New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
executor/linux: report large files when exiting with ENOSPC error #2127
base: master
Are you sure you want to change the base?
Conversation
I've got one sample running this locally:
The syz-executor/fuzzer are intentionally there. Seems there are no large files, but the ext4 filesystem is somehow out of free blocks (I suspect that 4096 is some kind of magic number and f_bavail is potentially 0). |
Looking at the "lost connection" crashes on the dashboard, it seems that ENOSPC happens with both sandbox=none and sandbox=namespace. So somehow it escapes the namespace sandbox... What may give a definitive answer is if snapshot the disk image. Then we could examine it with fsck and just look around. We could add I hope |
3baaa84
to
a659a31
Compare
There are reports which terminated due to ENOSPC error, but it seems that all temporary files are deleted after the test. Let's check from /proc/*/fd/* side in case somebody is using large temporary files created by open(O_TMPFILE).
a659a31
to
9c2e8a7
Compare
Thank you for testing. Hmm, at least, it seems that fielsystem is not shrinking. Since Linux has O_TMPFILE, there might be nameless large files. Before waiting for implementing snapshot, could you retry with 9c2e8a7 ? By the way, fprintf(stderr, "Scanning large files from /proc//fd/\n"); triggered Don't use /* */ block comments. Use // line comments instead failure, and I workarounded using fprintf(stderr, "Scanning large files from /proc/\052/fd/\052\n"); . Since I'm running "make presubmit" on a VM with 4CPUs / 4GB RAM (which of course |
For the record here are 3 more samples (they don't seem to happen all that often, so I better save them here).
No significant amount of large file. However, this is interesting:
this means that the fuzzer escapes the sandbox and creates files in /selinux.
|
Indeed, it suggests that umount("/selinux/") and chdir("/selinux/") are issued. 0 /selinux/bus is interesting as well. Since files larger than occupying more than "2048 blocks" * "512 bytes/block" are reported, |
How is /proc/ for fuzzer processes?
|
There are reports which terminated due to ENOSPC error. It is possible that something is failing to remove files created during the testing.
To understand what is happening, start from reporting filesystem statistics and files which are larger than 1MB and modified within 24hours.