prog: skip optional input resources

If trying to fuzz only bpf$PROG_LOAD, the executors fail with:

    SYZFATAL: Manager.Check call failed: machine check failed: all
      system calls are disabled

That is happening because it detects a dependency on fd_bpf_map via two
paths:
1. bpf_prog_t.fd_array is an optional pointer to an array of fd_bpf_map.
2. The bpf_insn union contains descriptions for two instructions,
   bpf_insn_map_fd and bpf_insn_map_value, that reference fd_bpf_map.

Both of those cases point to optional uses of fd_bpf_map, but syzkaller
isn't able to recognize that today.

This commit addresses the first case, when a resource or one of the
types using it are explicitly marked as optional. Before this commit,
syzkaller was only able to recognize the case where the resource itself
is marked as optional. However, in the case of e.g. bpf_prog_t.fd_array,
it's the pointer to the array of fd_bpf_map that is marked optional.

To fix this, we propagate the optional bit when walking down the AST. We
then pass this propagated bit to the callback function via the context.

This change was tested on the above bpf$PROG_LOAD case 1, by removing
bpf_insn_map_fd and bpf_insn_map_value from the bpf(2) description to
avoid hitting case 2. Addressing case 2 will require more changes to the
same logic.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/prog/resources.go b/prog/resources.go
index 95480a8a0..61b30581f 100644
--- a/prog/resources.go
+++ b/prog/resources.go
@@ -151,7 +151,7 @@ func (target *Target) getInputResources(c *Syscall) []*ResourceDesc {
 		}
 		switch typ1 := typ.(type) {
 		case *ResourceType:
-			if !typ1.IsOptional && !dedup[typ1.Desc] {
+			if !ctx.Optional && !dedup[typ1.Desc] {
 				dedup[typ1.Desc] = true
 				resources = append(resources, typ1.Desc)
 			}