logs doesn't list programs executed before the crash and syz program doesn't induce crashes
147 views
Skip to first unread message
kabuto hokage
Oct 11, 2023, 6:00:04 AM10/11/23
to syzkaller
Hey,
When I run syzkaller I don't get any programs executed before the crash in the logs, which makes it impossible to reproduce the bugs with syz-repro. I do however let syzkaller reproduce the bug automatically, so I have a syz program. The program does however not reproduce the bug at all with " ./syz-execprog -executor=./syz-executor -repeat=0 -procs=1 repro.prog". I found out that syzbot has reported the exact same bug in question,
"KASAN: use-after-free Write in ex_handler_refcount". Trying the syz program that syzbot generates also doesn't result in any crashes for me.
Im not sure if this might have something to do with accumulated kernel states or maybe races, but I would like to know. I have attached some files that give some more context.
best regards
Aleksandr Nogikh
Oct 12, 2023, 5:58:39 AM10/12/23
to kabuto hokage, syzkaller
On Wed, Oct 11, 2023 at 12:00 PM kabuto hokage <snakek...@gmail.com> wrote:
>
> Hey,
> When I run syzkaller I don't get any programs executed before the crash in the logs, which makes it impossible to reproduce the bugs with syz-repro.
This is strange. The log covers quite a big time span (more than an
>
> Hey,
> When I run syzkaller I don't get any programs executed before the crash in the logs, which makes it impossible to reproduce the bugs with syz-repro.
hour?), while syzkaller keeps track of executed programs and, if none
appear in ~5 minutes, kills the VM and saves a "no output from the
machine" crash. Are you fuzzing on some super slow VMs?
I also see a lot of debugging output, which may be why you're not
seeing any executed progs there -- it remembers only the last 1 MB
(you can adjust it locally in the code if you need to).
> I do however let syzkaller reproduce the bug automatically, so I have a syz program. The program does however not reproduce the bug at all with " ./syz-execprog -executor=./syz-executor -repeat=0 -procs=1 repro.prog". I found out that syzbot has reported the exact same bug in question,
> "KASAN: use-after-free Write in ex_handler_refcount". Trying the syz program that syzbot generates also doesn't result in any crashes for me.
> Im not sure if this might have something to do with accumulated kernel states or maybe races, but I would like to know. I have attached some files that give some more context.
>
> best regards
>
Aleksandr
kabuto hokage
Oct 12, 2023, 11:13:03 AM10/12/23
to syzkaller
Hey,
Thank you for trying to help. I was able to
get executed progs to show up now. I was using the "-vv" option which is definitely why the programs couldn't fit between all the kernel debug info. I wouldn't say the machines are slow. I'm running 23 VMS and all of them have 8GB of RAM and 8 cores each. Most of the logs are still a mess, and I might find one which lists executed programs among a 100 or so logs, so removing the "vv" flag didn't resolve the problem completely. But I'm encountering 2 bugs that result in 50 crashes a minute. They might be the culprits. The two warnings I get are , "WARNING in __sctp_setsockopt_connectx" and "WARNING in sctp_setsockopt_bindx". I have attached all the files concerning the "WARNING in sctp_setsockopt_bindx".
And with regards to syz-execprog I didn't get anything from using -debug flag.
best regards
kabuto hokage
Oct 13, 2023, 3:24:14 AM10/13/23
to syzkaller
I think I was able to identify the issue. I'm running vms across two different clusters. I don't get the bug at all when running vms from only one cluster, but as soon as I just add one vm I get the
"WARNING in sctp_setsockopt_bindx".
Aleksandr Nogikh
Oct 23, 2023, 11:11:58 AM10/23/23
to kabuto hokage, syzkaller
Hi,
On Mon, Oct 23, 2023 at 1:46 PM kabuto hokage <snakek...@gmail.com> wrote:
>
> Hey again Aleksandr,
>
> I have still not been able to resolve this issue. VMs that constantly crash due to these two warnings "WARNING in __sctp_setsockopt_connectx" and "WARNING in sctp_setsockopt_bindx". If it's only a warning why does the kernel crash and has to be restarted.
1) Check whether panic_on_warn is set on your VMs.
2) Syzkaller would record a crash and restart the VM anyway once it
sees a WARNING in the console output. To prevent this, you need to
configure the "ignores" syz-manager config field. It must contains
regexps of the crash titles to ignore:
https://github.com/google/syzkaller/blob/master/pkg/mgrconfig/config.go#L176
--
Aleksandr
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/67fe7520-c611-4447-ba5d-f73ff7dfdf82n%40googlegroups.com.
On Mon, Oct 23, 2023 at 1:46 PM kabuto hokage <snakek...@gmail.com> wrote:
>
> Hey again Aleksandr,
>
> I have still not been able to resolve this issue. VMs that constantly crash due to these two warnings "WARNING in __sctp_setsockopt_connectx" and "WARNING in sctp_setsockopt_bindx". If it's only a warning why does the kernel crash and has to be restarted.
2) Syzkaller would record a crash and restart the VM anyway once it
sees a WARNING in the console output. To prevent this, you need to
configure the "ignores" syz-manager config field. It must contains
regexps of the crash titles to ignore:
https://github.com/google/syzkaller/blob/master/pkg/mgrconfig/config.go#L176
--
Aleksandr
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/67fe7520-c611-4447-ba5d-f73ff7dfdf82n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages