aboutsummaryrefslogtreecommitdiffstats
path: root/tools
Commit message (Collapse)AuthorAgeFilesLines
* tools: relax Linux requirements for arm64 imagesAleksandr Nogikh2022-04-061-0/+2
| | | | Require Linux >= 5.10 instead of 5.15.
* tools: generate bootable arm64 images with buildrootAleksandr Nogikh2022-04-061-6/+31
|
* pkg/instance: explicitly specify optional fuzzer argumentsAleksandr Nogikh2022-04-061-1/+3
| | | | | | | | Otherwise we get problems while testing patches for older syzkaller versions, which didn't support optional arguments. Adjust tests so that problems with how OldFuzzerCmd handles such arguments could be seen.
* syz-manager: display raw coverageAleksandr Nogikh2022-03-281-1/+1
|
* pkg/instance: refactor FuzzerCmd()Aleksandr Nogikh2022-03-281-3/+17
| | | | | | The method already has too many arguments, which complicates the further addition of new features. Introduce FuzzerCmdArgs structure to overcome the problem.
* pkg/host: only try enabled syscalls when starting syz-fuzzerKris Alder2022-03-081-15/+8
| | | | | | | | | | | When syz-fuzzer starts, it tries all syscalls to filter out any that are not supported. This process should include only the syscalls that are enabled using the 'enable_syscalls' and 'disable_syscalls' fields in syz-manager's config. This is useful for fuzzing Cuttlefish devices, for example, where the 'vhost_vsock' syscall needs to be excluded from fuzzing and from this test.
* tools/syz-testbed: accept syzkaller workdir as crash log sourceAleksandr Nogikh2022-02-253-12/+90
|
* tools/syz-testbed: support experiments with syz-reproAleksandr Nogikh2022-02-256-7/+359
| | | | | | | Add a "syz-repro" target and 3 tables: - List of all performed (and ongoing) reproductions. - Comparison of repro rate for different bugs on different checkouts. - Comparison of the share of C reproducers.
* tools/syz-testbed: support multiple targetsAleksandr Nogikh2022-02-256-173/+312
| | | | | | | | | | | | | | | Refactor the code of syz-testbed to enable support of different targets. This required the following changes: - Instead of doing mass start and mass restart of instances, let them be more independent. - Support different types of instances, which may have different expectations of the target behavior. E.g. syz-manager normally never exits, while syz-repro is expected to exit after a certain time. - Factor out stats management, as stat entries may be different for different targets. - Introduce locking to TestbedCtx and Checkout, as slices there can be modified at arbitrary times.
* tools/syz-testbed: store html templates in filesAleksandr Nogikh2022-02-253-151/+151
|
* tools/syz-linter: add go:embed to exceptionsAleksandr Nogikh2022-02-251-1/+1
| | | | | No space is allowed between // and go:embed. Make linter not throw a warning about it.
* tools/syz-testbed: add table footersAleksandr Nogikh2022-02-252-7/+80
|
* tools/syz-testbed: introduce BoolCell cell typeAleksandr Nogikh2022-02-252-1/+18
|
* tools/syz-testbed: add a special cell type for ratiosAleksandr Nogikh2022-02-251-0/+13
|
* tools/syz-testbed: do Start()/Wait() instead of Run()Aleksandr Nogikh2022-02-251-1/+2
| | | | | | Otherwise there's a risk that the instance is stopped before Run() has had a chance to be executed. This leads to a panic while doing cmd.Signal().
* tools/syz-testbed: don't parse configsAleksandr Nogikh2022-02-253-19/+18
| | | | | | | | | | It's not practical to parse configs from tools/syz-testbed because it limits the tool to using only those configuration options, which are supported by the syzkaller version at the moment of tools/syz-testbed compilation. Operate with manager configs as if they were just some JSON objects. Introduce a PatchJSON method to update their fields in a convenient way.
* tools/syz-testbed: refactor uiTableTypeAleksandr Nogikh2022-02-251-36/+50
| | | | Make it easier to do uiTableType filtering later.
* tools/syz-testbed: make Instance.Stop() nonblockingAleksandr Nogikh2022-02-251-1/+4
|
* tools: update buildroot versionAleksandr Nogikh2022-02-171-1/+1
| | | | | | | | | 2021.08.x does not build on Linux 5.15+ due to the following error. interpret.c:48:10: fatal error: linux/ipx.h: No such file or directory 48 | #include <linux/ipx.h> It was fixed in the newer buildroot versions.
* docker: make clang-kmsan hermeticAlexander Potapenko2022-02-112-5/+6
| | | | | The existing build lacked some headers, which prevented us from being able to configure newer kernels.
