| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Dedup code in syz-ci and syz-hub.
|
| |
|
|
| |
./tools/syz-env bin/golangci-lint run ./... --fix
|
| | |
|
| |
|
|
| |
They are shorter, more readable, and don't require temp vars.
|
| |
|
|
|
|
| |
Discard manager data after 30 days of inactivity.
This should automatically get rid of decomissioned managers,
and old manual instances.
|
| |
|
|
|
|
| |
Remove things that are only needed for target VM communication:
conditional compression, timeout scaling, traffic stats.
To minimize diffs when we switch target VM communication to flatrpc.
|
| |
|
|
|
| |
Fix checking of Logf, it has string in 0-th arg.
Add checking of t.Errorf/Fatalf.
|
| |
|
|
|
|
|
|
| |
RPC compression take up to 10% of CPU time in profiles,
but it's unlikely to be beneficial for local VM runs
(we are mostly copying memory in this case).
Enable RPC compression based on the VM type
(local VM don't use it, remove machines use it).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This commit replaces all `ioutil.TempDir` with `t.TempDir` in tests.
The directory created by `t.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It was too radical to repair and overwrite db file unconditionally.
syz-execprog probes if a given file is a database. Usually it's a crash log
or a single program, but db.Open started to overwrite it.
And an explicit repair flag in db.Open and enable it only in
syz-manager and syz-hub.
Fixes #2997
|
| |
|
|
| |
Permit empty hub_key to indicate oauth.
|
| | |
|
| |
|
|
|
|
| |
Actually send domain to the hub...
Update #2095
|
| |
|
|
| |
Update #2095
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hub input domain identifier (optional).
The domain is used to avoid duplicate work (input minimization, smashing)
across multiple managers testing similar kernels and connected to the same hub.
If two managers are in the same domain, they will not do input minimization after each other.
If additionally they are in the same smashing sub-domain, they will also not do smashing
after each other.
By default (empty domain) all managers testing the same OS are placed into the same domain,
this is a reasonable setting if managers test roughly the same kernel. In this case they
will not do minimization nor smashing after each other.
The setting can be either a single identifier (e.g. "foo") which will affect both minimization
and smashing; or two identifiers separated with '/' (e.g. "foo/bar"), in this case the first
identifier affects minimization and both affect smashing.
For example, if managers test different Linux kernel versions with different tools,
a reasonable use of domains on these managers can be:
- "upstream/kasan"
- "upstream/kmsan"
- "upstream/kcsan"
- "5.4/kasan"
- "5.4/kcsan"
- "4.19/kasan"
Fixes #2095
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have _some_ limits on program length, but they are really soft.
When we ask to generate a program with 10 calls, sometimes we get
100-150 calls. There are also no checks when we accept external
programs from corpus/hub. Issue #1630 contains an example where
this crashes VM (executor limit on number of 1000 resources is
violated). Larger programs also harm the process overall (slower,
consume more memory, lead to monster reproducers, etc).
Add a set of measure for hard control over program length.
Ensure that generated/mutated programs are not too long;
drop too long programs coming from corpus/hub in manager;
drop too long programs in hub.
As a bonus ensure that mutation don't produce programs with
0 calls (which is currently possible and happens).
Fixes #1630
|
| |
|
|
|
|
| |
If we have way too many programs to send (more than 100000),
cap total number to 100000 and give up sending all.
Otherwise new managers will never chew all this on a busy hub.
|
| |
|
|
| |
Update #605
|
| |
|
|
|
|
|
|
|
|
| |
RPC package does excessive caching per connection,
so if a larger object is ever sent in any direction,
rpc connection consumes large amount of memory persistently.
This makes manager consume gigs of memory with large
number of VMs and larger corpus/coverage.
Make all communication done in very limited batches.
|
| |
|
|
| |
Update #538
|
| |
|
|
| |
Fix typos, non-canonical code, remove dead code, etc.
|
| |
|
|
| |
Fix a bug and add a test.
|
| |
|
|
|
| |
We how have thousands of repros, running all of them
on new managers will take ethernity.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently hub allows managers to exchange programs from corpus.
But reproducers are not exchanged and we don't know if a crash
happens on other managers as well or not.
Allow hub to exchange reproducers.
Reproducers are stored in a separate db file with own sequence numbers.
This allows to throttle distribution of reproducers to managers,
so that they are not overloaded with reproducers and don't lose them on restarts.
Based on patch by Andrey Konovalov:
https://github.com/google/syzkaller/pull/325
Fixes #282
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we have unix permissions for new files/dirs
hardcoded throughout the code base. Some places use 0644,
some - 0640, some - 0600 and a variety of other constants.
Introduce osutil.MkdirAll/WriteFile that use the default
permissions and use them throughout the code base.
This makes permissions consistent and also allows to easily
change the permissions later if we change our minds.
Also merge pkg/fileutil into pkg/osutil as they become
dependent on each other. The line between them was poorly
defined anyway as both operate on files.
|
| |
|
|
|
| |
This allows to reduce number of hub clients by grouping managers
and creating one client per such group.
|
| | |
|
| |
|
|
| |
Also mention Alexander Popov in AUTHORS and CONTRIBUTORS.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Currently hub sends all inputs on first manager connect.
This can be 100K+ inputs and can take long time
and consume tons of memory. Send inputs in 1K parts.
Also increase rpc timeouts as hub still has global mutex.
|
| |
|
|
|
|
|
| |
If hub hangs, it causes all managers to hang as well as they call
hub under the global mutex. So move common rpc code into rpctype
and make it more careful about timeouts (tcp keepalives, call timeouts).
Also don't call hub under the mutex, the call can be slow.
|
| |
|
|
|
| |
We already flush in addInputs, no need to flush in addInput.
Also add some logging on start as it can be slow.
|
| |
|
|
|
|
| |
Hub accumulates tremendous of programs.
Storing all them in separate files can be very slow.
Use the new db package to store corpus in a single file.
|
| | |
|
| | |
|
| |
|
|
| |
VMs die frequently and it causes orphan tcp rpc connections on manager.
|
|
|
syz-hub is used to exchange programs between syz-managers.
|
