panic: runtime error: invalid memory address or nil pointer dereference (23)
|
C |
|
|
4239 |
38d |
43d
|
26/26 |
38d |
5f5e01d186b2
Fix panic while setting TCP_CORK off.
|
no output from test machine (10)
|
C |
|
|
19806 |
63d |
986d
|
26/26 |
60d |
16dba7fa7677
systrap: handle stub thread crashes
|
panic: stub thread ADDR failed: err 0x-ADDR line NUM: sysmsg.Msg{msg: ADDR state NUM err -ADDR line NUM debug NUM app st
|
C |
|
|
5 |
106d |
106d
|
26/26 |
79d |
fe66cae2edc7
Enumerate known systrap stub failures to exit process cleanly.
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (4)
|
C |
|
|
22 |
97d |
104d
|
26/26 |
95d |
7b151e25d076
Don't drop the mountpoint reference in already umounted dead mountpoints.
|
DATA RACE in safemem.Copy (7)
|
C |
|
|
4 |
122d |
122d
|
26/26 |
119d |
de71aae89aed
`seccomp`: Use dedicated input buffer for populating seccomp cache.
|
kvm: panic: Sentry detected stuck tasks (22)
|
C |
|
|
8 |
143d |
153d
|
26/26 |
136d |
eaee2b213b2d
Add check to pivot_root that ensures the new root is underneath the old root.
|
fatal error: stack overflow (5)
|
C |
|
|
23 |
140d |
156d
|
26/26 |
136d |
eaee2b213b2d
Add check to pivot_root that ensures the new root is underneath the old root.
|
panic: runtime error: invalid memory address or nil pointer dereference (22)
|
|
|
|
1 |
148d |
148d
|
26/26 |
147d |
4733e050ebec
Check that handshake.listenEP is non-nil.
|
panic: attempted to rewrite jump target to a different return instruction: from={pc=NUM: {NUM NUM NUM NUM}}, to={pc=NUM:
|
C |
|
|
8 |
154d |
154d
|
26/26 |
150d |
7cf14b7c8b5e
Add equality function for BPF instructions.
|
fatal error: stack overflow (4)
|
C |
|
|
12 |
157d |
160d
|
26/26 |
156d |
c16916e7d780
Move lockMountpoint to the beginning of pivot_root.
|
kvm: panic: Sentry detected stuck tasks (21)
|
C |
|
|
2 |
158d |
160d
|
26/26 |
156d |
c16916e7d780
Move lockMountpoint to the beginning of pivot_root.
|
fatal error: large allocation
|
C |
|
|
234 |
169d |
173d
|
26/26 |
158d |
917bee5b6d91
Add a size limit to `outputQueueTransformer.transform`.
|
panic: runtime error: slice bounds out of range [12:LINE]
|
C |
|
|
63 |
163d |
942d
|
26/26 |
161d |
c96439ecd0b4
devpts: IterDirents has to check offset and return if it is out of range
|
kvm: panic: Sentry detected stuck tasks (20)
|
C |
|
|
2 |
162d |
162d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
fatal error: stack overflow (3)
|
|
|
|
2 |
162d |
163d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (3)
|
C |
|
|
16 |
163d |
163d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
panic: Decrementing non-positive ref count ADDR, owned by vfs.Filesystem
|
C |
|
|
152 |
161d |
163d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
panic: runtime error: invalid memory address or nil pointer dereference (21)
|
|
|
|
1 |
163d |
163d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
panic: Incrementing non-positive count ADDR on tmpfs.inode (4)
|
C |
|
|
24 |
162d |
163d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
panic: Incrementing non-positive count ADDR on vfs.Filesystem (3)
|
|
|
|
1 |
163d |
163d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
panic: tmpfs.inode.decLinksLocked() called with no existing links
|
|
|
|
1 |
162d |
162d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
panic: tmpfs.inode.incLinksLocked() called with no existing links
|
C |
|
|
1 |
163d |
163d
|
26/26 |
161d |
77b137ffd8ec
Fix umount not unmounting all the mounts it is supposed to.
|
kvm: panic: Sentry detected stuck tasks (19)
|
|
|
|
3 |
165d |
163d
|
26/26 |
163d |
3ab01aedb874
Refactor the umount algorithm.
|
kvm: panic: Sentry detected stuck tasks (18)
|
C |
|
|
3 |
177d |
182d
|
26/26 |
175d |
429f7c439616
Move rootfs check to inside mountMu.
|
panic: runtime error: invalid memory address or nil pointer dereference (20)
|
C |
|
|
8 |
176d |
183d
|
26/26 |
176d |
429f7c439616
Move rootfs check to inside mountMu.
|
panic: WARNING: circular locking detected: mm.activeRWMutex -> tmpfs.filesystemRWMutex:
|
|
|
|
1 |
190d |
190d
|
26/26 |
176d |
e1e7edcc1b67
Don't release unused RightsControlMessage in Recv.
|
panic: close of closed channel
|
C |
|
|
1192 |
811d |
819d
|
26/26 |
179d |
2e3e5b606789
Create a new test dimension that mounts a FUSE fs on /tmp.
|
DATA RACE in vfs.(*Mount).setMountOptions
|
C |
|
|
5 |
187d |
188d
|
26/26 |
184d |
ea4f0073d4a1
Fix data race between getting mount options and updating mount options.
|
gvisor boot error: init process did not start (5)
|
|
|
|
41 |
289d |
416d
|
26/26 |
186d |
2e8b96b4fd74
Automated rollback of changelist 514487900
|
panic: Sentry detected stuck tasks (24)
|
C |
|
|
13 |
190d |
196d
|
26/26 |
190d |
1407fdf120ab
Fix concurrent pivot_root bug.
|
panic: expected socket to exist at '!N
|
C |
|
|
23 |
193d |
193d
|
26/26 |
190d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
panic: expected socket to exist at '$N
|
C |
|
|
24 |
194d |
195d
|
26/26 |
190d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
panic: expected socket to exist at '#N
|
C |
|
|
23 |
192d |
192d
|
26/26 |
190d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
panic: expected socket to exist at ' N
|
C |
|
|
20 |
194d |
194d
|
26/26 |
190d |
707ac55a05d7
inet: don't reuse names from the abstract socket namespace map
|
panic: Sentry detected stuck tasks (23)
|
C |
|
|
23 |
197d |
202d
|
26/26 |
197d |
a8bc2e146626
Fix group id cleanup and tidy up some mount methods.
|
kvm: panic: Sentry detected stuck tasks (17)
|
|
|
|
14 |
201d |
231d
|
26/26 |
200d |
44e0d6d07246
Unlock putOldMp before retrying the mount checks in pivot_root.
|
panic: Sentry detected stuck tasks (22)
|
|
|
|
5 |
202d |
203d
|
26/26 |
202d |
44e0d6d07246
Unlock putOldMp before retrying the mount checks in pivot_root.
|
panic: runtime error: invalid memory address or nil pointer dereference (19)
|
C |
|
|
79 |
205d |
219d
|
26/26 |
203d |
f744f443dd7d
Check before attempting to mount an anon mountpoint.
|
panic: nested locking: tmpfs.filesystemRWMutex:
|
|
|
|
1 |
220d |
213d
|
26/26 |
203d |
c74f5866cb75
Fix circular lock that can happen during unlink.
|
DATA RACE in kernel.(*Task).MemoryManager (3)
|
C |
|
|
12 |
204d |
205d
|
26/26 |
203d |
c39ecc4eb47a
The local task in process_vm_read|writev is just the calling task.
|
DATA RACE in kernel.(*runExitMain).execute (2)
|
C |
|
|
143 |
514d |
524d
|
26/26 |
203d |
b66713079526
Clean up and re-enable process_vm_readv/writev
|
DATA RACE in binary.littleEndian.Uint64 (2)
|
C |
|
|
48 |
514d |
524d
|
26/26 |
203d |
b66713079526
Clean up and re-enable process_vm_readv/writev
|
panic: Sentry detected stuck tasks (21)
|
|
|
|
64 |
203d |
251d
|
26/26 |
203d |
677d11f22fbe
Chunkify tmpfs Allocate().
|
DATA RACE in vfs.(*VirtualFilesystem).connectLocked (2)
|
|
|
|
2 |
217d |
217d
|
26/26 |
203d |
de5271b36007
Fix small data race in mount.
|
DATA RACE in safemem.Copy (6)
|
C |
|
|
121 |
513d |
514d
|
26/26 |
203d |
b66713079526
Clean up and re-enable process_vm_readv/writev
|
panic: Unknown syscall NUM error: strconv.ParseInt: parsing "./file1": invalid syntax
|
C |
|
|
19 |
227d |
220d
|
26/26 |
212d |
1910a4577f01
cgroupfs: do not return errors from strconv.ParseInt() to write()
|
panic: runtime error: invalid memory address or nil pointer dereference (18)
|
|
|
|
4 |
230d |
231d
|
26/26 |
226d |
bb4410f44e32
Rollback 6ceceae9385c and 206e88db3653.
|
gvisor test error: panic: interface conversion: vfs.DentryImpl is *tmpfs.dentry, not *kernfs.Dentry
|
|
|
|
38 |
231d |
232d
|
26/26 |
231d |
206e88db3653
Fix cwd/root update method during namespace cloning.
|
panic: nested locking: kernfs.filesystemRWMutex: (7)
|
|
|
|
4 |
245d |
247d
|
26/26 |
240d |
c80ab228d85b
Make vfs.PopDelayedDecRefs() clear vfs.toDecRef.
|
panic: nested locking: kernfs.filesystemRWMutex: (6)
|
C |
|
|
8 |
248d |
264d
|
26/26 |
247d |
755c1f242cd4
nsfs: mark inodes as anonymous
|
panic: Sentry detected stuck tasks (20)
|
C |
|
|
895 |
252d |
254d
|
26/26 |
251d |
960b564a6840
Fix small mount propagation bug.
|
kvm: panic: Sentry detected stuck tasks (15)
|
C |
|
|
186 |
252d |
255d
|
26/26 |
251d |
960b564a6840
Fix small mount propagation bug.
|
kvm: panic: Sentry detected stuck tasks (14)
|
syz |
|
|
4 |
267d |
273d
|
26/26 |
262d |
118a17d92dcf
kernfs: set DenySpliceIn for DynamicBytesFD
|
panic: runtime error: invalid memory address or nil pointer dereference (17)
|
|
|
|
2 |
267d |
267d
|
26/26 |
266d |
6f978d71856e
kernel: GetMountNamespace has to check that mntns isn't nil
|
DATA RACE in udp.(*endpoint).Connect.func1
|
C |
|
|
3 |
281d |
275d
|
26/26 |
266d |
5babda534107
Lock around endpoint info access in UDP onICMPError.
|
SYZFATAL: executor NUM failed NUM times: executor NUM: exit status NUM
|
syz |
|
|
48074 |
268d |
686d
|
26/26 |
268d |
41bb04c14901
Implement mount namespaces
|
panic: runtime error: invalid memory address or nil pointer dereference (16)
|
C |
|
|
48 |
269d |
276d
|
26/26 |
268d |
ef95be6e1c10
kernel: check that a task has a network namespace
|
panic: kcov task work is registered, but no coverage data was found
|
|
|
|
6120 |
282d |
287d
|
26/26 |
280d |
f43a5fc63ac7
Remove panic in ConsumeCoverageData() when no coverage is observed.
|
panic: Sentry detected stuck tasks (18)
|
C |
|
|
625 |
284d |
343d
|
26/26 |
282d |
e54e3668b07c
Impose default tmpfs size limits correctly.
|
gvisor test error: FATAL ERROR: waiting on pid X: waiting on pid X in sandbox NAME failed: EOF (3)
|
|
|
|
124 |
287d |
289d
|
26/26 |
287d |
ffcbc70b9a4a
systrap: don't change an fpu state from the stub code
|
DATA RACE in pipefs.(*inode).UID
|
syz |
|
|
2 |
288d |
288d
|
26/26 |
287d |
02ed5839a762
Add a lock to pipefs's inode to protect a inode's attributes.
|
lost connection to test machine (8)
|
|
|
|
1964 |
287d |
620d
|
26/26 |
287d |
8b57c2e7402f
runsc/seccomp: allow sched_getaffinity if race is on
|
panic: runtime error: invalid memory address or nil pointer dereference (15)
|
|
|
|
1 |
316d |
316d
|
26/26 |
289d |
bb5ada8caffd
Defer dec refing mounts in InvalidateDentry.
