| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Prevent the fuzzer from entering in an infinte loop
of device reboots when the adb shell reboot command
returns with an error code.
Fixes: #6598
Signed-off-by: Sebastian Ene <sebastianene@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
Probe for the debugfs rootdir instead of the kcov
sub-path to prevent the fuzzer from entering in
device reboot loop in case the android device
doesn't support kcov.
Fixes: #6600
Signed-off-by: Sebastian Ene <sebastianene@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
GCE instance tags can be used for various purposes, such as applying
network firewall rules or filtering VMs for scheduling onto specific
hosts.
To support these use cases, syzkaller needs the ability to set
instance tags during VM creation.
This patch introduces a new tags field to the gce VM configuration that
allows users to specify a list of tags to be attached to GCE instances
created by syz-manager.
|
| | |
|
| | |
|
| |
|
|
| |
Any is the preferred over interface{} now in Go.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This change adds VirtualBox support to syzkaller. It implements the VM
interface for VirtualBox and provides:
- full VM lifecycle operations (create, boot, stop, snapshot restore)
- serial console hookup and integration with the output merger
- proper boot wait logic similar to qemu, using SSH readiness
- boot-time crash capture using collected console output
|
| |
|
|
| |
This is a much cleaner logic than string matching.
|
| |
|
|
|
| |
After this change it fits more naturally into the Go's error
functionality.
|
| |
|
|
|
|
| |
In almost all cases these mean some boot time crash.
It also doesn't make much sense to continue string matching since the
boot output may contain the matched strings in benign contexts.
|
| |
|
|
|
|
|
|
|
|
| |
Enable external abortion of the instance creation process. This is
especially useful for the qemu case where we retry the creation/boot up
to 1000 times, which can take significant time (e.g. it timeouts
syz-cluster pods on unstable kernels).
The context can be further propagated to WaitForSSH, but that requires
another quite significant vm/ refactoring.
|
| |
|
|
|
|
|
|
| |
Instead of:
ffx --target <target> target get-ssh-address
Use:
ffx --target <target> target list --format addresses
|
| | |
|
| |
|
|
|
|
| |
Google Cloud cannot automatically infer it from our images, so we need
to explicitly set it. The flag is required to create a GVNIC-based GCE
instance (the only type for C4A machines).
|
| |
|
|
|
| |
1. func Run optionally accepts the opts.
2. Some refactoring, more comments.
|
| |
|
|
| |
Move boot error reporting to a separate function.
|
| |
|
|
|
|
|
| |
React on the context cancellation even if the boot error channel is
blocked.
Add a test that verifies this behavior.
Print a log message if the channel is full.
|
| |
|
|
|
| |
ffx log is now built separately from the main
ffx binary.
|
| |
|
|
|
|
|
| |
ffx emu now needs to know the locations of some host
tools. Copy these paths from the default ffx config
into the configuration for the isolated ffx instance
that syzkaller uses for most tasks.
|
| |
|
|
|
|
|
|
| |
1. recover the removed comment
2. unnecessary leading newline
3. unnecessary brackets
4. restore dropped "..."
5. use bytes.Equal instead of conversion to string
|
| |
|
|
| |
./tools/syz-env bin/golangci-lint run ./... --fix
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
virtio-net-ccw is a preferred way to set up a virtual network interface on
s390x at the moment because it is faster than virtio-net-pci
(eventfd and irqfd is missing). This also allows disabling of zPCI in QEMU
which was required only because virtio-net-pci was used as a network
interface. PCI is special on s390x and, for instance, does not use MMIO or
expose topology [1,2,3]. Furthermore, any features like PXE are
not supported with virtio-net-pci on s390x.
[1] https://people.redhat.com/~cohuck/2018/02/19/notes-on-pci-on-s390x.html
[2] https://wiki.qemu.org/Documentation/Platforms/S390X#A_note_on_PCI_support
[3] https://www.qemu.org/docs/master/system/s390x/pcidevices.html
Signed-off-by: Alexander Egorenkov <eaibmz@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Add a command to show all locked TCP control blocked. If a panic
is related to the TCP stack, most likely the affected TCP control
block is locked. Therefore, this is show. This is much less noisy
than showing all TCP control blocks.
|
| |
|
|
| |
Signed-off-by: Andrei Vagin <avagin@google.com>
|
| |
|
|
| |
It allows to use context as a single termination signal source.
|
| |
|
|
| |
This reverts commit 85a5a23f228f2de970f578bf3b452a23a222c09d.
|
| |
|
|
|
|
|
|
| |
It will help distinguish the cases when the output was collected, but
lost somewhere during the reporting pipeline, or it was empty in the
first place, e.g. because qemu could not start at all.
Cc #5986.
|
| |
|
|
|
|
|
| |
The previously used combination does not boot our buildroot image:
[ 6.334727][ T1] Run /sbin/init as init process
[ 6.668200][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
|
| |
|
|
|
|
|
|
|
|
| |
Make the pool.Run() function take a context.Context to be able to abort
the callback passed to it or abort its scheduling if it's not yet
running.
Otherwise, if the callback is not yet started and the pool's Loop is
aborted, we risk waiting for pool.Run() forever. It prevents the normal
shutdown of repro.Run() and, consequently, the DiffFuzzer functionality.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Closes #5870.
|
| | |
|
| | |
|
| |
|
|
| |
It reduces WaitForSSH parameter count from 9 to 6.
|
| |
|
|
|
|
| |
Some functions are not the struct members now.
Some functions deleted.
Client mock generated.
|
| | |
|
| |
|
|
|
| |
Riscv is far from having a hw with a 5-level support, so let's focus on the
4-level.
|
| |
|
|
|
|
| |
The chance of port collision is very low, but still not 0.
There's no reason to report an error on the first ocurrence of the problem,
let it first retry 100 times.
|
| |
|
|
|
|
|
|
| |
- Sometimes we need customized cmd to get serial log, ex FTDI4232H
chip gets serial log through usb directly, thus we need to call
cmd like `pyterm.py ftdi://ftdi:4232:FT7JLD0U/1`.
- There are seveval places in console implementation to call
osutil.Command, move the command code into one function.
|
| | |
|
| |
|
|
| |
They are shorter, more readable, and don't require temp vars.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If localhost is not configured on a system, UnusedTCPPort will loop
forever without producing any errors. By checking EADDRINUSE and ENOACC
and then skipping only in these cases, we'd avoid at least the mentioned
deadlock.
On top of this, this change should catch other errors without locking,
like other DNS errors and so on.
Signed-off-by: Ivan Gulakov <gulakov@amazon.de>
|
| |
|
|
|
|
|
|
|
| |
The new qemu versions began to fail with the settings we previously
used. It's probably not worth extensive debugging, so let's just do what
qemu suggests.
qemu-system-arm: Invalid CPU model: max
The only valid type is: cortex-a15
|
| | |
|
