Commit Graph

3309 Commits

Author SHA1 Message Date
Dmitry Vyukov
f034b65dea pkg/report: add parsing of trusty crashes
Update #933
2019-01-14 17:41:04 +01:00
Dmitry Vyukov
744a007c19 pkg/report: strip trailing deadlock reports for real
Oops messages frequently induce possible deadlock reports
because oops reporting introduces unexpected locking chains.
So if we have enough of the actual oops, strip the deadlock message.
2019-01-14 17:24:39 +01:00
Dmitry Vyukov
3085f2752e pkg/report: strip trailing deadlock reports
Oops messages frequently induce possible deadlock reports
because oops reporting introduces unexpected locking chains.
So if we have enough of the actual oops, strip the deadlock message.
2019-01-14 16:47:11 +01:00
Kamil Rytarowski
ecb717ca89 executor: adapt switching to user nobody to be more portable on BSDs
NetBSD uses different uid/gid than FreeBSD/OpenBSD for the user
nobody. Instead of hardcoding the values, retrieve it from the
password entry database.

While there, switch to setuid(2) and setgid(2) calls as they are
good enough and portable. setresgid(2) and setresuid(2) aren't
available on NetBSD.
2019-01-14 09:53:58 +01:00
Kamil Rytarowski
95485883f6 executor: do not call setrlimit(2) for RLIMIT_AS for NetBSD
Setting the limit caused abnormal failure during early init on NetBSD.
2019-01-14 09:52:03 +01:00
Siddharth M
7ffdc16788 docs/netbsd.md: updated documentation for NetBSD
Refactored the document and updated the changes.
2019-01-14 09:51:10 +01:00
Michael Tuexen
9eb9389ab9 executor: update KCOV support for FreeBSD
KCOV support has been added to FreeBSD in r342962. Use
the header file and update the code to latest changes
introduced in the review process.
2019-01-14 09:50:07 +01:00
Michael Tuexen
95f1d718cf tools/kcovtrace: add FreeBSD support
KCOV support has been committed to FreeBSD in r342962. Therefore,
allow this program to be run on FreeBSD.
2019-01-14 09:50:07 +01:00
Greg Steuck
77c702cf1a sys/openbsd: avoid /dev/fd node creation
Prevents corpus explosion with corrupted coverage data.

The two parallel runs of:
`doas ./syz-execprog -cover -coverfile /tmp/{fixed,unfixed} r.syz`
show markedly different coverage pictures:

unfixed:
```
2019/01/12 13:55:38 parsed 1 programs
2019/01/12 13:55:38 executed programs: 0
2019/01/12 13:55:38 call #0: signal 821, coverage 2438
2019/01/12 13:55:38 call #1: signal 243, coverage 1363
2019/01/12 13:55:38 call #2: signal 502, coverage 1993
2019/01/12 13:55:38 call #3: signal 15, coverage 44
2019/01/12 13:55:38 call #4: signal 335, coverage 8196
```

fixed:
```
2019/01/12 13:51:57 parsed 1 programs
2019/01/12 13:51:57 executed programs: 0
2019/01/12 13:51:57 call #0: signal 837, coverage 2491
2019/01/12 13:51:57 call #1: signal 241, coverage 1341
2019/01/12 13:51:57 call #2: signal 27, coverage 61
2019/01/12 13:51:57 call #3: signal 13, coverage 44
2019/01/12 13:51:57 call #4: signal 39, coverage 299
```

The contents of `r.syz` is
```
mknod(&(0x7f0000000180)='./file0\x00', 0x2006, 0x10000016e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002480)=[{&(0x7f0000001480)="<junk>", 0x573}], 0x1)
lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000))
```

