prog: annotate image assets with fsck logs

Syscall attributes are extended with a fsck command field which lets
file system mount definitions specify a fsck-like command to run. This
is required because all file systems have a custom fsck command
invokation style.

When uploading a compressed image asset to the dashboard, syz-manager
also runs the fsck command and logs its output over the dashapi.

The dashboard logs these fsck logs into the database.

This has been requested by fs maintainer Ted Tso who would like to
quickly understand whether a filesystem is corrupted or not before
looking at a reproducer in more details. Ultimately, this could be used
as an early triage sign to determine whether a bug is obviously
critical.

Author: FlorentRevest

dashboard/app/api.go

@@ -491,7 +491,7 @@ func uploadBuild(c context.Context, now time.Time, ns string, req *dashapi.Build
 	*Build, bool, error) {
 	newAssets := []Asset{}
 	for i, toAdd := range req.Assets {
-		newAsset, err := parseIncomingAsset(c, toAdd)
+		newAsset, err := parseIncomingAsset(c, toAdd, ns)
 		if err != nil {
 			return nil, false, fmt.Errorf("failed to parse asset #%d: %w", i, err)
 		}
@@ -783,7 +783,8 @@ func apiReportCrash(c context.Context, ns string, r *http.Request, payload []byt
 
 // nolint: gocyclo
 func reportCrash(c context.Context, build *Build, req *dashapi.Crash) (*Bug, error) {
-	assets, err := parseCrashAssets(c, req)
+	ns := build.Namespace
+	assets, err := parseCrashAssets(c, req, ns)
 	if err != nil {
 		return nil, err
 	}
@@ -798,7 +799,6 @@ func reportCrash(c context.Context, build *Build, req *dashapi.Crash) (*Bug, err
 	}
 	req.Maintainers = email.MergeEmailLists(req.Maintainers)
 
-	ns := build.Namespace
 	bug, err := findBugForCrash(c, ns, req.AltTitles)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find bug for the crash: %w", err)
@@ -895,10 +895,10 @@ func reportCrash(c context.Context, build *Build, req *dashapi.Crash) (*Bug, err
 	return bug, nil
 }
 
-func parseCrashAssets(c context.Context, req *dashapi.Crash) ([]Asset, error) {
+func parseCrashAssets(c context.Context, req *dashapi.Crash, ns string) ([]Asset, error) {
 	assets := []Asset{}
 	for i, toAdd := range req.Assets {
-		newAsset, err := parseIncomingAsset(c, toAdd)
+		newAsset, err := parseIncomingAsset(c, toAdd, ns)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse asset #%d: %w", i, err)
 		}
@@ -1309,7 +1309,7 @@ func apiAddBuildAssets(c context.Context, ns string, r *http.Request, payload []
 	}
 	assets := []Asset{}
 	for i, toAdd := range req.Assets {
-		asset, err := parseIncomingAsset(c, toAdd)
+		asset, err := parseIncomingAsset(c, toAdd, ns)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse asset #%d: %w", i, err)
 		}
@@ -1322,7 +1322,7 @@ func apiAddBuildAssets(c context.Context, ns string, r *http.Request, payload []
 	return nil, nil
 }
 
-func parseIncomingAsset(c context.Context, newAsset dashapi.NewAsset) (Asset, error) {
+func parseIncomingAsset(c context.Context, newAsset dashapi.NewAsset, ns string) (Asset, error) {
 	typeInfo := asset.GetTypeDescription(newAsset.Type)
 	if typeInfo == nil {
 		return Asset{}, fmt.Errorf("unknown asset type")
@@ -1331,10 +1331,15 @@ func parseIncomingAsset(c context.Context, newAsset dashapi.NewAsset) (Asset, er
 	if err != nil {
 		return Asset{}, fmt.Errorf("invalid URL: %w", err)
 	}
+	fsckLog, err := putText(c, ns, textFsckLog, newAsset.FsckLog)
+	if err != nil {
+		return Asset{}, err
+	}
 	return Asset{
 		Type:        newAsset.Type,
 		DownloadURL: newAsset.DownloadURL,
 		CreateDate:  timeNow(c),
+		FsckLog:     fsckLog,
 	}, nil
 }
 

dashboard/app/entities_datastore.go

@@ -59,6 +59,7 @@ type Asset struct {
 	Type        dashapi.AssetType
 	DownloadURL string
 	CreateDate  time.Time
+	FsckLog     int64 // references to fsck logstext entity
 }
 
