aboutsummaryrefslogtreecommitdiffstats
path: root/tools
Commit message (Collapse)AuthorAgeFilesLines
* tools/syz-hubtool: add chunked and consistent corpus upload logicGrigory Bazilevich20 hours1-3/+58
| | | | Signed-off-by: Alexey Panov <apanov@astralinux.ru>
* tools/create-image.sh: add arguments for apt-repo and keyringGrigory Bazilevich20 hours2-107/+121
| | | | Signed-off-by: Sergey Zotov <svzotov@ispras.ru>
* syz-agent: systematically show verbose error messagesDmitry Vyukov43 hours1-1/+1
| | | | | | | | | | | | | Currently we added custom code to kernel build action, and few others to expose verbose errors from executed binaries (notably make). But lots of other binary executions missing this logic, e.g. for git failure we currently see unuseful: failed to run ["git" "fetch" "--force" "--tags" exit status 128 Instead of adding more and more custom code to do the same, remove the custom code and always add verbose output in syz-agent and tools/syz-aflow.
* pkg/aflow/action/crash: collect test coverageDmitry Vyukov4 days2-2/+2
| | | | | | | Collect code coverage for test programs. This is likley to be needed for #6878 and seed generation workflow. For now it's not wired into any workflow/tool and is not tested. But this should provide most of the plumbing to wire it up.
* tools/syz-aflow: download BugTitleTaras Madan6 days1-0/+1
| | | | | `go run ./tools/syz-aflow -download-bug=` doesn't provide BugTitle. BugTitle is needed for the subsequent `go run ./tools/syz-aflow -workflow=repro`.
* pkg/aflow: delete SyzkallerCommitTaras Madan9 days1-3/+2
| | | | It is not used.
* tools/docker: update golang to 1.26Taras Madan10 days2-2/+2
|
* dashboard/app: fix kernel-source-git exportTaras Madan11 days1-9/+1
|
* executor, sys/linux, pkg: enable syzos for riscv646eanut2026-02-251-0/+6
| | | | | | | | | | | | | | | | | | | | This patch enables syzos for riscv64 and implements the corresponding pseudo syscalls. Pseudo syscalls: - syz_kvm_setup_syzos_vm - syz_kvm_add_vcpu - syz_kvm_assert_syzos_uexit Syzos guest support: - guest_uexit - guest_execute_code - guest_handle_csrr and guest_handle_csrw Test seeds: - riscv64-syz_kvm_setup_syzos_vm - riscv64-syz_kvm_setup_syzos_vm-csrr - riscv64-syz_kvm_setup_syzos_vm-csrw
* tools/clang: build clang tools on linux onlyDmitry Vyukov2026-02-232-0/+4
| | | | | | | This will hopefully prevent: imports github.com/google/syzkaller/tools/clang/codesearch: C++ source files not allowed when not using cgo or SWIG: codesearch.cpp
* tools/clang/codesearch: improve codesearch to handle global variablesArtem Metla2026-02-172-1/+25
| | | | | | | | | | | Contributes to #6469. To handle global variables: * Add EntityKindGlobalVariable * Modify TraverseVarDecl() function logic * Add a check to ensure StartLine and EndLine are in the same file * Fix missing #include <cstdint> in json.h
* dashboard/config/openbsd: fixes for recreate scriptDmitry Vyukov2026-02-161-2/+2
|
* tools/syz-base-commit: fix result printingAleksandr Nogikh2026-02-161-1/+1
| | | | | As Commit is embedded in the resulting structrue, just using %+v is not enough. Explicitly print the commit info and the branch list.
* tools/clang: fix linking of clang toolsDmitry Vyukov2026-02-131-4/+5
| | | | See the added comment.
* tools/docker: update README.mdAlexander Potapenko2026-02-111-18/+42
| | | | | Now that both Docker containers are multiarch, reflect that in the documentation.
* tools/docker: fix multi-arch build for env imageAlexander Potapenko2026-02-111-25/+33
| | | | | | | | | | | | | | The env Docker image currently fails to build on non-x86 architectures because it attempts to install i386 libraries that are unavailable on arm64. Additionally, the monolithic apt-get command causes timeouts and dpkg errors. Fix the build by making i386 package installation conditional on amd64 and splitting the installation into smaller, more stable steps. While at it, remove the sudo usage (not necessary, because Docker setup is performed as root).
* pkg/debugtracer: rename Log to LogfPimyn Girgis2026-02-111-2/+2
| | | | | The methods are used for formatted output, so rename them to follow Go conventions. Additionally, fix TestTracer to use formatted output (t.Logf) instead of unformatted output (t.Log).
