| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Just to detect them at all and have some test base.
Will need better bug identification later.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
A line length of 79 in the ddb output does not necessarily imply that the
following line is a continuation of the current line. Since there's no way
to distinguish between ordinary and continuation lines, it could end up
corrupting the report by joining two lines that are disjoint[1].
Instead, disable line wrapping in ddb. If we want some kind of wrapping in
the future it's easier done by pkg/report.
[1] https://syzkaller.appspot.com/bug?extid=03f7377a9848d7d008c9
|
| |
|
|
| |
Just something to start with. Plus some test cases.
|
| |
|
|
|
|
|
|
| |
This ability was never used but we maintain a bunch of code for it.
syzkaller also recently learned to spoof this error code
with some ptrace magic (probably intercepted control flow again
and exploited executor binary).
Drop all of it.
|
| |
|
|
|
|
| |
Possible now since the output is consistently prefixed[1].
[1] https://marc.info/?l=openbsd-cvs&m=154850328128727&w=2
|
| | |
|
| |
|
|
| |
Skip various *_trylock functions as we do for *_lock functions.
|
| |
|
|
| |
Update #933
|
| |
|
|
| |
Update #933
|
| |
|
|
|
|
| |
Oops messages frequently induce possible deadlock reports
because oops reporting introduces unexpected locking chains.
So if we have enough of the actual oops, strip the deadlock message.
|
| |
|
|
|
| |
If we have contexts, we don't need to strip the first report
at the beginning of the second report.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CONFIG_PRINTK_CALLER has reached linux-next:
https://groups.google.com/d/msg/syzkaller/xEDUgkgFvL8/d5bBS3BJBwAJ
Enable CONFIG_PRINTK_CALLER and support parsing of its output format.
This gives us several advantages:
- output from different contexts don't intermix
- intermixed output doesn't cause corrupted reports
- we can keep larger prefix since we know it comes from the same task
Credit for the kernel part goes to Tetsuo Handa.
Also Sergey Senozhatsky and Petr Mladek for reviews of the kernel part.
Fixes #596
Fixes #600
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Ignore double faults as start of a second report.
Double fault can happen during handling of paging faults
if memory is badly corrupted. Also it usually happens
synchronously, which means that maybe the report is not corrupted.
But of course it can come from another CPU as well.
Add more interesting test cases.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
We computed Start/EndPos after trimming line prefix,
this resulted in offsetted values which are not correct.
Fix that. Add more tests and checks for Start/EndPos.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
There are more variations of this panic format.
|
| |
|
|
|
| |
"container" seems to have been renamed to "sandbox".
Also exact pid numbers are harmful.
|
| |
|
|
|
| |
Existing ones don't match actual gvisor output after address mangling.
Not matching exact context in parens should be good enough re false positives.
|
| |
|
|
|
| |
https://github.com/google/gvisor/commit/99d595869332f817de8f570fae184658c513a43c
changed the format of these to include the registers.
|
| | |
|
| | |
|
| |
|
|
| |
Add another anchor frame.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We started detecting all kernel reboots as corrupted,
because we considered that after any "Allocated" line
a stack trace should follow.
Kernel boot output now contains:
ima: Allocated hash algorithm: sha256
and there is no stack trace after that.
1. Refine stack trace regexps (we actually want to look for
"Allocated by task PID:" lines).
2. Don't check stacks if report format says that it
does not contain stacks.
|
| |
|
|
|
|
|
| |
Amusing that's another kernel failure mode that we are discovering after 3 years.
One can't even reliably understand when kernel has crashed.
I wonder if syzkaller never hit these, or just never recognized and reported them. We will see.
Don't even want to think about arm kernel output parsing.
|
| |
|
|
|
|
| |
Sometimes the reorder_kernel error message is truncated causing the current
ignore pattern to fail. Instead, simply reject all lines containing
`reorder_kernel' in order to reduce noisy crash reports.
|
| |
|
|
|
| |
OpenBSD produces \n\r for new lines and split output at 79 column.
Handle both of these things.
|
| |
|
|
|
|
|
| |
This is called from kfree in the added test.
We already ignore everything related to kmalloc/free
and e.g. arch/.*/mm/fault.c, so it looks reasonable
to ignore this one too.
|
| | |
|
| |
|
|
| |
Skip few more common allocation functions.
|
| |
|
|
|
| |
Account for the case that some file names can appear _before_ crash report starts.
Start extracting guilty file starting from StartPos.
|
| | |
|
| |
|
|
|
|
| |
Extract guilty frame from stack.
Add few more ignored functions.
Add more tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During rcu stalls and cpu lockups kernel loops in some part of code,
usually across several functions. When the stall is detected, traceback
points to a random stack within the looping code. We generally take
the top function in the stack (with few exceptions) as the bug identity.
As the result stalls with the same root would produce multiple reports
in different functions, which is bad.
Instead we identify a representative function deeper in the stack.
For most syscalls it can be the syscall entry function (e.g. SyS_timer_create).
However, for highly discriminated functions syscalls like ioctl/read/write/connect
we take the previous function (e.g. for connect the one that points to exact
protocol, or for ioctl the one that is related to the device).
Fixes #710
|
| |
|
|
| |
C++ function names can contain '~'.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
all: add openbsd support
squash of the following commits:
* openbsd: add mandatory bits
* report: add OpenBSD support
* executor: skip building kvm on OpenBSD
* executor: add OpenBSD support
Linking against libutil is necessary due to usage of openpty(3).
* executor: fix typo in fail() message
* fixup! report: add OpenBSD support
* fixup! openbsd: add mandatory bits
* fixup! openbsd: add mandatory bits
* fixup! openbsd: add mandatory bits
* fixup! report: add OpenBSD support
* gometalinter: skip sys/openbsd
|
| |
|
|
|
|
|
|
|
| |
Switch to the existing oops-based infrastructure.
Extending existing code is nearly impossible.
Detect service crashes on fuchsia.
Add more tests.
|
| | |
|
| | |
|