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> fasync.fileMutex: (2)
|
|
|
|
2 |
311d |
312d
|
26/26 |
305d |
fedbf08401fe
kernel: unshare a network namespace without taking Task.mu
|
panic: WARNING: circular locking detected: fasync.fileMutex -> kernel.taskSetRWMutex: (2)
|
C |
|
|
1 |
311d |
311d
|
26/26 |
305d |
fedbf08401fe
kernel: unshare a network namespace without taking Task.mu
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> kernel.taskSetRWMutex: (2)
|
C |
|
|
3 |
311d |
311d
|
26/26 |
305d |
fedbf08401fe
kernel: unshare a network namespace without taking Task.mu
|
kvm: lost connection to test machine (3)
|
|
|
|
8 |
322d |
344d
|
26/26 |
316d |
52692c3647ea
fdtable: avoid large arrays
|
panic: nested locking: kernfs.filesystemRWMutex: (5)
|
|
|
|
5 |
316d |
318d
|
26/26 |
316d |
bb5ada8caffd
Defer dec refing mounts in InvalidateDentry.
|
panic: nested locking: kernfs.filesystemRWMutex: (4)
|
C |
|
|
31 |
318d |
412d
|
26/26 |
318d |
084a5022563f
Change InvalidateDentry to return a list of vds with an extra reference.
|
kvm: panic: Sentry detected stuck tasks (12)
|
|
|
|
193 |
321d |
484d
|
26/26 |
321d |
52692c3647ea
fdtable: avoid large arrays
|
panic: WARNING: circular locking detected: mm.activeRWMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
4 |
354d |
354d
|
26/26 |
322d |
8c975e6e6e68
Mark some kernfs inode as Anonymous.
|
DATA RACE in fasync.(*FileAsync).SetOwnerTask
|
C |
|
|
11 |
323d |
325d
|
26/26 |
322d |
5fed8c81b89a
Fix data race by acquiring lock before accessing fields of FileAsync.
|
panic: WARNING: circular locking detected: fasync.fileMutex -> kernel.taskSetRWMutex:
|
C |
|
|
1 |
326d |
326d
|
26/26 |
322d |
f3d87d3be121
fasync: release the FileAsync mutex before sending the signal
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> fasync.fileMutex:
|
|
|
|
1 |
326d |
326d
|
26/26 |
322d |
f3d87d3be121
fasync: release the FileAsync mutex before sending the signal
|
panic: WARNING: circular locking detected: stack.packetEndpointListRWMutex -> kernel.taskSetRWMutex:
|
C |
|
|
3 |
326d |
326d
|
26/26 |
322d |
f3d87d3be121
fasync: release the FileAsync mutex before sending the signal
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> kernfs.filesystemRWMutex: (2)
|
|
|
|
1 |
344d |
344d
|
26/26 |
322d |
ed528835f753
Small circular lock fix.
|
gvisor test error: SYZFATAL: BUG: got no fallback coverage:
|
|
|
|
132 |
344d |
421d
|
26/26 |
332d |
83f4f485b4ad
systrap: don't call Goyield() if the race detector is enabled
|
panic: Incrementing non-positive count ADDR on tmpfs.inode (3)
|
|
|
|
6 |
352d |
374d
|
26/26 |
336d |
283b80a456aa
Fix logic bug in attaching mounts.
|
DATA RACE in log.GoogleEmitter.Emit (2)
|
|
|
|
3 |
340d |
342d
|
26/26 |
337d |
158636229e87
Avoid serializing the sharedContext struct in formatting directives.
|
DATA RACE in kernel.(*TaskImage).Fork
|
C |
|
|
8 |
433d |
433d
|
26/26 |
340d |
028cf757bbef
Clarify comment about copying Task.image in Task.Clone().
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> tmpfs.filesystemRWMutex: (2)
|
C |
|
|
17 |
344d |
345d
|
26/26 |
343d |
ed528835f753
Small circular lock fix.
|
panic: Sentry detected stuck tasks (17)
|
C |
|
|
822 |
343d |
609d
|
26/26 |
343d |
ed528835f753
Small circular lock fix.
|
gvisor build error (19)
|
|
|
|
110 |
345d |
345d
|
26/26 |
344d |
74e63e9e296a
Update packages
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (2)
|
C |
|
|
47 |
352d |
357d
|
26/26 |
345d |
283b80a456aa
Fix logic bug in attaching mounts.
|
gvisor test error: timed out (4)
|
|
|
|
548 |
347d |
711d
|
26/26 |
346d |
83f4f485b4ad
systrap: don't call Goyield() if the race detector is enabled
|
panic: WARNING: circular locking detected: stack.neighborEntryRWMutex -> stack.nicRWMutex:
|
|
|
|
1 |
378d |
378d
|
26/26 |
346d |
38823be81914
Don't lock before accessing nic.networkEndpoints
|
panic: WARNING: circular locking detected: transport.streamQueueReceiverMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
1 |
354d |
354d
|
26/26 |
346d |
2044c3449153
Don't hold streamQueueReceiver.mu while calling RightsControlMessage.Release().
|
panic: WARNING: circular locking detected: transport.endpointMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
1 |
354d |
354d
|
26/26 |
346d |
a7e1fe92f588
Don't hold baseEndpoint.mu when calling receiver.Recv.
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> tmpfs.filesystemRWMutex:
|
C |
|
|
18 |
467d |
542d
|
26/26 |
346d |
e0b1585586c6
Remove stale `vdDentry` variable from VirtualFilesystem.connectMountAt().
|
panic: nested locking: transport.endpointMutex:
|
C |
|
|
1 |
354d |
354d
|
26/26 |
346d |
a7e1fe92f588
Don't hold baseEndpoint.mu when calling receiver.Recv.
|
fatal error: unexpected signal during runtime execution (3)
|
|
|
|
9 |
392d |
395d
|
26/26 |
392d |
96aa115516c8
systrap: simplify interrupt handling in syshandler
|
gvisor boot error: panic: prctl(PR_SET_NO_NEW_PRIVS) failed: invalid argument
|
|
|
|
12 |
395d |
395d
|
26/26 |
394d |
6890e539c700
systrap: set all arguments of prctl(PR_SET_NO_NEW_PRIVS)
|
panic: interface conversion: *kernel.Kernel is not unimpl.Events: missing method EmitUnimplementedEvent
|
C |
|
|
5857 |
399d |
400d
|
26/26 |
399d |
f8b98248139c
Update `unimpl.EmitUnimplementedEvent` interface to add the syscall number.
|
gvisor test error: SYZFATAL: BUG: program execution failed: executor NUM: not serving
|
|
|
|
137 |
401d |
407d
|
26/26 |
400d |
08920d098b30
Fix systrap TLS handling on ARM.
|
gvisor build error (18)
|
|
|
|
313 |
407d |
430d
|
26/26 |
400d |
fedadb093205
Fix syzkaller systrap builds.
|
DATA RACE in systrap.(*subprocessPool).fetchAvailable
|
|
|
|
25 |
411d |
421d
|
26/26 |
400d |
f01bf248c19f
Fix data race in subprocess pool.
|
panic: WARNING: circular locking detected: tmpfs.filesystemRWMutex -> kernel.taskSetRWMutex:
|
syz |
|
|
14 |
407d |
682d
|
26/26 |
400d |
758da469f7ed
kernel: release kernel.taskSetRWMutex before calling TaskImage.Release
|
panic: runtime error: index out of range [ADDR] with length NUM
|
C |
|
|
17 |
411d |
411d
|
26/26 |
400d |
fc94225c333d
Fix crash with large FD value
|
gvisor boot error: FATAL ERROR: overlay flag is incompatible with shared file access for rootfs
|
|
|
|
148 |
414d |
415d
|
26/26 |
406d |
1b7a4e2a055c
Prepare to make root overlay the default.
|
gvisor boot error: FATAL ERROR: overlay flag has been replaced with overlay2 flag
|
|
|
|
66 |
413d |
415d
|
26/26 |
406d |
1b7a4e2a055c
Prepare to make root overlay the default.
|
DATA RACE in vfs.(*VirtualFilesystem).PivotRoot
|
C |
|
|
1 |
424d |
424d
|
26/26 |
415d |
807fd0fd27d0
Lock around accessing the mount namespace in pivot_root.
|
panic: runtime error: invalid memory address or nil pointer dereference (14)
|
C |
|
|
753 |
423d |
424d
|
18/26 |
423d |
8a1845f8b850
Don't send a signal to a controlling thread group if one has not been set.
|
fatal error: stack overflow
|
|
|
|
1 |
499d |
499d
|
18/26 |
423d |
426deb60fd25
lockdep: fix the TOCTTOU issue
|
panic: runtime error: invalid memory address or nil pointer dereference (13)
|
C |
|
|
2752 |
424d |
427d
|
18/26 |
424d |
8184fa1db0fa
Clean up devpts code, and deduplicate the foreground process state.
|
panic: runtime error: slice bounds out of range [:NUM] with capacity NUM (2)
|
C |
|
|
7 |
429d |
431d
|
18/26 |
427d |
5817f4cc64e4
Fix FUSE how handles malformed INIT requests.
|
panic: nested locking: kernfs.filesystemRWMutex: (3)
|
syz |
|
|
19 |
436d |
461d
|
18/26 |
433d |
28472cc03fe1
don't take an unnecessary reference in proc.fdSymlink.Valid()
|
panic: interface conversion: vfs.DentryImpl is *vfs.anonDentry, not *kernfs.Dentry (2)
|
C |
|
|
13 |
441d |
441d
|
18/26 |
440d |
1beb3e2b251d
Check hard link target's mount compatibility before kernfs.Dentry cast. Again.
|
panic: interface conversion: vfs.DentryImpl is *tmpfs.dentry, not *kernfs.Dentry (2)
|
C |
|
|
65 |
440d |
441d
|
18/26 |
440d |
1beb3e2b251d
Check hard link target's mount compatibility before kernfs.Dentry cast. Again.
|
panic: interface conversion: vfs.DentryImpl is *vfs.anonDentry, not *kernfs.Dentry
|
C |
|
|
14 |
443d |
446d
|
18/26 |
441d |
8373fb5db8c8
Check hard link target's mount compatibility before kernfs.Dentry cast.
|
panic: interface conversion: vfs.DentryImpl is *tmpfs.dentry, not *kernfs.Dentry
|
C |
|
|
390 |
441d |
447d
|
18/26 |
441d |
8373fb5db8c8
Check hard link target's mount compatibility before kernfs.Dentry cast.
