401fe
kernel: unshare a network namespace without taking Task.mu
|
|
panic: WARNING: circular locking detected: fasync.fileMutex -> kernel.taskSetRWMutex: (2)
|
C |
|
|
1 |
647d |
647d
|
26/26 |
640d |
fedbf08401fe
kernel: unshare a network namespace without taking Task.mu
|
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> kernel.taskSetRWMutex: (2)
|
C |
|
|
3 |
647d |
647d
|
26/26 |
640d |
fedbf08401fe
kernel: unshare a network namespace without taking Task.mu
|
|
kvm: lost connection to test machine (3)
|
|
|
|
8 |
657d |
679d
|
26/26 |
651d |
52692c3647ea
fdtable: avoid large arrays
|
|
panic: nested locking: kernfs.filesystemRWMutex: (5)
|
|
|
|
5 |
651d |
653d
|
26/26 |
651d |
bb5ada8caffd
Defer dec refing mounts in InvalidateDentry.
|
|
panic: nested locking: kernfs.filesystemRWMutex: (4)
|
C |
|
|
31 |
653d |
748d
|
26/26 |
653d |
084a5022563f
Change InvalidateDentry to return a list of vds with an extra reference.
|
|
kvm: panic: Sentry detected stuck tasks (12)
|
|
|
|
193 |
657d |
819d
|
26/26 |
656d |
52692c3647ea
fdtable: avoid large arrays
|
|
panic: WARNING: circular locking detected: mm.activeRWMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
4 |
689d |
689d
|
26/26 |
657d |
8c975e6e6e68
Mark some kernfs inode as Anonymous.
|
|
DATA RACE in fasync.(*FileAsync).SetOwnerTask
|
C |
|
|
11 |
658d |
660d
|
26/26 |
657d |
5fed8c81b89a
Fix data race by acquiring lock before accessing fields of FileAsync.
|
|
panic: WARNING: circular locking detected: fasync.fileMutex -> kernel.taskSetRWMutex:
|
C |
|
|
1 |
661d |
661d
|
26/26 |
657d |
f3d87d3be121
fasync: release the FileAsync mutex before sending the signal
|
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> fasync.fileMutex:
|
|
|
|
1 |
661d |
661d
|
26/26 |
657d |
f3d87d3be121
fasync: release the FileAsync mutex before sending the signal
|
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> kernel.taskSetRWMutex:
|
C |
|
|
3 |
661d |
661d
|
26/26 |
657d |
f3d87d3be121
fasync: release the FileAsync mutex before sending the signal
|
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> kernfs.filesystemRWMutex: (2)
|
|
|
|
1 |
679d |
679d
|
26/26 |
658d |
ed528835f753
Small circular lock fix.
|
|
gvisor test error: SYZFATAL: BUG: got no fallback coverage:
|
|
|
|
132 |
679d |
756d
|
26/26 |
667d |
83f4f485b4ad
systrap: don't call Goyield() if the race detector is enabled
|
|
panic: Incrementing non-positive count ADDR on tmpfs.inode (3)
|
|
|
|
6 |
687d |
709d
|
26/26 |
671d |
283b80a456aa
Fix logic bug in attaching mounts.
|
|
DATA RACE in log.GoogleEmitter.Emit (2)
|
|
|
|
3 |
675d |
677d
|
26/26 |
672d |
158636229e87
Avoid serializing the sharedContext struct in formatting directives.
|
|
DATA RACE in kernel.(*TaskImage).Fork
|
C |
|
|
8 |
768d |
768d
|
26/26 |
675d |
028cf757bbef
Clarify comment about copying Task.image in Task.Clone().
|
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> tmpfs.filesystemRWMutex: (2)
|
C |
|
|
17 |
679d |
680d
|
26/26 |
678d |
ed528835f753
Small circular lock fix.
|
|
panic: Sentry detected stuck tasks (17)
|
C |
|
|
822 |
678d |
944d
|
26/26 |
678d |
ed528835f753
Small circular lock fix.
|
|
gvisor build error (19)
|
|
|
|
110 |
680d |
681d
|
26/26 |
680d |
74e63e9e296a
Update packages
|
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (2)
|
C |
|
|
47 |
687d |
692d
|
26/26 |
680d |
283b80a456aa
Fix logic bug in attaching mounts.
|
|
gvisor test error: timed out (4)
|
|
|
|
548 |
682d |
1046d
|
26/26 |
681d |
83f4f485b4ad
systrap: don't call Goyield() if the race detector is enabled
|
|
panic: WARNING: circular locking detected: stack.neighborEntryRWMutex -> stack.nicRWMutex:
|
|
|
|
1 |
714d |
714d
|
26/26 |
682d |
38823be81914
Don't lock before accessing nic.networkEndpoints
|
|
panic: WARNING: circular locking detected: transport.streamQueueReceiverMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
1 |
689d |
689d
|
26/26 |
682d |
2044c3449153
Don't hold streamQueueReceiver.mu while calling RightsControlMessage.Release().
|
|
panic: WARNING: circular locking detected: transport.endpointMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
1 |
689d |
689d
|
26/26 |
682d |
a7e1fe92f588
Don't hold baseEndpoint.mu when calling receiver.Recv.
|
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> tmpfs.filesystemRWMutex:
|
C |
|
|
18 |
802d |
877d
|
26/26 |
682d |
e0b1585586c6
Remove stale `vdDentry` variable from VirtualFilesystem.connectMountAt().
|
|
panic: nested locking: transport.endpointMutex:
|
C |
|
|
1 |
689d |
689d
|
26/26 |
682d |
a7e1fe92f588
Don't hold baseEndpoint.mu when calling receiver.Recv.
|
|
fatal error: unexpected signal during runtime execution (3)
|
|
|
|
9 |
727d |
730d
|
26/26 |
727d |
96aa115516c8
systrap: simplify interrupt handling in syshandler
|
|
gvisor boot error: panic: prctl(PR_SET_NO_NEW_PRIVS) failed: invalid argument
|
|
|
|
12 |
730d |
730d
|
26/26 |
730d |
6890e539c700
systrap: set all arguments of prctl(PR_SET_NO_NEW_PRIVS)
|
|
panic: interface conversion: *kernel.Kernel is not unimpl.Events: missing method EmitUnimplementedEvent
|
C |
|
|
5857 |
734d |
736d
|
26/26 |
734d |
f8b98248139c
Update `unimpl.EmitUnimplementedEvent` interface to add the syscall number.
|
|
gvisor test error: SYZFATAL: BUG: program execution failed: executor NUM: not serving
|
|
|
|
137 |
736d |
742d
|
26/26 |
736d |
08920d098b30
Fix systrap TLS handling on ARM.
|
|
gvisor build error (18)
|
|
|
|
313 |
743d |
765d
|
26/26 |
736d |
fedadb093205
Fix syzkaller systrap builds.
|
|
DATA RACE in systrap.(*subprocessPool).fetchAvailable
|
|
|
|
25 |
746d |
757d
|
26/26 |
736d |
f01bf248c19f
Fix data race in subprocess pool.
|
|
panic: WARNING: circular locking detected: tmpfs.filesystemRWMutex -> kernel.taskSetRWMutex:
|
syz |
|
|
14 |
742d |
1017d
|
26/26 |
736d |
758da469f7ed
kernel: release kernel.taskSetRWMutex before calling TaskImage.Release
|
|
panic: runtime error: index out of range [ADDR] with length NUM
|
C |
|
|
17 |
747d |
747d
|
26/26 |
736d |
fc94225c333d
Fix crash with large FD value
|
|
gvisor boot error: FATAL ERROR: overlay flag is incompatible with shared file access for rootfs
|
|
|
|
148 |
749d |
751d
|
26/26 |
741d |
1b7a4e2a055c
Prepare to make root overlay the default.
|
|
gvisor boot error: FATAL ERROR: overlay flag has been replaced with overlay2 flag
|
|
|
|
66 |
748d |
750d
|
26/26 |
741d |
1b7a4e2a055c
Prepare to make root overlay the default.
|
|
DATA RACE in vfs.(*VirtualFilesystem).PivotRoot
|
C |
|
|
1 |
759d |
759d
|
26/26 |
750d |
807fd0fd27d0
Lock around accessing the mount namespace in pivot_root.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (14)
|
C |
|
|
753 |
758d |
759d
|
18/26 |
758d |
8a1845f8b850
Don't send a signal to a controlling thread group if one has not been set.
|
|
fatal error: stack overflow
|
|
|
|
1 |
834d |
834d
|
18/26 |
759d |
426deb60fd25
lockdep: fix the TOCTTOU issue
|
|
panic: runtime error: invalid memory address or nil pointer dereference (13)
|
C |
|
|
2752 |
759d |
762d
|
18/26 |
759d |
8184fa1db0fa
Clean up devpts code, and deduplicate the foreground process state.
|
|
panic: runtime error: slice bounds out of range [:NUM] with capacity NUM (2)
|
C |
|
|
7 |
764d |
766d
|
18/26 |
762d |
5817f4cc64e4
Fix FUSE how handles malformed INIT requests.
|
|
panic: nested locking: kernfs.filesystemRWMutex: (3)
|
syz |
|
|
19 |
771d |
796d
|
18/26 |
769d |
28472cc03fe1
don't take an unnecessary reference in proc.fdSymlink.Valid()
|
|
panic: interface conversion: vfs.DentryImpl is *vfs.anonDentry, not *kernfs.Dentry (2)
|
C |
|
|
13 |
776d |
776d
|
18/26 |
775d |
1beb3e2b251d
Check hard link target's mount compatibility before kernfs.Dentry cast. Again.
|
|
panic: interface conversion: vfs.DentryImpl is *tmpfs.dentry, not *kernfs.Dentry (2)
|
C |
|
|
65 |
775d |
776d
|
18/26 |
775d |
1beb3e2b251d
Check hard link target's mount compatibility before kernfs.Dentry cast. Again.
|
|
panic: interface conversion: vfs.DentryImpl is *vfs.anonDentry, not *kernfs.Dentry
|
C |
|
|
14 |
778d |
781d
|
18/26 |
776d |
8373fb5db8c8
Check hard link target's mount compatibility before kernfs.Dentry cast.
