| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't specify trailing unused args for some syscalls
(e.g. ioctl that does not use its arg).
Executor always filled tailing unsed args with 0's
but pkg/csource didn't. Some such syscalls actually
check that the unsed arg is 0 and as the result failed with C repro.
We could statically check and eliminate all such cases,
but it turns out the warning fires in 1500+ cases:
https://gist.githubusercontent.com/dvyukov/e59ba1d9a211ee32fa0ba94fab86a943/raw/a3ace5a63f7281f0298f51ea9842ead1e4713418/gistfile1.txt
So instead fill such args with 0's in pkg/csource too.
|
| | |
|
| |
|
|
|
| |
For context see:
https://groups.google.com/d/msg/syzkaller-bugs/ZaBzAJbn6i8/Py9FVlAqDQAJ
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This adds 2 ioctls and an argument type:
- FS_IOC_ENABLE_VERITY
- FS_IOC_MEASURE_VERITY
- struct fsverity_digest
Note fs-verity on-disk structs are not yet added.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AUTO arguments can be used for:
- consts
- lens
- pointers
For const's and len's AUTO is replaced with the natural value,
addresses for AUTO pointers are allocated linearly.
This greatly simplifies writing test programs by hand
as most of the time we want these natural values.
Update tests to use AUTO.
|
| | |
|
| |
|
|
|
|
|
| |
Add bulk of checks for strict parsing mode.
Probably not complete, but we can extend then in future as needed.
Turns out we can't easily use it for serialized programs
as they omit default args and during deserialization it looks like missing args.
|
| |
|
|
|
|
|
|
|
|
|
| |
Over time we relaxed parsing to handle all kinds of invalid programs
(excessive/missing args, wrong types, etc).
This is useful when reading old programs from corpus.
But this is harmful for e.g. reading test inputs as they can become arbitrary outdated.
For runtests which creates additional problem of executing not
what is actually written in the test (or at least what author meant).
Add strict parsing mode that does not tolerate any errors.
For now it just checks excessive syscall arguments.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* OpebBSD: remove socketpair() for AF_INET and AF_INET6.
socketpair() is only supported on AF_UNIX.
* NetBSD: remove socketpair() for AF_INET and AF_INET6.
socketpair() is only supported for AF_UNIX.
* FreeBSD: remove socketpair() for AF_INET and AF_INET6.
socketpair() only supports AF_UNIX.
* Linux: remove socketpair for AF_INET and AF_INET6.
socketpair only supports AF_UNIX.
* Autogenerated files.
These are manually generated for all platforms you are not
running on. FreeBSD in this case.
* executor: rebase.
* sys/freebsd: rebase.
* sys/linux: use AF_UNIX based socketpair for nbd.
This was suggested by Dmitry.
Fixes #845
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Use the new vma64 now that we have it.
|
| | |
|
| | |
|
| |
|
|
| |
Use one syscall per command, refine arguments, etc.
|
| | |
|
| | |
|
| |
|
|
| |
definition in linux to make trace2syz generation simpler
|
| |
|
|
|
|
| |
Create planar and non-planar vivid devices.
Create each for each test process.
Add swradio/radio/vbi/cec media devices.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Kernel tries to vmalloc whatever we pass as size and it's not accounted against memcg.
As the result it can lead to massive OOM kills of everything running on the machine.
Strictly saying, the same applies to finit_module with a sparse file too,
but there is no simple way to handle that.
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #783
|
| |
|
|
|
|
|
| |
1. Extract consts on the latest linux tree.
2. Don't manually define O_TMPFILE/O_ACCMODE/_LINUX_CAPABILITY_VERSION_N,
they are defined in kernel headers.
3. Don't use CLOCK_SGI_CYCLE as clock id, it's not implemented.
|
| | |
|
| | |
|
| |
|
|
| |
Fix copy-paste error.
|
| |
|
|
| |
Also remove the second syscall for opening of /dev/fd*.
|
| | |
|
| |
|
|
|
| |
CPU argument can be -1.
It makes sense to mmap perf fd.
|
| |
|
|
|
|
|
|
| |
The latest Linux kernel misses some arch-specific headers on some archs:
asm/a.out.h
asm/prctl.h
asm/mce.h
Support that.
|
| |
|
|
|
|
|
|
|
|
| |
For floppy fuzzing you need to enable:
1) CONFIG_BLK_DEV_FD in your kernel configuration
2) "cmdline": " -fda FLOPPY.img " in syzkaller configuration
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Alexander Popov <alex.popov@linux.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when we get target consts with target.ConstMap["name"]
during target initialization, we just get 0 for missing consts.
This is error-prone as we can mis-type a const, or a const may
be undefined only on some archs (as we have common unix code
shared between several OSes).
Check that all the consts are actually defined.
The check detects several violations, to fix them:
1. move mremap to linux as it's only defined on linux
2. move S_IFMT to openbsd, as it's only defined and used on openbsd
3. define missing MAP_ANONYMOUS for freebsd and netbsd
4. fix extract for netbsd
|
| |
|
|
|
|
|
| |
FAN_OPEN_PERM and FAN_ACCESS_PERM require the program to reply to open requests.
If that does not happen, the program will hang in an unkillable state forever.
See the following bug for details:
https://groups.google.com/d/msg/syzkaller-bugs/pD-vbqJu6U0/kGH30p3lBgAJ
|
