reactos/syzkaller
1
0
Fork 0
mirror of https://github.com/reactos/syzkaller.git synced 2024-11-28 13:50:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,629 Commits 4 Branches 0 Tags 180 MiB
58293c9eb3
Commit Graph

2629 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dmitry Vyukov
58293c9eb3 pkg/report: fix kmalloc bug in krealloc 2018-07-16 10:16:21 +02:00
Dmitry Vyukov
92a4950507 pkg/host: add "network devices" feature 
Linux executor sets up some network devices for testing,
detect when that's supported on the machine and don't
do it if it's not supported.
 2018-07-13 12:46:32 +02:00
Dmitry Vyukov
fcdb43e97d sys/linux: regenerate files 2018-07-13 12:44:14 +02:00
Dmitry Vyukov
d1dc5f516d pkg/compiler: fix error format string 2018-07-13 12:35:16 +02:00
Dmitry Vyukov
3d741171f2 pkg/report: add "lock held when returning to user space" format for older kernels 2018-07-13 10:31:26 +02:00
Dmitry Vyukov
06c33b3af0 prog: sanitize calls after hints mutation 
Hints mutation could produce unsanitized calls.
Sanitize calls after hints mutation.
Also sanitize on load (in validate), because bad programs
can already be in corpuses. And it's just the right thing
to do because sanitization rules can change over time.
 2018-07-12 12:40:30 +02:00
Dmitry Vyukov
3986ce95fd pkg/report: add report format for "lock held when returning to user space" 
This report does not have stack trace, so we always detected it as corrupted.
 2018-07-12 12:38:52 +02:00
Dmitry Vyukov
3855819991 dashboard/config: enable CONFIG_DEBUG_AID_FOR_SYZBOT 2018-07-12 12:38:36 +02:00
Dmitry Vyukov
f642b4185a sys/linux: improve fuse descriptions 2018-07-12 12:36:38 +02:00
Dmitry Vyukov
95e7a88b97 sys/linux: implement fuse as normal syscalls 
Remove syz_fuse* and implement them as normal syscalls.
We not have enough expressive power to form mount options.
 2018-07-10 16:18:45 +02:00
Dmitry Vyukov
01e3571841 pkg/host: check that we can open files rather than that they exist 
See issue #640 where /dev/net/tun is present, but open fails with ENODEV.
Check that we can actually open all these files.

Fixes #640
 2018-07-10 13:44:59 +02:00
Dmitry Vyukov
2e0e3130f9 pkg/build: update initrd name 
Seems to have been renamed.
 2018-07-10 11:14:36 +02:00
Dmitry Vyukov
7c31f7a78d pkg/build: always do clean build for fuchsia 
We frequently see boot errors like:

[00010.201] 02991.03067> pkgsvr: 2018/06/30 23:39:41 system: failed to set system root from blob "ccbadb3901372b1e0fc5275f627f708bf3e5f3acfb0d4268638db0ff75fc7fd4": file does not exist

or:

[00003.691] 01126.01153> devmgr: launchpad /fs/blob/e66739acdd3d8efa3b7c9021e2107cf8431765c0b8eb0a1ec7f7dc7fd305f2f7 (pkgfs) failed: launchpad_vmo_from_file failure: -40

Presumably clean build may help.
 2018-07-10 11:05:04 +02:00
Dmitry Vyukov
9fa03fa5c9 syz-ci: don't put dynamic data into boot/test errors 
We append underlying error to the title of boot/test errors.
The error can come from anywhere and can contain dynamic data,
which can cause duplication of bugs.

