-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg/csource: sandbox="" causes false positives #498
Comments
FTR, program that causes connection loss:
|
And this one causes "kernel panic: Attempted to kill init!":
|
Another case where removing sandboxing causes problems (presumably): The reproducer is:
The problem is that it contains
running it in a VM and doing
A reproducer produces with:
shows at most 190 processes (6 test processes x 32 limit). I am not sure what exactly is the solution here. Maybe not removing particular csource options for particular bug types (HANGS in this case)? |
This may be another case of a false-positive caused by no sandboxing: The reproducer contains
|
This should now be (at least partially) solved in 9085be7 -- if the sandbox simplification results in a crash title that has not yet been seen during the reproduction process, we don't do the simplification. A sample repro log where it helped: https://syzkaller.appspot.com/text?tag=ReproLog&x=11d57c63980000 |
This should fix all/most problems, right? Should we close this issue then? Do you see any other potential improvements for this? |
I don't immediately see further improvements, let's close. |
There are at least 2 known false positives with sandbox="":
sandbox=none does not have these problems as it unshares most namespaces. To prevent this we need at least CLONE_NEWNET and CLONE_NEWPID. Two options:
The text was updated successfully, but these errors were encountered: