It seems that different gcc's have different defaults for ASAN flags.
Some fail with:
run.go:67: nonfailing none/thr/repeat : FAIL: run 0: call 0 is not executed
ASAN:DEADLYSIGNAL
=================================================================
==67143==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f7b0befb0a2 bp 0x7f7b0cfdad10 sp 0x7f7b0cfda490 T1)
#0 0x7f7b0befb0a1 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x8d0a1)
#1 0x404bbb in syz_compare(long, long, long, long) (/tmp/utor355225125.0+0x404bbb)
#2 0x403cdf in execute_call(thread_t*) (/tmp/utor355225125.0+0x403cdf)
#3 0x404006 in worker_thread(void*) (/tmp/utor355225125.0+0x404006)
#4 0x7f7b0bc584a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
#5 0x7f7b0b99ad0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x8d0a1)
Thread T1 created by T0 here:
#0 0x7f7b0be9ef59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
#1 0x406117 in execute_one() (/tmp/utor355225125.0+0x406117)
Add descriptions for OSS mixer devices, which includes `/dev/mixer` and
its proc file `/proc/asound/card*/oss_mixer`. These descriptions should
improve the coverage of `sound/core/oss/mixer_oss.c`.
Update #533.
Currently we sprinkle NONFAILING all over pseudo-syscall code,
around all individual accesses to fuzzer-generated pointers.
This is tedious manual work and subject to errors.
Wrap execute_syscall invocation with NONFAILING in execute_call once instead.
Then we can remove NONFAILING from all pseudo-syscalls and never get back to this.
Potential downsides: (1) this is coarser-grained and we will skip whole syscall
on invalid pointer, but this is how normal syscalls work as well,
so should not be a problem; (2) we will skip any clean up (closing of files, etc)
as well; but this may be fine as well (programs can perfectly leave open file
descriptors as well).
Update #1918
We set HostFuzzer for all test targets b/c in some contexts
they needed the same special behavior as real HostFuzzer targets
(e.g no checking enabled syscalls).
However, in some other contexts they don't the same special
behavior as real HostFuzzer targets. For example, pkg/ipc
does rate limiting for HostFuzzer and pkg/runtest don't run
C tests for HostFuzzer.
Add special case for test targets in pkg/host,
and don't set HostFuzzer for all test targets
(keep it for one target for better coverage).
Calls to alloc didn't respect the alignment attribute. Now
Type.Alignment() is used to ensure each type is correctly
aligned. Existing descriptions with [align[X]] don't have an
issue as they align to small blocks and default align is to
64 bytes. This commits adds support for [align[X]] for an X
larger than 64.
NFT_BASE_CHAIN was renamed to NFT_CHAIN_BASE.
FTR: make extract on mainline is currently broken to linux-next
only descriptions lately added to sys.txt.
Add Timeout config param for bisections.
Specify timeout in syz-ci as 8h based on the following data.
Out of 1049 cause bisections that we have now:
- 891 finished under 6h (84.9%)
- 957 finished under 8h (91.2%)
- 980 finished under 10h (93.4%)
- 989 finished under 12h (94.3%)
- 1011 finished under 18h (96.3%)
- 1025 finished under 24h (97.7%)
There is also a significant increase in errors/inconclusive bisections after ~8h.
Out of 4075 fix bisections:
- 4015 finished under 6h (98.5%)
- 4020 finished under 8h (98.7%)
- 4026 finished under 10h (98.8%)
- 4032 finished under 12h (98.9%)
Significant increase in errors starts after ~12h.
The current timeout also take into account that bisection jobs
compete with patch testing jobs (it's bad delaying patch testing).
When/if bisection jobs don't compete with patch testing,
it makes sense to increase this to 12-24h.
Fixes#1923
Currently we sandbox all repos b/c we assumed
that all builds are also sandboxes. But this causes
havoc for bisection/patch testing b/c syzkaller build
is not actually sandboxed anywhere. Build creates
root-owned files and then git can't do anything with them
but don't report errors either:
$ git checkout 8eda0b95 && echo OK
error: unable to unlink old 'sys/linux/gen/386.go': Permission denied
error: unable to unlink old 'sys/linux/gen/ppc64le.go': Permission denied
...
HEAD is now at 8eda0b957e
OK
We trust own sources and we don't test syzkaller patches,
so don't sandbox syzkaller repos.
Add descriptions related to IPv4/v6 tunnels
(include/uapi/linux/if_tunnel.h).
Descriptions of netlink actions are not included in this commit.
Update #533.
We used to show number of fixed bugs at the top of the main page.
However, now with the button nagivation, "fixed" is shown on every page.
Fetching and processing all bugs on every page would be unwise.
Cache these stats in memcache. It will be useful to show more stats in future.
Currently we have only "fixed" link at the top of the page.
"invalid" is missing and this is not scalable.
Add natigation buttons (tabs) for main pages.
Use the OpenSBI "jump" firmware with the QEMU -bios parameter to boot
linux/riscv64. This will allow to boot the kernel directly without
having to recompile OpenSBI every time the kernel is recompiled.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Mention the possibility to use `-bios default` to use OpenSBI provided
with QEMU. However, this might not work on all distributions yet, so
make it optional.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
