Most likely reports without proper stack traces were caused by a bug in the
unwinder and are now fixed in 187b96db5ca7 "x86/unwind/orc: Fix
unwind_get_return_address_ptr() for inactive tasks".
Disable trying to use questionable frames for now.
Fixes#1834
Improve used terminology by using better verbs to express the effect of
the whitelist/blacklist.
This also changes executor to exclusively show respectful log messages,
and as per recent conversion, converts the last such case.
This adds one more pattern in the list of recognized once as this is
what they look like in objdump:
c0000000001c21a8: f9 d2 11 48 bl c0000000002df4a0 <__sanitizer_cov_trace_pc>
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
Some terms are normalised on the technical level
but may be oppressive on a societal level.
Replace them with more technically neutral terms.
See the following doc for a longer version:
https://tools.ietf.org/id/draft-knodel-terminology-00.html
Add a default udev rule file to the image creation process in
create-gce-image.sh and create-image.sh.
This change creates a default rule to make udev create a custom-named
symlink for the specific vim2m device.
Fuchsia has strict controls over who can map memory as executable.
Refactoring syz-executor to be able to do that involves a non trivial
amount of work: it needs to run as a fuchsia component and replace stdin
for some other mechanism to communicate with syz-fuzzer (probably a fidl
service and a thin client that proxies stdin/stdout to syz-fuzzer via
ssh).
Mapping memory as executable doesn't seem to be used or needed in
syz-executor at all. After talking with Dmitry, he mentioned that it was
used in a deprecated feature: `syz_execute_func` which would execute
random code. It also allows more scenarios during fuzzing.
For now, I'm removing that option to allow syzkaller continue fuzzing.
This change also refactors all of the error messages adding a string
representation of the `zx_status_t` in error logs.
Manager has already checked what features are present on the target.
But if we detected that, say, USB is missing, we still enabled it
in the starting csource options. This is wrong, increases configuration
minimization time and may lead to some obscure bugs.
HostFuzzer targets require that we cross-compile the csource tests and
then copy them to the target system. The code to copy files is
currently missing from syz-runtest; also, at least for Fuchsia (which
uses HostFuzzer mode), cross-compiling is non-trivial.
I though maybe we need special handling for them:
stop at kmem_cache_alloc function. But now I am not sure.
This can also be an infinite loop which calls kmalloc/kfree.
Let's not change code for now, just fix things with tests
(this is a good representative set).
If we produce no guilty file at all, the report is mailed only to LKML,
which is mostly equivalent to mailing to nobody.
If we skip all files, return the first one.
This commit makes syzkaller build the kasan variant of fuchsia by
default.
Support for kernel address sanitizer has landed in fuchsia since commit
`54c5edfc37afe7294256552cefefca64c6ce7e94`[0].
[0]: https://fxrev.dev/383323
Test various combinations of no debug info,
no coverage instrumentation, no PCs, bad PCs, good PCs,
and what errors we produce for these.
Also implement support for cross-arch reports:
prefix objdump with cross-compile prefix
(e.g. aarch64-linux-gnu-objdump instead of objdump).
