pkg/report: detect syzkaller panics in lost connection bugs

Some syzkaller panics happen due to memory corruptions,
but it still would be useful at least to get some visibility into these crashes.
On some OSes we actualy already detect them as they have "panic:" oops pattern,
but not e.g. on linux.

Fixes #318

5 files changed, 105 insertions, 0 deletions

diff --git a/pkg/report/testdata/all/report/0 b/pkg/report/testdata/all/report/0
new file mode 100644
index 000000000..4e27256e7
--- /dev/null
+++ b/pkg/report/testdata/all/report/0
@@ -0,0 +1,19 @@
+TITLE: panic: bad arg kind
+
+panic: bad arg kind
+
+goroutine 25 [running]:
+github.com/google/syzkaller/prog.clone(0x0, 0x0, 0xc003ab9e38, 0xc001037040, 0x10)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:75 +0x8b8
+github.com/google/syzkaller/prog.clone(0x97ca80, 0xc001d3f650, 0xc003ab9e38, 0xc00184bf70, 0x30)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:53 +0x17c
+github.com/google/syzkaller/prog.clone(0x97ca80, 0xc001d3f680, 0xc003ab9e38, 0xc003ab9ec8, 0x30)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:53 +0x17c
+github.com/google/syzkaller/prog.clone(0x97cac0, 0xc001d3f6b0, 0xc003ab9e38, 0x97cb00, 0xc0022c7940)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:40 +0x570
+github.com/google/syzkaller/prog.(*Prog).Clone(0xc001d8d100, 0xc002fdb470)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:20 +0x270
+main.(*Proc).loop(0xc002fc86c0)
+	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:98 +0x3cb
+created by main.main
+	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x111b
diff --git a/pkg/report/testdata/all/report/1 b/pkg/report/testdata/all/report/1
new file mode 100644
index 000000000..914c1bc6b
--- /dev/null
+++ b/pkg/report/testdata/all/report/1
@@ -0,0 +1,25 @@
+TITLE: panic: no result
+
+panic: no result
+
+goroutine 36 [running]:
+github.com/google/syzkaller/prog.(*ResultArg).serialize(0xc005120640, 0xc005177420)
+	/home/ghani/go/src/github.com/google/syzkaller/prog/encoding.go:172 +0x3a7
+github.com/google/syzkaller/prog.(*serializer).arg(0xc005177420, 0x9f5ec0, 0xc005120640)
+	/home/ghani/go/src/github.com/google/syzkaller/prog/encoding.go:80 +0x40
+github.com/google/syzkaller/prog.(*serializer).call(0xc005177420, 0xc005120600)
+	/home/ghani/go/src/github.com/google/syzkaller/prog/encoding.go:70 +0x1d6
+github.com/google/syzkaller/prog.(*Prog).Serialize(0xc0051205c0, 0xc00516fb30, 0x717465, 0xc00516fb38)
+	/home/ghani/go/src/github.com/google/syzkaller/prog/encoding.go:35 +0xc8
+main.(*Proc).logProgram(0xc000101fc0, 0xc0000240e0, 0xc0051205c0)
+	/home/ghani/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:316 +0x59
+main.(*Proc).executeRaw(0xc000101fc0, 0xc0000240e0, 0xc0051205c0, 0x5, 0x0)
+	/home/ghani/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:293 +0xd4
+main.(*Proc).execute(0xc000101fc0, 0xc0000240e0, 0xc0051205c0, 0x0, 0x5, 0x1)
+	/home/ghani/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:259 +0x67
+main.(*Proc).smashInput(0xc000101fc0, 0xc004f79f50)
+	/home/ghani/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:223 +0x1d4
+main.(*Proc).loop(0xc000101fc0)
+	/home/ghani/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:84 +0x12f
+created by main.main
+	/home/ghani/go/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:242 +0x1011
diff --git a/pkg/report/testdata/all/report/2 b/pkg/report/testdata/all/report/2
new file mode 100644
index 000000000..c8aecab31
--- /dev/null
+++ b/pkg/report/testdata/all/report/2
@@ -0,0 +1,22 @@
+TITLE: panic: executor 2: failed: event already set (errno 0)
+
+panic: executor 2: failed: event already set (errno 0)
+child failed (errno 2)
+loop failed (errno 0)
+
+
+goroutine 16 [running]:
+main.(*Proc).executeRaw(0x442002b480, 0x44200cafa0, 0x44280cbee0, 0x4, 0x0, 0x0, 0x0)
