syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

DATA RACE in msgqueue.(*Queue).pop

Status: fixed on 2021/09/15 10:37
Fix commit: d6c99694bcb9 Fix race on msgrcv(MSG_COPY).
First crash: 1192d, last: 1192d

Sample crash report:
WARNING: DATA RACE
Write at 0x00c0004e3c58 by goroutine 249:
  gvisor.dev/gvisor/pkg/sentry/kernel/msgqueue.(*Queue).pop()
      pkg/sentry/kernel/msgqueue/msgqueue.go:428 +0x249
  gvisor.dev/gvisor/pkg/sentry/kernel/msgqueue.(*Queue).Receive()
      pkg/sentry/kernel/msgqueue/msgqueue.go:355 +0x10d
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.receive()
      pkg/sentry/syscalls/linux/sys_msgqueue.go:126 +0x257
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Msgrcv()
      pkg/sentry/syscalls/linux/sys_msgqueue.go:94 +0xb4
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:103 +0x452
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:238 +0xb3
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:198 +0x10e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:173 +0x213
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:282 +0x12c6
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x392

Previous read at 0x00c0004e3c58 by goroutine 281:
  gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Msgrcv()
      pkg/sentry/syscalls/linux/sys_msgqueue.go:101 +0x10e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:103 +0x452
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:238 +0xb3
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:198 +0x10e
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:173 +0x213
  gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:282 +0x12c6
  gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:97 +0x392

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/08/22 10:07 gvisor 0a15a216daab b599f2fc .config console log report syz C ci-gvisor-ptrace-2-race DATA RACE in msgqueue.(*Queue).pop
2021/08/22 09:47 gvisor 0a15a216daab b599f2fc .config console log report info ci-gvisor-ptrace-2-race DATA RACE in msgqueue.(*Queue).pop
* Struck through repros no longer work on HEAD.