Commit Graph

251 Commits

Author SHA1 Message Date
Dmitry Vyukov
bae5742c50 pkg/report: tune synchronize_srcu name for older kernels 2020-07-08 09:26:48 +02:00
Dmitry Vyukov
08fc4ef14d pkg/report: make smp_call_function anchor instead of on_each_cpu
Right after committing the on_each_cpu change,
another report come in where smp_call_function
is not called from on_each_cpu. And there are
actually more such callers in code, and also
as existing tests show. smp_call_function seems
to be the better root cause indication.
2020-07-07 12:04:22 +02:00
Dmitry Vyukov
e419f4e6d8 pkg/report: consider on_each_cpu as stall anchor function
Kernel frequently hangs in on_each_cpu,
it seems to be more indicative of the root cause
than subsequent frames.
2020-07-07 10:40:55 +02:00
Dmitry Vyukov
ef278c737f pkg/report: use rtnetlink_rcv_msg as stall anchor frame
It also hash high branching factor and a bug is more likely in the callback.
For the added test we used to say:
INFO: rcu detected stall in __sys_sendmsg
now we say more useful:
INFO: rcu detected stall in tc_modify_qdisc
2020-07-06 17:26:25 +02:00
Andrey Konovalov
4d2d1ebee3 pkg/report: stop using questionable frames
Most likely reports without proper stack traces were caused by a bug in the
unwinder and are now fixed in 187b96db5ca7 "x86/unwind/orc: Fix
unwind_get_return_address_ptr() for inactive tasks".

Disable trying to use questionable frames for now.

Fixes #1834
2020-06-17 17:42:50 +02:00
Dmitry Vyukov
6fe5725de8 pkg/report: ingore another android debug output that looks like kernel crash 2020-06-12 08:23:36 +02:00
Dmitry Vyukov
1f837d8b35 pkg/report: improve "using smp_processor_id() in preemptible code" parsing 2020-06-04 12:16:25 +02:00
Dmitry Vyukov
a5ce5de0ae pkg/report: update "using X in preemptible code" bug 2020-06-03 12:46:37 +02:00
Dmitry Vyukov
06417ff868 pkg/report: add tests for rcu stalls in kmem_cache_alloc
I though maybe we need special handling for them:
stop at kmem_cache_alloc function. But now I am not sure.
This can also be an infinite loop which calls kmalloc/kfree.
Let's not change code for now, just fix things with tests
(this is a good representative set).
2020-06-02 17:47:56 +02:00
Andrey Konovalov
c98aaf984a pkg/report: improve report titles 2020-06-02 17:23:51 +02:00
Dmitry Vyukov
2510d1afaa pkg/report: avoid producing no guilty file
If we produce no guilty file at all, the report is mailed only to LKML,
which is mostly equivalent to mailing to nobody.
If we skip all files, return the first one.
2020-05-29 15:27:43 +02:00
m00nbsd
bd28eb9d78 pkg/report: fix kUBSan reporting on NetBSD 2020-05-24 14:34:40 +02:00
Dmitry Vyukov
b026d481be pkg/report: skip "rwsem" frames in task hung reports 2020-05-11 16:54:55 +02:00
Mark Johnston
cc90e4763e pkg/report: match a common pf panic 2020-04-30 16:33:09 +02:00
Dmitry Vyukov
20ed497b52 pkg/report: add compat ioctl stall anchor frames
Add new __ia32_compat_sys_ioctl anchor frame
(something seems to have been changed in compat ioctl's).
Also skip all compat_ioctl frames, it's pretty common naming
convention and it may help to avoid some dups across
compat/non-compat paths.
2020-04-19 10:26:57 +02:00
Anton Lindqvist
36b0b05078 pkg/report: make uvm_fault parsing more strict on OpenBSD
In order to avoid treating the following diagnostic printf as a panic[1]:

	vmx_mprotect_ept: uvm_fault returns 14, GPA=0x200000

[1] https://syzkaller.appspot.com/bug?id=25f3ef919bf9f5d8a89e13b1ba5fec8ca56334be
2020-04-12 13:10:26 +02:00
Dmitry Vyukov
0bbbd25447 pkg/report: fix detection of questionable frames
The previous commit "pkg/report: handle cases when whole stack is questionable"
mishandles frames that start with [PC] prefix before " ? ".
Restore that part.
2020-03-27 06:23:11 +01:00
Dmitry Vyukov
a2d5b1c04d pkg/report: handle cases when whole stack is questionable
If the report is identified as corrupted because there are no frames at all,
try to re-extract using questionable frames.
This is a bit risky and may produce lots of one-off corrupted reports
at random locations. But we won't know until we deploy this...

Fixes #1216
2020-03-21 14:43:26 +01:00
Andrey Konovalov
4288d95ef6 pkg/report: improve report titles 2020-03-21 08:13:09 +01:00
Andrey Konovalov
2c31c529a9 pkg/report: improve report titles 2020-03-18 17:41:34 +01:00
Andrey Konovalov
fd69032d78 pkg/report: improve report titles 2020-03-13 07:44:53 +01:00
Andrey Konovalov
35f53e4574 pkg/report: improve report titles 2020-03-09 14:46:52 +01:00
Anton Lindqvist
c88c7b75a4 pkg/report: normalize soreceive report on OpenBSD
At last!
2020-02-27 20:12:33 +01:00
Dmitry Vyukov
93e5e33559 pkg/report: update parsing of rcu stalls in ioctls
vfs_ioctl is now inlined somethimes...
2020-02-02 12:56:15 +01:00
Dmitry Vyukov
c30117b2ac pkg/report: don't attribute deadlocks to workqueue functions
In all cases we seen deadlocks in workqueue functions are related
to the subsystem that submits work items.
2020-01-31 19:14:47 +01:00
Dmitry Vyukov
d2557fb5ca pkg/report: treat nfnetlink_rcv_msg as anchor frame
There is tremendous branching after that frame to all
existing netlink callbacks which are effectively completely
different syscalls.
2020-01-20 10:57:28 +01:00
Jann Horn
069a5a4486 pkg/report: add pattern for Linux #SS faults
On X86-64, dereferencing a non-canonical address normally causes a #GP, for
which syzkaller already has a pattern. However, if the base register of the
non-canonical address is RBP (which can happen in builds that use RBP as a
general-purpose register because they don't use frame pointer unwinding),
#SS is thrown instead, for which syzkaller did not yet have a pattern.

To see this kind of fault, you can insert the following code in
kernel_init() after the call to rcu_end_inkernel_boot():

	asm volatile(
		"movabs $0x8000000000000000, %rbp\n\t"
		"movq (%rbp), %rax\n\t"
		"ud2\n\t"
	);

Linux prints a different error message for #SS, so add that error message
to syzkaller's list of patterns.
2020-01-15 16:06:40 +01:00
Andrew Turner
fa12bd3c2e pkg/report: Add the calling function to sx reports
These can fail in many functions, include the calling function in
the report
2020-01-14 19:55:46 +01:00
Andrey Konovalov
a20859865e pkg/report: add more ignored frames 2020-01-07 16:02:48 +01:00
Anton Lindqvist
53430d9719 pkg/report: normalize kqueue_check report on OpenBSD 2020-01-06 20:37:03 +01:00
Anton Lindqvist
9dcc1191cb pkg/report: normalize unhandled af report on OpenBSD 2020-01-03 08:37:12 +01:00
Anton Lindqvist
b31eda3df8 pkg/report: normalize yet another free list modified report on OpenBSD 2019-12-09 11:09:14 +01:00
Dmitry Vyukov
4fb74474cf pkg/report: fix guilty file extraction in presence of rcu stalls
The the added test for exception from exception corner case.

"BUG: spinlock lockup" fails to respect panic_on_warn and panic
after printing report (though, it's a BUG already, so it should
have been paniced even without panic_on_warn).
As the result we got "spinlock lockup" followed by "rcu stall" report.
And we have that special exception for rcu stalls b/c for them
the most of the report is irrelevant up to apic_timer_interrupt frame.
The code did not expect this weird double-report case and skipped
everything up to apic_timer_interrupt, though it's actually
a lockup in netfilter code.
2019-12-05 12:14:58 +01:00
Andrey Konovalov
036f0b1e8d pkg/report: improve reports titles
Ignore kobject_put in stack frames.
2019-12-05 12:03:11 +01:00
Andrey Konovalov
659d8b8568 pkg/report: improve report titles 2019-11-29 13:13:04 +01:00
Dmitry Vyukov
736169d38b pkg/report: add few more UBSAN reports
Update #1523
2019-11-29 10:45:55 +01:00
Dmitry Vyukov
76357d6f89 pkg/report: update UBSAN report parsing
Update #1523
2019-11-28 14:07:19 +01:00
Jann Horn
432c7650d5 pkg/report: generalize general protection fault pattern
An upcoming patch for Linux will change the error reporting pattern for
general protection faults such that the colon doesn't necessarily come
immediately after the string "general protection fault" (see
https://lore.kernel.org/lkml/20191118142144.GC6363@zn.tnic/).
Change the pattern in syzkaller before that happens.

Note that this is not necessarily the final format; in particular, the
ordering of the KASAN note and the "general protection fault" line might
swap.
2019-11-19 08:07:30 +01:00
David Pursell
79248ee88b sys/fuchsia: remove deprecated exception APIs
The port-based exception APIs have been deprecated on Fuchsia and will
be removed shortly. Delete them from the syscall definitions and
modify the Fuchsia executor to use the new channel-based APIs instead.
2019-11-14 16:21:01 -08:00
Kamil Rytarowski
a24fe792a6 Correct parsing of Kernel ASan reports
Handle __asan strings in backtraces.
2019-11-14 18:48:40 +01:00
Dmitry Vyukov
31b7aac462 pkg/report: ignore boot warning that always happens
Happens on every boot and prevents detection of other bugs.
The warning was already reported upstream:
https://groups.google.com/forum/#!msg/syzkaller-bugs/8HZdIbi8sdE/Niu4qijeAAAJ
https://syzkaller.appspot.com/bug?extid=4d497898effeb1936245
2019-11-08 13:38:31 +01:00
Dmitry Vyukov
1e35461e02 pkg/report: trim panic_on_warn set few lines earlier
The KCSAN reports can be quite short.
Now with task contexts we can hopefully reduce the threshold a bit.
2019-11-08 07:51:25 +01:00
Dmitry Vyukov
d797d2018f pkg/report: fix up panic handling
Obviously there is an exception to every exception in kernel output parsing...
2019-11-06 18:06:12 +01:00
Dmitry Vyukov
da505f84d3 pkg/report: detect syzkaller panics in lost connection bugs
Some syzkaller panics happen due to memory corruptions,
but it still would be useful at least to get some visibility into these crashes.
On some OSes we actualy already detect them as they have "panic:" oops pattern,
but not e.g. on linux.

Fixes #318
2019-11-06 11:41:05 +01:00
Anton Lindqvist
25bb509e59 pkg/report: suppress fifo_badop reports on OpenBSD
This panic is not to interesting since the intended behavior is to panic and
it requires root due to usage of mknod(2).
2019-10-26 09:02:46 +02:00
Dmitry Vyukov
bb6c338b9e pkg/report: better diffirentiate task hung reports
A number of hangs happen when trying to cancel tasks in different subsystems.
2019-10-23 10:13:30 +02:00
Anton Lindqvist
d0686497a9 pkg/report: normalize pool cpu free list modified reports on OpenBSD (#1474) 2019-10-22 15:06:11 -07:00
Marco Elver
5681358a2a syz-fuzzer, executor: Add support for blacklisting data race frames
This adds support to add frames that have already been in data races, to
the KCSAN report blacklist.
2019-10-22 17:48:18 +02:00
Dmitry Vyukov
37dc03de04 pkg/report: improve parsing of task hung reports
The problem with task hung reports is that they manifest at random victim stacks,
rather at the root cause stack. E.g. if there is something wrong with RCU subsystem,
we are getting hangs all over the kernel on all synchronize_* calls.
So before resotring to the common logic of skipping some common frames,
we look for 2 common buckets: hangs on synchronize_rcu and hangs on rtnl_lock
and group these together.
2019-10-22 09:52:16 +02:00
Andrew Donnellan
a6aef847d9 pkg/report: Add ppc64le kernel paging request test case
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
2019-10-14 11:17:24 +02:00