Add functions to protect and unprotect the coverage buffer. The buffer is
protected from being written to while tracing. When the trace data is
sorted we need to make it read/write, but can return it to read only after
this has completed.
Leave the first page as read/write as we need to clear the length field.
Add retry logic that detects and ignores episodic flakes.
This test episodically flakes on syzbot.
We run with the default timeout, but require a test
to pass in 50+% of cases.
Running 72 test binaries in parallel I am getting 35-44 failures out of 72
with 1 retry. With 3 retries it drops to ~7. With 5 it is close to 0.
Use 7 retries for now. Let's see if it still flakes.
* Remove the environment variable: AKAROS_XCC_ROOT
(refer to commit: brho/akaros bdab8c3a)
* Add environment variable AKAROS_TOOLCHAINS which
points to the parent directory of the old AKAROS_XCC_ROOT.
(refer to commit: brho/akaro 62ec5c3c)
* Add "$AKAROS_TOOLCHAINS/x86_64-ucb-akaros-gcc/bin" to PATH.
Signed-off-by: Aditya Basu <mitthu@google.com>
When the fuzzer starts, it pumps the whole corpus.
If we do it using the final batchSize, it can be very slow
batch of size 6 can take more than 10 mins for 50K corpus and slow kernel).
Use a batch of 30 initially.
Add -B/usr/lib32 to 386 build flags.
The story behind -B/usr/lib32 is not completely clear, but it helps in some cases.
For context see discussion in https://github.com/google/syzkaller/pull/1202
For extractProgSingle() lastEntries are already reversed, so no need to
call reverseEntries().
Also for extractProgBisect() there's no point in reversing the entries,
as the idea is to try connecting multiple programs in chronological order.
Currently it's not possible to list all invalid bugs.
Add a page that does this.
It's not referenced from anywhere as it's unclear who/when
needs it on periodic basis. But if the list is needed
for something one-off, we have it.
Providing additional info, especially regarding syscall arguments, in reproducers
can be helpful. An example is device numbers passed to mknod(2).
This commit introduces an optional annotate function on a per target basis.
Example for the OpenBSD target:
$ cat prog.in
mknod(0x0, 0x0, 0x4503)
getpid()
$ syz-prog2c -prog prog.in
int main(void)
{
syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0);
syscall(SYS_mknod, 0, 0, 0x4503); /* major = 69, minor = 3 */
syscall(SYS_getpid);
return 0;
}
Consolidating FIDL library build mappings in one place, so that it can
be used from extraction, and script invoking fidlgen. This also makes
code clearer, and provides a more natural path for evolutions / dealing
with oddities.
Minor doc update post fx command changes.
pkg/repro only enables leak checking when report type is MemoryLeak.
Since repros from hub always have Unknown type, repro won't reproduce leaks.
Always set report type to MemoryLeak on leak instances.
The csource options lack any relation to the tested OS,
while they do depend on the tested OS (most are linux-specific).
As the result we enable binfmt_misc, but its setup fails on anything
other than linux. As a work-around don't enable binfmt_misc on non-linux.
Currently we have them duplicated in docs/configuration.md
and the actual source in pkg/mgrconfig/config.go.
Documentation is missing in one place or another,
some is outdated, some is phrased slightly differently.
Move all docs to pkg/mgrconfig/config.go and reference it
from docs/configuration.md instead.
Leak checking support was half done and did not really work.
This is heavy-lifting to make it work.
1. Move leak/fault setup into executor.
pkg/host was a wrong place for them because we need then in C repros too.
The pkg/host periodic callback functionality did not work too,
we need it in executor so that we can reuse it in C repros too.
Remove setup/callback functions in pkg/host entirely.
2. Do leak setup/checking in C repros.
The way leak checking is invoked is slightly different from fuzzer,
but much better then no support at all.
At least the checking code is shared.
3. Add Leak option to pkg/csource and -leak flag to syz-prog2c.
4. Don't enalbe leak checking in fuzzer while we are triaging initial corpus.
It's toooo slow.
5. Fix pkg/repro to do something more sane for leak bugs.
Few other minor fixes here and there.
We duplicated the no output timeout in the repro package,
and it got out of sync. It's not 3 mins now, but 5 mins.
Remove the duplication and fix this.
In several places we do special handling for some crash types.
Currently we compare report title with magic strings,
which is error-prone. Add explicit Type to reports.
