all: configure proc restart freq in syz-execprog

If we use a non-default restart frequence during fuzzing, we should keep
doing so during bug reproduction.

Author: a-nogikh

pkg/csource/options.go

@@ -26,6 +26,9 @@ type Options struct {
 	Slowdown    int    `json:"slowdown"`
 	Sandbox     string `json:"sandbox"`
 	SandboxArg  int    `json:"sandbox_arg"`
+	// ProcRestartFreq is how often syz-executor should restart its procs.
+	// ProcRestartFreq=0 corresponds to its default value.
+	ProcRestartFreq int `json:"proc_restart_freq"`
 
 	Leak bool `json:"leak,omitempty"` // do leak checking
 

pkg/csource/options_test.go

@@ -267,6 +267,11 @@ func enumerateField(OS string, opt Options, field int) []Options {
 			fld.SetInt(val)
 			opts = append(opts, opt)
 		}
+	} else if fldName == "ProcRestartFreq" {
+		for _, val := range []int64{0, 100} {
+			fld.SetInt(val)
+			opts = append(opts, opt)
+		}
 	} else if fldName == "LegacyOptions" {
 		opts = append(opts, opt)
 	} else if fld.Kind() == reflect.Bool {

pkg/instance/instance.go

@@ -485,6 +485,7 @@ func ExecprogCmd(execprog, executor, OS, arch, vmType string, opts csource.Optio
 			{Name: "slowdown", Value: fmt.Sprint(slowdown)},
 			{Name: "sandboxArg", Value: fmt.Sprint(opts.SandboxArg)},
 			{Name: "type", Value: fmt.Sprint(vmType)},
+			{Name: "restart_freq", Value: fmt.Sprint(opts.ProcRestartFreq)},
 		})
 	}
 	return fmt.Sprintf("%v -executor=%v -arch=%v%v -sandbox=%v"+

pkg/repro/repro.go

@@ -874,6 +874,13 @@ var progSimplifies = []Simplify{
 		opts.Procs = 1
 		return true
 	},
+	func(opts *csource.Options) bool {
+		if opts.ProcRestartFreq == 0 {
+			return false
+		}
+		opts.ProcRestartFreq = 0
+		return true
+	},
 	func(opts *csource.Options) bool {
 		if opts.Procs == 1 {
 			return false

tools/syz-execprog/execprog.go

@@ -35,25 +35,26 @@ import (
 )
 
 var (
-	flagOS         = flag.String("os", runtime.GOOS, "target os")
-	flagArch       = flag.String("arch", runtime.GOARCH, "target arch")
-	flagType       = flag.String("type", "", "target VM type")
-	flagCoverFile  = flag.String("coverfile", "", "write coverage to the file")
-	flagRepeat     = flag.Int("repeat", 1, "repeat execution that many times (0 for infinite loop)")
-	flagProcs      = flag.Int("procs", 2*runtime.NumCPU(), "number of parallel processes to execute programs")
-	flagOutput     = flag.Bool("output", false, "write programs and results to stdout")
-	flagHints      = flag.Bool("hints", false, "do a hints-generation run")
-	flagEnable     = flag.String("enable", "none", "enable only listed additional features")
-	flagDisable    = flag.String("disable", "none", "enable all additional features except listed")
-	flagExecutor   = flag.String("executor", "./syz-executor", "path to executor binary")
-	flagThreaded   = flag.Bool("threaded", true, "use threaded mode in executor")
-	flagSignal     = flag.Bool("cover", false, "collect feedback signals (coverage)")
-	flagSandbox    = flag.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android)")
-	flagSandboxArg = flag.Int("sandbox_arg", 0, "argument for sandbox runner to adjust it via config")
-	flagDebug      = flag.Bool("debug", false, "debug output from executor")
-	flagSlowdown   = flag.Int("slowdown", 1, "execution slowdown caused by emulation/instrumentation")
-	flagUnsafe     = flag.Bool("unsafe", false, "use unsafe program deserialization mode")
-	flagGlob       = flag.String("glob", "", "run glob expansion request")
+	flagOS          = flag.String("os", runtime.GOOS, "target os")
+	flagArch        = flag.String("arch", runtime.GOARCH, "target arch")
+	flagType        = flag.String("type", "", "target VM type")
+	flagCoverFile   = flag.String("coverfile", "", "write coverage to the file")
+	flagRepeat      = flag.Int("repeat", 1, "repeat execution that many times (0 for infinite loop)")
+	flagProcs       = flag.Int("procs", 2*runtime.NumCPU(), "number of parallel processes to execute programs")
+	flagOutput      = flag.Bool("output", false, "write programs and results to stdout")
+	flagHints       = flag.Bool("hints", false, "do a hints-generation run")
+	flagEnable      = flag.String("enable", "none", "enable only listed additional features")
+	flagDisable     = flag.String("disable", "none", "enable all additional features except listed")
+	flagExecutor    = flag.String("executor", "./syz-executor", "path to executor binary")
+	flagThreaded    = flag.Bool("threaded", true, "use threaded mode in executor")
+	flagSignal      = flag.Bool("cover", false, "collect feedback signals (coverage)")
+	flagSandbox     = flag.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android)")
+	flagSandboxArg  = flag.Int("sandbox_arg", 0, "argument for sandbox runner to adjust it via config")
+	flagDebug       = flag.Bool("debug", false, "debug output from executor")
+	flagSlowdown    = flag.Int("slowdown", 1, "execution slowdown caused by emulation/instrumentation")
+	flagUnsafe      = flag.Bool("unsafe", false, "use unsafe program deserialization mode")
+	flagGlob        = flag.String("glob", "", "run glob expansion request")
+	flagRestartFreq = flag.Int("restart_freq", 0, "restart procs every X executions")
 
 	// The in the stress mode resembles simple unguided fuzzer.
 	// This mode can be used as an intermediate step when porting syzkaller to a new OS,
@@ -175,8 +176,9 @@ func main() {
 				Sandbox:    sandbox,
 				SandboxArg: int64(*flagSandboxArg),
 			},
-			Procs:    *flagProcs,
-			Slowdown: *flagSlowdown,
+			Procs:           *flagProcs,
+			Slowdown:        *flagSlowdown,
+			ProcRestartFreq: *flagRestartFreq,
 		},
 		Executor:         *flagExecutor,
 		HandleInterrupts: true,