aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* dashboard/app: improve AI UIDmitry Vyukov2026-01-155-26/+58
| | | | | A bag of minor assorted improvements to data formatting. + show job results in the jobs table
* executor: sys/linux: SYZOS: add support for AMD Nested Event InjectionAlexander Potapenko2026-01-153-0/+79
| | | | | | | | | | | | | Implement SYZOS_API_NESTED_AMD_INJECT_EVENT to allow the L1 guest to inject events (Interrupts, NMIs, Exceptions) into L2 via the VMCB EVENTINJ field. This primitive abstracts the VMCB bit-packing logic (Vector, Type, Valid, Error Code) into a high-level API, enabling the fuzzer to semantically mutate event injection parameters. This targets KVM's nested event merging logic, specifically where L0 must reconcile L1-injected events with Host-pending events.
* executor: sys/linux: SYZOS: add support for AMD STGI and CLGI instructionsAlexander Potapenko2026-01-153-0/+75
| | | | | | | | | Implement the SYZOS_API_NESTED_AMD_STGI and SYZOS_API_NESTED_AMD_CLGI primitives to toggle the Global Interrupt Flag (GIF). These commands execute the stgi and clgi instructions respectively and require no arguments. Also add a test checking that CLGI correctly masks NMI injection from L0.
* docs: tweak syzos.md to reflect void argumentsAlexander Potapenko2026-01-151-1/+1
|
* pkg/manager: match full function names in focus areasAleksandr Nogikh2026-01-142-2/+7
| | | | | | When configuring focus areas before directed fuzzing, construct regular expressions that match the exact function names. Otherwise, we end up adding more functions than intended.
* pkg/aflow: allow to specify model per-flowDmitry Vyukov2026-01-1412-64/+90
| | | | | We may want to use a weaker model for some workflows. Allow to use different models for different workflows.
* docs: minor changes to syzos.mdAlexander Potapenko2026-01-141-0/+12
| | | | Make it clearer how to add new commands.
* executor: sys/linux: SYZOS: add support for AMD INVLPGA instructionAlexander Potapenko2026-01-143-0/+59
| | | | | | | | | | Implement the SYZOS_API_NESTED_AMD_INVLPGA primitive to execute the INVLPGA instruction in the L1 guest. This allows the fuzzer to target KVM's Shadow MMU and Nested Paging (NPT) logic by invalidating TLB entries for specific ASIDs. Also add a simple syzlang seed/regression test.
* dashboard/app: add race harmfullness labelDmitry Vyukov2026-01-138-18/+183
| | | | | Add race:harmful/benign label. Set it automatically by confirmed AI jobs.
* dashboard/dashapi: retry requests on errorsDmitry Vyukov2026-01-131-8/+21
| | | | | | | | | API requests episodically fail due to internal datastore errors, some timeouts, etc. Failure of some requests is especially unpleasant and leads to lots of wasted work (uploading of syz-ci build info, job completion, etc). So we retry requests several times. We do this always for all requests, since we don't expect any of them to legitimately fail (we don't send malformed requests), and it won't harm for any request types.
* dashboard/app: add manual AI job triageDmitry Vyukov2026-01-133-2/+59
| | | | Allow to set the Correct flag for completed AI jobs.
* dashboard/app: make bug lists collapsibleDmitry Vyukov2026-01-133-11/+14
| | | | | | The bug lists on the main page are extremely long, it's very hard to navigate between them. Make bug lists collapsible.
* dashboard/app: fix rendering of dup bugs captionDmitry Vyukov2026-01-131-1/+0
| | | | | | | | After addition of collapsible sections on the bug page, we show 2 captions for the duplicate bugs table. One for the collapsible span "Duplicate bugs (2)", and another inside for the table "duplicates (2):". Remove the inner duplicate caption.
* syz-cluster: prioritize blob-based base commitsAleksandr Nogikh2026-01-136-38/+145
| | | | | | | | | | | | | Consider Cc'd mailing lists when selecting the exact base commit. Among the base commits determined based on blob sha value from the git patch, first select the ones that match both the trees of the Cc'd subsystems and their primary branches. If it gives no exact match, select a base commit that comes from a tree of a Cc'd subsystem. As fallback, take any subsystem tree. This should prevent valid, but suprising patch series triage results.
