| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Fix corresponding test, remove incorrect tests
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Denis Efremov <efremov@ispras.ru>
|
| | |
|
| | |
|
| |
|
|
| |
Add a new regex to detect Linux warnings of the form "WARNING: [condition] file:line at func...".
|
| |
|
|
|
| |
In RISC-V, if show_regs() is called from kernel space, the stack is dumped without a proper indicator. Match the last
line printed by show_regs() as a stack start indicator and do not treat the missing stack trace as a log corruption.
|
| |
|
|
|
|
|
|
|
|
|
| |
Double-free is at least as severe as a UAF write because in case of UAF write, the vulnerable object is given and
you have to find the right victim object - the writable offset and size needs to match.
In case of double-free you can choose both your victim and attacker object, giving more options for a successful
exploitation (there are attacker objects which can basically write all offset and sizes).
This assumes that double-free is controlled in a way that the attacker can spray a victim object between the two
`kfree()`s.
|
| | |
|
| |
|
|
|
|
| |
Add workflow that can be used for moderation of UAF bugs (consistent/actionable reports),
such UAF bugs can be upstreammed automatically, even if they happened only once
and don't have a reproducer.
|
| |
|
|
|
|
|
|
|
| |
TitleToCrashType is a simple function with no heavy dependencies
that is used by the dashboard app.
Currnetly we have to import pkg/report into dashboard/app,
and this package has lots of heavy deps (symbolizer, demangler,
coverage report generation, etc).
Move TitleToCrashType to pkg/report/crash (where it arguably belongs anyway).
|
| |
|
|
|
| |
rep.Output and rep.Report offsets are different because rep.Report is symbolized
Fix converts offsets from symbolized version back to the raw version.
|
| |
|
|
| |
Update all the test files. I removed test.Equals() check to do it for all the files at once.
|
| |
|
|
|
| |
1. We use empty TITLE and TITLE absence. Let's use TITLE absence by default.
2. FRAME header shouldn't be generated, only updated.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
fast_dput and dput are too generic. This causes several different bugs to be merged into one.
See: https://syzkaller.appspot.com/bug?extid=b74150fd2ef40e716ca2
Ingore the fast_dput/dput frames when selecting the bug title.
|
| |
|
|
|
|
|
|
|
| |
The format has been changed recently:
https://lore.kernel.org/all/20251110114633.202485143@infradead.org/
This commit addresses the duplicates we currently see among the
linux-next bugs, but likely there are more. We'll fix it once we notice
them.
|
| |
|
|
| |
KMEMLEAK now prints a crc hash. Add a test to ensure we can properly parse it.
|
| |
|
|
|
|
|
|
| |
At some point kmemleak started adding a CRC checksum to the "backtrace:" line in memory leak reports. The existing
regular expression did not account for this, causing parsing to fail for these reports.
Update the regex to make the CRC component optional, allowing reports both with and without the checksum to be parsed
correctly.
|
| |
|
|
|
| |
There is no need to see empty FRAME: field content in failing pkg/report tests.
This change allow us to remove 1 parameter.
|
| |
|
|
|
|
|
|
|
| |
This bug is at least one case where we merge several different KMSAN
reports because they end up being triggered in the same generic code:
https://syzkaller.appspot.com/bug?id=6290a184e96e8fb4b657700adcd243ef195113e1
Skip some common symbols from crypto/ so that the titles become more
specific.
|
| | |
|
| | |
|
| |
|
|
| |
Send only the first report to dashboard.
|
| |
|
|
|
|
| |
Following
https://github.com/google/gvisor/commit/b47d21ef21a6f59b8f574eebf83c7936880c1c0d
syzkaller should look for this message type.
|
| |
|
|
|
| |
1. func Run optionally accepts the opts.
2. Some refactoring, more comments.
|
| |
|
|
|
|
|
| |
If these happen to be in the stack frames, in almost all cases it will
be due to a bug in the calling code.
See the discussion in #5784.
|
| |
|
|
| |
./tools/syz-env bin/golangci-lint run ./... --fix
|
| |
|
|
| |
Replace "keep-sorter" with "keep-sorted" to fix the build-time warning.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The impact score is deducted from the title.
Impact is max(known_titles).
|
| | |
|
| | |
|
| |
|
|
|
| |
Introduce crash.KCSANAssert.
Introduce crash.KCSANUnknown.
|
| |
|
|
| |
We don't really need them.
|
| | |
|
| |
|
|
|
|
| |
What we need is the category for "matched unknown KASAN bug".
This king on bugs should be recategorised.
The final goal is to keep this category empty.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
We want to prioritize KASAN bugs differently.
|
| | |
|
| | |
|
| |
|
|
| |
Run `go test ./pkg/report -update`.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
setExecutorInfo is closer to Report.
Distinguish reportType and defaultReportType
Make setter a Report member function.
|
| | |
|
| |
|
|
| |
We have crash.KMSAN definition that is not used.
|
