On most distributions default grub target is i386-pc, which works.
However, on some default is x86_64-efi, which fails with:
grub-install: error: cannot find EFI directory.
Explicitly specify i386-pc target.
Detect when we send first/non-first email for a bug.
Detect when we send moderation/non-moderation email for a bug.
Fix setting repro level in email reports.
Add end-to-end email reporting tests.
Exec total is affected by initial triage/minimize phase,
so two experiments can have the same execution speed
in the stable mode, but have constant diff due to the initial phase.
The one that is higher looks better, but that's not very important.
Provide execution speed characteristic that is not affected
by initial phase. It is not displayed by default.
Repro can generate Sandbox="namespace"/UseTmpDir=false.
This combination is broken for two reasons:
- on second and subsequent executions of the program,
it fails to create syz-tmp dir
- with Procs>1, it fails right away, because all procs
try to create syz-tmp dir
Don't generate such combination.
We currently have 2 invalid options combinations:
- collide without threads
- procs>1 without repeat
They are invalid in the sense that result of csource.Write
is the same for them. Filter out these combinations.
This cuts csource testing time in half and reduces repro minimization time.
During minimization we create a single memory mapping that contains all
the smaller mmap() ranges, so that other mmap() calls can be dropped.
This "uber-mmap" used to start at 0x7f0000000000 regardless of where the
smaller mappings were located. Change its starting address to the
beginning of the first small mmap() range.
Locking memory is a reasonably legitimate local DoS vector.
E.g. bpf maps allow allocation of large chunks of kernel memory
without RLIMIT_MEMLOCK, which leads to hangups.
Set RLIMIT_MEMLOCK=8MB in executor.
For https://github.com/golang/go/issues/21337.
Since the introduction of aliases is in Go1.9 but Go1.9 hasn't
yet been officially released, let's use go1.9rc1 which is supported
on Travis CI by their Go version getter gimme
https://github.com/travis-ci/gimme
instead of against go1.8.1. This solves the problem on which
our vendored code is updated using Go1.9* syntax but is running
against Go1.8* in Travis CI tests.
Currently hub allows managers to exchange programs from corpus.
But reproducers are not exchanged and we don't know if a crash
happens on other managers as well or not.
Allow hub to exchange reproducers.
Reproducers are stored in a separate db file with own sequence numbers.
This allows to throttle distribution of reproducers to managers,
so that they are not overloaded with reproducers and don't lose them on restarts.
Based on patch by Andrey Konovalov:
https://github.com/google/syzkaller/pull/325Fixes#282
We see some episodic
"failed to delete old crash texts: Call error 11: Deadline exceeded (timeout)"
errors in logs.
Deleting at most 10 bugs should be enough since we do this check
after adding each new crash.
Due to https://github.com/google/syzkaller/issues/316 there're too many
mmap() calls in the programs, and syzkaller is spending quite a bit of
time mutating them. Most of the time changing mmap() calls won't give
us new coverage, so let's not do it too often.
The new app is based on our experience with syz-dash
and is meant to supersede it. This app aims at full
automation of bug lifecycle: reporting, tracking updates,
closing fixed bugs.
The main differences are:
- this app has support for reporting bugs
either by email or using an arbitrary external reporting system
- this app tracks status of bugs
- this app captures more info about kernel builds
KVM_RUN ioctl must have arg set to 0, otherwise it returns EINVAL.
This can lead to syzkaller not able to generate a C repro.
Since arg value is undefined, it might have different values when
executing a program with syz-exeprog vs executing a compiled C repro.
After a change in syscall description the number of syscall arguments
might change and some of the programs in corpus get invalidated.
This change makes syzkaller to generate missing arguments when decoding a
program as an attempt to fix and keep more programs from corpus.
