-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syzkaller: crashes caused by the programs finished long ago? #5297
Comments
From a discussion with @dvyukov: This can be due to parent syz-executor process killing the runner sub-process syzkaller/executor/executor_runner.h Lines 102 to 105 in 158f485
before the sub-process finished waiting until it has killed its fork that was actually executing the program (probably becase that fork was stuck in the syscall context). Lines 715 to 717 in 158f485
We should try to stop killing the child runner process if it's already begun to execute a program: syzkaller/executor/executor_runner.h Line 88 in 158f485
But we need to add some monitoring/stats collection to ensure it has not caused any regressions. |
Local experiment (3 days uptime as of now). Two instances, 12 VMs each, 3 procs per VM.
(*) Make timed out runners So it does improve the bug reproduction rate by a lot (especially noticeable for |
With a small hacky patch, one can see that in quite a number of cases kernel panics mention
Comm: syz.PROC.ID
of the programs executed minutes before the crash.On my local syzkaller instance, most of such cases are
INFO: task hung
, but there are alsorcu stall
s,WARNING
and evenKASAN
reports.Currently, we include the last 6 executed programs per each proc into the crash log, while the IDs mentioned in the
Comm:
field are 100s of programs ago from those last executed IDs.syz-executor
child processes? Or were these processes actually killed and these are just some residual pieces of information in the kernel?Comm:
to the crash log. That should (hopefully) increase the bug reproduction rate, but it will also cost more memory. Is it worth it?The text was updated successfully, but these errors were encountered: