diff options
| -rw-r--r-- | AUTHORS | 2 | ||||
| -rw-r--r-- | CONTRIBUTORS | 5 | ||||
| -rw-r--r-- | README.md | 9 | ||||
| -rw-r--r-- | config/config.go | 77 | ||||
| -rw-r--r-- | config/config_test.go | 16 | ||||
| -rw-r--r-- | executor/executor.cc | 149 | ||||
| -rw-r--r-- | executor/syscalls.h | 1113 | ||||
| -rw-r--r-- | ipc/ipc.go | 31 | ||||
| -rw-r--r-- | sys/kvm.txt | 2 | ||||
| -rw-r--r-- | sys/sys.go | 4 | ||||
| -rw-r--r-- | sys/sys_386.go | 8 | ||||
| -rw-r--r-- | sysgen/fetch.go | 3 | ||||
| -rw-r--r-- | sysgen/syscallnr.go | 12 | ||||
| -rw-r--r-- | sysgen/sysgen.go | 9 | ||||
| -rw-r--r-- | syz-fuzzer/fuzzer.go | 5 | ||||
| -rw-r--r-- | syz-manager/manager.go | 4 | ||||
| -rw-r--r-- | tools/syz-execprog/execprog.go | 5 | ||||
| -rw-r--r-- | tools/syz-stress/stress.go | 7 |
18 files changed, 1375 insertions, 86 deletions
@@ -8,3 +8,5 @@ Google Inc. Baozeng Ding Lorenzo Stoakes + +Jeremy Huang diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 39d2e0d3d..572e21026 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -8,6 +8,5 @@ Google Inc. Andrey Konovalov David Drysdale Baozeng Ding - Lorenzo Stoakes -SUSE Inc. - Jeremy Huang +Lorenzo Stoakes +Jeremy Huang @@ -97,9 +97,12 @@ following keys in its top-level object: the virtual machine. - `cpu`: Number of CPUs to simulate in the VM (*not currently used*). - `mem`: Amount of memory (in MiB) for the VM; this is passed as the `-m` option to `qemu-system-x86_64`. - - `dropprivs` : Whether the executor program should try to use namespaces to drop privileges - before executing (requires a kernel built with `CONFIG_NAMESPACES`, `CONFIG_UTS_NS`, - `CONFIG_USER_NS`, `CONFIG_PID_NS` and `CONFIG_NET_NS`). + - `sandbox` : Sandboxing mode, one of "none", "setuid", "namespace". + "none": don't do anything special (has false positives, e.g. due to killing init) + "setuid": impersonate into user nobody (65534), default + "namespace": use namespaces to drop privileges, + (requires a kernel built with `CONFIG_NAMESPACES`, `CONFIG_UTS_NS`, + `CONFIG_USER_NS`, `CONFIG_PID_NS` and `CONFIG_NET_NS`). - `enable_syscalls`: List of syscalls to test (optional). - `disable_syscalls`: List of system calls that should be treated as disabled (optional). - `suppressions`: List of regexps for known bugs. diff --git a/config/config.go b/config/config.go index 6dc83fe56..ccd3df615 100644 --- a/config/config.go +++ b/config/config.go @@ -38,9 +38,14 @@ type Config struct { Count int // number of VMs Procs int // number of parallel processes inside of every VM - Cover bool // use kcov coverage (default: true) - DropPrivs bool // drop privileges during fuzzing (default: true) - Leak bool // do memory leak checking + Sandbox string // type of sandbox to use during fuzzing: + // "none": don't do anything special (has false positives, e.g. due to killing init) + // "setuid": impersonate into user nobody (65534), default + // "namespace": create a new namespace for fuzzer using CLONE_NEWNS/CLONE_NEWNET/CLONE_NEWPID/etc, + // requires building kernel with CONFIG_NAMESPACES, CONFIG_UTS_NS, CONFIG_USER_NS, CONFIG_PID_NS and CONFIG_NET_NS. + + Cover bool // use kcov coverage (default: true) + Leak bool // do memory leak checking ConsoleDev string // console device for adb vm @@ -57,9 +62,20 @@ func Parse(filename string) (*Config, map[int]bool, []*regexp.Regexp, error) { if err != nil { return nil, nil, nil, fmt.Errorf("failed to read config file: %v", err) } + return parse(data) +} + +func parse(data []byte) (*Config, map[int]bool, []*regexp.Regexp, error) { + unknown, err := checkUnknownFields(data) + if err != nil { + return nil, nil, nil, err + } + if unknown != "" { + return nil, nil, nil, fmt.Errorf("unknown field '%v' in config", unknown) + } cfg := new(Config) cfg.Cover = true - cfg.DropPrivs = true + cfg.Sandbox = "setuid" if err := json.Unmarshal(data, cfg); err != nil { return nil, nil, nil, fmt.Errorf("failed to parse config file: %v", err) } @@ -99,6 +115,11 @@ func Parse(filename string) (*Config, map[int]bool, []*regexp.Regexp, error) { default: return nil, nil, nil, fmt.Errorf("config param output must contain one of none/stdout/dmesg/file") } + switch cfg.Sandbox { + case "none", "setuid", "namespace": + default: + return nil, nil, nil, fmt.Errorf("config param sandbox must contain one of none/setuid/namespace") + } syscalls, err := parseSyscalls(cfg) if err != nil { @@ -208,3 +229,51 @@ func CreateVMConfig(cfg *Config) (*vm.Config, error) { } return vmCfg, nil } + +func checkUnknownFields(data []byte) (string, error) { + // While https://github.com/golang/go/issues/15314 is not resolved + // we don't have a better way than to enumerate all known fields. + var fields = []string{ + "Http", + "Workdir", + "Vmlinux", + "Kernel", + "Cmdline", + "Image", + "Cpu", + "Mem", + "Sshkey", + "Port", + "Bin", + "Debug", + "Output", + "Syzkaller", + "Type", + "Count", + "Procs", + "Cover", + "Sandbox", + "Leak", + "ConsoleDev", + "Enable_Syscalls", + "Disable_Syscalls", + "Suppressions", + } + f := make(map[string]interface{}) + if err := json.Unmarshal(data, &f); err != nil { + return "", fmt.Errorf("failed to parse config file: %v", err) + } + for k := range f { + ok := false + for _, k1 := range fields { + if strings.ToLower(k) == strings.ToLower(k1) { + ok = true + break + } + } + if !ok { + return k, nil + } + } + return "", nil +} diff --git a/config/config_test.go b/config/config_test.go new file mode 100644 index 000000000..2a465900d --- /dev/null +++ b/config/config_test.go @@ -0,0 +1,16 @@ +// Copyright 2016 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +package config + +import ( + "testing" +) + +func TestUnknown(t *testing.T) { + data := `{"foo": "bar"}` + _, _, _, err := parse([]byte(data)) + if err == nil || err.Error() != "unknown field 'foo' in config" { + t.Fatalf("unknown field is not detected (%v)", err) + } +} diff --git a/executor/executor.cc b/executor/executor.cc index 4d9ee9f26..52275b185 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -34,8 +34,8 @@ #include "syscalls.h" -#define KCOV_INIT_TRACE _IOR('c', 1, unsigned long) -#define KCOV_INIT_TABLE _IOR('c', 2, unsigned long) +#define KCOV_INIT_TRACE _IOR('c', 1, unsigned long long) +#define KCOV_INIT_TABLE _IOR('c', 2, unsigned long long) #define KCOV_ENABLE _IO('c', 100) #define KCOV_DISABLE _IO('c', 101) @@ -67,12 +67,19 @@ const int kRetryStatus = 69; // so good enough for our purposes. const uint64_t default_value = -1; +enum sandbox_type { + sandbox_none, + sandbox_setuid, + sandbox_namespace, +}; + bool flag_debug; bool flag_cover; bool flag_threaded; bool flag_collide; bool flag_deduplicate; -bool flag_drop_privs; +bool flag_sandbox_privs; +sandbox_type flag_sandbox; __attribute__((aligned(64 << 10))) char input_data[kMaxInput]; __attribute__((aligned(64 << 10))) char output_data[kMaxOutput]; @@ -94,7 +101,7 @@ struct thread_t { bool created; int id; pthread_t th; - uintptr_t* cover_data; + uint64_t* cover_data; uint64_t* copyout_pos; int ready; int done; @@ -103,10 +110,10 @@ struct thread_t { int call_index; int call_num; int num_args; - uint64_t args[kMaxArgs]; + uintptr_t args[kMaxArgs]; uint64_t res; uint64_t reserrno; - uintptr_t cover_size; + uint64_t cover_size; int cover_fd; }; @@ -117,7 +124,11 @@ __attribute__((noreturn)) void fail(const char* msg, ...); __attribute__((noreturn)) void error(const char* msg, ...); __attribute__((noreturn)) void exitf(const char* msg, ...); void debug(const char* msg, ...); -int sandbox(void* arg); +int sandbox_proc(void* arg); +int do_sandbox_none(); +int do_sandbox_setuid(); +int do_sandbox_namespace(); +void sandbox_common(); void loop(); void execute_one(); uint64_t read_input(uint64_t** input_posp, bool peek = false); @@ -137,8 +148,8 @@ uint64_t current_time_ms(); void cover_open(); void cover_enable(thread_t* th); void cover_reset(thread_t* th); -uintptr_t cover_read(thread_t* th); -uintptr_t cover_dedup(thread_t* th, uintptr_t n); +uint64_t cover_read(thread_t* th); +uint64_t cover_dedup(thread_t* th, uint64_t n); int main(int argc, char** argv) { @@ -165,7 +176,11 @@ int main(int argc, char** argv) flag_threaded = flags & (1 << 2); flag_collide = flags & (1 << 3); flag_deduplicate = flags & (1 << 4); - flag_drop_privs = flags & (1 << 5); + flag_sandbox = sandbox_none; + if (flags & (1 << 5)) + flag_sandbox = sandbox_setuid; + else if (flags & (1 << 6)) + flag_sandbox = sandbox_namespace; if (!flag_threaded) flag_collide = false; @@ -181,17 +196,18 @@ int main(int argc, char** argv) syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); int pid = -1; - if (flag_drop_privs) { - real_uid = getuid(); - real_gid = getgid(); - pid = clone(sandbox, &sandbox_stack[sizeof(sandbox_stack) - 8], - CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWNET, NULL); - } else { - pid = fork(); - if (pid == 0) { - loop(); - exit(1); - } + switch (flag_sandbox) { + case sandbox_none: + pid = do_sandbox_none(); + break; + case sandbox_setuid: + pid = do_sandbox_setuid(); + break; + case sandbox_namespace: + pid = do_sandbox_namespace(); + break; + default: + fail("unknown sandbox type"); } if (pid < 0) fail("clone failed"); @@ -282,7 +298,46 @@ void loop() } } -int sandbox(void* arg) +int do_sandbox_none() +{ + int pid = fork(); + if (pid) + return pid; + loop(); + exit(1); +} + +int do_sandbox_setuid() +{ + int pid = fork(); + if (pid) + return pid; + + sandbox_common(); + + const int nobody = 65534; + if (setgroups(0, NULL)) + fail("failed to setgroups"); + // glibc versions do not we want -- they force all threads to setuid. + // We want to preserve the thread above as root. + if (syscall(SYS_setresgid, nobody, nobody, nobody)) + fail("failed to setresgid"); + if (syscall(SYS_setresuid, nobody, nobody, nobody)) + fail("failed to setresuid"); + + loop(); + exit(1); +} + +int do_sandbox_namespace() +{ + real_uid = getuid(); + real_gid = getgid(); + return clone(sandbox_proc, &sandbox_stack[sizeof(sandbox_stack) - 8], + CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWNET, NULL); +} + +void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); @@ -299,8 +354,14 @@ int sandbox(void* arg) setrlimit(RLIMIT_CORE, &rlim); // CLONE_NEWIPC/CLONE_IO cause EINVAL on some systems, so we do them separately of clone. + unshare(CLONE_NEWNS); unshare(CLONE_NEWIPC); unshare(CLONE_IO); +} + +int sandbox_proc(void* arg) +{ + sandbox_common(); // /proc/self/setgroups is not present on some systems, ignore error. write_file("/proc/self/setgroups", "deny"); @@ -540,7 +601,7 @@ void handle_completion(thread_t* th) write_output(th->cover_size); // Truncate PCs to uint32_t assuming that they fit into 32-bits. // True for x86_64 and arm64 without KASLR. - for (uint32_t i = 0; i < th->cover_size; i++) + for (uint64_t i = 0; i < th->cover_size; i++) write_output((uint32_t)th->cover_data[i + 1]); completed++; __atomic_store_n((uint32_t*)&output_data[0], completed, __ATOMIC_RELEASE); @@ -651,9 +712,9 @@ void execute_call(thread_t* th) int fd = open("/dev/fuse", O_RDWR); if (fd != -1) { char buf[256]; - sprintf(buf, "fd=%d,user_id=%lu,group_id=%lu,rootmode=0%o", fd, uid, gid, (unsigned)mode & ~3u); + sprintf(buf, "fd=%d,user_id=%ld,group_id=%ld,rootmode=0%o", fd, (long)uid, (long)gid, (unsigned)mode & ~3u); if (maxread != 0) - sprintf(buf + strlen(buf), ",max_read=%lu", maxread); + sprintf(buf + strlen(buf), ",max_read=%ld", (long)maxread); if (mode & 1) strcat(buf, ",default_permissions"); if (mode & 2) @@ -679,11 +740,11 @@ void execute_call(thread_t* th) if (fd != -1) { if (syscall(SYS_mknodat, AT_FDCWD, blkdev, S_IFBLK, makedev(7, 199)) == 0) { char buf[256]; - sprintf(buf, "fd=%d,user_id=%lu,group_id=%lu,rootmode=0%o", fd, uid, gid, (unsigned)mode & ~3u); + sprintf(buf, "fd=%d,user_id=%ld,group_id=%ld,rootmode=0%o", fd, (long)uid, (long)gid, (unsigned)mode & ~3u); if (maxread != 0) - sprintf(buf + strlen(buf), ",max_read=%lu", maxread); + sprintf(buf + strlen(buf), ",max_read=%ld", (long)maxread); if (blksize != 0) - sprintf(buf + strlen(buf), ",blksize=%lu", blksize); + sprintf(buf + strlen(buf), ",blksize=%ld", (long)blksize); if (mode & 1) strcat(buf, ",default_permissions"); if (mode & 2) @@ -717,8 +778,8 @@ void cover_open() if (th->cover_fd == -1) fail("open of /sys/kernel/debug/kcov failed"); if (ioctl(th->cover_fd, KCOV_INIT_TRACE, kCoverSize)) - fail("cover enable write failed"); - th->cover_data = (uintptr_t*)mmap(NULL, kCoverSize * sizeof(th->cover_data[0]), PROT_READ | PROT_WRITE, MAP_SHARED, th->cover_fd, 0); + fail("cover init write failed"); + th->cover_data = (uint64_t*)mmap(NULL, kCoverSize * sizeof(th->cover_data[0]), PROT_READ | PROT_WRITE, MAP_SHARED, th->cover_fd, 0); if ((void*)th->cover_data == MAP_FAILED) fail("cover mmap failed"); } @@ -741,11 +802,11 @@ void cover_reset(thread_t* th) __atomic_store_n(&th->cover_data[0], 0, __ATOMIC_RELAXED); } -uintptr_t cover_read(thread_t* th) +uint64_t cover_read(thread_t* th) { if (!flag_cover) return 0; - uintptr_t n = __atomic_load_n(&th->cover_data[0], __ATOMIC_RELAXED); + uint64_t n = __atomic_load_n(&th->cover_data[0], __ATOMIC_RELAXED); debug("#%d: read cover = %d\n", th->id, n); if (n >= kCoverSize) fail("#%d: too much cover %d", th->id, n); @@ -756,14 +817,14 @@ uintptr_t cover_read(thread_t* th) return n; } -uintptr_t cover_dedup(thread_t* th, uintptr_t n) +uint64_t cover_dedup(thread_t* th, uint64_t n) { - uintptr_t* cover_data = th->cover_data + 1; + uint64_t* cover_data = th->cover_data + 1; std::sort(cover_data, cover_data + n); - uintptr_t w = 0; - uintptr_t last = 0; - for (uintptr_t i = 0; i < n; i++) { - uintptr_t pc = cover_data[i]; + uint64_t w = 0; + uint64_t last = 0; + for (uint64_t i = 0; i < n; i++) { + uint64_t pc = cover_data[i]; if (pc == last) continue; cover_data[w++] = last = pc; @@ -902,7 +963,7 @@ retry: // But full sandboxing is expensive, so let's ignore this error for now. exitf("opendir(%s) failed due to NOFILE, exiting"); } - fail("opendir(%s) failed", dir); + exitf("opendir(%s) failed", dir); } while (dirent* ep = readdir(dp)) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) @@ -911,7 +972,7 @@ retry: snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) - fail("lstat(%s) failed", filename); + exitf("lstat(%s) failed", filename); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; @@ -925,10 +986,10 @@ retry: break; } if (errno != EBUSY || i > 100) - fail("unlink(%s) failed", filename); + exitf("unlink(%s) failed", filename); debug("umount(%s)\n", filename); if (umount2(filename, MNT_DETACH)) - fail("umount(%s) failed", filename); + exitf("umount(%s) failed", filename); } } closedir(dp); @@ -944,7 +1005,7 @@ retry: if (errno == EBUSY) { debug("umount(%s)\n", dir); if (umount2(dir, MNT_DETACH)) - fail("umount(%s) failed", dir); + exitf("umount(%s) failed", dir); continue; } if (errno == ENOTEMPTY) { @@ -954,7 +1015,7 @@ retry: } } } - fail("rmdir(%s) failed", dir); + exitf("rmdir(%s) failed", dir); } } diff --git a/executor/syscalls.h b/executor/syscalls.h index 55a7590d7..f9a8367df 100644 --- a/executor/syscalls.h +++ b/executor/syscalls.h @@ -1125,6 +1125,1119 @@ call_t syscalls[] = { }; #endif +#if defined(__i386__) || 0 +call_t syscalls[] = { + {"open", 5}, + {"open$dir", 5}, + {"openat", 295}, + {"creat", 8}, + {"close", 6}, + {"read", 3}, + {"pread64", 180}, + {"readv", 145}, + {"preadv", 333}, + {"write", 4}, + {"pwrite64", 181}, + {"writev", 146}, + {"pwritev", 334}, + {"lseek", 19}, + {"dup", 41}, + {"dup2", 63}, + {"dup3", 330}, + {"pipe", 42}, + {"pipe2", 331}, + {"tee", 315}, + {"splice", 313}, + {"vmsplice", 316}, + {"sendfile", 187}, + {"stat", 106}, + {"lstat", 107}, + {"fstat", 108}, + {"poll", 168}, + {"ppoll", 309}, + {"select", 82}, + {"pselect6", 308}, + {"epoll_create", 254}, + {"epoll_create1", 329}, + {"epoll_ctl", 255}, + {"epoll_wait", 256}, + {"epoll_pwait", 319}, + {"signalfd", 321}, + {"signalfd4", 327}, + {"eventfd", 323}, + {"eventfd2", 328}, + {"timerfd_create", 322}, + {"timerfd_settime", 325}, + {"timerfd_gettime", 326}, + {"userfaultfd", 374}, + {"ioctl$UFFDIO_API", 54}, + {"ioctl$UFFDIO_REGISTER", 54}, + {"ioctl$UFFDIO_UNREGISTER", 54}, + {"ioctl$UFFDIO_WAKE", 54}, + {"ioctl$UFFDIO_COPY", 54}, + {"ioctl$UFFDIO_ZEROPAGE", 54}, + {"mmap", 90}, + {"munmap", 91}, + {"mremap", 163}, + {"remap_file_pages", 257}, + {"mprotect", 125}, + {"msync", 144}, + {"madvise", 219}, + {"fadvise64", 250}, + {"readahead", 225}, + {"mbind", 274}, + {"move_pages", 317}, + {"migrate_pages", 294}, + {"set_mempolicy", 276}, + {"get_mempolicy", 275}, + {"mincore", 218}, + {"mlock", 150}, + {"mlock2", 376}, + {"munlock", 151}, + {"mlockall", 152}, + {"munlockall", 153}, + {"memfd_create", 356}, + {"unshare", 310}, + {"kcmp", 349}, + {"futex", 240}, + {"set_robust_list", 311}, + {"get_robust_list", 312}, + {"restart_syscall", 0}, + {"ioctl", 54}, + {"ioctl$void", 54}, + {"ioctl$int_in", 54}, + {"ioctl$int_out", 54}, + {"ioctl$fiemap", 54}, + {"fcntl$dupfd", 55}, + {"fcntl$getflags", 55}, + {"fcntl$setflags", 55}, + {"fcntl$setstatus", 55}, + {"fcntl$lock", 55}, + {"fcntl$getown", 55}, + {"fcntl$setown", 55}, + {"fcntl$getownex", 55}, + {"fcntl$setownex", 55}, + {"fcntl$setsig", 55}, + {"fcntl$setlease", 55}, + {"fcntl$notify", 55}, + {"fcntl$setpipe", 55}, + {"fcntl$addseals", 55}, + {"ptrace", 26}, + {"ptrace$peek", 26}, + {"ptrace$poke", 26}, + {"ptrace$peekuser", 