Instead of always closing open fds (number 3 to 30) after each program,
add an options called EnableCloseFds. It can be passed to syz-execprog,
syz-prog2c and syz-stress via the -enable and -disable flags. Set the
default value to true. Also minimize C repros over it, except for when
repeat is enabled.
We now have too many namespaces and bugs.
Main page takes infinity to load.
Also almost nobody is interested in more than 1 namespace.
So split main page per-namespaces.
Add /admin page and move logs, jobs, manager onto it.
The main page is too overloaded and takes too long to load.
We need to start splitting it. This is a first step.
pkg/host/host_linux.go: Add "arm" to kallsyms support test.
pkg/host/host_test.go: TestKallsymsParse(): Add entry to test arm kallsyms parsing support.
This commit moves the definition of the `syz_execute_func` after the
block of code that imports all the OS specific common headers.
This is required because after commit
dfd3394d42ddd333c68cf355273b312da8c65a51 `syz_execute_func` started
using the `NONFAILING` macro, which is defined in those header files for
each OS.
I also ran `make generate`.
TEST=I only tested that the executor works for Fuchsia with:
```shell
$ make executor TARGETOS=fuchsia TARGETARCH=amd64 SOURCEDIR=~/fuchsia
```
This commit modifies the common_fuchsia.h file changing the behavior of
the `syz_future_time function`. Before, the function used to have a switch
case that would fallthrough, making it always set the delta_ms to 10000.
The fix is to add a `break;` statement after each switch case.
We cannot create folders in other directories anymore, for now, we only
have access to create directories in /data/. This change is temporary as
we move to a component-based world.
The fuzzer gained control over host machines again with something like:
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a91914e424a2664f0ff065b460f343030062e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")
Let's see if perturbing syz_execute_func a bit and wiping registers
will stop the outbreak.
The 1 hour timeout is quite high. But we've seen false positives with 20 mins
on the first build after bazel/deps update. Also other gvisor instances running
on the same machine contribute to longer build times.
We are hitting quotas for operation completion polling.
Not surprising since we create/delete instances all the time.
Slightly decrease rate of polling.
Ptr type has special handling of direction (pointers are always input).
But buffer type missed this special case all the time.
Make buffer less special by aliasing to the ptr[array[int8]] type.
As the result buffer type can't have optional trailing "opt" attribute
because we don't have such support for templates yet.
Change such cases to use ptr type directly.
Fixes#1097
svn commit 231296 matches commit d29e939c63b71 ("Add fuzzing coverage support") in the gcc git. The change is part of gcc 6.1.0.
Replace the svn commit number with a gcc version which everyone can easily compare.
Related links: 58f4df3c1b (diff-4552954e64a20391a1a3b5fd3e494bc3)
gometalinter says:
pkg/compiler/consts.go:192:⚠️ internal error: no range for "n" (vetshadow)
pkg/compiler/consts.go:197:⚠️ internal error: no range for "n" (vetshadow)
prog/encoding.go:862:⚠️ declaration of "v" shadows declaration at prog/encoding.go:852 (vetshadow)
This somehow happens only with Go1.11 but not 1.12 so wasn't detected locally.
The prog warnings looks legit.
The pkg/compiler warning was amusingly introduced to please golangci-lint checker,
revert that fix for now.
Final reproducers are crafty. Sometimes they just stop working.
In that case the detailed listings of the programs executed by syz-repro
are very helpful. Let's print them at the loglevel 3.
We currently manually call extractRootCause in few selected places
to denote kernel build errors that we want to report to developers.
The rest are considered infra errors that we don't report.
This does not work well. We are missing fuchsia and gvisor build errors.
Treat all external command exection failures as kernel build errors instead.
Let's see how this works in practice.
Also add bazel-specfic error patterns and tests.
This commit adds the "//bundles:tools" packages to the fuchsia build
used for syzkaller. This includes ssh tools, which includes scp.
TEST=I have tested this on syz-ci. Fuchsia is now able to pass the image
test.
