| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
For debugging of:
https://groups.google.com/forum/#!topic/syzkaller-bugs/2lgvlHd8t1c
|
| |
|
|
|
| |
SkipPos is what pkg/instance needs,
but also will be needed for ParseAll.
|
| |
|
|
|
|
| |
Currenlty only syz file is taken into account when testing.
Use also c source file if available. Still use syz as a "main"
reproducer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new attribute to syzkaller targets that tells
syzkaller how to invoke the syz-executor command.
Some systems, like Fuchsia, are now building syz-executor as part of the
build, and there is no need to copy it over, or to run it from `/tmp`.
In fact, that might stop working at some time in the future in Fuchsia.
All places that used to copy syz-executor into the target machine will
now check for the SyzExecutorCmd flag, and won't copy it if the flag is
set.
|
| |
|
|
|
|
|
| |
Move HostFuzzer from vm/qemu.
It's needed in a number of other packages
and strictly saying is not specific to qemu
(it just happened that both fuchsia and akaros only support qemu).
|
| |
|
|
|
|
|
|
| |
Detect bisection to merge commits and to commits that don't affect
kernel binary (comments, other arches, whitespaces, etc).
Such bisections are not reported in emails (but shown on web).
Update #1271
|
| |
|
|
|
|
|
| |
Add optional build signature for images, currently only implemented for linux.
This can be used in bisection process to detect changes that does not affect kernel.
Update #1271
|
| |
|
|
|
|
|
| |
Image takes too many arguments, so we need to do lots of forwarding,
adding new argumnets is painful and most OSes are not interested
in lots of arguments.
Combine all arguments into a params struct.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(note: incomplete change)
Refactor existing code as follows:
* Move reusable test utility functions from git_repo_test.go to
pkg/vcs/test_util.go and make them exported.
* Split Run() into Run()+runImpl().
* Change type of bisect.go:env.inst to `instance.BuilderTester`.
Change usage inside syz-testbuild/testbuild.go accordingly.
* Move most of linux.PreviousReleaseTags() into vcs/git.go as
git.previousReleaseTags().
* Allow build.CompilerIdentity to be mocked.
Introduce the following changes:
* instance.BuilderTester is an interface with methods
BuildSyzkaller()
BuildKernel()
Test()
NewEnv() now returns this interface.
* type testEnv implements instance.BuilderTester.
* type testBuilder implements builder interface. Add a entry into table
inside pkg/build/build.go:getBuilder() to return testBuilder object.
|
| |
|
|
|
|
|
|
|
| |
Go support is not a priority for Fuchsia at the moment, so it's
preferable to use host fuzzing mode for Fuchsia like currently done
for Akaros.
This commit basically looks for all the places where there was special
logic for OS=="akaros" and extends the same logic for OS=="fuchsia".
|
| |
|
|
|
| |
To avoid conflicts with programs that import both syzkaller packages
and github.com/golang/glog which also defines -v flag.
|
| |
|
|
|
|
| |
In several places we do special handling for some crash types.
Currently we compare report title with magic strings,
which is error-prone. Add explicit Type to reports.
|
| |
|
|
|
| |
vmConfig value is interface{}, not string.
So compare with nil and assign int.
|
| |
|
|
|
|
| |
* pkg/instance: break the line to appease linter
* fix up format
|
| |
|
|
|
| |
.config is linux-ism. We have a convention that kernel config
is copied to kernel.config file. Use it.
|
| |
|
|
|
| |
If a manager has less then 10 VMs override it to 10 for bisection.
If a manager has only 1 VM, bisection won't end well.
|
| |
|
|
|
|
|
|
|
| |
We are seeing some flakes during bisection and image testing.
Hard to tell what's the root cause because they are episodic.
But using non-preemptible VMs for bisection and image testing
looks good on all fronts.
Update #501
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running bisection using an older repro failed with:
<stdin>: In function ‘syz_mount_image.constprop’:
<stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull]
In file included from <stdin>:26:0:
/usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here
extern int mkdir (const char *__path, __mode_t __mode)
Let's be safe and ignore warnings during repro/bisect.
Everything that runs during tests still has all warnings.
Update #501
|
| |
|
|
|
|
|
| |
Currently we truncate output up to rep.EndPos after unexpected reboot.