26}, + {"ptrace$pokeuser", 26}, + {"ptrace$getregs", 26}, + {"ptrace$getregset", 26}, + {"ptrace$setregs", 26}, + {"ptrace$setregset", 26}, + {"ptrace$getsig", 26}, + {"ptrace$setsig", 26}, + {"ptrace$setopts", 26}, + {"ptrace$getenv", 26}, + {"ptrace$cont", 26}, + {"io_setup", 245}, + {"io_destroy", 246}, + {"io_getevents", 247}, + {"io_submit", 248}, + {"io_cancel", 249}, + {"capget", 184}, + {"capset", 185}, + {"prctl$void", 172}, + {"prctl$intptr", 172}, + {"prctl$getreaper", 172}, + {"prctl$setendian", 172}, + {"prctl$setfpexc", 172}, + {"prctl$setname", 172}, + {"prctl$getname", 172}, + {"prctl$setptracer", 172}, + {"prctl$seccomp", 172}, + {"prctl$setmm", 172}, + {"arch_prctl", -1}, + {"seccomp", 354}, + {"mq_open", 277}, + {"mq_timedsend", 279}, + {"mq_timedreceive", 280}, + {"mq_notify", 281}, + {"mq_getsetattr", 282}, + {"mq_unlink", 278}, + {"msgget", -1}, + {"msgsnd", -1}, + {"msgrcv", -1}, + {"msgctl", -1}, + {"semget", -1}, + {"semop", -1}, + {"semtimedop", -1}, + {"semctl", -1}, + {"shmget", -1}, + {"shmat", -1}, + {"shmctl", -1}, + {"shmdt", -1}, + {"mknod", 14}, + {"mknodat", 297}, + {"chmod", 15}, + {"fchmod", 94}, + {"fchmodat", 306}, + {"chown", 182}, + {"lchown", 16}, + {"fchown", 95}, + {"fchownat", 298}, + {"fallocate", 324}, + {"faccessat", 307}, + {"utime", 30}, + {"utimes", 271}, + {"futimesat", 299}, + {"utimensat", 320}, + {"getgid", 47}, + {"getegid", 50}, + {"setuid", 23}, + {"setgid", 46}, + {"getuid", 24}, + {"geteuid", 49}, + {"setpgid", 57}, + {"getpgid", 132}, + {"getpgrp", 65}, + {"getpid", 20}, + {"gettid", 224}, + {"setreuid", 70}, + {"setregid", 71}, + {"setresuid", 164}, + {"setresgid", 170}, + {"getresuid", 165}, + {"getresgid", 171}, + {"setfsuid", 138}, + {"setfsgid", 139}, + {"getgroups", 80}, + {"setgroups", 81}, + {"personality", 136}, + {"inotify_init", 291}, + {"inotify_init1", 332}, + {"inotify_add_watch", 292}, + {"inotify_rm_watch", 293}, + {"fanotify_init", 338}, + {"fanotify_mark", 339}, + {"link", 9}, + {"linkat", 303}, + {"symlinkat", 304}, + {"symlink", 83}, + {"unlink", 10}, + {"unlinkat", 301}, + {"readlink", 85}, + {"readlinkat", 305}, + {"rename", 38}, + {"renameat", 302}, + {"renameat2", 353}, + {"mkdir", 39}, + {"mkdirat", 296}, + {"rmdir", 40}, + {"truncate", 92}, + {"ftruncate", 93}, + {"flock", 143}, + {"fsync", 118}, + {"fdatasync", 148}, + {"sync", 36}, + {"syncfs", 344}, + {"sync_file_range", 314}, + {"lookup_dcookie", 253}, + {"getdents", 141}, + {"getdents64", 220}, + {"name_to_handle_at", 341}, + {"open_by_handle_at", 342}, + {"mount", 21}, + {"mount$fs", 21}, + {"umount2", 52}, + {"pivot_root", 217}, + {"sysfs$1", 135}, + {"sysfs$2", 135}, + {"sysfs$3", 135}, + {"statfs", 99}, + {"fstatfs", 100}, + {"uselib", 86}, + {"init_module", 128}, + {"finit_module", 350}, + {"delete_module", 129}, + {"kexec_load", 283}, + {"get_kernel_syms", 130}, + {"syslog", 103}, + {"uname", 122}, + {"sysinfo", 116}, + {"ustat", 62}, + {"acct", 51}, + {"getrusage", 77}, + {"getrlimit", 76}, + {"setrlimit", 75}, + {"prlimit64", 340}, + {"iopl", 110}, + {"ioperm", 101}, + {"ioprio_get$pid", 290}, + {"ioprio_get$uid", 290}, + {"ioprio_set$pid", 289}, + {"ioprio_set$uid", 289}, + {"setns", 346}, + {"setxattr", 226}, + {"lsetxattr", 227}, + {"fsetxattr", 228}, + {"getxattr", 229}, + {"lgetxattr", 230}, + {"fgetxattr", 231}, + {"listxattr", 232}, + {"llistxattr", 233}, + {"flistxattr", 234}, + {"removexattr", 235}, + {"lremovexattr", 236}, + {"fremovexattr", 237}, + {"time", 13}, + {"clock_gettime", 265}, + {"clock_settime", 264}, + {"clock_adjtime", 343}, + {"clock_getres", 266}, + {"clock_nanosleep", 267}, + {"timer_create", 259}, + {"timer_gettime", 261}, + {"timer_getoverrun", 262}, + {"timer_settime", 260}, + {"timer_delete", 263}, + {"rt_sigaction", 174}, + {"rt_sigprocmask", 175}, + {"rt_sigreturn", 173}, + {"rt_sigpending", 176}, + {"rt_sigtimedwait", 177}, + {"rt_sigsuspend", 179}, + {"rt_sigqueueinfo", 178}, + {"rt_tgsigqueueinfo", 335}, + {"sigaltstack", 186}, + {"tgkill", 270}, + {"tkill", 238}, + {"pause", 29}, + {"alarm", 27}, + {"nanosleep", 162}, + {"getitimer", 105}, + {"setitimer", 104}, + {"exit", 1}, + {"exit_group", 252}, + {"waitid", 284}, + {"wait4", 114}, + {"times", 43}, + {"set_thread_area", 243}, + {"get_thread_area", 244}, + {"modify_ldt$read", 123}, + {"modify_ldt$write", 123}, + {"modify_ldt$read_default", 123}, + {"modify_ldt$write2", 123}, + {"process_vm_readv", 347}, + {"process_vm_writev", 348}, + {"set_tid_address", 258}, + {"getpriority", 96}, + {"setpriority", 97}, + {"sched_getscheduler", 157}, + {"sched_setscheduler", 156}, + {"sched_rr_get_interval", 161}, + {"sched_getparam", 155}, + {"sched_setparam", 154}, + {"sched_getaffinity", 242}, + {"sched_setaffinity", 241}, + {"sched_getattr", 352}, + {"sched_setattr", 351}, + {"sched_yield", 158}, + {"getrandom", 355}, + {"membarrier", 375}, + {"syz_open_dev$floppy", 1000001}, + {"syz_open_dev$pktcdvd", 1000001}, + {"syz_open_dev$lightnvm", 1000001}, + {"syz_open_dev$vcs", 1000001}, + {"syz_open_dev$vcsn", 1000001}, + {"syz_open_dev$vcsa", 1000001}, + {"syz_open_dev$vga_arbiter", 1000001}, + {"syz_open_dev$vhci", 1000001}, + {"syz_open_dev$userio", 1000001}, + {"syz_open_dev$rtc", 1000001}, + {"syz_open_dev$rfkill", 1000001}, + {"syz_open_dev$qat_adf_ctl", 1000001}, + {"syz_open_dev$ppp", 1000001}, + {"syz_open_dev$mixer", 1000001}, + {"syz_open_dev$irnet", 1000001}, + {"syz_open_dev$hwrng", 1000001}, + {"syz_open_dev$hpet", 1000001}, + {"syz_open_dev$hidraw0", 1000001}, + {"syz_open_dev$fb0", 1000001}, + {"syz_open_dev$cuse", 1000001}, + {"syz_open_dev$console", 1000001}, + {"syz_open_dev$capi20", 1000001}, + {"syz_open_dev$autofs", 1000001}, + {"syz_open_dev$binder", 1000001}, + {"syz_open_dev$ion", 1000001}, + {"syz_open_dev$keychord", 1000001}, + {"syz_open_dev$zygote", 1000001}, + {"syz_open_dev$sw_sync", 1000001}, + {"syz_open_dev$sr", 1000001}, + {"syz_open_dev$sequencer", 1000001}, + {"syz_open_dev$sequencer2", 1000001}, + {"syz_open_dev$dsp", 1000001}, + {"syz_open_dev$audio", 1000001}, + {"syz_open_dev$usbmon", 1000001}, + {"syz_open_dev$sg", 1000001}, + {"syz_open_dev$midi", 1000001}, + {"syz_open_dev$loop", 1000001}, + {"syz_open_dev$ircomm", 1000001}, + {"syz_open_dev$dspn", 1000001}, + {"syz_open_dev$dmmidi", 1000001}, + {"syz_open_dev$admmidi", 1000001}, + {"syz_open_dev$adsp", 1000001}, + {"syz_open_dev$amidi", 1000001}, + {"syz_open_dev$audion", 1000001}, + {"syz_open_dev$usb", 1000001}, + {"syz_open_dev$sndhw", 1000001}, + {"syz_open_dev$sndmidi", 1000001}, + {"syz_open_dev$sndpcmc", 1000001}, + {"syz_open_dev$sndpcmp", 1000001}, + {"socket", 359}, + {"socketpair", 360}, + {"accept", -1}, + {"accept4", 364}, + {"bind", 361}, + {"listen", 363}, + {"connect", 362}, + {"shutdown", 373}, + {"sendto", 369}, + {"sendmsg", 370}, + {"sendmmsg", 345}, + {"recvfrom", 371}, + {"recvmsg", 372}, + {"recvmmsg", 337}, + {"getsockname", 367}, + {"getpeername", 368}, + {"getsockopt", 365}, + {"setsockopt", 366}, + {"ioctl$SIOCOUTQ", 54}, + {"ioctl$SIOCINQ", 54}, + {"setsockopt$sock_void", 366}, + {"getsockopt$sock_int", 365}, + {"setsockopt$sock_int", 366}, + {"setsockopt$sock_str", 366}, + {"getsockopt$sock_linger", 365}, + {"setsockopt$sock_linger", 366}, + {"getsockopt$sock_cred", 365}, + {"setsockopt$sock_cred", 366}, + {"getsockopt$sock_timeval", 365}, + {"setsockopt$sock_timeval", 366}, + {"setsockopt$sock_attach_bpf", 366}, + {"setsockopt$SO_TIMESTAMPING", 366}, + {"getsockopt$SO_TIMESTAMPING", 365}, + {"setsockopt$SO_ATTACH_FILTER", 366}, + {"getsockopt$sock_buf", 365}, + {"getsockopt$tcp_int", 365}, + {"setsockopt$tcp_int", 366}, + {"getsockopt$tcp_buf", 365}, + {"setsockopt$tcp_buf", 366}, + {"getsockopt$udp_int", 365}, + {"setsockopt$udp_int", 366}, + {"getsockopt$ip_int", 365}, + {"setsockopt$ip_int", 366}, + {"getsockopt$ip_buf", 365}, + {"getsockopt$ip_mreq", 365}, + {"setsockopt$ip_mreq", 366}, + {"getsockopt$ip_mreqn", 365}, + {"setsockopt$ip_mreqn", 366}, + {"getsockopt$ip_mreqsrc", 365}, + {"setsockopt$ip_mreqsrc", 366}, + {"setsockopt$ip_msfilter", 366}, + {"getsockopt$ip_mtu", 365}, + {"setsockopt$ip_mtu", 366}, + {"getsockopt$ip_opts", 365}, + {"setsockopt$ip_opts", 366}, + {"getsockopt$ip_pktinfo", 365}, + {"setsockopt$ip_pktinfo", 366}, + {"getsockopt$ip_ipsec", 365}, + {"setsockopt$ip_ipsec", 366}, + {"getsockopt$ipv6_int", 365}, + {"setsockopt$ipv6_int", 366}, + {"getsockopt$ipv6_mreq", 365}, + {"setsockopt$ipv6_mreq", 366}, + {"getsockopt$ipv6_mtu", 365}, + {"setsockopt$ipv6_mtu", 366}, + {"getsockopt$ipv6_opts", 365}, + {"setsockopt$ipv6_opts", 366}, + {"socket$unix", 359}, + {"socketpair$unix", 360}, + {"bind$unix", 361}, + {"connect$unix", 