| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
vfs_ioctl is now inlined somethimes...
|
| |
|
|
|
| |
In all cases we seen deadlocks in workqueue functions are related
to the subsystem that submits work items.
|
| |
|
|
|
|
| |
There is tremendous branching after that frame to all
existing netlink callbacks which are effectively completely
different syscalls.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On X86-64, dereferencing a non-canonical address normally causes a #GP, for
which syzkaller already has a pattern. However, if the base register of the
non-canonical address is RBP (which can happen in builds that use RBP as a
general-purpose register because they don't use frame pointer unwinding),
#SS is thrown instead, for which syzkaller did not yet have a pattern.
To see this kind of fault, you can insert the following code in
kernel_init() after the call to rcu_end_inkernel_boot():
asm volatile(
"movabs $0x8000000000000000, %rbp\n\t"
"movq (%rbp), %rax\n\t"
"ud2\n\t"
);
Linux prints a different error message for #SS, so add that error message
to syzkaller's list of patterns.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The the added test for exception from exception corner case.
"BUG: spinlock lockup" fails to respect panic_on_warn and panic
after printing report (though, it's a BUG already, so it should
have been paniced even without panic_on_warn).
As the result we got "spinlock lockup" followed by "rcu stall" report.
And we have that special exception for rcu stalls b/c for them
the most of the report is irrelevant up to apic_timer_interrupt frame.
The code did not expect this weird double-report case and skipped
everything up to apic_timer_interrupt, though it's actually
a lockup in netfilter code.
|
| |
|
|
| |
Ignore kobject_put in stack frames.
|
| | |
|
| |
|
|
| |
Update #1523
|
| |
|
|
| |
Update #1523
|
| |
|
|
|
|
|
|
|
|
|
|
| |
An upcoming patch for Linux will change the error reporting pattern for
general protection faults such that the colon doesn't necessarily come
immediately after the string "general protection fault" (see
https://lore.kernel.org/lkml/20191118142144.GC6363@zn.tnic/).
Change the pattern in syzkaller before that happens.
Note that this is not necessarily the final format; in particular, the
ordering of the KASAN note and the "general protection fault" line might
swap.
|
| |
|
|
|
|
|
| |
Happens on every boot and prevents detection of other bugs.
The warning was already reported upstream:
https://groups.google.com/forum/#!msg/syzkaller-bugs/8HZdIbi8sdE/Niu4qijeAAAJ
https://syzkaller.appspot.com/bug?extid=4d497898effeb1936245
|
| |
|
|
|
| |
The KCSAN reports can be quite short.
Now with task contexts we can hopefully reduce the threshold a bit.
|
| |
|
|
| |
Obviously there is an exception to every exception in kernel output parsing...
|
| |
|
|
| |
A number of hangs happen when trying to cancel tasks in different subsystems.
|
| |
|
|
|
| |
This adds support to add frames that have already been in data races, to
the KCSAN report blacklist.
|
| |
|
|
|
|
|
|
|
| |
The problem with task hung reports is that they manifest at random victim stacks,
rather at the root cause stack. E.g. if there is something wrong with RCU subsystem,
we are getting hangs all over the kernel on all synchronize_* calls.
So before resotring to the common logic of skipping some common frames,
we look for 2 common buckets: hangs on synchronize_rcu and hangs on rtnl_lock
and group these together.
|
| |
|
|
| |
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
tty_unregister_device looks generic enough, add to ignore list.
|
| | |
|
| | |
|
| |
|
|
| |
This is not a kernel bug.
|
| | |
|
| |
|
|
| |
It seems something has changed in the kernel again...
|
| | |
|
| |
|
|
|
| |
MAX_STACK_TRACE_ENTRIES crash reports caused by a particular issues can come
from any part of the kernel, so bucketing them based on the stack trace is
pointless and only creates duplicate bug reports.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* pkg/report: improve BUG: MAX_STACK_TRACE_ENTRIES titles
* pkg/report: improve refcount bug titles
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
They are very generic and a bug is almost always in the parent frame.
|
| | |
|
| |
|
|
|
| |
Some kernels print hex PC value before frames.
Account for that in should_fail-matching regexp.
|
| |
|
|
| |
These are too generic and don't point to any subsystem. Skip them.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
In several places we do special handling for some crash types.
Currently we compare report title with magic strings,
which is error-prone. Add explicit Type to reports.
|
| |
|
|
|
|
|
| |
Add a second "questionable" regex to match the powerpc "(unreliable)"
format.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
|
| |
|
|
| |
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
|
