syz-cluster: assorted updates #6353
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
a-nogikh
force-pushed
the
features/syz-cluster-kmsan
branch
3 times, most recently
from
80c0327 to
5359099
Compare
a-nogikh
force-pushed
the
features/syz-cluster-kmsan
branch
3 times, most recently
from
cd28977 to
28c6fa9
Compare
a-nogikh
commented
Sep 19, 2025
a-nogikh
force-pushed
the
features/syz-cluster-kmsan
branch
3 times, most recently
from
1b93a29 to
364d86b
Compare
tarasmadan
reviewed
Sep 26, 2025
| parameters: | ||
| - name: test-name | ||
| value: "Build Base" | ||
| value: "Build Base{{=jsonpath(inputs.parameters.element, '$.suffix')}}" |
There was a problem hiding this comment.
Will we have " " after "Base" word?
tarasmadan
reviewed
Sep 26, 2025
syz-cluster/pkg/api/api.go
Outdated
| fsCorpusURL = `https://storage.googleapis.com/syzkaller/corpus/ci2-upstream-fs-corpus.db` | ||
| ) | ||
|
|
||
| const kasanSuffix = " [KASAN]" |
There was a problem hiding this comment.
" [...]" part here is a formatting detail.
I think testName() is a better place for it.
tarasmadan
reviewed
Sep 26, 2025
syz-cluster/pkg/api/api.go
Outdated
|
|
||
| // FuzzConfig represents a set of parameters passed to the fuzz step. | ||
| type FuzzConfig struct { | ||
| Suffix string `json:"suffix"` // E.g. KASAN. |
There was a problem hiding this comment.
"Suffix" is how you use it.
I think something like "type" or "test_type" will improve the readability here.
tarasmadan
reviewed
Sep 26, 2025
tarasmadan
reviewed
Sep 26, 2025
tarasmadan
reviewed
Sep 26, 2025
First build and boot test the base kernel, then proceed to the patched kernel. It prevents us from reporting build/boot errors not introduced by the patch.
Adjut the workflow template and the API to run multiple fuzzing campaigns as a part of single patch series processing.
Instead of passing the values individually, save the FuzzConfig object as JSON and pass it as an artifact. This will simplify adding more new fields.
It will help distinguish them once there are multiple ones.
During triage, process each fuzzing campaign separately as they may have different base kernel revisions (e.g. if the newest revisions of the kernel no longer build/boot under the specific kernel configuration). Refactor the representation of the fuzzing targets in api.go.
Instead of just checking whether the bug was observed on the base crash, accept a regexp of accepted bug titles as well.
Set up a KMSAN fuzzing campaign in parallel to KASAN for the net patches.
Prefixes seem to distinguish the steps better than suffixes.
There's no reason to do first one and then another.
3G is not enough for kernels with KMSAN. Slightly decrease the number of used VMs to fit into the available CPUs/RAM.
KMSAN fails to boot when a specific q35 version is specified.
Instead of a predefined set of manually written syz-manager configs, construct it dynamically from different bits. During triage, select not just one, but all matching fuzzer configurations and then merge them together.
We don't need it to hold it for the call to the externally supplied callback.
There are still situations where we don't properly terminate fuzzing on context cancelation. Add more logging to debug it.
If a boot test step failed and we don't report the finding to the dashboard, print the report/output to the console to facilitate debugging.
Otherwise reproductions sometimes take almost all VMs.
a-nogikh
force-pushed
the
features/syz-cluster-kmsan
branch
from
364d86b to
7ee3357
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A set of refactorings and enhancements for
syz-clusterto support running multiple fuzzing campaigns per each patch series.For networking series, build and fuzz a
CONFIG_KMSAN=ykernel in addition to fuzzing the KASAN kernel.Instead of picking one of the predefined fuzzer configuration, construct the resulting config from all the matching configuration bits.