 type Build struct {
@@ -666,6 +667,7 @@ const (
 	textLog          = "Log"
 	textError        = "Error"
 	textReproLog     = "ReproLog"
+	textFsckLog      = "FsckLog"
 )
 
 const (

dashboard/dashapi/dashapi.go

@@ -802,6 +802,7 @@ func (dash *Dashboard) UploadManagerStats(req *ManagerStatsReq) error {
 type NewAsset struct {
 	DownloadURL string
 	Type        AssetType
+	FsckLog     []byte
 }
 
 type AddBuildAssetsReq struct {

docs/syscall_descriptions_syntax.md

@@ -67,7 +67,8 @@ rest of the type-options are type-specific:
 	value range start, how many values per process, underlying type
 "compressed_image": zlib-compressed disk image
 	syscalls accepting compressed images must be marked with `no_generate`
-	and `no_minimize` call attributes.
+	and `no_minimize` call attributes. if the content of the decompressed image
+	can be checked by a `fsck`-like command, use the `fsck` syscall attribute
 "text": machine code of the specified type, type-options:
 	text type (x86_real, x86_16, x86_32, x86_64, arm64)
 "void": type with static size 0
@@ -101,6 +102,8 @@ Call attributes are:
 "breaks_returns": ignore return values of all subsequent calls in the program in fallback feedback (can't be trusted).
 "no_generate": do not try to generate this syscall, i.e. use only seed descriptions to produce it.
 "no_minimize": do not modify instances of this syscall when trying to minimize a crashing program.
+"fsck": the content of the compressed buffer argument for this syscall is a file system and the
+    string argument is a fsck-like command that will be called to verify the filesystem
 "remote_cover": wait longer to collect remote coverage for this call.
 ```
 

pkg/manager/crash.go

@@ -148,7 +148,7 @@ func (cs *CrashStore) SaveRepro(res *ReproResult, progText, cProgText []byte) er
 		osutil.WriteFile(filepath.Join(dir, cReproFileName), cProgText)
 	}
 	var assetErr error
-	repro.Prog.ForEachAsset(func(name string, typ prog.AssetType, r io.Reader) {
+	repro.Prog.ForEachAsset(func(name string, typ prog.AssetType, r io.Reader, c *prog.Call) {
 		fileName := filepath.Join(dir, name+".gz")
 		if err := osutil.WriteGzipStream(fileName, r); err != nil {
 			assetErr = fmt.Errorf("failed to write crash asset: type %d, %w", typ, err)

prog/analysis.go

@@ -383,7 +383,7 @@ const (
 	MountInRepro AssetType = iota
 )
 
-func (p *Prog) ForEachAsset(cb func(name string, typ AssetType, r io.Reader)) {
+func (p *Prog) ForEachAsset(cb func(name string, typ AssetType, r io.Reader, c *Call)) {
 	for id, c := range p.Calls {
 		ForeachArg(c, func(arg Arg, _ *ArgCtx) {
 			a, ok := arg.(*DataArg)
@@ -395,7 +395,7 @@ func (p *Prog) ForEachAsset(cb func(name string, typ AssetType, r io.Reader)) {
 			if len(data) == 0 {
 				return
 			}
-			cb(fmt.Sprintf("mount_%v", id), MountInRepro, bytes.NewReader(data))
+			cb(fmt.Sprintf("mount_%v", id), MountInRepro, bytes.NewReader(data), c)
 		})
 	}
 }

prog/fsck.go

@@ -0,0 +1,44 @@
+// Copyright 2024 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package prog
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/google/syzkaller/pkg/osutil"
+)
+
+// Fsck returns whether a filesystem is clean or not
+func Fsck(r io.Reader, fsckCmd string) ([]byte, error) {
+	// Write the image to a temporary file
+	tempFile, err := os.CreateTemp("", "*.img")
+	if err != nil {
+		return []byte{}, fmt.Errorf("failed to create temporary file: %v", err)
+	}
+	defer os.Remove(tempFile.Name())
+
+	_, err = io.Copy(tempFile, r)
+	if err != nil {
+		return []byte{}, fmt.Errorf("failed to write data to temporary file: %v", err)
+	}
+
+	if err := tempFile.Close(); err != nil {
+		return []byte{}, fmt.Errorf("failed to close temporary file: %v", err)
+	}
+
+	// And run the provided fsck command on it
+	fsck := append(strings.Fields(fsckCmd), tempFile.Name())
+	cmd := osutil.Command(fsck[0], fsck[1:]...)
