executor: add runner mode

Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.

Update #4917 (sets most signal handlers to SIG_IGN)

6 files changed, 15 insertions, 61 deletions

diff --git a/vm/adb/adb.go b/vm/adb/adb.go
index a1a3d7531..ed9fa56b7 100644
--- a/vm/adb/adb.go
+++ b/vm/adb/adb.go
@@ -323,7 +323,7 @@ func (inst *instance) adbWithTimeout(timeout time.Duration, args ...string) ([]b
 }
 
 func (inst *instance) waitForBootCompletion() {
-	// ADB connects to a phone and starts syz-fuzzer while the phone is still booting.
+	// ADB connects to a phone and starts syz-executor while the phone is still booting.
 	// This enables syzkaller to create a race condition which in certain cases doesn't
 	// allow the phone to finalize initialization.
 	// To determine whether a system has booted and started all system processes and
diff --git a/vm/gvisor/gvisor.go b/vm/gvisor/gvisor.go
index ed3018a51..6d26da5bb 100644
--- a/vm/gvisor/gvisor.go
+++ b/vm/gvisor/gvisor.go
@@ -244,14 +244,6 @@ func (inst *instance) Info() ([]byte, error) {
 	return []byte(info), nil
 }
 
-func (inst *instance) PprofPort() int {
-	// Some of the gVisor instances use the host's network namespace, which
-	// results in conflicting bind operations on the same HTTP port.
-	// Until there's an actual need to debug gVisor VMs with pprof, let's
-	// just disable it.
-	return 0
-}
-
 func (inst *instance) runscCmd(add ...string) *exec.Cmd {
 	cmd := osutil.Command(inst.image, append(inst.args(), add...)...)
 	cmd.Env = []string{
diff --git a/vm/qemu/qemu.go b/vm/qemu/qemu.go
index 6f5cb4f56..738ff5acf 100644
--- a/vm/qemu/qemu.go
+++ b/vm/qemu/qemu.go
@@ -436,13 +436,9 @@ func (inst *instance) boot() error {
 	templateDir := filepath.Join(inst.workdir, "template")
 	args = append(args, splitArgs(inst.cfg.QemuArgs, templateDir, inst.index)...)
 
-	forwardedPort := vmimpl.UnusedTCPPort()
-	pprofExt := fmt.Sprintf(",hostfwd=tcp::%v-:%v", forwardedPort, vmimpl.PprofPort)
-	log.Logf(3, "instance %s's pprof is available at 127.0.0.1:%v", instanceName, forwardedPort)
-
 	args = append(args,
 		"-device", inst.cfg.NetDev+",netdev=net0",
-		"-netdev", fmt.Sprintf("user,id=net0,restrict=on,hostfwd=tcp:127.0.0.1:%v-:22%s", inst.port, pprofExt),
+		"-netdev", fmt.Sprintf("user,id=net0,restrict=on,hostfwd=tcp:127.0.0.1:%v-:22", inst.port),
 	)
 	if inst.image == "9p" {
 		args = append(args,
@@ -617,7 +613,7 @@ func (inst *instance) Copy(hostSrc string) (string, error) {
 	base := filepath.Base(hostSrc)
 	vmDst := filepath.Join(inst.targetDir(), base)
 	if inst.target.HostFuzzer {
-		if base == "syz-fuzzer" || base == "syz-execprog" {
+		if base == "syz-execprog" {
 			return hostSrc, nil // we will run these on host
 		}
 		if inst.files == nil {
@@ -648,8 +644,7 @@ func (inst *instance) Run(timeout time.Duration, stop <-chan bool, command strin
 
 	sshArgs := vmimpl.SSHArgsForward(inst.debug, inst.sshkey, inst.port, inst.forwardPort, false)
 	args := strings.Split(command, " ")
-	if bin := filepath.Base(args[0]); inst.target.HostFuzzer &&
-		(bin == "syz-fuzzer" || bin == "syz-execprog") {
+	if bin := filepath.Base(args[0]); inst.target.HostFuzzer && bin == "syz-execprog" {
 		// Weird mode for Fuchsia.
 		// Fuzzer and execprog are on host (we did not copy them), so we will run them as is,
 		// but we will also wrap executor with ssh invocation.
diff --git a/vm/vm.go b/vm/vm.go
index 02b0e1030..6f66f8a37 100644
--- a/vm/vm.go
+++ b/vm/vm.go
@@ -253,18 +253,6 @@ func (inst *Instance) Info() ([]byte, error) {
 	return nil, nil
 }
 
