| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
These frames are not very informative.
See https://syzkaller.appspot.com/bug?extid=72d3b151aacf9fa74455
|
| |
|
|
|
|
|
| |
Prevent syzkaller from reacting to:
"warning: `syz.1.261' uses wireless extensions which will stop working
for Wi-Fi 7 hardware; use nl80211".
|
| | |
|
| |
|
|
|
|
|
| |
It's a helper used by many different filesystems. Let's be more
specific.
https://syzkaller.appspot.com/bug?extid=651ca866e5e2b4b5095b
|
| |
|
|
|
|
|
|
| |
We've got a dup:
https://syzkaller.appspot.com/bug?extid=d6f5b7a41831ca1a99a0
for an exising report:
https://syzkaller.appspot.com/bug?extid=be32baeb2433f286bc24
|
| |
|
|
|
| |
These are just warnings to the system administrator. Ignore them during
fuzzing.
|
| |
|
|
| |
Take a frame from the stack trace that is included in the bug report.
|
| |
|
|
|
|
| |
Sometimes it may happen that we only get part of the string. Let's
suppress the report both for the specific error message and for ALSA in
general.
|
| |
|
|
|
|
|
|
|
|
|
| |
Strict regexp rules to avoid false reboot reports as
"Booting the kernel." should always start from the start and at the end
of line.
Also addressed in unit test the previous fix in
https://github.com/google/syzkaller/commit/026e2200.
Fixes: https://github.com/google/syzkaller/issues/3955
|
| |
|
|
|
|
| |
Bugs are unlikely to be in the rhashtable code itself.
Example: https://syzkaller.appspot.com/bug?extid=128aaac913636290e5a9
|
| |
|
|
|
| |
For Linux bugs, extract the proc id and the prog id from the crash
report.
|
| |
|
|
| |
These are mis-parsed for now. Just add test cases.
|
| |
|
|
|
|
| |
SIGBUS means OOM on Linux.
Most of the crashes that happen during fuzzing are SIGBUS,
so separate them from SIGSEGV and suppress.
|
| |
|
|
| |
See https://syzkaller.appspot.com/bug?extid=6cf577c8ed4e23fe436b
|
| |
|
|
| |
This is a too generic frame.
|
| |
|
|
|
|
|
| |
This is not the place of the actual bug.
We end up collecting too many different reports in one place:
https://syzkaller.appspot.com/bug?extid=daa1128e28d3c3961cb2
|
| |
|
|
|
|
| |
In some cases, we may only collect a part of the kernel output. There
are no other "mand mount option" warnings in the kernel, so let's match
by a shorter regexp.
|
| |
|
|
|
|
| |
This library method is used in multiple places throughout the kernel.
Sample bug: https://syzkaller.appspot.com/bug?extid=dfab1425afcdae5ac970
|
| |
|
|
| |
These are just informative messages.
|
| |
|
|
|
| |
Like many other str* functions, strstr() is not interesting and should
be ignored.
|
| |
|
|
|
|
|
|
|
| |
Bug title in https://syzkaller.appspot.com/bug?extid=17a061f6132066e9fb95 is
"KMSAN: kernel-infoleak in copy_page_to_iter (4)", which is too generic
and may potentially correspond to multiple bugs. Ignore
copy_page_to_iter() and copy_folio_to_iter() to make it more meaningful.
In addition, speculatively ignore copy_page_from_iter().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was initially proposed in
https://github.com/google/syzkaller/issues/1575 that KMSAN reports with
the same origin should be clustered together using an alt title.
This however turns out to be too aggressive: certain KMSAN reports have
their uninitialized values originating from common functions - this
leads to too many KMSAN reports being glued together. Because KMSAN
reports can be also clustered with KASAN reports or other kernel panics,
ultimately seemingly unrelated crashes are considered similar just
because they share their top frames with two KMSAN reports that, in
turn, share the same origin.
The resulting issues on the dashboard look confusing to the users, they
are hard to find and require manual untangling, which probably outweighs
the benefits of having KMSAN issues with exactly the same origin
clustered together.
