syz - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	pkg/fuzzer: remove signal rotation	Dmitry Vyukov	2024-07-02	1	-3/+1
\| \| \| \| \| \| \|	Signal rotation is intended to make the fuzzer re-discover flaky coverage in non flaky way. However, taking into accout that we get effectively the same effect after each manager restart, and that the fuzzer is overloaded with triage/smash jobs, it does not look to be worth it.
*	pkg/rpcserver: move kernel test/data range checks from executor	Dmitry Vyukov	2024-07-01	1	-10/+18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We see some errors of the form: SYZFAIL: coverage filter is full pc=0x80007000c0008 regions=[0xffffffffbfffffff 0x243fffffff 0x143fffffff 0xc3fffffff] alloc=156 Executor shouldn't send non kernel addresses in signal, but somehow it does. It can happen if the VM memory is corrupted, or if the test program does something very nasty (e.g. discovers the output region and writes to it). It's not possible to reliably filter signal in the tested VM. Move all of the filtering logic to the host. Fixes #4942
*	pkg/report: suppress executor SIGBUS	Dmitry Vyukov	2024-07-01	1	-2/+3
\| \| \| \| \| \|	SIGBUS means OOM on Linux. Most of the crashes that happen during fuzzing are SIGBUS, so separate them from SIGSEGV and suppress.
*	pkg/flatrpc: rename StartLeakChecks to CorpusTriaged	Dmitry Vyukov	2024-07-01	1	-3/+3
\| \| \| \| \| \|	It's a more general name that says what happened rather than a detail of what excutor should do. We can use this notification for other things as well.
*	executor: fix max signal/cover filter mapping into subprocesses	Dmitry Vyukov	2024-06-28	1	-0/+6
\| \| \| \| \| \| \| \| \| \| \|	There is a quirk related to posix_spawn_file_actions_adddup2: it just executes the specified dup's in order in the child process. In our case we do dups as follows: 20 -> 4 (output region) 4 -> 5 (max signal) So we dup the output region onto 4 first, and then dup the same output region (fd 4 becomes the output region) onto 5 (max signal). So we have output region as both output region and max signal.
*	executor: handle features that fail in non-fatal way	Dmitry Vyukov	2024-06-27	1	-1/+1
\| \| \| \| \| \| \|	Coverage setup fails with exitf if not supported. Currently we consider it as transient error that needs to be retried. As the result we reach 20 attempts and crash the VM. Return an error in such case instead.
*	executor: use mcontext_t only on linux	Dmitry Vyukov	2024-06-26	1	-2/+2
\| \| \| \| \| \| \| \|	OpenBSD says: executor/executor_runner.h:750:51: error: no member named 'uc_mcontext' in 'sigcontext' auto& mctx = static_cast<ucontext_t*>(ucontext)->uc_mcontext; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
*	executor: swap addr/pc in SigsegvHandler	Dmitry Vyukov	2024-06-25	1	-1/+1
\|
*	Revert "syz-manager: support stdin as port forwarding result"	Dmitry Vyukov	2024-06-25	1	-15/+3
\| \| \| \| \| \| \| \| \| \| \| \|	This reverts commit 215eef4ad85fb6124af70d1e5c9729b69554a32b. The gvisor "stdin" address still crashes in executor Connection::Connect on atoi(ports) with ports == NULL. The gvisor "stdin" address is not tested, so it's better to make it less special rather than add more special cases in manager, executor, and now also in Connection to handle it. It still may crash in future after some changes.
*	syz-manager: support stdin as port forwarding result	Aleksandr Nogikh	2024-06-24	1	-3/+15
\| \| \| \|	It is returned from vm/gvisor.
*	executor: add runner mode	Dmitry Vyukov	2024-06-24	1	-0/+801
	Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer. Also restore syz-runtest functionality in the manager. Update #4917 (sets most signal handlers to SIG_IGN)