Page MenuHomePhabricator

[fuzzer][fuchsia] Close exception channel before exiting.

Authored by aarongreen on Sep 3 2021, 1:48 PM.



On Fuchsia, killing or exiting a process that has a thread listening to its own process's debugger exception channel can hang. Zircon may kill all the threads, send a synthetic exceptions to debugger, and wait for the debugger to have received them. This means the thread listening to the debug exception channel may be killed even as Zircon is waiting for that thread to drain the exception channel, and the process can become stuck in a half-dead state.

This situation is "weird" as it only arises when a process is trying to debug itself. Unfortunately, this is exactly the scenario for libFuzzer on Fuchsia: FuzzerUtilFuchsia spawns a crash-handling thread that acts like a debugger in order to be able to rewrite the crashed threads stack and resume them into libFuzzer's usual POSIX signal handlers. In practice, approximately 25% of fuzzers appear to hang on exit, after generating output and artifacts. These processes hang around until the platform is torn done, which is typically a ClusterFuzz VM. Thus, real-world impact has been somewhat mitigated. The issue should still be resolved for local users, though.

This change improves the behavior of exit() in libFuzzer by adding an atexit handler which closes an event shared with the crash handling thread. This signals to the crash handler that it should close the exception channel and be joined before the process actually exits.

Diff Detail

Event Timeline

aarongreen requested review of this revision.Sep 3 2021, 1:48 PM
aarongreen created this revision.
charco accepted this revision.Sep 16 2021, 11:55 AM
This revision is now accepted and ready to land.Sep 16 2021, 11:55 AM
This revision was landed with ongoing or failed builds.Sep 16 2021, 11:57 AM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptSep 16 2021, 11:57 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript