generating progs from choice table question

3 views
Skip to first unread message

gasd dsfsfq

unread,
Sep 28, 2022, 7:59:54 AMSep 28
to syzk...@googlegroups.com
Hi,
I am new here, I am doing:

ct := target.DefaultChoiceTable()

p := target.Generate(rand.NewSource(1), 10, ct)

fmt.Printf("%s\n", p.Serialize())
The progs that are being generated pass 0xffffffffffffffff as fd to syscalls.
why don't they generate a valid fd?
i just get Bad File Descriptor error for every syscall..
what am I doing wrong?


Dmitry Vyukov

unread,
Sep 28, 2022, 8:13:19 AMSep 28
to gasd dsfsfq, syzk...@googlegroups.com
Hi gasd,

Check out what syz-mutate does, it generates programs with fd's.


$ go install ./tools/syz-mutate
$ syz-mutate

ioctl$SNDCTL_DSP_GETFMTS(0xffffffffffffffff, 0x8004500b, &(0x7f0000000000)=0x3)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662,
&(0x7f0000000080)={0x7, 0x0, '\x00', {0x0, @bt={0x7bd, 0x780, 0x0,
0x1, 0x7, 0x10001, 0x3, 0x4, 0xfff, 0x4, 0x5, 0xe7, 0x4, 0xff, 0xe,
0x20, {0x7ff, 0x5da}, 0xcf, 0x7f}}})
ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000140))
r2 = openat$damon_kdamond_pid(0xffffffffffffff9c, &(0x7f0000000180),
0xe2242, 0x0)
getpeername$ax25(r2, &(0x7f00000001c0)={{0x3, @default}, [@netrom,
@default, @default, @bcast, @rose, @null, @remote, @default]},
&(0x7f0000000240)=0x48)
recvfrom$ax25(r0, &(0x7f0000000280)=""/204, 0xcc, 0x2060,
&(0x7f0000000380)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
0x1}}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null,
@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb,
0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0},
@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48)
r3 = open_tree(r0, &(0x7f0000000400)='./file0\x00', 0x1000)
ioctl$SOUND_PCM_READ_BITS(r3, 0x80045005, &(0x7f0000000440))
r4 = openat$procfs(0xffffffffffffff9c,
&(0x7f00000004c0)='/proc/consoles\x00', 0x0, 0x0)
linkat(r1, &(0x7f0000000480)='./file0\x00', r4,
&(0x7f0000000500)='./file0\x00', 0x1800)
sendmsg$nl_crypto(r4, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0,
0x0, 0x8}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)=@get={0x100,
0x13, 0x100, 0x70bd2b, 0x25dfdbfb, {{'drbg_pr_sha384\x00'}, '\x00',
'\x00', 0x2400, 0x2000}, [{0x8}, {0x8, 0x1, 0x400}, {0x8, 0x1, 0x2},
{0x8, 0x1, 0x80}]}, 0x100}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
ioctl$NS_GET_NSTYPE(r4, 0xb703, 0x0)
r5 = openat$smackfs_load(0xffffffffffffff9c,
&(0x7f0000000700)='/sys/fs/smackfs/load-self\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f0000000740))
r6 = openat$smackfs_ptrace(0xffffffffffffff9c, &(0x7f0000000b40), 0x2, 0x0)
ioctl$BTRFS_IOC_DEV_REPLACE(r6, 0xca289435, &(0x7f0000000b80)={0x2,
0x0, @start={0x0, 0x1,
"999911f5c5f2a910782222f1b4a6a2f406f83f86815be6a01441c1b8cc2deb3ba575d37a7e0f3e7c094c61dd9afc19b9612865b8e3ccf1981866e592bb69572dfbaeef07184b4adff1e3a31fd71a21e3cc7a4641c1bab13709fb30ef1b692c388e969e1081a5fb497de644a7435df4e71ad1ecd18b48ddc46a2610f73ec5d50e4a8a9ba52e2599ecb6745378a546cf51cac1d51049941cb099ffc3e5a00805d7f79f36a24ad908242f49ecb8e720f4617b45804234add0482514ab3400c9b803e5f00b8004d1064110b9e6e71fcdb23a45af28d01a58854d23bcaa984b2f78d44455101dbd2e908e8cb6202de8c08b10319759918a6889ea62f06144db31ae69e2e56268e4c39495666c8e9407e2f05f70da692f669010f76fabe8a962ff89591ab8ed61c353c19a1f10844f062b342274c62cdd1de9fbb58d5e20f263339e98dc21061416950b12a4ae76b4c92777754b316d452523181d1f2253cc4e496c3e20f6feb4d801c7b45ecd64009670417c0c3a1c98bb505d6ec202215593f083a5cad2bf70953dec1e1c794bf2d12768368a9fa4e43552a855223008fcc16a4fd3b4ab18e5e707a10a2a26b5539f2931de1fc8e4546f881c9e67e7772a946659b8b6494ecb2ee3355cd6bd6b0470c9221049b2ae636234d98025279ca6378f611633a161ac7a546f44650ccc23bc1c2959bd5b2e3f8072827381bb4740c348f356b5d