|
panic: interface conversion: vfs.DentryImpl is *gofer.dentry, not *kernfs.Dentry
|
C |
|
|
13 |
444d |
444d
|
18/26 |
443d |
8373fb5db8c8
Check hard link target's mount compatibility before kernfs.Dentry cast.
|
panic: runtime error: index out of range [NUM] with length NUM (3)
|
C |
|
|
372 |
459d |
463d
|
18/26 |
459d |
fe562179fea1
Handle absolute symlink target '/' correctly in VFS layer.
|
panic: runtime error: invalid memory address or nil pointer dereference (12)
|
C |
|
|
31 |
463d |
524d
|
18/26 |
459d |
e08f204299df
inet: each socket has to hold a reference to its network namespace
|
panic: WARNING: circular locking detected: vfs.virtualFilesystemMutex -> kernfs.filesystemRWMutex:
|
|
|
|
1 |
478d |
477d
|
18/26 |
461d |
492d7a98116b
Decref target VirtualDentry outside the vfs mount lock during mount ops.
|
gvisor test error: panic: ptrace set regs (&{PtraceRegs:{Regs:[ADDR NUM ADDR NUM NUM NUM NUM ADDR ADDR NUM NUM ADDR ADDR NUM ADDR ADDR NUM
|
|
|
|
10 |
466d |
466d
|
15/26 |
464d |
194029b95444
arm64: validate registers that come from user-space
|
panic: WARNING: circular locking detected: stack.nicRWMutex -> stack.packetsPendingLinkResolutionMutex: (2)
|
C |
|
|
53 |
497d |
499d
|
14/26 |
497d |
bc440b67fce0
Don't hold nic.mu when calling n.linkResQueue.cancel.
|
panic: WARNING: circular locking detected: stack.nicRWMutex -> stack.neighborCacheRWMutex:
|
C |
|
|
356 |
500d |
505d
|
14/26 |
499d |
70be2fc8a772
Remove unsetting route's cached neighbor entry in link res callback.
|
gvisor build error (16)
|
|
|
|
12 |
512d |
512d
|
14/26 |
499d |
20b2ec04d94d
Update bazel packages
|
panic: WARNING: circular locking detected: stack.packetsPendingLinkResolutionMutex -> stack.routeRWMutex:
|
C |
|
|
2602 |
499d |
505d
|
14/26 |
499d |
4f326de47636
Make nic.spoofing and nic.promiscuous atomic Bools to avoid lock contention.
|
panic: WARNING: circular locking detected: stack.nicRWMutex -> stack.packetsPendingLinkResolutionMutex:
|
C |
|
|
1246 |
499d |
505d
|
14/26 |
499d |
4f326de47636
Make nic.spoofing and nic.promiscuous atomic Bools to avoid lock contention.
|
gvisor boot error: FATAL ERROR: running container: creating container: failed to create an unnamed temporary file inside "/tmp"
|
|
|
|
24 |
503d |
504d
|
14/26 |
503d |
368e85414697
overlay2: Do not use O_TMPFILE to create unnamed temporary file.
|
panic: WARNING: circular locking detected: kernel.signalHandlersMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
351 |
510d |
512d
|
14/26 |
510d |
d0ae59368d8a
cgroupfs: Fix lock ordering between kernfs.Filesystem.mu and TaskSet.mu.
|
panic: WARNING: circular locking detected: kernel.taskSetRWMutex -> kernfs.filesystemRWMutex:
|
C |
|
|
2320 |
510d |
512d
|
14/26 |
510d |
d0ae59368d8a
cgroupfs: Fix lock ordering between kernfs.Filesystem.mu and TaskSet.mu.
|
panic: cgroupfs: pids controller attempted to remove pending charge for Task ADDR, but task didn't have pending charges, (2)
|
|
|
|
1 |
543d |
543d
|
14/26 |
512d |
62ddad611979
cgroupfs: Fix several races with task migration.
|
panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
|
C |
|
|
27 |
512d |
513d
|
14/26 |
512d |
1823b16fccf7
Clean up DecRefs in mount methods.
|
panic: Incrementing non-positive count ADDR on tmpfs.inode (2)
|
C |
|
|
56 |
512d |
513d
|
14/26 |
512d |
1823b16fccf7
Clean up DecRefs in mount methods.
|
panic: kernfs.Dentry.DecRef() called without holding a reference (2)
|
C |
|
|
61 |
512d |
513d
|
14/26 |
512d |
1823b16fccf7
Clean up DecRefs in mount methods.
|
kvm: panic: Sentry detected stuck tasks (10)
|
|
|
|
3 |
529d |
546d
|
14/26 |
513d |
ece02b45b5b4
Add a maximum to the total number of mounts allowed in a namespace.
|
panic: Lock not held: transport.endpointMutex[e]:
|
C |
|
|
1191 |
513d |
514d
|
14/26 |
513d |
1ceee8c31071
connectioned: Change nested lock name to only have a single nested lock.
|
DATA RACE in safemem.Copy (5)
|
C |
|
|
3153 |
514d |
524d
|
14/26 |
514d |
ae731e0394f5
Don't use other process's scratch buffer.
|
panic: unbalance unlock: mm.activeRWMutex:LINE:
|
|
|
|
2 |
516d |
527d
|
14/26 |
514d |
445fa6f40c89
Lockdep: Print more info in the "unbalanced unlock" case.
|
panic: WARNING: circular locking detected: kernel.taskMutex -> kernel.taskSetRWMutex:
|
C |
|
|
1470 |
524d |
525d
|
14/26 |
522d |
38a0512f13fa
Fix circular lock in process_vm_(read|write)v
|
DATA RACE in binary.littleEndian.Uint64
|
C |
|
|
29 |
623d |
626d
|
14/26 |
525d |
106f6ea96746
Re-enable process_vm_(read|write)v
|
panic: runtime error: slice bounds out of range [:ADDR] with capacity ADDR
|
C |
|
|
914 |
525d |
542d
|
14/26 |
525d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
DATA RACE in safemem.Copy (4)
|
C |
|
|
1019 |
623d |
626d
|
14/26 |
525d |
106f6ea96746
Re-enable process_vm_(read|write)v
|
panic: runtime error: slice bounds out of range [ADDR:NUM]
|
C |
|
|
13 |
529d |
529d
|
14/26 |
525d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
panic: runtime error: slice bounds out of range [:ADDR] with capacity NUM
|
C |
|
|
124 |
525d |
542d
|
14/26 |
525d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
panic: runtime error: integer divide by zero (3)
|
C |
|
|
443 |
525d |
542d
|
14/26 |
525d |
3c0e0a3746a3
io_uring: Fix several issues with shared ring buffers.
|
panic: Unknown syscall -NUM error: EOF
|
C |
|
|
14 |
530d |
531d
|
14/26 |
525d |
f3aaf4326636
io_ring: Handle EOF on IORING_OP_READV
|
DATA RACE in tmpfs.GetSeals
|
|
|
|
1 |
531d |
531d
|
14/26 |
527d |
374e716c7ce2
AddSeals has to take the write lock to modify seals
|
DATA RACE in tmpfs.AddSeals
|
C |
|
|
4 |
530d |
531d
|
14/26 |
527d |
374e716c7ce2
AddSeals has to take the write lock to modify seals
|
panic: runtime error: slice bounds out of range [:NUM] with capacity NUM
|
C |
|
|
196 |
811d |
819d
|
14/26 |
529d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
panic: addresses IP and fe80::aa do not have the same length (2)
|
|
|
|
1 |
534d |
534d
|
14/26 |
530d |
8756ebc3b406
Netstack: Check address matches the endpoint protocol for IP_DROP_MEMBERSHIP
|
panic: runtime error: invalid memory address or nil pointer dereference (11)
|
C |
|
|
2733 |
533d |
626d
|
14/26 |
532d |
ae136df84998
Add nil-check for parent mount in umount(2) while handling mount propagation.
|
DATA RACE in vfs.(*VirtualFilesystem).setPropagation
|
C |
|
|
3 |
545d |
545d
|
14/26 |
532d |
20ef2127a102
Lock around optional tag generation.
|
DATA RACE in bufferv2.newChunk
|
C |
|
|
68 |
539d |
555d
|
14/26 |
538d |
6b3b5493d0ea
Fix ipv6 header view ownership.
|
DATA RACE in vfs.(*VirtualFilesystem).GenerateProcMountInfo
|
C |
|
|
2 |
543d |
545d
|
14/26 |
542d |
20ef2127a102
Lock around optional tag generation.
|
panic: runtime error: integer divide by zero (2)
|
C |
|
|
56 |
542d |
543d
|
14/26 |
542d |
d4b159ae93b5
iouring: Disallow zero, or less CQ entries than SQ entries
|
panic: nested locking: kernel.taskSetRWMutex:
|
C |
|
|
2 |
601d |
601d
|
14/26 |
548d |
c1427a04dfba
Disable fasync for signalfd descriptors
|
gvisor test error: panic: WARNING: circular locking detected: mm.activeRWMutex -> kernel.taskSetRWMutex:
|
|
|
|
1 |
569d |
569d
|
14/26 |
562d |
2e844f74fcdd
Do not use ktime.Timer for CPU clock ticks.
|
panic: Decrementing non-positive ref count ADDR, owned by kernel.ProcessGroup (2)
|
C |
|
|
3 |
567d |
601d
|
14/26 |
566d |
36ddd3050cc2
Check if ThreadGroup exists before executing JoinProcessGroup.
|
kvm: panic: Sentry detected stuck tasks (9)
|
|
|
|
2 |
595d |
596d
|
14/26 |
584d |
48e2252b3bac
fix panic caused by too-large buffer allocations
|
gvisor build error (15)
|
|
|
|
232 |
591d |
590d
|
14/26 |
588d |
d2827e5a9242
Don't require gcc-multilib to be installed to build BPF
|
panic: cgroupfs: pids controller pending pool would be negative if charge was allowed: current pool: NUM, proposed charg
|
C |
|
|
97 |
604d |
724d
|
14/26 |
604d |
46e08207b58f
cgroupfs: Handle hierachy changes across charge/uncharge.
|
panic: addresses IP and fe80::aa do not have the same length
|
|
|
|
102 |
624d |
653d
|
14/26 |
618d |
b195ca54f311
Netstack: Check that the multicast address matches the endpoint protocol.
|
DATA RACE in fuse.newFUSEFilesystem
|
C |
|
|
384 |
811d |
819d
|
14/26 |
627d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
panic: WARNING: circular locking detected: cgroupfs.pidsControllerMutex -> mm.mappingRWMutex:
|
|
|
|
3 |
681d |
682d
|
14/26 |
679d |
d5a04e338eef
cgroupfs: Don't copy in with cgroups locks held.
|
panic: WARNING: circular locking detected: tmpfs.inodeMutex -> mm.activeRWMutex:
|
C |
|
|
8353 |
682d |
682d
|
14/26 |
679d |
82498d087ef8
Don't hold MM.activeMu when calling MM.vmaMapsEntryLocked().
|
panic: Sentry detected stuck tasks (16)
|
|
|
|
5 |
687d |
760d
|
14/26 |
686d |
8b41af93300c
sync/lockdep: use RangeRepeatable instead of Range
|
kvm: panic: Sentry detected stuck tasks (7)
|
|
|
|
1 |
706d |
699d
|
14/26 |
687d |
6fda48f50dcd
tcpip/transport/raw: check MTU before copying a buffer from user memory
|
panic: invalid allocation length: 0x0 (4)
|
C |
|
|
4338 |
687d |
690d
|
14/26 |
687d |
3290a054c5bd
getdents: Test that size parameter is not zero before allocating PMAs.
