Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

policies download failure #4013

Closed
chen-keinan opened this issue Apr 10, 2023 · 0 comments · Fixed by #4014
Closed

policies download failure #4013

chen-keinan opened this issue Apr 10, 2023 · 0 comments · Fixed by #4014
Assignees
@knqyf263
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning target/kubernetes Issues relating to kubernetes cluster scanning
Milestone
v0.40.0

Comments

@chen-keinan
Copy link
Contributor

chen-keinan commented Apr 10, 2023
edited
Loading

Description

with trivy 0.39.1
when running :

trivy image --reset

and afterwards :

trivy k8s cluster  --report summary --components=infra --scanners=config

got this error:

6 / 208 [---->_________________________________________________________________________________________________________________________________________________________] 2.88% ? p/s
fatal error: concurrent map writes
fatal error: concurrent map writes

goroutine 1004 [running]:
github.com/aquasecurity/trivy/pkg/downloader.Download({0x10c6cdd70?, 0x140000bc0a0}, {0x14000ae4690, 0x4d}, {0x14001e990c0, 0x36}, {0x14001e990c0, 0x36})
	github.com/aquasecurity/trivy/pkg/downloader/download.go:38 +0x84
github.com/aquasecurity/trivy/pkg/oci.(*Artifact).download(0x14000786fc0, {0x10c6cdd70, 0x140000bc0a0}, {0x10c6d7518, 0x1400139c1a0}, {0x14001a37360, 0xd}, {0x14001e990c0, 0x36})
	github.com/aquasecurity/trivy/pkg/oci/artifact.go:186 +0x450
github.com/aquasecurity/trivy/pkg/oci.(*Artifact).Download(0x14000786fc0, {0x10c6cdd70, 0x140000bc0a0}, {0x14001e990c0, 0x36}, {{0x10a2138b0?, 0x14002581118?}, {0x0?, 0x14001ab40f8?}})
	github.com/aquasecurity/trivy/pkg/oci/artifact.go:138 +0x29c
github.com/aquasecurity/trivy/pkg/policy.(*Client).DownloadBuiltinPolicies(0x14001adc060, {0x10c6cdd70, 0x140000bc0a0})
	github.com/aquasecurity/trivy/pkg/policy/policy.go:98 +0xf0
github.com/aquasecurity/trivy/pkg/commands/operation.InitBuiltinPolicies({0x10c6cdd70, 0x140000bc0a0}, {0x140001deab0?, 0x0?}, 0x0?, 0x0)
	github.com/aquasecurity/trivy/pkg/commands/operation/operation.go:162 +0x19c
github.com/aquasecurity/trivy/pkg/commands/artifact.initScannerConfig({{{0x10a089b94, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x140001deab0, 0x27}, 0x0}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:570 +0x5f4
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{{0x10a089b94, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x140001deab0, ...}, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:667 +0xe0
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x10a089b94, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:264 +0xa0
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanFS(_, {_, _}, {{{0x10a089b94, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:213 +0xa4
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanFilesystem(_, {_, _}, {{{0x10a089b94, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:193 +0x154
github.com/aquasecurity/trivy/pkg/k8s/scanner.(*Scanner).scanMisconfigs(_, {_, _}, _)
	github.com/aquasecurity/trivy/pkg/k8s/scanner/scanner.go:130 +0x184
github.com/aquasecurity/trivy/pkg/k8s/scanner.(*Scanner).Scan.func2(_)
	github.com/aquasecurity/trivy/pkg/k8s/scanner/scanner.go:67 +0x2a8
github.com/aquasecurity/trivy/pkg/parallel.(*Pipeline[...]).Do.func2()
	github.com/aquasecurity/trivy/pkg/parallel/pipeline.go:74 +0x90
golang.org/x/sync/errgroup.(*Group).Go.func1()
	golang.org/x/sync@v0.1.0/errgroup/errgroup.go:75 +0x5c
created by golang.org/x/sync/errgroup.(*Group).Go
	golang.org/x/sync@v0.1.0/errgroup/errgroup.go:72 +0xa0