* tools/clang: build clang tools only on linuxDmitry Vyukov2026-02-091-0/+2
| | | | | | They won't build on anything else. Suggested-by: Greg Steuck <blackgnezdo@gmail.com>
* tools/docker/syzbot: add packages required for clang toolsDmitry Vyukov2026-02-061-3/+4
| | | | Update #6645
* tools/clang: compile clang tools into the binaryDmitry Vyukov2026-02-0613-57/+104
| | | | | | | | | | | | | | | | | | Compiled clang tools into Go binaries using cgo. This significantly simplifies building and deployment. This also enables unit testing of clang tools. Now raw go test for clang tools will build them, run, and verify output. Each clang tool is still started as a subprocess. I've experimented with running them in-process, but this makes stdout/stderr interception extremly complicated, and it seems that clang tools still use unsynchronized global state, which breaks when invoked multiple times. Subprocesses also make it safer in the face of potential memory leaks, or memory corruptions in clang tools. Fixes #6645
* tools/docker/env: add packages required for clang toolsDmitry Vyukov2026-02-051-2/+3
| | | | Update #6645
* tools/clang: fix buildDmitry Vyukov2026-02-051-0/+1
| | | | The build is broken for me now with undefined uint64_t.
* tools: add syz-base-commit toolAleksandr Nogikh2026-02-051-0/+50
| | | | | | The tool is aimed to facilitate debugging of the cases when the blob-based base commit functionality did not work as expected or to determine the missing remote trees.
* tools/syz-aflow/aflow.go: trim KernelRepo url to end with [...].gitWojciech Matejuk2026-02-031-1/+10
|
* tools/syz-aflow/aflow.go: when using -download-bug include KernelRepo, ↵Wojciech Matejuk2026-02-031-3/+18
| | | | KernelCommit and CrashReport as inputs
* dashboard/app: make it possible to run web UI locally easilyDmitry Vyukov2026-01-301-2/+0
| | | | | | | | | | | | | With this a local web UI with some test data can be viewed with: DOCKERARGS=-p=50556:50556 tools/syz-env go test -run TestLocalUI -timeout=0 -v ./dashboard/app \ -local-ui -local-ui-addr=:50556 or if you have gcloud installed (faster, and opens the browser): go test -run TestLocalUI -timeout=0 -v ./dashboard/app -local-ui Fixes #6736
* tools: include a kexec kernel in buildroot amd64 imagesAleksandr Nogikh2026-01-291-0/+18
| | | | The bzImageKexec takes around 12M.
* pkg/codesearch: remove check for invalid C which is not expected at this pointTamas Koczka2026-01-281-1/+1
| | | | Also fixes a lint error.
* pkg/codesearch: expose struct layout in codesearchTamas Koczka2026-01-283-1/+36
| | | | | | | | | | - Extract struct field offsets and sizes in the C++ codesearch indexer. - Add 'fields' to the JSON definition output. - Update pkg/codesearch to parse and expose the new field information. - Add 'struct-layout' command to syz-codesearch for debugging. - Add 'codesearch-struct-layout' tool to pkg/aflow/tool/codesearcher/ to allow LLM agents to query struct memory layout and map byte offsets to fields. - Support pointer marshaling for optional JSON values (e.g. *uint)
* executor, tools: rename SyzOS to SYZOS6eanut2026-01-281-1/+1
|
* tools/syz-aflow/aflow.go: improve error handling for non-JSON responsesartmetla2026-01-271-1/+4
| | | | | | | | | | | | | When an extID exists but access is restricted, the syzbot server may return an HTTP 200 OK response containing an HTML instead of the expected JSON payload. Currently, this causes "json.Unmarshal" in "downloadBug" to fail with the generic error message: "invalid character '<' looking for beginning of value". This change wraps the unmarshalling error to return an explicit message: "response for bug ID <id> was not valid JSON: <original error>" This makes it clear the issue is the response format (HTML vs JSON).
* tools/clang/codesearch: migrate dyn_cast to dyn_cast_if_presentYulong Zhang2026-01-271-5/+5
| | | | | In LLVM 16+ dyn_cast is no longer null-safe and hence leads to crashes. This commit switches it to dyn_cast_if_null.
* tools/syz-aflow: enable downloading bugs by IDYulong Zhang2026-01-261-4/+8
| | | | | Originally we only supported downloading by ExtID. This change enables downloading by ID as well. It tries to download with the "extid=" link, and if it hits an error, it retries to download with "id=".
