1. Logical executor failures were not handled in waitServing.
2. Fuzzer did not distinguish temporal errors and logical errors
and always waited for 10 errors before crashing.
Fix that.
create-image.sh tries to enable eth0 network interface of the virtual machine,
but there is no eth0 in a fresh debian-wheezy, since biosdevname renames interfaces.
VM log quotation:
e1000 0000:00:03.0 eth0: (PCI:33MHz:32-bit) 52:54:00:12:34:56
e1000 0000:00:03.0 eth0: Intel(R) PRO/1000 Network Connection
e1000 0000:00:03.0 ens3: renamed from eth0
...
Cannot find device "eth0"
Bind socket to interface: No such device
Failed to bring up eth0.
The simplest fix is disabling biosdevname by adding "net.ifnames=0 biosdevname=0"
to the kernel command line.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
create-image.sh adds the string "V0:23:respawn:/sbin/getty 115200 hvc0" to inittab
of a virtual machine, but a fresh debian-wheezy doesn't have a hvc0 device.
So getty fails to start and respawns over and over again:
INIT: Id "V0" respawning too fast: disabled for 5 minutes
Let's fix create-image.sh to have a working VM terminal.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
E.g. if binary is 'syz-executor' and pid=15,
we create a link from 'syz-executor15' to 'syz-executor' and use 'syz-executor15' as binary.
This allows to easily identify program that lead to a crash in the log.
Log contains pid in "executing program 15" and crashes usually contain "Comm: syz-executor15".
I see a bunch of reports of the form:
KASAN: use-after-free Read of size 4059 in copy_from_iter
but size is different in all reports.
This hampers deduplication.
Don't print size.
CreateVMConfig uses fileutil.ProcessTempDir to assign indices to VMs.
fileutil.ProcessTempDir generates unique indices globally across several processes.
This was required for old vm/qemu code that used the index to choose unique ssh port for the VM.
Now vm/qemu does not use index as port and this global index assignment started
causing problems for adb and gce. Adb really needs indexes to be dense --
index is used to choose adb device id (if we have 2 devices, index 3 causes
out of bounds panic). For gce it leads to creation of unnecessary VM instances
(if I set count=4, I want at most 4 VMs created).
Don't use fileutil.ProcessTempDir-generated index in CreateVMConfig
and instead just use the dense indices passed by caller.
With this change manager will run reproduction on crashes
until reproducer is discovered, but at most 3 times.
If reproducer is discovered it is saved with crashes and shown on the web UI.
Currently the added test description leads to crashes:
--- FAIL: TestMinimizeRandom (0.12s)
prog_test.go:20: seed=1480014002950172453
panic: syscall syz_test$regression0: pointer arg 'f0' has output direction [recovered]
panic: syscall syz_test$regression0: pointer arg 'f0' has output direction
The description is OK. Fix that.
Add config bin_args parameter that contains additional arguments for qemu binary.
This allows to specify e.g. "bin_args": "-machine virt -cpu cortex-a57".
Also restore qemu debugging output when -debug flag is specified.
Factor out repro logic from syz-repro tool,
so that it can be used in syz-manager.
Also, support sandboxes in code generated by
csoure. This is required to reproduce crashes
that require e.g. namespace sandbox.
/dev/console known to cause problems on at least two different kernels.
It can turn off all output or produce massive amounts of garbage on console.
Disable it for now.