| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
open is not present on arm64, only openat.
accept is not present on 386, only accept4.
Duplicate all open/accept specializations with
corresponding openat/accept4 specializations
to enable testing on 386/arm64.
|
| | |
|
| |
|
|
|
| |
Note: ion supercedes the old android interface,
which is moved to sys/android.
|
| | |
|
| |
|
|
|
|
|
| |
We don't need compiler support for such things anymore,
now we simply can do:
type signalno int32[0:65]
|
| | |
|
| |
|
|
| |
Test we actually can get an unnatural len value.
|
| |
|
|
| |
This is need for few crypto/xfrm descriptions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Mostly extensions of API in 4.15.
|
| | |
|
| |
|
|
| |
...was wrong all that time
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "define uint64_t unsigned long long" were too good to work.
With a different toolchain I am getting:
cstdint:69:11: error: expected unqualified-id
using ::uint64_t;
^
executor/common.h:34:18: note: expanded from macro 'uint64_t'
Do it the proper way: introduce uint64/32/16/8 types and use them.
pkg/csource then does s/uint64/uint64_t/ to not clutter code with
additional typedefs.
|
| |
|
|
| |
Detected only by clang.
|
| |
|
|
|
|
|
| |
We use exitf on loop failures, anbd exitf is retry-able.
However, we use different status when replying to ipc,
and that different status is what ipc actually uses.
Use kRetryStatus status in case on unexpected loop failures.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I see a crash which says:
#0: too much cover 0 (errno 0)
while the code is:
uint64_t n = ...;
if (n >= kCoverSize)
fail("#%d: too much cover %u", th->id, n);
It seems that the high part of n is set, but we don't see it.
Add printf format attribute to fail and friends and fix all similar cases.
Caught a bunch of similar cases and a missing argument in:
exitf("opendir(%s) failed due to NOFILE, exiting");
|
| |
|
|
|
|
|
|
| |
Currently csource uses completely different, simpler way of scheduling
syscalls onto threads (thread per call with random sleeps).
Mimic the way calls are scheduled in executor.
Fixes #312
|
| |
|
|
| |
doexit already contains an infinite loop.
|
| |
|
|
|
|
|
|
|
|
| |
Generated program always uses pid=0 even when there are multiple processes.
Make each process use own pid.
Unfortunately required to do quite significant changes to prog,
because the current format only supported fixed pid.
Fixes #490
|
| |
|
|
| |
Fixes #174
|
| |
|
|
| |
copyin is already NONFAILING.
|
| |
|
|
|
|
|
| |
Currently threaded/collide are global environment flags.
It can be useful to turn off collider during some executions
(minimization, triage, etc).
Make them per-program options.
|
| |
|
|
|
|
|
|
| |
Fixes #188
We now will write just ""/1000 to denote a 1000-byte output buffer.
Also we now don't store 1000-byte buffer in memory just to denote size.
Old format is still parsed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #460
File names, crypto algorithm names, etc in programs are completely unreadable:
bind$alg(r0, &(0x7f0000408000)={0x26, "6861736800000000000000000000",
0x0, 0x0, "6d6435000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000
00000000000"}, 0x58)
Introduce another format for printable strings.
New args are denoted by '' ("" for old args).
New format is enabled for printable chars, \x00
and \t, \r, \n.
Example:
`serialize(&(0x7f0000408000)={"6861736800000000000000000000", "4849000000"})`,
vs:
`serialize(&(0x7f0000408000)={'hash\x00', 'HI\x00'})`,
|
| |
|
|
|
|
| |
Now works fast enough even for short mode.
Fixes #208
|
| |
|
|
|
|
| |
We have them in linux solely for historical reasons.
Fixes #462
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Hints for data args don't work.
We do all the work, but at the final stage we patch
arg in the _old_ program, not in the _new_ one.
So programs passed to the callback are all the same
and don't contain any mutations.
Tests did not catch this because they work right before that point
(don't test the actual interface function MutateWithHints).
Fix that and add a test that catches this.
|
| | |
|
| |
|
|
|
|
| |
exitf function was not defined with some combinations of options in csource.
Fix defines and switch exitf back to fail, fail already checks ENOMEM/EAGAIN,
so there is no reason to use exitf in this particular case.
|
| |
|
|
|
|
|
|
| |
Unshare as much as we can for all sandboxing modes.
This fixes "kernel panic: Attempted to kill init!" crashes
under sandbox=none. And should just generally improve
reproducibility, e.g. if we unshare SYSVSEM fuzzer won't
collide with any existing semaphores.
|
| |
|
|
|
| |
We see occasional ENOENT/EACCES errors returned.
It seems that fuzzer somehow gets its hands to it.
|
| |
|
|
|
|
| |
I guess this is currently unused,
but ignoring bytesizeN for vma looks wrong.
If user asks for bytesizeN for vma, divide vma size by N.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For string[N] we successfully deserialize a string of any length.
Similarly for a fixed-size array[T, N] we successfully deserialize
an array of any size.
Such programs later crash in foreachSubargOffset because static size
Type.Size() does not match what we've calculated iterating over fields.
The crash happens only in SerializeForExec in syz-fuzzer,
which is especially bad.
Fix this from both sides:
1. Validate sizes of arrays/buffers in Validate.
2. Repair incorrect sizes in Deserialize.
|
| |
|
|
|
| |
This [almost] always means a bug in descriptions.
Fix all bugs identified by the check.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Contol len is in bytes, not array elements.
|
| |
|
|
|
|
|
| |
KEYCTL_DH_COMPUTE used the old fixed list of algorithm names.
Use the new code for algorithm generation.
+ it needs only SHASH algs, but we passed in all alg names.
Pass only SHASH algs.
|
| | |
|
| | |
|
| |
|
|
| |
Makes code slightly simpler.
|