+	/home/jbtheou/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:271 +0x39c
+main.(*Proc).execute(0x442002b480, 0x44200cafa0, 0x44280cbee0, 0x0, 0x4, 0x442625ce60, 0x1, 0x2a7260)
+	/home/jbtheou/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:231 +0x40
+main.(*Proc).triageInput.func1(0x44280cbee0, 0x4, 0x1)
+	/home/jbtheou/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:145 +0x88
+github.com/google/syzkaller/prog.Minimize(0x4423334b60, 0x6, 0x200, 0x4424751de8, 0x442b100e10, 0x7)
+	/home/jbtheou/go/src/github.com/google/syzkaller/prog/minimization.go:43 +0x10c
+main.(*Proc).triageInput(0x442002b480, 0x4423531ec0)
+	/home/jbtheou/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:142 +0x658
+main.(*Proc).loop(0x442002b480)
+	/home/jbtheou/go/src/github.com/google/syzkaller/syz-fuzzer/proc.go:72 +0xe4
+created by main.main
+	/home/jbtheou/go/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:294 +0xc90
diff --git a/pkg/report/testdata/all/report/3 b/pkg/report/testdata/all/report/3
new file mode 100644
index 000000000..4def1e43f
--- /dev/null
+++ b/pkg/report/testdata/all/report/3
@@ -0,0 +1,17 @@
+TITLE: panic: first open arg is not a pointer to string const
+
+panic: first open arg is not a pointer to string const
+
+goroutine 1 [running]:
+github.com/google/syzkaller/pkg/host.extractStringConst(0x6858e0, 0xecfde0, 0x0, 0x0, 0xffffffffffffffff)
+	/home/thesis/gopath/src/github.com/google/syzkaller/pkg/host/host_linux.go:167 +0xdc
+github.com/google/syzkaller/pkg/host.isSupportedOpenAt(0xb413e0, 0x7)
+	/home/thesis/gopath/src/github.com/google/syzkaller/pkg/host/host_linux.go:153 +0x3c
+github.com/google/syzkaller/pkg/host.isSupported(0x4421a14000, 0x53eadf, 0x7ffe00, 0xb413e0, 0x4420081f00)
+	/home/thesis/gopath/src/github.com/google/syzkaller/pkg/host/host_linux.go:52 +0x178
+github.com/google/syzkaller/pkg/host.DetectSupportedSyscalls(0x44201d4480, 0x4420081f80, 0xb4df80, 0x442190701e)
+	/home/thesis/gopath/src/github.com/google/syzkaller/pkg/host/host_linux.go:34 +0xd0
+main.buildCallList(0x44201d4480, 0x44218ec000, 0x1904, 0xf)
+	/home/thesis/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:459 +0xbc
+main.main()
+	/home/thesis/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:155 +0x44c
diff --git a/pkg/report/testdata/all/report/4 b/pkg/report/testdata/all/report/4
new file mode 100644
index 000000000..4f2827c1c
--- /dev/null
+++ b/pkg/report/testdata/all/report/4
@@ -0,0 +1,22 @@
+TITLE: panic: runtime error: invalid memory address or nil pointer dereference
+
+panic: runtime error: invalid memory address or nil pointer dereference
+[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x7a0381]
+
+goroutine 24 [running]:
+github.com/google/syzkaller/prog.chooseCall.func1(0x9a6240, 0xc00306eb40, 0xc003ac0b60)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:198 +0x51
+github.com/google/syzkaller/prog.foreachArgImpl(0x9a6240, 0xc00306eb40, 0xc003035fc8, 0x0, 0x0, 0x0, 0xc002effd60)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125 +0xbe
+github.com/google/syzkaller/prog.ForeachArg(0xc003035fc0, 0xc002effd60)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120 +0x9e
+github.com/google/syzkaller/prog.chooseCall(0xc002fc8080, 0xc003ac9420, 0xc002c616b0, 0xc002effdc0)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:197 +0x10d
+github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc002effec0, 0xa)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:161 +0x67
+github.com/google/syzkaller/prog.(*Prog).Mutate(0xc002fc8080, 0x9a0ac0, 0xc002c0d560, 0x1e, 0xc002e96980, 0xc003022000, 0x1e78, 0x2400)
+	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:44 +0x2da
+main.(*Proc).loop(0xc002fe2500)
+	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434
+created by main.main
+	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c