Currently kernel build failures are insanely verbose
(contain full kernel build output) and there is no
way to separate short descriptions from full output.
Make it possible.
Also try to extract failure root cause froom build log.
Use this in pkg/bisect to not pollute log on build failures.
Update #501
With 5 tries sometimes only 1 fails,
and sometimes we probably have false negatives.
Increase number of tries to 8 and compress
results if they all are the same.
Update #501
If SYZ_DISABLE_SANDBOXING=yes is set, don't do user sandboxing.
Will be usefule for bisection tool which runs locally,
but needs to build kernel.
Update #501
echo 0 to kptr_restrict in /proc/sys/kernel to unhide
kernel pointers when fuzzing for more reliable crash
dedup and easier debugging when analyzing crash.
Exact details of syzbot communication change over time,
so it's a bad idea to hardcode them in each email.
Full details are also quite lengthy, so we can't express
all of them in each email header. And providing partial
info may be worse than just providing a link to full info.
So remove most details from email footer,
and just give links to documentation.
Also clarify docs re when "syz fix" should/can be used.
Only check that syzkaller path is in GOPATH if we are going to build it.
syz-ci image testing does not have syzkaller path in GOPATH,
but it also does not build syzkaller.
Bisect bisects good..bad commit range against the provided predicate (wrapper around git bisect).
The predicate should return an error only if there is no way to proceed
(it will abort the process), if possible it should prefer to return BisectSkip.
Progress of the process is streamed to the provided trace.
Returns the first commit on which the predicate returns BisectBad.
Update #501
syz-ci uses partial (incomplete) manager config in several places.
Currently it is implemented in some ugly way.
Provide better support and unexport DefaultValues and SplitTarget.
Update #501
loop is much more standard than nbd and does not require additional modules.
nbd broke on Debian rolling.
loop also allows parallel execution thanks to losetup -f.
Use loop instead of nbd.
Also improve cleanup logic and add one missing sudo.
Update #501
gcc8 is stricter when dealing with strings and strncpy and demands that
the size of the actual string to be copied to be explicitly smaller than
the size of the destination, just to make sure the NULL terminator is
taken into considerantion. This patch fixes the issue.
Signed-off-by: Ioana Ciornei <ciorneiioana@gmail.com>
Travis is still broken with:
E: Unable to locate package gcc-aarch64-linux-gnu
E: Unable to locate package gcc-arm-linux-gnueabihf
E: Unable to locate package gcc-powerpc64le-linux-gnu
https://travis-ci.org/google/syzkaller/jobs/378034948
Let's at least see what's OS is there and what gcc packages present.
Travis CI started failing with:
E: Unable to locate package gcc-aarch64-linux-gnu
E: Unable to locate package gcc-arm-linux-gnueabihf
E: Unable to locate package gcc-powerpc64le-linux-gnu
make: *** [install_prerequisites] Error 100
https://travis-ci.org/google/syzkaller/jobs/377740347
Let's try to ignore these packages.
Print each constant on separate line.
When compiler prints error messages it prints whole line
containing an error. So currently it prints all constants (thousands).
With this change it prints just the problematic constant.
For now other arches are regenerated on upstream tree.
It does not contain a bunch of consts, so we define them to 1 for now.
arm64 consts are left intact.
video4linux.txt is added to "android" files in syz-extract,
so that future make extract runs don't overwrite arm64 consts.
Also fix VIDIOC_G_FBUF argument direction, currently tests crash with:
panic: call ioctl$VIDIOC_G_FBUF: pointer arg 'buffer' has output direction [recovered]
panic: call ioctl$VIDIOC_G_FBUF: pointer arg 'buffer' has output direction