Put the underlying error into report body instead.
 2018-07-10 10:19:48 +02:00
Dmitry Vyukov
40ed7e838a sys/linux: use fmt in filesystem options 
We currently generate poor formatted intergers,
generate proper integers using the new fmt type.
 2018-07-09 21:42:43 +02:00
Dmitry Vyukov
59da9e4393 sys/linux: use negative consts where useful 2018-07-09 20:54:47 +02:00
Dmitry Vyukov
710eefe85a pkg/compiler: support negative integers 
Currently we have to use 0xffffffffffffffff to represent -1,
and we can't express e.g. -20:20 int range.
Support negative consts to fix both problems.
 2018-07-09 20:47:07 +02:00
Dmitry Vyukov
f25e577041 sys/linux: refine 9p descriptions 
RVERSION needs to use 0xffff tag, otherwise parsing fails.
Use only tags 1 and 2. They are densely allocated,
so most of the time it's 1. And it needs to be correct in
multiple replies for mount to succeed. So limit tag space.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
7004c9c8a8 executor: tweaks for better 9p testing 
See the added comments.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
fb2fc0f4dc prog: fix pointer validation 
Query size after validating the object itself,
otherwise size can panic on corrupted object.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
4bf3b336eb sys/linux: modernize cgroup descriptions 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
e63a51b4b3 sys/linux: modernize selinux descriptions 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
eb5690a56d sys/linux: extend 9p descriptions 
Add actual protocol messages.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
1c667063a8 prog: don't generate filenames that escape sandbox 
All files that fuzzer works with must be in the working dir.
Using "/" is known to cause problems when fuzzer
removes files there or mounts something.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
306ca0571c prog, pkg/compiler: support fmt type 
fmt type allows to convert intergers and resources
to string representation.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
93213ec0d3 syz-manager/mgrconfig: default kernel_src to kernel_obj 
... which in turn defaults to vmlinux.
This makes it possible to only specify vmlinux or only kernel_obj.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
e9da9436ad vm: fix "no output" detection 
We obviously need ticker instead of timer in MonitorExecution.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
ef387e080a syz-manager: don't print loop state on info requests 
Printing loop state on info requests (e.g. due to http requests)
is somewhat confusing as no state change actually happens.
 2018-07-08 22:52:24 +02:00
Dmitry Vyukov
c9a7a4dccd executor: executor fix fuchsia build 2018-07-07 19:08:38 +02:00
Dmitry Vyukov
4b2ad42d41 sys/linux: refine vfat/msdos options 2018-07-07 16:25:40 +02:00
Julia Hansbrough
ab89aea98e sys/fuchsia: Update Fuchsia syscalls. 
Updates cover
* zx_vmo_create
* zx_clock_get_monotonic
* hypervisor- and vCPU-related syscalls
* system_get_features
* some DDK syscalls
 2018-07-07 13:56:36 +02:00
Dmitry Vyukov
6c0c0099a0 sys/linux: add 9p descriptions 
Only mount for now.
 2018-07-06 21:31:31 +02:00
Dmitry Vyukov
3abb98207d pkg/report: detect partial result errors 2018-07-06 20:25:02 +02:00
Dmitry Vyukov
c8672723c6 sys/linux: update autogenerated files 
"sys/linux: add mount$bpf" commit did not include these changes.
 2018-07-06 20:19:58 +02:00
Dmitry Vyukov
3439016dc2 sys/akaros: add all syscalls 2018-07-06 20:19:03 +02:00
Dmitry Vyukov
0b95b8ec49 pkg/host: disable for akaros 
akaros can't have own host version
because fuzzer does not run on akaros,
so just disable it all.
 2018-07-06 20:18:05 +02:00
Dmitry Vyukov
00c977447d dashboard/config: add akaros kernel config 2018-07-06 16:45:21 +02:00
Dmitry Vyukov
0fb38ef496 pkg/report: detect fuchsia double faults 2018-07-06 16:35:21 +02:00
Dmitry Vyukov
9636bc933e sys/linux: add mount$bpf 
Plus some minor assorted fixes.
 2018-07-06 15:29:52 +02:00
Dmitry Vyukov
04bd6c3d9e pkg/instance: pass -os to execprog/fuzzer only for akaros 
Only akaros needs OS, because the rest assume host OS.
But speciying OS for all OSes breaks patch testing on syzbot
because old execprog does not have os flag.
 2018-07-06 14:43:24 +02:00
Dmitry Vyukov
8c2335a205 vm/vmimpl: factor out common code for ssh args and waiting for ssh 
Move common code from 4 vm implementations to vmimpl.
 2018-07-06 14:02:06 +02:00
Dmitry Vyukov
2eaf564197 syz-fuzzer: fix revision checking in case executor is wrapped with ssh 
Some ssh close connection on stdin eof. So give it a pipe.
 2018-07-06 10:30:04 +02:00
Dmitry Vyukov
18403e654c syz-fuzzer: show executor output on failure 2018-07-06 10:04:19 +02:00
Dmitry Vyukov
785a983395
Update syzbot.md 
explicitly specify KMSAN branch for testing
 2018-07-06 09:45:19 +02:00
Dmitry Vyukov
d3b2a0e212 dashboard/config: tune kernel timeouts 
See #516 for description of the problem.

The new scheme is:

1. RCU stalls the highest priority.
CONFIG_RCU_CPU_STALL_TIMEOUT=100
which results in stalls detected after 100-101 secs.

2. Then softlockup detector.
kernel.watchdog_thresh = 55 (sysctl)
which surprisingly detects stalls after 110-132 secs.

3. Then hung tasks and workqueue stalls.
Unfortunately we can't separate them because that would
require setting "no output" timeout to 10+ minutes.
workqueue.watchdog_thresh=140 (cmdline)
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=140
Both are detected after 140-280 secs.

4. Finally, "no output" crashes.
Detected by vm.MonitorExecution after 300 secs.

Fixes #516
 2018-07-05 17:43:41 +02:00
Dmitry Vyukov
435ca9c587 dashboard/config: update kernel configs 
Update to latest kernel.
 2018-07-05 17:41:06 +02:00
Dmitry Vyukov
be77c6967a vm/gvisor: enable watchdog panic 
We need it to crash to detect hangs.
 2018-07-05 17:41:06 +02:00
Dmitry Vyukov
d02d039529 pkg/report: fix lambda demangling 
demangle package does not minimize lambda symbols properly
(does not strip parameters and template paratemeter).
Do it manually.

See: https://github.com/ianlancetaylor/demangle/issues/5
 2018-07-05 13:21:01 +02:00
Dmitry Vyukov
538df42ec7 pkg/repro: provide stats even for failed repro 
Provide stats and logs for failed repro and save it in manager.
In particular log is useful for failed repros,
currently there is no visibility into why bugs
failed to reproduce.
 2018-07-05 13:14:00 +02:00
Dmitry Vyukov
ea88000dd9 vm/qemu: add akaros support 2018-07-05 13:12:39 +02:00