| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
All repros and jobs that use syz rerpos are broken for linux/amd64/386 since Mar 2022 with:
SYZFAIL: failed to recv rpc
aborting RPC server: mismatching manager/executor arches: amd64 vs 386
The problem is that ExecProgInstance.RunSyzProgFile passes sysTarget.Arch
(which is VMArch) to syz-execprog, so it expects executor to be amd64.
Restore the orignal logic.
|
| |
|
|
| |
Any is the preferred over interface{} now in Go.
|
| |
|
|
|
|
|
|
|
|
| |
Enable external abortion of the instance creation process. This is
especially useful for the qemu case where we retry the creation/boot up
to 1000 times, which can take significant time (e.g. it timeouts
syz-cluster pods on unstable kernels).
The context can be further propagated to WaitForSSH, but that requires
another quite significant vm/ refactoring.
|
| | |
|
| |
|
|
|
| |
1. func Run optionally accepts the opts.
2. Some refactoring, more comments.
|
| |
|
|
| |
It allows to use context as a single termination signal source.
|
| |
|
|
|
| |
go install golang.org/x/tools/cmd/deadcode@latest
deadcode -test ./...
|
| |
|
|
|
|
|
|
|
|
|
| |
In some build environments (notably Yocto), syzkaller host and target
binaries end up in separate packages for each built architecture, which
are then shipped with the respective image/SDK.
Add the "Execprog/ExecutorBinOnTarget" and "StraceBinOnTarget" options
to the manager config, which when set expects the respective binaries to
be shipped with the target image and does not attempt to copy them from
the host.
|
| |
|
|
|
|
|
|
|
|
| |
Refactor pkg/repro to accept a context.Context object. This will make it
look more similar to other package interfaces and will eventually let us
abort currently running repro jobs without having to shut down the whole
application.
Simplify the code by factoring out the parameters common both to RunSyzRepro()
and RunCRepro().
|
| |
|
|
| |
Reduce the number of arguments by using a csource.Option value directly.
|
| |
|
|
|
|
| |
This makes it possible to skip certain machine
checks depending on the VM type, as syz-manager
already does.
|
| |
|
|
|
|
|
| |
Our largest timeout is 6 minutes, so anything between 1.5 minutes and 6
ended up having a 9 minute timeout. That's too much.
Consider the time it actually took to crash the kernel.
|
| |
|
|
|
|
|
|
|
|
|
| |
When we accept new kernels for fuzzing we need more extensive testing,
but syz-ci switched to using syz-manager for this purpose.
Now instance testing is used only for bisection and patch testing,
which does not need such extensive image testing (it may even harm).
So just run a simple program as a testing.
It also uses the same features as the target reproducer,
so e.g. if the reproducer does not use wifi, we won't test it,
which reduces changes of unrelated kernel bugs.
|
| |
|
|
|
|
|
| |
We don't really need to overwrite it.
For syz programs, don't ignore non-zero exit codes. This should enable
syzkaller to find reproducers for "lost connection" bugs.
|
| |
|
|
|
|
| |
All callers of Run always call MonitorExecution right after it.
Combine these 2 methods. This allows to hide some implementation
details and simplify users of vm package.
|
| | |
|
| |
|
|
|
|
|
| |
The test() code is used for reproducer generation and kernel bisections,
we don't need symoblized reports there.
Instead of retuning an error, just print a log message.
|
| |
|
|
|
| |
Interact with a syz-execprog instance via an additional interface. This
will simplify testing.
|
| |
|
|
| |
syz-manager: introduce a new setting 'sandbox_arg' (#3263)
|
| |
|
|
|
|
|
|
| |
That method was not assumed to take ownership of the instance. This
can lead to double-closing of it during bisection/patch testing, and
therefore to panic().
Closes #3210.
|
| |
|
|
|
|
|
|
| |
If `strace_bin` is specified, syzkaller will invoke a reproducer with it
and save the output. This should help in debugging.
If syz-manager is attached to a dashboard, upload the strace-powered output
and report.
|
| |
|
|
|
| |
Also update syz-crush to save RawOutput instead of output from the
Report.
|
|
|
Previously it was copypasted in pkg/instance, pkg/repro,
tools/syz-crash. Use the single implementation instead.
Also, this commit fixes a bug - the previous code always set collide to
true while reproducing a bug, which led to an immediate syz-exexprog's
exit. As a result, newer bugs with .syz repro only were never actually
reproduced on #syz test requests.
|