* pkg/codesearch: support finding field reads/writesDmitry Vyukov2026-01-262-4/+46
|
* tools: temporarily unset LD_LIBRARY_PATH when generating ssh keyJiaming Zhang2026-01-261-1/+1
|
* tools/clang/json: escape strings properlyFlorent Revest2026-01-251-1/+37
| | | | | | | | | | | | | When preparing a codesearch index, I encountered errors which I narrowed down to lines like the following in the json output of codesearch: "type": "void (void __attribute__((btf_type_tag("user")))*, const void *, size_t, size_t)", After this change, the line gets formatted like this: "type": "void (void __attribute__((btf_type_tag(\"user\")))*, const void *, size_t, size_t)", This fixes the errors I encountered
* pkg/manager: split off diff fuzzer functionalityAleksandr Nogikh2026-01-231-2/+3
| | | | | Move the code to a separate pkg/manager/diff package. Split the code into several files.
* tools/syz-aflow: only print errors once at the endFlorent Revest2026-01-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | Currently, when an error occurs, it is printed as part of many Spans, in my experience 3 times: 2026/01/20 19:38:59 finished action crash-reproducer (1/4) in 1.570202281s results: CrashReport: error: reproducer did not crash 2026/01/20 19:38:59 finished flow patching (0/0) in 1.571440624s results: error: reproducer did not crash reproducer did not crash exit status 1 After this change it is only printed once: 2026/01/20 19:36:42 starting action crash-reproducer (1/4)... reproducer did not crash exit status 1
* tools/syz-codesearch: add cpu/mem profilingDmitry Vyukov2026-01-221-1/+1
|
* tools/clang/codesearch: index struct referencesDmitry Vyukov2026-01-222-12/+80
| | | | Update #6469
* tools/syz-linter: define context.Context usage rulesTaras Madan2026-01-212-0/+60
| | | | | | | 1. It is the first parameter everywhere except tests. 2. It is the second param in the tests. 3. It is always named ctx. 4. For the cases with multiple contexts recommend to opt-out syz-linter.
* pkg/codesearch: do indexing of struct/union/enumDmitry Vyukov2026-01-212-21/+67
| | | | Update #6469
* tools/syz-lore: use ositil.WriteJSONDmitry Vyukov2026-01-211-7/+2
|
* pkg/codesearch: support searching for referencesDmitry Vyukov2026-01-212-11/+69
| | | | | | | | | Extend codesearch clang tool to export info about function references (calls, takes-address-of). Add pkg/codesearch command find-references. Export find-references in pkg/aflow/tools/codesearcher to LLMs. Update #6469
* pkg/aflow: make LLM model per-agent rather than per-flowDmitry Vyukov2026-01-201-4/+1
| | | | | | Having LLM model per-agent is even more flexible than per-flow. We can have some more complex tasks during patch generation with the most elaborate model, but also some simpler ones with less elaborate models.
* tools/clang/codesearch: fix a typoFlorent Revest2026-01-201-1/+1
|
* tools/clang/codesearch: support building with makeFlorent Revest2026-01-201-1/+2
| | | | | | | | | | | | | Currently, clang tools are built by copying their code into a llvm-project repository and adding build rule to LLVM's CMake. This allows pinning a specific LLVM hash which is convenient but it's also a bit painful to copy code across repositories. This adds a rule to make that can build syz-codesearch with a simple g++ invocation that uses llvm-config to get the LLVM compiler and linker flags and hardcodes some clang libraries to link against since I could not find a better way. (llvm-config does not have "components" for clang)
* tools/clang/codesearch: support building with -Wchanges-meaningFlorent Revest2026-01-201-11/+11
| | | | | | | | | | | | | | | | When compiling with the changes-meaning flag, syz-codesearch gets a bunch of errors such as this one: codesearch.cpp:30:15: error: declaration of ‘clang::SourceRange MacroDef::SourceRange’ changes meaning of ‘SourceRange’ [-Wchanges-meaning] 30 | SourceRange SourceRange; // soruce range of the value | ^~~~~~~~~~~ codesearch.cpp:30:3: note: used here to mean ‘class clang::SourceRange’ 30 | SourceRange SourceRange; // soruce range of the value | ^~~~~~~~~~~ Let's iron them out early before the code base grows too reliant on this pattern.
* tools/docker/syzbot: set llvm-link as an alias for llvm-link-21Pimyn Girgis2026-01-201-0/+1
| | | | Fixes a build error for android-6.12 where llvm-link is not found.
* pkg/subsystem: export debug infoAleksandr Nogikh2026-01-202-8/+42
| | | | | | | | Make it possible to print more debugging information when (re)generating a subsystem list. Include parent inference details to the source code itself and add a -debug flag to list the source files assigned to each subsystem.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-13 05:43:35 +0000