| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This allows callers to get access to Report.Corrupted.
Better than adding 6-th return value and will allow
to pipe other report properties if necessary.
|
| |
|
|
|
|
|
|
|
| |
We currently have several names for crash attributes, which is disturbing.
E.g. crash title is called "Title" or "Desc". Name them consistently.
Title - single line bug identity.
Report - whole crash text.
Log - whole fuzzer/kernel output.
|
| |
|
|
|
|
| |
Always wait 10 secs for output.
If anything this can only lead to missed crashes during repro.
Let's unify manager and repro behavior.
|
| |
|
|
|
| |
Parse returns 5 variables now. Later we may want to add crash "priority".
Introduce Report struct that holds all report data.
|
| |
|
|
|
| |
This change makes pkg/report try to detect corrupted reports by
using some heuristics.
|
| |
|
|
|
|
| |
syz-execprog doesn't utilize info about fault injections from a prog log.
Since syz-execprog is used by the repro package to reproduce crashes,
crashes caused by fault injections might not reproduce.
|
| |
|
|
| |
This is currently useful for akaros, which is tested remotely.
|
| |
|
|
|
|
| |
This commit adds tools/check_links.py script, that checks that all local
links from documentation files are valid; fixes some of the invalid links
that we had; and makes travis buildbot check them as well.
|
| |
|
|
|
|
| |
During smashing we know what call gave new coverage,
so we can concentrate just on it.
This helps to reduce amount of hints generated (we have too many of them).
|
| | |
|
| |
|
|
|
|
| |
Introduce report.Reporter interface.
Add an implementation per-OS.
Make users be explicit about OS they are testing.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Currently syz-prog2c is broken as it does not import any targets.
Import sys package.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Nothing works, but builds.
Update #191
|
| |
|
|
|
|
| |
Now each prog function accepts the desired target explicitly.
No global, implicit state involved.
This is much cleaner and allows cross-OS/arch testing, etc.
|
| |
|
|
|
| |
arch flag specifies target arch, which can be different from GOARCH.
For example, 386 executor with amd64 fuzzer.
|
| |
|
|
|
| |
Add target config parameter (e.g. linux/amd64) which controls target OS/arch.
No more explicit assumptions about target.
|
| |
|
|
|
|
|
|
|
|
|
| |
Large overhaul moves syscalls and arg types from sys to prog.
Sys package now depends on prog and contains only generated
descriptions of syscalls.
Introduce prog.Target type that encapsulates all targer properties,
like syscall list, ptr/page size, etc. Also moves OS-dependent pieces
like mmap call generation from prog to sys.
Update #191
|
| |
|
|
|
| |
In preparation for moving sys types to prog
to avoid confusion between sys.Call and prog.Call.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A hint is basically a tuple consisting of a pointer to an argument
in one of the syscalls of a program and a value, which should be
assigned to that argument.
A simplified version of hints workflow looks like this:
1. Fuzzer launches a program and collects all the comparisons' data
for every syscall in the program.
2. Next it tries to match the obtained comparison operands' values
vs. the input arguments' values.
3. For every such match the fuzzer mutates the program by
replacing the pointed argument with the saved value.
4. If a valid program is obtained, then fuzzer launches it and
checks if new coverage is obtained.
This commit includes:
1. All the code related to hints generation, parsing and mutations.
2. Fuzzer functions to launch the process.
3. Some new stats gathered by fuzzer and manager, related to hints.
4. An updated version of execprog to test the hints process.
|
| |
|
|
| |
Update #217
|
| |
|
|
| |
Now pkg/compiler deals with consts.
|
| |
|
|
|
| |
The tool can be found inside tools/syz-headerparser. Details on how to use
headerparser can be found inside docs/headerparser_usage.md.
|
| | |
|
| |
|
|
|
|
|
|
| |
The old parser in sys/sysparser is too hacky, difficult to extend
and drops debug info too early, so that we can't produce proper error messages.
Add a new parser that is build like a proper language parser
and preserves full debug info for every token.
|
| |
|
|
|
|
|
|
|
| |
On most distributions default grub target is i386-pc, which works.
However, on some default is x86_64-efi, which fails with:
grub-install: error: cannot find EFI directory.
Explicitly specify i386-pc target.
|
| |
|
|
|
|
|
|
|
| |
Exec total is affected by initial triage/minimize phase,
so two experiments can have the same execution speed
in the stable mode, but have constant diff due to the initial phase.
The one that is higher looks better, but that's not very important.
Provide execution speed characteristic that is not affected
by initial phase. It is not displayed by default.
|
| |
|
|
| |
This is now superseded by dashboard/app and syz-ci.
|
| |
|
|
|
|
| |
If the script is aborted at an unfortunate point, it leaves the whole system broken.
E.g. we've seen that fdisk cannot update partition table until the next reboot.
If you really need to kill it, use a different signal. But better wait.
|
| | |
|
| |
|
|
|
| |
Allow to specify per-kernel command line and sysctl values
to more closely mimic the target kernel.
|
| |
|
|
|
| |
1G does not seem to be enough.
Create 2G images as we do in create-gce-image.sh.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we have unix permissions for new files/dirs
hardcoded throughout the code base. Some places use 0644,
some - 0640, some - 0600 and a variety of other constants.
Introduce osutil.MkdirAll/WriteFile that use the default
permissions and use them throughout the code base.
This makes permissions consistent and also allows to easily
change the permissions later if we change our minds.
Also merge pkg/fileutil into pkg/osutil as they become
dependent on each other. The line between them was poorly
defined anyway as both operate on files.
|
| |
|
|
|
|
| |
Currently syz-symbolize symbolizes whole input file.
Add a new mode (controlled with -report flag) when
it prints report as would be extracted by syz-manager.
|
| | |
|
| | |
|
| |
|
|
|
| |
Move the old dashboard API into syz-dash
to get it out of the way of the new dashboard.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
vm/gce differs from other VM types in that it accepts image
in a weird, GCE-specific format (namely, image named disk.raw
is put into .tar.gz file). This makes it impossible to write
generic code that creates images for any VM types.
Make vm/gce accept just image like e.g. vm/qemu
and handle own specifics internally.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sshkey is a property of image, which is in manager config.
Move sshkey to the same location as image.
The motivation for the move is as follows.
Continuous build produces an image and the key,
both need to be passed manager instance.
Continuous build system should not distinguish
different VM types and mess with their configs.
NOTE FOR USERS: this breaks manager configs again.
Hopefully the last time for now. Docs are updated.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