* pkg/vcs: return multiple base commit candidatesAleksandr Nogikh2026-01-133-29/+67
| | | | | Return the commits that represent unique sets of branches. Sort the list topologically, breaking ties by commit date.
* dashboard/app: add spanner Jobs.Correct fieldDmitry Vyukov2026-01-135-8/+36
| | | | | | Lay down foundation for spanner DB migrations by adding Jobs.Correct field. This will allow us to test deployment of such changes. The field will be used to record results of manual assessment of AI job results.
* dashboard/app: prepare for spanner migrationsDmitry Vyukov2026-01-131-6/+27
| | | | | | | | If the code uses "select *", it's not possible to update spanner schema. Adding a field to spanner first leads to "missing field in Go struct" errors, adding a field to Go struct first leads to "missing field in spanner" errors. Replace "select *" with concrete set of fields the code knowns about. This should allow adding fields to spanner first.
* docs: fix section numbering error in syzos.md6eanut2026-01-131-2/+2
|
* docs: add syzos.mdAlexander Potapenko2026-01-131-0/+214
| | | | Initial commit of the SYZOS technical documentation
* tools/docker: install binutils-goldAndrei Vagin2026-01-131-1/+1
| | | | | | It is required to build gvsior. Signed-off-by: Andrei Vagin <avagin@google.com>
* tools/syz-aflow: support downloading bugs behind an AppEngine loginFlorent Revest2026-01-131-8/+45
| | | | | | | | | | | | Some syzbot dashboard pages are guarded by an AppEngine login page. The -download flag helps generate an input.json out of a bug report but it currently uses simple HTTP GET commands without any authentication. When called on a bug behind a login page, it received a login page HTML instead of a json payload and fails in confusing ways. The authentication page can be skipped using an authentication token. It's easy to retrieve a token from the gcloud auth print-access-token command.
* pkg/aflow/flow/assessment: add UAF moderation workflowDmitry Vyukov2026-01-126-2/+136
| | | | | | Add workflow that can be used for moderation of UAF bugs (consistent/actionable reports), such UAF bugs can be upstreammed automatically, even if they happened only once and don't have a reproducer.
* tools/syz-aflow: support setting a custom cache sizeFlorent Revest2026-01-121-3/+30
| | | | | | This is useful to save time when iterating on syz-aflow changes. Note that this also sets a cache size of 10GB by default
* pkg/aflow/flow/assessment: refine KCSAN promptDmitry Vyukov2026-01-122-39/+34
| | | | | | | | | | | | | | Rephrase the prompt to be only about KCSAN, currently it has some leftovers from more generic assessment prompt that covered KASAN bugs as well (actionability). Also add Confident bool output. We may want to act on both benign/non-benign, so we need to know when LLM wasn't actually sure either way. This should also be useful for manual verification/statistics. If LLM is not confident and can can admit that, it's much better than giving a wrong answer. But we will likely want to track percent of non-confident answers.
* pkg/osutil: fix CreationTimeDmitry Vyukov2026-01-094-12/+26
| | | | | | | | | | We return Ctime from CreationTime. But "C" does not stand for "creation", it stands for "status change" (inode update). It may or may not be the creation time. Use Btime (birth time) for creation time. Fixes #6547
* pkg/email: add tests for base-commit extractionPimyn Girgis2026-01-091-0/+110
|
* pkg/email: extract base-commit hash from emailsPimyn Girgis2026-01-092-34/+50
| | | | If the author of a patch series provides a base-commit tag, extract and store the hash.
* pkg/aflow/action/kernel: fix removal on unneeded build filesDmitry Vyukov2026-01-091-4/+4
| | | | | Paths passed to filepath.WalkDir are absolute (include the dir prefix), account for that. Strings returned by filepath.Ext include the dot, account for that as well.
