Add support to accurately select variants for open and openat system calls.
This is needed because in order to accurately select ioctl variants we need
to use device resource types. The device resource types can only be created
by syz_open_dev and openat variants.
Disable qemu VGA output on ppc64le. The current pseries console code in
the kernel has a bunch of bugs, and if you don't disable VGA syzkaller
won't see console output.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
ppc64le supports KVM, let's use it.
This obviously won't work on an x86 host, but at present there are issues
using syzkaller on ppc64le with qemu in TCG mode anyway.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Add a regex for syscall symbol extraction on ppc64le. ppc64le doesn't have
any special arch prefix.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
genSockaddrStorage() determines the correct sockaddr_storage union option when we
cannot identify the system call variant. We used to have custom logic per system
call which was not tested and is actually unnecessary. This patch deletes that
code and adds a test to make sure there are no regressions.
Oops messages frequently induce possible deadlock reports
because oops reporting introduces unexpected locking chains.
So if we have enough of the actual oops, strip the deadlock message.
Oops messages frequently induce possible deadlock reports
because oops reporting introduces unexpected locking chains.
So if we have enough of the actual oops, strip the deadlock message.
NetBSD uses different uid/gid than FreeBSD/OpenBSD for the user
nobody. Instead of hardcoding the values, retrieve it from the
password entry database.
While there, switch to setuid(2) and setgid(2) calls as they are
good enough and portable. setresgid(2) and setresuid(2) aren't
available on NetBSD.
strace incorrectly printed sin6_addr before sin6_flowinfo. To fix this,
trace2syz added reorderStructFields() which swapped back the order. Incorrect
orderings of structs is a bug in strace or in our descriptions so we should
fix the source rather than work around. We have submitted a patch to fix the
sockaddr_in6 decoding in strace so we can safely delete this function.
strace decodes certain arguments like sockaddr_in.sin_port or sin_addr
as hex strings under -Xraw. This is because the arguments are in network byte
order. This patch supports converting those hex strings to int args if the size
of the string is 1, 2, 4, or 8.
rand_addr option is the first option for the ipv6_addr union
and is just an array of 16 bytes. This option makes it easy
for trace2syz to convert ipv6 address as strace decodes
the ipv6 address as a hex string.
Initialize syz data segment with protection allowed by PaX MPROTECT.
PROT_MPROTECT() registers future potential protection that is allowed
to be enabled in future.
Right now syz-fuzzer does a search through /proc/kallsyms for each syscall
to check whether it's supported. Do one search instead and save the results
to a map. This speeds up syscall detection ~60 times when testing arm64 kernel
on x86. Also add another search pattern for arm64 and add some logging.
Fetch of a named remote does not seem to fetch all tags.
This is a problem for linux-next as it contains lots of tags
that are not on the main branch because of periodic rebases.
CONFIG_PRINTK_CALLER has reached linux-next:
https://groups.google.com/d/msg/syzkaller/xEDUgkgFvL8/d5bBS3BJBwAJ
Enable CONFIG_PRINTK_CALLER and support parsing of its output format.
This gives us several advantages:
- output from different contexts don't intermix
- intermixed output doesn't cause corrupted reports
- we can keep larger prefix since we know it comes from the same task
Credit for the kernel part goes to Tetsuo Handa.
Also Sergey Senozhatsky and Petr Mladek for reviews of the kernel part.
Fixes#596Fixes#600
