| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Enable external abortion of the instance creation process. This is
especially useful for the qemu case where we retry the creation/boot up
to 1000 times, which can take significant time (e.g. it timeouts
syz-cluster pods on unstable kernels).
The context can be further propagated to WaitForSSH, but that requires
another quite significant vm/ refactoring.
|
| | |
|
| |
|
|
|
| |
1. func Run optionally accepts the opts.
2. Some refactoring, more comments.
|
| |
|
|
| |
It allows to use context as a single termination signal source.
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #5028
|
| |
|
|
|
|
|
|
|
| |
Pass Type struct directly during registration.
This allows to add additional optional parameters to VM types
without changing all VM implementations.
We we will need to add SupportsSnapshots flag and one flag to resolve #5028.
With this change it will be possible to add "SupportsSnapshots: true"
to just one VM type implemenetation.
|
| |
|
|
| |
It's better to follow standard interfaces.
|
| |
|
|
|
| |
It usually means a kernel crash, in which case we want to give the
kernel some more time to print the whole coverage report to the console.
|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
|
| |
Lint started warning about duplicate "gvisor" const in pkg/cover.
Add gvisor/starnix consts to sys/targets package to avoid duplication.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ipc gate slows down overall execution a lot.
Without ipc gate I am getting ~20% more executions with debug kernel
and ~100% more executions with a fast non-debug kernel.
Replace ipc gate with explicit tracking of last executing programs
per proc in syz-manager.
Ipc gate was also used for leak checking, but leak checking seems
to be still broken. At least in my local runs I am not getting
any leaks even with the previous fix.
So remove the gate completly for now. Taking into account that
we are likely to rewrite this code in C++ soon, it makes
little sense to create a special gate for leak checking only in Go.
Update #4728
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Always call the finish callback to make control flow consistent
if VM crash/does not crash. Then users can rely on the callback
being always called.
Fix a bug highlighted by the extended test:
currently we call extractError/callback twice when the fuzzer is preempted.
If the fuzzer is preempted, extractError returns nil,
which makes appendOutput return nil as well,
which makes the main loop continue as if no crash/preemption happened.
It will exit, but only after 5 min "no output" timeout.
Most likley the output will still contain the preemption message,
so no "no output" will be reported, but the additional 5 min wait
is unnecessary.
|
| |
|
|
|
|
| |
Remove things that are only needed for target VM communication:
conditional compression, timeout scaling, traffic stats.
To minimize diffs when we switch target VM communication to flatrpc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the inject-error test injects "BUG: foo\n"
and expects VM to fail with this error.
However, the command immidiatly exists, so it may exist
before the output is injected. In that case the test fails with:
=== NAME TestMonitorExecution/inject-error
vm_test.go:431: got no report
Make the command execute for a second so that output
is always injected.
|
| |
|
|
|
| |
Fix checking of Logf, it has string in 0-th arg.
Add checking of t.Errorf/Fatalf.
|
| |
|
|
| |
This will allow manager to inject executing programs into output.
|
| |
|
|
|
|
| |
All callers of Run always call MonitorExecution right after it.
Combine these 2 methods. This allows to hide some implementation
details and simplify users of vm package.
|
| |
|
|
|
|
|
|
| |
RPC compression take up to 10% of CPU time in profiles,
but it's unlikely to be beneficial for local VM runs
(we are mostly copying memory in this case).
Enable RPC compression based on the VM type
(local VM don't use it, remove machines use it).
|
| |
|
|
|
|
|
|
| |
In this mode, all syz-fuzzers will be on the same network and will start
competing with each other for binding to the same port.
For now, we don't have the need to use pprof in the host fuzzer mode, so
let's just disable it.
|
| |
|
|
|
| |
These duplicates improve test code readability.
It contributes to #4317 unblocking.
|
| |
|
|
|
|
|
|
|
| |
Booting physical Android devices requires building a few artifacts, as described
at https://source.android.com/docs/setup/build/building-kernels.
When a ProxyVM type is used, we need to differentiate whether or not to
use the Android build logic, so we add an additional mapping which uses
a different name but the same VM logic.
|
| |
|
|
|
|
|
| |
* vm: add pool.Close() support
* vm: add proxyapp client implementation
* vm/proxyapp: autogenerate mocks
* vm/proxyapp: add proxyapp tests
* pkg/mgrconfig: add proxyapp type tests
|
| |
|
|
|
| |
Also update syz-crush to save RawOutput instead of output from the
Report.
|
| |
|
|
|
|
|
|
|
| |
This commit replaces all `ioutil.TempDir` with `t.TempDir` in tests.
The directory created by `t.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |
|
|
|
|
| |
Add sys/targets.Timeouts struct that parametrizes timeouts throughout the system.
The struct allows to control syscall/program/no output timeouts for OS/arch/VM/etc.
See comment on the struct for more details.
|
| |
|
|
| |
We don't need indirection via strings to declare executingProgram var.
|
| |
|
|
|
|
| |
Users should not be concerned with the internal derived fields.
Move all derived fields into a separate struct before adding more.
This leaves config.go as a better documentation for end users.
|
| |
|
|
|
|
|
|
|
| |
The way to diagnose generally depends on the issue.
E.g. do we need register dump to debug this issue?
Do we need host dmesg dump? Some diagnosis may be
directly specific to a particular problem (e.g. dumping
a particular debugfs/procfs file).
Pass Report to Diagnose to make this possible.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use strings to identify OS/Arch.
These strings are duplicated throughout the code base massively.
golangci-lint points to possiblity of typos and duplication.
We already had to define these names in pkg/csource
and disable checking for prog package. A future change triggers
such warnings in another package.
Add OS/Arch name consts to sys/targets so that they can be used
to refer to OS/Arch. Use the consts everywhere.
|
| |
|
|
|
|
|
| |
Fix capitalization, dots at the end
and two spaces after a period.
Update #1876
|
| |
|
|
|
|
|
|
| |
1. Always append diagnosis output at the end.
Don't intermix it with kernel output. It's confusing and not useful.
2. Don't include diagnosis output into Report.
It's too verbose and is not the crash. Keep it only in the Output.
|
| |
|
|
|
|
| |
We've got a case when "ODEBUG:" was incorrectly detected as crash.
That was caused by a flaw in matchPos logic. Fix that.
See the added test for details.
|
| |
|
|
|
|
| |
We duplicated the no output timeout in the repro package,
and it got out of sync. It's not 3 mins now, but 5 mins.
Remove the duplication and fix this.
|
| |
|
|
|
|
|
|
|
| |
Currently we only support canExit flag.
However there are actually 3 separate conditions:
- program can exit normally
- program can timeout (e.g. fuzzer test or runtest can't)
- program can exit with error (e.g. C test can)
Allow to specify these 3 conditions separately.
|
| |
|
|
|
|
| |
Rather than writing the diagnosis to the kernel console, Diagnose can
now directly return the extra debugging info, which will be appended ot
the kernel console log.
|
| |
|
|
| |
Fixes #875
|
| |
|
|
|
|
|
|
| |
This gives almost 100% coverage for MonitorExecution.
Test all corner cases like lost connection, no output,
diagnose, exiting/non-exiting programs, etc.
Update #875
|
| |
|
|
| |
Move vm.FindCrash to the new package.
|
| |
|
|
|
|
| |
Use manual parsing instead of a regexp.
Regexp takes ~220ms for typical output size. New code takes ~2ms.
Brings manager CPU consumption from ~250% down to ~25%.
|
|
|
First, "cut here" is not interesting as it always follows
by a more descriptive message.
Unreferenced object is interesting.
Also, strip \r at the end.
Add a test.
|