-func (inst *Instance) PprofPort() int {
-	if inst.pool.hostFuzzer {
-		// In the fuzzing on host mode, fuzzers are always on the same network.
-		// Don't set up pprof endpoints in this case.
-		return 0
-	}
-	if ii, ok := inst.impl.(vmimpl.PprofPortProvider); ok {
-		return ii.PprofPort()
-	}
-	return vmimpl.PprofPort
-}
-
 func (inst *Instance) diagnose(rep *report.Report) ([]byte, bool) {
 	if rep == nil {
 		panic("rep is nil")
@@ -353,8 +341,7 @@ func (mon *monitor) monitorExecution() *report.Report {
 func (mon *monitor) appendOutput(out []byte) (*report.Report, bool) {
 	lastPos := len(mon.output)
 	mon.output = append(mon.output, out...)
-	if bytes.Contains(mon.output[lastPos:], executingProgram1) ||
-		bytes.Contains(mon.output[lastPos:], executingProgram2) {
+	if bytes.Contains(mon.output[lastPos:], executingProgram) {
 		mon.lastExecuteTime = time.Now()
 	}
 	if mon.reporter.ContainsCrash(mon.output[mon.matchPos:]) {
@@ -402,7 +389,7 @@ func (mon *monitor) extractError(defaultError string) *report.Report {
 	if defaultError != noOutputCrash || diagWait {
 		mon.waitForOutput()
 	}
-	if bytes.Contains(mon.output, []byte(fuzzerPreemptedStr)) {
+	if bytes.Contains(mon.output, []byte(executorPreemptedStr)) {
 		return nil
 	}
 	if defaultError == "" && mon.reporter.ContainsCrash(mon.output[mon.matchPos:]) {
@@ -470,16 +457,15 @@ func (mon *monitor) waitForOutput() {
 const (
 	maxErrorLength = 256
 
-	lostConnectionCrash = "lost connection to test machine"
-	noOutputCrash       = "no output from test machine"
-	timeoutCrash        = "timed out"
-	fuzzerPreemptedStr  = "SYZ-FUZZER: PREEMPTED"
-	vmDiagnosisStart    = "\nVM DIAGNOSIS:\n"
+	lostConnectionCrash  = "lost connection to test machine"
+	noOutputCrash        = "no output from test machine"
+	timeoutCrash         = "timed out"
+	executorPreemptedStr = "SYZ-EXECUTOR: PREEMPTED"
+	vmDiagnosisStart     = "\nVM DIAGNOSIS:\n"
 )
 
 var (
-	executingProgram1 = []byte("executing program")  // syz-fuzzer, syz-runner output
-	executingProgram2 = []byte("executed programs:") // syz-execprog output
+	executingProgram = []byte("executed programs:") // syz-execprog output
 
 	beforeContextDefault = 128 << 10
 	afterContext         = 128 << 10
diff --git a/vm/vm_test.go b/vm/vm_test.go
index 4f0e2836d..afb8634bd 100644
--- a/vm/vm_test.go
+++ b/vm/vm_test.go
@@ -191,7 +191,7 @@ var tests = []*Test{
 		Name: "fuzzer-is-preempted",
 		Body: func(outc chan []byte, errc chan error) {
 			outc <- []byte("BUG: bad\n")
-			outc <- []byte(fuzzerPreemptedStr + "\n")
+			outc <- []byte(executorPreemptedStr + "\n")
 		},
 	},
 	{
@@ -263,23 +263,12 @@ var tests = []*Test{
 		},
 	},
 	{
-		Name: "no-no-output-1",
+		Name: "no-no-output",
 		Exit: ExitNormal,
 		Body: func(outc chan []byte, errc chan error) {
 			for i := 0; i < 5; i++ {
 				time.Sleep(time.Second)
-				outc <- append(executingProgram1, '\n')
-			}
-			errc <- nil
-		},
-	},
-	{
-		Name: "no-no-output-2",
-		Exit: ExitNormal,
-		Body: func(outc chan []byte, errc chan error) {
-			for i := 0; i < 5; i++ {
-				time.Sleep(time.Second)
-				outc <- append(executingProgram2, '\n')
+				outc <- append(executingProgram, '\n')
 			}
 			errc <- nil
 		},
diff --git a/vm/vmimpl/vmimpl.go b/vm/vmimpl/vmimpl.go
index a9afdc1f1..0a4ada028 100644
--- a/vm/vmimpl/vmimpl.go
+++ b/vm/vmimpl/vmimpl.go
@@ -67,11 +67,6 @@ type Infoer interface {
 	Info() ([]byte, error)
 }
 
-// PprofPortProvider is used when the instance wants to define a custom pprof port.
-type PprofPortProvider interface {
-	PprofPort() int
-}
-
 // Env contains global constant parameters for a pool of VMs.
 type Env struct {
 	// Unique name
@@ -191,9 +186,6 @@ func Multiplex(cmd *exec.Cmd, merger *OutputMerger, console io.Closer, timeout t
 	return merger.Output, errc, nil
 }
 
-// On VMs, pprof will be listening to this port.
-const PprofPort = 6060
-
 func RandomPort() int {
 	n, err := rand.Int(rand.Reader, big.NewInt(64<<10-1<<10))
 	if err != nil {