diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2024-09-09 14:58:09 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-09-10 07:48:30 +0000 |
| commit | 2ee7713dc5bbcc1972f75a1083a7e4d777c45f63 (patch) | |
| tree | 30f2cd74df248d6a914df1d99e01fa457a02fd59 | |
| parent | f8059e89cd5e73f80a7afa159736c7f230d8aed7 (diff) | |
pkg/rpcserver, syz-manager: always include the program from Comm
It does sometimes happen that the kernel is crashed so fast that
syz-manager is not notified that the syz-executor has started running
the faulty input.
In cases when the exact program is known from Comm, let's make sure it's
always present in the log of the last executed programs.
| -rw-r--r-- | pkg/rpcserver/rpcserver.go | 7 | ||||
| -rw-r--r-- | pkg/rpcserver/runner.go | 17 | ||||
| -rw-r--r-- | syz-manager/manager.go | 6 |
3 files changed, 24 insertions, 6 deletions
diff --git a/pkg/rpcserver/rpcserver.go b/pkg/rpcserver/rpcserver.go index 367e3b5c6..4a0587c53 100644 --- a/pkg/rpcserver/rpcserver.go +++ b/pkg/rpcserver/rpcserver.go @@ -20,6 +20,7 @@ import ( "github.com/google/syzkaller/pkg/fuzzer/queue" "github.com/google/syzkaller/pkg/log" "github.com/google/syzkaller/pkg/mgrconfig" + "github.com/google/syzkaller/pkg/report" "github.com/google/syzkaller/pkg/signal" "github.com/google/syzkaller/pkg/stat" "github.com/google/syzkaller/pkg/vminfo" @@ -62,7 +63,7 @@ type Server interface { Port() int TriagedCorpus() CreateInstance(id int, injectExec chan<- bool, updInfo dispatcher.UpdateInfo) chan error - ShutdownInstance(id int, crashed bool) ([]ExecRecord, []byte) + ShutdownInstance(id int, crashed bool, extraExecs ...report.ExecutorInfo) ([]ExecRecord, []byte) StopFuzzing(id int) DistributeSignalDelta(plus signal.Signal) } @@ -444,12 +445,12 @@ func (serv *server) StopFuzzing(id int) { runner.Stop() } -func (serv *server) ShutdownInstance(id int, crashed bool) ([]ExecRecord, []byte) { +func (serv *server) ShutdownInstance(id int, crashed bool, extraExecs ...report.ExecutorInfo) ([]ExecRecord, []byte) { serv.mu.Lock() runner := serv.runners[id] delete(serv.runners, id) serv.mu.Unlock() - return runner.Shutdown(crashed), runner.MachineInfo() + return runner.Shutdown(crashed, extraExecs...), runner.MachineInfo() } func (serv *server) DistributeSignalDelta(plus signal.Signal) { diff --git a/pkg/rpcserver/runner.go b/pkg/rpcserver/runner.go index 6100c94f7..45b376a79 100644 --- a/pkg/rpcserver/runner.go +++ b/pkg/rpcserver/runner.go @@ -17,6 +17,7 @@ import ( "github.com/google/syzkaller/pkg/fuzzer/queue" "github.com/google/syzkaller/pkg/log" "github.com/google/syzkaller/pkg/osutil" + "github.com/google/syzkaller/pkg/report" "github.com/google/syzkaller/pkg/stat" "github.com/google/syzkaller/prog" "github.com/google/syzkaller/sys/targets" @@ -507,7 +508,7 @@ func (runner *Runner) Stop() { } } -func (runner *Runner) Shutdown(crashed bool) []ExecRecord { +func (runner *Runner) Shutdown(crashed bool, extraExecs ...report.ExecutorInfo) []ExecRecord { runner.mu.Lock() runner.stopped = true finished := runner.finished @@ -517,6 +518,18 @@ func (runner *Runner) Shutdown(crashed bool) []ExecRecord { // Wait for the connection goroutine to finish and stop touching data. <-finished } + records := runner.lastExec.Collect() + for _, info := range extraExecs { + req := runner.requests[int64(info.ExecID)] + // If the request is in executing, it's also already in the records slice. + if req != nil && !runner.executing[int64(info.ExecID)] { + records = append(records, ExecRecord{ + ID: info.ExecID, + Proc: info.ProcID, + Prog: req.Prog.Serialize(), + }) + } + } for id, req := range runner.requests { status := queue.Restarted if crashed && runner.executing[id] { @@ -524,7 +537,7 @@ func (runner *Runner) Shutdown(crashed bool) []ExecRecord { } req.Done(&queue.Result{Status: status}) } - return runner.lastExec.Collect() + return records } func (runner *Runner) MachineInfo() []byte { diff --git a/syz-manager/manager.go b/syz-manager/manager.go index 4b89277d4..c090d1a0d 100644 --- a/syz-manager/manager.go +++ b/syz-manager/manager.go @@ -518,7 +518,11 @@ func (mgr *Manager) fuzzerInstance(ctx context.Context, inst *vm.Instance, updIn // This litters the log and we want to prevent it. serv.StopFuzzing(inst.Index()) })) - lastExec, machineInfo := serv.ShutdownInstance(inst.Index(), rep != nil) + var extraExecs []report.ExecutorInfo + if rep != nil && rep.Executor != nil { + extraExecs = []report.ExecutorInfo{*rep.Executor} + } + lastExec, machineInfo := serv.ShutdownInstance(inst.Index(), rep != nil, extraExecs...) if rep != nil { rpcserver.PrependExecuting(rep, lastExec) if len(vmInfo) != 0 { |