* tools/syz-kconf: allow to specify custom compilerDmitry Vyukov2022-02-052-1/+11
| | | | This will be needed at least for kmsan config which needs a fresh clang.
* pkg/db: make repair of the db file optionalDmitry Vyukov2022-02-012-3/+3
| | | | | | | | | | | It was too radical to repair and overwrite db file unconditionally. syz-execprog probes if a given file is a database. Usually it's a crash log or a single program, but db.Open started to overwrite it. And an explicit repair flag in db.Open and enable it only in syz-manager and syz-hub. Fixes #2997
* tools/docker: download custom clang to build KMSANAlexander Potapenko2022-01-272-0/+11
| | | | | | Until KMSAN compiler API is finalized, we often need to use ToT Clang to build the kernel. Download the latest compiler build from GS, and put it under /syzkaller/clang-kmsan.
* tools: create /dev/tap* instead of /dev/tun* in OpenBSDAleksandr Nogikh2022-01-191-1/+1
| | | | | Although it's signified in macros as TUN, in fact common_bsd.h opens /dev/tap* devices. So create 8 TAP devices instead of 8 TUN devices.
* tools/docker/old-env: update to Go 1.16Dmitry Vyukov2022-01-191-1/+1
| | | | | | | Our policy is to support 2 latest releases of Go. Currently this is Go 1.16 and 1.17. So update the old-env to the oldest release. This will allow us to use lots of goodness available in the latest versions.
* tools/docker: update clang to version 12Dmitry Vyukov2022-01-191-4/+4
| | | | | | Clang 12 is the latest version supported for Ubuntu 12.04. Update to this version. There is no pressing need, but clang 10 is quite old, so update to the latest version.
* tools/docker/old-env: don't use --allow-releaseinfo-changeDmitry Vyukov2022-01-191-2/+2
| | | | | | | | | | | | This flag is needed for Bullseye that we use in env/syzbot containers. I proactively added it to old-env as well assuming it's version-independent flag. But Ubuntu 16.04 does not like this flag: E: Command line option --allow-releaseinfo-change is not understood in combination with the other options The command '/bin/sh -c apt-get update --allow-releaseinfo-change' returned a non-zero code: 100 Remove it from old-env.
* Makefile: don't test dashboard/app build with Go 1.12Dmitry Vyukov2022-01-191-8/+0
| | | | | We've switched to Go 1.16 toolchain for dashboard/app, so don't need to test build with Go 1.11/12 anymore.
* all: create 8 tun devices for OpenBSDAleksandr Nogikh2022-01-141-2/+3
| | | | | Currently only 4 are created by default. This limits the maximum number of simultaneously running syz-executors.
* tools/syz-check: ignore structs with out_overlay attributeDmitry Vyukov2022-01-131-0/+14
|
* tools/syz-check: calculate min type size for unionsDmitry Vyukov2022-01-131-10/+20
|
* tools/syz-check: don't check netlink policies as structsDmitry Vyukov2022-01-131-20/+19
| | | | They are not really structs in the kernel even if we describe them as structs.
* tools/syz-check: update docsDmitry Vyukov2022-01-131-1/+8
| | | | | Mention issue with DWARF4+ and bitfields. Mention kernel configs that must be used for kernel builds.
* sys/linux: change netlink policies to the new $ conventionDmitry Vyukov2022-01-131-1/+1
|
* tools/syz-check: use $ as struct variant suffix delimiterDmitry Vyukov2022-01-131-15/+12
| | | | | | | | | | We already use this $ convention for syscall variant names. Use the same convention for struct. Currently syz-check supports '_' for structs, but it's inconsistent with syscalls and leads to ambiguity. If we enable the same matching for all structs (not just netlink), then '_' creates lots of false matches. E.g. bpf_link_get_next_id_args is matches with internal bpf_link struct.
* tools/syz-repro/repro.go: save syz-repro output to filesKenneth Kang2022-01-071-1/+18
| | | | saves syz-repro output and C file. Fixes #2951.
* tools/syz-make: restrict make parallelism on CIDmitry Vyukov2021-12-211-0/+8
| | | | | | | | | | Github actions VMs have 2 vCPUs (Standard_DS2_v2 class). So we don't get lots of speed up from make parallelism, but we are getting memory oversubscription and duplicated work because make invokes multiple go commands that potentially build same packages in parallel. Go command itself parallelizes compiler and test invocations. So disable make parallelism to avoid OOM kills. Update #2886
* tools/docker/syzbot: switch to Go 1.17Dmitry Vyukov2021-12-211-1/+4
| | | | | | Currently we use the default distro Go, which is 1.15 in Bullseye. Switch to 1.17 which has register-based calling convention and is significantly faster.