For other types of KMSAN reports (infoleaks and use-after-frees) the alt
titles are preserved. First, there are fewer of those on the dashboard.
Second, they are rarely grouped together with non-KASAN reports and
are less likely to cause a lot of mess.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a "fatal error:" bug is reported, this usually means that syzkaller
itself had a memory corruption (except in the gVisor fuzzing case where
this could be an actual bug in gVisor)
Most likely, this is due to a kernel that went wild and corrupted the
syzkaller address space, but in that case the exact details of what part
of the runtime failed are rarely relevant.
This gathers all these go runtime errors under one umbrella so they are
easier to track. Except for gVisor on which the logic is kept the same
as existing.
Add three test cases to the linux reporting:
- 705 (equivalent to the current all/report/7) to make sure Go OOO are
suppressed (they have a different title now but still get suppressed)
- 706 (equivalent to the current all/report/8) to make sure that ALSA
"fatal errors" are not handled as Go fatal errors
- 707 (new) to make sure that reports like
https://syzkaller.appspot.com/bug?extid=3f00d7083c52713ba3b0 are
re-named to "go runtime error"
|
| |
|
|
| |
Newer arm compiler versions produce somewhat different output.
|
| |
|
|
| |
It refers to SYZFAIL and SYZFATAL errors.
|
| |
|
|
| |
Amend oops and oopsFormat to contain report type.
|
| |
|
|
| |
Reference: https://syzkaller.appspot.com/bug?extid=c370a63abf53498ae3e2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore the following functions:
- folio_alloc
- filemap_alloc_folio
- __filemap_get_folio
- find_or_create_page
- do_read_cache_folio
- read_cache_page
- pagecache_get_page
- grab_cache_page_write_begin
that perform allocations within mm/filemap.c
This is to defeat an overly eager report clusterization in
https://syzkaller.appspot.com/bug?extid=828dfc12440b4f6f305d
|
| |
|
|
| |
See https://syzkaller.appspot.com/bug?extid=d8fc21bfa138a5ae916d
|
| |
|
|
| |
Sample bug: https://syzkaller.appspot.com/bug?extid=fae676d3cf469331fc89
|
| |
|
|
|
|
| |
They are misleading guilty file detection.
See https://groups.google.com/g/syzkaller-bugs/c/T6Z_5Gh1Qio
|
| |
|
|
| |
Based on https://syzkaller.appspot.com/bug?extid=64b645917ce07d89bde5
|
| |
|
|
| |
See https://syzkaller.appspot.com/bug?id=88b03615bcf53f3cdc9b987ad26207a9b8d47d8f
|
| |
|
|
| |
Also, skip more workqueue functions.
|
| | |
|
| | |
|
| |
|
|
|
| |
Ignore arch/arm64/kernel/process.c and some of page cache sources, as
the real problem will much more likely lie in the caller.
|
| |
|
|
| |
Its caller is much more informative.
|
| |
|
|
|
| |
For context see:
https://lore.kernel.org/all/CACT4Y+ZMXN=smH-0FN4Ui0zm6P-c=eEwG6fNJ9deTnc0M099UQ@mail.gmail.com/T/#t
|
| | |
|
| |
|
|
|
| |
Currently we return ".", which is not really expected by all the
surrounding logic.
|
| | |
|
| |
|
|
|
|
| |
The existing code is broken - the console output does not contain a
whitespace before the apic_timer_interrupt frame. Also, add the
apic_timer source files to the excluded ones.
|
| | |
|
| |
|
|
| |
This frame also ditributes work to other functions.
|
| |
|
|
|
|
|
| |
Refactor the existing guilty path testing code to allow for simpler
extension.
Reuse the resulting code to invoke guilty_raw tests.
|
| |
|
|
|
| |
The family of such functions is big and keeps on growing. Add them to
the generic skipPatterns code.
|
| |
|
|
| |
Fixes #3621
|
| |
|
|
|
|
|
| |
Two KMSAN reports belonging to different subsystems ended up being merged
together because they both had netlink_ack in their origin. Let's skip
this frame as well as netlink_rcv_skb, which is common among several
network protocols.
|
| | |
|