362}, + {"accept$unix", -1}, + {"accept4$unix", 364}, + {"sendto$unix", 369}, + {"sendmsg$unix", 370}, + {"sendmmsg$unix", 345}, + {"recvfrom$unix", 371}, + {"getsockname$unix", 367}, + {"getpeername$unix", 368}, + {"socket$alg", 359}, + {"bind$alg", 361}, + {"setsockopt$ALG_SET_KEY", 366}, + {"setsockopt$ALG_SET_AEAD_AUTHSIZE", 366}, + {"accept$alg", -1}, + {"sendmsg$alg", 370}, + {"sendmmsg$alg", 345}, + {"socket$nfc_llcp", 359}, + {"bind$nfc_llcp", 361}, + {"connect$nfc_llcp", 362}, + {"accept$nfc_llcp", -1}, + {"setsockopt$NFC_LLCP_RW", 366}, + {"setsockopt$NFC_LLCP_MIUX", 366}, + {"getsockopt$nfc_llcp", 365}, + {"sendmsg$nfc_llcp", 370}, + {"sendmmsg$nfc_llcp", 345}, + {"socket$nfc_raw", 359}, + {"connect$nfc_raw", 362}, + {"socket$bt_hci", 359}, + {"bind$bt_hci", 361}, + {"ioctl$bt_hci", 54}, + {"setsockopt$HCI_DATA_DIR", 366}, + {"setsockopt$HCI_TIME_STAMP", 366}, + {"setsockopt$HCI_FILTER", 366}, + {"getsockopt$bt_hci", 365}, + {"socket$bt_sco", 359}, + {"bind$bt_sco", 361}, + {"connect$bt_sco", 362}, + {"getsockopt$SCO_OPTIONS", 365}, + {"getsockopt$SCO_CONNINFO", 365}, + {"socket$bt_l2cap", 359}, + {"bind$bt_l2cap", 361}, + {"connect$bt_l2cap", 362}, + {"setsockopt$L2CAP_OPTIONS", 366}, + {"getsockopt$L2CAP_OPTIONS", 365}, + {"setsockopt$L2CAP_LM", 366}, + {"getsockopt$L2CAP_LM", 365}, + {"setsockopt$L2CAP_CONNINFO", 366}, + {"getsockopt$L2CAP_CONNINFO", 365}, + {"socket$bt_rfcomm", 359}, + {"bind$bt_rfcomm", 361}, + {"connect$bt_rfcomm", 362}, + {"setsockopt$RFCOMM_LM", 366}, + {"getsockopt$RFCOMM_LM", 365}, + {"getsockopt$RFCOMM_CONNINFO", 365}, + {"socket$bt_hidp", 359}, + {"ioctl$HIDPCONNADD", 54}, + {"ioctl$HIDPCONNDEL", 54}, + {"ioctl$HIDPGETCONNLIST", 54}, + {"ioctl$HIDPGETCONNINFO", 54}, + {"socket$bt_cmtp", 359}, + {"ioctl$CMTPCONNADD", 54}, + {"ioctl$CMTPCONNDEL", 54}, + {"ioctl$CMTPGETCONNLIST", 54}, + {"ioctl$CMTPGETCONNINFO", 54}, + {"socket$bt_bnep", 359}, + {"ioctl$BNEPCONNADD", 54}, + {"ioctl$BNEPCONNDEL", 54}, + {"ioctl$BNEPGETCONNLIST", 54}, + {"ioctl$BNEPGETCONNINFO", 54}, + {"ioctl$BNEPGETSUPPFEAT", 54}, + {"ioctl$bt", 54}, + {"setsockopt$BT_SECURITY", 366}, + {"getsockopt$BT_SECURITY", 365}, + {"setsockopt$BT_DEFER_SETUP", 366}, + {"getsockopt$BT_DEFER_SETUP", 365}, + {"setsockopt$BT_VOICE", 366}, + {"getsockopt$BT_VOICE", 365}, + {"setsockopt$BT_FLUSHABLE", 366}, + {"getsockopt$BT_FLUSHABLE", 365}, + {"setsockopt$BT_POWER", 366}, + {"getsockopt$BT_POWER", 365}, + {"setsockopt$BT_CHANNEL_POLICY", 366}, + {"getsockopt$BT_CHANNEL_POLICY", 365}, + {"setsockopt$BT_SNDMTU", 366}, + {"getsockopt$BT_SNDMTU", 365}, + {"setsockopt$BT_RCVMTU", 366}, + {"getsockopt$BT_RCVMTU", 365}, + {"open$ptmx", 5}, + {"syz_open_pts", 1000002}, + {"ioctl$TCGETS", 54}, + {"ioctl$TCSETS", 54}, + {"ioctl$TCSETSW", 54}, + {"ioctl$TCSETSF", 54}, + {"ioctl$TCGETA", 54}, + {"ioctl$TCSETA", 54}, + {"ioctl$TCSETAW", 54}, + {"ioctl$TCSETAF", 54}, + {"ioctl$TIOCGLCKTRMIOS", 54}, + {"ioctl$TIOCSLCKTRMIOS", 54}, + {"ioctl$TIOCGWINSZ", 54}, + {"ioctl$TIOCSWINSZ", 54}, + {"ioctl$TCSBRK", 54}, + {"ioctl$TCSBRKP", 54}, + {"ioctl$TIOCSBRK", 54}, + {"ioctl$TIOCCBRK", 54}, + {"ioctl$TCXONC", 54}, + {"ioctl$FIONREAD", 54}, + {"ioctl$TIOCOUTQ", 54}, + {"ioctl$TCFLSH", 54}, + {"ioctl$TIOCSTI", 54}, + {"ioctl$TIOCCONS", 54}, + {"ioctl$TIOCSCTTY", 54}, + {"ioctl$TIOCNOTTY", 54}, + {"ioctl$TIOCGPGRP", 54}, + {"ioctl$TIOCSPGRP", 54}, + {"ioctl$TIOCGSID", 54}, + {"ioctl$TIOCEXCL", 54}, + {"ioctl$TIOCNXCL", 54}, + {"ioctl$TIOCGETD", 54}, + {"ioctl$TIOCSETD", 54}, + {"ioctl$TIOCPKT", 54}, + {"ioctl$TIOCMGET", 54}, + {"ioctl$TIOCMSET", 54}, + {"ioctl$TIOCMBIC", 54}, + {"ioctl$TIOCMBIS", 54}, + {"ioctl$TIOCGSOFTCAR", 54}, + {"ioctl$TIOCSSOFTCAR", 54}, + {"ioctl$TIOCTTYGSTRUCT", 54}, + {"ioctl$KDGETLED", 54}, + {"ioctl$KDSETLED", 54}, + {"ioctl$KDGKBLED", 54}, + {"ioctl$KDSKBLED", 54}, + {"ioctl$KDGKBTYPE", 54}, + {"ioctl$KDADDIO", 54}, + {"ioctl$KDDELIO", 54}, + {"ioctl$KDENABIO", 54}, + {"ioctl$KDDISABIO", 54}, + {"ioctl$KDSETMODE", 54}, + {"ioctl$KDGETMODE", 54}, + {"ioctl$KDMKTONE", 54}, + {"ioctl$KIOCSOUND", 54}, + {"ioctl$GIO_CMAP", 54}, + {"ioctl$PIO_CMAP", 54}, + {"ioctl$GIO_FONT", 54}, + {"ioctl$GIO_FONTX", 54}, + {"ioctl$PIO_FONT", 54}, + {"ioctl$PIO_FONTX", 54}, + {"ioctl$PIO_FONTRESET", 54}, + {"ioctl$GIO_SCRNMAP", 54}, + {"ioctl$GIO_UNISCRNMAP", 54}, + {"ioctl$PIO_SCRNMAP", 54}, + {"ioctl$PIO_UNISCRNMAP", 54}, + {"ioctl$GIO_UNIMAP", 54}, + {"ioctl$PIO_UNIMAP", 54}, + {"ioctl$PIO_UNIMAPCLR", 54}, + {"ioctl$KDGKBMODE", 54}, + {"ioctl$KDSKBMODE", 54}, + {"ioctl$KDGKBMETA", 54}, + {"ioctl$KDSKBMETA", 54}, + {"ioctl$KDGKBENT", 54}, + {"ioctl$KDGKBSENT", 54}, + {"ioctl$KDSKBSENT", 54}, + {"ioctl$KDGKBDIACR", 54}, + {"ioctl$KDGETKEYCODE", 54}, + {"ioctl$KDSETKEYCODE", 54}, + {"ioctl$KDSIGACCEPT", 54}, + {"ioctl$VT_OPENQRY", 54}, + {"ioctl$VT_GETMODE", 54}, + {"ioctl$VT_SETMODE", 54}, + {"ioctl$VT_GETSTATE", 54}, + {"ioctl$VT_RELDISP", 54}, + {"ioctl$VT_ACTIVATE", 54}, + {"ioctl$VT_WAITACTIVE", 54}, + {"ioctl$VT_DISALLOCATE", 54}, + {"ioctl$VT_RESIZE", 54}, + {"ioctl$VT_RESIZEX", 54}, + {"ioctl$TIOCLINUX2", 54}, + {"ioctl$TIOCLINUX3", 54}, + {"ioctl$TIOCLINUX4", 54}, + {"ioctl$TIOCLINUX5", 54}, + {"ioctl$TIOCLINUX6", 54}, + {"ioctl$TIOCLINUX7", 54}, + {"perf_event_open", 336}, + {"ioctl$PERF_EVENT_IOC_ENABLE", 54}, + {"ioctl$PERF_EVENT_IOC_DISABLE", 54}, + {"ioctl$PERF_EVENT_IOC_RESET", 54}, + {"ioctl$PERF_EVENT_IOC_REFRESH", 54}, + {"ioctl$PERF_EVENT_IOC_PERIOD", 54}, + {"ioctl$PERF_EVENT_IOC_ID", 54}, + {"ioctl$PERF_EVENT_IOC_SET_OUTPUT", 54}, + {"ioctl$PERF_EVENT_IOC_SET_FILTER", 54}, + {"ioctl$PERF_EVENT_IOC_SET_BPF", 54}, + {"add_key", 286}, + {"request_key", 287}, + {"keyctl$get_keyring_id", 288}, + {"keyctl$join", 288}, + {"keyctl$update", 288}, + {"keyctl$revoke", 288}, + {"keyctl$describe", 288}, + {"keyctl$clear", 288}, + {"keyctl$link", 288}, + {"keyctl$unlink", 288}, + {"keyctl$search", 288}, + {"keyctl$read", 288}, + {"keyctl$chown", 288}, + {"keyctl$setperm", 288}, + {"keyctl$instantiate", 288}, + {"keyctl$negate", 288}, + {"keyctl$set_reqkey_keyring", 288}, + {"keyctl$set_timeout", 288}, + {"keyctl$assume_authority", 288}, + {"keyctl$get_security", 288}, + {"keyctl$session_to_parent", 288}, + {"keyctl$reject", 288}, + {"keyctl$instantiate_iov", 288}, + {"keyctl$invalidate", 288}, + {"keyctl$get_persistent", 288}, + {"bpf$MAP_CREATE", 357}, + {"bpf$MAP_LOOKUP_ELEM", 357}, + {"bpf$MAP_UPDATE_ELEM", 357}, + {"bpf$MAP_DELETE_ELEM", 357}, + {"bpf$MAP_GET_NEXT_KEY", 357}, + {"bpf$PROG_LOAD", 357}, + {"bpf$OBJ_PIN_MAP", 357}, + {"bpf$OBJ_PIN_PROG", 357}, + {"bpf$OBJ_GET_MAP", 357}, + {"bpf$OBJ_GET_PROG", 357}, + {"syz_fuse_mount", 1000003}, + {"syz_fuseblk_mount", 1000004}, + {"ioctl$FUSE_DEV_IOC_CLONE", 54}, + {"write$fuse_init", 4}, + {"write$fuse_interrupt", 4}, + {"write$fuse_bmap", 4}, + {"write$fuse_ioctl", 4}, + {"write$fuse_poll", 4}, + {"write$fuse_notify_poll_wakeup", 4}, + {"write$fuse_notify_inval_inode", 4}, + {"write$fuse_notify_inval_entry", 4}, + {"write$fuse_notify_delete", 4}, + {"write$fuse_notify_store", 4}, + {"write$fuse_notify_retrieve", 4}, + {"syz_open_dev$dri", 1000001}, + {"syz_open_dev$dricontrol", 1000001}, + {"syz_open_dev$drirender", 1000001}, + {"ioctl$DRM_IOCTL_VERSION", 54}, + {"ioctl$DRM_IOCTL_GET_UNIQUE", 54}, + {"ioctl$DRM_IOCTL_GET_MAGIC", 54}, + {"ioctl$DRM_IOCTL_IRQ_BUSID", 54}, + {"ioctl$DRM_IOCTL_GET_MAP", 54}, + {"ioctl$DRM_IOCTL_GET_CLIENT", 54}, + {"ioctl$DRM_IOCTL_GET_STATS", 54}, + {"ioctl$DRM_IOCTL_GET_CAP", 54}, + {"ioctl$DRM_IOCTL_SET_CLIENT_CAP", 54}, + {"ioctl$DRM_IOCTL_SET_VERSION", 54}, + {"ioctl$DRM_IOCTL_SET_UNIQUE", 54}, + {"ioctl$DRM_IOCTL_AUTH_MAGIC", 54}, + {"ioctl$DRM_IOCTL_ADD_MAP", 54}, + {"ioctl$DRM_IOCTL_RM_MAP", 54}, + {"ioctl$DRM_IOCTL_SET_SAREA_CTX", 54}, + {"ioctl$DRM_IOCTL_GET_SAREA_CTX", 54}, + {"ioctl$DRM_IOCTL_SET_MASTER", 54}, + {"ioctl$DRM_IOCTL_DROP_MASTER", 54}, + {"ioctl$DRM_IOCTL_ADD_CTX", 54}, + {"ioctl$DRM_IOCTL_RM_CTX", 54}, + {"ioctl$DRM_IOCTL_GET_CTX", 54}, + {"ioctl$DRM_IOCTL_SWITCH_CTX", 54}, + {"ioctl$DRM_IOCTL_NEW_CTX", 54}, + {"ioctl$DRM_IOCTL_RES_CTX", 54}, + {"ioctl$DRM_IOCTL_LOCK", 54}, + {"ioctl$DRM_IOCTL_UNLOCK", 54}, + {"ioctl$DRM_IOCTL_ADD_BUFS", 54}, + {"ioctl$DRM_IOCTL_MARK_BUFS", 54}, + {"ioctl$DRM_IOCTL_INFO_BUFS", 54}, + {"ioctl$DRM_IOCTL_MAP_BUFS", 54}, + {"ioctl$DRM_IOCTL_FREE_BUFS", 54}, + {"ioctl$DRM_IOCTL_DMA", 54}, + {"ioctl$DRM_IOCTL_CONTROL", 54}, + {"ioctl$DRM_IOCTL_AGP_ACQUIRE", 54}, + {"ioctl$DRM_IOCTL_AGP_RELEASE", 54}, + {"ioctl$DRM_IOCTL_AGP_ENABLE", 54}, + {"ioctl$DRM_IOCTL_AGP_INFO", 54}, + {"ioctl$DRM_IOCTL_AGP_ALLOC", 54}, + {"ioctl$DRM_IOCTL_AGP_FREE", 54}, + {"ioctl$DRM_IOCTL_AGP_BIND", 54}, + {"ioctl$DRM_IOCTL_AGP_UNBIND", 