|
|
panic: interface conversion: vfs.DentryImpl is *tmpfs.dentry, not *kernfs.Dentry
|
C |
|
|
390 |
776d |
782d
|
18/26 |
776d |
8373fb5db8c8
Check hard link target's mount compatibility before kernfs.Dentry cast.
|
|
panic: interface conversion: vfs.DentryImpl is *gofer.dentry, not *kernfs.Dentry
|
C |
|
|
13 |
779d |
779d
|
18/26 |
779d |
8373fb5db8c8
Check hard link target's mount compatibility before kernfs.Dentry cast.
|
|
panic: runtime error: index out of range [NUM] with length NUM (3)
|
C |
|
|
372 |
794d |
798d
|
18/26 |
794d |
fe562179fea1
Handle absolute symlink target '/' correctly in VFS layer.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (12)
|
C |
|
|
31 |
798d |
859d
|
18/26 |
794d |
e08f204299df
inet: each socket has to hold a reference to its network namespace
|
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> kernfs.filesystemRWMutex:
|
|
|
|
1 |
813d |
813d
|
18/26 |
796d |
492d7a98116b
Decref target VirtualDentry outside the vfs mount lock during mount ops.
|
|
gvisor test error: panic: ptrace set regs (&{PtraceRegs:{Regs:[ADDR NUM ADDR NUM NUM NUM NUM ADDR ADDR NUM NUM ADDR ADDR NUM ADDR ADDR NUM
|
|
|
|
10 |
801d |
801d
|
15/26 |
799d |
194029b95444
arm64: validate registers that come from user-space
|
|
panic: WARNING: circular locking detected: stack.nicRWMutex -> stack.packetsPendingLinkResolutionMutex: (2)
|
C |
|
|
53 |
832d |
834d
|
14/26 |
832d |
bc440b67fce0
Don't hold nic.mu when calling n.linkResQueue.cancel.
|
|
panic: WARNING: circular locking detected: stack.nicRWMutex -> stack.neighborCacheRWMutex:
|
C |
|
|
356 |
835d |
840d
|
14/26 |
834d |
70be2fc8a772
Remove unsetting route's cached neighbor entry in link res callback.
|
|
gvisor build error (16)
|
|
|
|
12 |
847d |
847d
|
14/26 |
835d |
20b2ec04d94d
Update bazel packages
|
|
panic: WARNING: circular locking detected: stack.packetsPendingLinkResolutionMutex -> stack.routeRWMutex:
|
C |
|
|
2602 |
835d |
840d
|
14/26 |
835d |
4f326de47636
Make nic.spoofing and nic.promiscuous atomic Bools to avoid lock contention.
|
|
panic: WARNING: circular locking detected: stack.nicRWMutex -> stack.packetsPendingLinkResolutionMutex:
|
C |
|
|
1246 |
835d |
840d
|
14/26 |
835d |
4f326de47636
Make nic.spoofing and nic.promiscuous atomic Bools to avoid lock contention.
|
|
gvisor boot error: FATAL ERROR: running container: creating container: failed to create an unnamed temporary file inside "/tmp"
|
|
|
|
24 |
839d |
839d
|
14/26 |
838d |
368e85414697
overlay2: Do not use O_TMPFILE to create unnamed temporary file.
|
|
panic: WARNING: circular locking detected: kernel.signalHandlersMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
351 |
845d |
848d
|
14/26 |
845d |
d0ae59368d8a
cgroupfs: Fix lock ordering between kernfs.Filesystem.mu and TaskSet.mu.
|
|
panic: WARNING: circular locking detected: kernel.taskSetRWMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
2320 |
845d |
848d
|
14/26 |
845d |
d0ae59368d8a
cgroupfs: Fix lock ordering between kernfs.Filesystem.mu and TaskSet.mu.
|
|
panic: cgroupfs: pids controller attempted to remove pending charge for Task ADDR, but task didn't have pending charges, (2)
|
|
|
|
1 |
878d |
878d
|
14/26 |
847d |
62ddad611979
cgroupfs: Fix several races with task migration.
|
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
|
C |
|
|
27 |
847d |
848d
|
14/26 |
847d |
1823b16fccf7
Clean up DecRefs in mount methods.
|
|
panic: Incrementing non-positive count ADDR on tmpfs.inode (2)
|
C |
|
|
56 |
847d |
848d
|
14/26 |
847d |
1823b16fccf7
Clean up DecRefs in mount methods.
|
|
panic: kernfs.Dentry.DecRef() called without holding a reference (2)
|
C |
|
|
61 |
847d |
848d
|
14/26 |
847d |
1823b16fccf7
Clean up DecRefs in mount methods.
|
|
kvm: panic: Sentry detected stuck tasks (10)
|
|
|
|
3 |
864d |
881d
|
14/26 |
848d |
ece02b45b5b4
Add a maximum to the total number of mounts allowed in a namespace.
|
|
panic: Lock not held: transport.endpointMutex[e]:
|
C |
|
|
1191 |
849d |
849d
|
14/26 |
849d |
1ceee8c31071
connectioned: Change nested lock name to only have a single nested lock.
|
|
DATA RACE in safemem.Copy (5)
|
C |
|
|
3153 |
849d |
859d
|
14/26 |
849d |
ae731e0394f5
Don't use other process's scratch buffer.
|
|
panic: unbalance unlock: mm.activeRWMutex:LINE:
|
|
|
|
2 |
851d |
862d
|
14/26 |
849d |
445fa6f40c89
Lockdep: Print more info in the "unbalanced unlock" case.
|
|
panic: WARNING: circular locking detected: kernel.taskMutex -> kernel.taskSetRWMutex:
|
C |
|
|
1470 |
859d |
860d
|
14/26 |
857d |
38a0512f13fa
Fix circular lock in process_vm_(read|write)v
|
|
DATA RACE in binary.littleEndian.Uint64
|
C |
|
|
29 |
958d |
961d
|
14/26 |
860d |
106f6ea96746
Re-enable process_vm_(read|write)v
|
|
panic: runtime error: slice bounds out of range [:ADDR] with capacity ADDR
|
C |
|
|
914 |
861d |
878d
|
14/26 |
860d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
|
DATA RACE in safemem.Copy (4)
|
C |
|
|
1019 |
958d |
961d
|
14/26 |
860d |
106f6ea96746
Re-enable process_vm_(read|write)v
|
|
panic: runtime error: slice bounds out of range [ADDR:NUM]
|
C |
|
|
13 |
865d |
865d
|
14/26 |
860d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
|
panic: runtime error: slice bounds out of range [:ADDR] with capacity NUM
|
C |
|
|
124 |
861d |
877d
|
14/26 |
860d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
|
panic: runtime error: integer divide by zero (3)
|
C |
|
|
443 |
860d |
877d
|
14/26 |
860d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
|
panic: Unknown syscall -NUM error: EOF
|
C |
|
|
14 |
865d |
866d
|
14/26 |
860d |
f3aaf4326636
io_ring: Handle EOF on IORING_OP_READV
|
|
DATA RACE in tmpfs.GetSeals
|
|
|
|
1 |
866d |
866d
|
14/26 |
862d |
374e716c7ce2
AddSeals has to take the write lock to modify seals
|
|
DATA RACE in tmpfs.AddSeals
|
C |
|
|
4 |
865d |
866d
|
14/26 |
862d |
374e716c7ce2
AddSeals has to take the write lock to modify seals
|
|
panic: runtime error: slice bounds out of range [:NUM] with capacity NUM
|
C |
|
|
196 |
1146d |
1154d
|
14/26 |
864d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
panic: addresses IP and fe80::aa do not have the same length (2)
|
|
|
|
1 |
869d |
869d
|
14/26 |
865d |
8756ebc3b406
Netstack: Check address matches the endpoint protocol for IP_DROP_MEMBERSHIP
|
|
panic: runtime error: invalid memory address or nil pointer dereference (11)
|
C |
|
|
2733 |
868d |
962d
|
14/26 |
867d |
ae136df84998
Add nil-check for parent mount in umount(2) while handling mount propagation.
|
|
DATA RACE in vfs.(*VirtualFilesystem).setPropagation
|
C |
|
|
3 |
881d |
881d
|
14/26 |
867d |
20ef2127a102
Lock around optional tag generation.
|
|
DATA RACE in bufferv2.newChunk
|
C |
|
|
68 |
875d |
890d
|
14/26 |
874d |
6b3b5493d0ea
Fix ipv6 header view ownership.
|
|
DATA RACE in vfs.(*VirtualFilesystem).GenerateProcMountInfo
|
C |
|
|
2 |
879d |
881d
|
14/26 |
877d |
20ef2127a102
Lock around optional tag generation.
|
|
panic: runtime error: integer divide by zero (2)
|
C |
|
|
56 |
877d |
878d
|
14/26 |
877d |
d4b159ae93b5
iouring: Disallow zero, or less CQ entries than SQ entries
|
|
panic: nested locking: kernel.taskSetRWMutex:
|
C |
|
|
2 |
936d |
936d
|
14/26 |
883d |
c1427a04dfba
Disable fasync for signalfd descriptors
|
|
gvisor test error: panic: WARNING: circular locking detected: mm.activeRWMutex -> kernel.taskSetRWMutex:
|
|
|
|
1 |
904d |
904d
|
14/26 |
897d |
2e844f74fcdd
Do not use ktime.Timer for CPU clock ticks.
|
|
panic: Decrementing non-positive ref count ADDR, owned by kernel.ProcessGroup (2)
|
C |
|
|
3 |
902d |
936d
|
14/26 |
902d |
36ddd3050cc2
Check if ThreadGroup exists before executing JoinProcessGroup.
|
|
kvm: panic: Sentry detected stuck tasks (9)
|
|
|
|
2 |
930d |
931d
|
14/26 |
919d |
48e2252b3bac
fix panic caused by too-large buffer allocations
|
|
gvisor build error (15)
|
|
|
|
232 |
926d |
925d
|
14/26 |
923d |
d2827e5a9242
Don't require gcc-multilib to be installed to build BPF
|
|
panic: cgroupfs: pids controller pending pool would be negative if charge was allowed: current pool: NUM, proposed charg
|
C |
|
|
97 |
940d |
1059d
|
14/26 |
940d |
46e08207b58f
cgroupfs: Handle hierachy changes across charge/uncharge.
