[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 05/16] fuzz: don't leave orphan llvm-symbolizers around
From: |
Paolo Bonzini |
Subject: |
[PULL 05/16] fuzz: don't leave orphan llvm-symbolizers around |
Date: |
Tue, 16 Mar 2021 17:15:20 -0400 |
From: Alexander Bulekov <alxndr@bu.edu>
I noticed that with a sufficiently small timeout, the fuzzer fork-server
sometimes locks up. On closer inspection, the issue appeared to be
caused by entering our SIGALRM handler, while libfuzzer is in it's crash
handlers. Because libfuzzer relies on pipe communication with an
external child process to print out stack-traces, we shouldn't exit
early, and leave an orphan child. Check for children in the SIGALRM
handler to avoid this issue.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/qtest/fuzz/generic_fuzz.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index ee8c17a04c..387ae2020a 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -583,6 +583,21 @@ static void handle_timeout(int sig)
fprintf(stderr, "[Timeout]\n");
fflush(stderr);
}
+
+ /*
+ * If there is a crash, libfuzzer/ASAN forks a child to run an
+ * "llvm-symbolizer" process for printing out a pretty stacktrace. It
+ * communicates with this child using a pipe. If we timeout+Exit, while
+ * libfuzzer is still communicating with the llvm-symbolizer child, we will
+ * be left with an orphan llvm-symbolizer process. Sometimes, this appears
+ * to lead to a deadlock in the forkserver. Use waitpid to check if there
+ * are any waitable children. If so, exit out of the signal-handler, and
+ * let libfuzzer finish communicating with the child, and exit, on its own.
+ */
+ if (waitpid(-1, NULL, WNOHANG) == 0) {
+ return;
+ }
+
_Exit(0);
}
--
2.26.2
- [PULL 00/16] Fuzzing + bugfix patches for QEMU 6.0 soft freeze, Paolo Bonzini, 2021/03/16
- [PULL 01/16] tests/qtest: Only run fuzz-megasas-test if megasas device is available, Paolo Bonzini, 2021/03/16
- [PULL 02/16] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available, Paolo Bonzini, 2021/03/16
- [PULL 07/16] fuzz: add instructions for building reproducers, Paolo Bonzini, 2021/03/16
- [PULL 03/16] MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing', Paolo Bonzini, 2021/03/16
- [PULL 04/16] fuzz: fix the pro100 generic-fuzzer config, Paolo Bonzini, 2021/03/16
- [PULL 06/16] fuzz: add a script to build reproducers, Paolo Bonzini, 2021/03/16
- [PULL 05/16] fuzz: don't leave orphan llvm-symbolizers around,
Paolo Bonzini <=
- [PULL 09/16] memory: add a sparse memory device for fuzzing, Paolo Bonzini, 2021/03/16
- [PULL 08/16] fuzz: add a am53c974 generic-fuzzer config, Paolo Bonzini, 2021/03/16
- [PULL 10/16] fuzz: configure a sparse-mem device, by default, Paolo Bonzini, 2021/03/16
- [PULL 13/16] Revert "accel: kvm: Add aligment assert for kvm_log_clear_one_slot", Paolo Bonzini, 2021/03/16
- [PULL 12/16] configure: add option to explicitly enable/disable libgio, Paolo Bonzini, 2021/03/16
- [PULL 11/16] fuzz: move some DMA hooks, Paolo Bonzini, 2021/03/16
- [PULL 14/16] scsi: fix sense code for EREMOTEIO, Paolo Bonzini, 2021/03/16
- [PULL 15/16] hw/i8254: fix vmstate load, Paolo Bonzini, 2021/03/16
- [PULL 16/16] qemu-timer: allow freeing a NULL timer, Paolo Bonzini, 2021/03/16
- Re: [PULL 00/16] Fuzzing + bugfix patches for QEMU 6.0 soft freeze, Peter Maydell, 2021/03/18