We print all other output to stderr, write debug output to stderr as well.
This does not matter for the main use case of running syz-execprog -debug,
but can is helpful if we want to communicate with syz-executor via stdin/stdout.
KCOV comparisons support is in the kernel mm tree already, and the
patch contains an additional uint64_t to store PCs of functions calling
__sanitizer_cov_trace_XXX().
Change kcov_comparison_t accordingly.
Currently we always send 2MB of data to executor in ipc_simple.go.
Send only what's consumed by the program, and don't send the trailing zeros.
Serialized programs usually take only few KBs.
Each arch duplicates significant portion of logic
to compile the extract source file.
Factor this logic into a separate function and reuse
it across all OSes.
This adds /rawcover handler which returns a file with all covered so far PCs, e.g.:
0xffffffff8100763e
0xffffffff81007667
...
0xffffffff8100767d
Useful for offline coverage processing, diffing coverage, etc.
In particular allows to do:
curl http://localhost:1234/rawcover | addr2line -e vmlinux
We currently return raw error, so sometimes it's hard to tell
even what call produced the error (e.g. just "invalid argument").
Extend the error so that it's clear that it comes from cmd.Start.
Executor process does not have any env, including PATH.
On some distributions, system/shell adds a minimal PATH, on some it does not.
Set own standard PATH to make it work across distributions.
The call index check episodically fails:
2017/10/02 22:07:32 bad call index 1, calls 1, program:
under unknown circumstances. I've looked at the code again
and don't see where/how we can mess CallIndex.
Added a new test for minimization that especially checks resulting
CallIndex.
It would be good to understand what happens, but we don't have
any reproducers. CallIndex is actually unused at this point.
Manager only needs call name. So remove CallIndex entirely.
We currently build fuzzer+stress+execprog per target,
since packages are not installed we build everything 3 times.
This takes time. Install packages before building binaries.
A recent linux commit "tun: enable napi_gro_frags() for TUN/TAP driver"
added support for fragmentation when emitting packets via tun.
Support this feature in syz_emit_ethernet.