|
panic: WARNING: circular locking detected: kernel.taskSetRWMutex -> mm.activeRWMutex:
|
|
|
|
2 |
704d |
699d
|
14/26 |
693d |
e47be0cfc06d
Move Send/RecvNotify calls outside of CopyIn/Out, due to lock order.
|
panic: runtime error: index out of range [-NUM]
|
C |
|
|
13 |
718d |
718d
|
14/26 |
715d |
a7cad2b092de
Tmpfs with size option enabled bug fix.
|
DATA RACE in fuse.(*connection).callFutureLocked
|
C |
|
|
2 |
816d |
819d
|
14/26 |
724d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
DATA RACE in fuse.(*DeviceFD).Read
|
C |
|
|
238 |
813d |
819d
|
14/26 |
724d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
DATA RACE in fuse.newFUSEConnection
|
C |
|
|
52 |
813d |
819d
|
14/26 |
724d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
DATA RACE in fuse.(*DeviceFD).PWrite
|
C |
|
|
11 |
816d |
819d
|
14/26 |
724d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
DATA RACE in fuse.(*DeviceFD).PRead
|
C |
|
|
9 |
815d |
819d
|
14/26 |
724d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
DATA RACE in fuse.(*DeviceFD).Seek
|
C |
|
|
8 |
818d |
819d
|
14/26 |
724d |
32c474d82f65
Allow multiple FUSE filesystems to share a connection.
|
panic: unexpected tcp state in processor: BOUND
|
C |
|
|
36 |
735d |
738d
|
14/26 |
735d |
3b917921d7fe
Fix race in listen.
|
DATA RACE in cgroupfs.(*memsData).Write
|
C |
|
|
4 |
747d |
747d
|
14/26 |
738d |
5f9bd8a53b20
cgroupfs: Synchronize access to cpuset controller bitmaps.
|
panic: unknown network protocol number NUM
|
C |
|
|
56 |
828d |
840d
|
14/26 |
757d |
6a28dc7c5963
Correct fragmentation reference counting.
|
panic: runtime error: invalid memory address or nil pointer dereference (10)
|
C |
|
|
11 |
764d |
770d
|
14/26 |
763d |
5835bc8c3a4b
cgroupfs: Handle invalid PID/PGID on migration.
|
DATA RACE in kernfs.(*OrderedChildren).checkExistingLocked
|
C |
|
|
1 |
786d |
786d
|
14/26 |
764d |
9085d334deed
kernfs: Handle duplicate unlink on orphaned directories.
|
panic: Inode doesn't match what kernfs thinks! OrderedChild: &{dir:{InodeNoopRefCount:{InodeTemporary:{}} InodeAlwaysVal
|
C |
|
|
12 |
771d |
786d
|
14/26 |
764d |
9085d334deed
kernfs: Handle duplicate unlink on orphaned directories.
|
DATA RACE in bitmap.(*Bitmap).Maximum
|
C |
|
|
8 |
778d |
786d
|
14/26 |
777d |
4503ba3f5efd
Fix data race when using UNSHARE in close_range.
|
kvm: lost connection to test machine
|
|
|
|
364 |
781d |
1134d
|
14/26 |
778d |
81d384cfe9d3
Fix race between epoll readiness check and re-readying.
|
lost connection to test machine (6)
|
|
|
|
4341 |
779d |
1018d
|
14/26 |
778d |
81d384cfe9d3
Fix race between epoll readiness check and re-readying.
|
DATA RACE in transport.(*connectionedEndpoint).Connect.func1 (2)
|
C |
|
|
4 |
795d |
788d
|
14/26 |
783d |
b1ceabc884c0
Hold baseEndpoint.mu when calling baseEndpoint.Connected()
|
kvm: panic: Sentry detected stuck tasks (6)
|
|
|
|
15 |
787d |
798d
|
14/26 |
786d |
f51097051ac5
tun: reject packets larger MTU
|
panic: Sentry detected stuck tasks (15)
|
C |
|
|
2582 |
796d |
873d
|
14/26 |
791d |
510cc2f7fca9
Fix pivot_root lock inversion.
|
Invalid request partialResult in sendto (3)
|
C |
|
|
9 |
794d |
794d
|
14/26 |
792d |
395c38be75d1
Add ECONNABORTED to the partial result error list.
|
kvm: panic: Sentry detected stuck tasks (5)
|
C |
|
|
65 |
799d |
861d
|
14/26 |
798d |
b413d78c27db
sendfile: limit a buffer size
|
panic: runtime error: invalid memory address or nil pointer dereference (9)
|
C |
|
|
262 |
811d |
807d
|
14/26 |
806d |
b7ccfa5084e2
Fixes #7086,#6964,#3413,#7001.
|
DATA RACE in fuse.(*connection).callFuture (2)
|
|
|
|
3 |
812d |
812d
|
14/26 |
811d |
e219f75d8b3c
Fuse: Cache `maxActiveRequests` in `connection` to avoid reading it from `fs`.
|
panic: Unknown syscall NUM error: payload too small. Minimum data lenth required: NUM, but got data length NUM
|
C |
|
|
79 |
812d |
818d
|
14/26 |
812d |
55ef37166897
Return well-defined error on short payload in FUSE.
|
fatal error: sync: unlock of unlocked mutex
|
C |
|
|
26 |
812d |
813d
|
14/26 |
812d |
10d1a49c5ba2
Fuse: `DeviceFD.Read`: Lock `DeviceFD` ahead of other locks.
|
DATA RACE in fuse.(*connection).callFuture
|
|
|
|
1 |
816d |
816d
|
14/26 |
813d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
DATA RACE in fuse.(*connection).initProcessReply
|
C |
|
|
14 |
813d |
818d
|
14/26 |
813d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
DATA RACE in fuse.(*DeviceFD).writeLocked
|
C |
|
|
33 |
813d |
818d
|
14/26 |
813d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
DATA RACE in fuse.(*connection).Call
|
C |
|
|
65 |
813d |
817d
|
14/26 |
813d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
DATA RACE in fuse.(*DeviceFD).Release
|
C |
|
|
404 |
813d |
818d
|
14/26 |
813d |
a5ce865145c7
fuse: Attempt to fix five data races.
|
DATA RACE in stack.(*PacketBuffer).reset (2)
|
syz |
|
|
2 |
839d |
839d
|
14/26 |
814d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
panic: runtime error: invalid memory address or nil pointer dereference (8)
|
C |
|
|
214 |
814d |
840d
|
14/26 |
814d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
panic: Incrementing non-positive count ADDR on stack.PacketBuffer
|
C |
|
|
9 |
826d |
826d
|
14/26 |
814d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
DATA RACE in mqfs.FilesystemType.GetFilesystem
|
|
|
|
1 |
830d |
829d
|
14/26 |
815d |
d1dadc9c19a1
Remove dentry_cache_limit mount option from mqfs.
|
gvisor build error (13)
|
|
|
|
201 |
821d |
827d
|
14/26 |
820d |
c18ec0b53cf2
Fix race build error.
|
panic: runtime error: index out of range [NUM] with length NUM (2)
|
C |
|
|
21 |
821d |
828d
|
14/26 |
821d |
5fb527632358
Handle 0 sized writes to /dev/net/tun.
|
panic: PullUp failed (2)
|
syz |
|
|
4 |
829d |
837d
|
14/26 |
826d |
6d15b0ee64f1
Fix packet buffer reference counting in IP fragmentation/reassembly.
|
DATA RACE in transport.(*connectionedEndpoint).Listen
|
|
|
|
1 |
857d |
857d
|
14/26 |
842d |
52bee5297caf
unix: call Listening under the endpoint lock
|
DATA RACE in udp.(*endpoint).Connect (2)
|
C |
|
|
4 |
1247d |
1253d
|
14/26 |
851d |
2485a4e2cb4a
Make stack.Route safe to access concurrently
|
kvm: panic: Sentry detected stuck tasks (4)
|
C |
|
|
627 |
868d |
895d
|
14/26 |
868d |
4d29819e13a1
pipe: have separate notifiers for readers and writers
|
panic: Sentry detected stuck tasks (14)
|
|
|
|
20 |
876d |
922d
|
14/26 |
876d |
b2f8b495ad73
cgroup/cpuset: handle the offset argument of write methods properly
|
DATA RACE in stack.(*PacketBuffer).reset
|
|
|
|
9 |
897d |
898d
|
14/26 |
897d |
bb1ae811f4eb
Prevent PacketBuffers from being returned to the pool too early in nic.
|
panic: runtime error: makeslice: len out of range (4)
|
|
|
|
36 |
898d |
902d
|
14/26 |
898d |
37792ee1e6e1
Validate ControlMessageHeader.Length
|
SYZFAIL: tun: can't open /dev/net/tun
|
syz |
|
|
339 |
906d |
1159d
|
14/26 |
906d |
58017e655399
Handle UMOUNT_NOFOLLOW in VFS2 umount(2).
|
kvm: no output from test machine (2)
|
C |
|
|
23 |
907d |
985d
|
14/26 |
906d |
58017e655399
Handle UMOUNT_NOFOLLOW in VFS2 umount(2).
|
DATA RACE in cgroupfs.(*cpusData).Generate
|
|
|
|
2 |
912d |
916d
|
14/26 |
911d |
6078d26588c0
Sychronize access to cpuset controller bitmaps.
|
DATA RACE in cgroupfs.(*cpusData).Write
|
C |
|
|
6 |
911d |
916d
|
14/26 |
911d |
6078d26588c0
Sychronize access to cpuset controller bitmaps.
|
panic: runtime error: index out of range [NUM] with length NUM
|
C |
|
|
12 |
913d |
915d
|
14/26 |
912d |
f54a25c1f03e
Validate an icmp header before accessing it
|
panic: interface conversion: kernfs.Inode is nil, not *mqfs.rootInode
|
|
|
|
2 |
914d |
916d
|
14/26 |
912d |
763d7e6e396d
Obtain ref on root dentry in mqfs.GetFilesystem.
|
panic: runtime error: invalid memory address or nil pointer dereference (7)
|
C |
|
|
45305 |
912d |
942d
|
14/26 |
912d |
763d7e6e396d
Obtain ref on root dentry in mqfs.GetFilesystem.
|
panic: kernfs.Dentry.DecRef() called without holding a reference
|
C |
|
|
87 |
912d |
917d
|
14/26 |
912d |
763d7e6e396d
Obtain ref on root dentry in mqfs.GetFilesystem.
|
panic: Only permission mask must be set: ADDR
|
C |
|
|
756 |
913d |
917d
|
14/26 |
913d |
4d07fc952d6b
Do not leak non-permission mode bits in mq_open(2).
|
gvisor build error (11)
|
|
|
|
386 |
984d |
988d
|
14/26 |
940d |
c2353e4055ac
[op] Fix //debian:debian.
|
FATAL ERROR: waiting on pid X: waiting on pid X in sandbox NAME failed: EOF (3)
|
C |
|
|
2034 |
941d |
1035d
|
14/26 |
940d |
0bdd79ccd469
kvm: trap mmap syscalls to map new regions to the guest
|
DATA RACE in safemem.Copy (3)
|
C |
|
|
3 |
947d |
947d
|
14/26 |
941d |
1fe0a6691ff5
Prevent PacketData from being modified.
