Commit Graph

761 Commits

Author SHA1 Message Date
Greg Steuck
4093e33b13 Revert "executor: add setuid sandbox for openbsd"
This reverts commit 6565f24da9.
2018-12-10 20:09:24 +01:00
Dmitry Vyukov
c7ba317e9b tools/syz-runtest: test program parsing before booting VMs
It sucks to wait for VMs to boot just to discover that programs don't parse.
2018-12-10 16:37:02 +01:00
Dmitry Vyukov
593b260b02 pkg/ipc: move sandbox helpers from ipcconfig
Currently syz-runtest fails to start because -debug flag is defined
both in syz-runtest and ipcconfig.
But moving sandbox functions we prevent ipcconfig from being imported into syz-runtest.
2018-12-10 16:37:02 +01:00
Dmitry Vyukov
95fe19c19e prog: introduce strict parsing mode
Over time we relaxed parsing to handle all kinds of invalid programs
(excessive/missing args, wrong types, etc).
This is useful when reading old programs from corpus.
But this is harmful for e.g. reading test inputs as they can become arbitrary outdated.
For runtests which creates additional problem of executing not
what is actually written in the test (or at least what author meant).
Add strict parsing mode that does not tolerate any errors.
For now it just checks excessive syscall arguments.
2018-12-10 16:37:01 +01:00
Dmitry Vyukov
5dd495422e syz-manager: move coverage report code to pkg/cover
This will allow better testing and make it possible to reuse this code.
2018-12-10 16:37:01 +01:00
Greg Steuck
6565f24da9 executor: add setuid sandbox for openbsd
* executor/common_bsd: add setuid sandbox

Fixes #833

cc @mptre

* Reduced duplications, resolved TODO.
2018-12-10 11:20:16 +01:00
Dmitry Vyukov
c791837863 executor: fix handling of big-endian bitfields
Currently we apply big-endian-ness and bitfield-ness in the wrong order in copyin.
This leads to totally bogus result. Fix this.
2018-12-08 19:08:08 +01:00
Anton Lindqvist
3350826625 pkg/report: add initial symbolize suppport to OpenBSD 2018-12-08 18:59:10 +01:00
Anton Lindqvist
4e1aade2fe pkg/report: pass the target to each OS report constructor
In order to use the already defined kernel name in sys/targets to reduce
duplications.
2018-12-08 18:59:10 +01:00
Greg Steuck
610352d5d7 pkg/build/openbsd: require kernel config files as configuration data
Previously the config was generated directly, but testing multiple
configurations makes this cumbersome going forward. This makes
kernel_config a mandatory parameter.
2018-12-07 09:50:12 +01:00
Dmitry Vyukov
c1641491e4 pkg/db: provide helper function for database creation
This is needed for both tools/syz-db and tools/syz-trace2syz.
Also, remove code to resolve SHA1 collisions.
Also, don't set db version as we actually want to minimize
and smash these programs like anything else
(not minimizing nor smashing them is only useful during tool testing).
2018-12-06 16:49:37 +01:00
Dmitry Vyukov
764b42c46b pkg/csource: exclude linux/arm64 tests
I think I misinterpreted the error that episodically happens on ci:

collect2: error: ld terminated with signal 11 [Segmentation fault], core dumped
compiler invocation: aarch64-linux-gnu-gcc [-Wall -Werror -O1 -g -o /tmp/syz-executor570589071 -pthread -DGOOS_linux=1 -DGOARCH_arm64=1 -x c - -static]

as OOM, but they all involve aarch64-linux-gnu-gcc:

https://travis-ci.org/google/syzkaller/jobs/461827347
https://travis-ci.org/google/syzkaller/jobs/460226110
https://travis-ci.org/google/syzkaller/jobs/463564291

So I guess the problem can be with the arm64 toolchain that just crashes randomly.
2018-12-05 13:59:01 +01:00
Dmitry Vyukov
2192790481 pkg/csource: reduce short tests
pkg/csource test gets OOM-killed on travis:
https://travis-ci.org/google/syzkaller/jobs/461827347
https://travis-ci.org/google/syzkaller/jobs/460226110

Add several measures:
 - set GOMAXPROCS=1 to restrict parallel processes
 - remove -g from compiler invocation
 - reduce set of tests run in short mode to compensate for GOMAXPROCS=1
 - also reduce set of tests in full mode as they timeout now
2018-12-03 13:29:57 +01:00
Greg Steuck
88746fdf89 pkg/csource: use defines from sys/syscall.h on *bsd
Fixes #841
2018-12-02 13:18:07 +00:00
Michael Tüxen
5a58167323 executor: add support for tap interfaces on FreeBSD 2018-12-01 10:22:39 +00:00
Greg Steuck
d8988561c0 openbsd: repair pkg/csource_test 2018-11-30 19:55:51 +00:00
Dmitry Vyukov
f0d4c650a3 pkg/report: suppress another gvisor OOM 2018-11-30 19:17:05 +00:00
Michael Tuexen
8b13c56200 executor: Use correct macros.
Suggested by Dmitry Vyukov.
2018-11-30 13:48:23 +00:00
Michael Tuexen
9656dc4c83 executor: Fix compilation on FreeBSD.
This is an autogenerated file, but it seem that changes to it
resulting from changes in executor/common_bsd.h must also be
committed.
e
2018-11-30 13:48:23 +00:00
Greg Steuck
6419afbb77 openbsd: run on gce
* build/openbsd: minor cleanup (use tuples instead of maps)

* Grammar nits in comments.

* Simplify openbsd.Create, will defer when there's more than one error exit.

* pkg/build: Support copying kernel into GCE image

* Simple test for openbsd image copy build.

* Cleanup in case something failed before.

* Support multi-processor VMs on GCE.

* More debug

* Reformat

* OpenBSD gce image needs to be raw.

* GC

* Force format to GNU directly on Go 1.10 or newer.

* Use vmType passed as a parameter inside openbsd.go

* gofmt

* more fmt

* Can't use GENERIC.mp just yet.

* capitalize

* Copyright
2018-11-27 13:14:06 +01:00
Dmitry Vyukov
646afdf841 dashboard/app: enlarge stats value column for manager
When numbers become large, they may not fit into 100px.
2018-11-23 14:44:58 +01:00
msvoelker
0ab8db6467 executor: FreeBSD: fixed endian.h path
The include statement for endian.h failed on FreeBSD. Changed include statement to syz/endian.h for FreeBSD.
2018-11-23 11:50:41 +01:00
Dmitry Vyukov
13ab4beeef syz-manager: modernize web UI
1. Use dashboard style.
2. Allow sorting of tables.
3. Show old crashes in grey.
4. Use tables instead of text output for more pages.
5. Show corpus inputs on a separate page to allow copy-pasting.
6. Use standard JS sorting instead of custom bubble sort (much faster).
7. Fix off-by one in table sorting.

Fixes #694
2018-11-22 14:36:32 +01:00
Andrey Konovalov
582e1f0d1d ipc: add ProgInfo struct
This patch add a new struct ProgInfo that for now holds info about each
call in a program []CallInfo, but in the future will be expanded with remote
coverage info. Update all the callers to use the new interface as well.
2018-11-22 13:49:50 +01:00
Dmitry Vyukov
2ee778023a pkg/report: refine rcu stall detection
Add another anchor frame.
2018-11-22 08:22:30 +01:00
Dmitry Vyukov
ccd67a7611 pkg/report: detect Go service panics for fuchsia 2018-11-22 08:21:45 +01:00
Dmitry Vyukov
6839de7050 pkg/report: fix corrupted stack trace checking
We started detecting all kernel reboots as corrupted,
because we considered that after any "Allocated" line
a stack trace should follow.
Kernel boot output now contains:
ima: Allocated hash algorithm: sha256
and there is no stack trace after that.

1. Refine stack trace regexps (we actually want to look for
"Allocated by task PID:" lines).
2. Don't check stacks if report format says that it
does not contain stacks.
2018-11-22 07:40:50 +01:00
Dmitry Vyukov
76b59936da pkg/report: add "PANIC: double fault" report format
Amusing that's another kernel failure mode that we are discovering after 3 years.
One can't even reliably understand when kernel has crashed.
I wonder if syzkaller never hit these, or just never recognized and reported them. We will see.
Don't even want to think about arm kernel output parsing.
2018-11-22 07:10:16 +01:00
Dmitry Vyukov
9f6fc500f0 pkg/build: copy fuchsia ssh key
We've lost is somewhere along the way.
2018-11-21 08:16:32 +01:00
Marco Vanotti
d260249e70 sys/fuchsia: update VMAR syscalls
* sys/fuchsia: update vmar syscalls.

