pkg/aflow: initial repro workflow implementation

Author: tarasmadan

pkg/aflow/action/crash/reproduce.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/google/syzkaller/pkg/aflow"
 	"github.com/google/syzkaller/pkg/build"
+	"github.com/google/syzkaller/pkg/csource"
 	"github.com/google/syzkaller/pkg/hash"
 	"github.com/google/syzkaller/pkg/instance"
 	"github.com/google/syzkaller/pkg/mgrconfig"
@@ -22,7 +23,7 @@ import (
 // Reproduce action tries to reproduce a crash with the given reproducer,
 // and outputs the resulting crash report.
 // If the reproducer does not trigger a crash, action fails.
-var Reproduce = aflow.NewFuncAction("crash-reproducer", reproduce)
+var Reproduce = aflow.NewFuncAction("crash-reproducer", ReproduceActionFunc)
 
 type ReproduceArgs struct {
 	Syzkaller    string
@@ -38,9 +39,9 @@ type ReproduceArgs struct {
 	KernelConfig string
 }
 
-type reproduceResult struct {
-	BugTitle    string
-	CrashReport string
+type ReproduceResult struct {
+	ReproducedBugTitle    string
+	ReproducedCrashReport string
 }
 
 // ReproduceCrash tests reproducer and returns:
@@ -84,8 +85,13 @@ func ReproduceCrash(args ReproduceArgs, workdir string) (*report.Report, string,
 	if err != nil {
 		return nil, "", err
 	}
+	reproOpts := csource.DefaultOpts(cfg).Serialize()
+	if args.ReproOpts != "" {
+		reproOpts = []byte(args.ReproOpts)
+	}
+
 	// TODO: run multiple instances, handle TestError.Infra, and aggregate results.
-	results, err := env.Test(1, nil, nil, []byte(args.ReproC))
+	results, err := env.Test(1, []byte(args.ReproSyz), reproOpts, []byte(args.ReproC))
 	if err != nil {
 		return nil, "", err
 	}
@@ -118,15 +124,16 @@ func parseTestError(err *instance.TestError) (*report.Report, string, error) {
 	return nil, fmt.Sprintf("%v: %v\n%s", what, err.Title, extraInfo), nil
 }
 
-func reproduce(ctx *aflow.Context, args ReproduceArgs) (reproduceResult, error) {
+func ReproduceActionFunc(ctx *aflow.Context, args ReproduceArgs) (ReproduceResult, error) {
 	imageData, err := os.ReadFile(args.Image)
 	if err != nil {
-		return reproduceResult{}, err
+		return ReproduceResult{}, err
 	}
 	desc := fmt.Sprintf("kernel commit %v, kernel config hash %v, image hash %v,"+
-		" vm %v, vm config hash %v, C repro hash %v, version 3",
+		" vm %v, vm config hash %v, C repro hash %v, syz repro hash %v, opts hash %v, version 4",
 		args.KernelCommit, hash.String(args.KernelConfig), hash.String(imageData),
-		args.Type, hash.String(args.VM), hash.String(args.ReproC))
+		args.Type, hash.String(args.VM), hash.String(args.ReproC),
+		hash.String([]byte(args.ReproSyz)), hash.String([]byte(args.ReproOpts)))
 	type Cached struct {
 		BugTitle string
 		Report   string
@@ -147,15 +154,15 @@ func reproduce(ctx *aflow.Context, args ReproduceArgs) (reproduceResult, error)
 		return res, err
 	})
 	if err != nil {
-		return reproduceResult{}, err
+		return ReproduceResult{}, err
 	}
 	if cached.Error != "" {
-		return reproduceResult{}, errors.New(cached.Error)
+		return ReproduceResult{}, errors.New(cached.Error)
 	} else if cached.Report == "" {
-		return reproduceResult{}, aflow.FlowError(errors.New("reproducer did not crash"))
+		return ReproduceResult{}, aflow.FlowError(errors.New("reproducer did not crash"))
 	}
-	return reproduceResult{
-		BugTitle:    cached.BugTitle,
-		CrashReport: cached.Report,
+	return ReproduceResult{
+		ReproducedBugTitle:    cached.BugTitle,
+		ReproducedCrashReport: cached.Report,
 	}, nil
 }

pkg/aflow/ai/ai.go

@@ -45,3 +45,9 @@ type ModerationOutputs struct {
 	Actionable  bool
 	Explanation string
 }
+
+type ReproOutputs struct {
+	ReproSyz              string
+	CrashSignatureMatches bool
+	ReproducedCrashReport string
+}

