pkg/aflow/action/crash/test: implement patch testing

FlorentRevest · FlorentRevest · commit de24a2251dbd · 2026-01-26T16:00:43.000+01:00
diff --git a/pkg/aflow/action/crash/test.go b/pkg/aflow/action/crash/test.go
@@ -5,8 +5,19 @@ package crash
 
 import (
 	"encoding/json"
+	"errors"
+	"fmt"
+	"path"
+	"path/filepath"
+	"runtime"
+	"time"
 
 	"github.com/google/syzkaller/pkg/aflow"
+	"github.com/google/syzkaller/pkg/build"
+	"github.com/google/syzkaller/pkg/instance"
+	"github.com/google/syzkaller/pkg/mgrconfig"
+	"github.com/google/syzkaller/pkg/osutil"
+	"github.com/google/syzkaller/sys/targets"
 )
 
 // TestPatch action does an in-tree kernel build in KernelScratchSrc dir,
@@ -36,5 +47,82 @@ type testResult struct {
 }
 
 func testPatch(ctx *aflow.Context, args testArgs) (testResult, error) {
-	return testResult{}, nil
+	res := testResult{}
+	// Always clean up the repository at the end of this action
+	defer func() {
+		osutil.RunCmd(time.Minute, args.KernelScratchSrc, "git", "checkout", "--", ".")
+	}()
+
+	// Capture the current diff early on
+	diff, err := osutil.RunCmd(time.Minute, args.KernelScratchSrc, "git", "diff")
+	if err != nil {
+		return res, aflow.FlowError(fmt.Errorf("capturing diff failed: %w\n%s", err, res.PatchDiff))
+	}
+	res.PatchDiff = string(diff)
+
+	if args.Type != "qemu" {
+		return res, errors.New("only qemu VM type is supported")
+	}
+
+	// Build the kernel
+	if err := osutil.WriteFile(filepath.Join(args.KernelScratchSrc, ".config"), []byte(args.KernelConfig)); err != nil {
+		return res, err
+	}
+	target := targets.List[targets.Linux][targets.AMD64]
+	image := filepath.FromSlash(build.LinuxKernelImage(targets.AMD64))
+	makeArgs := build.LinuxMakeArgs(target, targets.DefaultLLVMCompiler, targets.DefaultLLVMLinker,
+		"ccache", args.KernelScratchSrc, runtime.NumCPU())
+	makeArgs = append(makeArgs, "-s", path.Base(image))
+	if out, err := osutil.RunCmd(time.Hour, args.KernelScratchSrc, "make", makeArgs...); err != nil {
+		res.TestError = fmt.Sprintf("Make failed with %v:\n%v", err, string(out))
+		return res, nil
+	}
+
+	// Reproduce the crash
+	var vmConfig map[string]any
+	if err := json.Unmarshal(args.VM, &vmConfig); err != nil {
+		return res, fmt.Errorf("failed to parse VM config: %w", err)
+	}
+	vmConfig["kernel"] = filepath.Join(args.KernelScratchSrc, filepath.FromSlash(build.LinuxKernelImage(targets.AMD64)))
+	vmCfg, err := json.Marshal(vmConfig)
+	if err != nil {
+		return res, fmt.Errorf("failed to serialize VM config: %w", err)
+	}
+
+	workdir, err := ctx.TempDir()
+	if err != nil {
+		return res, err
+	}
+	cfg := mgrconfig.DefaultValues()
+	cfg.RawTarget = "linux/amd64"
+	cfg.Workdir = workdir
+	cfg.Syzkaller = args.Syzkaller
+	cfg.KernelObj = args.KernelScratchSrc
+	cfg.KernelSrc = args.KernelScratchSrc
+	cfg.Image = args.Image
+	cfg.Type = args.Type
+	cfg.VM = vmCfg
+	if err := mgrconfig.SetTargets(cfg); err != nil {
+		return res, err
+	}
+	if err := mgrconfig.Complete(cfg); err != nil {
+		return res, err
+	}
+	env, err := instance.NewEnv(cfg, nil, nil)
+	if err != nil {
+		return res, err
+	}
+	results, err := env.Test(1, nil, nil, []byte(args.ReproC))
+	if err != nil {
+		return res, err
+	}
+	if results[0].Error != nil {
+		if crashErr := new(instance.CrashError); errors.As(results[0].Error, &crashErr) {
+			res.TestError = fmt.Sprintf("Reproducing the crash reported: %v", string(crashErr.Report.Report))
+		} else {
+			res.TestError = fmt.Sprintf("Reproducing the crash failed with: %v", results[0].Error.Error())
+		}
+	}
+
+	return res, nil
 }
