syzkaller: crashes caused by the programs finished long ago? #5297
Comments
|
From a discussion with @dvyukov: This can be due to parent syz-executor process killing the runner sub-process syzkaller/executor/executor_runner.h Lines 102 to 105 in 158f485 before the sub-process finished waiting until it has killed its fork that was actually executing the program (probably becase that fork was stuck in the syscall context). Lines 715 to 717 in 158f485 We should try to stop killing the child runner process if it's already begun to execute a program: syzkaller/executor/executor_runner.h Line 88 in 158f485 But we need to add some monitoring/stats collection to ensure it has not caused any regressions. |
|
Local experiment (3 days uptime as of now). Two instances, 12 VMs each, 3 procs per VM.
(*) Make timed out runners So it does improve the bug reproduction rate by a lot (especially noticeable for |
With a small hacky patch, one can see that in quite a number of cases kernel panics mention
Comm: syz.PROC.IDof the programs executed minutes before the crash.On my local syzkaller instance, most of such cases are
INFO: task hung, but there are alsorcu stalls,WARNINGand evenKASANreports.Currently, we include the last 6 executed programs per each proc into the crash log, while the IDs mentioned in the
Comm:field are 100s of programs ago from those last executed IDs.syz-executorchild processes? Or were these processes actually killed and these are just some residual pieces of information in the kernel?Comm:to the crash log. That should (hopefully) increase the bug reproduction rate, but it will also cost more memory. Is it worth it?The text was updated successfully, but these errors were encountered: