| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
If these happen to be in the stack frames, in almost all cases it will
be due to a bug in the calling code.
See the discussion in #5784.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
setExecutorInfo is closer to Report.
Distinguish reportType and defaultReportType
Make setter a Report member function.
|
| |
|
|
| |
We have crash.KMSAN definition that is not used.
|
| |
|
|
|
|
|
| |
We need to look for the error type after the "rust_kernel: panicked"
line.
Ignore some common irrelevant frames.
|
| |
|
|
|
|
|
|
| |
Do demangling as a part of Symbolize() processing.
Add a TestSymbolize test to verify the results.
Fix old report_test.go bugs to better react to the -update flags.
Closes #6035.
|
| |
|
|
|
|
|
|
| |
Parse and assemble Linux backtrace lines independently of whether
vmlinux is present.
Refactor the code to make it easier to insert more postprocessing
actions.
|
| |
|
|
|
|
|
|
|
|
| |
Even though __alloc_frozen_pages_noprof has the WARN_ON, the actual
problem lies in how malloc was called down the stacktrace. This leads to
several different bugs being merged into one:
https://syzkaller.appspot.com/bug?extid=03fb58296859d8dbab4d
Ingore the __alloc_frozen_pages_noprof frame when selecting the bug
title.
|
| |
|
|
|
|
|
|
| |
The format has been slightly changed lately and we have started to get
duplicates of the exiting reports, e.g.
https://syzkaller.appspot.com/bug?extid=077d9ebda84f426a6a1e
Adjust the parsing rules to keep the resulting bug titles unchanged.
|
| |
|
|
|
|
|
| |
It's too generic and leads to merging unrelated crash reports.
See https://syzkaller.appspot.com/bug?extid=c0dc46208750f063d0e0 and the
related LKML discussion.
|
| |
|
|
| |
Closes #5968
|
| |
|
|
|
| |
It will reduce the amount of duplicated reports.
See #5940.
|
| |
|
|
|
| |
It will help avoid bug duplication in case of adding new prefixes to
strip.
|
| |
|
|
| |
It allows to reduce parameters count for some functions.
|
| |
|
|
| |
To simplify interface Read*Symbols were moved out from symbolizer.Symbolizer.
|
| |
|
|
|
| |
This will untangle the crashes of
https://syzkaller.appspot.com/bug?extid=bf36934adc7979488192
|
| |
|
|
|
|
|
| |
These can lead to false positives when BPF debugging data is printed,
e.g.
[ 461.316169][ T3168] [U] [1] INVALID BTF_INFO:72000001
|
| |
|
|
| |
Currently we mis-parse all of them, and attribute the bug to HWASAN.
|
| |
|
|
|
| |
These frames are not very informative.
See https://syzkaller.appspot.com/bug?extid=72d3b151aacf9fa74455
|
| |
|
|
|
|
|
| |
Prevent syzkaller from reacting to:
"warning: `syz.1.261' uses wireless extensions which will stop working
for Wi-Fi 7 hardware; use nl80211".
|
| | |
|
| |
|
|
|
|
|
| |
It's a helper used by many different filesystems. Let's be more
specific.
https://syzkaller.appspot.com/bug?extid=651ca866e5e2b4b5095b
|
| |
|
|
|
|
|
|
| |
We've got a dup:
https://syzkaller.appspot.com/bug?extid=d6f5b7a41831ca1a99a0
for an exising report:
https://syzkaller.appspot.com/bug?extid=be32baeb2433f286bc24
|
| |
|
|
|
| |
These are just warnings to the system administrator. Ignore them during
fuzzing.
|
| |
|
|
| |
Take a frame from the stack trace that is included in the bug report.
|
| |
|
|
|
|
|
|
|
|
|
| |
Strict regexp rules to avoid false reboot reports as
"Booting the kernel." should always start from the start and at the end
of line.
Also addressed in unit test the previous fix in
https://github.com/google/syzkaller/commit/026e2200.