54}, + {"ioctl$DRM_IOCTL_SG_ALLOC", 54}, + {"ioctl$DRM_IOCTL_SG_FREE", 54}, + {"ioctl$DRM_IOCTL_WAIT_VBLANK", 54}, + {"ioctl$DRM_IOCTL_MODESET_CTL", 54}, + {"ioctl$DRM_IOCTL_GEM_CLOSE", 54}, + {"ioctl$DRM_IOCTL_GEM_FLINK", 54}, + {"ioctl$DRM_IOCTL_GEM_OPEN", 54}, + {"ioctl$DRM_IOCTL_MODE_GETRESOURCES", 54}, + {"ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD", 54}, + {"ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE", 54}, + {"ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES", 54}, + {"ioctl$DRM_IOCTL_MODE_GETCRTC", 54}, + {"ioctl$DRM_IOCTL_MODE_SETCRTC", 54}, + {"open$kdbus", 5}, + {"ioctl$kdbus_bus_make", 54}, + {"ioctl$kdbus_ep_make", 54}, + {"ioctl$kdbus_ep_update", 54}, + {"ioctl$kdbus_hello", 54}, + {"ioctl$kdbus_name_acquire", 54}, + {"ioctl$kdbus_name_release", 54}, + {"ioctl$kdbus_free", 54}, + {"ioctl$kdbus_recv", 54}, + {"ioctl$kdbus_send", 54}, + {"ioctl$kdbus_update", 54}, + {"ioctl$kdbus_bye", 54}, + {"ioctl$kdbus_conn_info", 54}, + {"ioctl$kdbus_bus_info", 54}, + {"ioctl$kdbus_list", 54}, + {"ioctl$kdbus_match_add", 54}, + {"ioctl$kdbus_match_remove", 54}, + {"socket$sctp", 359}, + {"socket$sctp6", 359}, + {"socketpair$sctp", 360}, + {"bind$sctp", 361}, + {"connect$sctp", 362}, + {"accept$sctp", -1}, + {"accept4$sctp", 364}, + {"sendto$sctp", 369}, + {"sendmsg$sctp", 370}, + {"sendmmsg$sctp", 345}, + {"recvfrom$sctp", 371}, + {"getsockname$sctp", 367}, + {"getpeername$sctp", 368}, + {"setsockopt$SCTP_SOCKOPT_BINDX_ADD", 366}, + {"setsockopt$SCTP_SOCKOPT_BINDX_REM", 366}, + {"setsockopt$SCTP_SOCKOPT_CONNECTX_OLD", 366}, + {"setsockopt$SCTP_SOCKOPT_CONNECTX", 366}, + {"setsockopt$SCTP_DISABLE_FRAGMENTS", 366}, + {"setsockopt$SCTP_EVENTS", 366}, + {"setsockopt$SCTP_AUTOCLOSE", 366}, + {"setsockopt$SCTP_PEER_ADDR_PARAMS", 366}, + {"setsockopt$SCTP_DELAYED_SACK", 366}, + {"setsockopt$SCTP_PARTIAL_DELIVERY_POINT", 366}, + {"setsockopt$SCTP_INITMSG", 366}, + {"setsockopt$SCTP_DEFAULT_SEND_PARAM", 366}, + {"setsockopt$SCTP_DEFAULT_SNDINFO", 366}, + {"setsockopt$SCTP_PRIMARY_ADDR", 366}, + {"setsockopt$SCTP_SET_PEER_PRIMARY_ADDR", 366}, + {"setsockopt$SCTP_NODELAY", 366}, + {"setsockopt$SCTP_RTOINFO", 366}, + {"setsockopt$SCTP_ASSOCINFO", 366}, + {"setsockopt$SCTP_I_WANT_MAPPED_V4_ADDR", 366}, + {"setsockopt$SCTP_MAXSEG", 366}, + {"setsockopt$SCTP_ADAPTATION_LAYER", 366}, + {"setsockopt$SCTP_CONTEXT", 366}, + {"setsockopt$SCTP_FRAGMENT_INTERLEAVE", 366}, + {"setsockopt$SCTP_MAX_BURST", 366}, + {"setsockopt$SCTP_AUTH_CHUNK", 366}, + {"setsockopt$SCTP_HMAC_IDENT", 366}, + {"setsockopt$SCTP_AUTH_KEY", 366}, + {"setsockopt$SCTP_AUTH_ACTIVE_KEY", 366}, + {"setsockopt$SCTP_AUTH_DELETE_KEY", 366}, + {"setsockopt$SCTP_AUTO_ASCONF", 366}, + {"setsockopt$SCTP_PEER_ADDR_THLDS", 366}, + {"setsockopt$SCTP_RECVRCVINFO", 366}, + {"setsockopt$SCTP_RECVNXTINFO", 366}, + {"getsockopt$SCTP_STATUS", 365}, + {"getsockopt$SCTP_DISABLE_FRAGMENTS", 365}, + {"getsockopt$SCTP_EVENTS", 365}, + {"getsockopt$SCTP_AUTOCLOSE", 365}, + {"getsockopt$SCTP_SOCKOPT_PEELOFF", 365}, + {"getsockopt$SCTP_PEER_ADDR_PARAMS", 365}, + {"getsockopt$SCTP_DELAYED_SACK", 365}, + {"getsockopt$SCTP_INITMSG", 365}, + {"getsockopt$SCTP_GET_PEER_ADDRS", 365}, + {"getsockopt$SCTP_GET_LOCAL_ADDRS", 365}, + {"getsockopt$SCTP_SOCKOPT_CONNECTX3", 365}, + {"getsockopt$SCTP_DEFAULT_SEND_PARAM", 365}, + {"getsockopt$SCTP_DEFAULT_SNDINFO", 365}, + {"getsockopt$SCTP_PRIMARY_ADDR", 365}, + {"getsockopt$SCTP_NODELAY", 365}, + {"getsockopt$SCTP_RTOINFO", 365}, + {"getsockopt$SCTP_ASSOCINFO", 365}, + {"getsockopt$SCTP_I_WANT_MAPPED_V4_ADDR", 365}, + {"getsockopt$SCTP_MAXSEG", 365}, + {"getsockopt$SCTP_GET_PEER_ADDR_INFO", 365}, + {"getsockopt$SCTP_ADAPTATION_LAYER", 365}, + {"getsockopt$SCTP_CONTEXT", 365}, + {"getsockopt$SCTP_FRAGMENT_INTERLEAVE", 365}, + {"getsockopt$SCTP_PARTIAL_DELIVERY_POINT", 365}, + {"getsockopt$SCTP_MAX_BURST", 365}, + {"getsockopt$SCTP_HMAC_IDENT", 365}, + {"getsockopt$SCTP_AUTH_ACTIVE_KEY", 365}, + {"getsockopt$SCTP_PEER_AUTH_CHUNKS", 365}, + {"getsockopt$SCTP_LOCAL_AUTH_CHUNKS", 365}, + {"getsockopt$SCTP_GET_ASSOC_NUMBER", 365}, + {"getsockopt$SCTP_GET_ASSOC_ID_LIST", 365}, + {"getsockopt$SCTP_AUTO_ASCONF", 365}, + {"getsockopt$SCTP_PEER_ADDR_THLDS", 365}, + {"getsockopt$SCTP_GET_ASSOC_STATS", 365}, + {"getsockopt$SCTP_RECVRCVINFO", 365}, + {"getsockopt$SCTP_RECVNXTINFO", 365}, + {"ioctl$SCTP_SIOCINQ", 54}, + {"syz_open_dev$kvm", 1000001}, + {"ioctl$KVM_CREATE_VM", 54}, + {"ioctl$KVM_GET_MSR_INDEX_LIST", 54}, + {"ioctl$KVM_CHECK_EXTENSION", 54}, + {"ioctl$KVM_GET_VCPU_MMAP_SIZE", 54}, + {"ioctl$KVM_GET_SUPPORTED_CPUID", 54}, + {"ioctl$KVM_GET_EMULATED_CPUID", 54}, + {"ioctl$KVM_CREATE_VCPU", 54}, + {"ioctl$KVM_CHECK_EXTENSION_VM", 54}, + {"ioctl$KVM_SET_MEMORY_REGION", 54}, + {"ioctl$KVM_GET_DIRTY_LOG", 54}, + {"ioctl$KVM_CREATE_IRQCHIP", 54}, + {"ioctl$KVM_IRQ_LINE", 54}, + {"ioctl$KVM_GET_IRQCHIP", 54}, + {"ioctl$KVM_SET_IRQCHIP", 54}, + {"ioctl$KVM_XEN_HVM_CONFIG", 54}, + {"ioctl$KVM_GET_CLOCK", 54}, + {"ioctl$KVM_SET_CLOCK", 54}, + {"ioctl$KVM_SET_USER_MEMORY_REGION", 54}, + {"ioctl$KVM_SET_TSS_ADDR", 54}, + {"ioctl$KVM_ENABLE_CAP", 54}, + {"ioctl$KVM_SET_IDENTITY_MAP_ADDR", 54}, + {"ioctl$KVM_SET_BOOT_CPU_ID", 54}, + {"ioctl$KVM_PPC_GET_PVINFO", 54}, + {"ioctl$KVM_ASSIGN_PCI_DEVICE", 54}, + {"ioctl$KVM_DEASSIGN_PCI_DEVICE", 54}, + {"ioctl$KVM_ASSIGN_DEV_IRQ", 54}, + {"ioctl$KVM_DEASSIGN_DEV_IRQ", 54}, + {"ioctl$KVM_SET_GSI_ROUTING", 54}, + {"ioctl$KVM_ASSIGN_SET_MSIX_NR", 54}, + {"ioctl$KVM_ASSIGN_SET_MSIX_ENTRY", 54}, + {"ioctl$KVM_IOEVENTFD", 54}, + {"ioctl$KVM_ASSIGN_SET_INTX_MASK", 54}, + {"ioctl$KVM_SIGNAL_MSI", 54}, + {"ioctl$KVM_CREATE_PIT2", 54}, + {"ioctl$KVM_GET_PIT2", 54}, + {"ioctl$KVM_SET_PIT2", 54}, + {"ioctl$KVM_PPC_GET_SMMU_INFO", 54}, + {"ioctl$KVM_IRQFD", 54}, + {"ioctl$KVM_PPC_ALLOCATE_HTAB", 54}, + {"ioctl$KVM_S390_INTERRUPT", 54}, + {"ioctl$KVM_CREATE_DEVICE", 54}, + {"ioctl$KVM_SET_DEVICE_ATTR", 54}, + {"ioctl$KVM_GET_DEVICE_ATTR", 54}, + {"ioctl$KVM_HAS_DEVICE_ATTR", 54}, + {"ioctl$KVM_RUN", 54}, + {"ioctl$KVM_GET_REGS", 54}, + {"ioctl$KVM_SET_REGS", 54}, + {"ioctl$KVM_GET_SREGS", 54}, + {"ioctl$KVM_SET_SREGS", 54}, + {"ioctl$KVM_TRANSLATE", 54}, + {"ioctl$KVM_INTERRUPT", 54}, + {"ioctl$KVM_GET_MSRS", 54}, + {"ioctl$KVM_SET_MSRS", 54}, + {"ioctl$KVM_SET_CPUID", 54}, + {"ioctl$KVM_SET_SIGNAL_MASK", 54}, + {"ioctl$KVM_GET_FPU", 54}, + {"ioctl$KVM_SET_FPU", 54}, + {"ioctl$KVM_GET_VCPU_EVENTS", 54}, + {"ioctl$KVM_SET_VCPU_EVENTS", 54}, + {"ioctl$KVM_GET_DEBUGREGS", 54}, + {"ioctl$KVM_SET_DEBUGREGS", 54}, + {"ioctl$KVM_ENABLE_CAP_CPU", 54}, + {"ioctl$KVM_GET_MP_STATE", 54}, + {"ioctl$KVM_SET_MP_STATE", 54}, + {"ioctl$KVM_GET_XSAVE", 54}, + {"ioctl$KVM_SET_XSAVE", 54}, + {"ioctl$KVM_GET_XCRS", 54}, + {"ioctl$KVM_SET_XCRS", 54}, + {"ioctl$KVM_SET_TSC_KHZ", 54}, + {"ioctl$KVM_GET_TSC_KHZ", 54}, + {"ioctl$KVM_GET_LAPIC", 54}, + {"ioctl$KVM_SET_LAPIC", 54}, + {"ioctl$KVM_DIRTY_TLB", 54}, + {"ioctl$KVM_NMI", 54}, + {"ioctl$KVM_S390_UCAS_MAP", 54}, + {"ioctl$KVM_S390_UCAS_UNMAP", 54}, + {"ioctl$KVM_S390_VCPU_FAULT", 54}, + {"ioctl$KVM_SET_ONE_REG", 54}, + {"ioctl$KVM_GET_ONE_REG", 54}, + {"ioctl$KVM_KVMCLOCK_CTRL", 54}, + {"ioctl$KVM_S390_INTERRUPT_CPU", 54}, + {"ioctl$KVM_GET_REG_LIST", 54}, + {"ioctl$KVM_SET_GUEST_DEBUG", 54}, + {"ioctl$KVM_SMI", 54}, + {"open$xenevtchn", 5}, + {"syz_open_dev$sndseq", 1000001}, + {"write$sndseq", 4}, + {"ioctl$SNDRV_SEQ_IOCTL_PVERSION", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT", 54}, + {"ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT", 54}, + {"syz_open_dev$sndtimer", 1000001}, + {"ioctl$SNDRV_TIMER_IOCTL_PVERSION", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_TREAD", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_GINFO", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_GPARAMS", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_GSTATUS", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_SELECT", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_INFO", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_PARAMS", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_STATUS", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_START", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_STOP", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_CONTINUE", 54}, + {"ioctl$SNDRV_TIMER_IOCTL_PAUSE", 54}, + {"syz_open_dev$sndctrl", 1000001}, + {"ioctl$SNDRV_CTL_IOCTL_PVERSION", 54}, + {"ioctl$SNDRV_CTL_IOCTL_CARD_INFO", 54}, + {"ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO", 