As of commit 3f053259, gVisor sentry panics are no longer sent to the
stderr for "runsc run" by default, as that stderr belongs exclusively to
the application.
As a result, syzbot never sees the gVisor panic stack trace, and is only
reporting errors that occur when waiting for a dead sandbox.
Passing the "-debug" flag to runsc will make the sentry panics visible
to syzbot again.
VM parameters are not defined in config.go, I've found them in qemu.go instead.
Fix for the documentation to make it easier to find all supported parameters for qemu.
We don't need consistent image after reboot since we always reimage.
We know of some use cases that don't use journalling, but don't know
of any that use journalling.
My test harness for this code performed some steps that are not
performed when syz-executor is invoked directy.
Specifcally, we need to operate from a directory under /data/data,
and have the correct UID/GID set as the owner of the directory.
My test harness now correctly sets these, all sandbox operations
succeed, and loop() is invoked.
OpenBSD does not use "first line is title" convention,
so test that this is parsed properly.
Also test that multi-line fix/dup commands are properly parsed.
As a result, the boot time is significantly improved since there's no longer any
need to copy the complete disk.
This feature was recently committed to OpenBSD-current. Any existing base image
used must be recreated, this time using the qcow2 disk format.
This is called from kfree in the added test.
We already ignore everything related to kmalloc/free
and e.g. arch/.*/mm/fault.c, so it looks reasonable
to ignore this one too.
EBUSY is returned when KMEMLEAK is in fact turned off,
not when scanning is already turned off.
That can't be recovered.
So instead check that we can write to the file in the check
function and give useful diagnostics.
The current memcg container seems to lead to lots of hangs/stalls.
Presumably the problem is with oom_score_adj and KASAN.
Executor process tree eats all memory and then the leaf process is killed
but the memory is not returned to memcg due to KASAN quarantine;
and the parent processes are protected from killing with oom_score_adj=-1000.
As the result the kernel locks up.
1. Don't use oom_score_adj=-1000. Instead bump leaf process score to 1000 (kill always).
2. Increase size of memcg to be larger than expected KASAN quarantine size.
Currently it triggers datastore timeouts episodically.
Don't fail build upload if bug commit update fails.
Split the large query into two smaller queries.
We are seeing lots of datastore timeout errors during bug fetch.
It's a bad idea to fetch thousands of bugs in one query,
so fetch them in batches of 1000 bugs.
Hopefully will reduce rate of errors.
This avoids the issue of "android" not having any registered configurations
or syscalls / ioctls / etc, when built with GOOS=android.
This occurs when building in Google3, since --config=android_arm64 selects
the Android toolchain.
Anytime we're running `make extract/generate` with Fuchsia as a target, we
probably want to update FIDL descriptions too, so we don't fall behind
what upstream is up to.
This includes generate_fidl as part of the `make extract` workflow.
Also, corrects fidlgenPath to properly find the path for ARM targets (we
only have host_x64 right now).
KMEMLEAK has lots of false positives and bugs without repros
may be unactionable. It's not completely clear how to handle
such cases in automatic systematic testing.
But let's try this and see how it works.
Rewind kmemleak fd before reading it second time,
otherwise we will read truncated reports.
Auto-learn what leak reports we've already seen
and ignore them in future. This is required because
there are some false positives and some fire too frequently.
So now we will hit each leak only once per manager run,
but we still will try to reproduce them.
syzkaller manages to turn on dynamic debug messages somehow,
which then produces tons of output on console. Disable dynamic
debug on kasan.
Disable bpfilter on kmsan as we already did on kasan.
* tools/create-openbsd-gce-ci: use config from /syzkaller
* Use syzkaller copy of src instead of a separate one.
* Using /dev/null disk in vm.conf
* Use KVM, enable doas, no longer symlink.
* Use a dummmy.img
* Revert "Use a dummmy.img"
This reverts commit 656b24d5e4573dde5e95c6158852001c7241e65a.
This sucks a lot, but ebtables.h is now broken too on Debian 4.17:
ebtables.h: In function ‘ebt_entry_target* ebt_get_target(ebt_entry*)’:
ebtables.h:197:19: error: invalid conversion from ‘void*’ to ‘ebt_entry_target*’
Improve go-fuzz fuzzer function and fix few new bugs it finds:
1. Panic in linux parser (bad).
2. Akaros can report empty rep.Report.
3. Fuchsia can return empty rep.Report.
