Skip to content
Tree: 7d240098d8
Commits on Dec 27, 2017
  1. sys/linux: fix splice signature

    dvyukov committed Dec 27, 2017
    ...was wrong all that time
  2. pkg/csource: tidy up generated code a bit

    dvyukov committed Dec 27, 2017
    Remove dup newlines around includes.
    Makes int values shorter if not hurting readability.
    Increase line len to 80.
    Remove {} when not needed during copyout.
  3. syz-ci: don't mark build errors as corrupted

    dvyukov committed Dec 27, 2017
    Otherwise they get merged with other corrupted reports.
  4. dashboard/app: handle no bug ID in emails better

    dvyukov committed Dec 27, 2017
    We see these warnings when people CC syzbot on unrelated threads.
    If there is no command in the email, don't produce warning at all.
    On the other hand if there is a command, warn and send sender
    reply that syzbot can't find the corresponding bug.
  5. executor: introduce uint64/32/16/8 types

    dvyukov committed Dec 27, 2017
    The "define uint64_t unsigned long long" were too good to work.
    With a different toolchain I am getting:
    cstdint:69:11: error: expected unqualified-id
      using ::uint64_t;
    executor/common.h:34:18: note: expanded from macro 'uint64_t'
    Do it the proper way: introduce uint64/32/16/8 types and use them.
    pkg/csource then does s/uint64/uint64_t/ to not clutter code with
    additional typedefs.
  6. executor: fix another format bug

    dvyukov committed Dec 27, 2017
    Detected only by clang.
  7. pkg/report: add more cases where we fail to parse reports

    dvyukov committed Dec 27, 2017
  8. executor: fix reply status on loop kills

    dvyukov committed Dec 27, 2017
    We use exitf on loop failures, anbd exitf is retry-able.
    However, we use different status when replying to ipc,
    and that different status is what ipc actually uses.
    Use kRetryStatus status in case on unexpected loop failures.
  9. pkg/csource: add top-level repeat loop

    dvyukov committed Dec 26, 2017
    Even if all 3 levels of processes in executor exit,
    execprog will still recreate them.
    Model the same in csource.
    This matters when the inner process kills loop
    and then everything stops.
  10. pkg/csource: simplify generated code

    dvyukov committed Dec 26, 2017
    We already have procid variable, no need to introduce i.
  11. vm/gce: connect to instances by ip

    dvyukov committed Dec 26, 2017
    Don't connect by hostname, this seems to be broken on GCE.
    Episodically connecting by hostname gives:
    Could not resolve hostname: Name or service not known
  12. executor: check format strings

    dvyukov committed Dec 26, 2017
    I see a crash which says:
    	#0: too much cover 0 (errno 0)
    while the code is:
    	uint64_t n = ...;
    	if (n >= kCoverSize)
    		fail("#%d: too much cover %u", th->id, n);
    It seems that the high part of n is set, but we don't see it.
    Add printf format attribute to fail and friends and fix all similar cases.
    Caught a bunch of similar cases and a missing argument in:
    exitf("opendir(%s) failed due to NOFILE, exiting");
  13. dashboard/app: extract fixing tags from commits

    dvyukov committed Dec 25, 2017
    Support the new scheme of associating fixing commits with bugs.
    Now we provide a tag along the lines of:
    Reported-by: <>
    The tag is supposed to be added to the commit.
    Then we parse commit logs and extract these tags.
    The final part on the dashboard is not ready yet,
    but syz-ci should already parse and send the tags.
Commits on Dec 22, 2017
  1. dashboard/app: bump max repros per bug to 10

    dvyukov committed Dec 22, 2017
    We badly need repros. Developers complain.
  2. pkg/csource: mimic the way syscalls are scheduled in executor

    dvyukov committed Dec 22, 2017
    Currently csource uses completely different, simpler way of scheduling
    syscalls onto threads (thread per call with random sleeps).
    Mimic the way calls are scheduled in executor.
    Fixes #312
  3. executor: remove dead code

    dvyukov committed Dec 22, 2017
    doexit already contains an infinite loop.
  4. pkg/csource: fix handling of proc types