|
panic: runtime error: slice bounds out of range [:LINE] with capacity 0
|
|
|
|
2 |
991d |
992d
|
14/26 |
942d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
panic: Sentry detected stuck tasks (13)
|
|
|
|
1 |
952d |
952d
|
14/26 |
942d |
4076153be684
Fix lock ordering violation
|
Invalid request partialResult in pwritev
|
C |
|
|
278 |
1134d |
1153d
|
14/26 |
944d |
7fac7e32f3a8
Translate syserror when validating partial IO errors
|
kvm: panic: Watchdog goroutine is stuck (4)
|
|
|
|
18 |
972d |
1030d
|
14/26 |
944d |
14d6cb4436f1
platform/kvm: fix a race condition in vCPU.unlock()
|
panic: runtime error: slice bounds out of range [40:LINE]
|
|
|
|
3 |
998d |
1001d
|
14/26 |
944d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
Invalid request partialResult in sendto (2)
|
C |
|
|
10 |
980d |
1055d
|
14/26 |
944d |
e5fe488b2273
Wake up Writers when tcp socket is shutdown for writes.
|
kvm: panic: Sentry detected stuck tasks (2)
|
C |
|
|
66 |
951d |
1114d
|
14/26 |
944d |
1947c873423c
Fix deadlock in /proc/[pid]/fd/[num]
|
panic: Sentry detected stuck tasks (12)
|
|
|
|
2 |
953d |
953d
|
14/26 |
952d |
51b96514cd93
Limit most file mmaps to the range of an int64.
|
DATA RACE in msgqueue.(*Queue).pop
|
C |
|
|
2 |
978d |
978d
|
14/26 |
954d |
d6c99694bcb9
Fix race on msgrcv(MSG_COPY).
|
panic: Sentry detected stuck tasks (11)
|
C |
|
|
31 |
969d |
1096d
|
14/26 |
966d |
9149b2cefdb5
unix: avoid taking two endpoint locks
|
panic: runtime error: makeslice: len out of range (3)
|
C |
|
|
10 |
968d |
968d
|
14/26 |
968d |
927ea16dd384
unix: handle a case when a buffer is overflowed
|
panic: unknown error: SIGBUS at ADDR
|
C |
|
|
17 |
970d |
984d
|
14/26 |
969d |
dfbcb8903ae8
[syserr] Fix SIGBUS on syserr.FromError
|
DATA RACE in safemem.Copy (2)
|
C |
|
|
9 |
994d |
994d
|
14/26 |
983d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
panic: runtime error: slice bounds out of range [2:LINE]
|
|
|
|
1 |
1011d |
1011d
|
14/26 |
983d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
DATA RACE in buffer.(*buffer).Remove
|
C |
|
|
2 |
994d |
994d
|
14/26 |
983d |
6d0b40b1d159
[op] Make PacketBuffer Clone() do a deeper copy.
|
kvm: no output from test machine
|
|
|
|
1107 |
994d |
1145d
|
14/26 |
994d |
569f605f438d
Correctly handle interruptions in blocking msgqueue syscalls.
|
no output from test machine (9)
|
C |
|
|
2298 |
994d |
1149d
|
14/26 |
994d |
569f605f438d
Correctly handle interruptions in blocking msgqueue syscalls.
|
panic: unable to find an index for ID: 0
|
C |
|
|
1497 |
1007d |
1008d
|
14/26 |
1007d |
3d0a9300050a
Don't panic on user-controlled state in semaphore syscalls.
|
DATA RACE in atomic.CompareAndSwapInt32 (4)
|
syz |
|
|
4 |
1021d |
1014d
|
14/26 |
1009d |
a89b2f005b71
Use atomics when checking for parent setgid in VFS2 tmpfs file creation.
|
panic: FIN segments must be the final segment in the write list.
|
|
|
|
2 |
1027d |
1027d
|
14/26 |
1023d |
1fc7a9eac2f2
Do not queue zero sized segments.
|
FATAL ERROR: waiting on pid X: waiting on pid X in sandbox NAME failed: EOF (2)
|
C |
|
|
2532 |
1035d |
1648d
|
14/26 |
1035d |
d703340bc04a
runsc: don't kill sandbox, let it stop properly
|
panic: Incrementing non-positive count ADDR on kernel.ProcessGroup (2)
|
|
|
|
1 |
1045d |
1045d
|
14/26 |
1036d |
2e6195ffe0ad
CreateProcessGroup has to check whether a target process stil exists or not
|
kvm: panic: Watchdog goroutine is stuck (3)
|
C |
|
|
48 |
1051d |
1102d
|
14/26 |
1049d |
3fcbad509300
Fix lock ordering issue when enumerating cgroup tasks.
|
panic: Watchdog goroutine is stuck (2)
|
|
|
|
1 |
1062d |
1055d
|
14/26 |
1050d |
3fcbad509300
Fix lock ordering issue when enumerating cgroup tasks.
|
panic: Incrementing non-positive count ADDR on vfs.Filesystem (2)
|
|
|
|
1 |
1073d |
1073d
|
14/26 |
1071d |
af229f46a149
Fix cgroupfs mount racing with unmount.
|
panic: PullUp failed
|
C |
|
|
615 |
1077d |
1078d
|
14/26 |
1077d |
436148d68a50
Fix panic on consume in a mixed push/consume case
|
panic: Incrementing non-positive count ADDR on vfs.Filesystem
|
C |
|
|
2 |
1095d |
1095d
|
14/26 |
1077d |
78ae3db1a39c
Fix cgroup hierarchy registration.
|
DATA RACE in cgroupfs.FilesystemType.GetFilesystem
|
C |
|
|
1 |
1095d |
1088d
|
14/26 |
1077d |
78ae3db1a39c
Fix cgroup hierarchy registration.
|
panic: Sentry detected stuck tasks (10)
|
C |
|
|
264 |
1103d |
1155d
|
14/26 |
1102d |
b0333d33a206
Optimize safemem.Zero
|
kvm: panic: Watchdog goroutine is stuck (2)
|
|
|
|
110 |
1109d |
1126d
|
14/26 |
1109d |
f4f6ce337aa8
Don't grab TaskSet mu recursively when reading task state.
|
panic: Watchdog goroutine is stuck
|
C |
|
|
1831 |
1109d |
1408d
|
14/26 |
1109d |
f4f6ce337aa8
Don't grab TaskSet mu recursively when reading task state.
|
panic: makechan: size out of range
|
C |
|
|
183 |
1112d |
1116d
|
14/26 |
1112d |
dc8f6c691474
Move maxListenBacklog check to sentry
|
fatal error: unexpected signal during runtime execution
|
syz |
|
|
272 |
1180d |
1869d
|
14/26 |
1112d |
eb9b8e53a3ef
platform/kvm/x86: restore mxcsr when switching from guest to sentry
|
kvm: panic: Watchdog goroutine is stuck
|
|
|
|
240 |
1127d |
1138d
|
14/26 |
1127d |
2f3dac78ca9a
kvm: prefault a floating point state before restoring it
|
Invalid request partialResult in write (2)
|
C |
|
|
11628 |
1129d |
1195d
|
14/26 |
1129d |
7fac7e32f3a8
Translate syserror when validating partial IO errors
|
kvm: panic: Sentry detected stuck tasks
|
C |
|
|
152 |
1129d |
1145d
|
14/26 |
1129d |
2f3dac78ca9a
kvm: prefault a floating point state before restoring it
|
panic: Sentry detected stuck tasks (9)
|
|
|
|
9 |
1155d |
1156d
|
14/26 |
1155d |
38c42bbf4ad2
Remove deadlock in raw.endpoint caused by recursive read locking
|
panic: Sentry detected stuck tasks (8)
|
C |
|
|
64 |
1156d |
1158d
|
14/26 |
1156d |
f5692f7dcc48
Kernfs should not try to rename a file to itself.
|
no output from test machine (8)
|
C |
|
|
15268 |
1156d |
1260d
|
14/26 |
1156d |
acd516cfe292
Add YAMA security module restrictions on ptrace(2).
|
panic: running on goroutine 582 (task goroutine for kernel.Task ADDR is 400)
|
C |
|
|
1 |
1161d |
1161d
|
14/26 |
1157d |
6e000d3424c0
Use async task context for async IO.
|
panic: unknown error *tcpip.ErrMalformedHeader
|
C |
|
|
5 |
1173d |
1166d
|
14/26 |
1157d |
c39284f45738
Let sentry understand tcpip.ErrMalformedHeader
|
panic: Sentry detected stuck tasks (7)
|
syz |
|
|
2567 |
1158d |
1189d
|
14/26 |
1158d |
c5a4e100085c
unix: sendmmsg and recvmsg have to cap a number of message to UIO_MAXIOV
|
panic: wd changed: "/tmp" -> "(unreachable)/"
|
syz |
|
|
2534 |
1170d |
1251d
|
14/26 |
1170d |
97a36d169698
Don't allow to umount the namespace root mount
|
Invalid request partialResult in sendto
|
C |
|
|
236 |
1179d |
1182d
|
14/26 |
1171d |
d6d169320cd4
Add ETIMEDOUT to partial result list
|
FATAL ERROR: executing processes for container: executing command "/syz-fuzzer -executor=/syz-executor -name=vm-1 -arch=
|
|
|
|
4 |
1177d |
1179d
|
14/26 |
1171d |
120c8e346871
Replace TaskFromContext(ctx).Kernel() with KernelFromContext(ctx)
|
panic: Incrementing non-positive count ADDR on kernel.ProcessGroup
|
C |
|
|
12 |
1188d |
1188d
|
14/26 |
1171d |
fe4f4789601d
kernel: reparentLocked has to update children maps of old and new parents
|
panic: Child "." for parent Dentry &{vfsd:{mu:{m:{Mutex:{state:LINE sema:LINE}}} dead:false mounts:LINE impl:ADDR} refs:
|
C |
|
|
13 |
1171d |
1181d
|
14/26 |
1171d |
09afd6832689
[vfs] Handle `.` and `..` as last path component names in kernfs Rename.
|
panic: Start ADDR + offset ADDR overflows?
|
C |
|
|
19 |
1196d |
1502d
|
14/26 |
1171d |
bf4968e17d7d
exec: don't panic if an elf file is malformed
|
panic: Decrementing non-positive ref count ADDR, owned by vfs.FileDescription
|
C |
|
|
12 |
1201d |
1197d
|
14/26 |
1185d |
abdff887483f
Do not send SCM Rights more than once when message is truncated.
|
DATA RACE in safemem.Copy
|
C |
|
|
4 |
1189d |
1189d
|
14/26 |
1186d |
76da673a0dda
Do not modify IGMP packets when verifying checksum
|
panic: Sentry detected stuck tasks (6)
|
syz |
|
|
714 |
1190d |
1241d
|
14/26 |
1190d |
e57ebcd37a7b
Simplify the pipe implementation.
|
panic: IPv6 payload too large: NUM, must be <= NUM
|
C |
|
|
46 |
1197d |
1230d
|
14/26 |
1195d |
ec9e263f213c
Correctly return EMSGSIZE when packet is too big in raw socket.
|
panic: buffer too long by 8 bytes
|
C |
|
|
12 |
1210d |
1228d
|
14/26 |
1206d |
ce7a4440cae8
Fix panic when parsing SO_TIMESTAMP cmsg
|
panic: runtime error: invalid memory address or nil pointer dereference (5)
|
syz |
|
|
62 |
1207d |
1251d
|
14/26 |
1206d |
2a200811d4c9
fs/fuse: check that a task has a specified file descriptor
|
panic: invalid pipe flags: must be readable, writable, or both
|
|
|
|
1 |
1215d |
1215d
|
14/26 |
1206d |
807a080d9574
Add missing error checks for FileDescription.Init.