|
|
panic: addresses IP and fe80::aa do not have the same length
|
|
|
|
102 |
959d |
988d
|
14/26 |
953d |
b195ca54f311
Netstack: Check that the multicast address matches the endpoint protocol.
|
|
DATA RACE in fuse.newFUSEFilesystem
|
C |
|
|
384 |
1146d |
1154d
|
14/26 |
962d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
panic: WARNING: circular locking detected: cgroupfs.pidsControllerMutex -> mm.mappingRWMutex:
|
|
|
|
3 |
1016d |
1017d
|
14/26 |
1014d |
d5a04e338eef
cgroupfs: Don't copy in with cgroups locks held.
|
|
panic: WARNING: circular locking detected: tmpfs.inodeMutex -> mm.activeRWMutex:
|
C |
|
|
8353 |
1017d |
1018d
|
14/26 |
1014d |
82498d087ef8
Don't hold MM.activeMu when calling MM.vmaMapsEntryLocked().
|
|
panic: Sentry detected stuck tasks (16)
|
|
|
|
5 |
1022d |
1095d
|
14/26 |
1021d |
8b41af93300c
sync/lockdep: use RangeRepeatable instead of Range
|
|
kvm: panic: Sentry detected stuck tasks (7)
|
|
|
|
1 |
1041d |
1034d
|
14/26 |
1022d |
6fda48f50dcd
tcpip/transport/raw: check MTU before copying a buffer from user memory
|
|
panic: invalid allocation length: 0x0 (4)
|
C |
|
|
4338 |
1022d |
1025d
|
14/26 |
1022d |
3290a054c5bd
getdents: Test that size parameter is not zero before allocating PMAs.
|
|
panic: WARNING: circular locking detected: kernel.taskSetRWMutex -> mm.activeRWMutex:
|
|
|
|
2 |
1039d |
1035d
|
14/26 |
1028d |
e47be0cfc06d
Move Send/RecvNotify calls outside of CopyIn/Out, due to lock order.
|
|
panic: runtime error: index out of range [-NUM]
|
C |
|
|
13 |
1053d |
1053d
|
14/26 |
1050d |
a7cad2b092de
Tmpfs with size option enabled bug fix.
|
|
DATA RACE in fuse.(*connection).callFutureLocked
|
C |
|
|
2 |
1151d |
1154d
|
14/26 |
1059d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
DATA RACE in fuse.(*DeviceFD).Read
|
C |
|
|
238 |
1148d |
1154d
|
14/26 |
1059d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
DATA RACE in fuse.newFUSEConnection
|
C |
|
|
52 |
1148d |
1154d
|
14/26 |
1059d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
DATA RACE in fuse.(*DeviceFD).PWrite
|
C |
|
|
11 |
1151d |
1154d
|
14/26 |
1059d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
DATA RACE in fuse.(*DeviceFD).PRead
|
C |
|
|
9 |
1150d |
1154d
|
14/26 |
1059d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
DATA RACE in fuse.(*DeviceFD).Seek
|
C |
|
|
8 |
1154d |
1154d
|
14/26 |
1059d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
|
panic: unexpected tcp state in processor: BOUND
|
C |
|
|
36 |
1070d |
1073d
|
14/26 |
1070d |
3b917921d7fe
Fix race in listen.
|
|
DATA RACE in cgroupfs.(*memsData).Write
|
C |
|
|
4 |
1082d |
1082d
|
14/26 |
1074d |
5f9bd8a53b20
cgroupfs: Synchronize access to cpuset controller bitmaps.
|
|
panic: unknown network protocol number NUM
|
C |
|
|
56 |
1163d |
1175d
|
14/26 |
1093d |
6a28dc7c5963
Correct fragmentation reference counting.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (10)
|
C |
|
|
11 |
1099d |
1105d
|
14/26 |
1098d |
5835bc8c3a4b
cgroupfs: Handle invalid PID/PGID on migration.
|
|
DATA RACE in kernfs.(*OrderedChildren).checkExistingLocked
|
C |
|
|
1 |
1121d |
1121d
|
14/26 |
1100d |
9085d334deed
kernfs: Handle duplicate unlink on orphaned directories.
|
|
panic: Inode doesn't match what kernfs thinks! OrderedChild: &{dir:{InodeNoopRefCount:{InodeTemporary:{}} InodeAlwaysVal
|
C |
|
|
12 |
1106d |
1121d
|
14/26 |
1100d |
9085d334deed
kernfs: Handle duplicate unlink on orphaned directories.
|
|
DATA RACE in bitmap.(*Bitmap).Maximum
|
C |
|
|
8 |
1113d |
1121d
|
14/26 |
1113d |
4503ba3f5efd
Fix data race when using UNSHARE in close_range.
|
|
kvm: lost connection to test machine
|
|
|
|
364 |
1116d |
1469d
|
14/26 |
1113d |
81d384cfe9d3
Fix race between epoll readiness check and re-readying.
|
|
lost connection to test machine (6)
|
|
|
|
4341 |
1114d |
1353d
|
14/26 |
1114d |
81d384cfe9d3
Fix race between epoll readiness check and re-readying.
|
|
DATA RACE in transport.(*connectionedEndpoint).Connect.func1 (2)
|
C |
|
|
4 |
1130d |
1123d
|
14/26 |
1118d |
b1ceabc884c0
Hold baseEndpoint.mu when calling baseEndpoint.Connected()
|
|
kvm: panic: Sentry detected stuck tasks (6)
|
|
|
|
15 |
1122d |
1133d
|
14/26 |
1122d |
f51097051ac5
tun: reject packets larger MTU
|
|
panic: Sentry detected stuck tasks (15)
|
C |
|
|
2582 |
1131d |
1208d
|
14/26 |
1126d |
510cc2f7fca9
Fix pivot_root lock inversion.
|
|
Invalid request partialResult in sendto (3)
|
C |
|
|
9 |
1129d |
1129d
|
14/26 |
1127d |
395c38be75d1
Add ECONNABORTED to the partial result error list.
|
|
kvm: panic: Sentry detected stuck tasks (5)
|
C |
|
|
65 |
1134d |
1196d
|
14/26 |
1133d |
b413d78c27db
sendfile: limit a buffer size
|
|
panic: runtime error: invalid memory address or nil pointer dereference (9)
|
C |
|
|
262 |
1146d |
1143d
|
14/26 |
1142d |
b7ccfa5084e2
Fixes #7086,#6964,#3413,#7001.
|
|
DATA RACE in fuse.(*connection).callFuture (2)
|
|
|
|
3 |
1147d |
1148d
|
14/26 |
1146d |
e219f75d8b3c
Fuse: Cache `maxActiveRequests` in `connection` to avoid reading it from `fs`.
|
|
panic: Unknown syscall NUM error: payload too small. Minimum data lenth required: NUM, but got data length NUM
|
C |
|
|
79 |
1147d |
1153d
|
14/26 |
1147d |
55ef37166897
Return well-defined error on short payload in FUSE.
|
|
fatal error: sync: unlock of unlocked mutex
|
C |
|
|
26 |
1147d |
1148d
|
14/26 |
1147d |
10d1a49c5ba2
Fuse: `DeviceFD.Read`: Lock `DeviceFD` ahead of other locks.
|
|
DATA RACE in fuse.(*connection).callFuture
|
|
|
|
1 |
1151d |
1151d
|
14/26 |
1148d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
|
DATA RACE in fuse.(*connection).initProcessReply
|
C |
|
|
14 |
1149d |
1153d
|
14/26 |
1148d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
|
DATA RACE in fuse.(*DeviceFD).writeLocked
|
C |
|
|
33 |
1149d |
1154d
|
14/26 |
1148d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
|
DATA RACE in fuse.(*connection).Call
|
C |
|
|
65 |
1148d |
1152d
|
14/26 |
1148d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
|
DATA RACE in fuse.(*DeviceFD).Release
|
C |
|
|
404 |
1148d |
1154d
|
14/26 |
1148d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
|
DATA RACE in stack.(*PacketBuffer).reset (2)
|
syz |
|
|
2 |
1175d |
1175d
|
14/26 |
1150d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (8)
|
C |
|
|
214 |
1150d |
1175d
|
14/26 |
1150d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
|
panic: Incrementing non-positive count ADDR on stack.PacketBuffer
|
C |
|
|
9 |
1161d |
1161d
|
14/26 |
1150d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
|
DATA RACE in mqfs.FilesystemType.GetFilesystem
|
|
|
|
1 |
1165d |
1165d
|
14/26 |
1150d |
d1dadc9c19a1
Remove dentry_cache_limit mount option from mqfs.
|
|
gvisor build error (13)
|
|
|
|
201 |
1156d |
1163d
|
14/26 |
1155d |
c18ec0b53cf2
Fix race build error.
|
|
panic: runtime error: index out of range [NUM] with length NUM (2)
|
C |
|
|
21 |
1156d |
1163d
|
14/26 |
1156d |
5fb527632358
Handle 0 sized writes to /dev/net/tun.
|
|
panic: PullUp failed (2)
|
syz |
|
|
4 |
1164d |
1173d
|
14/26 |
1161d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
|
DATA RACE in transport.(*connectionedEndpoint).Listen
|
|
|
|
1 |
1192d |
1192d
|
14/26 |
1177d |
52bee5297caf
unix: call Listening under the endpoint lock
|
|
DATA RACE in udp.(*endpoint).Connect (2)
|
C |
|
|
4 |
1583d |
1588d
|
14/26 |
1186d |
2485a4e2cb4a
Make stack.Route safe to access concurrently
|
|
kvm: panic: Sentry detected stuck tasks (4)
|
C |
|
|
627 |
1203d |
1231d
|
14/26 |
1203d |
4d29819e13a1
pipe: have separate notifiers for readers and writers
|
|
panic: Sentry detected stuck tasks (14)
|
|
|
|
20 |
1212d |
1257d
|
14/26 |
1211d |
b2f8b495ad73
cgroup/cpuset: handle the offset argument of write methods properly
|
|
DATA RACE in stack.(*PacketBuffer).reset
|
|
|
|
9 |
1233d |
1233d
|
14/26 |
1232d |
bb1ae811f4eb
Prevent PacketBuffers from being returned to the pool too early in nic.
