From 74ccb06de76667d48ea91a800ff78a4ae1ce24c2 Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Thu, 9 Oct 2025 12:31:31 +0200 Subject: [PATCH 1/3] syz-cluster: regenerate fuzz config tests After kfuzztest has been merged, the configs have become a little big bigger. Regenerate them in a separate commit to reduce noise in further commits. --- .../pkg/fuzzconfig/testdata/mixed/bpf_io_uring.base.cfg | 3 ++- .../pkg/fuzzconfig/testdata/mixed/bpf_io_uring.patched.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.base.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.patched.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/default.base.cfg | 3 ++- .../pkg/fuzzconfig/testdata/singular/default.patched.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/fs.base.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/fs.patched.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.base.cfg | 3 ++- .../pkg/fuzzconfig/testdata/singular/io_uring.patched.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.base.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.patched.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/net.base.cfg | 3 ++- syz-cluster/pkg/fuzzconfig/testdata/singular/net.patched.cfg | 3 ++- 14 files changed, 28 insertions(+), 14 deletions(-) diff --git a/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.base.cfg index 6c4b3d58eab9..13e56038c1a4 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.base.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.base.cfg @@ -85,6 +85,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.patched.cfg index 20ee2f34e2dc..6c4914430dd8 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.patched.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_io_uring.patched.cfg @@ -86,6 +86,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.base.cfg index 79d1339c0f31..472be5c08cf1 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.base.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.base.cfg @@ -68,6 +68,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.patched.cfg index d84b23e3bc89..cc091d9db28f 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.patched.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/bpf.patched.cfg @@ -69,6 +69,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/default.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/default.base.cfg index 28c8c600d869..7d1fcd3f707b 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/default.base.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/default.base.cfg @@ -44,6 +44,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/default.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/default.patched.cfg index a6c0611fc7e4..c864d293984e 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/default.patched.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/default.patched.cfg @@ -45,6 +45,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.base.cfg index 8515dfe1931f..e4cd140950d1 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.base.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.base.cfg @@ -163,6 +163,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.patched.cfg index 388ec43edd1f..70d1e1e39c6c 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.patched.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/fs.patched.cfg @@ -164,6 +164,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.base.cfg index 94990b8126a4..de3dc0bfa799 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.base.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.base.cfg @@ -58,6 +58,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.patched.cfg index 3f4877afc183..bc69759f05e7 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.patched.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/io_uring.patched.cfg @@ -59,6 +59,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.base.cfg index bdfe653ef6fb..d9b182e1877c 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.base.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.base.cfg @@ -52,6 +52,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.patched.cfg index fc487b270397..59c4f7b4a08a 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.patched.