|
DATA RACE in stack.(*NIC).DeliverNetworkPacket
|
|
|
|
4 |
1230d |
1239d
|
14/26 |
1213d |
25ebddbddfbc
Fix a data race in packetEPs
|
panic: runtime error: integer divide by zero
|
C |
|
|
116 |
1330d |
1356d
|
14/26 |
1213d |
b3ff31d041c9
fix panic when calling SO_ORIGINAL_DST without initializing iptables
|
panic: error when reading RouterAlert option's data bytes: EOF
|
C |
|
|
35 |
1228d |
1230d
|
14/26 |
1213d |
c55e5bda4d45
Validate router alert's data length
|
DATA RACE in raw.(*endpoint).HandlePacket
|
C |
|
|
5 |
1226d |
1226d
|
14/26 |
1213d |
981faa2c1229
RLock Endpoint in raw.Endpoint.HandlePacket
|
panic: header.ScopeForIPv6Address(172.20.20.170): bad address
|
C |
|
|
48 |
1235d |
1241d
|
14/26 |
1213d |
b15acae9a6e2
Fix error code for connect in raw sockets.
|
panic: close of nil channel (2)
|
|
|
|
1 |
1237d |
1236d
|
14/26 |
1213d |
f6407de6bafb
[syzkaller] Avoid AIOContext from resurrecting after being marked dead.
|
panic: Unknown syscall 165 error: strconv.ParseInt: parsing "ADDR": invalid syntax
|
C |
|
|
51 |
1236d |
1241d
|
14/26 |
1213d |
9c198e5df421
Fix error handling on fusefs mount.
|
DATA RACE in header.ICMPv6Checksum
|
C |
|
|
1 |
1228d |
1228d
|
14/26 |
1213d |
946cb909e62e
Don't modify a packet header when it can be used by other endpoints
|
panic: Unknown syscall 8 error: EOF
|
syz |
|
|
22 |
1224d |
1231d
|
14/26 |
1213d |
1ea241e4cc95
Fix seek on /proc/pid/cmdline when task is zombie.
|
panic: Stack for running G's are skipped while panicking.
|
C |
|
|
2426 |
1513d |
1766d
|
14/26 |
1215d |
ab7ecdd66d2a
watchdog: print panic error message before other messages
|
panic: Sentry detected stuck tasks (5)
|
syz |
|
|
83 |
1242d |
1255d
|
0/26 |
1242d |
79e2364933bb
Fix deadlock in UDP handleControlPacket path.
|
DATA RACE in log.GoogleEmitter.Emit
|
C |
|
|
34 |
1253d |
1259d
|
0/26 |
1252d |
9c553f2d4e4b
Remove racy stringification of socket fds from /proc/net/*.
|
panic: runtime error: slice bounds out of range [255:LINE]
|
C |
|
|
5 |
1257d |
1257d
|
0/26 |
1253d |
49adf36ed7d3
Fix possible panic due to bad data.
|
panic: cacheLocked called on a dentry which has already been destroyed: &{{{{0 0}} true 0 ADDR} -1 ADDR 1 ADDR NUM false
|
|
|
|
1 |
1258d |
1258d
|
0/26 |
1253d |
74bc6e56ccd9
[vfs] kernfs: Do not panic if destroyed dentry is cached.
|
gvisor boot error: FATAL ERROR: running container: creating container: open /sys/fs/cgroup/devices/ci-gvisor-kvm-proxy-overlay-sandbox-test
|
|
|
|
1 |
1255d |
1255d
|
0/26 |
1254d |
764504c38fb5
runsc: check whether cgroup exists or not for each controller
|
panic: Sentry detected stuck tasks (4)
|
C |
|
|
5 |
1255d |
1256d
|
0/26 |
1255d |
05d2a26f7a86
Fix possible deadlock in UDP.Write().
|
panic: Incrementing non-positive count ADDR on tmpfs.inode
|
syz |
|
|
2 |
1258d |
1259d
|
0/26 |
1255d |
10ba578c0182
tmpfs: make sure that a dentry will not be destroyed before the open() call
|
panic: Sentry detected stuck tasks (3)
|
C |
|
|
180 |
1256d |
1260d
|
0/26 |
1256d |
267560d159b2
Reset watchdog timer between sendfile() iterations.
|
panic: runtime error: invalid memory address or nil pointer dereference (4)
|
C |
|
|
4 |
1268d |
1286d
|
0/26 |
1260d |
4e389c785779
Check for nil in kernel.FSContext functions.
|
panic: Decrementing non-positive ref count ADDR, owned by *mm.SpecialMappable
|
|
|
|
56 |
1260d |
1290d
|
0/26 |
1260d |
dcc1b71f1ba4
Fix reference counting on kcov mappings.
|
panic: Sentry detected stuck tasks (2)
|
C |
|
|
951 |
1260d |
1301d
|
0/26 |
1260d |
db36d948fa63
TCP Receive window advertisement fixes.
|
no output from test machine (7)
|
C |
|
|
184 |
1260d |
1287d
|
0/26 |
1260d |
34a6e9576a96
loader/elf: validate file offset
|
panic: runtime error: makeslice: len out of range (2)
|
C |
|
|
5 |
1260d |
1288d
|
0/26 |
1260d |
cd108432a50e
splice: return EINVAL is len is negative
|
panic: Incrementing non-positive ref count ADDR owned by *mm.SpecialMappable
|
|
|
|
45 |
1262d |
1290d
|
0/26 |
1260d |
dcc1b71f1ba4
Fix reference counting on kcov mappings.
|
panic: Child "" for parent Dentry &{vfsd:{mu:{Mutex:{state:LINE sema:LINE}} dead:false mounts:LINE impl:ADDR} DentryRefs
|
C |
|
|
3 |
1265d |
1274d
|
0/26 |
1260d |
1321f837bd9f
[vfs2] Refactor kernfs checkCreateLocked.
|
panic: unknown error: EOF
|
C |
|
|
68 |
1288d |
1291d
|
0/26 |
1287d |
c002fc36f9bb
sockets: ignore io.EOF from view.ReadAt
|
no output from test machine (6)
|
syz |
|
|
1873 |
1294d |
1301d
|
0/26 |
1294d |
76a09f0cf599
syscalls: Don't leak a file on the error path
|
no output from test machine (5)
|
C |
|
|
86414 |
1301d |
1416d
|
0/26 |
1301d |
de85b045d42f
kvm/x86: handle a case when interrupts are enabled in the kernel space
|
panic: Sentry detected stuck tasks
|
C |
|
|
506 |
1301d |
1321d
|
0/26 |
1301d |
de85b045d42f
kvm/x86: handle a case when interrupts are enabled in the kernel space
|
DATA RACE in tcp.(*endpoint).bindLocked
|
syz |
|
|
2 |
1332d |
1332d
|
0/26 |
1325d |
38cdb0579b69
Fix data race in tcp.GetSockOpt.
|
panic: runtime error: invalid memory address or nil pointer dereference (3)
|
C |
|
|
20051 |
1333d |
1869d
|
0/26 |
1325d |
b3ff31d041c9
fix panic when calling SO_ORIGINAL_DST without initializing iptables
|
DATA RACE in transport.(*connectionedEndpoint).Connect.func1
|
syz |
|
|
21 |
1408d |
1415d
|
0/26 |
1407d |
70c45e09cfd1
socket/unix: (*connectionedEndpoint).State() has to take the endpoint lock
|
panic: Sentry detected 1 stuck task(s):
|
C |
|
|
6204 |
1418d |
1505d
|
0/26 |
1415d |
4950ccde75b3
Fix write hang bug found by syzkaller.
|
DATA RACE in atomic.LoadInt64
|
|
|
|
1 |
1423d |
1423d
|
0/26 |
1420d |
7da69fe9719b
Fix data race on f.offset.
|
DATA RACE in fs.(*File).offsetForAppend
|
syz |
|
|
2 |
1423d |
1423d
|
0/26 |
1420d |
7da69fe9719b
Fix data race on f.offset.
|
DATA RACE in kernel.(*Task).accountTaskGoroutineEnter
|
syz |
|
|
2 |
1446d |
1446d
|
0/26 |
1443d |
8dd1d5b75a95
Don't call kernel.Task.Block() from netstack.SocketOperations.Write().
|
panic: D0415 01:LINE.ADDR 8857 transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 95}
|
|
|
|
1 |
1472d |
1472d
|
0/26 |
1456d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
panic: close of nil channel
|
syz |
|
|
6 |
1465d |
1469d
|
0/26 |
1463d |
37f863f62813
tcp: handle listen after shutdown properly
|
panic: D0414 08:LINE.ADDR NUM transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 2}
|
|
|
|
1 |
1473d |
1473d
|
0/26 |
1471d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
panic: D0414 11:LINE.ADDR NUM transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 95}
|
|
|
|
1 |
1473d |
1473d
|
0/26 |
1471d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
panic: D0414 14:LINE.ADDR NUM task_exit.go:LINE] [ 98] Transitioning from exit state TaskExitNone to TaskExitInitiate
|
|
|
|
1 |
1473d |
1473d
|
0/26 |
1471d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
panic: D0414 16:LINE.ADDR 5236 transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 2}
|
|
|
|
1 |
1473d |
1473d
|
0/26 |
1471d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
panic: D0414 13:LINE.ADDR NUM transport_flipcall.go:LINE] recv [channel @ADDR] Rlerror{Error: 2}
|
|
|
|
1 |
1473d |
1473d
|
0/26 |
1471d |
2dd6384de89a
Fix cleanup around socketpair() failure to copy out FDs.
|
panic: interface conversion: context.Context is kernel.taskAsyncContext, not *kernel.Task
|
syz |
|
|
16 |
1475d |
1491d
|
0/26 |
1475d |
c9195349c9ac
Replace type assertion with TaskFromContext.
|
panic: runtime error: makeslice: len out of range
|
syz |
|
|
49 |
1477d |
1499d
|
0/26 |
1477d |
a10389e783aa
splice: cap splice calls to MAX_RW_COUNT
|
DATA RACE in tcp.(*endpoint).Readiness
|
syz |
|
|
2 |
1497d |
1497d
|
0/26 |
1491d |
d04adebaab86
Fix data-race in endpoint.Readiness
|
DATA RACE in netstack.(*SocketOperations).SetSockOpt
|
syz |
|
|
2 |
1496d |
1496d
|
0/26 |
1494d |
369cf38bd718
Fix data race in SetSockOpt.
|
DATA RACE in tcp.(*endpoint).SetSockOpt
|
syz |
|
|
26 |
1499d |
1519d
|
0/26 |
1494d |
e9e399c25d4f
Remove workMu from tcpip.Endpoint.
|
DATA RACE in udp.(*endpoint).SetSockOptBool
|
syz |
|
|
2 |
1513d |
1506d
|
0/26 |
1497d |
c15b8515eb4a
Fix datarace on TransportEndpointInfo.ID and clean up semantics.
|
no output from test machine (3)
|
C |
|
|
11663 |
1500d |
1588d
|
0/26 |
1500d |
b55f0e5d40c1
fdtable: don't try to zap fdtable entry if close is called for non-existing fd
|
panic: Watchdog goroutine is stuck:
|
|
|
|
12 |
1501d |
1507d
|
0/26 |
1501d |
1c0535297067
Fix oom_score_adj.
|
panic: Sentry detected 4 stuck task(s):
|
|
|
|
7 |
1501d |
1511d
|
0/26 |
1501d |
b0f2c3e7646d
Fix infinite loop in semaphore.sem.wakeWaiters().
|
fatal error: out of memory (3)
|
syz |
|
|
3 |
1506d |
1506d
|
0/26 |
1505d |
81675b850e27
Fix memory leak in danglingEndpoints.