goroutine 1 [chan receive]:
github.com/aquasecurity/trivy/pkg/parallel.(*Pipeline[...]).Do(0x10c6cd8e0, {0x10c6cdda8, 0x140009e9ec0?})
	github.com/aquasecurity/trivy/pkg/parallel/pipeline.go:94 +0x338
github.com/aquasecurity/trivy/pkg/k8s/scanner.(*Scanner).Scan(0x14002451200, {0x10c6cdda8?, 0x140009e9ec0}, {0x14000d21000, 0xd0, 0x100})
	github.com/aquasecurity/trivy/pkg/k8s/scanner/scanner.go:83 +0x31c
github.com/aquasecurity/trivy/pkg/k8s/commands.(*runner).run(0x140026c8410, {0x10c6cdda8, 0x140009e9ec0}, {0x14000d21000, 0xd0, 0x100})
	github.com/aquasecurity/trivy/pkg/k8s/commands/run.go:91 +0x394
github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun({_, _}, {{{0x10a089b94, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x140001deab0, ...}, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/k8s/commands/cluster.go:37 +0x31c
github.com/aquasecurity/trivy/pkg/k8s/commands.Run({_, _}, {_, _, _}, {{{0x10a089b94, 0xa}, 0x0, 0x0, 0x0, ...}, ...})
	github.com/aquasecurity/trivy/pkg/k8s/commands/run.go:46 +0x2dc
github.com/aquasecurity/trivy/pkg/commands.NewKubernetesCommand.func2(0x14000348000, {0x14000be5630, 0x1, 0x5})
	github.com/aquasecurity/trivy/pkg/commands/app.go:857 +0x188
github.com/spf13/cobra.(*Command).execute(0x14000348000, {0x14000be55e0, 0x5, 0x5})
	github.com/spf13/cobra@v1.6.1/command.go:916 +0x5c8
github.com/spf13/cobra.(*Command).ExecuteC(0x140002bc000)
	github.com/spf13/cobra@v1.6.1/command.go:1044 +0x35c
github.com/spf13/cobra.(*Command).Execute(0x10b341764?)
	github.com/spf13/cobra@v1.6.1/command.go:968 +0x1c
main.run()
	github.com/aquasecurity/trivy/cmd/trivy/main.go:39 +0x164
main.main()
	github.com/aquasecurity/trivy/cmd/trivy/main.go:21 +0x1c

goroutine 12 [select]:
go.opencensus.io/stats/view.(*worker).start(0x1400017c700)
	go.opencensus.io@v0.24.0/stats/view/worker.go:292 +0x88
created by go.opencensus.io/stats/view.init.0
	go.opencensus.io@v0.24.0/stats/view/worker.go:34 +0xb0

goroutine 957 [select]:
golang.org/x/net/http2.(*clientStream).writeRequest(0x14000b39200, 0x14001e5cb00)
	golang.org/x/net@v0.8.0/http2/transport.go:1437 +0x928
golang.org/x/net/http2.(*clientStream).doRequest(0x10c615a80?, 0x14000ca07a0?)
	golang.org/x/net@v0.8.0/http2/transport.go:1299 +0x20
created by golang.org/x/net/http2.(*ClientConn).RoundTrip
	golang.org/x/net@v0.8.0/http2/transport.go:1228 +0x324

goroutine 1169 [chan receive]:
net/http.(*persistConn).addTLS(0x14001e9db00, {0x10c6cdde0?, 0x14001206900}, {0x1400238be00, 0x24}, 0x0)
	net/http/transport.go:1550 +0x2dc
net/http.(*Transport).dialConn(0x140007b2500, {0x10c6cdde0, 0x14001206900}, {{}, 0x0, {0x1400050ff00, 0x5}, {0x1400238be00, 0x28}, 0x0})
	net/http/transport.go:1624 +0x7bc
net/http.(*Transport).dialConnFor(0x65626f7250737365?, 0x140026f28f0)
	net/http/transport.go:1456 +0x7c
created by net/http.(*Transport).queueForDial
	net/http/transport.go:1425 +0x398

goroutine 928 [chan receive]:
k8s.io/client-go/tools/cache.(*controller).Run.func1()
	k8s.io/client-go@v0.26.3/tools/cache/controller.go:131 +0x2c
created by k8s.io/client-go/tools/cache.(*controller).Run
	k8s.io/client-go@v0.26.3/tools/cache/controller.go:130 +0x98

goroutine 987 [chan receive]:
k8s.io/client-go/tools/cache.(*controller).Run.func1()
	k8s.io/client-go@v0.26.3/tools/cache/controller.go:131 +0x2c
created by k8s.io/client-go/tools/cache.(*controller).Run
	k8s.io/client-go@v0.26.3/tools/cache/controller.go:130 +0x98

goroutine 1234 [select]:
github.com/cheggaaa/pb/v3.(*ProgressBar).writer(0x140020740e0, 0x140005c2000)
	github.com/cheggaaa/pb/v3@v3.1.2/pb.go:184 +0x6c
created by github.com/cheggaaa/pb/v3.(*ProgressBar).Start
	github.com/cheggaaa/pb/v3@v3.1.2/pb.go:178 +0x240

goroutine 904 [select]:
k8s.io/client-go/tools/cache.(*processorListener).pop(0x14002230000)
	k8s.io/client-go@v0.26.3/tools/cache/shared_informer.go:876 +0xe0
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:75 +0x58
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:73 +0x84

goroutine 956 [select]:
k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch.func1()
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:273 +0xcc
created by k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:267 +0x1ec