|
|
panic: runtime error: makeslice: len out of range (4)
|
|
|
|
36 |
1233d |
1237d
|
14/26 |
1233d |
37792ee1e6e1
Validate ControlMessageHeader.Length
|
|
SYZFAIL: tun: can't open /dev/net/tun
|
syz |
|
|
339 |
1241d |
1494d
|
14/26 |
1241d |
58017e655399
Handle UMOUNT_NOFOLLOW in VFS2 umount(2).
|
|
kvm: no output from test machine (2)
|
C |
|
|
23 |
1242d |
1320d
|
14/26 |
1241d |
58017e655399
Handle UMOUNT_NOFOLLOW in VFS2 umount(2).
|
|
DATA RACE in cgroupfs.(*cpusData).Generate
|
|
|
|
2 |
1247d |
1251d
|
14/26 |
1246d |
6078d26588c0
Sychronize access to cpuset controller bitmaps.
|
|
DATA RACE in cgroupfs.(*cpusData).Write
|
C |
|
|
6 |
1246d |
1251d
|
14/26 |
1246d |
6078d26588c0
Sychronize access to cpuset controller bitmaps.
|
|
panic: runtime error: index out of range [NUM] with length NUM
|
C |
|
|
12 |
1248d |
1251d
|
14/26 |
1248d |
f54a25c1f03e
Validate an icmp header before accessing it
|
|
panic: interface conversion: kernfs.Inode is nil, not *mqfs.rootInode
|
|
|
|
2 |
1249d |
1252d
|
14/26 |
1248d |
763d7e6e396d
Obtain ref on root dentry in mqfs.GetFilesystem.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (7)
|
C |
|
|
45305 |
1248d |
1277d
|
14/26 |
1248d |
763d7e6e396d
Obtain ref on root dentry in mqfs.GetFilesystem.
|
|
panic: kernfs.Dentry.DecRef() called without holding a reference
|
C |
|
|
87 |
1248d |
1252d
|
14/26 |
1248d |
763d7e6e396d
Obtain ref on root dentry in mqfs.GetFilesystem.
|
|
panic: Only permission mask must be set: ADDR
|
C |
|
|
756 |
1248d |
1252d
|
14/26 |
1248d |
4d07fc952d6b
Do not leak non-permission mode bits in mq_open(2).
|
|
gvisor build error (11)
|
|
|
|
386 |
1319d |
1324d
|
14/26 |
1275d |
c2353e4055ac
[op] Fix //debian:debian.
|
|
FATAL ERROR: waiting on pid X: waiting on pid X in sandbox NAME failed: EOF (3)
|
C |
|
|
2034 |
1276d |
1370d
|
14/26 |
1275d |
0bdd79ccd469
kvm: trap mmap syscalls to map new regions to the guest
|
|
DATA RACE in safemem.Copy (3)
|
C |
|
|
3 |
1282d |
1282d
|
14/26 |
1276d |
1fe0a6691ff5
Prevent PacketData from being modified.
|
|
panic: runtime error: slice bounds out of range [:LINE] with capacity 0
|
|
|
|
2 |
1326d |
1327d
|
14/26 |
1277d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
|
panic: Sentry detected stuck tasks (13)
|
|
|
|
1 |
1287d |
1287d
|
14/26 |
1277d |
4076153be684
Fix lock ordering violation
|
|
Invalid request partialResult in pwritev
|
C |
|
|
278 |
1469d |
1488d
|
14/26 |
1279d |
7fac7e32f3a8
Translate syserror when validating partial IO errors
|
|
kvm: panic: Watchdog goroutine is stuck (4)
|
|
|
|
18 |
1308d |
1365d
|
14/26 |
1279d |
14d6cb4436f1
platform/kvm: fix a race condition in vCPU.unlock()
|
|
panic: runtime error: slice bounds out of range [40:LINE]
|
|
|
|
3 |
1333d |
1336d
|
14/26 |
1279d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
|
Invalid request partialResult in sendto (2)
|
C |
|
|
10 |
1315d |
1390d
|
14/26 |
1279d |
e5fe488b2273
Wake up Writers when tcp socket is shutdown for writes.
|
|
kvm: panic: Sentry detected stuck tasks (2)
|
C |
|
|
66 |
1287d |
1449d
|
14/26 |
1279d |
1947c873423c
Fix deadlock in /proc/[pid]/fd/[num]
|
|
panic: Sentry detected stuck tasks (12)
|
|
|
|
2 |
1288d |
1288d
|
14/26 |
1288d |
51b96514cd93
Limit most file mmaps to the range of an int64.
|
|
DATA RACE in msgqueue.(*Queue).pop
|
C |
|
|
2 |
1313d |
1313d
|
14/26 |
1289d |
d6c99694bcb9
Fix race on msgrcv(MSG_COPY).
|
|
panic: Sentry detected stuck tasks (11)
|
C |
|
|
31 |
1304d |
1431d
|
14/26 |
1301d |
9149b2cefdb5
unix: avoid taking two endpoint locks
|
|
panic: runtime error: makeslice: len out of range (3)
|
C |
|
|
10 |
1303d |
1303d
|
14/26 |
1303d |
927ea16dd384
unix: handle a case when a buffer is overflowed
|
|
panic: unknown error: SIGBUS at ADDR
|
C |
|
|
17 |
1305d |
1319d
|
14/26 |
1304d |
dfbcb8903ae8
[syserr] Fix SIGBUS on syserr.FromError
|
|
DATA RACE in safemem.Copy (2)
|
C |
|
|
9 |
1329d |
1329d
|
14/26 |
1319d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
|
panic: runtime error: slice bounds out of range [2:LINE]
|
|
|
|
1 |
1346d |
1346d
|
14/26 |
1319d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
|
DATA RACE in buffer.(*buffer).Remove
|
C |
|
|
2 |
1329d |
1329d
|
14/26 |
1319d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
|
kvm: no output from test machine
|
|
|
|
1107 |
1329d |
1480d
|
14/26 |
1329d |
569f605f438d
Correctly handle interruptions in blocking msgqueue syscalls.
|
|
no output from test machine (9)
|
C |
|
|
2298 |
1329d |
1485d
|
14/26 |
1329d |
569f605f438d
Correctly handle interruptions in blocking msgqueue syscalls.
|
|
panic: unable to find an index for ID: 0
|
C |
|
|
1497 |
1343d |
1343d
|
14/26 |
1343d |
3d0a9300050a
Don't panic on user-controlled state in semaphore syscalls.
|
|
DATA RACE in atomic.CompareAndSwapInt32 (4)
|
syz |
|
|
4 |
1356d |
1349d
|
14/26 |
1344d |
a89b2f005b71
Use atomics when checking for parent setgid in VFS2 tmpfs file creation.
|
|
panic: FIN segments must be the final segment in the write list.
|
|
|
|
2 |
1362d |
1362d
|
14/26 |
1358d |
1fc7a9eac2f2
Do not queue zero sized segments.
|
|
FATAL ERROR: waiting on pid X: waiting on pid X in sandbox NAME failed: EOF (2)
|
C |
|
|
2532 |
1371d |
1983d
|
14/26 |
1370d |
d703340bc04a
runsc: don't kill sandbox, let it stop properly
|
|
panic: Incrementing non-positive count ADDR on kernel.ProcessGroup (2)
|
|
|
|
1 |
1380d |
1380d
|
14/26 |
1371d |
2e6195ffe0ad
CreateProcessGroup has to check whether a target process stil exists or not
|
|
kvm: panic: Watchdog goroutine is stuck (3)
|
C |
|
|
48 |
1386d |
1437d
|
14/26 |
1384d |
3fcbad509300
Fix lock ordering issue when enumerating cgroup tasks.
|
|
panic: Watchdog goroutine is stuck (2)
|
|
|
|
1 |
1397d |
1390d
|
14/26 |
1385d |
3fcbad509300
Fix lock ordering issue when enumerating cgroup tasks.
|
|
panic: Incrementing non-positive count ADDR on vfs.Filesystem (2)
|
|
|
|
1 |
1409d |
1409d
|
14/26 |
1407d |
af229f46a149
Fix cgroupfs mount racing with unmount.
|
|
panic: PullUp failed
|
C |
|
|
615 |
1412d |
1413d
|
14/26 |
1412d |
436148d68a50
Fix panic on consume in a mixed push/consume case
|
|
panic: Incrementing non-positive count ADDR on vfs.Filesystem
|
C |
|
|
2 |
1430d |
1430d
|
14/26 |
1412d |
78ae3db1a39c
Fix cgroup hierarchy registration.
|
|
DATA RACE in cgroupfs.FilesystemType.GetFilesystem
|
C |
|
|
1 |
1430d |
1423d
|
14/26 |
1412d |
78ae3db1a39c
Fix cgroup hierarchy registration.
|
|
panic: Sentry detected stuck tasks (10)
|
C |
|
|
264 |
1438d |
1490d
|
14/26 |
1438d |
b0333d33a206
Optimize safemem.Zero
|
|
kvm: panic: Watchdog goroutine is stuck (2)
|
|
|
|
110 |
1444d |
1461d
|
14/26 |
1444d |
f4f6ce337aa8
Don't grab TaskSet mu recursively when reading task state.
|
|
panic: Watchdog goroutine is stuck
|
C |
|
|
1831 |
1445d |
1743d
|
14/26 |
1444d |
f4f6ce337aa8
Don't grab TaskSet mu recursively when reading task state.
