| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
This is a much cleaner logic than string matching.
|
| |
|
|
|
| |
After this change it fits more naturally into the Go's error
functionality.
|
| |
|
|
|
|
|
|
|
|
| |
Enable external abortion of the instance creation process. This is
especially useful for the qemu case where we retry the creation/boot up
to 1000 times, which can take significant time (e.g. it timeouts
syz-cluster pods on unstable kernels).
The context can be further propagated to WaitForSSH, but that requires
another quite significant vm/ refactoring.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Add a command to show all locked TCP control blocked. If a panic
is related to the TCP stack, most likely the affected TCP control
block is locked. Therefore, this is show. This is much less noisy
than showing all TCP control blocks.
|
| |
|
|
| |
It allows to use context as a single termination signal source.
|
| |
|
|
|
|
|
|
| |
It will help distinguish the cases when the output was collected, but
lost somewhere during the reporting pipeline, or it was empty in the
first place, e.g. because qemu could not start at all.
Cc #5986.
|
| |
|
|
| |
It reduces WaitForSSH parameter count from 9 to 6.
|
| |
|
|
|
|
|
|
| |
- Sometimes we need customized cmd to get serial log, ex FTDI4232H
chip gets serial log through usb directly, thus we need to call
cmd like `pyterm.py ftdi://ftdi:4232:FT7JLD0U/1`.
- There are seveval places in console implementation to call
osutil.Command, move the command code into one function.
|
| |
|
|
| |
They are shorter, more readable, and don't require temp vars.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If localhost is not configured on a system, UnusedTCPPort will loop
forever without producing any errors. By checking EADDRINUSE and ENOACC
and then skipping only in these cases, we'd avoid at least the mentioned
deadlock.
On top of this, this change should catch other errors without locking,
like other DNS errors and so on.
Signed-off-by: Ivan Gulakov <gulakov@amazon.de>
|
| | |
|
| |
|
|
| |
Fixes #5028
|
| |
|
|
|
|
|
|
|
| |
Pass Type struct directly during registration.
This allows to add additional optional parameters to VM types
without changing all VM implementations.
We we will need to add SupportsSnapshots flag and one flag to resolve #5028.
With this change it will be possible to add "SupportsSnapshots: true"
to just one VM type implemenetation.
|
| |
|
|
|
|
|
|
|
| |
The sleep in Multiplex is unconditional and it sleeps idle
even for commands that has nothting to do with executor,
and for executor in other modes that has nothing to do with fuzzing.
Since the original reason for the sleep was related to failing executor,
sleep only when the command fails. This allows to at least run
successful commands fast.
|
| |
|
|
| |
It's better to follow standard interfaces.
|
| |
|
|
|
|
| |
It will let us reduce code duplication and use the more appropriate
approach to the graceful Run() shutdown - by enforcing a delay between
stopping the command and stopping the collection of the console output.
|
| |
|
|
|
| |
Introduce a MultiplexConfig structure that contains optional parameters.
Include a Scale parameter to control the intended slowdown.
|
| |
|
|
|
| |
It usually means a kernel crash, in which case we want to give the
kernel some more time to print the whole coverage report to the console.
|
| | |
|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
|
|
| |
Remove things that are only needed for target VM communication:
conditional compression, timeout scaling, traffic stats.
To minimize diffs when we switch target VM communication to flatrpc.
|
| |
|
|
|
|
|
|
| |
RPC compression take up to 10% of CPU time in profiles,
but it's unlikely to be beneficial for local VM runs
(we are mostly copying memory in this case).
Enable RPC compression based on the VM type
(local VM don't use it, remove machines use it).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Most of the VM types tightly manage the target they SSH into and can
safely assume that system wide SSH configuration would mess with the SSH
flags provided by syzkaller. However, in the "isolate" VM type, one can
connect to a host that is not at all managed by syzkaller. In this case,
it can be useful to leverage system wide SSH config, maybe provided by a
corporate environment.
This adds an option to the isolated config to skip some of the SSH and
SCP flags that would drop system wide config.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases (e.g. gVisor instances using host's network namespace)
attempts to bind() all syz-fuzzer processes to the same port result in
conflicts and fuzzing breakages.
Refactor the code to enable custom pprof configuration depending on the
vm type.