goroutine 224 [select]:
golang.org/x/net/http2.(*clientStream).writeRequest(0x14002060480, 0x1400207e500)
	golang.org/x/net@v0.8.0/http2/transport.go:1437 +0x928
golang.org/x/net/http2.(*clientStream).doRequest(0xa010fbe01?, 0x14000f50f98?)
	golang.org/x/net@v0.8.0/http2/transport.go:1299 +0x20
created by golang.org/x/net/http2.(*ClientConn).RoundTrip
	golang.org/x/net@v0.8.0/http2/transport.go:1228 +0x324

goroutine 953 [select]:
k8s.io/client-go/tools/cache.watchHandler({0x0?, 0x0?, 0x10fd474a0?}, {0x10c6b0d40?, 0x140021cb8c0}, {0x119a045a8, 0x1400133fea0}, {0x10c714b60?, 0x10c554ee0}, 0x0, ...)
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:493 +0x138
k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch(0x14002158000, 0x1400123b6e0)
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:329 +0x484
k8s.io/client-go/tools/cache.(*Reflector).Run.func1()
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:223 +0x28
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0x14000f506d8?)
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:157 +0x40
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x14001e54200?, {0x10c642080, 0x1400097c780}, 0x1, 0x1400123b6e0)
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:158 +0x90
k8s.io/client-go/tools/cache.(*Reflector).Run(0x14002158000, 0x1400123b6e0)
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:222 +0x174
k8s.io/apimachinery/pkg/util/wait.(*Group).StartWithChannel.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:58 +0x28
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:75 +0x58
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:73 +0x84

goroutine 1166 [select]:
net/http.(*persistConn).writeLoop(0x140026f0c60)
	net/http/transport.go:2410 +0x9c
created by net/http.(*Transport).dialConn
	net/http/transport.go:1766 +0x1214

goroutine 900 [chan receive]:
k8s.io/client-go/tools/cache.(*sharedProcessor).run(0x140009232c0, 0x14000cfc980?)
	k8s.io/client-go@v0.26.3/tools/cache/shared_informer.go:752 +0x3c
k8s.io/apimachinery/pkg/util/wait.(*Group).StartWithChannel.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:58 +0x28
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:75 +0x58
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:73 +0x84

goroutine 223 [select]:
k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch.func1()
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:273 +0xcc
created by k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:267 +0x1ec

goroutine 1000 [select]:
github.com/aquasecurity/trivy/pkg/parallel.(*Pipeline[...]).Do.func1()
	github.com/aquasecurity/trivy/pkg/parallel/pipeline.go:58 +0x124
golang.org/x/sync/errgroup.(*Group).Go.func1()
	golang.org/x/sync@v0.1.0/errgroup/errgroup.go:75 +0x5c
created by golang.org/x/sync/errgroup.(*Group).Go
	golang.org/x/sync@v0.1.0/errgroup/errgroup.go:72 +0xa0

goroutine 988 [select]:
k8s.io/client-go/tools/cache.watchHandler({0x0?, 0x0?, 0x10fd474a0?}, {0x10c6b0d40?, 0x14002072600}, {0x119a045a8, 0x14002160820}, {0x10c714b60?, 0x10c554ee0}, 0x0, ...)
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:493 +0x138
k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch(0x140021580f0, 0x1400123b6e0)
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:329 +0x484
k8s.io/client-go/tools/cache.(*Reflector).Run.func1()
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:223 +0x28
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0x14000f516d8?)
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:157 +0x40
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x14002334540?, {0x10c642080, 0x1400097d860}, 0x1, 0x1400123b6e0)
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:158 +0x90
k8s.io/client-go/tools/cache.(*Reflector).Run(0x140021580f0, 0x1400123b6e0)
	k8s.io/client-go@v0.26.3/tools/cache/reflector.go:222 +0x174
k8s.io/apimachinery/pkg/util/wait.(*Group).StartWithChannel.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:58 +0x28
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:75 +0x58
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:73 +0x84

goroutine 992 [select]:
golang.org/x/net/http2.(*clientStream).writeRequest(0x140024a0780, 0x1400235a800)
	golang.org/x/net@v0.8.0/http2/transport.go:1437 +0x928
golang.org/x/net/http2.(*clientStream).doRequest(0x10c615a80?, 0x14000b827a0?)
	golang.org/x/net@v0.8.0/http2/transport.go:1299 +0x20
created by golang.org/x/net/http2.(*ClientConn).RoundTrip
	golang.org/x/net@v0.8.0/http2/transport.go:1228 +0x324

goroutine 1165 [runnable]:
net/http.(*persistConn).readLoop(0x140026f0c60)
	net/http/transport.go:2227 +0xbec
created by net/http.(*Transport).dialConn
	net/http/transport.go:1765 +0x11c8