+	if err := osutil.Sandbox(cmd, true, true); err != nil {
+		return []byte{}, err
+	}
+
+	output, err := cmd.CombinedOutput()
+	prefix := fsckCmd + " exited with status code " + strconv.Itoa(cmd.ProcessState.ExitCode()) + "\n"
+	return append([]byte(prefix), output...), nil
+}

prog/fsck_test.go

@@ -0,0 +1,86 @@
+// Copyright 2024 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package prog_test
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/google/syzkaller/prog"
+	. "github.com/google/syzkaller/prog"
+	"github.com/google/syzkaller/sys/targets"
+)
+
+// To get maximum test coverage here, install the following Debian packages:
+// dosfstools e2fsprogs btrfs-progs util-linux f2fs-tools hfsprogs jfsutils
+// util-linux dosfstools ocfs2-tools reiserfsprogs xfsprogs erofs-utils
+// exfatprogs gfs2-utils ntfs-3g-dev
+
+const corruptedFs = "IAmACorruptedFs"
+
+func fsckAvailable(cmd string) bool {
+	_, err := exec.LookPath(strings.Fields(cmd)[0])
+	return err == nil
+}
+
+func TestFsck(t *testing.T) {
+	target, err := GetTarget(targets.Linux, targets.AMD64)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Use the images generated by syz-imagegen as a collection of clean file systems
+	cleanFsProgs, err := filepath.Glob(filepath.Join("..", "sys", "linux", "test", "syz_mount_image_*_0"))
+	if err != nil {
+		t.Fatalf("directory read failed: %v", err)
+	}
+
+	for _, file := range cleanFsProgs {
+		sourceProg, err := os.ReadFile(file)
+		if err != nil {
+			t.Fatal(err)
+		}
+		p, err := target.Deserialize(sourceProg, NonStrict)
+		if err != nil {
+			t.Fatalf("failed to deserialize %s: %s", file, err)
+		}
+		p.ForEachAsset(func(name string, typ AssetType, r io.Reader, c *prog.Call) {
+			if c.Meta.Attrs.Fsck == "" {
+				return
+			}
+			fsckCmd := c.Meta.Attrs.Fsck
+			if !fsckAvailable(fsckCmd) {
+				t.Skipf("%s not available", fsckCmd)
+			}
+
+			fsName := strings.TrimPrefix(c.Meta.Name, "syz_mount_image$")
+			// Check that the file system in the image is detected as clean
+			t.Run(fmt.Sprintf("clean %s", fsName), func(t *testing.T) {
+				logs, err := Fsck(r, fsckCmd)
+				if err != nil {
+					t.Fatalf("failed to run fsck %s", err)
+				}
+				if !strings.Contains(string(logs), " exited with status code 0") {
+					t.Fatalf("%s should exit 0 on a clean file system", fsckCmd)
+				}
+			})
+
+			// And use the same fsck command on a dummy fs to make sure that fails
+			t.Run(fmt.Sprintf("corrupt %s", fsName), func(t *testing.T) {
+				logs, err := Fsck(strings.NewReader(corruptedFs), fsckCmd)
+				if err != nil {
+					t.Fatalf("failed to run fsck %s", err)
+				}
+				if strings.Contains(string(logs), " exited with status code 0") {
+					t.Fatalf("%s shouldn't exit 0 on a corrupt file system", fsckCmd)
+				}
+			})
+		})
+	}
+}

prog/images_test.go

@@ -16,6 +16,7 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/syzkaller/pkg/osutil"
+	"github.com/google/syzkaller/prog"
 	. "github.com/google/syzkaller/prog"
 	"github.com/google/syzkaller/sys/targets"
 )
@@ -46,10 +47,13 @@ func TestForEachAsset(t *testing.T) {
 			t.Fatalf("failed to deserialize %s: %s", file, err)
 		}
 		base := strings.TrimSuffix(file, ".in")
-		p.ForEachAsset(func(name string, typ AssetType, r io.Reader) {
+		p.ForEachAsset(func(name string, typ AssetType, r io.Reader, c *prog.Call) {
 			if typ != MountInRepro {
 				t.Fatalf("unknown asset type %v", typ)
 			}
+			if !strings.HasPrefix(c.Meta.Name, "syz_mount_image$") {
+				t.Fatalf("unexpected syscall name %v", c.Meta.Name)
+			}
 			testResult, err := io.ReadAll(r)
 			if err != nil {
 				t.Fatal(err)

prog/types.go

@@ -47,6 +47,7 @@ type SyscallAttrs struct {
 	RemoteCover     bool
 	Automatic       bool
 	AutomaticHelper bool
+	Fsck            string
 }
 
 // MaxArgs is maximum number of syscall arguments.