For now, just disable pprof endpoints for gVisor VMs. Once we actually
need the feature there, we can generate custom ports for every gVisor
VM.
|
| |
|
|
|
| |
This will let us have a better understanding of what's going on inside a
fuzzed VM.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not correct to mix them since they point to fundamentally different
issues:
1) Boot time errors are caused by a problematic kernel image and can
only be resolved by using another kernel version or config.
2) Infrastructure errors are temporary, so we can just try again some
time later.
Reserve the existing BootError for (1) errors and let all other VM
handling errors refer to (2).
To make it possible to attach more output to the infra error, introduce
the VerboseInfraError type.
|
| |
|
|
|
|
|
| |
This commit adds a new VM for fuzzing starnix.
The VM will boot a fuchsia image using the `ffx` tool and will connect to an adb server inside it. Fuzzing will be done using HostFuzzer mode due to some features not being implemented yet in starnix. Once this is possible, fuzzing will be performed without HostFuzzer mode.
Co-authored-by: Juampi Miceli <jpmiceli@google.com>
|
| |
|
|
|
|
| |
Selecting the monitor port for qemu using an unseeded pseudo-random generator can lead to failed VM startups,
as the code contains race conditions. This happens frequently if multiple instances are started with a script.
Using real random ports provided by crypto/rand reduces the risk of failing VM starts.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Restrict access to the external network from within the VM
and access to VM SSH to local interface only.
Fixes #332
|
| |
|
|
| |
Increase ssh wait timeout according to the target slowdown.
|
| |
|
|
|
| |
For context see the discussion at:
https://groups.google.com/g/syzkaller/c/ruwaYUvwHTw/m/E9Cg9OfvAgAJ
|
| |
|
|
|
|
|
|
|
| |
The way to diagnose generally depends on the issue.
E.g. do we need register dump to debug this issue?
Do we need host dmesg dump? Some diagnosis may be
directly specific to a particular problem (e.g. dumping
a particular debugfs/procfs file).
Pass Report to Diagnose to make this possible.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use strings to identify OS/Arch.
These strings are duplicated throughout the code base massively.
golangci-lint points to possiblity of typos and duplication.
We already had to define these names in pkg/csource
and disable checking for prog package. A future change triggers
such warnings in another package.
Add OS/Arch name consts to sys/targets so that they can be used
to refer to OS/Arch. Use the consts everywhere.
|
| |
|
|
|
|
|
| |
Get rid of all places stripping \r in pkg/report.
And adapt all tests.
Signed-off-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
|
| |
|
|
|
|
|
|
| |
The current code is now broken on darwin:
syzkaller$ GOOS=darwin go install ./vm/...
vm/vmimpl/console.go:30:33: undefined: unix.SYS_IOCTL
vm/vmimpl/console.go:45:32: undefined: unix.SYS_IOCTL
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit b9683dbdfdbea5815c2cf48b20aada181dca1be3.
Majority of syzbot instances started failing with:
failed to run ["ssh" "-p" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "IdentityAgent=none" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/managers/upstream-bpf-next-kasan-gce/latest.tmp/key" "root@10.128.15.195" "pwd"]: exit status 255
command-line: line 0: Bad configuration option: identityagent
command-line: line 0: Bad configuration option: identityagent
|
| |
|
|
|
|
|
| |
This commit adds a new option to SSH options, disallowing the
authentication agent. This is specially useful when you are testing
in a machine that sets the `SSH_AUTH_SOCK` environment variable, as
ssh will try to use that authentication agent on each ssh connection.
|
| |
|
|
|
|
|
| |
Fix capitalization, dots at the end
and two spaces after a period.
Update #1876
|
| |
|
|
| |
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mmap syscall is special on Linux s390x because
the parameters for this syscall are passed as a struct
on user stack instead of registers.
* Introduce the SyscallTrampolines table into targets.Target
to address the above problem.
* There is a bug in Linux kernel s390x which causes QEMU TCG
to hang when KASAN is enabled. The bug has been fixed
in the forthcoming Linux 5.8 version. Until then do not enable
KASAN when using QEMU TCG, QEMU KVM shall have no problems with
KASAN.
Signed-off-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
|
| |
|
|
|
| |
A good one. Lots of fixed comments are contributed by episodic contributors.
So it's good to catch these earlier.
|