15bdb0ed092aace1cccb47b5033e0db117aa9347725cba8b52872ae20cd29cfcdb1feb5f66ce444b414f2b91b71f26bbd1008d1e04199d135de1a1c574cd128840b1feae7bd1e7e503fe7c9a2a244b00190040e45cea7cae366eba74660100e5c263337ce33903f42140772f03e7337607d7f0fbea1dcf51f86302e82ace7f2dfb59aa7f9cd67ba24e0bb52aca9e5cd308aa33d87d60485020c065c295463e579a7bc3080319a39c550df16e34e1b4dfaecda9f993eab055a16d0bdcb61c075bdd866f96bd29984ab8eba87884d7489a31bda130ca89f82e6b4a9ca45d86d9ae557dd88fb2190f478a042ec06e12cd709b1aa409605084329f16c2bc1f420f9f4fe78188996b1bd6e742f60b7aa6f9c35149088df18b8bf7951cc7e345418d0e6917f7b3bb935848f9d4840605a12d9f89ecb573b4490a0ef4d5f2231f0b6477bdace36616fcd50f163c6daa7677d688116958773d21f0fe0941a18770b8429126975c8a3db351459776ecd97a6d1eb788b8cc447c6a33c27eb7606fb4a582b24c140d3d059c1ed7a6f8c5c62a420ae1ebdd384a3af5ac5da1743eff0458606d344a138489a7ab2fbb6d52ed49e9f9452becce0489d51bc8c929e2882226e124bafc4db664d9d786a5bad41fe486efb915693b657d9949ca60121ab0b2e18464913b017ff2bc519cdd986d1327b620d3fca8d2f315144c1fc7462ad3cda95d7",
"b2e2a12f2ff97c91965da014e8de486e013427fe9834980895ba7060b8ea004373be3cef752a7ec196a0449dca7f4af4b455bbde5d2135d4d7a2778eb33aa51920c67fa99d6d120a7c4b8bae1275ba5b41b9d5f1899732260ecefe1c4fc45c25661a1da13cdb94106b4b58e795a4bc9eecee6e83ea3ccb268f9bc1769f9c764183302b0b58501aa49178edb5153c2d9321156a2af7cb958ce3a833cca5b93ea7bb41c12daa05c1e0e69135f58797d853e707f0645e19e75e1c8ee4adfcbb86f59b14d9dd93d193048f66f559ce8fcbbe837d4343bdfe9a892fede63b4db12cfe8c83be93b97d6253ce55f0fb49d1ec5038ed04b0c825d436af269561dcb4fbfa0d61cb8a0a11dc8a45fb582790c4ca8d33f18da78946c93a5df71e15d1c14542d9d3ceaca927ef2091e22ffa03d3c4144f1c5ebed62ad448076e0edf82225cd3f0d5e5b056fd6322dab9ce4f9765e5e5b025cec3d38fd93ecb706c84a210eed3e4d86a925ffec693deb93d9a516354e5057ed2dd1a8da81244c06429ce272337d9a523f31388840b87e9ae9a6e3e68ce7dc7c1ccfaa6b03cd6822f3530f00b64f591e3ba1c5a916f344a259c4dbc4fc51a8e61d00e3f1fd957f2155e08f00ca0f7c23c04bed588b5f5c25fd02588484a3d61b815057f4799ffd9bf217e90d09e8fdc3f30be2d8bf7ebd30e94590a84b0a13bde846ed0c0514414dbf6cf8e722599d267b7ac7efa020a4ec62ab39b80dc42aab288169cb0050d67696a733f89a6f4808e0611e5f30a39a56519a72854fc99b3686a52ab499a2bbffb75431784dc137ae1778cb0b0a67b82d11b1e4daf8c04411aa6adcb5f105eb54ea64085ff97c75154febd4f206f9c6c855563eb7eef080cd603c7f8065b4d4e19f68552a6c8a3416e4808984f3eb3885e2ea8181bd88c94838015485c5cadfe7762d414578894fd715e390db02c88613041aaeb4b4c1dca826d514f81a03e32677460aae1b5e0382f9eaca24f8b25b0d9ab03c48ff88e6645274189fc1750b738fe6d9cc9cb7a696c11651f24d912ed8ed55dab23f2b4f90736fc53b96e9f1f9fb34e97b240f2626988892fb0a7e27909638da7e1592c8937c6d093dd1690effcc2e539901bf01b884659a9a0406c03c038fa3efe0c2338c44c05ac6e22f71fe0b3cad326e17f584721e8b4fe17f01bbb44473067bdc9182aa99c60e660cc11e4aed01947bdedd0cc24b88956a40cb6dcdf6a0b13328855f8de44868a7d67ba815616a82d58c3d6b9802bb618983e7c491dca4a66f5e401ff4572dde156adc167e15105eb0cae7145da7e796b37157c4e0fc8b9f907ae63c044ed134c7c9df5e6d25299bf3025885ce26b18e2605a7ccdb8d8b590e634b3164a2c54b5934b89d9a7d226fc689db25959afc6958300ff51a73cd66a46933c3667b8165bfa5b4122bfc568101983"},
[0x4, 0xffffffffffffffff, 0x2, 0x6, 0x1, 0x5, 0x7aa, 0x4, 0x2, 0x2,
0x5, 0x81000000000, 0x4, 0x20, 0x50000000000000, 0xffffffffffffff01,
0x100000000, 0x0, 0x44f, 0x819, 0x7ff, 0x2, 0x7f, 0x8000, 0xfe, 0x4,
0x83, 0x5, 0x7, 0x9, 0x101, 0x7, 0x3e4363bb, 0x81, 0x707b00, 0x4,
0x200, 0x6087, 0x3f13, 0x7, 0x2, 0x5, 0x1ff, 0xffffffff, 0x4, 0xcc,
0x3, 0x37ca, 0x5, 0x1, 0x83, 0x5, 0x8, 0x2, 0x4, 0x10001, 0x3,
0xffffffffffffffc1, 0x1, 0x0, 0x10000, 0x1000, 0x7, 0xcfeb]})
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f00000015c0))
r7 = syz_open_dev$sndpcmp(&(0x7f0000001600), 0x5, 0x0)
signalfd(r7, &(0x7f0000001640)={[0x5]}, 0x8)
Reply all
Reply to author
Forward
0 new messages