The race initially showed up on the new benchmark (see race report below).
The race indicated a wrong call passed to replaceArg,
as the result we sanitized the wrong call and left the new call un-sanitized.
Fix this.
Add test that exposes this.
Run benchmarks in race mode during presubmit
(benchmarks have higher chances of uncovering races than tests).
WARNING: DATA RACE
Write at 0x00c42000d3f0 by goroutine 18:
github.com/google/syzkaller/sys/linux.(*arch).sanitizeCall()
sys/linux/init.go:155 +0x256
github.com/google/syzkaller/sys/linux.(*arch).(github.com/google/syzkaller/sys/linux.sanitizeCall)-fm()
sys/linux/init.go:42 +0x4b
github.com/google/syzkaller/prog.(*Prog).replaceArg()
prog/prog.go:357 +0x239
github.com/google/syzkaller/prog.generateHints.func2()
prog/hints.go:105 +0x124
github.com/google/syzkaller/prog.checkConstArg()
prog/hints.go:128 +0xf3
github.com/google/syzkaller/prog.generateHints()
prog/hints.go:120 +0x495
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1()
prog/hints.go:72 +0x67
github.com/google/syzkaller/prog.foreachSubargImpl.func1()
prog/analysis.go:86 +0x9f
github.com/google/syzkaller/prog.foreachSubargImpl()
prog/analysis.go:104 +0xc8
github.com/google/syzkaller/prog.foreachArgArray()
prog/analysis.go:113 +0x89
github.com/google/syzkaller/prog.foreachArg()
prog/analysis.go:121 +0x50
github.com/google/syzkaller/prog.(*Prog).MutateWithHints()
prog/hints.go:71 +0x18e
github.com/google/syzkaller/prog.BenchmarkHints.func1()
prog/hints_test.go:477 +0x77
testing.(*B).RunParallel.func1()
testing/benchmark.go:626 +0x156
Previous read at 0x00c42000d3f0 by goroutine 17:
github.com/google/syzkaller/prog.clone()
prog/clone.go:38 +0xbaa
github.com/google/syzkaller/prog.(*Prog).cloneImpl()
prog/clone.go:21 +0x17f
github.com/google/syzkaller/prog.generateHints()
prog/hints.go:95 +0xd0
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1()
prog/hints.go:72 +0x67
github.com/google/syzkaller/prog.foreachSubargImpl.func1()
prog/analysis.go:86 +0x9f
github.com/google/syzkaller/prog.foreachSubargImpl()
prog/analysis.go:104 +0xc8
github.com/google/syzkaller/prog.foreachArgArray()
prog/analysis.go:113 +0x89
github.com/google/syzkaller/prog.foreachArg()
prog/analysis.go:121 +0x50
github.com/google/syzkaller/prog.(*Prog).MutateWithHints()
prog/hints.go:71 +0x18e
github.com/google/syzkaller/prog.BenchmarkHints.func1()
prog/hints_test.go:477 +0x77
testing.(*B).RunParallel.func1()
testing/benchmark.go:626 +0x156
This commit adds tools/check_links.py script, that checks that all local
links from documentation files are valid; fixes some of the invalid links
that we had; and makes travis buildbot check them as well.
This fails on bots with:
strip --strip-debug ./bin/linux_arm64/syz-executor
strip: Unable to recognise the format of the input file `./bin/linux_arm64/syz-executor'
We don't generate debug info for Go binaries to reduce their size.
Don't generate debug info for executor as well.
For akaros this reduces binary size from 4.5MB to 800KB.
We currently use more complex and functional protocol on linux,
and a simple ad-hoc protocol on other OSes.
This leads to code duplication in both ipc and executor.
Linux supports coverage, shared memory communication and fork server,
which would also be useful for most other OSes.
Unify communication protocol and parametrize it by
(1) use of shmem or only pipes, (2) use of fork server.
This reduces duplication in ipc and executor and will
allow to support the useful features for other OSes easily.
Finally, this fixes akaros support as it currently uses
syz-stress running on host (linux) and executor running on akaros.
We currently build fuzzer+stress+execprog per target,
since packages are not installed we build everything 3 times.
This takes time. Install packages before building binaries.
Build fails now and I don't know how to fix it.
"x86_64-linux-gnu-gcc" -o ./bin/linux_386/syz-executor executor/executor_linux.cc \
-pthread -Wall -Wframe-larger-than=8192 -Wparentheses -Werror -O1 -g \
"-m32" -static -DGIT_REVISION=\"8cb7d3dcfcbe11a6d5682743816409d1c8e8f6a0+\"
In file included from /usr/include/bits/errno.h:24:0,
from /usr/include/errno.h:35,
from executor/executor_linux.cc:7:
/usr/include/linux/errno.h:1:23: fatal error: asm/errno.h: No such file or directory
#include <asm/errno.h>
Currently we set GOOS/GOARCH only in host/target targets.
This makes "make fuzzer TARGETARCH=arm64" do a wrong thing,
it still builds for the default value of GOARCH.
Set GOOS/GOARCH for each target individually.
We currently build binaries for all targets into bin.
This makes mess in bin/ and does not allow testing of different archs.
Build target binaries into bin/OS_ARCH/ subdirs.
Host binaries are still built into bin/.
Update #333
Update #324
Update #191
- fix and reorder .PHONY targets
- `make all` now builds everything, to build only essentials run `make main`
- `make all-tools` rename to `make tools`
* Port console to Darwin
* Get syz-executor to build correctly
* Do not export unix and syscall constants
* Add presubmit test
* Add myself to contributors
We used to have all generated files checked in.
Later we removed them (now users are supposed to
run make to generate them). This causes several
problems:
- go get does not work as it tries to build everything
straight away (go get -d works, but users are confused)
- users don't run make and complain that build is broken
- users don't re-run make after updates and complain that
build is broken
- hard to integrate into other build system (even if they
support building Go, they don't support running sysgen
out-of-the-box)
Fixes#216
Stack usage warning currently breaks our internal build (with 16K frame limit).
Executor uses stacks of limited size, that's another reason to not
allow frames of arbitrary size.
Limit stack frame size to 8K.
Reduce tun packet size. We don't need to read out whole packet.
