| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This option enables the "enforcing=?" option (at least), which
simplifies SELINUX configuration.
|
| |
|
|
| |
Require Linux >= 5.10 instead of 5.15.
|
| | |
|
| |
|
|
|
|
|
|
| |
Otherwise we get problems while testing patches for older syzkaller
versions, which didn't support optional arguments.
Adjust tests so that problems with how OldFuzzerCmd handles such
arguments could be seen.
|
| |
|
|
|
| |
update linux to v5.18-rc1
fix dependency update errors
update configs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* vm/cuttlefish: add vm type for cuttlefish on gce
This new VM type embeds the existing 'gce' type to start an instance and
then run a Cuttlefish Android VM on it using the 'launch_cvd' binary
installed on it.
This requires us to make a few fields on the 'gce' type visible so that
'cuttlefish' can set them when starting the instance.
The remaining functionality (SSH forwarding, file copying, and running
commands on the nested Android VM will be in following changes.
For more information on Cuttlefish, see:
https://source.android.com/setup/create/cuttlefish
https://android.googlesource.com/device/google/cuttlefish/
* vm/cuttlefish: add vm type for cuttlefish on gce
This new VM type embeds the existing 'gce' type to start an instance and
then run a Cuttlefish Android VM on it using the 'launch_cvd' binary
installed on it.
This requires us to make a few fields on the 'gce' type visible so that
'cuttlefish' can set them when starting the instance.
The remaining functionality (SSH forwarding, file copying, and running
commands on the nested Android VM will be in following changes.
For more information on Cuttlefish, see:
https://source.android.com/setup/create/cuttlefish
https://android.googlesource.com/device/google/cuttlefish/
* vm/cuttlefish: add vm type for cuttlefish on gce
This new VM type embeds the existing 'gce' type to start an instance and
then run a Cuttlefish Android VM on it using the 'launch_cvd' binary
installed on it.
This requires us to make a few fields on the 'gce' type visible so that
'cuttlefish' can set them when starting the instance.
The remaining functionality (SSH forwarding, file copying, and running
commands on the nested Android VM will be in following changes.
For more information on Cuttlefish, see:
https://source.android.com/setup/create/cuttlefish
https://android.googlesource.com/device/google/cuttlefish/
* vm/cuttlefish: fix missed log.Logf(0 call to log.Logf(1
* vm/cuttlefish: remove unneeded log.Logf() calls
These logging for Count() isn't terribly useful since it's a single-line
call with very simple logic.
For the unimplemented methods the log lines have limited utility since
they're already returning error messages which will get logged.
|
| |
|
|
|
| |
Closes #3054
Ignore all the consequent failures in the program execution log.
Use only the first mismatch for analysis.
|
| |
|
|
| |
It popped up in a new KASAN report after recent KASAN changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* docs: update syscalls documentation
Fixing typo "does not contain" instead of "does not contains"
* docs: extending Syzkaller to a new OS
* docs: extending Syzkaller to a new OS
* docs: extending Syzkaller to a new OS
* docs: extending Syzkaller to a new OS
* docs: extending Syzkaller to a new OS
* docs: adding a new OS support
* docs: adding a new OS support
* docs: adding a new OS support
* docs: adding a new OS support
* docs: adding a new OS support
|
| | |
|
| |
|
|
| |
Removed atomic operations.
Added object level mutex.
|
| | |
|
| |
|
|
| |
This reverts commit 42718dd659525414aa0bf2794688ac94a32f7764.
Original PR had a race.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Raw coverage might be important when e.g. analysing the origins of
out-of-place coverage in coverage reports or understanding why the
fuzzer could not reach deeper code.
If "raw_cover" is set to true, syzkaller will remember unsorted and
unduplicated coverage (PCs) for each its corpus program.
|
| |
|
|
|
|
| |
Now we use the same type for both RCP communication with syz-fuzzer and
for managing corpus. It's not convenient to add corpus-specific fields
in this case, so separate them.
|
| |
|
|
|
|
| |
The method already has too many arguments, which complicates the further
addition of new features. Introduce FuzzerCmdArgs structure to overcome
the problem.
|
| |
|
|
|
|
|
|
|
| |
This commit replaces all `ioutil.TempDir` with `t.TempDir` in tests.
