We currently have this list in multiple places (somewhat diverged).
Specify this "overcommit" property in VM implementations.
In particular, we also want to allow overcommit for "vmm" type.
Update #712
By using UDEV rules, we can create device nodes which exist at
/dev/ttyUSB.{android device serial}
Which makes it easier to determine which console belongs to a device.
While this is non-standard behavior, it's an inexpensive path check
and makes the lookup faster and deterministic.
echo 0 to kptr_restrict in /proc/sys/kernel to unhide
kernel pointers when fuzzing for more reliable crash
dedup and easier debugging when analyzing crash.
When manager is stopped there are sometimes runaway qemu
processes still running. Set PDEATHSIG for all subprocesses.
We never need child processes outliving parents.
Add a new VM option:
// Ensure that a device battery level is at 20+% before fuzzing.
// Sometimes we observe that a device can't charge during heavy fuzzing
// and eventually powers down (which then requires manual intervention).
// This option is enabled by default. Turn it off if your devices
// don't have battery service, or it causes problems otherwise.
Battery_Check bool
Fixes#258
Sshkey is a property of image, which is in manager config.
Move sshkey to the same location as image.
The motivation for the move is as follows.
Continuous build produces an image and the key,
both need to be passed manager instance.
Continuous build system should not distinguish
different VM types and mess with their configs.
NOTE FOR USERS: this breaks manager configs again.
Hopefully the last time for now. Docs are updated.
VM infrastructure currently has several problems:
- Config struct is complete mess with a superset of params for all VM types
- verification of Config is mess spread across several places
- there is no place where VM code could do global initialization
like creating GCE connection, uploading GCE image to GCS,
matching adb devices with consoles, etc
- it hard to add private VM implementations
such impl would need to add code to config package
which would lead to constant merge conflicts
- interface for VM implementation is mixed with interface for VM users
this does not allow to provide best interface for both of them
- there is no way to add common code for all VM implementations
This change solves these problems by:
- splitting VM interface for users (vm package) and VM interface
for VM implementations (vmimpl pacakge), this in turn allows
to add common code
- adding Pool concept that allows to do global initialization
and config checking at the right time
- decoupling manager config from VM-specific config
each VM type now defines own config
Note: manager configs need to be changed after this change:
VM-specific parts are moved to own "vm" subobject.
Note: this change also drops "local" VM type.
Its story was long unclear and there is now syz-stress which solves the same problem.
This commit adds Odroid C2 support to syzkaller.
It's now possible to specify "type": "odroid" in manager config.
Documentation on how to setup fuzzing with Odroid C2 board is here:
https://github.com/google/syzkaller/wiki/Setup:-Odroid-C2
Note, that after this change libusb-1.0-0-dev package should be
installed to build syzkaller.
If no console found, fall back to 'adb shell dmesg -w'.
This is not reliable, and lots of bugs are detected as 'lost connection'
without any kernel output. But users want this.
syz-fuzzer never exits (normally) so this does not affect syz-manager.
But during reproduction we can run a short running program (no repeat mode)
and currently VMs treat premature exit as an error.
Properly detect when a program exits and let callers decide what to do with it.
Using `adb shell syz-executor reboot` to reboot devices has stopped
working with the recent Android update, probably due to the intro
of seccomp. I have reverted the device reboot logic to use `adb
shell reboot` although it can be flaky at times so that we can
continue to fuzz on devices, until a more reliable solution can be
sought out.
Battery info is provided by some OS services.
With KASAN/KCOV these services take long to startup.
This causes episodic timeouts during battery check.
Increase the timeout.
Some devices may not boot up fast enough when battery check
is done as it currently is in adb.go. Therefore,
getBatteryLevel() is modified to take in a parameter to determine
the number of times to retry before giving up.
For Suzy-Q we matched usb bus/port between adb and console device.
This is not possible for separate serial cables: bus/port are unrelated.
So switch to a different algorithm that supports both Suzy-Q and separate cables.
The overall idea is as follows. We use 'adb shell' to write a unique string onto console,
then we read from all console devices and see on what console the unique string appears.
Log is a simple wrapper around std log package.
It is meant to solve 2 main problems:
1. Logging from non-main packages (mainly, vm/* packages).
Currently they can either always log or not log at all.
But they can't respect program verbosity setting.
Log package allows all packages to use the same verbosity setting.
2. Exposing recent logs in html UI.
Namely we want to tee logs to console and html UI.
Issue #70 reports that a device can be permanently OOM,
if we don't reboot it new fuzzers will be always killed.
And it's generally safer to assume that a device is in
some bad shape initially. So always reboot them on start.
Fixes#70
One common issue we see with android devices is that
fuzzing drains battery episodically, device goes down and
then does not boot until one presses the power button.
Check battery level at the beginning of each cycles
and wait if it is too low.
Current numbers are: wait if level < 20% until it is >=30%.
Let's see how it works.
Fixes#79
The code to detect the ttyUSB number that a Suzy-Q connected device was
exposing wasn't handling the case when the devices were plugged in via a
USB hub (which extends the port numbering scheme). This CL changes the
regexp to detect the serial correctly in these cases as well.
Add timeout to adb invocations and do more reliable reboot.
Clean up temporary files from previous runs.
Also pass enabled syscalls via rpc, as adb barks at too long command line.
Abd is still unreliable, though. Devices hang.