|
|
panic: makechan: size out of range
|
C |
|
|
183 |
1448d |
1451d
|
14/26 |
1447d |
dc8f6c691474
Move maxListenBacklog check to sentry
|
|
fatal error: unexpected signal during runtime execution
|
syz |
|
|
272 |
1515d |
2204d
|
14/26 |
1447d |
eb9b8e53a3ef
platform/kvm/x86: restore mxcsr when switching from guest to sentry
|
|
kvm: panic: Watchdog goroutine is stuck
|
|
|
|
240 |
1463d |
1473d
|
14/26 |
1462d |
2f3dac78ca9a
kvm: prefault a floating point state before restoring it
|
|
Invalid request partialResult in write (2)
|
C |
|
|
11628 |
1465d |
1530d
|
14/26 |
1464d |
7fac7e32f3a8
Translate syserror when validating partial IO errors
|
|
kvm: panic: Sentry detected stuck tasks
|
C |
|
|
152 |
1464d |
1480d
|
14/26 |
1464d |
2f3dac78ca9a
kvm: prefault a floating point state before restoring it
|
|
panic: Sentry detected stuck tasks (9)
|
|
|
|
9 |
1491d |
1491d
|
14/26 |
1490d |
38c42bbf4ad2
Remove deadlock in raw.endpoint caused by recursive read locking
|
|
panic: Sentry detected stuck tasks (8)
|
C |
|
|
64 |
1491d |
1493d
|
14/26 |
1491d |
f5692f7dcc48
Kernfs should not try to rename a file to itself.
|
|
no output from test machine (8)
|
C |
|
|
15268 |
1492d |
1595d
|
14/26 |
1492d |
acd516cfe292
Add YAMA security module restrictions on ptrace(2).
|
|
panic: running on goroutine 582 (task goroutine for kernel.Task ADDR is 400)
|
C |
|
|
1 |
1496d |
1496d
|
14/26 |
1492d |
6e000d3424c0
Use async task context for async IO.
|
|
panic: unknown error *tcpip.ErrMalformedHeader
|
C |
|
|
5 |
1509d |
1502d
|
14/26 |
1492d |
c39284f45738
Let sentry understand tcpip.ErrMalformedHeader
|
|
panic: Sentry detected stuck tasks (7)
|
syz |
|
|
2567 |
1493d |
1524d
|
14/26 |
1493d |
c5a4e100085c
unix: sendmmsg and recvmsg have to cap a number of message to UIO_MAXIOV
|
|
panic: wd changed: "/tmp" -> "(unreachable)/"
|
syz |
|
|
2534 |
1505d |
1586d
|
14/26 |
1505d |
97a36d169698
Don't allow to umount the namespace root mount
|
|
Invalid request partialResult in sendto
|
C |
|
|
236 |
1514d |
1517d
|
14/26 |
1506d |
d6d169320cd4
Add ETIMEDOUT to partial result list
|
|
FATAL ERROR: executing processes for container: executing command "/syz-fuzzer -executor=/syz-executor -name=vm-1 -arch=
|
|
|
|
4 |
1512d |
1514d
|
14/26 |
1506d |
120c8e346871
Replace TaskFromContext(ctx).Kernel() with KernelFromContext(ctx)
|
|
panic: Incrementing non-positive count ADDR on kernel.ProcessGroup
|
C |
|
|
12 |
1523d |
1523d
|
14/26 |
1506d |
fe4f4789601d
kernel: reparentLocked has to update children maps of old and new parents
|
|
panic: Child "." for parent Dentry &{vfsd:{mu:{m:{Mutex:{state:LINE sema:LINE}}} dead:false mounts:LINE impl:ADDR} refs:
|
C |
|
|
13 |
1506d |
1516d
|
14/26 |
1506d |
09afd6832689
[vfs] Handle `.` and `..` as last path component names in kernfs Rename.
|
|
panic: Start ADDR + offset ADDR overflows?
|
C |
|
|
19 |
1531d |
1837d
|
14/26 |
1506d |
bf4968e17d7d
exec: don't panic if an elf file is malformed
|
|
panic: Decrementing non-positive ref count ADDR, owned by vfs.FileDescription
|
C |
|
|
12 |
1537d |
1532d
|
14/26 |
1520d |
abdff887483f
Do not send SCM Rights more than once when message is truncated.
|
|
DATA RACE in safemem.Copy
|
C |
|
|
4 |
1525d |
1525d
|
14/26 |
1521d |
76da673a0dda
Do not modify IGMP packets when verifying checksum
|
|
panic: Sentry detected stuck tasks (6)
|
syz |
|
|
714 |
1525d |
1577d
|
14/26 |
1525d |
e57ebcd37a7b
Simplify the pipe implementation.
|
|
panic: IPv6 payload too large: NUM, must be <= NUM
|
C |
|
|
46 |
1533d |
1565d
|
14/26 |
1530d |
ec9e263f213c
Correctly return EMSGSIZE when packet is too big in raw socket.
|
|
panic: buffer too long by 8 bytes
|
C |
|
|
12 |
1545d |
1563d
|
14/26 |
1541d |
ce7a4440cae8
Fix panic when parsing SO_TIMESTAMP cmsg
|
|
panic: runtime error: invalid memory address or nil pointer dereference (5)
|
syz |
|
|
62 |
1542d |
1587d
|
14/26 |
1541d |
2a200811d4c9
fs/fuse: check that a task has a specified file descriptor
|
|
panic: invalid pipe flags: must be readable, writable, or both
|
|
|
|
1 |
1551d |
1551d
|
14/26 |
1541d |
807a080d9574
Add missing error checks for FileDescription.Init.
|
|
DATA RACE in stack.(*NIC).DeliverNetworkPacket
|
|
|
|
4 |
1565d |
1574d
|
14/26 |
1549d |
25ebddbddfbc
Fix a data race in packetEPs
|
|
panic: runtime error: integer divide by zero
|
C |
|
|
116 |
1665d |
1691d
|
14/26 |
1549d |
b3ff31d041c9
fix panic when calling SO_ORIGINAL_DST without initializing iptables
|
|
panic: error when reading RouterAlert option's data bytes: EOF
|
C |
|
|
35 |
1563d |
1565d
|
14/26 |
1549d |
c55e5bda4d45
Validate router alert's data length
|
|
DATA RACE in raw.(*endpoint).HandlePacket
|
C |
|
|
5 |
1561d |
1561d
|
14/26 |
1549d |
981faa2c1229
RLock Endpoint in raw.Endpoint.HandlePacket
|
|
panic: header.ScopeForIPv6Address(172.20.20.170): bad address
|
C |
|
|
48 |
1570d |
1576d
|
14/26 |
1549d |
b15acae9a6e2
Fix error code for connect in raw sockets.
|
|
panic: close of nil channel (2)
|
|
|
|
1 |
1572d |
1571d
|
14/26 |
1549d |
f6407de6bafb
[syzkaller] Avoid AIOContext from resurrecting after being marked dead.
|
|
panic: Unknown syscall 165 error: strconv.ParseInt: parsing "ADDR": invalid syntax
|
C |
|
|
51 |
1571d |
1576d
|
14/26 |
1549d |
9c198e5df421
Fix error handling on fusefs mount.
|
|
DATA RACE in header.ICMPv6Checksum
|
C |
|
|
1 |
1563d |
1563d
|
14/26 |
1549d |
946cb909e62e
Don't modify a packet header when it can be used by other endpoints
|
|
panic: Unknown syscall 8 error: EOF
|
syz |
|
|
22 |
1560d |
1566d
|
14/26 |
1549d |
1ea241e4cc95
Fix seek on /proc/pid/cmdline when task is zombie.
|
|
panic: Stack for running G's are skipped while panicking.
|
C |
|
|
2426 |
1848d |
2102d
|
14/26 |
1550d |
ab7ecdd66d2a
watchdog: print panic error message before other messages
|
|
panic: Sentry detected stuck tasks (5)
|
syz |
|
|
83 |
1577d |
1590d
|
0/26 |
1577d |
79e2364933bb
Fix deadlock in UDP handleControlPacket path.
|
|
DATA RACE in log.GoogleEmitter.Emit
|
C |
|
|
34 |
1588d |
1594d
|
0/26 |
1587d |
9c553f2d4e4b
Remove racy stringification of socket fds from /proc/net/*.
|
|
panic: runtime error: slice bounds out of range [255:LINE]
|
C |
|
|
5 |
1592d |
1592d
|
0/26 |
1588d |
49adf36ed7d3
Fix possible panic due to bad data.
|
|
panic: cacheLocked called on a dentry which has already been destroyed: &{{{{0 0}} true 0 ADDR} -1 ADDR 1 ADDR NUM false
|
|
|
|
1 |
1593d |
1593d
|
0/26 |
1588d |
74bc6e56ccd9
[vfs] kernfs: Do not panic if destroyed dentry is cached.
|
|
gvisor boot error: FATAL ERROR: running container: creating container: open /sys/fs/cgroup/devices/ci-gvisor-kvm-proxy-overlay-sandbox-test
|
|
|
|
1 |
1590d |
1590d
|
0/26 |
1589d |
764504c38fb5
runsc: check whether cgroup exists or not for each controller
|
|
panic: Sentry detected stuck tasks (4)
|
C |
|
|
5 |
1591d |
1591d
|
0/26 |
1590d |
05d2a26f7a86
Fix possible deadlock in UDP.Write().
|
|
panic: Incrementing non-positive count ADDR on tmpfs.inode
|
syz |
|
|
2 |
1594d |
1594d
|
0/26 |
1590d |
10ba578c0182
tmpfs: make sure that a dentry will not be destroyed before the open() call
|
|
panic: Sentry detected stuck tasks (3)
|
C |
|
|
180 |
1591d |
1595d
|
0/26 |
1591d |
267560d159b2
Reset watchdog timer between sendfile() iterations.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (4)
|
C |
|
|
4 |
1603d |
1621d
|
0/26 |
1595d |
4e389c785779
Check for nil in kernel.FSContext functions.
|
|
panic: Decrementing non-positive ref count ADDR, owned by *mm.SpecialMappable
|
|
|
|
56 |
1595d |
1625d
|
0/26 |
1595d |
dcc1b71f1ba4
Fix reference counting on kcov mappings.
|
|
panic: Sentry detected stuck tasks (2)
|
C |
|
|
951 |
1595d |
1636d
|
0/26 |
1595d |
db36d948fa63
TCP Receive window advertisement fixes.