But report sets EndPos to the _last_ report in output,
so if there are any other errors they are all skipped after
truncation to EndPos. Truncate just one line instead.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Since we can be building very old revisions for bisection here,
make the build as permissive as possible.
Newer compilers tend to produce more warnings also kernel headers may be broken, e.g.:
ebtables.h:197:19: error: invalid conversion from ‘void*’ to ‘ebt_entry_target*’
Update #501
|
| | |
|
| |
|
|
|
|
| |
Currently we always pass cover=false during instance testing
and as the result covereage is not tested. This can result in
broken images. Pass the actual value of coverage for testing.
|
| |
|
|
|
|
|
|
|
| |
Currently we only support canExit flag.
However there are actually 3 separate conditions:
- program can exit normally
- program can timeout (e.g. fuzzer test or runtest can't)
- program can exit with error (e.g. C test can)
Allow to specify these 3 conditions separately.
|
| |
|
|
| |
The current code is linux specific, generalize it to other OSes.
|
| |
|
|
| |
Update #712
|
| |
|
|
|
|
|
| |
If pkg/build produces a kernel, inject it into vmm config too.
This will allow continuous build with vmm VM type.
Update #712
|
| |
|
|
|
|
|
|
| |
We currently have this list in multiple places (somewhat diverged).
Specify this "overcommit" property in VM implementations.
In particular, we also want to allow overcommit for "vmm" type.
Update #712
|
| | |
|
| |
|
|
|
| |
New FuzzerCmd generates flags that can't be parsed by an old fuzzer.
Fix that and add a test.
|
| |
|
|
|
|
|
|
|
|
|
| |
The tool is run as:
$ syz-runtest -config manager.config
This runs all programs from sys/*/test/* in different modes
on actual VMs and checks results.
Fixes #603
|
| |
|
|
|
|
|
|
| |
mgrconfig was used only by syz-manager initially,
but now it's used by a dozen of packages and it's
weird to import from under a binary dir.
pkg/ is much more reasonable dir for a widely used
helper package.
|
| |
|
|
|
|
| |
Only akaros needs OS, because the rest assume host OS.
But speciying OS for all OSes breaks patch testing on syzbot
because old execprog does not have os flag.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Wrap current git interface in abstract interface.
Provide constructor that create repo interface for the given os/vm.
|
| |
|
|
| |
Rename pkg/git to pkg/vcs because we need to support not only git.
|
| |
|
|
| |
This breaks patch testing on syz-ci as it can use older version of syz-fuzzer.
|
| |
|
|
|
|
| |
Testing code wasn't ready to dial stdin.
Make it use the same logic rpc package uses
to connecto to host.
|
| | |
|
| |
|
|
|
|
| |
Unify kernel and image build, that distinction is really uninteresting.
Define interface that each OS needs to implement.
Add gvisor stub.
|
| |
|
|
| |
Rename pkg/kernel to pkg/build and prepare for multi-OS support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently all (linux-specific) suppressions are hardcoded in mgrconfig.
This is very wrong. Move them to pkg/report and allow to specify per OS.
Add gvisor-specific suppressions.
This required a bit of refactoring. Introduce mgrconfig.KernelObj finally.
Make report.NewReporter and vm.Create accept mgrconfig directly
instead of passing it as multiple scattered args.
Remove tools/syz-parse and it always did the same as tools/syz-symbolize.
Simplify global vars in syz-manager/cover.go.
Create reporter eagerly in manager. Use sort.Slice more.
Overall -90 lines removed.
|
| |
|
|
|
| |
For the case when VM type affects output.
Will be needed for gvisor. It is kinda linux, but kinda not.
|
| |
|
|
|
| |
It may need it later to try to obtain additional
diagnostic from hanged instances.
|
| |
|
|
|
|
|
| |
Strictly saying, we may not get the connection when
the fuzzer process exits. The accepting goroutine
may have not been scheduled yet.
For the connection for up to 10 seconds.
|
| |
|
|
|
|
| |
In most cases we have source in memory,
so provide a function to build right from memory
without creating temp files.
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently kernel build failures are insanely verbose
(contain full kernel build output) and there is no
way to separate short descriptions from full output.
Make it possible.
Also try to extract failure root cause froom build log.
Use this in pkg/bisect to not pollute log on build failures.
Update #501
|
| |
|
|
|
| |
Pass target OS/arch and VM type to kernel.CreateImage.
Use nbd for gce and loop for qemu VM type.
|