pkg/aflow/compare.go

@@ -0,0 +1,72 @@
+// Copyright 2026 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package aflow
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/google/syzkaller/pkg/aflow/trajectory"
+)
+
+// Compare is a helper action that compares two string arguments for equality.
+// The result of the comparison is written to the state under resultVar.
+func Compare(arg1, arg2, resultVar string) Action {
+	return &CompareAction{
+		Arg1:      arg1,
+		Arg2:      arg2,
+		ResultVar: resultVar,
+	}
+}
+
+// CompareAction performs the comparison. It is exported so tools can use its Run method.
+type CompareAction struct {
+	Arg1      string
+	Arg2      string
+	ResultVar string
+}
+
+func (a *CompareAction) Run(ctx *Context, v1, v2 string) (bool, error) {
+	span := &trajectory.Span{
+		Type: trajectory.SpanAction,
+		Name: "compare",
+	}
+	if err := ctx.startSpan(span); err != nil {
+		return false, err
+	}
+
+	res := v1 == v2
+
+	span.Results = map[string]any{"result": res}
+	return res, ctx.finishSpan(span, nil)
+}
+
+func (a *CompareAction) execute(ctx *Context) error {
+	v1, ok := ctx.state[a.Arg1].(string)
+	if !ok {
+		return fmt.Errorf("compare missing string argument %q", a.Arg1)
+	}
+	v2, ok := ctx.state[a.Arg2].(string)
+	if !ok {
+		return fmt.Errorf("compare missing string argument %q", a.Arg2)
+	}
+
+	res, err := a.Run(ctx, v1, v2)
+	if err != nil {
+		return err
+	}
+
+	ctx.state[a.ResultVar] = res
+	return nil
+}
+
+func (a *CompareAction) verify(ctx *verifyContext) {
+	ctx.requireNotEmpty("compare", "Arg1", a.Arg1)
+	ctx.requireNotEmpty("compare", "Arg2", a.Arg2)
+	ctx.requireNotEmpty("compare", "ResultVar", a.ResultVar)
+
+	ctx.requireInput("compare", a.Arg1, reflect.TypeFor[string]())
+	ctx.requireInput("compare", a.Arg2, reflect.TypeFor[string]())
+	ctx.provideOutput("compare", a.ResultVar, reflect.TypeFor[bool]())
+}

