As asked by Peter Zijlstra: "the lack of whitespace between "repro:"
and the URL makes it hard to copy paste".
We keep lines below 78 colons because otherwise some email clients will reflow them.
And also we want it all properly aligned as asked by Ted Ts'o.
So shorten "syzkaller repro" to "syz repro".
To make it possible to provide URLs that jump to a specific BugNamespace,
this adds clickable anchors for each of the BugNamespaces without changing
the current appearance of the h2 tag.
If we build fuchsia with asan, syz-executor binary fails to run with:
$ /tmp/syz-executor
[00041.656] 01128.01275> dlsvc: could not open 'libc++.so.2'
[00041.656] 06074.06088> Error loading shared library libc++.so.2: ZX_ERR_NOT_FOUND (needed by
[00041.656] 06074.06088> /tmp/syz-executor
[00041.656] 06074.06088> )
[00041.656] 01128.01275> dlsvc: could not open 'libc++abi.so.1'
[00041.656] 06074.06088> Error loading shared library libc++abi.so.1: ZX_ERR_NOT_FOUND (needed by
[00041.656] 06074.06088> /tmp/syz-executor
[00041.656] 06074.06088> )
[00041.663] 01128.01275> dlsvc: could not open 'libunwind.so.1'
[00041.663] 06074.06088> Error loading shared library libunwind.so.1: ZX_ERR_NOT_FOUND (needed by
[00041.663] 06074.06088> /tmp/syz-executor
[00041.663] 06074.06088> )
Disable asan until we figure out how to fix this.
Topaz contains end user applications that are not interesting for us
and only increase build time. The applications also consume lots of memory,
so switching to garnet should leave more memory for the fuzzer
(maybe eliminate some OOMs).
syscall accepts args as ellipsis, resources are uint64
and take 2 slots without the cast, which is wrong.
Cast resources to long when passing to syscall.
We forgot to mount binfmt_misc. Mount it. Add a test.
Increase per-call timeout, otherwise last execve timesout.
Fix csource waiting for call completion at the end of program.
It should be in <linux/fs.h> but is not there on some distros/arches as expected.
Travis build fails with:
<stdin>: In function ‘remove_dir’:
<stdin>:152:13: error: variable ‘attr’ has initializer but incomplete type
<stdin>:152:13: error: excess elements in struct initializer [-Werror]
<stdin>:152:13: error: (near initialization for ‘attr’) [-Werror]
<stdin>:152:21: error: storage size of ‘attr’ isn’t known
<stdin>:153:20: error: ‘FS_IOC_FSSETXATTR’ undeclared (first use in this function)
<stdin>:153:20: note: each undeclared identifier is reported only once for each function it appears in
<stdin>:152:21: error: unused variable ‘attr’ [-Werror=unused-variable]
cc1: all warnings being treated as errors
https://travis-ci.org/google/syzkaller/jobs/413574080
Support checking "blocked"/"unfinished" flags for calls.
Support test constanints, e.g. "requires: threaded" or "requires: -sandbox=setuid".
Some improvements in tools/syz-runtest.
Update #603
With checkpoint_net_namespace moved to setup_common,
and Android fuzzing session terminates prematurely due to
ipv4_tables not being initialized at this time.
Moving the call back to loop fixes this behavior.
If the test process is not dying after 100ms,
abort all fuse connections in the system.
This gets rid at least of simple fuse deadlocks,
let's see how well this works in all cases.
In pkg/ipc we don't just want to UmountAll,
we want to remove all handling as many cases as possible
(mounts, read-only files, etc, similar to executor's remove_dir).
So unmounting and removing needs to be a single function,
so that it can handle all these cases.
os.Args[0] can be just binary name which was looked up using $PATH.
In such case copy will fail because the path does not exist.
Lookup binary name using $PATH.
The tool is run as:
$ syz-runtest -config manager.config
This runs all programs from sys/*/test/* in different modes
on actual VMs and checks results.
Fixes#603
Add syz_errno syscall which sets errno to the argument,
and add a test with different errno values.
This mostly tests the testing infrastructure itself.
Add syz_compare syscall which compare two blobs,
this can be used for testing of argument memory layout.
Implement syz_mmap and fix Makefile to allow building syz-execprog for test OS.
Useful for debugging.
Update #603
Package runtest is a driver for end-to-end testing of syzkaller programs.
It tests program execution via both executor and csource,
with different sandboxes and execution modes (threaded, repeated, etc).
It can run test OS programs locally via run_test.go
and all other real OS programs via tools/syz-runtest
which uses manager config to wind up VMs.
Test programs are located in sys/*/test/* files.
Update #603
