Florent Revest

This commit introduces a **new feature** to the **`syz-manager`** that performs a **startup validation check** for the configured target compiler. During initialization, the manager now verifies if the compiler is marked as broken in its configuration. If an issue is detected, it will **log an error**, providing early feedback on potential build environment problems. This enhancement improves the overall robustness of the `syz-manager` by preventing it from attempting to use an invalid or misconfigured compiler.

This commit introduces a **feature enhancement** to the **`pkg/repro` module** by implementing a check within the `extractC` function. It now intelligently **skips C reproducer extraction** if the target compiler is identified as broken, preventing potential errors or wasted processing. This **maintenance improvement** ensures more robust handling of C code generation in environments with faulty compilers. A new test case, `TestBrokenCompilerRepro`, has been added to verify that C reproducer extraction is correctly bypassed under these conditions.

This commit introduces a **new capability** to the **dashboard** application, allowing granular control over the automatic upload of generated patches to Gerrit. A new `UploadPatchesToGerrit` boolean field has been added to the `AIConfig` structure, which now dictates whether the `apiAIJobDone` function will push patches to `kernel.googlesource.com`. This **feature enhancement** provides administrators with the flexibility to prevent unwanted automatic submissions for specific dashboards, improving control over the patch generation and submission workflow.

This commit **enhances error handling** within the **`pkg/aflow` LLM agent** by explicitly treating HTTP **502 Bad Gateway errors** from GenAI services as **retriable**. The `parseLLMErrorImpl` function is updated to correctly categorize these transient server errors, preventing premature failures in AI-driven workflows. This **bug fix** significantly **improves the robustness** of operations like the LLM patch-generator, allowing them to recover from temporary service disruptions. The change ensures more reliable and resilient interactions with external GenAI providers.

This commit provides a **bug fix** for the **executor**'s **TUN device initialization** on **Linux**, addressing `SYZFAIL` reports where `/dev/net/tun` might be missing or corrupted. It introduces a new function, `correct_dev_net_tun`, which is integrated into the `initialize_tun` process to verify and attempt to fix the `/dev/net/tun` device before it is opened. This ensures the executor can reliably access the `tun` device, preventing errors like "can't open /dev/net/tun" or "ioctl(TUNSETIFF) failed" caused by external interference. The change significantly improves the robustness of network device setup within the executor.

This commit **implements a new patch testing capability** within the `pkg/aflow/action/crash` module. Specifically, it introduces the `testPatch` action, which automates the process of building a kernel, applying a given patch, and then attempting to **reproduce crashes** to verify the patch's effectiveness. To facilitate this, existing logic for kernel building and crash reproduction was **refactored** into dedicated, reusable functions like `BuildKernel` in `pkg/aflow/action/kernel` and `ReproduceCrash` in `pkg/aflow/action/crash`. This **new feature** significantly enhances the project's ability to **validate kernel crash fixes** by providing an automated, systematic way to test proposed changes.

This commit **fixes a bug** in the **`tools/clang/json` component** by ensuring that strings containing double quotes are properly escaped in the generated JSON output. Specifically, the `print` function in `json.h` now correctly escapes inner double quotes (e.g., `"` becomes `\"`) within string values, such as those found in `__attribute__((btf_type_tag("user")))` type definitions. This **resolves errors** encountered when preparing the **`codesearch` index**, which previously failed due to malformed JSON. The change improves the robustness of the JSON generation and is verified by new test data added to `pkg/codesearch/testdata` that includes types with embedded quotes.

This commit **fixes a typo** in the `compileCommands` variable within the `buildKernel` function of the **`pkg/aflow/action/kernel/build` module**. It also **refactors** this variable into a constant, improving code clarity and explicitly conveying its intent. This **bug fix and refactoring** effort enhances the readability and correctness of the kernel build process within the `aflow` system. The change ensures that the commands used for kernel compilation are correctly named and clearly defined.

This commit **fixes a typo** within a comment in the `tools/clang/codesearch/codesearch.cpp` file. Specifically, it corrects an error in the description of the `SourceRange` member of the `MacroDef` struct. This is a **minor style fix** that improves the readability and accuracy of the internal documentation for the **`codesearch` tool**. As a purely cosmetic change to a comment, it has no functional impact on the tool's operation or any downstream components.

This commit performs a **refactoring** within the **`syz-codesearch` tool** by renaming member variables in the `MacroDef`, `Instance`, `IndexerAstConsumer`, and `Indexer` classes. This **maintenance fix** specifically resolves `-Wchanges-meaning` compiler errors caused by name collisions between member variables and type names. By addressing these warnings, the change ensures `syz-codesearch` can be built cleanly with stricter compiler flags, improving code quality and preventing future reliance on ambiguous naming patterns.

This commit implements a **bug fix** within the **`syz-aflow` tool** to prevent redundant error logging. Previously, certain errors, such as "reproducer did not crash," would appear multiple times in the output, cluttering the console. By modifying the `onEvent` function in `aflow.go` to return early when an error is already present in a span, the tool now ensures that each unique error message is printed only once. This significantly **improves the clarity and readability of `syz-aflow`'s output**, making it easier for users to diagnose issues by presenting a consolidated error message.

This commit **improves the diagnosability of kernel build failures** within the `syz-aflow` tool by enhancing the logging of the **kernel build process**. Specifically, it modifies the `buildKernel` function in `pkg/aflow/action/kernel/build.go` to capture and display the full `make` command output, including errors, when a build fails, preventing critical information from being lost due to immediate directory cleanup. Additionally, it introduces the `-s` flag to `make` to suppress verbose output for successful compilation units, ensuring logs remain concise while still providing essential error details. This **bug fix** and **maintenance** improvement makes it significantly easier to reproduce and debug issues related to kernel compilation.

This commit introduces a **new capability** to the **`pkg/aflow`** module, enabling users to specify a **custom kernel repository** for bug reproduction and testing. A `FixedRepository` field has been added to the `aflow` patching inputs and the `syz-agent` configuration, allowing the agent to receive and forward this setting. The `pickBaseCommit` function in `pkg/aflow/flow/patching` now utilizes this field to override the default kernel repository selection, providing enhanced flexibility for reproducing bugs against specific, non-mainline kernel versions.

This commit introduces a **new capability** to build the **`syz-codesearch` tool** directly using `make`, simplifying its development and integration. Previously, building `syz-codesearch` necessitated copying its code into an `llvm-project` repository and integrating with LLVM's CMake build system. A new `codesearch` target has been added to the **`Makefile`**, enabling a standalone build process that leverages `g++` with `llvm-config` and specific clang libraries. This **streamlines the development workflow** for `syz-codesearch` by providing an independent build option, with instructions updated in `tools/clang/codesearch/README.md`.

This commit introduces a **new capability** to the **`syz-aflow` tool**, enabling it to download bug reports from syzbot dashboard pages protected by an AppEngine login. Previously, the `-download` flag would fail when encountering such pages, returning HTML instead of the expected JSON payload. The change adds support for authenticating these downloads using a `gcloud` access token, retrieved via the `gcloud auth print-access-token` command. This **enhancement** prevents confusing failures and expands the tool's utility for generating `input.json` from a broader set of bug reports.

This commit introduces a **new feature** to the **`syz-aflow` tool**, enabling users to specify a custom cache size. It modifies `tools/syz-aflow/aflow.go` to add support for a new command-line flag and implements a `parseSize` function to handle the parsing of size strings. This enhancement primarily affects the `syz-aflow`'s caching mechanism and command-line interface, providing greater flexibility. The change is particularly useful for developers, as it significantly improves iteration speed when working on `syz-aflow` itself, and it also establishes a **default cache size of 10GB**.

This commit **optimizes `syz-executor` startup time** by limiting the number of RX and TX queues created for virtual network interfaces during network sandbox setup. On machines with many CPUs, the default behavior caused significant delays due to serialization on the kernel's `rtnl_mutex`, leading to executor timeouts and preventing parallel fuzzing. By setting `IFLA_NUM_*X_QUEUES` to 2 in `netlink_add_device_impl` and `netlink_add_veth`, this **performance improvement** drastically reduces the time taken for network interface creation. This change primarily affects the **network sandbox setup** within the executor, enabling more parallel fuzzing processes and better utilization of powerful machines.

This commit **hardens the `executor` component** by **disallowing the `O_CREAT` flag** within the `syz_open_dev` helper function in `executor/common_linux.h`. This change **prevents syzkaller from creating new, persistent device nodes** under the `/dev` directory on Linux systems. The modification addresses a potential issue where `O_CREAT` could lead to unnecessary disk clutter or filling, particularly on systems where `/dev` is not a temporary filesystem. This **maintenance improvement** ensures cleaner resource management and prevents unintended side effects during fuzzing.

This commit **improves documentation clarity** within the **executor** component by correcting an example in the `syz_open_dev` function's comment. A missing '#' character is added to an example string in `executor/common_linux.h`, which better illustrates the string replacement logic used by the function. This **maintenance** change ensures the comment accurately reflects the code's behavior, aiding developers in understanding how device paths are processed. The scope is limited to **code readability** and has no functional impact on the program's execution.

This commit implements a **bug fix** within the **`executor`** component, specifically for the **Linux** `syz_open_dev` syscall implementation. Previously, `syz_open_dev` could generate malformed virtual device file names under `/dev` with non-numeric suffixes (e.g., `vcs-`, `vcs(`). This issue arose because a modulo operation on a signed `long` argument could produce negative values, leading to incorrect character casting when generating the suffix. The fix involves casting the device ID argument to an `unsigned long` before the modulo operation, thereby ensuring that the generated virtual file name suffixes are always numeric and correctly formatted. This prevents the creation of unusual and potentially problematic device entries by `syzkaller`.