| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Make it clearer how to add new commands.
|
| | |
|
| |
|
|
| |
Initial commit of the SYZOS technical documentation
|
| |
|
|
| |
Update #5308
|
| |
|
|
|
|
|
|
|
|
| |
Debian bullseye is now oldoldstable, so update the default release to
trixie.
While we're at it, update documentation references to old Debian releases
to match.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
This change adds VirtualBox support to syzkaller. It implements the VM
interface for VirtualBox and provides:
- full VM lifecycle operations (create, boot, stop, snapshot restore)
- serial console hookup and integration with the output merger
- proper boot wait logic similar to qemu, using SSH readiness
- boot-time crash capture using collected console output
|
| | |
|
| |
|
|
|
|
| |
Finish the translation of docs/maintaining.md, which has been proofread by HCTT.
Update to commit 0773c42 ("docs: fix misspellings").
|
| |
|
|
|
|
| |
Finish the translation of docs/strace.md, which has been proofread by HCTT.
Update to commit a87f559 ("docs: typo fixes").
|
| |
|
|
|
|
| |
Finish the translation of docs/syz_verifier.md, which has been proofread by HCTT.
Update to commit aeb6ec6 ("docs: mention that syz-verifier is broken").
|
| |
|
|
|
|
| |
Finish the translation of docs/syz_testbed.md, which has been proofread by HCTT.
Update to commit d4d447c ("tools/create-image.sh: upgrade default release to bullseye").
|
| |
|
|
|
|
|
|
|
| |
Update kfuzztest.md to reflect some recent changes. In particular:
- Point to the newest kernel pull request (PR v2) instead of the
outdated RFC v1 patch series.
- Change example description, as commit 0ac7291ca introduced a new input
parameter for syz_kfuzztest_run.
|
| |
|
|
|
|
|
| |
Add documentation for syzkaller's KFuzzTest integration, and a separate
documentation file for the syz-kfuzztest program.
Signed-off-by: Ethan Graham <ethangraham@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add syz_kfuzztest_run pseudo-syscall, KFuzzTest attribute, and encoding
logic.
KFuzzTest targets, which are invoked in the executor with the new
syz_kfuzztest_run pseudo-syscall, require specialized encoding. To
differentiate KFuzzTest calls from standard syzkaller calls, we
introduce a new attribute called KFuzzTest or "kfuzz_test" in syzkaller
descriptions that can be used to annotate calls.
Signed-off-by: Ethan Graham <ethangraham@google.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `no_squash` per-syscall attribute prevents the fuzzer from generating
squashed arguments to a particular syscall.
This is particularly helpful for pseudo-syscalls with elaborate
arguments that are hard to reason about when they are squashed - e.g.
for syz_kvm_add_vcpu() that takes a SYZOS program as an input.
I've considered an alternative solution that prohibits ANY for all
pseudo-syscalls. But there is a bunch of existing programs (both
the tests and the repros) for syscalls like syz_mount_image() for which
the benefit of not passing ANY is not immediately obvious.
I therefore decided to go with an explicit attribute that can later
be enforced for every pseudo-syscall at compile time.
|
| | |
|
| |
|
|
|
|
|
|
| |
virtual device
Add new page for fuzzing Linux x86-64 kernel on Android virtual device.
It explains how to build and run Android Generic System Image and
Generic Kernel Image on Ubuntu host.
|
| |
|
|
| |
Gemini CLI experiments side effect.
|
| |
|
|
| |
Emphasize source files and line numbers
|
| |
|
|
| |
Commit d34313c changed the sourcedir variable in the syz-extract command but did not adjust the text beneath it.
|
| |
|
|
| |
Remove duplicate entry and annoucement by Daimeng Wang of the later published work "SyzVegas".
|
| |
|
|
|
|
| |
SyzGPT is the first LLM-assisted kernel fuzzing framework aiming at
generating effective seeds (Syz-programs) for the rarely covered
syscalls during kernel fuzzing. Refer to our repo for more details.
|
| | |
|
| |
|
|
|
|
| |
Finish the translation of docs/pseudo_syscalls.md, which has been proofread by HCTT translation team.
