RB tree is just a container (like list we already skip),
the bug is usually in the caller. Skip RB frames.
The new titles are much more informative and have lower chances of collisions.
It's better to keep functionality in packages rather than in main.
It makes it reusable and better organized.
Move machine info functionality to pkg/host and do some cosmetic refactoring.
* syz-manager: finish a prototype
Extract machine info from /proc/cpuinfo and /sys/kvm*/parameters/* and
send it from syz-fuzzer to syz-manager. Append the machine info after
crash reports.
* syz-manager: refactor the code
- Add kvm parameters machine info.
- Store the machine info in the RPCServer instead of the manager.
- Store the machine info in another field instead of appending it after
the original report
- Save the machine info locally in machineInfo*.
* syz-manager: fix coding-style problems
* syz-fuzzer: improve the output from /proc/cpuinfo
Improve the machine info extracted from /proc/cpuinfo by grouping lines
with the same key.
* syz-manager: fix race condition in runInstance
* syz-fuzzer: add tests for collecting machine info
- Add some tests to test collecting machine information.
- Split readCPUInfo into scanCPUInfo so that we can test it.
* syz-fuzzer: refactor scanCPUInfo
Refactor scanCPUInfo so that no sorting is needed.
* syz-fuzzer: refactor some code
Fix some issue that was pointed out on Github.
While investigating an OpenBSD reproducer[1][2] I discovered the
following:
* All threads are stuck on the last `sleep(1000000)` syscall in main(),
hence no output for the test machine.
* Each executor process created in loop() performs one iteration but
exits abnormally during the call to remove_dir().
* Calling remove_dir() will eventually invoke itself recursively since
one of the executed syscall is `mkdir("./file0", 0)` meaning that it
will try to remove the directory created by execute_one(). However,
`opendir(3)` fails with `EACCES` due to the permissions passed to
`mkdir(2)` is zero.
Instead of exiting, trying to remove the problematic directory in a best
effort manner makes the reproducer continue executing the generated
syscalls. This work around might be considered to narrow. Another option
would be to replace the `sleep(1000000)` with `waitpid(-1, NULL, 0)`
until ECHILD is hit.
[1] https://syzkaller.appspot.com/bug?id=6f7ce2a0536580a94f65f44e478732ec505e88af
[2] https://syzkaller.appspot.com/text?tag=ReproC&x=10fd1a71900000
gvisor coverage is not in the range of linux kernel coverage.
So the coverage filter does not work. Detect if running under gvisor
and skip the coverage filter.
If we have a non-repeating C reproducer with timeout > vm.NoOutputTimeout and it hangs
(the reproducer itself does not terminate on its own, note: it does not have builtin timeout),
then we will falsely detect "not output from test machine" kernel bug.
We could fix it by adding a builtin timeout to such reproducers (like we have in all other cases).
However, then it will exit within few seconds and we will finish the test without actually waiting
for full vm.NoOutputTimeout, which breaks the whole reason of using vm.NoOutputTimeout in the first
place. So we would need something more elaborate: let the program exist after few seconds, but
continue waiting for kernel hang errors for minutes, but at the same time somehow ignore "no output"
error because it will be false in this case.
Instead we simply prohibit !Repeat with long timeouts.
It makes sense on its own to some degree: if we are chasing an elusive bug, repeating the test
will increase chances of reproducing it and can make the reproducer less flaky.
Syz repros does not have this problem because they always have internal timeout, however
(1) it makes sense on its own, (2) we will either not use the whole timeout or waste the remaining
time as mentioned above, (3) if we remove repeat for syz repro, we won't be able to handle it
when/if we switch to C repro (we can simplify options, but we can't "complicate" them back).
- Rename bpf_lsm to bpf_trace and put all bpf program types
that use BPF_RAW_TRACEPOINT_OPEN here.
- Add descriptions for types RAW_TRACEPOINT(_WRITABLE), BPF_TRACING and
BPF_EXT.
- Add the hook names for RAW_TRACEPOINT(_WRITABLE).
At least on my dashboard setup, the API call 'job_poll' results in a
NEED_INDEX datastore error.
Add the index definition that the development server generates if you make
the job_poll API call.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Add the following missing FUSE opcodes to the syz_fuse_handle_req
pseudo-syscall: FUSE_COPY_FILE_RANGE, FUSE_UNLINK, FUSE_DESTROY and
FUSE_BATCH_FORGET.
unshare(CLONE_NEWNS) might not be sufficient for making all test processes run in
separate mount namespace, for "mount --make-rshared /" request issued by systemd
causes mount operations issued by test processes visible from outside of test
processes. Issue "mount --make-rprivate /" request after unshare(CLONE_NEWNS).
The fsinfo() system call is under heavy discussion upstream, and it
might be totally changed. As a result it was dropped from linux-next
starting in next-20200819, and the pull request for 5.9
(https://lkml.kernel.org/r/1845353.1596469795@warthog.procyon.org.uk/)
wasn't accepted. Therefore revert the syscall description (commit
4b0871d) for now.
Pull request #1971 add the resource bpf_lsm_btf_id and make that a
required resource for bpf$BPF_LSM_PROG_LOAD. However, we need #2035
merged to get a bpf_lsm_btf_id, and the pull request is currently
blocked by a pahole issue. Thus, bpf$BPF_LSM_PROG_LOAD will be disabled
for now.
This pull request makes bpf_lsm_btf_id optional for
bpf$BPF_LSM_PROG_LOAD, so we can test this syscall before the issue is
resolved.
I periodically see:
2020/08/23 13:33:21 http: superfluous response.WriteHeader
call from main.(*Manager).httpSummary (html.go:72)
which suggest that there are some erros during template execution.
But currently we don't seem to show them properly.
Show them properly and also log.
Currently we only prune recursion for createResource.
But createResource can still recurse into resourceCentric,
this can produce huge programs and may be very slow
(esp. if we already in createResource doing failing attempts).
With this change:
$ CI=yes go test -run TestMutateCorpus -count=2 ./prog
passes in ~3 seconds. If I comment out inGenerateResource
logic, it times out after 100 seconds. So this can indeed
have significant effect on generation/mutation performance.
Make the report generation test more realistic to use PCs
we will use in real life. This shows that PreviousInstructionPC
for 386 is broken. Fix it.
Reported-by: Alexander Lochmann <flipreverse>
See #2067
This commit adds a new option to SSH options, disallowing the
authentication agent. This is specially useful when you are testing
in a machine that sets the `SSH_AUTH_SOCK` environment variable, as
ssh will try to use that authentication agent on each ssh connection.
With commit 7ba05d2dd6 we always write a
fresh loader.conf on each build, but this clobbers any pre-existing
settings that may be required for a given setup. This went unnoticed by
me for a while since bhyve requires no additional preconfiguration, but
clearly syzbot is affected. On the other hand, before that commit we
were appending the same lines upon each build. Use
/boot/loader.conf.local instead.
