From: Alexander Bulekov <alxndr@bu.edu>
To: qemu-devel@nongnu.org
Cc: "Alexander Bulekov" <alxndr@bu.edu>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
stefanha@redhat.com, "Darren Kenny" <darren.kenny@oracle.com>
Subject: [PATCH 0/2] Make timeouts more robust
Date: Wed, 4 Aug 2021 09:56:19 -0400 [thread overview]
Message-ID: <20210804135621.31455-1-alxndr@bu.edu> (raw)
Based-on: <20210713150037.9297-1-alxndr@bu.edu>
This is an attempt to fix coverage-build failures on OSS-Fuzz. These builds
broke soon after we added the generic-fuzzer, and have been broken since.
We have little visibility into the issue on the OSS-Fuzz infrastructure, but it
appears to be due to some-sort of timeout during corpus merging. To debug this
issue, I downloaded a copy of all of the corpuses on OSS-Fuzz.
Then, I ran a merge job for each fuzzer-config, using the libfuzzer arguments
that I could glean from the clusterfuzz source:
timeout 79200 ./qemu-fuzz-i386-... -rss_limit_mb=2560 -close_fd_mask=3 \
-max_len=5242880 -timeout=5 -detect_leaks=1 -merge=1 \
./merged/... ./qemu-corpus.clusterfuzz-external.appspot.com/libFuzzer/qemu_...
At the end of the day, there were two jobs still running, both stuck in
fdmon_poll_wait -> qemu_poll_ns -> ppoll
These patches adjust the timeout setup to avoid the fuzzer getting stuck in
this code.
Here is an example of such an input from oss-fuzz, for testing:
cat << EOF | base64 -d > input
SEZVWloBAAAAAAAAADc16kZVWlqGRlVaWgZGVVpaz/8PJ4Bg/wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABNzPqRlVaWghGVVpaBkZVWlrP/w8ngGD/
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////////////////////
/////////////////////////////////////////////++3kP//////////////////////////
/////////////////////////////////////wAAAAAAAAAACQAAAgAAWQELAAC3s7Oz/wjzoIGJ
/////1VaWgZGVVpa33NydP+ROTIyMzM3MjAzNjg1NDc3NTgxMEFzfo0wu3PuAAD9AAABI1onyrgI
RlX/EvIkWloGRlVaWt9zcnT/kTNBc36NzESMEbnZovm5ADdaCFoGRlVaWt/fFwErt7OzswFGkTEt
WiMjI0ZVWlo9/z3/VUZVWloIRtVaWgZGVVpazwAIJ4DvA+/v7+/v/wj/FQAJAAACAABZAQsAAAAA
ALezs7P/CP///0ZVWloGWt/fFwErt7Ozs/8I/wkAAAIAAFkBCyAVAAAAAAAAAFpaWkZVWlrfc3J0
/5EzQXN+jTK7c+5GVVVaWgZGVVpa37Ozs7Ozs7MDAAAAs7Ozs1X4kgP4s7Ozs7OzVfiSA/hoiGIW
/99zcnT/kTNBc36NMrtz7kbPAAAAAAAAACn/s7MDAAAAs7Ozs1X4kgP4s7Ozs7OzVfiSA/hoiGIW
/99zcnT/kTNBc36NMrtz7kbPAAAAAAAAACn/BQhGVVpaBkZVWlrP/w/hf58A//9EjO5GzwAAAAAA
AAAp/wUIRlVaWgZGVVpaz/8PJ4Bg/wAAAAAAAAAAAAAAAZSLi0ZVWlpaWkZVWlrfc3J0ACn/BQhG