So, it's the final lstat which was getting that extra coverage.  In
particular, the end of unfixed.4 has some 4734 values
0xffffffff00000000.
2019-01-14 09:48:45 +01:00
Dmitry Vyukov
c3f3344c78
Update syzbot.md
Mention i386 userspace arch and -m32 flag.
2019-01-11 14:42:31 +01:00
Dmitry Vyukov
a90e03cc92
Update syzbot.md
Mention chmod 0600 on the ssh key, otherwise it's rejected by ssh.
2019-01-11 14:36:23 +01:00
Shankara Pailoor
80dde1721e tools/syz-trace2syz/proggen.go: delete reorderStructFields()
strace incorrectly printed sin6_addr before sin6_flowinfo. To fix this,
trace2syz added reorderStructFields() which swapped back the order. Incorrect
orderings of structs is a bug in strace or in our descriptions so we should
fix the source rather than work around. We have submitted a patch to fix the
sockaddr_in6 decoding in strace so we can safely delete this function.
2019-01-10 17:24:09 +01:00
Dmitry Vyukov
da53282acc pkg/vcs: relax check on git hash length
We've seen 15 and 17 char hashes already.
And 14 wasn't initially in the list, but somebody used it.
Relax the check to 8..40 chars.
2019-01-10 14:35:45 +01:00
Kamil Rytarowski
7835524884 executor: disable gen.go for NetBSD
kvm is Linux specific.
2019-01-10 12:50:45 +01:00
Shankara Pailoor
db9b657915 tools/syz-trace2syz/proggen/proggen_test.go: test ipv6 address conversion 2019-01-10 12:34:28 +01:00
Shankara Pailoor
f9ccea26eb tools/syz-trace2syz/proggen: convert strace byte arrays to int args
strace decodes certain arguments like sockaddr_in.sin_port or sin_addr
as hex strings under -Xraw. This is because the arguments are in network byte
order. This patch supports converting those hex strings to int args if the size
of the string is 1, 2, 4, or 8.
2019-01-10 12:34:28 +01:00
Shankara Pailoor
0108829095 sys/linux: add rand_addr option to ipv6_addr union
rand_addr option is the first option for the ipv6_addr union
and is just an array of 16 bytes. This option makes it easy
for trace2syz to convert ipv6 address as strace decodes
the ipv6 address as a hex string.
2019-01-10 12:34:28 +01:00
Dmitry Vyukov
45c0c1b10e
Update found_bugs.md 2019-01-09 07:23:29 +01:00
Kamil Rytarowski
432a811564 AUTHORS/CONTRIBUTORS: register myself as an author and a contributor 2019-01-09 07:19:02 +01:00
Kamil Rytarowski
fe1c444d38 executor: adapt os_init() to NetBSD with PaX MPROTECT
Initialize syz data segment with protection allowed by PaX MPROTECT.

PROT_MPROTECT() registers future potential protection that is allowed
to be enabled in future.
2019-01-09 06:02:05 +01:00
Andrey Konovalov
204b8f5906 sys/linux: chmod -x *.txt
For some reason some syscall description txt files are +x. Do chmod -x.
2019-01-09 05:46:47 +01:00
Andrey Konovalov
010ed08bc6 fuzzer: fix syscall detection
As pointed out my Mark Rutland, kallsyms entries have format of
__ia32_sys_${NAME} rather than __ia32_${NAME}. Fix the regexps.
2019-01-08 19:52:59 +01:00
Andrey Konovalov
baa5c8e247 fuzzer: speed up syscall support detection
Right now syz-fuzzer does a search through /proc/kallsyms for each syscall
to check whether it's supported. Do one search instead and save the results
to a map. This speeds up syscall detection ~60 times when testing arm64 kernel
on x86. Also add another search pattern for arm64 and add some logging.
2019-01-08 16:06:27 +01:00
Anton Lindqvist
37dd2683f5 docs/openbsd: update found_bugs.md 2019-01-08 07:41:30 +01:00
houjingyi
69d69aa92d Update hints_test.go 2019-01-07 10:01:28 +01:00
houjingyi
fdc2fbc53d Update CONTRIBUTORS 2019-01-07 10:01:28 +01:00
Dmitry Vyukov
ee332608e9 sys/linux: prohibit SNAPSHOT_FREEZE
SNAPSHOT_FREEZE freezes all processes and leaves the machine dead.
2019-01-06 17:39:32 +01:00
Dmitry Vyukov
07e1c79776 pkg/report: improve linux report parsing if we have contexts
If we have contexts, we don't need to strip the first report
at the beginning of the second report.
2019-01-06 16:43:02 +01:00
Dmitry Vyukov
94f8adb5aa
docs/linux: update places with reported bugs
Mention that reported bugs can be on syzkaller-bugs and and syzbot dashboard.
2019-01-06 11:28:11 +01:00
Dmitry Vyukov
53be0a378f pkg/vcs: treat 14-char git hash as hash too
See https://groups.google.com/d/msg/syzkaller-bugs/1inR5v8ftvo/UJWXDtjCFgAJ
2019-01-04 17:44:45 +01:00
Dmitry Vyukov
6838bb9a0f sys/linux: add /dev/ppp descriptions 2019-01-04 15:56:18 +01:00
Dmitry Vyukov
0127e3baa7 pkg/vcs: fetch git tags when checking out particular commit
Fetch of a named remote does not seem to fetch all tags.
This is a problem for linux-next as it contains lots of tags
that are not on the main branch because of periodic rebases.
2019-01-04 15:00:58 +01:00
Dmitry Vyukov
7da2392541 pkg/report: support CONFIG_PRINTK_CALLER
CONFIG_PRINTK_CALLER has reached linux-next:
https://groups.google.com/d/msg/syzkaller/xEDUgkgFvL8/d5bBS3BJBwAJ

Enable CONFIG_PRINTK_CALLER and support parsing of its output format.