|
|
no output from test machine (7)
|
C |
|
|
184 |
1595d |
1622d
|
0/26 |
1595d |
34a6e9576a96
loader/elf: validate file offset
|
|
panic: runtime error: makeslice: len out of range (2)
|
C |
|
|
5 |
1595d |
1623d
|
0/26 |
1595d |
cd108432a50e
splice: return EINVAL is len is negative
|
|
panic: Incrementing non-positive ref count ADDR owned by *mm.SpecialMappable
|
|
|
|
45 |
1597d |
1626d
|
0/26 |
1595d |
dcc1b71f1ba4
Fix reference counting on kcov mappings.
|
|
panic: Child "" for parent Dentry &{vfsd:{mu:{Mutex:{state:LINE sema:LINE}} dead:false mounts:LINE impl:ADDR} DentryRefs
|
C |
|
|
3 |
1601d |
1609d
|
0/26 |
1595d |
1321f837bd9f
[vfs2] Refactor kernfs checkCreateLocked.
|
|
panic: unknown error: EOF
|
C |
|
|
68 |
1623d |
1626d
|
0/26 |
1622d |
c002fc36f9bb
sockets: ignore io.EOF from view.ReadAt
|
|
no output from test machine (6)
|
syz |
|
|
1873 |
1630d |
1636d
|
0/26 |
1630d |
76a09f0cf599
syscalls: Don't leak a file on the error path
|
|
no output from test machine (5)
|
C |
|
|
86414 |
1636d |
1751d
|
0/26 |
1636d |
de85b045d42f
kvm/x86: handle a case when interrupts are enabled in the kernel space
|
|
panic: Sentry detected stuck tasks
|
C |
|
|
506 |
1636d |
1656d
|
0/26 |
1636d |
de85b045d42f
kvm/x86: handle a case when interrupts are enabled in the kernel space
|
|
DATA RACE in tcp.(*endpoint).bindLocked
|
syz |
|
|
2 |
1667d |
1667d
|
0/26 |
1660d |
38cdb0579b69
Fix data race in tcp.GetSockOpt.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (3)
|
C |
|
|
20051 |
1669d |
2204d
|
0/26 |
1660d |
b3ff31d041c9
fix panic when calling SO_ORIGINAL_DST without initializing iptables
|
|
DATA RACE in transport.(*connectionedEndpoint).Connect.func1
|
syz |
|
|
21 |
1744d |
1750d
|
0/26 |
1742d |
70c45e09cfd1
socket/unix: (*connectionedEndpoint).State() has to take the endpoint lock
|
|
panic: Sentry detected 1 stuck task(s):
|
C |
|
|
6204 |
1753d |
1840d
|
0/26 |
1751d |
4950ccde75b3
Fix write hang bug found by syzkaller.
|
|
DATA RACE in atomic.LoadInt64
|
|
|
|
1 |
1758d |
1758d
|
0/26 |
1756d |
7da69fe9719b
Fix data race on f.offset.
|
|
DATA RACE in fs.(*File).offsetForAppend
|
syz |
|
|
2 |
1758d |
1758d
|
0/26 |
1756d |
7da69fe9719b
Fix data race on f.offset.
|
|
DATA RACE in kernel.(*Task).accountTaskGoroutineEnter
|
syz |
|
|
2 |
1781d |
1781d
|
0/26 |
1779d |
8dd1d5b75a95
Don't call kernel.Task.Block() from netstack.SocketOperations.Write().
|
|
panic: D0415 01:LINE.ADDR 8857 transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 95}
|
|
|
|
1 |
1808d |
1807d
|
0/26 |
1791d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
|
panic: close of nil channel
|
syz |
|
|
6 |
1800d |
1805d
|
0/26 |
1798d |
37f863f62813
tcp: handle listen after shutdown properly
|
|
panic: D0414 08:LINE.ADDR NUM transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 2}
|
|
|
|
1 |
1808d |
1808d
|
0/26 |
1806d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
|
panic: D0414 11:LINE.ADDR NUM transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 95}
|
|
|
|
1 |
1808d |
1808d
|
0/26 |
1806d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
|
panic: D0414 14:LINE.ADDR NUM task_exit.go:LINE] [ 98] Transitioning from exit state TaskExitNone to TaskExitInitiate
|
|
|
|
1 |
1808d |
1808d
|
0/26 |
1806d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
|
panic: D0414 16:LINE.ADDR 5236 transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 2}
|
|
|
|
1 |
1808d |
1808d
|
0/26 |
1806d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
|
panic: D0414 13:LINE.ADDR NUM transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 2}
|
|
|
|
1 |
1808d |
1808d
|
0/26 |
1806d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
|
panic: interface conversion: context.Context is kernel.taskAsyncContext, not *kernel.Task
|
syz |
|
|
16 |
1810d |
1826d
|
0/26 |
1810d |
c9195349c9ac
Replace type assertion with TaskFromContext.
|
|
panic: runtime error: makeslice: len out of range
|
syz |
|
|
49 |
1812d |
1834d
|
0/26 |
1812d |
a10389e783aa
splice: cap splice calls to MAX_RW_COUNT
|
|
DATA RACE in tcp.(*endpoint).Readiness
|
syz |
|
|
2 |
1832d |
1832d
|
0/26 |
1826d |
d04adebaab86
Fix data-race in endpoint.Readiness
|
|
DATA RACE in netstack.(*SocketOperations).SetSockOpt
|
syz |
|
|
2 |
1831d |
1831d
|
0/26 |
1829d |
369cf38bd718
Fix data race in SetSockOpt.
|
|
DATA RACE in tcp.(*endpoint).SetSockOpt
|
syz |
|
|
26 |
1834d |
1854d
|
0/26 |
1829d |
e9e399c25d4f
Remove workMu from tcpip.Endpoint.
|
|
DATA RACE in udp.(*endpoint).SetSockOptBool
|
syz |
|
|
2 |
1848d |
1841d
|
0/26 |
1832d |
c15b8515eb4a
Fix datarace on TransportEndpointInfo.ID and clean up semantics.
|
|
no output from test machine (3)
|
C |
|
|
11663 |
1835d |
1924d
|
0/26 |
1835d |
b55f0e5d40c1
fdtable: don't try to zap fdtable entry if close is called for non-existing fd
|
|
panic: Watchdog goroutine is stuck:
|
|
|
|
12 |
1836d |
1842d
|
0/26 |
1836d |
1c0535297067
Fix oom_score_adj.
|
|
panic: Sentry detected 4 stuck task(s):
|
|
|
|
7 |
1836d |
1846d
|
0/26 |
1836d |
b0f2c3e7646d
Fix infinite loop in semaphore.sem.wakeWaiters().
|
|
fatal error: out of memory (3)
|
syz |
|
|
3 |
1841d |
1841d
|
0/26 |
1841d |
81675b850e27
Fix memory leak in danglingEndpoints.
|
|
fatal error: too many address space collisions for -race mode
|
syz |
|
|
3 |
1841d |
1841d
|
0/26 |
1841d |
81675b850e27
Fix memory leak in danglingEndpoints.
|
|
fatal error: concurrent map iteration and map write (2)
|
syz |
|
|
1 |
1852d |
1852d
|
0/26 |
1843d |
62bd3ca8a375
Take write lock when removing xattr
|
|
DATA RACE in fsutil.(*InodeSimpleExtendedAttributes).ListXattr
|
|
|
|
1 |
1852d |
1852d
|
0/26 |
1843d |
62bd3ca8a375
Take write lock when removing xattr
|
|
lost connection to test machine (4)
|
|
|
|
1025286 |
1843d |
2015d
|
0/26 |
1843d |
6b4d36e32532
Hide /dev/net/tun when using hostinet.
|
|
DATA RACE in udp.(*endpoint).Connect
|
syz |
|
|
10 |
1849d |
1855d
|
0/26 |
1843d |
c15b8515eb4a
Fix datarace on TransportEndpointInfo.ID and clean up semantics.
|
|
DATA RACE in fsutil.(*InodeSimpleExtendedAttributes).RemoveXattr
|
syz |
|
|
2 |
1852d |
1852d
|
0/26 |
1843d |
62bd3ca8a375
Take write lock when removing xattr
|
|
DATA RACE in tcp.(*endpoint).windowCrossedACKThreshold
|
syz |
|
|
10 |
1854d |
1855d
|
0/26 |
1843d |
33101752501f
Fix data-race when reading/writing e.amss.
|
|
DATA RACE in stack.(*TransportEndpointInfo).AddrNetProto
|
syz |
|
|
148 |
1848d |
1855d
|
0/26 |
1843d |
c15b8515eb4a
Fix datarace on TransportEndpointInfo.ID and clean up semantics.
|
|
fatal error: concurrent map read and map write (2)
|
syz |
|
|
2 |
1852d |
1853d
|
0/26 |
1843d |
62bd3ca8a375
Take write lock when removing xattr
|
|
panic: runtime error: index out of range [1] with length 0
|
C |
|
|
1518 |
1848d |
1855d
|
0/26 |
1843d |
43abb24657e7
Fix panic caused by invalid address for Bind in packet sockets.
|
|
DATA RACE in netstack.(*SocketOperations).fetchReadView
|
syz |
|
|
12 |
1849d |
1855d
|
0/26 |
1843d |
42fb7d349137
socket: take readMu to access readView
|
|
DATA RACE in fsutil.(*InodeSimpleExtendedAttributes).GetXattr
|
syz |
|
|
3 |
1853d |
1853d
|
0/26 |
1843d |
62bd3ca8a375
Take write lock when removing xattr
|
|
DATA RACE in fs.(*UnstableAttr).SetOwner (2)
|
syz |
|
|
3 |
1888d |
1881d
|
0/26 |
1855d |
115898e368e4
Prevent DATA RACE in UnstableAttr.
|
|
DATA RACE in fs.mayDelete
|
|
|
|
1 |
1884d |
1877d
|
0/26 |
1855d |
fba479b3c786
Fix DATA RACE in fs.MayDelete.
