| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
There have been missing practical instructions on how to use the assets.
|
| |
|
|
| |
Fix various typos within the documentation directory.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The buildroot images deployed after #2820 can only boot v4.19+ kernels.
This has caused lots of bad bisection results, see #3224. We either
need a new universal image or a kernel version dependant image
selection. For now we stop at v4.19+.
FATAL: kernel too old
[ 8.076311] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00
|
| |
|
|
|
|
|
|
|
| |
Tl;Dr They try to identify the data structure involved in a crash,
e.g. by parsing the WARN_ON condition. They modify the compiler
instrumentation to overwrite some of the upper bits in the program
counters, for program counters that modify the data structure. Then
they guide coverage by these magic PCs. They do this to find other
failure modes of buggy code found by syzkaller.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
bullseye has been the current Debian stable release since 2021, and
stretch is now well and truly in the LTS support phase. Change the default
release in create-image.sh to bullseye.
Also update most other references to stretch in the documentation and
elsewhere (there's still a few references we don't change because they're
links to images etc).
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
|
| |
|
|
|
| |
Recommend CONFIG_DEBUG_INFO_DWARF4 (syzkaller doesn't work with DWARF5)
and bump the kernel version.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a `json` CLI flag that allows for writing out a JSON file with the
following coverage information.
* Module
* Filename
* Covered source lines
* Uncovered source lines
* Both source lines
This can be used to view syzkaller coverage information on other source
browsing/viewing tools.
Usage:
$ ./syz-cover -kernel_obj <path/to/vmlinux> -json <output_json> rawcover
|
| | |
|
| |
|
|
|
|
|
| |
Add an example of an inlined patch testing request.
Add a link to the real-word #syz test commands.
Remove the mention of delays due to bisections -- it's no longer the
case.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This commit adds a new VM for fuzzing starnix.
The VM will boot a fuchsia image using the `ffx` tool and will connect to an adb server inside it. Fuzzing will be done using HostFuzzer mode due to some features not being implemented yet in starnix. Once this is possible, fuzzing will be performed without HostFuzzer mode.
Co-authored-by: Juampi Miceli <jpmiceli@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
There are two reasons:
- The 2022.02 version does not longer build with the latest versions of
the build tools.
- The latest version was tested to work fine with the scp changes that
came with OpenSSH 9.0 (the use of the SFTP protocol).
Document the problem with scp in the troubleshooting guide.
|
| |
|
|
|
|
|
|
| |
Corrected typos:
- lastest->latest
- exatra->extra
Add languages to fenced code blocks in line with MD040 linting.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The new "$..." syntax is read as a Base64 encoding binary data.
Note that users cannot specify the size of the Base64 syntax using the
`"..."/<size>` notation.
When serialising programs to human-readable form, only compressed types
(determined by `IsCompressed()`) are represented using the new Base64
notation.
Also add a couple of serialisation tests, checking behaviour for
compressed and non-compressed types.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
builtin
Create the `BufferCompressed` kind of `BufferType`, which will be used
to represent compressed data. Create the corresponding `compressed_image`
syzlang builtin, which is backed by `BufferCompressed`. For now, no
syscalls use this feature - this will be introduced in future commits.
We have to be careful to decompress the data before mutating, and
re-compress before storing. We make sure that any deserialised
`BufferCompressed` data is valid too.
`BufferCompressed` arguments are mutated using a generic heatmap. In
future, we could add variants of `BufferCompressed` or populate the
`BufferType` sub-kind, using it to choose different kinds of heatmap for
different uncompressed data formats.
Various operations on compressed data must be forbidden, so we check for
`BufferCompressed` in key places. We also have to ensure `compressed_image`
can only be used in syscalls that are marked `no_{generate,minimize}`.
Therefore, we add a generic compiler check which allows type
descriptions to require attributes on the syscalls which use them.
|
| |
|
|
|
| |
Built by
https://github.com/tarasmadan/gcc-10.2/blob/8a0c67cd9474ab3bf02bf236467f4e01396e342a/build_scripts/build_gcc_10.sh
|
| |
|
|
|
| |
Fuchsia's //bundles:tools target was renamed to
//bundles/tools.
|
| | |
|
| | |
|
| |
|
|
| |
For context, see fxbug.dev/110060
|
| |
|
|
|
|
|
|
|
|
| |
Create a `no_minimize` attribute to be used with syscalls that
`syzkaller` should not try to modify when minimizing a program that
produces a bug. The intention is to use this with syscalls that are
expensive to minimize, such as `syz_mount_image`.
Currently there are no `no_minimize` syscalls, but the next commit will
add some.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a `no_generate` attribute to be used with syscalls that
`syzkaller` should not try to generate from scratch. In other words,
`syzkaller` will only use seeds of this call. This will be useful for
syscalls which are unlikely to be correctly generated.
In particular, prevent these syscalls from being included in the choice
table or from being considered as possible resource constructors.
Also add a test which will attempt to generate programs with a bias
towards `no_generate` syscalls, and flag up any that make it into result
programs. Currently there are no `no_generate` syscalls, but the next
commit will add some.
|
| | |
|
| | |
|
| |
|
|
| |
The right target name is "syz-manager", not "syzkaller".
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
See https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=106099.
Co-authored-by: Chris Palmer <palmer@google.com>
|
| | |
|
| |
|
|
|
| |
Also enhance the README.md somewhat.
Co-authored-by: Chris Palmer <palmer@google.com>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fuchsia has not been properly supported for a while now, and the
documentation suggesting so has been a source of confusion. This updates
the README to add a caveat, while also doing some minor cleanup in the
process.
For more context, see https://fxbug.dev/101134.
|
| |
|
|
| |
We have multiple file path representations now.
+ tests to cover all 3 scenarios and doc update
|
| |
|
|
| |
'make kvmconfig' was replaced with 'make kvm_guest.config' after linux 5.10.
|
| |
|
|
| |
Fixes #1043
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Bumped the required go version to 1.16 or higher.
|
