syz-cluster: share base kernel crashes between fuzzing sessions

Report base kernel crashes observed during fuzzing. Consult the common API for each patched kernel crash to see if it was already observed on the base kernel.
author: Aleksandr Nogikh <nogikh@google.com> 2025-08-19 16:48:30 +0200
committer: Aleksandr Nogikh <nogikh@google.com> 2025-08-21 12:29:47 +0000
commit: 0ae3a01ad6fae385768ebb247d999c44631a1b99 (patch)
tree: 2cf8fdb13c142dd94751a08f3ed1fa6824f328cd /syz-cluster
parent: 55d1b48ed250d44ae3796f56178fd1c4729540c9 (diff)
1 files changed, 26 insertions, 11 deletions
diff --git a/syz-cluster/workflow/fuzz-step/main.go b/syz-cluster/workflow/fuzz-step/main.go
index 849b8a3bf..7e1589115 100644
--- a/syz-cluster/workflow/fuzz-step/main.go
+++ b/syz-cluster/workflow/fuzz-step/main.go
@@ -121,33 +121,48 @@ func run(baseCtx context.Context, client *api.Client, timeout time.Duration,
 
 	eg, ctx := errgroup.WithContext(baseCtx)
 	bugs := make(chan *manager.UniqueBug)
+	baseCrashes := make(chan string, 16)
 	eg.Go(func() error {
 		defer log.Logf(0, "bug reporting terminated")
 		for {
-			var bug *manager.UniqueBug
 			select {
-			case bug = <-bugs:
+			case title := <-baseCrashes:
+				err := client.UploadBaseFinding(ctx, &api.BaseFindingInfo{
+					BuildID: *flagBaseBuild,
+					Title:   title,
+				})
+				if err != nil {
+					app.Errorf("failed to report a base kernel crash %q: %v", title, err)
+				}
+			case bug := <-bugs:
+				err := reportFinding(ctx, client, bug)
+				if err != nil {
+					app.Errorf("failed to report a finding %q: %v", bug.Report.Title, err)
+				}
 			case <-ctx.Done():
-			}
-			if bug == nil {
-				break
-			}
-			// TODO: filter out all INFO: bugs?
-			err := reportFinding(ctx, client, bug)
-			if err != nil {
-				app.Errorf("failed to report a finding %s: %v", bug.Report.Title, err)
+				return nil
 			}
 		}
-		return nil
 	})
 	eg.Go(func() error {
 		defer log.Logf(0, "diff fuzzing terminated")
 		return manager.RunDiffFuzzer(ctx, base, patched, manager.DiffFuzzerConfig{
 			Debug:              false,
 			PatchedOnly:        bugs,
+			BaseCrashes:        baseCrashes,
 			Store:              store,
 			MaxTriageTime:      timeout / 2,
 			FuzzToReachPatched: fuzzToReachPatched(),
+			BaseCrashKnown: func(ctx context.Context, title string) (bool, error) {
+				ret, err := client.BaseFindingStatus(ctx, &api.BaseFindingInfo{
+					BuildID: *flagBaseBuild,
+					Title:   title,
+				})
+				if err != nil {
+					return false, err
+				}
+				return ret.Observed, nil
+			},
 		})
 	})
 	const (
author	Aleksandr Nogikh <nogikh@google.com>	2025-08-19 16:48:30 +0200
committer	Aleksandr Nogikh <nogikh@google.com>	2025-08-21 12:29:47 +0000
commit	0ae3a01ad6fae385768ebb247d999c44631a1b99 (patch)
tree	2cf8fdb13c142dd94751a08f3ed1fa6824f328cd /syz-cluster
parent	55d1b48ed250d44ae3796f56178fd1c4729540c9 (diff)