This commit updates the documentation for fuchsia, updating both the fx
set commands as well as the syz-manager config example.
The invocation for the fx set command changed recently. The new command
requires the user to specify both the product and board (core.x64 and
core.arm64), as well as the build directory (otherwise everything gets
built into `out/default`).
The changes in the syz-manager config are for it to point to the right
files required to run a fuchsia vm.
Apparently, sysroot/include doesn't exist in the build-zircon path
anymore. I changed the path in sys-extract to make it point to the
exported sdk include path.
I also ran make extract and make generate to add new fidl definitions.
TEST=ran make extract and make generate.
This CL changes the invocation of the `fx set` command to match the new
format[0].
This change involves removing "board" and "product" flags. Instead, now one has to use
`fx set product.board` to get the same result. In the case of syzkaller,
this would be "core.${ARCH}" where arch could be x64 or arm64.
Also, the default build directory now is `out/default`, and for now, it
is still not possible to have multiple archs built altogether. I set the
build directory manually to `out/${ARCH}` (as was before). This would
allow syzkaller to also build the kernel for arm if required.
[0]: https://fuchsia.googlesource.com/fuchsia/+/b814211ab33eeb4e8f02962d5c81d042b2464ac7
TEST=Tested this in syz-ci. It worked.
Separate kernel and syzkaller build failures.
Fix logic to understand when a build is fixed:
look if kernel/syzkaller commit changes to understand
if it's a new good build or re-upload of an old build.
Fixes#1014
We override crash with the crash used for bisection
to make the information more consistent.
However if bisection crash only have syz repro
and there is now another crash with C repro,
then we always think that we have not reported C repro
and continue sending the same report again and again.
Don't override the crash with bisection crash in such case.
We currently skip a commit iff all 10 instances errored.
But if, say, only 9 errored we consider it as OK,
but this significnalty reduces chances of detecting flaky crashes.
So skip if more than 2/3 errored.
Update #501
There is a bit of a mess: dashboard expects the start commit
in build info, but syz-ci sends the resulting cause commit.
Moreover for inconclusive bisection the commit is not filled at all.
Fill start commit in build info on start.
Update #501
Add "#syz uncc" command as a safety handle.
The command allows sender to unsubscribe from all future communication on the bug.
Linus mentioned possibility of saying "I'm not the right person for this report"
in the context of bug reminders:
https://groups.google.com/d/msg/syzkaller/zYlQ-b-QPHQ/AJzpeObcBAAJ
Add shorter anchors that does not depend on actual text (subject to change).
This allows to generate shorter stable links to docs.
Let's see if this syntax works.
Such error popped up during bisection on older kernels.
It's already detected properly, yet build failed with just "make failed"...
Unclear why that happened, but the test won't harm.
Update #501
Running bisection using an older repro failed with:
<stdin>: In function ‘syz_mount_image.constprop’:
<stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull]
In file included from <stdin>:26:0:
/usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here
extern int mkdir (const char *__path, __mode_t __mode)
Let's be safe and ignore warnings during repro/bisect.
Everything that runs during tests still has all warnings.
Update #501
The added test triggers warnings like these:
<stdin>: In function ‘syz_mount_image.constprop’:
<stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull]
In file included from <stdin>:26:0:
/usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here
extern int mkdir (const char *__path, __mode_t __mode)
^~~~~
cc1: all warnings being treated as errors
<stdin>: In function ‘syz_open_procfs.constprop’:
<stdin>:530:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
<stdin>:532:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
<stdin>:534:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
Use volatile for all arguments of syz_ functions to prevent
compiler from treating the arguments as constants in reproducers.
Popped up during bisection that used a repro that previously worked.
Update #501
This commit changes the fuchsia git repo to make it point to the main
repo instead of just "zircon".
Previously, zircon had its own git repo, so syzkaller had a wrapper that
would issue jiri commands for the whole fuchsia repo, but would just
report commits in the zircon repo.
Recently, fuchsia merged most of its repositories in just one big git
repo. So now, zircon is part of the fuchsia git repo. I think the code
continued working because the old zircon repo is still part of a git
repository, so git commands worked there.
The new code now doesn't have any special casing for Zircon, and now
(almost) everything is part of the fuchsia repo. The other repos are now
git submodules.
Allow separate sets of managers for patch testing and for bisection.
This makes things more flexible on syz-ci deployment side.
Remove previous hacks for bisection deployment.
Update #501
Use CheckoutCommit instead of SwitchCommitto get the crashing commit.
The problem is with trees like linux-next. They require at least fetching tags
and maybe even different tree (-history).
Use CheckoutCommit which at least fetches tags which is enough
for recent commits.
Update #501
The Fuchsia team is going to remove the `lib/fdio/util.h` library. They
have already moved all the functions to new header files.
I have seen that fuchsia uses `fdio_service_connect`, which has been
moved to the `lib/fdio/directory.h` header file.
This commit just changes the import path in the fuchsia executor, and in
the corresponding generated go file (I made that change by running `make
generate`).
Recently the fuchsia team decided to merge all their subrepos into one
big git repo. This meant that the "zircon" repo doesn't exist anymore.
Instead almost everything is under the fuchsia repo.
This change updates all the reference I could find in the code that
point to the zircon and docs repo to make them point to the new fuchsia
repo.
We already have a pattern to match "Fatal trap N: ..." panics, but the
format of our backtraces has changed since it was added. Add another
pattern which correctly matches a few instances generated by syzbot.
The latter contains only debug symbols and is meant to be used with the
kernel executable. That is, the kernel executable contains a
.gnu_debuglink pointer to kernel.debug. kernel.full contains
everything, including a copy of the kernel's text section, which we want
when enumerating __sanitizer_cov_trace_pc() calls for a coverage report.
In some cases we start scp, which starts ssh,
then kill scp but the ssh subprocess is not killed.
As the result cmd.Wait hangs waiting for EOF on the stdout/stderr,
which are still kept alive by ssh subprocess. But ssh just hangs forever.
Create a process group for each command and kill whole process group.
Hopefully this will help.
1. Mail bugs for second and third reportings to different emails
so that it's possible to distinguish where they are actually mailed.
2. Add bisection test where we skip bug in the second reporting.
Bisection results should go straigth to third as well.