|
|
DATA RACE in fs.(*Dirent).IncRef
|
syz |
|
|
1 |
1881d |
1874d
|
0/26 |
1855d |
53504e29ca27
Fix mount refcount issue.
|
|
panic: Incrementing non-positive ref count (4)
|
C |
|
|
5 |
1872d |
1874d
|
0/26 |
1855d |
53504e29ca27
Fix mount refcount issue.
|
|
panic: munmap(ADDR, NUM)) failed: function not implemented (3)
|
|
|
|
1 |
1925d |
1918d
|
0/26 |
1855d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
|
panic: munmap(0, ADDR)) failed: function not implemented (3)
|
|
|
|
1 |
1910d |
1903d
|
0/26 |
1855d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
|
panic: wait failed: the process NUM:NUM exited: 1f (err <nil>) (2)
|
|
|
|
17 |
1908d |
1931d
|
0/26 |
1855d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
|
panic: wait failed: the process 9793:LINE exited: 1f (err <nil>)
|
C |
|
|
1 |
1926d |
1919d
|
0/26 |
1855d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
|
panic: wait failed: the process 4877:LINE exited: 1f (err <nil>)
|
|
|
|
1 |
1925d |
1918d
|
0/26 |
1855d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
|
panic: runtime error: slice bounds out of range [:LINE] with capacity 16
|
syz |
|
|
42 |
1906d |
1918d
|
0/26 |
1855d |
b3ae8a62cfdf
Fix slice bounds out of range panic in parsing socket control message.
|
|
panic: wait failed: the process NUM:LINE exited: 1f (err <nil>) (4)
|
|
|
|
2 |
1918d |
1912d
|
0/26 |
1855d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
|
DATA RACE in refs.(*WeakRef).init (2)
|
|
|
|
1 |
1948d |
1941d
|
0/26 |
1876d |
3db317390b5c
Remove epoll entry from map when dropping it.
|
|
DATA RACE in refs.(*AtomicRefCount).DecRefWithDestructor
|
|
|
|
1 |
1895d |
1888d
|
0/26 |
1876d |
3db317390b5c
Remove epoll entry from map when dropping it.
|
|
panic: interface conversion: refs.RefCounter is *fs.File, not *fs.Dirent
|
|
|
|
3 |
1890d |
1899d
|
0/26 |
1876d |
3db317390b5c
Remove epoll entry from map when dropping it.
|
|
Invalid request partialResult in splice (2)
|
syz |
|
|
134 |
1885d |
1921d
|
0/26 |
1882d |
f263801a74d4
fs/splice: don't report partial errors for special files
|
|
fatal error: out of memory (2)
|
|
|
|
1 |
1898d |
1891d
|
0/26 |
1882d |
4cb55a7a3b09
Prevent arbitrary size allocation when sending UDS messages.
|
|
panic: invalid allocation length: 0x0 (3)
|
syz |
|
|
12 |
1885d |
1885d
|
0/26 |
1882d |
ede8dfab3760
Enforce splice offset limits
|
|
DATA RACE in fs.Rename (3)
|
|
|
|
1 |
1896d |
1896d
|
0/26 |
1895d |
f1a5178c589d
Fix data race in MountNamespace.resolve.
|
|
DATA RACE in tty.(*queue).readableSize
|
syz |
|
|
2 |
1897d |
1897d
|
0/26 |
1895d |
80d0f9304484
Fix data race in tty.queue.readableSize.
|
|
panic: Incrementing non-positive ref count (3)
|
|
|
|
2 |
1916d |
1926d
|
0/26 |
1905d |
6410387ff9b4
Cleanup Shm reference handling
|
|
panic: munmap(ADDR, 1000)) failed: function not implemented (3)
|
|
|
|
2 |
1942d |
1943d
|
0/26 |
1905d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
|
DATA RACE in fs.(*UnstableAttr).SetOwner
|
|
|
|
1 |
1925d |
1925d
|
0/26 |
1924d |
bb00438f36eb
Make masterInodeOperations.Truncate take a pointer receiver.
|
|
DATA RACE in fsutil.(*InodeSimpleAttributes).SetPermissions
|
syz |
|
|
3 |
1925d |
1925d
|
0/26 |
1924d |
bb00438f36eb
Make masterInodeOperations.Truncate take a pointer receiver.
|
|
no output from test machine (2)
|
C |
|
|
6325 |
1931d |
2047d
|
0/26 |
1931d |
378d6c1f3697
unix: allow to bind unix sockets only to AF_UNIX addresses
|
|
DATA RACE in fs.Rename (2)
|
C |
|
|
433 |
2182d |
2204d
|
0/26 |
1938d |
89cc8eef9ba6
DATA RACE in fs.(*Dirent).fullName
|
|
Invalid request partialResult in sendfile (2)
|
C |
|
|
1341 |
2004d |
2204d
|
0/26 |
2001d |
db218fdfcf16
Don't report partialResult errors from sendfile
|
|
Invalid request partialResult in splice
|
C |
|
|
206 |
2004d |
2053d
|
0/26 |
2004d |
7a234f736fe0
splice: try another fallback option only if the previous one isn't supported
|
|
lost connection to test machine (3)
|
C |
|
|
30758 |
2054d |
2204d
|
0/26 |
2052d |
af90e68623c7
netlink: return an error in nlmsgerr
|
|
panic: node.Readdir returned offset -ADDR less than input offset ADDR
|
C |
|
|
26 |
2121d |
2204d
|
0/26 |
2052d |
ab6774cebf5c
gvisor/fs: getdents returns 0 if offset is equal to FileMaxOffset
|
|
DATA RACE in ramfs.(*dirFileOperations).Readdir
|
syz |
|
|
1 |
2253d |
2204d
|
0/26 |
2053d |
09cf3b40a899
Fix data race in InodeSimpleAttributes.Unstable.
|
|
no output from test machine
|
C |
|
|
27191 |
2054d |
2204d
|
0/26 |
2054d |
af90e68623c7
netlink: return an error in nlmsgerr
|
|
DATA RACE in kernel.(*Kernel).EmitUnimplementedEvent
|
syz |
|
|
3 |
2066d |
2067d
|
0/26 |
2066d |
cf2b2d97d512
Initialize kernel.unimplementedSyscallEmitter with a sync.Once.
|
|
DATA RACE in atomic.AddInt32
|
|
|
|
1 |
2080d |
2080d
|
0/26 |
2078d |
542fbd01a7ed
Fix race in FDTable.GetFDs().
|
|
panic: Unknown syscall 85 error: link should be resolved via Readlink()
|
syz |
|
|
64 |
2089d |
2086d
|
0/26 |
2086d |
6db3f8d54c02
Don't mask errors in createAt loop.
|
|
panic: Unknown syscall 2 error: link should be resolved via Readlink()
|
syz |
|
|
16 |
2090d |
2086d
|
0/26 |
2086d |
6db3f8d54c02
Don't mask errors in createAt loop.
|
|
panic: Unknown syscall 257 error: link should be resolved via Readlink()
|
syz |
|
|
14 |
2089d |
2093d
|
0/26 |
2087d |
6db3f8d54c02
Don't mask errors in createAt loop.
|
|
panic: Incrementing non-positive ref count (2)
|
C |
|
|
183 |
2094d |
2101d
|
0/26 |
2093d |
4f2f44320f9b
Simplify (and fix) refcounts in createAt.
|
|
DATA RACE in atomic.AddInt64
|
|
|
|
1 |
2122d |
2115d
|
0/26 |
2098d |
8ab0848c70fc
gvisor/fs: don't update file.offset for sockets, pipes, etc
|
|
DATA RACE in fs.(*lockedReader).Read
|
|
|
|
1 |
2120d |
2113d
|
0/26 |
2101d |
8ab0848c70fc
gvisor/fs: don't update file.offset for sockets, pipes, etc
|
|
DATA RACE in atomic.StoreInt64
|
syz |
|
|
2 |
2108d |
2113d
|
0/26 |
2101d |
8ab0848c70fc
gvisor/fs: don't update file.offset for sockets, pipes, etc
|
|
DATA RACE in mm.(*MemoryManager).Brk
|
syz |
|
|
14 |
2141d |
2157d
|
0/26 |
2140d |
14f0e7618e28
Ensure all uses of MM.brk occur under MM.mappingMu in MM.Brk().
|
|
panic: hashed child "stat\t\xe9\xdc\xdf\x02\x02\x98\xcc\xf3<\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q\nI\xf81U\ro}\xe
|
C |
|
|
7 |
2184d |
2177d
|
0/26 |
2158d |
2df64cd6d2c8
createAt should return all errors from FindInode except ENOENT.
|
|
DATA RACE in fs.(*Dirent).fullName
|
|
|
|
3 |
2187d |
2204d
|
0/26 |
2177d |
89cc8eef9ba6
DATA RACE in fs.(*Dirent).fullName
|
|
panic: hashed over a positive child "file0"
|
|
|
|
1 |
2186d |
2186d
|
0/26 |
2183d |
61d8c361c663
Don't release d.mu in checks for child-existence.
|
|
DATA RACE in tty.(*lineDiscipline).masterReadiness
|
|
|
|
1 |
2185d |
2185d
|
0/26 |
2184d |
c79e81bd27cd
Addresses data race in tty implementation.
|
|
DATA RACE in tty.(*queue).WriteFromBlocks
|
syz |
|
|
7 |
2185d |
2188d
|
0/26 |
2184d |
c79e81bd27cd
Addresses data race in tty implementation.
|
|
panic: runtime error: index out of range (2)
|
C |
|
|
7191 |
2184d |
2190d
|
0/26 |
2184d |
82529becaee6
Fix index out of bounds in tty implementation.
|
|
DATA RACE in atomic.CompareAndSwapInt32 (2)
|
syz |
|
|
2 |
2186d |
2186d
|
0/26 |
2184d |
d14a7de65865
Fix more data races in shm debug messages.
|
|
DATA RACE in atomic.CompareAndSwapInt32
|
C |
|
|
9 |
2191d |
2204d
|
0/26 |
2187d |
cea1dd7d21b9
Remove racy access to shm fields.
