syz - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	executor: decouple kcov memory allocation from the trace	Alexander Potapenko	2025-08-05	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	On different platforms and in different coverage collection modes the pointer to the beginning of kcov buffer may or may not differ from the pointer to the region that mmap() returned. Decouple these two pointers, so that the memory is always allocated and deallocated with cov->mmap_alloc_ptr and cov->mmap_alloc_size, and the buffer is accessed via cov->data and cov->data_size. I tried my best to not break Darwin and BSD, but I did not test them.
*	all: format with clang-format-20	Aleksandr Nogikh	2025-04-24	1	-1/+1
\| \| \| \|	The tests began to fail after pushing the new env container.
*	pkg/rpcserver: move kernel test/data range checks from executor	Dmitry Vyukov	2024-07-01	1	-15/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We see some errors of the form: SYZFAIL: coverage filter is full pc=0x80007000c0008 regions=[0xffffffffbfffffff 0x243fffffff 0x143fffffff 0xc3fffffff] alloc=156 Executor shouldn't send non kernel addresses in signal, but somehow it does. It can happen if the VM memory is corrupted, or if the test program does something very nasty (e.g. discovers the output region and writes to it). It's not possible to reliably filter signal in the tested VM. Move all of the filtering logic to the host. Fixes #4942
*	executor: factor out is_kernel_pc helper	Dmitry Vyukov	2024-06-11	1	-0/+5
\| \| \| \|	Factor out is_kernel_pc helper and add kernel pc range for test OS for testing.
*	executor: add end-to-end coverage/signal/comparisons test	Dmitry Vyukov	2024-06-11	1	-0/+5
\|
*	executor: better errors for failed mmaps	Dmitry Vyukov	2022-10-21	1	-2/+3
\| \| \| \| \| \|	A fixed-address mmap can fail completely or return a different address. Log what it was. Based on: https://groups.google.com/g/syzkaller/c/lto00RwlDIQ
*	fix: "mmap_alloc_size"->"cov->mmap_alloc_size"	aiQG_	2022-02-21	1	-1/+1
\|
*	executor: delay kcov mmap until it is needed	Aleksandr Nogikh	2021-12-03	1	-11/+7
\| \| \| \| \| \| \| \| \|	The previous strategy (delay kcov instance creation) seems not to work very well in carefully sandboxed environments. Let's see if the new approach is more versatile. Open a kcov handle for each thread at syz-executor's initialization, but don't mmap it right away.
*	executor: reserve fds that will belong to kcov	Aleksandr Nogikh	2021-12-03	1	-0/+8
\| \| \| \| \| \| \| \| \|	As now kcov instances may get set up during fuzzing, performing dup2 in cover_open is no longer safe as it may close some important resource. Prevent that by reserving most of fds that belong to the kcov fds range. Unfortunately we must duplicate the code because of the way kcov implementations are organized.
*	executor: initial darwin support	Patrick Meyer	2021-05-20	1	-0/+123