Hints for data args don't work.
We do all the work, but at the final stage we patch
arg in the _old_ program, not in the _new_ one.
So programs passed to the callback are all the same
and don't contain any mutations.
Tests did not catch this because they work right before that point
(don't test the actual interface function MutateWithHints).
Fix that and add a test that catches this.
In some cases we need to extend a buffer by a large
margin to pass the next if in kernel (a size check).
Currently we only append a single byte, so we can
never pass the if incrementally (size is always
smaller than threshold, so 1-byte larger inputs
are not added to corpus).
Only reset manager failed build if it uploaded _new_
successful build. On manager restart it uploads its
_old_ working build, and it should not reset a later
failed build.
Builds with equal IDs are merged by dashboard,
so if only syzkaller commit has changed
dashboard won't create a new build and the new
syzkaller commit will be lost.
For some reason people sometimes drop syzbot from CC.
Then we receive the message from mailing list and can't
find the corresponding bug.
Log email subject in such cases so that it's easier to find
the corresponding email thread.
exitf function was not defined with some combinations of options in csource.
Fix defines and switch exitf back to fail, fail already checks ENOMEM/EAGAIN,
so there is no reason to use exitf in this particular case.
We have maxCrashes crashes without reproducers + arbitrary number
of crashes with reproducers. Crashes with reproducers can be stale.
Show more crashes.
Unshare as much as we can for all sandboxing modes.
This fixes "kernel panic: Attempted to kill init!" crashes
under sandbox=none. And should just generally improve
reproducibility, e.g. if we unshare SYSVSEM fuzzer won't
collide with any existing semaphores.
GCE serial reply seems to be buggy, we see lots of "serialport: VM disconnected"
and "packet_write_wait: Connection to 1.2.3.4 port 9600: Broken pipe"
errors, which do not have any explanation.
Ignore all serial relay errors.
Forced syzkaller updates is the main reason for syz-ci restarts.
Reduce syzkaller freshness threshold from 6h to 1m.
Rebuilding syzkaller is relatively cheap anyway.
dropNamespace drops all entities related to a single namespace.
Use with care. There is no undo.
This functionality is intentionally not connected to any handler.
To use it, first make a backup of the datastore. Then, specify the target
namespace in the ns variable, connect the function to a handler, invoke it
and double check the output. Finally, set dryRun to false and invoke again.
Also change code to catch such bugs in tests in future.
The problem was that template.Execute already wrote something
into w before returning error, so though the function
returned an error we served 200 instead of 500.
Make it possible to monitor health and operation
of all managers from dashboard.
1. Notify dashboard about internal syz-ci errors
(currently we don't know when/if they happen).
2. Send statistics from managers to dashboard.
Boot and minimally test images before declaring them as good
and switching to using them.
If image build/boot/test fails, upload report about this to dashboard.
Currently getting a complete report requires a complex,
multi-step dance (including getting information that
external users are not interested in -- guilty file).
Simplify interface down to 2 functions: Parse and Symbolize.
Parse does what it did before, Symbolize symbolizes report
and fills in maintainers. This simplifies both implementations
of Reporter interface and all users of the interface.
Potentially we could get this down to 1 function Parse
that does everything. However, (1) Symbolize can fail,
while Parse cannot, (2) usually we want to ignore (log)
Symbolize errors, but otherwise proceed with the report,
(3) repro does not need symbolization for all but the
last report.
Whole raw output is indivisble part of Report,
currently we always pass Output separately along with Report.
Make Output a Report field.
Then, put whole Report into manager Crash and repro context and Result.
There is little point in passing Report as aa bunch of separate fields.
Building the executor via `gcc executor/executor_freebsd.cc ...`
requires that a GCC package first be installed on the FreeBSD VM image.
The FreeBSD base system comes with Clang already installed, so we can
build via `c++ executor/executor_freebsd.cc ...` and avoid having to
install additional packages.
For string[N] we successfully deserialize a string of any length.
Similarly for a fixed-size array[T, N] we successfully deserialize
an array of any size.
Such programs later crash in foreachSubargOffset because static size
Type.Size() does not match what we've calculated iterating over fields.
The crash happens only in SerializeForExec in syz-fuzzer,
which is especially bad.
Fix this from both sides:
1. Validate sizes of arrays/buffers in Validate.
2. Repair incorrect sizes in Deserialize.