|
fatal error: too many address space collisions for -race mode
|
syz |
|
|
3 |
1506d |
1506d
|
0/26 |
1505d |
81675b850e27
Fix memory leak in danglingEndpoints.
|
fatal error: concurrent map iteration and map write (2)
|
syz |
|
|
1 |
1517d |
1517d
|
0/26 |
1508d |
62bd3ca8a375
Take write lock when removing xattr
|
DATA RACE in fsutil.(*InodeSimpleExtendedAttributes).ListXattr
|
|
|
|
1 |
1517d |
1517d
|
0/26 |
1508d |
62bd3ca8a375
Take write lock when removing xattr
|
lost connection to test machine (4)
|
|
|
|
1025286 |
1508d |
1680d
|
0/26 |
1508d |
6b4d36e32532
Hide /dev/net/tun when using hostinet.
|
DATA RACE in udp.(*endpoint).Connect
|
syz |
|
|
10 |
1513d |
1520d
|
0/26 |
1508d |
c15b8515eb4a
Fix datarace on TransportEndpointInfo.ID and clean up semantics.
|
DATA RACE in fsutil.(*InodeSimpleExtendedAttributes).RemoveXattr
|
syz |
|
|
2 |
1517d |
1517d
|
0/26 |
1508d |
62bd3ca8a375
Take write lock when removing xattr
|
DATA RACE in tcp.(*endpoint).windowCrossedACKThreshold
|
syz |
|
|
10 |
1519d |
1520d
|
0/26 |
1508d |
33101752501f
Fix data-race when reading/writing e.amss.
|
DATA RACE in stack.(*TransportEndpointInfo).AddrNetProto
|
syz |
|
|
148 |
1513d |
1520d
|
0/26 |
1508d |
c15b8515eb4a
Fix datarace on TransportEndpointInfo.ID and clean up semantics.
|
fatal error: concurrent map read and map write (2)
|
syz |
|
|
2 |
1517d |
1517d
|
0/26 |
1508d |
62bd3ca8a375
Take write lock when removing xattr
|
panic: runtime error: index out of range [1] with length 0
|
C |
|
|
1518 |
1513d |
1519d
|
0/26 |
1508d |
43abb24657e7
Fix panic caused by invalid address for Bind in packet sockets.
|
DATA RACE in netstack.(*SocketOperations).fetchReadView
|
syz |
|
|
12 |
1513d |
1519d
|
0/26 |
1508d |
42fb7d349137
socket: take readMu to access readView
|
DATA RACE in fsutil.(*InodeSimpleExtendedAttributes).GetXattr
|
syz |
|
|
3 |
1517d |
1517d
|
0/26 |
1508d |
62bd3ca8a375
Take write lock when removing xattr
|
DATA RACE in fs.(*UnstableAttr).SetOwner (2)
|
syz |
|
|
3 |
1553d |
1546d
|
0/26 |
1520d |
115898e368e4
Prevent DATA RACE in UnstableAttr.
|
DATA RACE in fs.mayDelete
|
|
|
|
1 |
1549d |
1542d
|
0/26 |
1520d |
fba479b3c786
Fix DATA RACE in fs.MayDelete.
|
DATA RACE in fs.(*Dirent).IncRef
|
syz |
|
|
1 |
1546d |
1539d
|
0/26 |
1520d |
53504e29ca27
Fix mount refcount issue.
|
panic: Incrementing non-positive ref count (4)
|
C |
|
|
5 |
1537d |
1539d
|
0/26 |
1520d |
53504e29ca27
Fix mount refcount issue.
|
panic: munmap(ADDR, NUM)) failed: function not implemented (3)
|
|
|
|
1 |
1590d |
1583d
|
0/26 |
1520d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
panic: munmap(0, ADDR)) failed: function not implemented (3)
|
|
|
|
1 |
1575d |
1568d
|
0/26 |
1520d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
panic: wait failed: the process NUM:NUM exited: 1f (err <nil>) (2)
|
|
|
|
17 |
1573d |
1595d
|
0/26 |
1520d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
panic: wait failed: the process 9793:LINE exited: 1f (err <nil>)
|
C |
|
|
1 |
1591d |
1584d
|
0/26 |
1520d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
panic: wait failed: the process 4877:LINE exited: 1f (err <nil>)
|
|
|
|
1 |
1590d |
1583d
|
0/26 |
1520d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
panic: runtime error: slice bounds out of range [:LINE] with capacity 16
|
syz |
|
|
42 |
1571d |
1582d
|
0/26 |
1520d |
b3ae8a62cfdf
Fix slice bounds out of range panic in parsing socket control message.
|
panic: wait failed: the process NUM:LINE exited: 1f (err <nil>) (4)
|
|
|
|
2 |
1583d |
1577d
|
0/26 |
1520d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
DATA RACE in refs.(*WeakRef).init (2)
|
|
|
|
1 |
1613d |
1606d
|
0/26 |
1540d |
3db317390b5c
Remove epoll entry from map when dropping it.
|
DATA RACE in refs.(*AtomicRefCount).DecRefWithDestructor
|
|
|
|
1 |
1560d |
1553d
|
0/26 |
1540d |
3db317390b5c
Remove epoll entry from map when dropping it.
|
panic: interface conversion: refs.RefCounter is *fs.File, not *fs.Dirent
|
|
|
|
3 |
1554d |
1564d
|
0/26 |
1540d |
3db317390b5c
Remove epoll entry from map when dropping it.
|
Invalid request partialResult in splice (2)
|
syz |
|
|
134 |
1549d |
1585d
|
0/26 |
1547d |
f263801a74d4
fs/splice: don't report partial errors for special files
|
fatal error: out of memory (2)
|
|
|
|
1 |
1563d |
1555d
|
0/26 |
1547d |
4cb55a7a3b09
Prevent arbitrary size allocation when sending UDS messages.
|
panic: invalid allocation length: 0x0 (3)
|
syz |
|
|
12 |
1550d |
1550d
|
0/26 |
1547d |
ede8dfab3760
Enforce splice offset limits
|
DATA RACE in fs.Rename (3)
|
|
|
|
1 |
1561d |
1561d
|
0/26 |
1560d |
f1a5178c589d
Fix data race in MountNamespace.resolve.
|
DATA RACE in tty.(*queue).readableSize
|
syz |
|
|
2 |
1562d |
1562d
|
0/26 |
1560d |
80d0f9304484
Fix data race in tty.queue.readableSize.
|
panic: Incrementing non-positive ref count (3)
|
|
|
|
2 |
1581d |
1591d
|
0/26 |
1570d |
6410387ff9b4
Cleanup Shm reference handling
|
panic: munmap(ADDR, 1000)) failed: function not implemented (3)
|
|
|
|
2 |
1607d |
1608d
|
0/26 |
1570d |
17c18241cdeb
platform/syscall: use syscall + int3 to execute a system call in a stub process
|
DATA RACE in fs.(*UnstableAttr).SetOwner
|
|
|
|
1 |
1590d |
1590d
|
0/26 |
1589d |
bb00438f36eb
Make masterInodeOperations.Truncate take a pointer receiver.
|
DATA RACE in fsutil.(*InodeSimpleAttributes).SetPermissions
|
syz |
|
|
3 |
1590d |
1590d
|
0/26 |
1589d |
bb00438f36eb
Make masterInodeOperations.Truncate take a pointer receiver.
|
no output from test machine (2)
|
C |
|
|
6325 |
1596d |
1712d
|
0/26 |
1596d |
378d6c1f3697
unix: allow to bind unix sockets only to AF_UNIX addresses
|
DATA RACE in fs.Rename (2)
|
C |
|
|
433 |
1847d |
1869d
|
0/26 |
1602d |
89cc8eef9ba6
DATA RACE in fs.(*Dirent).fullName
|
Invalid request partialResult in sendfile (2)
|
C |
|
|
1341 |
1669d |
1869d
|
0/26 |
1666d |
db218fdfcf16
Don't report partialResult errors from sendfile
|
Invalid request partialResult in splice
|
C |
|
|
206 |
1669d |
1718d
|
0/26 |
1669d |
7a234f736fe0
splice: try another fallback option only if the previous one isn't supported
|
lost connection to test machine (3)
|
C |
|
|
30758 |
1719d |
1869d
|
0/26 |
1716d |
af90e68623c7
netlink: return an error in nlmsgerr
|
panic: node.Readdir returned offset -ADDR less than input offset ADDR
|
C |
|
|
26 |
1785d |
1869d
|
0/26 |
1716d |
ab6774cebf5c
gvisor/fs: getdents returns 0 if offset is equal to FileMaxOffset
|
DATA RACE in ramfs.(*dirFileOperations).Readdir
|
syz |
|
|
1 |
1918d |
1869d
|
0/26 |
1717d |
09cf3b40a899
Fix data race in InodeSimpleAttributes.Unstable.
|
no output from test machine
|
C |
|
|
27191 |
1719d |
1869d
|
0/26 |
1719d |
af90e68623c7
netlink: return an error in nlmsgerr
|
DATA RACE in kernel.(*Kernel).EmitUnimplementedEvent
|
syz |
|
|
3 |
1730d |
1732d
|
0/26 |
1730d |
cf2b2d97d512
Initialize kernel.unimplementedSyscallEmitter with a sync.Once.
|
DATA RACE in atomic.AddInt32
|
|
|
|
1 |
1745d |
1745d
|
0/26 |
1743d |
542fbd01a7ed
Fix race in FDTable.GetFDs().
|
panic: Unknown syscall 85 error: link should be resolved via Readlink()
|
syz |
|
|
64 |
1754d |
1751d
|
0/26 |
1750d |
6db3f8d54c02
Don't mask errors in createAt loop.
|
panic: Unknown syscall 2 error: link should be resolved via Readlink()
|
syz |
|
|
16 |
1754d |
1751d
|
0/26 |
1750d |
6db3f8d54c02
Don't mask errors in createAt loop.
|
panic: Unknown syscall 257 error: link should be resolved via Readlink()
|
syz |
|
|
14 |
1754d |
1758d
|
0/26 |
1752d |
6db3f8d54c02
Don't mask errors in createAt loop.
|
panic: Incrementing non-positive ref count (2)
|
C |
|
|
183 |
1758d |
1765d
|
0/26 |
1758d |
4f2f44320f9b
Simplify (and fix) refcounts in createAt.
|
DATA RACE in atomic.AddInt64
|
|
|
|
1 |
1787d |
1780d
|
0/26 |
1763d |
8ab0848c70fc
gvisor/fs: don't update file.offset for sockets, pipes, etc
|
DATA RACE in fs.(*lockedReader).Read
|
|
|
|
1 |
1785d |
1778d
|
0/26 |
1765d |
8ab0848c70fc
gvisor/fs: don't update file.offset for sockets, pipes, etc
|
DATA RACE in atomic.StoreInt64
|
syz |
|
|
2 |
1773d |
1778d
|
0/26 |
1765d |
8ab0848c70fc
gvisor/fs: don't update file.offset for sockets, pipes, etc
|
DATA RACE in mm.(*MemoryManager).Brk
|
syz |
|
|
14 |
1806d |
1822d
|
0/26 |
1805d |
14f0e7618e28
Ensure all uses of MM.brk occur under MM.mappingMu in MM.Brk().
|
panic: hashed child "stat\t\xe9\xdc\xdf\x02\x02\x98\xcc\xf3<\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q\nI\xf81U\ro}\xe
|
C |
|
|
7 |
1849d |
1842d
|
0/26 |
1823d |
2df64cd6d2c8
createAt should return all errors from FindInode except ENOENT.