|
|
DATA RACE in netlink.(*Socket).SetSockOpt
|
syz |
|
|
2 |
2203d |
2203d
|
0/26 |
2187d |
7b33df68450b
Fix data race in netlink send buffer size
|
|
DATA RACE in dev.(*randomDevice).GetFile
|
|
|
|
1 |
2192d |
2192d
|
0/26 |
2187d |
645af7cdd8a1
Dev device methods should take pointer receiver.
|
|
DATA RACE in fsutil.(*InodeSimpleAttributes).UnstableAttr
|
syz |
|
|
8 |
2252d |
2255d
|
0/26 |
2249d |
09cf3b40a899
Fix data race in InodeSimpleAttributes.Unstable.
|
|
panic: invalid allocation length: 0x0 (2)
|
C |
|
|
4 |
2291d |
2292d
|
0/26 |
2290d |
3b3f02627870
Truncate ar before calling mm.breakCopyOnWriteLocked().
|
|
gvisor boot error (3)
|
|
|
|
4 |
2295d |
2297d
|
0/26 |
2295d |
1775a0e11e56
container.Destroy should clean up container metadata even if other cleanups fail
|
|
DATA RACE in shm.(*Registry).findByKey
|
C |
|
|
47 |
2402d |
2468d
|
0/26 |
2297d |
f93c288dd708
Fix a data race on Shm.key.
|
|
gvisor test error (2)
|
|
|
|
2778 |
2313d |
2449d
|
0/26 |
2297d |
24c1158b9c21
Add "trace signal" option
|
|
panic: invalid type: int
|
C |
|
|
559 |
2316d |
2417d
|
0/26 |
2297d |
5560615c531b
Return an int32 for netlink SO_RCVBUF
|
|
panic: ptrace set regs failed: input/output error
|
C |
|
|
712 |
2302d |
2400d
|
0/26 |
2297d |
99d595869332
Validate FS_BASE in Task.Clone
|
|
Invalid request partialResult in sendfile
|
C |
|
|
7399 |
2302d |
2456d
|
0/26 |
2297d |
ffcbda0c8bd7
Partial writes should loop in rpcinet.
|
|
panic: Decrementing non-positive ref count
|
C |
|
|
4804 |
2392d |
2470d
|
0/26 |
2297d |
0e277a39c8b6
Prevent premature destruction of shm segments.
|
|
panic: ptrace status unexpected: got 9, wanted stopped (2)
|
syz |
|
|
78 |
2303d |
2455d
|
0/26 |
2297d |
e7191f058f55
Use TRAP to simplify vsyscall emulation.
|
|
panic: invalid allocation length: 0x0
|
C |
|
|
223 |
2303d |
2470d
|
0/26 |
2297d |
46603b569c3a
Fix panic on creation of zero-len shm segments.
|
|
DATA RACE in fs.(*Dirent).getDotAttrs
|
|
|
|
1 |
2410d |
2410d
|
0/26 |
2297d |
54dd0d0dc5ee
Fix data race caused by unlocked call of Dirent.descendantOf.
|
|
panic: runtime error: invalid memory address or nil pointer dereference (2)
|
C |
|
|
4493 |
2392d |
2412d
|
0/26 |
2355d |
beac59b37a8b
Fix panic if FIOASYNC callback is registered and triggered without target
|
|
gvisor boot error
|
|
|
|
1911 |
2373d |
2451d
|
0/26 |
2355d |
43e6aff50e23
Don't fail if Root is readonly and is not a mount point
|
|
DATA RACE in kernel.(*Task).setKUIDsUncheckedLocked
|
C |
|
|
15 |
2405d |
2463d
|
0/26 |
2355d |
f8ccfbbed487
Document more task-goroutine-owned fields in kernel.Task.
|
|
DATA RACE in fs.(*Dirent).hashChildParentSet
|
syz |
|
|
8 |
2407d |
2410d
|
0/26 |
2355d |
8d318aac5532
fs: Hold Dirent.mu when calling Dirent.flush().
|
|
DATA RACE in waiter.(*Entry).Prev
|
C |
|
|
3992 |
2417d |
2469d
|
0/26 |
2412d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
|
DATA RACE in waiter.(*Entry).Next
|
C |
|
|
2418 |
2417d |
2469d
|
0/26 |
2412d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
|
fatal error: concurrent map read and map write
|
|
|
|
66 |
2422d |
2425d
|
0/26 |
2412d |
dbbe9ec91541
Protect PCIDs with a mutex.
|
|
DATA RACE in waiter.(*Entry).SetNext
|
C |
|
|
739 |
2416d |
2469d
|
0/26 |
2412d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
|
fatal error: concurrent map writes
|
|
|
|
3 |
2422d |
2423d
|
0/26 |
2412d |
dbbe9ec91541
Protect PCIDs with a mutex.
|
|
panic: runtime error: index out of range
|
C |
|
|
35 |
2429d |
2465d
|
0/26 |
2412d |
e97717e29a1b
Enforce Unix socket address length limit
|
|
DATA RACE in waiter.(*Entry).SetPrev
|
|
|
|
70 |
2417d |
2469d
|
0/26 |
2412d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
|
DATA RACE in waiter.(*Queue).Notify
|
C |
|
|
72 |
2417d |
2469d
|
0/26 |
2412d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
|
DATA RACE in unix.(*connectionlessEndpoint).UnidirectionalConnect
|
C |
|
|
965 |
2423d |
2453d
|
0/26 |
2412d |
2a44362c0b99
Fix data race in unix.BoundEndpoint.UnidirectionalConnect.
|
|
panic: runtime error: invalid memory address or nil pointer dereference
|
C |
|
|
20682 |
2416d |
2470d
|
0/26 |
2412d |
f93bd2cbe668
Hold t.mu while calling t.FSContext().
|
|
DATA RACE in kernel.(*Task).exitNotifyLocked
|
C |
|
|
2 |
2441d |
2441d
|
0/26 |
2423d |
c036da5dffdf
Hold TaskSet.mu in Task.Parent.
|
|
panic: invalid segment range [ADDR, ADDR)
|
C |
|
|
255 |
2459d |
2470d
|
0/26 |
2444d |
06920b3d1bb6
Exit tmpfs.fileInodeOperations.Translate early if required.Start >= EOF.
|
|
DATA RACE in kernel.(*Task).Clone
|
|
|
|
3 |
2447d |
2459d
|
0/26 |
2444d |
41aeb680b188
Inherit parent in clone(CLONE_THREAD) under TaskSet.mu.
|
|
DATA RACE in fs.(*Watch).Notify
|
syz |
|
|
2 |
2460d |
2460d
|
0/26 |
2458d |
34af9a61741f
Fix data race on inotify.Watch.mask.
|
|
lost connection to test machine (2)
|
C |
|
|
1814 |
2459d |
2469d
|
0/26 |
2458d |
52ddb8571c46
Skip overlay on root when its readonly
|
|
DATA RACE in fs.Rename
|
C |
|
|
16 |
2459d |
2468d
|
0/26 |
2458d |
2821dfe6ce95
Hold d.parent.mu when reading d.name
|
|
panic: MountNamespace.FindInode: path is empty
|
C |
|
|
3443 |
2458d |
2470d
|
0/26 |
2458d |
062a6f6ec5f4
Handle NUL-only paths in exec
|
|
panic: runtime error: slice bounds out of range
|
C |
|
|
39 |
2463d |
2470d
|
0/26 |
2463d |
1ceed49ba94c
Check for invalid offset when submitting an AIO read/write request.
|
|
DATA RACE in proc.forEachMountSource
|
C |
|
|
24 |
2464d |
2469d
|
0/26 |
2463d |
f93bd2cbe668
Hold t.mu while calling t.FSContext().
|
|
DATA RACE in kernel.(*Task).Value
|
|
|
|
1 |
2467d |
2467d
|
0/26 |
2463d |
f93bd2cbe668
Hold t.mu while calling t.FSContext().
|
|
DATA RACE in semaphore.(*Set).checkPerms
|
C |
|
|
21 |
2464d |
2468d
|
0/26 |
2464d |
6b6852bceb12
Fix semaphore data races
|
|
DATA RACE in semaphore.(*Registry).RemoveID
|
C |
|
|
15 |
2465d |
2469d
|
0/26 |
2464d |
6b6852bceb12
Fix semaphore data races
|
|
DATA RACE in queue.(*Queue).Enqueue
|
C |
|
|
7 |
2466d |
2469d
|
0/26 |
2465d |
5f7f78c1d7ee
Fix data races in Unix sockets
|
|
DATA RACE in unix.(*queueReceiver).RecvQueuedSize
|
C |
|
|
5 |
2466d |
2469d
|
0/26 |
2465d |
5f7f78c1d7ee
Fix data races in Unix sockets
|
|
panic: munmap(ADDR, c6000)) failed: function not implemented
|
|
|
|
1 |
2469d |
2469d
|
0/26 |
2465d |
dc33d71f8cf1
Change SIGCHLD to SIGKILL in ptrace stubs.
|
|
DATA RACE in unix.(*streamQueueReceiver).RecvQueuedSize
|
C |
|
|
3 |
2467d |
2468d
|
0/26 |
2465d |
5f7f78c1d7ee
Fix data races in Unix sockets
|
|
DATA RACE in kernel.(*FSContext).SetWorkingDirectory
|
|
|
|
1 |
2469d |
2469d
|
0/26 |
2466d |
4ac79312b093
Don't read cwd or root without holding mu
|
|
DATA RACE in proc.(*mountInfoFile).ReadSeqFileData.func1
|
|
|
|
1 |
2469d |
2469d
|
0/26 |
2466d |
1a9917d14d66
MountSource.Root() should return a refernce on the dirent.
|
|
DATA RACE in kernel.(*FSContext).SetRootDirectory
|
C |
|
|
165 |
2466d |
2469d
|
0/26 |
2466d |
478f0ac0038a
Don't read FSContext.root without holding FSContext.mu
|
|
panic: munmap(ADDR, 0)) failed: invalid argument
|
C |
|
|
5 |
2470d |
2470d
|
0/26 |
2469d |
fe3fc44da3ca
Handle mremap(old_size=0).
|