pkg/aflow/docs/crash-to-repro.md

@@ -0,0 +1,87 @@
+# Proposal: AI-Driven Reproducer Generation Workflow
+
+## 1. Objective
+To design a new AI agent workflow within the syzkaller `aflow` framework (`pkg/aflow/flow/repro/repro.go`) that
+automatically converts a kernel crash report (and associated execution logs) into a reliable
+syzkaller reproducer (syzlang).
+The agent will leverage existing syzlang descriptions (`sys/linux/*.txt`) to ensure the generated reproducers conform
+to syzkaller's type system and API constraints.
+
+First step is to generate the MVP that works and allows to parallelize the work. If some tool or feature may be
+postponed it is better to postpone it.
+
+## 2. High-Level Architecture & Agent Loop
+
+The workflow will operate as an iterative feedback loop, utilizing the LLM's reasoning capabilities to bridge the gap
+between a crash signature and a functional syzlang program.
+
+1. **Context Initialization:** Ingest the kernel crash log with stack trace,
+target kernel information (`.config`, `kernel repo`, `kernel commit`) and
+the raw execution log leading up to the crash (if available from the fuzzing instance).
+Core dump and kcov traces will be of great help when available.
+   * MVP will get all the available information from syzbot dashboard. Bug ID is the input.
+2. **Subsystem Analysis:** Identify the vulnerable subsystem (e.g., `io_uring`, `bpf`, `ext4`) based on the stack trace.
+   * It will be needed to support requests w/o subsustem name. It is not needed for syzbot.
+   * MVP gets subsystem information from dashboard.
+3. **Syzlang Contextualization:** Query the syzlang descriptions to extract the relevant syscall signatures, structs,
+and valid flags for the identified subsystem.
+   * MVP passes `syzlang-search` tools (`ListDescriptions`, `GetDescriptions`) to the LLM agent, allowing it to lookup exact descriptions dynamically.
+4. **Draft Generation:** The LLM generates an initial candidate `.syz` reproducer.
+5. **Execution & Verification:** Compile and run the candidate against an instrumented kernel VM.
+   * MVP LLMAgent uses `syz-compiler-check` and `crash-reproducer` tools to verify and execute directly in a loop.
+   * Note: The generated crash may be different from the original one (e.g. different stack trace, but same root cause).
+   * We need to verify that the produced crash is "very close" to the original one (e.g. same function, same type).
+6. **Iterative Refinement:** If the crash does not reproduce, or if there is a syzlang compilation error, the agent
+analyzes the failure output, tweaks the arguments/syscall sequence, and tries again (up to a defined maximum
+iteration limit). This iteration logic is fully offloaded to the LLM agent instruction capabilities.
+
+## 3. Required Framework Extensions
+
+To achieve this, the `aflow` framework will need new tools and actions specifically tailored for syzlang manipulation
+and program execution.
+
+### A. New Tools (`pkg/aflow/tool`)
+The MVP introduced several critical tools for the LLM agent to iterate effectively:
+* `syzlang-search` tools (`ListDescriptions`, `GetDescriptions`): Extracted `syzlang` definition lookup into exact, granular tools for the LLM.
+* `syz-compiler-check`: Validates the LLM-generated `.syz` program syntax relying on `prog.Target.Deserialize(...)`.
+    * *Input:* Raw syzlang text.
+    * *Output:* Success along with the strictly formatted canonical syzlang program serialized as a string, or a list of syntax/type errors.
+* `crash-reproducer`: Tool wrapper around `crash.Reproduce` allowing the LLM agent to trigger VM executions on the fly.
+* `compare-crash-signature`: Tool wrapper testing if the reproduced bug title matches the original.
+
+### B. Actions (`pkg/aflow/action`)
+The core MVP workflow (`repro.go`) implements a linear pipeline combining kernel building actions with reasoning and testing modules:
+* `kernel.Checkout` and `kernel.Build`: Ensure the vulnerable kernel image is ready.
+* `aflow.LLMAgent`: Configured as `crash-repro-finder`, taking responsibility for the iterative *Generate -> Compile -> Execute -> Compare* loop using the newly defined `pkg/aflow/tool` set.
+* `crash.Reproduce`: Pipeline action running the ultimately verified `.syz` code inside the test VM.
+* `aflow.Compare`: A generic variable comparison helper (refactored from `CompareCrashSignature`) confirming if the produced crash directly matches the target bug title.
+
+## 4. Implementation Plan
+
+### Phase 1: Tooling & Infrastructure (Foundation)
+* **Implement `SyzlangSearch` tool:** Parse the AST of `sys/linux/` and expose a search interface to the agent.
+* **Reuse `crash.Reproduce` action:** Reuse the logic from `pkg/aflow/action/crash` so the agent can trigger executions inside the isolated
+test VMs already managed by `aflow`'s checkout/build actions. Modify it if necessary.
+
+### Phase 2: Prompt Engineering & Context Management
+For MVP we don't care about the Context Window Optimization.
+* **System Prompt:** Define the persona.
+(e.g., *"You are an expert kernel security researcher. Your goal is to write a syzkaller program to trigger
+a specific bug. Use syzlang syntax strictly."*)
+* **Context Window Optimization:** Kernel logs and syzlang files can be large.
+Implement truncation and selective inclusion for dmesg and syzlang structs to avoid blowing out the token limit.
+
+### Phase 3: Workflow Implementation (`pkg/aflow/flow/repro/repro.go`)
+* Setup is a linear pipeline orchestrating `Checkout` -> `Build` -> `LLMAgent` -> `Reproduce` -> `Compare`.
+* Implement the iterative loop: The loop structure (*Generate -> Compile -> Execute -> Evaluate -> Refine*) is abstracted and delegated entirely to the `LLMAgent`'s instructions, taking advantage of syzkaller tool execution.
+* Implement exit conditions: Success (matching crash signature produced or tool exit rules), handled seamlessly.
+
+### Phase 4: Evaluation & Syzbot Integration
+* Test the workflow against historical syzbot bugs to measure the agent's success rate and iteration average.
+  * Note: We don't need the known reproducers to measure success because the crash point is defined by the call stack.
+  * Success is defined as triggering a crash "very close" to the original one (same root cause).
+* Deploy as an experimental job type on `syzbot.org/upstream/ai`.
+
+## 5. Resolved Design Decisions
+* **`syz-manager` MCP mode vs separate runner:** Created a dedicated `syz-aflow` command-line tool (`tools/syz-aflow`) to invoke local workflows using JSON context inputs avoiding the complexity of modifying `syz-manager` directly.
+* **Program verification logic:** Reused existing parsing directly via `prog.GetTarget("linux", "amd64").Deserialize(...)` embedded inside the `syz-compiler-check` tool, keeping verification reliable and fast. The tool also serializes the parsed program to return its canonical representation for downstream analysis.

pkg/aflow/flow/flows.go

@@ -6,4 +6,5 @@ package flow
 import (
 	_ "github.com/google/syzkaller/pkg/aflow/flow/assessment"
 	_ "github.com/google/syzkaller/pkg/aflow/flow/patching"
+	_ "github.com/google/syzkaller/pkg/aflow/flow/repro"
 )

pkg/aflow/flow/patching/patching.go

@@ -109,7 +109,7 @@ able to write a fix for the bug based on your explanation. Include all relevant
 into the response: function/struct/field/etc names, code snippets, line numbers,
 macro/enum values, etc.
 