VVpaBkZVWlrP/w8ngGD/AAAAAAAAAAAAAAABlIuLRlVaWlpaRlVaWt9zcnT/kTJBc36NMrtz7kZV
VVpaBkZVWlrfs7Ozs7OzswMAAACzs7OzVfiSA/izs7Ozs7NV+JID+GiIYhb/3wAAAAAAt7Ozs/8I
/////1VaWgZa398XASu3s7Oz/wj/CQEAAgAAWQELAAAAAAC3s7Oz/wjQ////VVpaBkZVWlrfc3J0
/5Ez4oGlQXN+jcxEDxG5ovm5ADdaCFoGRlVaWt/fFwErt7Oz7+/v7+/v7+/igZ/v7+/v7x4BAAAA
AAAA7+8gn5+fn5+fn5+fn5+fn5+fnyEAVQCfn5+fn5+fn5+fn58BC0ZVWloIRlVaWgZGAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAClaWgZGVQIAAEZVWlrXvAABdAB0/wZGVVpa17wAAXQAdAgAAEZVWlrX
vAQBdAB0MP82CAAAKf///////////////1paBkZVWlrfc3J0/1paJwB+A0Z+WlpGVVpaWicAfgNG
flpaRlVaWlonAH4DRn5aWkZVWlpaJwB+A0Z+WlpGVVoAAADguYQA//OggLz/////////////Cf//
/1XfRlVaWghGVVpaBkZVWlrPBADLkSf/DAAAAAAABwAAAAAAI1oIRlVaWgZGVVpa398XAf//////
RlVaWv///////wn///9VWlpGVVpa33NydP+RNEFz/////////////////wZGVVpa33Ozs7Ozs7Oz
s7Ozs7Ozs7Ozs64GRlVaWt9zs7Ozs7Ozs7Ozs7Ozs64GRlVaWt9zs7Ozs7Ozs7Ozs7Ozs64GRlVa
Wt9zs7Ozs7Ozs7Ozs7Ozs64GRlVaWt9zs7Ozs7Ozs7Ozs7Ozc3J0/5EzWlrf37Ozs7Ozs+bl////
/////////////1paAQRzs7OzRlVaWghGVVpaBkZVWlqt/////wAAAAEA/QH///9GdDxlVWD//0ZV
Wlow/Q8EAABGVf//RlVaWjf9D7Ozs64GRlVaWt9zs7MEBAAARlX//0ZVWlo3/Q8E//8CBHMARlX/
/0ZVWlo3/Q8EAABGVf//RlVaWjf9DwT//wIEc2Vtc0ZVYP//RlVaWjf9DwQAAEZVRlVaWlpaN/0P
BP//AgRzAEZV//9GVVpaN/0PBAAARlX//0ZVWlo3/Q8E//8CBHNlbXNGVWD//0ZVWlo0/Q9bs/8B
L7Ozs7Ozs7Ozs7OzrgZGVVoaILYg/v//vUZVWloIRmD//0ZVWlo0/Q9bWrP/AS8aILYg/v//vUZV
WloIRlVaWghGVVpaBkZVWlr/tiAa4EQg/v9Bf71GVVpaswizRlVaWghGVVpaBkZVWlqtEQBGVVpa
CEZVWt9zs7Ozs7Ozs7Ozs7Ozs65aBkZVWlojAAAgbiMjBjNGI1VaI0ZV
EOF
Run it with:
./qemu-fuzz-i386 --fuzz-target=generic-fuzz-ahci-hd ./input
For this to timeout and exit, both of the patches in the series are required.
Alexander Bulekov (2):
fuzz: use ITIMER_REAL for timeouts
fuzz: unblock SIGALRM so the timeout works
tests/qtest/fuzz/generic_fuzz.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--
2.30.2
next reply other threads:[~2021-08-04 14:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-04 13:56 Alexander Bulekov [this message]
2021-08-04 13:56 ` [PATCH 1/2] fuzz: use ITIMER_REAL for timeouts Alexander Bulekov
2021-08-04 15:34 ` Darren Kenny
2021-08-04 13:56 ` [PATCH 2/2] fuzz: unblock SIGALRM so the timeout works Alexander Bulekov
2021-08-04 15:33 ` Darren Kenny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210804135621.31455-1-alxndr@bu.edu \
--to=alxndr@bu.edu \
--cc=darren.kenny@oracle.com \
--cc=f4bug@amsat.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).