pkg/osutil: ProcessTempDir is broken no Mac

[b0m5q]

While fuzzing with a machine with 88 cores, I got the error "failed to create instance: failed to create instance temp dir: too many live instance".

There were a lots of directories named instance-*** and after stopping the fuzzer and deleting them it worked again.

commit 169724fe go version 1.13.8

[dvyukov]

What's the syz-manager config? Does this happen right after start? Or after some time? Is it reproducible? Did you delete them while syz-manager was running? Or you stopped it, deleted dirs and then restarts?

[b0m5q]

this is the syz-manager config

{
    "target": "darwin/amd64",
    "http": "127.0.0.1:56741",
    "sshkey": "/Users/user/.ssh/id_macos115",
    "workdir": "/Users/user/sk_darwin/",
    "kernel_obj": "/Users/user/115/obj/",
    "kernel_src": "/Users/user/115/src/",
    "syzkaller": "/Users/user/go/src/github.com/google/syzkaller",
    "procs": 2,
    "type": "qemu",
    "cover": true,
    "image": "/Users/user/115/macos_11_5.qcow",
    "vm": {
        "count": 2,
        "cpu": 2,
        "mem": 4096,
        "efi_code_device": "/usr/local/share/OVMF/OVMF_CODE.fd",
        "efi_vars_device": "/usr/local/share/OVMF/OVMF_VARS.fd",
        "apple_smc_osk": "XXX"
    }
}

When it happed I stopped the fuzzer and deleted all the leftover directories sk_darwin and started the fuzzer again. The bug happened after a few days of fuzzing, so it hasn't happened yet.

[dvyukov]

Oh, this is darwin. Is your host also Mac by any chance? This wasn't extensively tested, maybe the temp dir allocation logic is broken for Mac in some way: https://github.com/google/syzkaller/blob/5462d47034cc5042a99e5df59da5c2677d5a9536/pkg/osutil/osutil_unix.go#L22

• @HerrSpace

[RonjaPonja]

Good to see people are using this :)

I'm out of office this week so I'll only be able to check this in a week or two.

I haven't run into this yet, however my tests were on an old macbook..