| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a "fatal error:" bug is reported, this usually means that syzkaller
itself had a memory corruption (except in the gVisor fuzzing case where
this could be an actual bug in gVisor)
Most likely, this is due to a kernel that went wild and corrupted the
syzkaller address space, but in that case the exact details of what part
of the runtime failed are rarely relevant.
This gathers all these go runtime errors under one umbrella so they are
easier to track. Except for gVisor on which the logic is kept the same
as existing.
Add three test cases to the linux reporting:
- 705 (equivalent to the current all/report/7) to make sure Go OOO are
suppressed (they have a different title now but still get suppressed)
- 706 (equivalent to the current all/report/8) to make sure that ALSA
"fatal errors" are not handled as Go fatal errors
- 707 (new) to make sure that reports like
https://syzkaller.appspot.com/bug?extid=3f00d7083c52713ba3b0 are
re-named to "go runtime error"
|
| |
|
|
|
| |
This will help avoid a circular dependency pkg/vcs -> pkg/report ->
pkg/vcs.
|
| |
|
|
| |
Amend oops and oopsFormat to contain report type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently a number of report post-processing activities are implemented as a
decorator over the interface that defines OS-specific implementations.
Following exactly the same interface is too restrictive in this case as adding
extra parameters to the post-processing forces the developer to adjust all
implementations thay may not need these parameters at all.
Untie the wrapper from the Reporter interface. Use a package-private
reporterImpl interface for the OS-specific implementations, while having an
exported Reporter structure. Make sure that Reporter is stored and
passed as a pointer.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Overall idea of netlink checking.
Currnetly we check netlink policies for common detectable mistakes.
First, we detect what looks like a netlink policy in our descriptions
(these are structs/unions only with nlattr/nlnext/nlnetw fields).
Then we find corresponding symbols (offset/size) in vmlinux using nm.
Then we read elf headers and locate where these symbols are in the rodata section.
Then read in the symbol data, which is an array of nla_policy structs.
These structs allow to easily figure out type/size of attributes.
Finally we compare our descriptions with the kernel policy description.
Update #590
|
| |
|
|
|
| |
* Initial KMSan commit
* pkg/buil: kmsan cleanup
* pkg/build: Modify the logic slightly
|
| |
|
|
| |
Handle __asan strings in backtraces.
|
| |
|
|
|
|
|
|
|
| |
Some syzkaller panics happen due to memory corruptions,
but it still would be useful at least to get some visibility into these crashes.
On some OSes we actualy already detect them as they have "panic:" oops pattern,
but not e.g. on linux.
Fixes #318
|
| |
|
|
|
|
| |
We now pass 5 arguments through a bunch of functions,
this is quite inconvinient when the set of arguments changes.
Incapsulate all arguments in a struct and pass/store it as a whole.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pkg/cover: Modify parsing logic
1. Remove prefix computation
2. Add a mgrconfig for kernel build directory
* pkg/report: shorten reports with kernelBuildSrc instead of kernelSrc
* pkg/report: Fix failing tests
* pkg/report: fix formating issues
* tools/syz-cover: Fix unintended redefinition
* make changes to fix failing ci build
* pkg/report: fix issues
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* pkg/report: initial netbsd commit
* pkg/report: fix netbsd errors and add comments to help
* fix spelling error
|
| |
|
|
|
|
| |
* Fix Superviser mode and lock error
* Fix smaller issues
|
| |
|
|
|
|
| |
* fix error with reports
* add additional testdata
|
| |
|
|
|
|
|
|
| |
* Add basic ASan parser
* Fix the test data
* Removed Read|Write parameter
|
| | |
|
| | |
|
| |
|
|
|
| |
Just to detect them at all and have some test base.
Will need better bug identification later.
|
| | |
|
| |
|
|
| |
Just something to start with. Plus some test cases.
|
| |
|
|
|
| |
In order to use the already defined kernel name in sys/targets to reduce
duplications.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently all (linux-specific) suppressions are hardcoded in mgrconfig.
This is very wrong. Move them to pkg/report and allow to specify per OS.
Add gvisor-specific suppressions.
This required a bit of refactoring. Introduce mgrconfig.KernelObj finally.
Make report.NewReporter and vm.Create accept mgrconfig directly
instead of passing it as multiple scattered args.
Remove tools/syz-parse and it always did the same as tools/syz-symbolize.
Simplify global vars in syz-manager/cover.go.
Create reporter eagerly in manager. Use sort.Slice more.
Overall -90 lines removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently getting a complete report requires a complex,
multi-step dance (including getting information that
external users are not interested in -- guilty file).
Simplify interface down to 2 functions: Parse and Symbolize.
Parse does what it did before, Symbolize symbolizes report
and fills in maintainers. This simplifies both implementations
of Reporter interface and all users of the interface.
Potentially we could get this down to 1 function Parse
that does everything. However, (1) Symbolize can fail,
while Parse cannot, (2) usually we want to ignore (log)
Symbolize errors, but otherwise proceed with the report,
(3) repro does not need symbolization for all but the
last report.
|
| |
|
|
|
| |
Parse returns 5 variables now. Later we may want to add crash "priority".
Introduce Report struct that holds all report data.
|
| |
|
|
|
| |
This change makes pkg/report try to detect corrupted reports by
using some heuristics.
|
| |
|