Update to commit 0b3dad4606c0 ("pkg/vminfo: move feature checking to host").
|
| |
|
|
|
|
| |
Finish the translation of docs/adding_new_os_support.md, which has been proofread by HCTT translation team.
Update to commit db5852f9fc90 ("docs/adding_new_os_support.md: fix a typo").
|
| |
|
|
|
|
| |
Finish the translation of docs/db.md, which has been proofread by HCTT translation team.
Update to commit 36c961ad9dc0 ("tools/syz-db: add more usage info for syz-db").
|
| |
|
|
|
| |
It looks like it is mandatory to avoid this error:
unsupported bisect compiler:
|
| |
|
|
| |
Many assorted updates.
|
| |
|
|
|
|
| |
Don't confuse the users by making it look like the tool works.
Fixes #5950.
|
| |
|
|
|
|
| |
Fixes a typo.
Signed-off-by: Mirko Covizzi <mrkcvzz@gmail.com>
|
| |
|
|
|
|
| |
Fixes a few typos.
Signed-off-by: Mirko Covizzi <mrkcvzz@gmail.com>
|
| |
|
|
|
| |
Add a sample syzkaller config with comments so that we could refer to it
in the tutorials.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Syscall attributes are extended with a fsck command field which lets
file system mount definitions specify a fsck-like command to run. This
is required because all file systems have a custom fsck command
invokation style.
When uploading a compressed image asset to the dashboard, syz-manager
also runs the fsck command and logs its output over the dashapi.
The dashboard logs these fsck logs into the database.
This has been requested by fs maintainer Ted Tso who would like to
quickly understand whether a filesystem is corrupted or not before
looking at a reproducer in more details. Ultimately, this could be used
as an early triage sign to determine whether a bug is obviously
critical.
|
| |
|
|
| |
Useful for testing local Dockerfile changes that have not been pushed yet.
|
| |
|
|
|
|
|
| |
1. Get rid of executing_syzkaller_programs.md as it now mostly overlaps
with reproducing_crashes.md.
2. Update the instructions on building the kernel with syzbot compilers.
3. Update the links throughout the documentation.
|
| |
|
|
|
|
|
|
|
|
| |
Let's list all the possible ways of reproducing syzkaller crashes
locally and keep the instructions of how to manually craft a reproducer
at the bottom.
Add information about the ktest tooling - now it also automates the
reproduction of syzbot bugs. See the discussion at:
https://groups.google.com/g/syzkaller/c/UTPrWcJfS8Q/m/K1YXz-f1AQAJ
|
| |
|
|
|
|
|
|
|
|
|
| |
ex. f3 field has logic or operator in if condition:
conditional_struct {
mask int32
f1 field1 (if[value[mask] & FIELD_FLAG1])
f2 int64 (if[value[mask] & FIELD_FLAG2])
f3 int64 (if[value[mask] == FIELD_FLAG1 || value[mask] == FIELD_FLAG2])
} [packed]
|
| | |
|
| |
|
|
|
|
|
| |
In some situations, it could be useful to share access to the dashboard
to multiple authentication domains. The current GlobalConfig format
doesn't really allow it so this deprecates the existing field and add a
new slice of allowed authentication domains.
|
| |
|
|
|
|
|
| |
go.mod has been bumped with go 1.22.1 version recently.
So let's update the documentation as well.
https://github.com/google/syzkaller/blob/master/docs/linux/setup.md#go-and-syzkaller
|
| |
|
|
| |
Add more guidelines and be more concrete.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
act(https://github.com/nektos/act) is used to build github workflow locally.
When running `act -j build` in local host, it reports:
exec failed: unable to start container process: exec: "node": executable file
not found in $PATH: unknown.
Adding nodejs package can fix the build error.
Updated docs with act usage too.
|
| | |
|