This gives us several advantages:
 - output from different contexts don't intermix
 - intermixed output doesn't cause corrupted reports
 - we can keep larger prefix since we know it comes from the same task

Credit for the kernel part goes to Tetsuo Handa.
Also Sergey Senozhatsky and Petr Mladek for reviews of the kernel part.

Fixes #596
Fixes #600
2019-01-03 19:23:07 +01:00
Dmitry Vyukov
709e893d24 prog: don't produce the same program when mutating with hints
No point in producing the same program as result of mutation with hints.
So don't do it.
2019-01-03 13:39:30 +01:00
Dmitry Vyukov
adddc5fd46 prog: remove several sources of non-determinism
Non-determinism is bad:
 - it leads to flaky coverage reports
 - it makes test failures non-reproducible

Remove 4 sources of non-determinism related to maps:
 - file name generation
 - string generation
 - resource generation
 - hints generation

All a test that ensures all main operations are fully deterministic.
2019-01-03 12:23:57 +01:00
Anton Lindqvist
66fcd29b60 docs/openbsd: update found_bugs.md 2019-01-03 10:03:40 +01:00
Anton Lindqvist
752613e615 dashboard/config: enable LOCKF_DIAGNOSTIC on OpenBSD 2019-01-03 09:29:12 +01:00
Dmitry Vyukov
06a2b89fc3 prog, pkg/{csource,ifuzz,ipc,repro}: make tests deterministic on travis
Don't use random seed on travis as it produces flaky coverage reports,
and probably generally better for CI setting.
2019-01-02 11:57:53 +01:00
Eric Biggers
f0491811f9 dashboard/config: enable more linux crypto configs 2019-01-02 11:24:46 +01:00
Eric Biggers
f064b4365d sys/linux/init_alg.go: update algorithms
- Add arm64 implementations of various algorithms
  (these are usually named -arm64, -neon, or -ce)
- Add missing x86 SHA-NI algorithms (sha*-ni)
- Add adiantum    (new in v4.20)
- Add streebog256 (new in v4.20)
- Add streebog512 (new in v4.20)
- Add vmac64      (new in v4.19)
- Add xchacha12   (new in v4.20)
- Add xchacha20   (new in v4.20)
- Remove speck128 (was removed soon after being added to kernel)
- Remove speck64  (likewise)
- Move sm4 from hash list to cipher list
2019-01-02 11:24:46 +01:00
Eric Biggers
b86667864d sys/linux/init_alg.go: sort the algorithm names
Sort the lists of crypto algorithms lexicographically to make it easier
to see which algorithms are included and decide where to add new ones.
2019-01-02 11:24:46 +01:00
Michael Tuexen
3d85f48c14 syz-manager: Improve the computation of getVMOffset() on FreeBSD
On FreeBSD getVMOffset() always returned 0 instead of 0xffffffff.
This breaks the usage of addr2line. For now, just return always
0xffffffff on FreeBSD, since a more sophisticated logic doesn't
seem to be required by now.

Thanks to Dmitry for pointing out that this functions provides
the prefix address.
2018-12-31 19:36:13 +01:00
Dmitry Vyukov
d580c113aa pkg/report: account for new symbol suffixes produced by gcc9 2018-12-31 18:50:05 +01:00
Michael Tuexen
97e0a43fa2 sys/tagets: use appropriate name for KernelObject on FreeBSD 2018-12-31 17:39:24 +01:00
Dmitry Vyukov
ba1af74335 Makefile: fix coverage collection condition 2018-12-31 13:14:11 +01:00
Dmitry Vyukov
70b2a9e855 Makefile: collect coverage report for codecov.io 2018-12-31 12:51:07 +01:00
Dmitry Vyukov
c5499485c2 prog: speed up TestResourceCtors
We check each resource multiple times. Check each resource once.
2018-12-31 12:32:14 +01:00
Dmitry Vyukov
21cdbb61b8 docs/syzbot.md: add reference to gcc 9 2018-12-31 09:28:49 +01:00
Dmitry Vyukov
2b42fdc898 sys/linux: detail ifla_vf_policy/ifla_port_policy/ifla_xdp_policy 2018-12-30 17:36:38 +01:00
Dmitry Vyukov
f7d5ee2d34 sys/linux: add can routes 2018-12-30 16:24:31 +01:00