goroutine 986 [chan receive]:
k8s.io/client-go/tools/cache.(*sharedProcessor).run(0x1400097d5e0, 0x140011bd3f8?)
	k8s.io/client-go@v0.26.3/tools/cache/shared_informer.go:752 +0x3c
k8s.io/apimachinery/pkg/util/wait.(*Group).StartWithChannel.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:58 +0x28
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:75 +0x58
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:73 +0x84

goroutine 966 [sync.Cond.Wait]:
sync.runtime_notifyListWait(0x14000b39248, 0x7)
	runtime/sema.go:527 +0x16c
sync.(*Cond).Wait(0x14000b39238)
	sync/cond.go:70 +0xd0
golang.org/x/net/http2.(*pipe).Read(0x14000b39230, {0x140022e2001, 0x1dff, 0x1dff})
	golang.org/x/net@v0.8.0/http2/pipe.go:76 +0x130
golang.org/x/net/http2.transportResponseBody.Read({0x14000f6dc68?}, {0x140022e2001?, 0x0?, 0x0?})
	golang.org/x/net@v0.8.0/http2/transport.go:2507 +0x50
encoding/json.(*Decoder).refill(0x14001a21180)
	encoding/json/stream.go:165 +0x170
encoding/json.(*Decoder).readValue(0x14001a21180)
	encoding/json/stream.go:140 +0x9c
encoding/json.(*Decoder).Decode(0x14001a21180, {0x10bc85ae0, 0x14002205620})
	encoding/json/stream.go:63 +0x60
k8s.io/apimachinery/pkg/util/framer.(*jsonFrameReader).Read(0x140021d56e0, {0x140022ea000, 0x2000, 0x2500})
	k8s.io/apimachinery@v0.26.3/pkg/util/framer/framer.go:152 +0x1bc
k8s.io/apimachinery/pkg/runtime/serializer/streaming.(*decoder).Decode(0x140007ae230, 0x1400221f000?, {0x10c6b0ac0, 0x14000c7dd80})
	k8s.io/apimachinery@v0.26.3/pkg/runtime/serializer/streaming/streaming.go:77 +0x88
k8s.io/client-go/rest/watch.(*Decoder).Decode(0x14001ad6ca0)
	k8s.io/client-go@v0.26.3/rest/watch/decoder.go:49 +0x5c
k8s.io/apimachinery/pkg/watch.(*StreamWatcher).receive(0x140021cb7c0)
	k8s.io/apimachinery@v0.26.3/pkg/watch/streamwatcher.go:105 +0xb0
created by k8s.io/apimachinery/pkg/watch.NewStreamWatcher
	k8s.io/apimachinery@v0.26.3/pkg/watch/streamwatcher.go:76 +0x13c

goroutine 944 [select]:
k8s.io/client-go/tools/cache.(*processorListener).pop(0x14001e7f400)
	k8s.io/client-go@v0.26.3/tools/cache/shared_informer.go:876 +0xe0
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:75 +0x58
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
	k8s.io/apimachinery@v0.26.3/pkg/util/wait/wait.go:73 +0x84

goroutine 1218 [select]:
github.com/cheggaaa/pb/v3.(*ProgressBar).writer(0x14000ff20e0, 0x140008700c0)
	github.com/cheggaaa/pb/v3@v3.1.2/pb.go:184 +0x6c
created by github.com/cheggaaa/pb/v3.(*ProgressBar).Start
	github.com/cheggaaa/pb/v3@v3.1.2/pb.go:178 +0x240

goroutine 225 [sync.Cond.Wait]:
sync.runtime_notifyListWait(0x140020604c8, 0x3)
	runtime/sema.go:527 +0x16c
sync.(*Cond).Wait(0x140020604b8)
	sync/cond.go:70 +0xd0
golang.org/x/net/http2.(*pipe).Read(0x140020604b0, {0x14002420001, 0x1dff, 0x1dff})
	golang.org/x/net@v0.8.0/http2/pipe.go:76 +0x1
@chen-keinan chen-keinan added kind/bug Categorizes issue or PR as related to a bug. target/kubernetes Issues relating to kubernetes cluster scanning scan/misconfiguration Issues relating to misconfiguration scanning labels Apr 10, 2023
@knqyf263 knqyf263 self-assigned this Apr 10, 2023
@knqyf263 knqyf263 mentioned this issue Apr 10, 2023
Merged
6 tasks
@knqyf263 knqyf263 added this to the v0.40.0 milestone Apr 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@knqyf263 knqyf263

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning target/kubernetes Issues relating to kubernetes cluster scanning
Projects
None yet
Milestone
v0.40.0
Development

Successfully merging a pull request may close this issue.

fix: avoid concurrent access to the global map knqyf263/trivy
2 participants
@knqyf263 @chen-keinan