The directory created by `t.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |
|
|
| |
Enable dependabot to get security updates and if needed version updates on dependencies.
|
| |
|
|
| |
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
|
| |
|
|
|
|
|
|
| |
Reused config parameter "config.vm.count".
Local fuzzing speed test result:
1 vm/pool => 380 programs/minute
2 vm/pool => 1050 programs/minute
4 vm/pool => 1600 programs/minute
8 vm/pool => 800 programs/minute
|
| |
|
|
| |
s/TotalMismatches/TotalCallMismatches/ for readability.
Add ExecErrorProgs to count failures.
|
| |
|
|
| |
Fixing typo "does not contain" instead of "does not contains"
|
| |
|
|
| |
Now we always enable it, make this configurable for GCE instances.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
(#2908)
Program verification logic is located in one function now.
VMs fetch programs from priority queues, not from the generator.
VMs operate the tasks, not programs now.
For the crashed VM - return error for every program in the queue
*fixed some road errors
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now we use go1.16+, but sometimes syz-ci still has to compile and run
old syzkaller revisions, which were not meant to be compiled with modern
Go.
In particular, this leads to the following errors:
syzkaller build failed: failed to run ["make" "target"]: exit status 2
tools/syz-make/make.go:14:2: no required module provides package
github.com/google/syzkaller/pkg/osutil: go.mod file not found in
current directory or any parent directory; see 'go help modules'
tools/syz-make/make.go:15:2: no required module provides package
github.com/google/syzkaller/sys/targets: go.mod file not found in
current directory or any parent directory; see 'go help modules'
Makefile:39: *** syz-make failed. Stop.
Fix this by adding GO111MODULE=auto to the environment variables.
Reported-by: Taylor R Campbell <riastradh@netbsd.org>
|
| | |
|
| |
|
|
|
|
|
| |
The interface has significantly changed since the first version.
Update to the upstreammed interface.
Fixes #3030
|
| |
|
|
|
| |
Regenerate on latest upstream commit
56e337f2cf1326323844927a04e9dbce9a244835.
|
| |
|
|
|
|
|
|
|
|
|
| |
When syz-fuzzer starts, it tries all syscalls to filter out any that are
not supported. This process should include only the syscalls that are
enabled using the 'enable_syscalls' and 'disable_syscalls' fields in
syz-manager's config.
This is useful for fuzzing Cuttlefish devices, for example, where the
'vhost_vsock' syscall needs to be excluded from fuzzing and from this
test.
|
| |
|
|
|
|
|
|
|
| |
Problems with KASAN_OUTLINE and some other instrumentations were
recentely fixed in a series by Alexandre Ghiti. Fixes for KASAN_INLINE
are also on the way.
Switch syzbot's riscv instance to KASAN_OUTLINE to make it work after a
130+ day break.
|
| |
|
|
|
|
|
| |
W/o this config arm stack traces don't include PC which we expect
when parsing stack traces.
It was added in May 13 2021, and it seems since then we classified
all arm reports as corrupted.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Add a "syz-repro" target and 3 tables:
- List of all performed (and ongoing) reproductions.
- Comparison of repro rate for different bugs on different checkouts.
- Comparison of the share of C reproducers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor the code of syz-testbed to enable support of different targets.
This required the following changes:
- Instead of doing mass start and mass restart of instances, let them be
more independent.
- Support different types of instances, which may have different
expectations of the target behavior. E.g. syz-manager normally never
exits, while syz-repro is expected to exit after a certain time.
- Factor out stats management, as stat entries may be different for
different targets.
- Introduce locking to TestbedCtx and Checkout, as slices there can be
modified at arbitrary times.
|
| | |
|
| |
|
|
|
| |
No space is allowed between // and go:embed. Make linter not throw a
warning about it.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Otherwise there's a risk that the instance is stopped before Run() has
had a chance to be executed. This leads to a panic while doing
cmd.Signal().
|
| |
|
|
|
|
|
|
|
|
| |
It's not practical to parse configs from tools/syz-testbed because it
limits the tool to using only those configuration options, which are
supported by the syzkaller version at the moment of tools/syz-testbed
compilation.
Operate with manager configs as if they were just some JSON objects.
Introduce a PatchJSON method to update their fields in a convenient way.
|
| |
|
|
| |
Make it easier to do uiTableType filtering later.
|
| | |
|
| |
|
|
|
| |
Show top crashers for X last days.
Show graph with daily shares of crashes that satisfy user-entered regexps.
|