|
DATA RACE in fs.(*Dirent).fullName
|
|
|
|
3 |
1852d |
1869d
|
0/26 |
1842d |
89cc8eef9ba6
DATA RACE in fs.(*Dirent).fullName
|
panic: hashed over a positive child "file0"
|
|
|
|
1 |
1851d |
1851d
|
0/26 |
1848d |
61d8c361c663
Don't release d.mu in checks for child-existence.
|
DATA RACE in tty.(*lineDiscipline).masterReadiness
|
|
|
|
1 |
1850d |
1850d
|
0/26 |
1849d |
c79e81bd27cd
Addresses data race in tty implementation.
|
DATA RACE in tty.(*queue).WriteFromBlocks
|
syz |
|
|
7 |
1850d |
1853d
|
0/26 |
1849d |
c79e81bd27cd
Addresses data race in tty implementation.
|
panic: runtime error: index out of range (2)
|
C |
|
|
7191 |
1849d |
1855d
|
0/26 |
1849d |
82529becaee6
Fix index out of bounds in tty implementation.
|
DATA RACE in atomic.CompareAndSwapInt32 (2)
|
syz |
|
|
2 |
1851d |
1851d
|
0/26 |
1849d |
d14a7de65865
Fix more data races in shm debug messages.
|
DATA RACE in atomic.CompareAndSwapInt32
|
C |
|
|
9 |
1856d |
1869d
|
0/26 |
1852d |
cea1dd7d21b9
Remove racy access to shm fields.
|
DATA RACE in netlink.(*Socket).SetSockOpt
|
syz |
|
|
2 |
1868d |
1868d
|
0/26 |
1852d |
7b33df68450b
Fix data race in netlink send buffer size
|
DATA RACE in dev.(*randomDevice).GetFile
|
|
|
|
1 |
1857d |
1857d
|
0/26 |
1852d |
645af7cdd8a1
Dev device methods should take pointer receiver.
|
DATA RACE in fsutil.(*InodeSimpleAttributes).UnstableAttr
|
syz |
|
|
8 |
1917d |
1920d
|
0/26 |
1914d |
09cf3b40a899
Fix data race in InodeSimpleAttributes.Unstable.
|
panic: invalid allocation length: 0x0 (2)
|
C |
|
|
4 |
1956d |
1957d
|
0/26 |
1955d |
3b3f02627870
Truncate ar before calling mm.breakCopyOnWriteLocked().
|
gvisor boot error (3)
|
|
|
|
4 |
1960d |
1961d
|
0/26 |
1960d |
1775a0e11e56
container.Destroy should clean up container metadata even if other cleanups fail
|
DATA RACE in shm.(*Registry).findByKey
|
C |
|
|
47 |
2067d |
2133d
|
0/26 |
1961d |
f93c288dd708
Fix a data race on Shm.key.
|
gvisor test error (2)
|
|
|
|
2778 |
1978d |
2113d
|
0/26 |
1961d |
24c1158b9c21
Add "trace signal" option
|
panic: invalid type: int
|
C |
|
|
559 |
1981d |
2082d
|
0/26 |
1962d |
5560615c531b
Return an int32 for netlink SO_RCVBUF
|
panic: ptrace set regs failed: input/output error
|
C |
|
|
712 |
1967d |
2065d
|
0/26 |
1962d |
99d595869332
Validate FS_BASE in Task.Clone
|
Invalid request partialResult in sendfile
|
C |
|
|
7399 |
1967d |
2121d
|
0/26 |
1962d |
ffcbda0c8bd7
Partial writes should loop in rpcinet.
|
panic: Decrementing non-positive ref count
|
C |
|
|
4804 |
2057d |
2135d
|
0/26 |
1962d |
0e277a39c8b6
Prevent premature destruction of shm segments.
|
panic: ptrace status unexpected: got 9, wanted stopped (2)
|
syz |
|
|
78 |
1967d |
2120d
|
0/26 |
1962d |
e7191f058f55
Use TRAP to simplify vsyscall emulation.
|
panic: invalid allocation length: 0x0
|
C |
|
|
223 |
1968d |
2135d
|
0/26 |
1962d |
46603b569c3a
Fix panic on creation of zero-len shm segments.
|
DATA RACE in fs.(*Dirent).getDotAttrs
|
|
|
|
1 |
2075d |
2075d
|
0/26 |
1962d |
54dd0d0dc5ee
Fix data race caused by unlocked call of Dirent.descendantOf.
|
panic: runtime error: invalid memory address or nil pointer dereference (2)
|
C |
|
|
4493 |
2057d |
2077d
|
0/26 |
2020d |
beac59b37a8b
Fix panic if FIOASYNC callback is registered and triggered without target
|
gvisor boot error
|
|
|
|
1911 |
2038d |
2116d
|
0/26 |
2020d |
43e6aff50e23
Don't fail if Root is readonly and is not a mount point
|
DATA RACE in kernel.(*Task).setKUIDsUncheckedLocked
|
C |
|
|
15 |
2070d |
2128d
|
0/26 |
2020d |
f8ccfbbed487
Document more task-goroutine-owned fields in kernel.Task.
|
DATA RACE in fs.(*Dirent).hashChildParentSet
|
syz |
|
|
8 |
2072d |
2075d
|
0/26 |
2020d |
8d318aac5532
fs: Hold Dirent.mu when calling Dirent.flush().
|
DATA RACE in waiter.(*Entry).Prev
|
C |
|
|
3992 |
2081d |
2134d
|
0/26 |
2077d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
DATA RACE in waiter.(*Entry).Next
|
C |
|
|
2418 |
2081d |
2134d
|
0/26 |
2077d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
fatal error: concurrent map read and map write
|
|
|
|
66 |
2087d |
2090d
|
0/26 |
2077d |
dbbe9ec91541
Protect PCIDs with a mutex.
|
DATA RACE in waiter.(*Entry).SetNext
|
C |
|
|
739 |
2081d |
2134d
|
0/26 |
2077d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
fatal error: concurrent map writes
|
|
|
|
3 |
2087d |
2088d
|
0/26 |
2077d |
dbbe9ec91541
Protect PCIDs with a mutex.
|
panic: runtime error: index out of range
|
C |
|
|
35 |
2094d |
2130d
|
0/26 |
2077d |
e97717e29a1b
Enforce Unix socket address length limit
|
DATA RACE in waiter.(*Entry).SetPrev
|
|
|
|
70 |
2081d |
2134d
|
0/26 |
2077d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
DATA RACE in waiter.(*Queue).Notify
|
C |
|
|
72 |
2082d |
2134d
|
0/26 |
2077d |
d4939f6dc22e
TTY: Fix data race where calls into tty.queue's waiter were not synchronized.
|
DATA RACE in unix.(*connectionlessEndpoint).UnidirectionalConnect
|
C |
|
|
965 |
2088d |
2118d
|
0/26 |
2077d |
2a44362c0b99
Fix data race in unix.BoundEndpoint.UnidirectionalConnect.
|
panic: runtime error: invalid memory address or nil pointer dereference
|
C |
|
|
20682 |
2081d |
2135d
|
0/26 |
2077d |
f93bd2cbe668
Hold t.mu while calling t.FSContext().
|
DATA RACE in kernel.(*Task).exitNotifyLocked
|
C |
|
|
2 |
2106d |
2106d
|
0/26 |
2088d |
c036da5dffdf
Hold TaskSet.mu in Task.Parent.
|
panic: invalid segment range [ADDR, ADDR)
|
C |
|
|
255 |
2123d |
2135d
|
0/26 |
2109d |
06920b3d1bb6
Exit tmpfs.fileInodeOperations.Translate early if required.Start >= EOF.
|
DATA RACE in kernel.(*Task).Clone
|
|
|
|
3 |
2112d |
2124d
|
0/26 |
2109d |
41aeb680b188
Inherit parent in clone(CLONE_THREAD) under TaskSet.mu.
|
DATA RACE in fs.(*Watch).Notify
|
syz |
|
|
2 |
2125d |
2125d
|
0/26 |
2123d |
34af9a61741f
Fix data race on inotify.Watch.mask.
|
lost connection to test machine (2)
|
C |
|
|
1814 |
2123d |
2134d
|
0/26 |
2123d |
52ddb8571c46
Skip overlay on root when its readonly
|
DATA RACE in fs.Rename
|
C |
|
|
16 |
2124d |
2133d
|
0/26 |
2123d |
2821dfe6ce95
Hold d.parent.mu when reading d.name
|
panic: MountNamespace.FindInode: path is empty
|
C |
|
|
3443 |
2123d |
2135d
|
0/26 |
2123d |
062a6f6ec5f4
Handle NUL-only paths in exec
|
panic: runtime error: slice bounds out of range
|
C |
|
|
39 |
2128d |
2135d
|
0/26 |
2128d |
1ceed49ba94c
Check for invalid offset when submitting an AIO read/write request.
|
DATA RACE in proc.forEachMountSource
|
C |
|
|
24 |
2128d |
2134d
|
0/26 |
2128d |
f93bd2cbe668
Hold t.mu while calling t.FSContext().
|
DATA RACE in kernel.(*Task).Value
|
|
|
|
1 |
2132d |
2132d
|
0/26 |
2128d |
f93bd2cbe668
Hold t.mu while calling t.FSContext().
|
DATA RACE in semaphore.(*Set).checkPerms
|
C |
|
|
21 |
2129d |
2133d
|
0/26 |
2129d |
6b6852bceb12
Fix semaphore data races
|
DATA RACE in semaphore.(*Registry).RemoveID
|
C |
|
|
15 |
2130d |
2134d
|
0/26 |
2129d |
6b6852bceb12
Fix semaphore data races
|
DATA RACE in queue.(*Queue).Enqueue
|
C |
|
|
7 |
2131d |
2133d
|
0/26 |
2130d |
5f7f78c1d7ee
Fix data races in Unix sockets
|
DATA RACE in unix.(*queueReceiver).RecvQueuedSize
|
C |
|
|
5 |
2130d |
2133d
|
0/26 |
2130d |
5f7f78c1d7ee
Fix data races in Unix sockets
|
panic: munmap(ADDR, c6000)) failed: function not implemented
|
|
|
|
1 |
2134d |
2134d
|
0/26 |
2130d |
dc33d71f8cf1
Change SIGCHLD to SIGKILL in ptrace stubs.
|
DATA RACE in unix.(*streamQueueReceiver).RecvQueuedSize
|
C |
|
|
3 |
2131d |
2132d
|
0/26 |
2130d |
5f7f78c1d7ee
Fix data races in Unix sockets
|
DATA RACE in kernel.(*FSContext).SetWorkingDirectory
|
|
|
|
1 |
2134d |
2134d
|
0/26 |
2130d |
4ac79312b093
Don't read cwd or root without holding mu
|
DATA RACE in proc.(*mountInfoFile).ReadSeqFileData.func1
|
|
|
|
1 |
2133d |
2133d
|
0/26 |
2130d |
1a9917d14d66
MountSource.Root() should return a refernce on the dirent.
|
DATA RACE in kernel.(*FSContext).SetRootDirectory
|
C |
|
|
165 |
2131d |
2134d
|
0/26 |
2130d |
478f0ac0038a
Don't read FSContext.root without holding FSContext.mu
|
panic: munmap(ADDR, 0)) failed: invalid argument
|
C |
|
|
5 |
2135d |
2135d
|
0/26 |
2134d |
fe3fc44da3ca
Handle mremap(old_size=0).
|