In a previous zircon commit[0], the vmar related syscalls (like
`zx_vmar_map`, `zx_vmar_protect` and `zx_vmar_allocate`) changed the
order of their parameters, making putting the flags parameter as the
second parameter, and renaming it to "options".

This commit modifies vmars.txt so that it reflects the latest state of
the syscalls in zircon. I also modified the usage in
`executor/common_fuchsia.h`

I ran make extract, make generate and compiled syzkaller to test this
change.

[0]: https://fuchsia-review.googlesource.com/c/zircon/+/168060

* sys/fuchsia run make generate

This commit is just the result of running make generate after its
parent. This regenerates the definitions for the modified VMAR syscalls.
2018-11-21 05:56:43 +01:00
Marco Vanotti
37a6ea34f1 pkg/compiler: add error handler in CollectUnused
* pkg/compiler: Add error handler in `CollectUnused`.

This commit adds an error handler for the `CollectUnused` function. The
error handler just panics on any error, but is useful for debugging.

The error handler is used any time `comp` finds an error, and if it's
missing, it will panic due to a `nil` pointer dereference. At least now
we get a better understanding of the errors.

The only user of `CollectUnused` is `sys/fuchsia/fidlgen`, which is
failing now and will be fixed in a future commit.

The output message looks like this:
```
panic: could not collect unused nodes. fidl_net-stack.txt:110:15:
unknown type zx_chan_zircon_ethernet_Device_client
```

* pkg/compiler Better error handling in CollectUnused

This commit changes the default error handler for compiler to
`ast.LoggingHandler`, meaning that if `nil` is passed as an error
handler, `LoggingHandler` will be used instead.

`CollectUnused` now returns an error if any of the subfunctions produce errors.

`fidlgen` is the only caller of `CollectUnused`, and now checks for errors
as well.

* pkg/compiler Add tests for CollectUnused

This commit adds basic tests for the CollectUnused function. There's one
test that checks that it returns the right nodes, and another one that
makes sure that it returns errors when needed.

To make the test clearer, I had to add the error handler as an explicit
parameter in `CollectUnunsed`, instead of using the default one. This
avoid printing garbage in the logs. The `TestCollectUnusedError` function
uses a nopErrorHandler to avoid printing anything.

* pkg/compiler fix presubmit warnings
2018-11-21 02:37:06 +01:00
Dmitry Vyukov
9aca6b5240 pkg/vcs: also recognize Tested-by: git commit tags
For context see:
https://groups.google.com/d/msg/syzkaller-bugs/xiSF9GdiikU/uBoyYyf3AQAJ
2018-11-20 14:20:38 +01:00
Greg Steuck
9bc2a903f0 openbsd: enable packet injection 2018-11-19 20:29:38 -08:00
Dmitry Vyukov
d8004ff2dc pkg/compiler: add vma64 type
8-byte vma is needed in several places in linux descriptions.
2018-11-17 15:46:37 -08:00
Greg Steuck
538a105600 executor: OpenBSD network package injection
Squash of:

* Doc typo

* Ported some tun related functions.

* Copy vnet.txt from linux to openbsd.

* Simplified syz_emit_ethernet and stubbed out vnet.txt.

* Undo clang-format header sorting: headers are order sensitive.

* Uniquify tap devices by pid.

* clang-format off for includes

* Happier clang-format.

* Partially revert "Uniquify tap devices by pid."

Just rely on procid magic instead of getting it from a flag.
2018-11-17 15:42:37 -08:00
Dmitry Vyukov
d1a8851085 sys/targest: introduce target.BuildOS
We can't cross-compile native binaries from just any OS to any other.
For most OSes we can do only native compilation.
Some can only be compiled from linux.
To date we avoided this problem completely (mostly assumed linux build OS).
Make this notion of what can build what explicit.
2018-11-17 11:42:22 -08:00
Anton Lindqvist
1508cc9c44 pkg/csource: add support for creating reproducers on OpenBSD 2018-11-17 10:32:19 -08:00
Julia Hansbrough
b08ee62aec [fuchsia] SSH fix and build invocation fix.
SSH keys are now included at the fx clean-build config.