* syz-agent: add json tag for CacheSize parameterDmitry Vyukov2026-01-091-1/+1
|
* pkg/report: move TitleToCrashType to crash packageDmitry Vyukov2026-01-098-65/+63
| | | | | | | | | TitleToCrashType is a simple function with no heavy dependencies that is used by the dashboard app. Currnetly we have to import pkg/report into dashboard/app, and this package has lots of heavy deps (symbolizer, demangler, coverage report generation, etc). Move TitleToCrashType to pkg/report/crash (where it arguably belongs anyway).
* sys/linux, executor: enable kvm fuzzing support for riscv646eanut2026-01-095-64/+81
|
* pkg/report: fix fuchsia ParseTaras Madan2026-01-091-3/+10
| | | | | rep.Output and rep.Report offsets are different because rep.Report is symbolized Fix converts offsets from symbolized version back to the raw version.
* syz-cluster: guess base patch by blob hashes from the diffAleksandr Nogikh2026-01-095-21/+99
| | | | | Before traversing the list of trees, attempt to determine the base tree/commit by looking at the SHA hashes from the supplied git diffs.
* syz-cluster: build commit graph during triageAleksandr Nogikh2026-01-091-0/+1
| | | | | It will accelerate various commit search operations by orders of magnitude.
* pkg/vcs: find base commit by blob sha hashesAleksandr Nogikh2026-01-092-0/+264
| | | | | | Given a git diff, determine the latest commit where the modified files still have the exact sha hashes they had at the moment the git patch was created.
* pkg/vcs: extend git testing helpersAleksandr Nogikh2026-01-092-12/+29
| | | | | Add a commitChangeset() method to simplify setting up repository states in tests.
* pkg/vcs: extend ParseGitDiffAleksandr Nogikh2026-01-093-12/+49
| | | | Return not just the modified files, but also their blob hashes.
* pkg/aflow/action/kernel: keep few more files in build outputsDmitry Vyukov2026-01-091-2/+7
| | | | | Keep vmlinux for debug info/addr2line. Keep compile_commands.json, we need it for codesearch.
* syz-agent: make cache size configurableDmitry Vyukov2026-01-091-2/+5
| | | | It may be useful to use smaller than 1TB cache size for local test runs.
* mod: bump cloud.google.com/go/batch from 1.13.0 to 1.14.0dependabot[bot]2026-01-092-6/+6
| | | | | | | | | | | | | | | | Bumps [cloud.google.com/go/batch](https://github.com/googleapis/google-cloud-go) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.13.0...dlp/v1.14.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/batch dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* syz-agent: add agentic serverDmitry Vyukov2026-01-093-2/+230
| | | | | Add server for running agentic workflows as part of syzbot. The architecture and use are similar to that of syz-ci.
* tools/syz-aflow: add command line tool for agentic workflowsDmitry Vyukov2026-01-091-0/+132
| | | | | | | syz-aflow tool can be used to invoke any agentic workflow registered with pkg/aflow. For example, to run the patching workflow use: go run ./tools/syz-aflow -input=input.json -download-bug=d8fd35fa6177afa8c92b go run ./tools/syz-aflow -input=input.json -workflow=patching-baseline -workdir=workdir
* pkg/aflow/flow: add packageDmitry Vyukov2026-01-092-0/+15
|
* pkg/aflow/flow/patching: add bug fix patching workflowDmitry Vyukov2026-01-092-0/+195
|
* pkg/aflow/flow/assessment: add KCSAN bug assessment workflowDmitry Vyukov2026-01-092-0/+89
|
* pkg/aflow/action/kernel: add build actionDmitry Vyukov2026-01-091-0/+63
|
* pkg/aflow/action/kernel: add checkout actionDmitry Vyukov2026-01-091-0/+90
|
* pkg/aflow/action/crash: add crash repro toolDmitry Vyukov2026-01-091-0/+115
|
* tools/clang/codesearch: add README.mdDmitry Vyukov2026-01-091-0/+8
|
* pkg/aflow/tool/codesearcher: add packageDmitry Vyukov2026-01-091-0/+171
|
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 15:59:39 +0000