-{{if titleIsKASANNullDeref .BugTitle}}
+{{if titleIsKASANNullDeref .ReproducedBugTitle}}
 Note: under KASAN NULL-derefs on the source level don't happen around the actual 0 address,
 they happen on the KASAN shadow memory around address dfff800000000000 or dffffc0000000000.
 Don't be confused by that. Look for the like at the top of the report that tells
@@ -120,7 +120,7 @@ the access address and size.
 const debuggingPrompt = `
 The crash is:
 
-{{.CrashReport}}
+{{.ReproducedCrashReport}}
 `
 
 const patchInstruction = `
@@ -150,7 +150,7 @@ and if they need to be updated to handle new post-conditions. For example, if yo
 a function that previously never returned a NULL, return NULL, consider if callers
 need to be updated to handle NULL return value.
 
-{{if titleIsWarning .BugTitle}}
+{{if titleIsWarning .ReproducedBugTitle}}
 If you will end up removing the WARN_ON macro because the condition can legitimately happen,
 add a pr_err call that logs that the unlikely condition has happened. The pr_err message
 must not include "WARNING" string.
@@ -160,7 +160,7 @@ must not include "WARNING" string.
 const patchPrompt = `
 The crash that corresponds to the bug is:
 
-{{.CrashReport}}
+{{.ReproducedCrashReport}}
 
 The explanation of the root cause of the bug is:
 
@@ -208,7 +208,7 @@ The rest of the description must be word-wrapped at 72 characters.
 const descriptionPrompt = `
 The crash that corresponds to the bug is:
 
-{{.CrashReport}}
+{{.ReproducedCrashReport}}
 
 The explanation of the root cause of the bug is:
 
@@ -228,7 +228,7 @@ are specified, letter capitalization, style, etc.
 
 {{.RecentCommits}}
 
-{{if titleIsWarning .BugTitle}}
+{{if titleIsWarning .ReproducedBugTitle}}
 If the patch removes the WARN_ON macro, refer to the fact that WARN_ON
 must not be used for conditions that can legitimately happen, and that pr_err
 should be used instead if necessary.

pkg/aflow/flow/repro/repro.go

@@ -0,0 +1,73 @@
+// Copyright 2026 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package repro
+
+import (
+	"encoding/json"
+
+	"github.com/google/syzkaller/pkg/aflow"
+	"github.com/google/syzkaller/pkg/aflow/action/crash"
+	"github.com/google/syzkaller/pkg/aflow/action/kernel"
+	"github.com/google/syzkaller/pkg/aflow/ai"
+	toolcrash "github.com/google/syzkaller/pkg/aflow/tool/crash"
+	"github.com/google/syzkaller/pkg/aflow/tool/syzlang"
+)
+
+type ReproInputs struct {
+	BugTitle     string
+	CrashReport  string
+	KernelConfig string
+	KernelRepo   string
+	KernelCommit string
+	Syzkaller    string
+	Image        string
+	Type         string
+	VM           json.RawMessage
+
+	// We don't use them. Needed to use crash.Reproduce.
+	ReproOpts string
+	ReproC    string
+}
+
+func init() {
+	aflow.Register[ReproInputs, ai.ReproOutputs](
+		ai.WorkflowRepro,
+		"reproduce a kernel crash and generate a syzlang program",
+		&aflow.Flow{
+			Root: aflow.Pipeline(
+				kernel.Checkout,
+				kernel.Build,
+				&aflow.LLMAgent{
+					Name:        "crash-repro-finder",
+					Model:       aflow.BestExpensiveModel,
+					Reply:       "ReproSyz",
+					TaskType:    aflow.FormalReasoningTask,
+					Instruction: reproInstruction,
+					Prompt:      reproPrompt,
+					Tools:       append(syzlang.Tools, toolcrash.ReproduceTool, toolcrash.CompareCrashTool),
+				},
+				crash.Reproduce,
+				aflow.Compare("BugTitle", "ReproducedBugTitle", "CrashSignatureMatches"),
+			),
+		},
+	)
+}
+
+const reproInstruction = `
+You are an expert in linux kernel fuzzing. Your goal is to write a syzkaller program to trigger
+a specific bug.
+
+First, search for the relevant syzlang definitions using the syzlang-search tool.
+Then, write a candidate .syz test program. Use the syz-compiler-check tool to validate your syntax.
+Once compilation passes, use the crash-reproducer tool to run it in the VM.
+After that, use compare-crash-signature to verify if the reproduced crash matches the target crash title.
+
+If previous attempts failed, pay attention to the errors and fix them.
+Print only the syz program that could be executed directly, without backticks. 
+`
+
+const reproPrompt = `
+Original Crash Report:
+{{.CrashReport}}
+`