syzkaller
syzkaller copied to clipboard
google
"Sample crash report" does not always match the report title.
When bugs with different titles are sometimes grouped together (e.g. general protection fault in foo and KASAN: use-after-free in foo), syzbot may update a particular bug with a sample crash log having a different title.
One example is https://syzkaller.appspot.com/bug?extid=a476a62530a631834eb0. Here the KMSAN bug is grouped together with the KASAN invalid-access and the GPF report. As a result, the letter sent to the developers has the title [syzbot] [reiserfs?] KMSAN: uninit-value in __run_timers (3), but its body only lists the GPF report, which is completely misleading.
I think it would be more correct to only update the sample crash for a particular bug on the dashboard iff the title of the crash matches that of the bug. The letter sent to the developers can contain the date when that crash occurred (so that they can notice if it is too old) and the link to the freshest related crash with a different title (if at all necessary).
When reporting or when rendering a bug's page, we pick a crash with the highest priority.
Currently we already do take into title equality into account:
https://github.com/google/syzkaller/blob/696ea0d2f4fdaa17db929e152edba19bf7666d84/dashboard/app/api.go#L844-L857
... but the presence of a reproducer is still a much more important factor.
If the repro's title is slightly different from the original title (and alt titles intersect -- otherwise crashes won't be grouped), I think it's still worth reporting.
Ideally we'd find a way to only exclude the extreme cases like the one you described.
If the repro's title is slightly different from the original title (and alt titles intersect -- otherwise crashes won't be grouped), I think it's still worth reporting.
Can't we change the report title to the one extracted from the crash in this case?
Is there any value in preserving the old report title that does not match the crash and thus does not anyhow help debugging?