Fixes: https://github.com/google/syzkaller/issues/3955
|
| |
|
|
|
| |
Call trace can have line like below printed by %pSb:
func_name+0x254/0x5f0 [module_name b31b29679ab712c360bddd861f655ab24898b4db]
|
| |
|
|
|
|
| |
Bugs are unlikely to be in the rhashtable code itself.
Example: https://syzkaller.appspot.com/bug?extid=128aaac913636290e5a9
|
| |
|
|
|
| |
For Linux bugs, extract the proc id and the prog id from the crash
report.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
SIGBUS means OOM on Linux.
Most of the crashes that happen during fuzzing are SIGBUS,
so separate them from SIGSEGV and suppress.
|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
| |
See https://syzkaller.appspot.com/bug?extid=6cf577c8ed4e23fe436b
|
| |
|
|
| |
This is a too generic frame.
|
| |
|
|
|
|
| |
Litte-endian is kind of default (except for s390).
So instead of saying that each arch is litte-endian,
mark only s390 as big-endian.
|
| |
|
|
|
|
|
| |
This is not the place of the actual bug.
We end up collecting too many different reports in one place:
https://syzkaller.appspot.com/bug?extid=daa1128e28d3c3961cb2
|
| |
|
|
|
| |
These are susceptible to potentially very long lines in the input.
Direct splitting by \n is more reliable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
NewScanner() had an implicit limit on the maximum line size, which we
could surpass e.g. by printing some long serialized program.
In this case, there's no reason to use NewScanner() -- we already have
the whole buffer, so let's use raw byte operations instead.
Remove one of the checks that turned out to be unneeded, but leave an
assertion inside the symbolize() method.
Closes #4198.
|
| |
|
|
| |
It should hopefully help debug #4198.
|
| |
|
|
|
|
| |
In some cases, we may only collect a part of the kernel output. There
are no other "mand mount option" warnings in the kernel, so let's match
by a shorter regexp.
|
| |
|
|
|
|
|
|
| |
When the same crash happens all over again,
we repeatedly symbolize the same PCs.
This is slow and blocks VM loop in the manager.
Cache PCs we already symbolize, we are likely
to symbolize them again.
|
| |
|
|
|
|
| |
This library method is used in multiple places throughout the kernel.
Sample bug: https://syzkaller.appspot.com/bug?extid=dfab1425afcdae5ac970
|
| |
|
|
| |
These are just informative messages.
|
| |
|
|
|
| |
Like many other str* functions, strstr() is not interesting and should
be ignored.
|
| |
|
|
|
|
|
|
|
| |
Bug title in https://syzkaller.appspot.com/bug?extid=17a061f6132066e9fb95 is
"KMSAN: kernel-infoleak in copy_page_to_iter (4)", which is too generic
and may potentially correspond to multiple bugs. Ignore
copy_page_to_iter() and copy_folio_to_iter() to make it more meaningful.
In addition, speculatively ignore copy_page_from_iter().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was initially proposed in
https://github.com/google/syzkaller/issues/1575 that KMSAN reports with
the same origin should be clustered together using an alt title.
This however turns out to be too aggressive: certain KMSAN reports have
their uninitialized values originating from common functions - this
leads to too many KMSAN reports being glued together. Because KMSAN
reports can be also clustered with KASAN reports or other kernel panics,
ultimately seemingly unrelated crashes are considered similar just
because they share their top frames with two KMSAN reports that, in
turn, share the same origin.
The resulting issues on the dashboard look confusing to the users, they
are hard to find and require manual untangling, which probably outweighs
the benefits of having KMSAN issues with exactly the same origin
clustered together.
For other types of KMSAN reports (infoleaks and use-after-frees) the alt
titles are preserved. First, there are fewer of those on the dashboard.
Second, they are rarely grouped together with non-KASAN reports and
are less likely to cause a lot of mess.
|