A proper escape sequence looked weird so use a string literal to pass
that config.

Fixed some typos I found while debugging.
2018-11-16 11:58:29 -08:00
Julia Hansbrough
3a41052e6a [fuchsia] Fix typo in Fuchsia build.
Hey--so I *don't* know a particularly efficient way to test syz-ci right
now.

There's no good config I can find for just running it locally, and I
couldn't find any good unit tests for this function in particular, and
running it manually on a ci server isn't super-appealing since I'd have
to clobber the configuration there to point to my repo instead of the
canonical repo, pull from there, etc.

Do you have any good ideas for testing this before it rolls out?  In
particular I want the invocation to look exactly like:

./scripts/fx set x64 --packages garnet/packages/products/sshd --args 'extra_authorized_keys_file="//.ssh/authorized_keys"'

I thought I'd escaped it properly last time, but, since I couldn't test
it, clearly I goofed.  I *think* this does the right thing but I'd love
a sanity check.  Thanks!
2018-11-15 09:31:46 -08:00
Julia Hansbrough
5f5f6d14e8 [fuchsia] Fix Fuchsia build.
* Needed to clean out the build on the main host. We switched to a
"petal" layout which required a complete rebuild.

* Update SSH interface.  SSH keys have to be set at buildtime via
--args.

* Update fvm.blk location.
2018-11-12 19:07:01 -08:00
Anton Lindqvist
d55a06c0bf pkg/report: do not interpret reorder_kernel lines as a crash on OpenBSD
Sometimes the reorder_kernel error message is truncated causing the current
ignore pattern to fail. Instead, simply reject all lines containing
`reorder_kernel' in order to reduce noisy crash reports.
2018-11-12 12:34:06 -08:00
Dmitry Vyukov
1f38e9aef7 executor: fix inclusion of kvm arch-specific code
We use GOOS now to figure out target arch
(which can be different from host arch).
2018-10-31 13:43:54 +01:00
Dmitry Vyukov
4744d8ccac pkg/report: fix guilty file extraction
reportPrefixLen can become wrong after symbolization
if we symbolize any lines in the prefix.
Adjust reportPrefixLen during symbolization.

Automatic testing of this is problematic
because we would need to symbolize which requires
the object file with debug info.
Tested manually with syz-symbolize.
2018-10-28 19:07:22 +01:00
Dmitry Vyukov
1ba7fd7e65 all: fix code formatting
Reformat, remove debug leftovers, fix comment style.
2018-10-16 13:57:24 +02:00
Dmitry Vyukov
8cd30605ce tools/create-gce-image.sh: create ext4 image without journalling
We don't need consistent image after reboot since we always reimage.
We know of some use cases that don't use journalling, but don't know
of any that use journalling.
2018-10-15 18:56:55 +02:00
Zach Riggle
751b7baf94 Android: Fix sandbox implementation
My test harness for this code performed some steps that are not
performed when syz-executor is invoked directy.

Specifcally, we need to operate from a directory under /data/data,
and have the correct UID/GID set as the owner of the directory.

My test harness now correctly sets these, all sandbox operations
succeed, and loop() is invoked.
2018-10-12 16:39:26 +02:00
Dmitry Vyukov
ba6ddb4336 pkg/report: improve OpenBSD output parsing
OpenBSD produces \n\r for new lines and split output at 79 column.
Handle both of these things.
2018-10-11 19:47:32 +02:00
Dmitry Vyukov
c3772ff106 pkg/email, pkg/vcs: test that OpenBSD-style commits are handled
OpenBSD does not use "first line is title" convention,
so test that this is parsed properly.
Also test that multi-line fix/dup commands are properly parsed.
2018-10-11 19:47:32 +02:00
Scott Graham
5f818b4b9f executor: Fuchsia: Use zx_task_resume_from_exception()
zx_task_resume() is deprecated; switch to using
zx_task_resume_from_exception() instead.
2018-10-10 19:45:24 +02:00
Dmitry Vyukov
ba8cd6d708 pkg/report: ignore arch/.*/mm/physaddr.c as guilty file
This is called from kfree in the added test.
We already ignore everything related to kmalloc/free
and e.g. arch/.*/mm/fault.c, so it looks reasonable
to ignore this one too.
2018-10-10 17:32:28 +02:00