DAMON fuzzing

[Sangwoo Bae]

Hi everyone,

I am currently working on using Syzkaller to fuzz a new Kernelmodule in Linux called DAMON <https://damonitor.github.io/doc/html/latest-damon/admin-guide/mm/damon/usage.html>.

It has a debugfs interface with which you can use it (previous link for documentation).

And I have tried describing it, but unfortunately in the coverage report I can't seem to cover any of the DAMON code..

I have pasted a cut version of my damon.txt description down below, I would appreciate some pointers!

include <uapi/linux/fcntl.h>

include <uapi/linux/mount.h>

resource fd_target_ids[fd]

resource fd_monitor_on[fd]

resource d_pid[pid]

mount$damon_debugfs(src const[0], dst ptr[in, string["/sys/kernel/debug"]], type ptr[in, string["debugfs"]], flags flags[mount_flags], data const[0])

getpid$damon() d_pid

open$target_ids(file ptr[in, string["/sys/kernel/debug/damon/target_ids"]], flags flags[open_flags], mode flags[open_mode]) fd_target_ids

open$monitor_on(file ptr[in, string["/sys/kernel/debug/damon/monitor_on"]], flags flags[open_flags], mode flags[open_mode]) fd_monitor_on

write$target_ids(fd fd_target_ids, buf ptr[in, target_id_input], count len[buf])

write$monitor_on(fd fd_monitor_on, buf ptr[in, string["on"]], count len[buf])

target_id_input {

    paddr       optional[string["paddr\n"]]

    pids        array[target_pid]

} [packed]

target_pid {

    space       string[" "]

    pid         d_pid

}

Kind regards,

Sangwoo Bae

[Dmitry Vyukov]

Hi Sangwoo,

I see this subsystem is present in the upstream kernel. Please send a
pull request with your descriptions and then we can discuss on the PR.