blob: b959b91bed6091c57621130981344b0aae026feb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# Strace
Syzkaller can be instructed to execute programs under
[strace](https://strace.io/) and capture the output.
If the `strace_bin` is set to an `strace` binary, syzkaller will automatically
run each reproducer it managed to find under the `strace` binary.
* If a syz-manager is attached to a `dashboard`, syzkaller will upload the
resulting output as a normal log file if the generated reproducer still
managed to produce the same crash.
* Otherwise, the output of strace will be saved to a separate file and will be
accessible through the syz-manager's web interface.
## How to compile the strace binary
It is safer to compile `strace` as a statically linked binary in order to
prevent problems with mismatching libc versions on the kernel image used for
fuzzing.
```
git clone https://github.com/strace/strace.git
cd strace
./bootstrap
./configure --enable-mpers=no LDFLAGS='-static -pthread'
make -j`nproc`
```
The resulting binary can be found at `src/strace`.
## syz-crush
It's possible to instruct `syz-crush` to run the attached repro under strace. In
order to do so, make sure `strace_bin` is specified in the syz-manager config
file and pass an extra `-strace` argument to the command arguments.
## syz-repro
If `-strace file-name.log` is appended to the `syz-repro`'s arguments, the tool
will run the resulting repro (if it managed to generate one) under strace and
save its output.
|
