| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Consider Cc'd mailing lists when selecting the exact base commit.
Among the base commits determined based on blob sha value from the git
patch, first select the ones that match both the trees of the Cc'd
subsystems and their primary branches.
If it gives no exact match, select a base commit that comes from a tree
of a Cc'd subsystem. As fallback, take any subsystem tree.
This should prevent valid, but suprising patch series triage results.
|
| |
|
|
|
| |
Before traversing the list of trees, attempt to determine the base
tree/commit by looking at the SHA hashes from the supplied git diffs.
|
| |
|
|
|
| |
It will accelerate various commit search operations by orders of
magnitude.
|
| |
|
|
|
|
|
| |
Copy everything into the build context.
Add a .dockerignore file to avoid copying the definitely unnecessary
files and folders.
Check copyrights presence in Dockerfiles.
|
| |
|
|
|
| |
Fetch and do build test of the base kernels 3 times per day instead
of 2.
|
| |
|
|
| |
Collect trace logs and make them accessible via the web UI.
|
| |
|
|
|
|
|
|
| |
Remap remote branches to local ones both when polling remote
repositories and when cloning the distributed repository.
This will ensure that the branches are still accessible via
TreeName/BranchName (it got broken during the latest changes).
|
| |
|
|
|
|
|
|
|
|
| |
Instead of a complicated overlayfs setup, do a lightweight git clone in
a way that the cloned local copy keeps on referencing the git object
storage on the NFS.
It's simpler code-wise and hopefully will be less susceptible to
failures when local git operations coincide with a git fetch on the
shared repository.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When a triage or build step coincides with a cron job that polls new
kernel trees, they often fail due to git command noticing that the
repository is being updated.
In this case, the step logs an error and exits with status=1. Argo
workflows offers a functionality to retry such steps up to the specific
number of times and with exponentially increasing backoffs.
Configure the build and triage step templates to retry 3 times with 5
and then 10 minutes distance between the retries.
|
| |
|
|
|
|
|
|
| |
Instead of a predefined set of manually written syz-manager configs,
construct it dynamically from different bits.
During triage, select not just one, but all matching fuzzer
configurations and then merge them together.
|
| |
|
|
| |
KMSAN fails to boot when a specific q35 version is specified.
|
| |
|
|
|
|
| |
3G is not enough for kernels with KMSAN.
Slightly decrease the number of used VMs to fit into the available
CPUs/RAM.
|
| |
|
|
|
|
|
|
| |
During triage, process each fuzzing campaign separately as they may have
different base kernel revisions (e.g. if the newest revisions of the
kernel no longer build/boot under the specific kernel configuration).
Refactor the representation of the fuzzing targets in api.go.
|
| |
|
|
|
|
| |
If a boot test step failed and we don't report the finding to the
dashboard, print the report/output to the console to facilitate
debugging.
|
| |
|
|
|
| |
Specify a track name for each fuzzing campaign.
It will help distinguish them once there are multiple ones.
|
| |
|
|
|
| |
Instead of just checking whether the bug was observed on the base crash,
accept a regexp of accepted bug titles as well.
|
| |
|
|
|
|
| |
Instead of passing the values individually, save the FuzzConfig object
as JSON and pass it as an artifact. This will simplify adding more new
fields.
|
| |
|
|
|
| |
Adjut the workflow template and the API to run multiple fuzzing
campaigns as a part of single patch series processing.
|
| |
|
|
|
| |
After this change it fits more naturally into the Go's error
functionality.
|
| |
|
|
|
|
| |
The image is to be deprecated.
Closes #6350.
|
| |
|
|
|
| |
If the archive turned out to be too large, just print an error message
and don't return an error from the status update function.
|
| |
|
|
|
|
|
|
|
|
| |
It does happen that we detect a bug that was introduced in the patch
series, but we don't report it becase no reliable reproducer was found.
Let's at least log such cases to better understand the scale of the
problem.
10 is an arbitrary cut-off value.
|
| |
|
|
|
|
|
|
|
| |
When determining whether a patch series is worth fuzzing, consider not
only the hashes of .text symbols, but also the hashes of the global
(static and non-static) variables.
