| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
TitleToCrashType is a simple function with no heavy dependencies
that is used by the dashboard app.
Currnetly we have to import pkg/report into dashboard/app,
and this package has lots of heavy deps (symbolizer, demangler,
coverage report generation, etc).
Move TitleToCrashType to pkg/report/crash (where it arguably belongs anyway).
|
| | |
|
| |
|
|
|
|
|
| |
fast_dput and dput are too generic. This causes several different bugs to be merged into one.
See: https://syzkaller.appspot.com/bug?extid=b74150fd2ef40e716ca2
Ingore the fast_dput/dput frames when selecting the bug title.
|
| |
|
|
|
|
|
|
|
| |
The format has been changed recently:
https://lore.kernel.org/all/20251110114633.202485143@infradead.org/
This commit addresses the duplicates we currently see among the
linux-next bugs, but likely there are more. We'll fix it once we notice
them.
|
| |
|
|
|
|
|
|
| |
At some point kmemleak started adding a CRC checksum to the "backtrace:" line in memory leak reports. The existing
regular expression did not account for this, causing parsing to fail for these reports.
Update the regex to make the CRC component optional, allowing reports both with and without the checksum to be parsed
correctly.
|
| |
|
|
|
|
|
|
|
| |
This bug is at least one case where we merge several different KMSAN
reports because they end up being triggered in the same generic code:
https://syzkaller.appspot.com/bug?id=6290a184e96e8fb4b657700adcd243ef195113e1
Skip some common symbols from crypto/ so that the titles become more
specific.
|
| |
|
|
|
|
|
| |
If these happen to be in the stack frames, in almost all cases it will
be due to a bug in the calling code.
See the discussion in #5784.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
setExecutorInfo is closer to Report.
Distinguish reportType and defaultReportType
Make setter a Report member function.
|
| |
|
|
| |
We have crash.KMSAN definition that is not used.
|
| |
|
|
|
|
|
| |
We need to look for the error type after the "rust_kernel: panicked"
line.
Ignore some common irrelevant frames.
|
| |
|
|
|
|
|
|
| |
Do demangling as a part of Symbolize() processing.
Add a TestSymbolize test to verify the results.
Fix old report_test.go bugs to better react to the -update flags.
Closes #6035.
|
| |
|
|
|
|
|
|
| |
Parse and assemble Linux backtrace lines independently of whether
vmlinux is present.
Refactor the code to make it easier to insert more postprocessing
actions.
|
| |
|
|
|
|
|
|
|
|
| |
Even though __alloc_frozen_pages_noprof has the WARN_ON, the actual
problem lies in how malloc was called down the stacktrace. This leads to
several different bugs being merged into one:
https://syzkaller.appspot.com/bug?extid=03fb58296859d8dbab4d
Ingore the __alloc_frozen_pages_noprof frame when selecting the bug
title.
|
| |
|
|
|
|
|
|
| |
The format has been slightly changed lately and we have started to get
duplicates of the exiting reports, e.g.
https://syzkaller.appspot.com/bug?extid=077d9ebda84f426a6a1e
Adjust the parsing rules to keep the resulting bug titles unchanged.
|
| |
|
|
|
|
|
| |
It's too generic and leads to merging unrelated crash reports.
See https://syzkaller.appspot.com/bug?extid=c0dc46208750f063d0e0 and the
related LKML discussion.
|
| |
|
|
| |
Closes #5968
|
| |
|
|
|
| |
It will reduce the amount of duplicated reports.
See #5940.
|
| |
|
|
|
| |
It will help avoid bug duplication in case of adding new prefixes to
strip.
|
| |
|
|
| |
It allows to reduce parameters count for some functions.
|
| |
|
|
| |
To simplify interface Read*Symbols were moved out from symbolizer.Symbolizer.
|
| |
|
|
|
| |
This will untangle the crashes of
https://syzkaller.appspot.com/bug?extid=bf36934adc7979488192
|
| |
|
|
|
|
|
| |
These can lead to false positives when BPF debugging data is printed,
e.g.
[ 461.316169][ T3168] [U] [1] INVALID BTF_INFO:72000001
|
| |
|
|
| |
Currently we mis-parse all of them, and attribute the bug to HWASAN.
|
| |
|
|
|
| |
These frames are not very informative.
See https://syzkaller.appspot.com/bug?extid=72d3b151aacf9fa74455
|
| |
|
|
|
|
|
| |
Prevent syzkaller from reacting to:
"warning: `syz.1.261' uses wireless extensions which will stop working
for Wi-Fi 7 hardware; use nl80211".
|
| | |
|
| |
|
|
|
|
|
| |
It's a helper used by many different filesystems. Let's be more
specific.
https://syzkaller.appspot.com/bug?extid=651ca866e5e2b4b5095b
|
| |
|
|
|
|
|
|
| |
We've got a dup:
https://syzkaller.appspot.com/bug?extid=d6f5b7a41831ca1a99a0
for an exising report:
https://syzkaller.appspot.com/bug?extid=be32baeb2433f286bc24
|
| |
|
|
|
| |
These are just warnings to the system administrator. Ignore them during
fuzzing.
|
| |
|
|
| |
Take a frame from the stack trace that is included in the bug report.
|
| |
|
|
|
|
|
|
|
|
|
| |
Strict regexp rules to avoid false reboot reports as
"Booting the kernel." should always start from the start and at the end
of line.
Also addressed in unit test the previous fix in
https://github.com/google/syzkaller/commit/026e2200.
Fixes: https://github.com/google/syzkaller/issues/3955
|
| |
|
|
|
| |
Call trace can have line like below printed by %pSb:
func_name+0x254/0x5f0 [module_name b31b29679ab712c360bddd861f655ab24898b4db]
|
| |
|
|
|
|
| |
Bugs are unlikely to be in the rhashtable code itself.
Example: https://syzkaller.appspot.com/bug?extid=128aaac913636290e5a9
|
| |
|
|
|
| |
For Linux bugs, extract the proc id and the prog id from the crash
report.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
SIGBUS means OOM on Linux.
Most of the crashes that happen during fuzzing are SIGBUS,
so separate them from SIGSEGV and suppress.
|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
| |
See https://syzkaller.appspot.com/bug?extid=6cf577c8ed4e23fe436b
|
| |
|
|
| |
This is a too generic frame.
|
| |
|
|
|
|
| |
Litte-endian is kind of default (except for s390).
So instead of saying that each arch is litte-endian,
mark only s390 as big-endian.
|
| |
|
|
|
|
|
| |
This is not the place of the actual bug.
We end up collecting too many different reports in one place:
https://syzkaller.appspot.com/bug?extid=daa1128e28d3c3961cb2
|
| |
|
|
|
| |
These are susceptible to potentially very long lines in the input.
Direct splitting by \n is more reliable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
NewScanner() had an implicit limit on the maximum line size, which we
could surpass e.g. by printing some long serialized program.
In this case, there's no reason to use NewScanner() -- we already have
the whole buffer, so let's use raw byte operations instead.
Remove one of the checks that turned out to be unneeded, but leave an
assertion inside the symbolize() method.
Closes #4198.
|
| |
|
|
| |
It should hopefully help debug #4198.
|
| |
|
|
|
|
| |
In some cases, we may only collect a part of the kernel output. There
are no other "mand mount option" warnings in the kernel, so let's match
by a shorter regexp.
|
