diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-07-03 15:39:53 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-07-03 14:05:35 +0000 |
| commit | 05a33570af393b364e474c2410a3d4e3a5a2584c (patch) | |
| tree | 9d652c92e80d7f58616c14cd23f058f0d4730109 /pkg/fuzzer | |
| parent | 663d86a211916b159bfe732e4cf9923c918b9004 (diff) | |
pkg/fuzzer: fix races in test
Currently we can get either:
WARNING: DATA RACE
Read at 0x00c0018fe1e0 by goroutine 11:
github.com/google/syzkaller/pkg/fuzzer.(*testFuzzer).run()
pkg/fuzzer/fuzzer_test.go:183 +0x62a
github.com/google/syzkaller/pkg/fuzzer.TestFuzz()
pkg/fuzzer/fuzzer_test.go:86 +0xa96
testing.tRunner()
testing/testing.go:1595 +0x238
testing.(*T).Run.func1()
testing/testing.go:1648 +0x44
Previous write at 0x00c0018fe1e0 by goroutine 36:
runtime.mapassign_faststr()
runtime/map_faststr.go:203 +0x0
github.com/google/syzkaller/pkg/fuzzer.(*testFuzzer).OnDone()
pkg/fuzzer/fuzzer_test.go:210 +0x404
github.com/google/syzkaller/pkg/fuzzer.(*testFuzzer).OnDone-fm()
<autogenerated>:1 +0x47
github.com/google/syzkaller/pkg/fuzzer.(*testFuzzer).Next.(*Request).OnDone.func1()
pkg/fuzzer/queue/queue.go:62 +0xa1
github.com/google/syzkaller/pkg/fuzzer/queue.(*retryer).Next.(*Request).OnDone.func1()
pkg/fuzzer/queue/queue.go:68 +0xbe
github.com/google/syzkaller/pkg/fuzzer/queue.(*Request).Done()
pkg/fuzzer/queue/queue.go:74 +0x66
github.com/google/syzkaller/pkg/rpcserver.(*Runner).handleExecResult()
pkg/rpcserver/runner.go:262 +0x554
github.com/google/syzkaller/pkg/rpcserver.(*Runner).connectionLoop()
pkg/rpcserver/runner.go:103 +0x495
github.com/google/syzkaller/pkg/rpcserver.(*Server).connectionLoop()
pkg/rpcserver/rpcserver.go:371 +0x18a
github.com/google/syzkaller/pkg/rpcserver.(*Server).handleConn()
pkg/rpcserver/rpcserver.go:261 +0x6ac
github.com/google/syzkaller/pkg/rpcserver.(*Server).handleConn-fm()
<autogenerated>:1 +0x3d
github.com/google/syzkaller/pkg/flatrpc.ListenAndServe.func1.1()
pkg/flatrpc/conn.go:54 +0x2ac
Or:
panic: Log in goroutine after TestFuzz has completed: CRASH: second bug
goroutine 69 [running]:
testing.(*common).logDepth(0xc0017c24e0, {0xc00070c0d8, 0x11}, 0x3)
testing/testing.go:1029 +0x6d4
testing.(*common).log(...)
testing/testing.go:1011
testing.(*common).Logf(0xc0017c24e0, {0x1365b2d, 0x9}, {0xc001aac930, 0x1, 0x1})
testing/testing.go:1062 +0xa5
github.com/google/syzkaller/pkg/fuzzer.(*testFuzzer).OnDone(0xc001a222a0, 0x10ace5d?, 0xc00073c870)
pkg/fuzzer/fuzzer_test.go:205 +0x23a
github.com/google/syzkaller/pkg/fuzzer.(*testFuzzer).Next.(*Request).OnDone.func1(0xc004745080, 0xc00073c870)
pkg/fuzzer/queue/queue.go:72 +0xa8
github.com/google/syzkaller/pkg/fuzzer/queue.(*retryer).Next.(*Request).OnDone.func1(0xc004745080, 0xc00073c870)
pkg/fuzzer/queue/queue.go:78 +0xc5
github.com/google/syzkaller/pkg/fuzzer/queue.(*Request).Done(0xc004745080, 0xc00073c870)
pkg/fuzzer/queue/queue.go:84 +0x74
github.com/google/syzkaller/pkg/rpcserver.(*Runner).handleExecResult(0xc0019ec000, 0xc00072bbc0)
pkg/rpcserver/runner.go:265 +0x5b5
github.com/google/syzkaller/pkg/rpcserver.(*Runner).connectionLoop(0xc0019ec000)
/home/dvyukov/go/src/github
Diffstat (limited to 'pkg/fuzzer')
| -rw-r--r-- | pkg/fuzzer/fuzzer_test.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/pkg/fuzzer/fuzzer_test.go b/pkg/fuzzer/fuzzer_test.go index d8c532e1a..6049ac615 100644 --- a/pkg/fuzzer/fuzzer_test.go +++ b/pkg/fuzzer/fuzzer_test.go @@ -200,6 +200,11 @@ func (f *testFuzzer) OnDone(req *queue.Request, res *queue.Result) bool { match := crashRe.FindSubmatch(res.Output) f.mu.Lock() defer f.mu.Unlock() + if f.finished.Load() { + // Don't touch f.crashes in this case b/c it can cause races with the main goroutine, + // and logging can cause "Log in goroutine after TestFuzz has completed" panic. + return true + } if match != nil { crash := string(match[1]) f.t.Logf("CRASH: %s", crash) @@ -215,7 +220,7 @@ func (f *testFuzzer) OnDone(req *queue.Request, res *queue.Result) bool { f.iter, f.fuzzer.Config.Corpus.StatProgs.Val(), f.fuzzer.Config.Corpus.StatSignal.Val(), len(f.fuzzer.Cover.maxSignal), len(f.crashes), f.fuzzer.statJobs.Val()) } - if !f.finished.Load() && (f.iter > f.iterLimit || len(f.crashes) == len(f.expectedCrashes)) { + if f.iter > f.iterLimit || len(f.crashes) == len(f.expectedCrashes) { f.done() f.finished.Store(true) } |