* tools/create-buildroot-image.sh: remove bogus mountsDmitry Vyukov2021-12-201-3/+0
| | | | | | | | | | | | | | | | | | | | Currently the following errors happen during boot: mount: mounting mqueue on /dev/mqueue failed: No such file or directory mount: mounting hugetlbfs on /dev/hugepages failed: No such file or directory mount: mounting fuse.lxcfs on /var/lib/lxcfs failed: No such file or directory Remove these mounts. Mounting of /dev/mqueue and /dev/hugepages fails because these dirs don't exist and the buildroot init does not create them for some reason. We can't pre-create them because /dev is itself mounted as devtmpfs. But we also don't need these mounts. Both mqueue and hugetlbfs are trivial to mount and the fuzzer does not have problems mounting them locally and using (we have good coverage anyway). fuse.lxcfs is simply a fuse filesystem (".lxcfs" is ignored). We don't need to mount an empty global fuse filesystem. And it won't work w/o a userspace server anyway.
* tools/create-openbsd-vmm-worker: allow dtAnton Lindqvist2021-12-201-0/+1
| | | | | | Must happen before cranking securelevel. This makes it possible to fuzz btrace if we ever want that but more importantly: I have a pending request of running btrace on the workers in order to investigate a recent performance regression.
* tools/syz-symbolize: use tool packageDmitry Vyukov2021-12-141-14/+8
| | | | The tool package simplifies failing. Use it.
* tools/syz-kconf: better handle whitespaces for verbatim blocksDmitry Vyukov2021-12-131-1/+4
| | | | | | | | | | | When we appended verbatim blocks we added '\n' for each of them, (for every config file effectively). Even for empty verbatim blocks. This worked fine because we had only 1 verbatim block and we do TrimSpace for the resulting concatenated verbatim block (so all excessive '\n' were removed). But this does not work for multiple verbatim blocks because excessive '\n' will be in the middle and won't be removed by TrimSpace. Don't add '\n' for empty verbatim blocks.
* all: replace collide mode by `async` call propertyAleksandr Nogikh2021-12-103-3/+19
| | | | | | | | | | | | | Replace the currently existing straightforward approach to race triggering (that was almost entirely implemented inside syz-executor) with a more flexible one. The `async` call property instructs syz-executor not to block until the call has completed execution and proceed immediately to the next call. The decision on what calls to mark with `async` is made by syz-fuzzer. Ultimately this should let us implement more intelligent race provoking strategies as well as make more fine-grained reproducers.
* all: adapt to how mmapping a kcov instance works in LinuxAleksandr Nogikh2021-12-091-0/+3
| | | | | | | | | | | | | | | | | | | | It turns out that the current Linux implementation of KCOV does not properly handle multiple mmap invocations on the same instance. The first one succeedes, but the subsequent ones do not actually mmap anything, yet returning no error at all. The ability to mmap that memory multiple times allows us to increase syz-executor performance and it would be a pity to completely lose it (especially given that mmapping kcov works fine on *BSD). In some time a patch will be prepared, but still we will have to support both versions at the same time - the buggy one and the correct one. Detect whether the bug is present by writing a value at the pointer returned by mmap. If it is present, disable dynamic kcov mmapping and pre-mmap 5 instances in the main() function - it should be enough for all reasonable uses. Otherwise, pre-mmap 3 and let syz-executor mmap them as needed.
* tools/syz-execprog: default -procs to 2*NumCPUDmitry Vyukov2021-12-091-1/+1
| | | | | This looks like a reasonable default. If a user wants specifically 1 proc, it can be done with -procs=1.
* tools/syz-execprog: support loading from corpus.dbDmitry Vyukov2021-12-091-1/+12
| | | | Allows to execute each program from corpus.db once as a regression test.
* tools/syz-execprog: don't store prog.LogEntry'sDmitry Vyukov2021-12-091-16/+18
| | | | | | We used to store prog.LogEntry's because they contained info about fault injection, but now it's contained right in programs so it's unnecessary to store prog.LogEntry's.
* tools/syz-crush: fix default VM timeoutDmitry Vyukov2021-12-081-1/+1
|
* tools/syz-testbed: add a bug count tableAleksandr Nogikh2021-12-062-6/+42
| | | | | This table does not just collect YES/NO, but also shows the number of test runs in which syz-manager has discovered the given bug.
* tools/syz-testbed: add switching between tables to the web interfaceAleksandr Nogikh2021-12-061-47/+96
| | | | | | | | | Formalise HTML table management - introduce the map, which lists the available stat tables and their generators. Render only one page at a time and let the user switch them. Implement the generation of the bug table.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-19 12:20:47 +0000