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/kvm.patched.cfg @@ -53,6 +53,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/net.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/net.base.cfg index 641241acb77c..d14db2a4b4a9 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/net.base.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/net.base.cfg @@ -113,6 +113,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/singular/net.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/singular/net.patched.cfg index 8d79a108a2ac..833ed1ffc946 100644 --- a/syz-cluster/pkg/fuzzconfig/testdata/singular/net.patched.cfg +++ b/syz-cluster/pkg/fuzzconfig/testdata/singular/net.patched.cfg @@ -114,6 +114,7 @@ "reset_acc_state": false, "remote_cover": true, "cover_edges": false, - "descriptions_mode": "manual" + "descriptions_mode": "manual", + "enable_kfuzztest": false } } \ No newline at end of file From e89c1615f2913c9b4228bb20ca62b737f5a8bf3e Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Thu, 9 Oct 2025 12:29:12 +0200 Subject: [PATCH 2/3] syz-cluster: use the virtio networking device with KMSAN e1000 is temporarily not an option due to a boot-time bug: https://lkml.org/lkml/2025/10/2/143 Refactor the config generation logic to accomodate merging multiple config chunks. --- syz-cluster/pkg/api/api.go | 1 + syz-cluster/pkg/fuzzconfig/generate.go | 65 +++++++++------- syz-cluster/pkg/fuzzconfig/generate_test.go | 7 ++ syz-cluster/pkg/fuzzconfig/kmsan.cfg | 5 ++ .../testdata/mixed/bpf_kmsan.base.cfg | 75 ++++++++++++++++++ .../testdata/mixed/bpf_kmsan.patched.cfg | 76 +++++++++++++++++++ 6 files changed, 201 insertions(+), 28 deletions(-) create mode 100644 syz-cluster/pkg/fuzzconfig/kmsan.cfg create mode 100644 syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.base.cfg create mode 100644 syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.patched.cfg diff --git a/syz-cluster/pkg/api/api.go b/syz-cluster/pkg/api/api.go index 2016461d1454..1577d8b28441 100644 --- a/syz-cluster/pkg/api/api.go +++ b/syz-cluster/pkg/api/api.go @@ -34,6 +34,7 @@ type FuzzConfig struct { Track string `json:"track"` // E.g. KASAN. Focus []string `json:"focus"` CorpusURLs []string `json:"corpus_urls"` + KMSAN bool `json:"kmsan"` // Needed for some temporary workarounds. // Don't expect kernel coverage for the patched area. SkipCoverCheck bool `json:"skip_cover_check"` // Only report the bugs that match the regexp. diff --git a/syz-cluster/pkg/fuzzconfig/generate.go b/syz-cluster/pkg/fuzzconfig/generate.go index 5b503e3ae25e..f1c5db4a4508 100644 --- a/syz-cluster/pkg/fuzzconfig/generate.go +++ b/syz-cluster/pkg/fuzzconfig/generate.go @@ -19,50 +19,59 @@ var baseConfigJSON []byte //go:embed patched.cfg var patchedConfigJSON []byte +//go:embed kmsan.cfg +var kmsanConfigJSON []byte + // GenerateBase produces a syz-manager config for the base kernel. // The caller must still invoke mgrconfig.Complete. func GenerateBase(cfg *api.FuzzConfig) (*mgrconfig.Config, error) { - var baseRaw json.RawMessage - err := config.LoadData(baseConfigJSON, &baseRaw) - if err != nil { - return nil, fmt.Errorf("failed to read the base config: %w", err) - } - base, err := mgrconfig.LoadPartialData(baseRaw) - if err != nil { - return nil, fmt.Errorf("failed to load the config: %w", err) - } - err = applyFuzzConfig(base, cfg) - if err != nil { - return nil, err - } - return base, nil + return generateConfig(cfg, false) } -// GeneratePatched produces a syz-manager config for the base kernel. +// GeneratePatched produces a syz-manager config for the patched kernel. // The caller must still invoke mgrconfig.Complete. func GeneratePatched(cfg *api.FuzzConfig) (*mgrconfig.Config, error) { - var baseRaw, deltaRaw json.RawMessage - err := config.LoadData(baseConfigJSON, &baseRaw) - if err != nil { - return nil, fmt.Errorf("failed to read the base config: %w", err) + return generateConfig(cfg, true) +} + +func generateConfig(cfg *api.FuzzConfig, patched bool) (*mgrconfig.Config, error) { + type patchItem struct { + name string + patch []byte } - err = config.LoadData(patchedConfigJSON, &deltaRaw) - if err != nil { - return nil, fmt.Errorf("failed to read the patched config: %w", err) + patchesList := []patchItem{{name: "base", patch: baseConfigJSON}} + if patched { + patchesList = append(patchesList, patchItem{name: "patched", patch: patchedConfigJSON}) } - patchedRaw, err := config.MergeJSONs(baseRaw, deltaRaw) - if err != nil { - return nil, fmt.Errorf("failed to merge the configs: %w", err) + if cfg.KMSAN { + patchesList = append(patchesList, patchItem{name: "kmsan", patch: kmsanConfigJSON}) + } + var raw json.RawMessage + for i, patch := range patchesList { + var next json.RawMessage + err := config.LoadData(patch.patch, &next) + if err != nil { + return nil, fmt.Errorf("failed to read the %s config: %w", patch.name, err) + } + if i == 0 { + raw = next + } else { + var err error + raw, err = config.MergeJSONs(raw, next) + if err != nil { + return nil, fmt.Errorf("failed to merge the configs with %s: %w", patch.name, err) + } + } } - patched, err := mgrconfig.LoadPartialData(patchedRaw) + mgrConfig, err := mgrconfig.LoadPartialData(raw) if err != nil { return nil, fmt.Errorf("failed to load the config: %w", err) } - err = applyFuzzConfig(patched, cfg) + err = applyFuzzConfig(mgrConfig, cfg) if err != nil { return nil, err } - return patched, nil + return mgrConfig, nil } func applyFuzzConfig(mgrCfg *mgrconfig.Config, cfg *api.FuzzConfig) error { diff --git a/syz-cluster/pkg/fuzzconfig/generate_test.go b/syz-cluster/pkg/fuzzconfig/generate_test.go index 1dd143eafb1c..8876a0d3d4e6 100644 --- a/syz-cluster/pkg/fuzzconfig/generate_test.go +++ b/syz-cluster/pkg/fuzzconfig/generate_test.go @@ -46,6 +46,13 @@ func TestMultipleFocus(t *testing.T) { }, filepath.Join("testdata", "mixed", "bpf_io_uring")) } +func TestKMSANConfig(t *testing.T) { + runTest(t, &api.FuzzConfig{ + Focus: []string{api.FocusBPF}, + KMSAN: true, + }, filepath.Join("testdata", "mixed", "bpf_kmsan")) +} + func runTest(t *testing.T, cfg *api.FuzzConfig, baseName string) { base, err := GenerateBase(cfg) require.NoError(t, err) diff --git a/syz-cluster/pkg/fuzzconfig/kmsan.cfg b/syz-cluster/pkg/fuzzconfig/kmsan.cfg new file mode 100644 index 000000000000..9881328848f4 --- /dev/null +++ b/syz-cluster/pkg/fuzzconfig/kmsan.cfg @@ -0,0 +1,5 @@ +{ + "vm": { + "network_device": "virtio-net-pci" + } +} diff --git a/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.base.cfg b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.base.cfg new file mode 100644 index 000000000000..5e1aedb91545 --- /dev/null +++ b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.base.cfg @@ -0,0 +1,75 @@ +{ + "name": "base", + "target": "linux/amd64", + "http": "", + "rpc": ":0", + "workdir": "/workdir", + "kernel_obj": "/base/obj", + "kernel_build_src": "/workdir", + "android_split_build": false, + "image": "/base/image", + "ssh_user": "root", + "syzkaller": "/syzkaller", + "procs": 3, + "max_crash_logs": 100, + "sandbox": "none", + "sandbox_arg": 0, + "snapshot": false, + "cover": true, + "cover_filter": {}, + "raw_cover": false, + "reproduce": true, + "preserve_corpus": true, + "enable_syscalls": [ + "bpf", + "mkdir", + "mount$bpf", + "unlink", + "close", + "perf_event_open*", + "ioctl$PERF*", + "getpid", + "gettid", + "socketpair", + "sendmsg", + "recvmsg", + "setsockopt$sock_attach_bpf", + "socket", + "ioctl$sock_kcm*", + "syz_clone", + "mkdirat$cgroup*", + "openat$cgroup*", + "write$cgroup*", + "openat$tun", + "write$tun", + "ioctl$TUN*", + "ioctl$SIOCSIFHWADDR", + "openat$ppp", + "syz_open_procfs$namespace", + "openat$pidfd", + "fstat" + ], + "strace_bin": "", + "strace_bin_on_target": false, + "execprog_bin_on_target": "", + "executor_bin_on_target": "", + "run_fsck": true, + "type": "qemu", + "vm": { + "cmdline": "root=/dev/sda1", + "count": 3, + "cpu": 2, + "kernel": "/base/kernel", + "mem": 7168, + "network_device": "virtio-net-pci", + "qemu_args": "-machine q35 -enable-kvm -smp 2,sockets=2,cores=1" + }, + "asset_storage": null, + "Experimental": { + "reset_acc_state": false, + "remote_cover": true, + "cover_edges": false, + "descriptions_mode": "manual", + "enable_kfuzztest": false + } +} \ No newline at end of file diff --git a/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.patched.cfg b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.patched.cfg new file mode 100644 index 000000000000..c3a27fec7662 --- /dev/null +++ b/syz-cluster/pkg/fuzzconfig/testdata/mixed/bpf_kmsan.patched.cfg @@ -0,0 +1,76 @@ +{ + "name": "patched", + "target": "linux/amd64", + "http": "", + "rpc": ":0", + "workdir": "/workdir", + "kernel_obj": "/patched/obj", + "kernel_build_src": "/workdir", + "android_split_build": false, + "image": "/patched/image", + "ssh_user": "root", + "syzkaller": "/syzkaller", + "procs": 3, + "max_crash_logs": 100, + "sandbox": "none", + "sandbox_arg": 0, + "snapshot": false, + "cover": true, + "cover_filter": {}, + "raw_cover": false, + "reproduce": true, + "fuzzing_vms": 3, + "preserve_corpus": true, + "enable_syscalls": [ + "bpf", + "mkdir", + "mount$bpf", + "unlink", + "close", + "perf_event_open*", + "ioctl$PERF*", + "getpid", + "gettid", + "socketpair", + "sendmsg", + "recvmsg", + "setsockopt$sock_attach_bpf", + "socket", + "ioctl$sock_kcm*", + "syz_clone", + "mkdirat$cgroup*", + "openat$cgroup*", + "write$cgroup*", + "openat$tun", + "write$tun", + "ioctl$TUN*", + "ioctl$SIOCSIFHWADDR", + "openat$ppp", + "syz_open_procfs$namespace", + "openat$pidfd", + "fstat" + ], + "strace_bin": "", + "strace_bin_on_target": false, + "execprog_bin_on_target": "", + "executor_bin_on_target": "", + "run_fsck": true, + "type": "qemu", + "vm": { + "cmdline": "root=/dev/sda1", + "count": 9, + "cpu": 2, + "kernel": "/patched/kernel", + "mem": 7168, + "network_device": "virtio-net-pci", + "qemu_args": "-machine q35 -enable-kvm -smp 2,sockets=2,cores=1" + }, + "asset_storage": null, + "Experimental": { + "reset_acc_state": false, + "remote_cover": true, + "cover_edges": false, + "descriptions_mode": "manual", + "enable_kfuzztest": false + } +} \ No newline at end of file From 42ef1f0340944ef6c3249b5ad695039a72e09ef6 Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Thu, 4 Sep 2025 16:26:35 +0200 Subject: [PATCH 3/3] syz-cluster: enable KMSAN for net patch series Set up a KMSAN fuzzing campaign in parallel to KASAN for the net patches. --- syz-cluster/pkg/api/api.go | 13 ++++++++++++- syz-cluster/pkg/triage/fuzz_target.go | 1 + syz-cluster/pkg/triage/fuzz_target_test.go | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/syz-cluster/pkg/api/api.go b/syz-cluster/pkg/api/api.go index 1577d8b28441..34840ad48cd8 100644 --- a/syz-cluster/pkg/api/api.go +++ b/syz-cluster/pkg/api/api.go @@ -59,6 +59,7 @@ type KernelFuzzConfig struct { CorpusURL string `json:"corpus_url"` SkipCoverCheck bool `json:"skip_cover_check"` BugTitleRe string `json:"bug_title_re"` + KMSAN bool `json:"kmsan"` // Trigger the config changes necessary for KMSAN. } // FuzzTriageTarget is a single record in the list of supported fuzz configs. @@ -258,7 +259,10 @@ const ( allCorpusURL = `https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db` ) -const kasanTrack = "KASAN" +const ( + kasanTrack = "KASAN" + kmsanTrack = "KMSAN" +) // The list is ordered by decreasing importance. var FuzzTargets = []*FuzzTriageTarget{ @@ -308,6 +312,13 @@ var FuzzTargets = []*FuzzTriageTarget{ Focus: FocusNet, CorpusURL: netCorpusURL, }, + { + Track: kmsanTrack, + KernelConfig: `upstream-kmsan.config`, + Focus: FocusNet, + CorpusURL: netCorpusURL, + KMSAN: true, + }, }, }, { diff --git a/syz-cluster/pkg/triage/fuzz_target.go b/syz-cluster/pkg/triage/fuzz_target.go index e4b6fedf3566..c19c839d0f3b 100644 --- a/syz-cluster/pkg/triage/fuzz_target.go +++ b/syz-cluster/pkg/triage/fuzz_target.go @@ -80,6 +80,7 @@ func mergeFuzzConfigs(configs []*api.KernelFuzzConfig) *api.FuzzConfig { // Must be the same. ret.BugTitleRe = config.BugTitleRe ret.Track = config.Track + ret.KMSAN = config.KMSAN } ret.Focus = unique(ret.Focus) ret.CorpusURLs = unique(ret.CorpusURLs) diff --git a/syz-cluster/pkg/triage/fuzz_target_test.go b/syz-cluster/pkg/triage/fuzz_target_test.go index 6b5111e0ca89..812059db8aba 100644 --- a/syz-cluster/pkg/triage/fuzz_target_test.go +++ b/syz-cluster/pkg/triage/fuzz_target_test.go @@ -74,6 +74,7 @@ func TestMergeKernelFuzzConfigs(t *testing.T) { FuzzConfig: &api.FuzzConfig{ Track: "KMSAN", Focus: []string{"net"}, + KMSAN: true, }, }, }, MergeKernelFuzzConfigs([]*api.KernelFuzzConfig{ @@ -86,6 +87,7 @@ func TestMergeKernelFuzzConfigs(t *testing.T) { Track: "KMSAN", KernelConfig: "kmsan_config", Focus: "net", + KMSAN: true, }, })) })