Skip to content

Fix leak checking #6386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 3, 2025
Merged

Fix leak checking #6386

merged 4 commits into from
Nov 3, 2025
+103 −8

Conversation

@pimyn-girgis
Copy link
Collaborator

@pimyn-girgis pimyn-girgis commented Sep 30, 2025
edited
Loading

This PR enables the periodic execution of a leak checker within the executor, it also fixes the parsing of kmemleak output.
Fixes #4728.

a-nogikh
a-nogikh reviewed Sep 30, 2025
View reviewed changes
Copy link
Collaborator

@a-nogikh a-nogikh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An alternative implementation would be to e.g. add some new message type to trigger leak checking here:

syzkaller/executor/executor_runner.h

Lines 612 to 621 in 65a0eec

if (auto* msg = raw.msg.AsExecRequest())
Handle(*msg);
else if (auto* msg = raw.msg.AsSignalUpdate())
Handle(*msg);
else if (auto* msg = raw.msg.AsCorpusTriaged())
Handle(*msg);
else if (auto* msg = raw.msg.AsStateRequest())
Handle(*msg);
else
failmsg("unknown host message type", "type=%d", static_cast<int>(raw.msg.type));

And then, in https://github.com/google/syzkaller/blob/master/pkg/rpcserver/runner.go, every X requests/Y minutes make sure there are no pending requests and start the leak checking process. Once leak checking is finished, continue fuzzing.

I am hesitating re. what'd be better here - the C++ implementation is shorter, but makes the poorly tested logic even more complicated, while the (mostly) Go implementation would be bigger than the 50 line change we have here.

dvyukov
dvyukov reviewed Oct 1, 2025
View reviewed changes
@pimyn-girgis pimyn-girgis reopened this Oct 1, 2025
@pimyn-girgis pimyn-girgis force-pushed the fix-kmemleak branch 5 times, most recently from 07250bf to ed8ce2c Compare October 2, 2025 15:03
a-nogikh
a-nogikh reviewed Oct 2, 2025
View reviewed changes
a-nogikh
a-nogikh reviewed Oct 6, 2025
View reviewed changes
a-nogikh
a-nogikh reviewed Oct 6, 2025
View reviewed changes
@a-nogikh
Copy link
Collaborator

a-nogikh commented Oct 6, 2025

Otherwise looks good to me

@pimyn-girgis pimyn-girgis force-pushed the fix-kmemleak branch 3 times, most recently from 59a982e to 8796265 Compare October 10, 2025 11:45
@pimyn-girgis pimyn-girgis requested a review from a-nogikh October 10, 2025 11:53
@pimyn-girgis pimyn-girgis changed the title executor: enable periodic leak checking Fix leak checking Oct 10, 2025
@pimyn-girgis pimyn-girgis force-pushed the fix-kmemleak branch 2 times, most recently from 635421d to 83981ae Compare October 16, 2025 05:42
a-nogikh
a-nogikh reviewed Oct 16, 2025
View reviewed changes
a-nogikh
a-nogikh reviewed Oct 27, 2025
View reviewed changes
@pimyn-girgis pimyn-girgis force-pushed the fix-kmemleak branch 2 times, most recently from 23e8226 to a69c788 Compare October 28, 2025 11:48
a-nogikh
a-nogikh previously approved these changes Oct 28, 2025
View reviewed changes
@a-nogikh
Copy link
Collaborator

I think it should all work fine, but let's double-check it before merging. Please run the modified syzkaller for at least several hours on

  1. A Linux kernel without leak checking
  2. A Linux kernel with kmemleak enabled

(You can e.g. set it up overnight)

We should ensure that in both cases there are no obvious syzkaller bugs, that fuzzing progresses and reproducers are found.
I am also curious about the difference in exec/sec between the two cases.

@pimyn-girgis
executor: enable periodic leak checking
88e87bd 
This commit enables the periodic execution of a leak checker within the executor. The leak checker will now run every
2 * num_procs executions, but only after the corpus has been triaged and all executor processes are in an idle state.
@pimyn-girgis
pkg/report: support optional CRC in backtrace lines
858874c 
At some point kmemleak started adding a CRC checksum to the "backtrace:" line in memory leak reports. The existing
regular expression did not account for this, causing parsing to fail for these reports.

Update the regex to make the CRC component optional, allowing reports both with and without the checksum to be parsed
correctly.
@pimyn-girgis
tools/syz-execprog: redirect syz-executor output to Os.Stderr
64d0994 
This change is necessary as it allows us to access the reports printed by syz-executor, such as KMEMLEAK reports.

Fixes google#4728.
@pimyn-girgis
pkg/report: add test for kmemleak with crc hash
db5027c 
KMEMLEAK now prints a crc hash. Add a test to ensure we can properly parse it.
@a-nogikh a-nogikh added this pull request to the merge queue Nov 3, 2025
Merged via the queue into google:master with commit cade79d Nov 3, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dvyukov dvyukov dvyukov left review comments

@a-nogikh a-nogikh a-nogikh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

syzkaller: repair memory leak checking

3 participants

@pimyn-girgis @a-nogikh @dvyukov