    dvyukov committed Dec 22, 2017
    Generated program always uses pid=0 even when there are multiple processes.
    Make each process use own pid.
    Unfortunately required to do quite significant changes to prog,
    because the current format only supported fixed pid.
    Fixes #490
  5. pkg/csource: limit thread stacks

    dvyukov committed Dec 21, 2017
    We always set RLIMIT_AS to 128MB. I've debugged a program with 21 syscalls.
    With collide it creates 42 threads. With default stack size of 8MB this
    requires: 42*8 = 336MB. Thread creation fails and nothing works.
    Limit thread stacks the same way executor does.
    Fixes #488
Commits on Dec 21, 2017
  1. Makefile: fix git "modified tree" test

    emaste authored and dvyukov committed Dec 20, 2017
    Makefile falsely detected a modified git tree when the first ifeq
    argument was unquoted. Also switch to the $(shell ... style for
    As requested, add myself to AUTHORS and CONTRIBUTORS.
  2. syz-manager: enable sending group emails

    timtianyang authored and dvyukov committed Dec 20, 2017
    Email_Addr variable has been changed to Email_Addrs that contains
    a list of recipient.
    Signed-off-by: Tim Tianyang Chen <>
  3. syz-manager: remove duplicated emails on restart

    timtianyang authored and dvyukov committed Dec 19, 2017
    With commit: syz-manager: add simple email support, it will send
    emails when a bug is hit for the first time during that particular
    run of syz-manager. In other words, if you restart syz-manager and
    the same bug is hit, a new email will be sent again. This is due to
    the fact that mgr.crashTypes[crash.Title] doesn't keep track of logs
    already written to the disk.
    Fixed by moving emailCrash() to logic handling log writing.
    Fixes #484
    Signed-off-by: Tim Tianyang Chen <>
Commits on Dec 20, 2017
  1. Makefile: fix Android builds

    dvyukov committed Dec 19, 2017
    There are 2 known problems with current Android support:
    1. It does not work with newer NDK
    (happens on every NDK update).
    2. Dynamic Go binaries do not start on Android emulator.
    Drop special Android support and just build static linux binaries.
    For context see:!msg/syzkaller/etg1ZJmTMzg/NYE-yjxxAQAJ
    Fixes #478
Commits on Dec 19, 2017
  1. dashboard/app: add default maintainers to email config

    dvyukov committed Dec 19, 2017
    Crashes without maintainers are nasty. There is no way to do
    anything with them without altering the datastore (they are not mailed).
    Add DefaultMaintainers to email config.
    These addresses are added to all reported bugs as maintainers (e.g. LKML).
    One the report is mailed it's possible to CC more people on it.
  2. pkg/report: add test where we fail to detect guilty function

    dvyukov committed Dec 19, 2017
  3. pkg/email: improve parsing of splitted lines

    dvyukov committed Dec 19, 2017
    This allows commit titles between 70 and 80 cols with gmail.
    Also be more permissive wrt spaces and tabs.
  4. dashboard/app: add API for polling for closed bugs

    dvyukov committed Dec 8, 2017
    External reporting may need to know when dashboard
    is not interested in bugs anymore.
    Add API that returns list of bugs dashboard considers closed.
  5. syz-fuzzer: wipe all global state

    dvyukov committed Dec 19, 2017
Commits on Dec 18, 2017
  1. syz-fuzzer: encapsulate signal

    dvyukov committed Dec 18, 2017
  2. syz-manager, syz-fuzzer: allow re-minimizing/re-smashing inputs

    dvyukov committed Dec 18, 2017
    By default we don't re-minimize/re-smash programs from corpus,
    it takes lots of time on start and is unnecessary.
    However, when we improve/fix minimization/smashing,
    we may want to.
    Introduce corpus database versions and allow to re-minimize/re-smash
    on version bumps.
  3. syz-fuzzer: improve deflaking during minimization

    dvyukov committed Dec 18, 2017
    Currently we run an input 3 times to get minimal new coverage,
    and then during minimization trying only 1 time to get the same coverage.
    This plays poorly with flaky kernel coverage.
    Require at least 1 out of 3 runs during minimization to get the same new coverage.
    Experimental results suggest that this leads to higher quality corpus
    (though, systematic tuning proved to be very hard due to flakes
    and hard to explain effects on corpus size, program size, coverage and signal).
You can’t perform that action at this time.