As before, calculate the hashes during build and process them at the
beginning of the fuzz step.
|
| |
|
|
| |
The ptp series go to the netdev list.
|
| |
|
|
|
|
|
|
|
|
| |
Fix the following error:
runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x70 pc=0x16e3c5e]
at main.reportResults ( /syz-cluster/workflow/build-step/main.go:146 )
at main.main ( /syz-cluster/workflow/build-step/main.go:84 )
|
| |
|
|
|
| |
When fuzzing fs-related series, enable fs syscalls and use the fs
corpus.
|
| |
|
|
|
|
| |
Report base kernel crashes observed during fuzzing.
Consult the common API for each patched kernel crash to see if it was
already observed on the base kernel.
|
| |
|
|
|
|
| |
In case of an infrastructure-related error, do not report the build as
failed, but rather just report the error status for the particular
session test.
|
| |
|
|
| |
And improve the tests for the method.
|
| |
|
|
|
|
|
|
| |
If all symbol hashes between the base and the pathed kernel match,
there's no reason to spend time fuzzing the series.
Add a 'skipped' status to the enum of possible session test results and
set it from the fuzz-step.
|
| |
|
|
|
| |
Our base configs have 4 VMs, but we don't need that many for the boot
test.
|
| |
|
|
|
| |
Use a smaller upper limit on CPUs since we're now using 32 Core nodes.
Request at least 3GB/VM of RAM.
|
| |
|
|
| |
vsock patches are sent to the net mailing lists.
|
| |
|
|
|
|
|
|
| |
There are cases when we do not need the "if the patched code is not
reached within 30 minutes, abort fuzzing" check.
This is e.g. the case of mm/ code that is not fully instrumented by
KCOV.
|
| |
|
|
|
|
|
|
| |
Keep the fuzz-step parameters in a separate structure to minimize the
field duplication.
It will also facilitate the reuse of the same syzkaller config in
several fuzzing configurations.
|
| |
|
|
|
|
|
|
| |
openat$6lowpan* is necessary for write$6lowpan*.
openat$tcp* is necessary for write$tcp_*.
bpf$BPF_LINK_CREATE depends on pidfd.
bpf$MAP_UPDATE_ELEM needs socket.
mount$bpf needs fstat.
|
| |
|
|
|
|
|
| |
During smoke builds, we may have a tree name/branch name pair instead of
just a commit hash, which is the case for normal kernel build requests.
Support both types of requests.
|
| |
|
|
|
| |
For smoke builds, move the corresponding code below the error check for
the kernel checkout.
|
| | |
|
| |
|
|
|
| |
Kernel configs are a part of fuzzing configurations now, so we need to
extract them from there to form kernel build requests.
|
| |
|
|
| |
We use it for C repros by default.
|
| |
|
|
| |
Use a custom set of enabled syscalls.
|
| |
|
|
|
| |
Add a config to fuzz kvm patches.
Listen on the kvm mailing list.
|
| |
|
|
|
|
|
|
| |
Not always are fuzzing targets well represented by their own kernel
trees, so let's select a kernel tree and a fuzzing config separately.
Drop explicit priorities and instead just sort the lists of trees and
configs.
|
| |
|
|
| |
It's required by pkg/csource to generate C reproducers.
|
| |
|
|
|
|
|
| |
The fuzzing step only takes inputs and communicates via API.
This will reduce the number of
Error: open /mainctrfs/output/result.json: no such file or director
errors in our logs.
|
| |
|
|
|
|
|
|
|
| |
Even if the target tree is specified in the patch title, there happen to
be cases when it's actually only applicable to some other trees.
So instead of choosing one particular tree and sticking to it, obtain an
ordered list of candidates and pick the first to which the series
actually applies.
|
| |
|
|
|
|
|
|
| |
We used to only upload them on triage failure, but let's improve the
inspectability even for successfully finished triage jobs.
Slightly refactor the controller API around the triage result
submission.
|
| |
|
|
|
|
| |
Fuzz bpf patches differently from net patches.
Monitor netfilter and bpf mailing lists
|
| |
|
|
| |
It's required for report symbolization and C repro generation.
|
