From 2ee7713dc5bbcc1972f75a1083a7e4d777c45f63 Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Mon, 9 Sep 2024 14:58:09 +0200 Subject: pkg/rpcserver, syz-manager: always include the program from Comm It does sometimes happen that the kernel is crashed so fast that syz-manager is not notified that the syz-executor has started running the faulty input. In cases when the exact program is known from Comm, let's make sure it's always present in the log of the last executed programs. --- pkg/rpcserver/rpcserver.go | 7 ++++--- pkg/rpcserver/runner.go | 17 +++++++++++++++-- 2 files changed, 19 insertions(+), 5 deletions(-) (limited to 'pkg') diff --git a/pkg/rpcserver/rpcserver.go b/pkg/rpcserver/rpcserver.go index 367e3b5c6..4a0587c53 100644 --- a/pkg/rpcserver/rpcserver.go +++ b/pkg/rpcserver/rpcserver.go @@ -20,6 +20,7 @@ import ( "github.com/google/syzkaller/pkg/fuzzer/queue" "github.com/google/syzkaller/pkg/log" "github.com/google/syzkaller/pkg/mgrconfig" + "github.com/google/syzkaller/pkg/report" "github.com/google/syzkaller/pkg/signal" "github.com/google/syzkaller/pkg/stat" "github.com/google/syzkaller/pkg/vminfo" @@ -62,7 +63,7 @@ type Server interface { Port() int TriagedCorpus() CreateInstance(id int, injectExec chan<- bool, updInfo dispatcher.UpdateInfo) chan error - ShutdownInstance(id int, crashed bool) ([]ExecRecord, []byte) + ShutdownInstance(id int, crashed bool, extraExecs ...report.ExecutorInfo) ([]ExecRecord, []byte) StopFuzzing(id int) DistributeSignalDelta(plus signal.Signal) } @@ -444,12 +445,12 @@ func (serv *server) StopFuzzing(id int) { runner.Stop() } -func (serv *server) ShutdownInstance(id int, crashed bool) ([]ExecRecord, []byte) { +func (serv *server) ShutdownInstance(id int, crashed bool, extraExecs ...report.ExecutorInfo) ([]ExecRecord, []byte) { serv.mu.Lock() runner := serv.runners[id] delete(serv.runners, id) serv.mu.Unlock() - return runner.Shutdown(crashed), runner.MachineInfo() + return runner.Shutdown(crashed, extraExecs...), runner.MachineInfo() } func (serv *server) DistributeSignalDelta(plus signal.Signal) { diff --git a/pkg/rpcserver/runner.go b/pkg/rpcserver/runner.go index 6100c94f7..45b376a79 100644 --- a/pkg/rpcserver/runner.go +++ b/pkg/rpcserver/runner.go @@ -17,6 +17,7 @@ import ( "github.com/google/syzkaller/pkg/fuzzer/queue" "github.com/google/syzkaller/pkg/log" "github.com/google/syzkaller/pkg/osutil" + "github.com/google/syzkaller/pkg/report" "github.com/google/syzkaller/pkg/stat" "github.com/google/syzkaller/prog" "github.com/google/syzkaller/sys/targets" @@ -507,7 +508,7 @@ func (runner *Runner) Stop() { } } -func (runner *Runner) Shutdown(crashed bool) []ExecRecord { +func (runner *Runner) Shutdown(crashed bool, extraExecs ...report.ExecutorInfo) []ExecRecord { runner.mu.Lock() runner.stopped = true finished := runner.finished @@ -517,6 +518,18 @@ func (runner *Runner) Shutdown(crashed bool) []ExecRecord { // Wait for the connection goroutine to finish and stop touching data. <-finished } + records := runner.lastExec.Collect() + for _, info := range extraExecs { + req := runner.requests[int64(info.ExecID)] + // If the request is in executing, it's also already in the records slice. + if req != nil && !runner.executing[int64(info.ExecID)] { + records = append(records, ExecRecord{ + ID: info.ExecID, + Proc: info.ProcID, + Prog: req.Prog.Serialize(), + }) + } + } for id, req := range runner.requests { status := queue.Restarted if crashed && runner.executing[id] { @@ -524,7 +537,7 @@ func (runner *Runner) Shutdown(crashed bool) []ExecRecord { } req.Done(&queue.Result{Status: status}) } - return runner.lastExec.Collect() + return records } func (runner *Runner) MachineInfo() []byte { -- cgit mrf-deployment