* Modify createBisectJob() to retrieve bugs that are potential candidates for both
BisectCause and BisectFix.
* Modify TestBisectCause() to account for BisectFix jobs that are
returned when polling.
* Add TestBisectFixJob() to check that BisectFix jobs are returned only
after 30 days of reporting.
* pollCompletedJobs() is currently called to fetch finished bisection
jobs for reporting purposes. Modify it to not return BisectFix jobs so
that they are not reported.
The build failed with:
./fuzzit.sh: line 13: go-fuzz-build: command not found
Though we go get it in make presubmit. Perhaps, local files
are not shared between jobs or something. Let's try to get get
right in fuzzit.sh.
Update socket timeval, timestamp options and flags.
v2: separate SO_{TIMESTAMP, TIMESTAMPNS}_{OLD, NEW} as they only need
enable/disable option value.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Better coverage reports with hierarchical coverage information,
number of programs covering each line,
handling of partially covered lines,
links to programs covering lines.
Fixes#682
If we deserialized a huge blob (larger than max blob size),
then we can get a negative size in the "Insert random bytes" case at:
if r := int(maxLen) - len(data); n > r {
n = r
}
Don't insert bytes if data is already larger than maxLen.
Default value for ProcType is 0 (same for all PID's).
Usually 0 either does not make sense at all or make different PIDs collide
(since we use ProcType to separate value ranges for different PIDs).
So don't change ProcType to 0 unless the type is explicitly marked as opt
(in that case we will also generate 0 anyway).
Ensure that tests consume all external reports as we already do for emails.
Reports is the most important thing because they involve people,
so tests need to be explicit and we want to notice changes in any reporting.
After f613a7c4 ("pkg/cover: fix prefix computation") we stopped trimming
starting "/" from linux path names. This broke get_maintainers.pl script
which is now given non-existent absolute paths (e.g. "/mm/mmap.c"),
as the result syzbot can't find any maintainers for bug reports
and mails them into lkml limbo.
Trim starting slashes and dots. Extend tests for catch this.
We now pass 5 arguments through a bunch of functions,
this is quite inconvinient when the set of arguments changes.
Incapsulate all arguments in a struct and pass/store it as a whole.
$ runsc -h
...
-alsologtostderr=false: send log messages to stderr
...
Now gvisor doesn't send log messages on stderr by default,
and if we want to see these messages, we need to specify the
alsologtostderr option.
This commit removes a dependency on fuchsia's tools/devshell/contrib/go,
which was removed recently[0].
Now to build go binaries for fuchsia we are not relying on the
fuchsia.git repo at all. The code just needs a copy of the fuchsia
//third_party/go repository, the fuchsia sdk and a copy of clang.
Users should download the sdk and clang beforehand (see documentation
for links), and then run (with the correct environment variables):
```
$ make TARGETOS=fuchsia TARGETARCH=amd64 \
SOURCEDIR=$HOME/fuchsia \
FX_SDK_PATH=${HOME}/sdk/fuchsia-sdk \
CLANG_PATH=${HOME}/sdk/clang \
fuchsia_go
```
After that, they will be able to build the syzkaller go binaries by
doing:
```
$ make TARGETOS=fuchsia TARGETARCH=amd64 \
SOURCEDIR=$HOME/fuchsia \
FX_SDK_PATH=${HOME}/sdk/fuchsia-sdk \
CLANG_PATH=${HOME}/sdk/clang
```
This commits adds two scripts to tools/fuchsia, one for building go in
fuchsia (just calls the ./make.all script in fuchsia's go repo), and one
that replaces the devshell/contrib/go script.
Given that go is unsupported in fuchsia, this change might break at any
point.
[0]: https://fuchsia-review.googlesource.com/c/fuchsia/+/291631
This change modifies the way fuchsia is built to add the ssh keys to the
zbi image after building it. Previously that was done via the
"extra_ssh_keys" argument to the build system, but that was removed
recently.
* sys/linux: extract USB HID ids
As it turns out the HID kernel subsystem registers only one USB driver that
checks that the interface of the connected device has HID class and then looks
up its own list of vendor/device ids to find a matching driver. This means
that we currently don't generate proper vendor/device ids for USB HID devices.
This patch updates the syz-usbgen tool to also extract USB HID vendor/device
ids from a running kernel and makes the generated descriptions for HID devices
to be patched using the extracted ids.
This patch also contains some minor improvements to USB descriptions
(better HID descriptions and more replies for some USB classes/drivers).
* sys/linux: run make generate
Currently we use AT_FDCWD as a special value for all file descriptors,
but it does not make sense for almost all of them (sockets, bpf, etc).
Use it as a special value only for fd_dir.
A process with CAP_SYS_NICE can bring kernel down by asking for too high SCHED_DEADLINE priority,
as the result rcu and other system services that use kernel threads will stop functioning.
Some parameters for SCHED_DEADLINE should be OK, but we don't have means to enforce
values of indirect syscall arguments. Peter Zijlstra proposed sysctl_deadline_period_{min,max}
which could be used to enfore safe limits without droppping CAP_SYS_NICE, but we don't have it yet.
See the following bug for details:
https://groups.google.com/forum/#!topic/syzkaller-bugs/G6Wl_PKPIWI
Running sys/*/test programs requires real machines and kernels for each OS.
We can't do that in unit tests, but at least try to deserialize these programs
so that they don't get rotten.
Ensure that we have at least 1GB per Makefile job.
Go compiler/linker can consume significant amount of memory
(observed to consume at least 600MB). See #1276 for context.
Update #1276
One instance we observed that objdump hanged due to stdout
pipe overflow due to panic in archCallInsn.
The reason for the original panic is still unclear,
but fix the objdump hang. We need to terminate objdump
and propagate the panic.
Also extend the panic messages.
* sys/fuchsia: update zx_clock_get.
zx_clock_get was deprecated and replaced by zx_clock_get_new. In a
recent CL[0], they replaced the zx_clock_get by zx_clock_get_new and
moved all client. This commit updates syzkaller to use the new function.
[0]: https://fuchsia-review.googlesource.com/c/fuchsia/+/298575
* run make extract && make generate