54}, + {"ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_POWER_STATE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_LIST", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_INFO", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_READ", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK", 54}, + {"ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_ADD", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_TLV_READ", 54}, + {"ioctl$SNDRV_CTL_IOCTL_TLV_WRITE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND", 54}, + {"ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_PCM_INFO", 54}, + {"ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE", 54}, + {"ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO", 54}, + {"ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE", 54}, + {"syz_open_dev$mouse", 1000001}, + {"syz_open_dev$mice", 1000001}, + {"syz_open_dev$evdev", 1000001}, + {"write$evdev", 4}, + {"ioctl$EVIOCGVERSION", 54}, + {"ioctl$EVIOCGID", 54}, + {"ioctl$EVIOCGREP", 54}, + {"ioctl$EVIOCGKEYCODE", 54}, + {"ioctl$EVIOCGKEYCODE_V2", 54}, + {"ioctl$EVIOCGEFFECTS", 54}, + {"ioctl$EVIOCGMASK", 54}, + {"ioctl$EVIOCGNAME", 54}, + {"ioctl$EVIOCGPHYS", 54}, + {"ioctl$EVIOCGUNIQ", 54}, + {"ioctl$EVIOCGPROP", 54}, + {"ioctl$EVIOCGMTSLOTS", 54}, + {"ioctl$EVIOCGKEY", 54}, + {"ioctl$EVIOCGLED", 54}, + {"ioctl$EVIOCGSND", 54}, + {"ioctl$EVIOCGSW", 54}, + {"ioctl$EVIOCGBITKEY", 54}, + {"ioctl$EVIOCGBITSND", 54}, + {"ioctl$EVIOCGBITSW", 54}, + {"ioctl$EVIOCGABS0", 54}, + {"ioctl$EVIOCGABS20", 54}, + {"ioctl$EVIOCGABS2F", 54}, + {"ioctl$EVIOCGABS3F", 54}, + {"ioctl$EVIOCSREP", 54}, + {"ioctl$EVIOCSKEYCODE", 54}, + {"ioctl$EVIOCSKEYCODE_V2", 54}, + {"ioctl$EVIOCSFF", 54}, + {"ioctl$EVIOCRMFF", 54}, + {"ioctl$EVIOCGRAB", 54}, + {"ioctl$EVIOCREVOKE", 54}, + {"ioctl$EVIOCSMASK", 54}, + {"ioctl$EVIOCSCLOCKID", 54}, + {"ioctl$EVIOCSABS0", 54}, + {"ioctl$EVIOCSABS20", 54}, + {"ioctl$EVIOCSABS2F", 54}, + {"ioctl$EVIOCSABS3F", 54}, + {"socket$netlink", 359}, + {"bind$netlink", 361}, + {"connect$netlink", 362}, + {"getsockname$netlink", 367}, + {"getpeername$netlink", 368}, + {"sendmsg$netlink", 370}, + {"setsockopt$NETLINK_ADD_MEMBERSHIP", 366}, + {"setsockopt$NETLINK_DROP_MEMBERSHIP", 366}, + {"setsockopt$NETLINK_PKTINFO", 366}, + {"setsockopt$NETLINK_BROADCAST_ERROR", 366}, + {"setsockopt$NETLINK_NO_ENOBUFS", 366}, + {"setsockopt$NETLINK_RX_RING", 366}, + {"setsockopt$NETLINK_TX_RING", 366}, + {"setsockopt$NETLINK_LISTEN_ALL_NSID", 366}, + {"setsockopt$NETLINK_CAP_ACK", 366}, + {"getsockopt$netlink", 365}, + {"syz_open_dev$tun", 1000001}, + {"write$tun", 4}, + {"ioctl$TUNGETFEATURES", 54}, + {"ioctl$TUNSETQUEUE", 54}, + {"ioctl$TUNSETIFF", 54}, + {"ioctl$TUNSETIFINDEX", 54}, + {"ioctl$TUNGETIFF", 54}, + {"ioctl$TUNSETNOCSUM", 54}, + {"ioctl$TUNSETPERSIST", 54}, + {"ioctl$TUNSETOWNER", 54}, + {"ioctl$TUNSETLINK", 54}, + {"ioctl$TUNSETOFFLOAD", 54}, + {"ioctl$TUNSETTXFILTER", 54}, + {"ioctl$SIOCGIFHWADDR", 54}, + {"ioctl$SIOCSIFHWADDR", 54}, + {"ioctl$TUNGETSNDBUF", 54}, + {"ioctl$TUNSETSNDBUF", 54}, + {"ioctl$TUNGETVNETHDRSZ", 54}, + {"ioctl$TUNSETVNETHDRSZ", 54}, + {"ioctl$TUNATTACHFILTER", 54}, + {"ioctl$TUNDETACHFILTER", 54}, + {"ioctl$TTUNGETFILTER", 54}, + {"syz_open_dev$random", 1000001}, + {"syz_open_dev$urandom", 1000001}, + {"ioctl$RNDGETENTCNT", 54}, + {"ioctl$RNDADDTOENTCNT", 54}, + {"ioctl$RNDADDENTROPY", 54}, + {"ioctl$RNDZAPENTCNT", 54}, + {"ioctl$RNDCLEARPOOL", 54}, + {"socket$kcm", 359}, + {"setsockopt$KCM_RECV_DISABLE", 366}, + {"getsockopt$KCM_RECV_DISABLE", 365}, + {"sendmsg$kcm", 370}, + {"recvmsg$kcm", 372}, + {"ioctl$SIOCKCMATTACH", 54}, + {"ioctl$SIOCKCMUNATTACH", 54}, + {"ioctl$SIOCKCMCLONE", 54}, + {"socket$netrom", 359}, + {"bind$netrom", 361}, + {"connect$netrom", 362}, + {"accept$netrom", -1}, + {"listen$netrom", 363}, + {"sendmsg$netrom", 370}, + {"recvmsg$netrom", 372}, + {"getsockname$netrom", 367}, + {"getpeername$netrom", 368}, + {"setsockopt$NETROM_T1", 366}, + {"setsockopt$NETROM_T2", 366}, + {"setsockopt$NETROM_N2", 366}, + {"setsockopt$NETROM_T4", 366}, + {"setsockopt$NETROM_IDLE", 366}, + {"getsockopt$NETROM_T1", 365}, + {"getsockopt$NETROM_T2", 365}, + {"getsockopt$NETROM_N2", 365}, + {"getsockopt$NETROM_T4", 365}, + {"getsockopt$NETROM_IDLE", 365}, + {"ioctl$NETROM_TIOCOUTQ", 54}, + {"ioctl$NETROM_TIOCINQ", 54}, + {"ioctl$NETROM_SIOCGSTAMP", 54}, + {"ioctl$NETROM_SIOCGSTAMPNS", 54}, + {"ioctl$NETROM_SIOCADDRT", 54}, + +}; +#endif + #if defined(__aarch64__) || 0 call_t syscalls[] = { {"open", -1}, diff --git a/ipc/ipc.go b/ipc/ipc.go index 8301d0f78..2d4686bfc 100644 --- a/ipc/ipc.go +++ b/ipc/ipc.go @@ -37,19 +37,20 @@ type Env struct { } const ( - FlagDebug = uint64(1) << iota // debug output from executor - FlagCover // collect coverage - FlagThreaded // use multiple threads to mitigate blocked syscalls - FlagCollide // collide syscalls to provoke data races - FlagDedupCover // deduplicate coverage in executor - FlagDropPrivs // impersonate nobody user + FlagDebug = uint64(1) << iota // debug output from executor + FlagCover // collect coverage + FlagThreaded // use multiple threads to mitigate blocked syscalls + FlagCollide // collide syscalls to provoke data races + FlagDedupCover // deduplicate coverage in executor + FlagSandboxSetuid // impersonate nobody user + FlagSandboxNamespace // use namespaces for sandboxing ) var ( flagThreaded = flag.Bool("threaded", true, "use threaded mode in executor") flagCollide = flag.Bool("collide", true, "collide syscalls to provoke data races") flagCover = flag.Bool("cover", true, "collect coverage") - flagNobody = flag.Bool("nobody", true, "impersonate into nobody") + flagSandbox = flag.String("sandbox", "setuid", "sandbox for fuzzing (none/setuid/namespace)") flagDebug = flag.Bool("debug", false, "debug output from executor") // Executor protects against most hangs, so we use quite large timeout here. // Executor can be slow due to global locks in namespaces and other things, @@ -57,7 +58,7 @@ var ( flagTimeout = flag.Duration("timeout", 1*time.Minute, "execution timeout") ) -func DefaultFlags() (uint64, time.Duration) { +func DefaultFlags() (uint64, time.Duration, error) { var flags uint64 if *flagThreaded { flags |= FlagThreaded @@ -69,13 +70,19 @@ func DefaultFlags() (uint64, time.Duration) { flags |= FlagCover flags |= FlagDedupCover } - if *flagNobody { - flags |= FlagDropPrivs + switch *flagSandbox { + case "none": + case "setuid": + flags |= FlagSandboxSetuid + case "namespace": + flags |= FlagSandboxNamespace + default: + return 0, 0, fmt.Errorf("flag sandbox must contain one of none/setuid/namespace") } if *flagDebug { flags |= FlagDebug } - return flags, *flagTimeout + return flags, *flagTimeout, nil } func MakeEnv(bin string, timeout time.Duration, flags uint64) (*Env, error) { @@ -311,7 +318,7 @@ func makeCommand(bin []string, timeout time.Duration, flags uint64, inFile *os.F } }() - if flags&FlagDropPrivs != 0 { + if flags&(FlagSandboxSetuid|FlagSandboxNamespace) != 0 { if err := os.Chmod(dir, 0777); err != nil { return nil, fmt.Errorf("failed to chmod temp dir: %v", err) } diff --git a/sys/kvm.txt b/sys/kvm.txt index 5d0c8ae1d..a14167615 100644 --- a/sys/kvm.txt +++ b/sys/kvm.txt @@ -167,7 +167,7 @@ kvm_pit_channel_state { mode int8 bcd int8 gate int8 - ltime int16 + ltime int64 } kvm_pit_config { diff --git a/sys/sys.go b/sys/sys.go index 08555f376..8309ede59 100644 --- a/sys/sys.go +++ b/sys/sys.go @@ -2599,10 +2599,10 @@ func initCalls() { Calls = append(Calls, &Call{ID: 865, Name: "ioctl$KVM_CREATE_PIT2", CallName: "ioctl", Args: []Type{ResourceType{TypeCommon: TypeCommon{TypeName: "fd", IsOptional: false}, Kind: ResFD, Subkind: FdKvmVm}, ConstType{TypeCommon: TypeCommon{TypeName: "cmd", IsOptional: false}, TypeSize: 0, Val: uintptr(1077980791)}, PtrType{TypeCommon: TypeCommon{TypeName: "arg", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_config", IsOptional: false}, Fields: []Type{IntType{TypeCommon: TypeCommon{TypeName: "flags", IsOptional: false}, TypeSize: 4}, ArrayType{TypeCommon: TypeCommon{TypeName: "pad", IsOptional: false}, Type: ConstType{TypeCommon: TypeCommon{TypeName: "", IsOptional: false}, TypeSize: 4, Val: uintptr(0)}, Len: 15}}}, Dir: DirIn}}}) }() func() { - Calls = append(Calls, &Call{ID: 866, Name: "ioctl$KVM_GET_PIT2", CallName: "ioctl", Args: []Type{ResourceType{TypeCommon: TypeCommon{TypeName: "fd", IsOptional: false}, Kind: ResFD, Subkind: FdKvmVm}, ConstType{TypeCommon: TypeCommon{TypeName: "cmd", IsOptional: false}, TypeSize: 0, Val: uintptr(2154868383)}, PtrType{TypeCommon: TypeCommon{TypeName: "arg", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_state2", IsOptional: false}, Fields: []Type{ArrayType{TypeCommon: TypeCommon{TypeName: "chans", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_channel_state", IsOptional: false}, Fields: []Type{IntType{TypeCommon: TypeCommon{TypeName: "count", IsOptional: false}, TypeSize: 4}, IntType{TypeCommon: TypeCommon{TypeName: "lcount", IsOptional: false}, TypeSize: 2}, IntType{TypeCommon: TypeCommon{TypeName: "latched", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "lstatus", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "status", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wlatch", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rw", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "mode", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "bcd", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "gate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "ltime", IsOptional: false}, TypeSize: 2}}}, Len: 3}, IntType{TypeCommon: TypeCommon{TypeName: "flags", IsOptional: false}, TypeSize: 4}, ArrayType{TypeCommon: TypeCommon{TypeName: "pad", IsOptional: false}, Type: ConstType{TypeCommon: TypeCommon{TypeName: "", IsOptional: false}, TypeSize: 4, Val: uintptr(0)}, Len: 9}}}, Dir: DirOut}}}) + Calls = append(Calls, &Call{ID: 866, Name: "ioctl$KVM_GET_PIT2", CallName: "ioctl", Args: []Type{ResourceType{TypeCommon: TypeCommon{TypeName: "fd", IsOptional: false}, Kind: ResFD, Subkind: FdKvmVm}, ConstType{TypeCommon: TypeCommon{TypeName: "cmd", IsOptional: false}, TypeSize: 0, Val: uintptr(2154868383)}, PtrType{TypeCommon: TypeCommon{TypeName: "arg", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_state2", IsOptional: false}, Fields: []Type{ArrayType{TypeCommon: TypeCommon{TypeName: "chans", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_channel_state", IsOptional: false}, Fields: []Type{IntType{TypeCommon: TypeCommon{TypeName: "count", IsOptional: false}, TypeSize: 4}, IntType{TypeCommon: TypeCommon{TypeName: "lcount", IsOptional: false}, TypeSize: 2}, IntType{TypeCommon: TypeCommon{TypeName: "latched", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "lstatus", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "status", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wlatch", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rw", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "mode", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "bcd", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "gate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "ltime", IsOptional: false}, TypeSize: 8}}}, Len: 3}, IntType{TypeCommon: TypeCommon{TypeName: "flags", IsOptional: false}, TypeSize: 4}, ArrayType{TypeCommon: TypeCommon{TypeName: "pad", IsOptional: false}, Type: ConstType{TypeCommon: TypeCommon{TypeName: "", IsOptional: false}, TypeSize: 4, Val: uintptr(0)}, Len: 9}}}, Dir: DirOut}}}) }() func() { - Calls = append(Calls, &Call{ID: 867, Name: "ioctl$KVM_SET_PIT2", CallName: "ioctl", Args: []Type{ResourceType{TypeCommon: TypeCommon{TypeName: "fd", IsOptional: false}, Kind: ResFD, Subkind: FdKvmVm}, ConstType{TypeCommon: TypeCommon{TypeName: "cmd", IsOptional: false}, TypeSize: 0, Val: uintptr(1081126560)}, PtrType{TypeCommon: TypeCommon{TypeName: "arg", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_state2", IsOptional: false}, Fields: []Type{ArrayType{TypeCommon: TypeCommon{TypeName: "chans", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_channel_state", IsOptional: false}, Fields: []Type{IntType{TypeCommon: TypeCommon{TypeName: "count", IsOptional: false}, TypeSize: 4}, IntType{TypeCommon: TypeCommon{TypeName: "lcount", IsOptional: false}, TypeSize: 2}, IntType{TypeCommon: TypeCommon{TypeName: "latched", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "lstatus", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "status", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wlatch", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rw", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "mode", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "bcd", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "gate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "ltime", IsOptional: false}, TypeSize: 2}}}, Len: 3}, IntType{TypeCommon: TypeCommon{TypeName: "flags", IsOptional: false}, TypeSize: 4}, ArrayType{TypeCommon: TypeCommon{TypeName: "pad", IsOptional: false}, Type: ConstType{TypeCommon: TypeCommon{TypeName: "", IsOptional: false}, TypeSize: 4, Val: uintptr(0)}, Len: 9}}}, Dir: DirIn}}}) + Calls = append(Calls, &Call{ID: 867, Name: "ioctl$KVM_SET_PIT2", CallName: "ioctl", Args: []Type{ResourceType{TypeCommon: TypeCommon{TypeName: "fd", IsOptional: false}, Kind: ResFD, Subkind: FdKvmVm}, ConstType{TypeCommon: TypeCommon{TypeName: "cmd", IsOptional: false}, TypeSize: 0, Val: uintptr(1081126560)}, PtrType{TypeCommon: TypeCommon{TypeName: "arg", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_state2", IsOptional: false}, Fields: []Type{ArrayType{TypeCommon: TypeCommon{TypeName: "chans", IsOptional: false}, Type: StructType{TypeCommon: TypeCommon{TypeName: "kvm_pit_channel_state", IsOptional: false}, Fields: []Type{IntType{TypeCommon: TypeCommon{TypeName: "count", IsOptional: false}, TypeSize: 4}, IntType{TypeCommon: TypeCommon{TypeName: "lcount", IsOptional: false}, TypeSize: 2}, IntType{TypeCommon: TypeCommon{TypeName: "latched", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "lstatus", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "status", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wstate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "wlatch", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "rw", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "mode", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "bcd", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "gate", IsOptional: false}, TypeSize: 1}, IntType{TypeCommon: TypeCommon{TypeName: "ltime", IsOptional: false}, TypeSize: 8}}}, Len: 3}, IntType{TypeCommon: TypeCommon{TypeName: "flags", IsOptional: false}, TypeSize: 4}, ArrayType{TypeCommon: TypeCommon{TypeName: "pad", IsOptional: false}, Type: ConstType{TypeCommon: TypeCommon{TypeName: "", IsOptional: false}, TypeSize: 4, Val: uintptr(0)}, Len: 9}}}, Dir: DirIn}}}) }() func() { Calls = append(Calls, &Call{ID: 868, Name: "ioctl$KVM_PPC_GET_SMMU_INFO", CallName: "ioctl", Args: []Type{ResourceType{TypeCommon: TypeCommon{TypeName: "fd", IsOptional: false}, Kind: ResFD, Subkind: FdKvmVm}, ConstType{TypeCommon: TypeCommon{TypeName: "cmd", IsOptional: false}, TypeSize: 0, Val: uintptr(2186325670)}, PtrType{TypeCommon: TypeCommon{TypeName: "arg", IsOptional: false}, Dir: DirOut, Type: BufferType{TypeCommon: TypeCommon{TypeName: "arg", IsOptional: false}, Kind: BufferBlob}}}}) diff --git a/sys/sys_386.go b/sys/sys_386.go new file mode 100644 index 000000000..3f4a34200 --- /dev/null +++ b/sys/sys_386.go @@ -0,0 +1,8 @@ +// AUTOGENERATED FILE + +// +build 386 + +package sys + +// Maps internal syscall ID onto kernel syscall number. +var numbers = []int{5, 5, 295, 8, 6, 3, 180, 145, 333, 4, 181, 146, 334, 19, 41, 63, 330, 42, 331, 315, 313, 316, 187, 106, 107, 108, 168, 309, 82, 308, 254, 329, 255, 256, 319, 321, 327, 323, 328, 322, 325, 326, 374, 54, 54, 54, 54, 54, 54, 90, 91, 163, 257, 125, 144, 219, 250, 225, 274, 317, 294, 276, 275, 218, 150, 376, 151, 152, 153, 356, 310, 349, 240, 311, 312, 0, 54, 54, 54, 54, 54, 55, 55, 55, 55, 55, 55, 55, 55, 55, 55, 55, 55, 55, 55, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 245, 246, 247, 248, 249, 184, 185, 172, 172, 172, 172, 172, 172, 172, 172, 172, 172, -1, 354, 277, 279, 280, 281, 282, 278, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 14, 297, 15, 94, 306, 182, 16, 95, 298, 324, 307, 30, 271, 299, 320, 47, 50, 23, 46, 24, 49, 57, 132, 65, 20, 224, 70, 71, 164, 170, 165, 171, 138, 139, 80, 81, 136, 291, 332, 292, 293, 338, 339, 9, 303, 304, 83, 10, 301, 85, 305, 38, 302, 353, 39, 296, 40, 92, 93, 143, 118, 148, 36, 344, 314, 253, 141, 220, 341, 342, 21, 21, 52, 217, 135, 135, 135, 99, 100, 86, 128, 350, 129, 283, 130, 103, 122, 116, 62, 51, 77, 76, 75, 340, 110, 101, 290, 290, 289, 289, 346, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 13, 265, 264, 343, 266, 267, 259, 261, 262, 260, 263, 174, 175, 173, 176, 177, 179, 178, 335, 186, 270, 238, 29, 27, 162, 105, 104, 1, 252, 284, 114, 43, 243, 244, 123, 123, 123, 123, 347, 348, 258, 96, 97, 157, 156, 161, 155, 154, 242, 241, 352, 351, 158, 355, 375, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 1000001, 359, 360, -1, 364, 361, 363, 362, 373, 369, 370, 345, 371, 372, 337, 367, 368, 365, 366, 54, 54, 366, 365, 366, 366, 365, 366, 365, 366, 365, 366, 366, 366, 365, 366, 365, 365, 366, 365, 366, 365, 366, 365, 366, 365, 365, 366, 365, 366, 365, 366, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 366, 359, 360, 361, 362, -1, 364, 369, 370, 345, 371, 367, 368, 359, 361, 366, 366, -1, 370, 345, 359, 361, 362, -1, 366, 366, 365, 370, 345, 359, 362, 359, 361, 54, 366, 366, 366, 365, 359, 361, 362, 365, 365, 359, 361, 362, 366, 365, 366, 365, 366, 365, 359, 361, 362, 366, 365, 365, 359, 54, 54, 54, 54, 359, 54, 54, 54, 54, 359, 54, 54, 54, 54, 54, 54, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 366, 365, 5, 1000002, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 336, 54, 54, 54, 54, 54, 54, 54, 54, 54, 286, 287, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 357, 357, 357, 357, 357, 357, 357, 357, 357, 357, 1000003, 1000004, 54, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 1000001, 1000001, 1000001, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 5, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 359, 359, 360, 361, 362, -1, 364, 369, 370, 345, 371, 367, 368, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 365, 54, 1000001, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 5, 1000001, 4, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 1000001, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 1000001, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 1000001, 1000001, 1000001, 4, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 359, 361, 362, 367, 368, 370, 366, 366, 366, 366, 366, 366, 366, 366, 366, 365, 1000001, 4, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 1000001, 1000001, 54, 54, 54, 54, 54, 359, 366, 365, 370, 372, 54, 54, 54, 359, 361, 362, -1, 363, 370, 372, 367, 368, 366, 366, 366, 366, 366, 365, 365, 365, 365, 365, 54, 54, 54, 54, 54} diff --git a/sysgen/fetch.go b/sysgen/fetch.go index 941c6d587..d739541f0 100644 --- a/sysgen/fetch.go +++ b/sysgen/fetch.go @@ -15,7 +15,7 @@ import ( // fetchValues converts literal constants (e.g. O_APPEND) or any other C expressions // into their respective numeric values. It does so by builting and executing a C program // that prints values of the provided expressions. -func fetchValues(arch string, vals []string, includes []string, defines map[string]string) []string { +func fetchValues(arch string, vals []string, includes []string, defines map[string]string, cflags []string) []string { logf(1, "Use C compiler to fetch constant values for arch=%v", arch) includeText := "" for _, inc := range includes { @@ -37,6 +37,7 @@ func fetchValues(arch string, vals []string, includes []string, defines map[stri logf(2, " Build C program into temp file %v", bin.Name()) args := []string{"-x", "c", "-", "-o", bin.Name()} + args = append(args, cflags...) args = append(args, []string{ // This would be useful to ensure that we don't include any host headers, // but kernel includes at least <stdarg.h> diff --git a/sysgen/syscallnr.go b/sysgen/syscallnr.go index 124ccc697..e39545c27 100644 --- a/sysgen/syscallnr.go +++ b/sysgen/syscallnr.go @@ -15,13 +15,15 @@ type Arch struct { CARCH []string KernelHeaderArch string KernelInclude string + CFlags []string Numbers []int } var archs = []*Arch{ - {"amd64", []string{"__x86_64__"}, "x86", "asm/unistd.h", nil}, - {"arm64", []string{"__aarch64__"}, "arm64", "asm/unistd.h", nil}, - {"ppc64le", []string{"__ppc64__", "__PPC64__", "__powerpc64__"}, "powerpc", "asm/unistd.h", nil}, + {"amd64", []string{"__x86_64__"}, "x86", "asm/unistd.h", []string{"-m64"}, nil}, + {"386", []string{"__i386__"}, "x86", "asm/unistd.h", []string{"-D__SYSCALL_COMPAT", "-DCONFIG_COMPAT", "-DCONFIG_X86_32"}, nil}, + {"arm64", []string{"__aarch64__"}, "arm64", "asm/unistd.h", []string{}, nil}, + {"ppc64le", []string{"__ppc64__", "__PPC64__", "__powerpc64__"}, "powerpc", "asm/unistd.h", []string{}, nil}, } var syzkalls = map[string]int{ @@ -51,7 +53,7 @@ func fetchSyscallsNumbers(arch *Arch, syscalls []Syscall) { defines[name] = strconv.Itoa(nr) } } - for _, s := range fetchValues(arch.KernelHeaderArch, vals, includes, defines) { + for _, s := range fetchValues(arch.KernelHeaderArch, vals, includes, defines, arch.CFlags) { n, err := strconv.ParseUint(s, 10, 64) if err != nil { failf("failed to parse syscall number '%v': %v", s, err) @@ -61,7 +63,7 @@ func fetchSyscallsNumbers(arch *Arch, syscalls []Syscall) { } func generateSyscallsNumbersArch(arch *Arch, syscalls []Syscall) { - var archcode string = "sys/sys_"+arch.GOARCH+".go" + var archcode string = "sys/sys_" + arch.GOARCH + ".go" logf(1, "Generate code with syscall numbers for arch=%v in %v", arch.GOARCH, archcode) buf := new(bytes.Buffer) if err := archTempl.Execute(buf, arch); err != nil { diff --git a/sysgen/sysgen.go b/sysgen/sysgen.go index 6f3e5beef..824c8587d 100644 --- a/sysgen/sysgen.go +++ b/sysgen/sysgen.go @@ -18,9 +18,9 @@ import ( ) var ( - flagLinux = flag.String("linux", "", "path to linux kernel source checkout") + flagLinux = flag.String("linux", "", "path to linux kernel source checkout") flagLinuxBld = flag.String("linuxbld", "", "path to linux kernel build directory") - flagV = flag.Int("v", 0, "verbosity") + flagV = flag.Int("v", 0, "verbosity") ) func main() { @@ -569,7 +569,7 @@ func compileFlags(includes []string, defines map[string]string, flags map[string valArray = append(valArray, k) } // TODO: should use target arch - flagVals := fetchValues("x86", valArray, includes, defines) + flagVals := fetchValues("x86", valArray, includes, defines, []string{}) for i, f := range valArray { vals[f] = flagVals[i] } @@ -649,7 +649,7 @@ func parse(in io.Reader) (includes []string, defines map[string]string, syscalls } else { p.SkipWs() fld := []string{p.Ident()} - logf(3, " Add field %f to struct %v", fld, str.Name) + logf(3, " Add field %v to struct %v", fld, str.Name) fld = append(fld, parseType(p, unnamed, flags)...) str.Flds = append(str.Flds, fld) } @@ -807,4 +807,3 @@ func logf(v int, msg string, args ...interface{}) { log.Printf(msg, args...) } } - diff --git a/syz-fuzzer/fuzzer.go b/syz-fuzzer/fuzzer.go index f1a459b45..cc7182af7 100644 --- a/syz-fuzzer/fuzzer.go +++ b/syz-fuzzer/fuzzer.go @@ -119,7 +119,10 @@ func main() { kmemleakInit() - flags, timeout := ipc.DefaultFlags() + flags, timeout, err := ipc.DefaultFlags() + if err != nil { + panic(err) + } noCover = flags&ipc.FlagCover == 0 if !noCover { fd, err := syscall.Open("/sys/kernel/debug/kcov", syscall.O_RDWR, 0) diff --git a/syz-manager/manager.go b/syz-manager/manager.go index 5afbe7972..35e9fd8f6 100644 --- a/syz-manager/manager.go +++ b/syz-manager/manager.go @@ -237,8 +237,8 @@ func (mgr *Manager) runInstance(vmCfg *vm.Config, first bool) bool { leak := first && mgr.cfg.Leak // Run the fuzzer binary. - outputC, errorC, err := inst.Run(time.Hour, fmt.Sprintf("%v -executor %v -name %v -manager %v -output=%v -procs %v -leak=%v -cover=%v -nobody=%v -v %d", - fuzzerBin, executorBin, vmCfg.Name, fwdAddr, mgr.cfg.Output, mgr.cfg.Procs, leak, mgr.cfg.Cover, mgr.cfg.DropPrivs, *flagV)) + outputC, errorC, err := inst.Run(time.Hour, fmt.Sprintf("%v -executor %v -name %v -manager %v -output=%v -procs %v -leak=%v -cover=%v -sandbox=%v -v %d", + fuzzerBin, executorBin, vmCfg.Name, fwdAddr, mgr.cfg.Output, mgr.cfg.Procs, leak, mgr.cfg.Cover, mgr.cfg.Sandbox, *flagV)) if err != nil { logf(0, "failed to run fuzzer: %v", err) return false diff --git a/tools/syz-execprog/execprog.go b/tools/syz-execprog/execprog.go index fdba0f258..5b7610754 100644 --- a/tools/syz-execprog/execprog.go +++ b/tools/syz-execprog/execprog.go @@ -55,7 +55,10 @@ func main() { return } - flags, timeout := ipc.DefaultFlags() + flags, timeout, err := ipc.DefaultFlags() + if err != nil { + log.Fatalf("%v", err) + } if *flagCoverFile != "" { flags |= ipc.FlagCover flags &= ^ipc.FlagDedupCover diff --git a/tools/syz-stress/stress.go b/tools/syz-stress/stress.go index defcb38a3..bb2352f76 100644 --- a/tools/syz-stress/stress.go +++ b/tools/syz-stress/stress.go @@ -25,7 +25,7 @@ import ( var ( flagCorpus = flag.String("corpus", "", "corpus directory") - flagExecutor = flag.String("executor", "", "path to executor binary") + flagExecutor = flag.String("executor", "./syz-executor", "path to executor binary") flagOutput = flag.Bool("output", false, "print executor output to console") flagProcs = flag.Int("procs", 2*runtime.NumCPU(), "number of parallel processes") flagLogProg = flag.Bool("logprog", false, "print programs before execution") @@ -47,7 +47,10 @@ func main() { prios := prog.CalculatePriorities(corpus) ct := prog.BuildChoiceTable(prios, calls) - flags, timeout := ipc.DefaultFlags() + flags, timeout, err := ipc.DefaultFlags() + if err != nil { + failf("%v", err) + } gate = ipc.NewGate(2**flagProcs, nil) for pid := 0; pid < *flagProcs; pid++ { pid := pid |