[google/syzkaller] 52a395: sys/linux: add large io uring sqe type for uring c...
0 views
Skip to first unread message
![github-merge-queue[bot]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
github-merge-queue[bot]
4:52 PM (5 hours ago) 4:52 PM
to syzk...@googlegroups.com
Branch: refs/heads/gh-readonly-queue/master/pr-7039-c3ed5f4f5433e287b308132d6d88d6e5014bf3be
Home: https://github.com/google/syzkaller
Commit: 52a39577b5c1cd3da50358af5f9d95522237174e
https://github.com/google/syzkaller/commit/52a39577b5c1cd3da50358af5f9d95522237174e
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M CONTRIBUTORS
M sys/linux/io_uring.txt
M sys/linux/io_uring.txt.const
Log Message:
-----------
sys/linux: add large io uring sqe type for uring cmd ops
The existing io_uring_sqe type only 64 bytes of data.
For ioring_op_uring_cmds, 128 bytes are used to support 80 bytes
of uring cmd data
Commit: d4e52be282519b00bce82ba2513357906809df54
https://github.com/google/syzkaller/commit/d4e52be282519b00bce82ba2513357906809df54
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: add custom syz call to create io uring for ublk
ublk needs IORING_SETUP_SQE128 | IORING_SETUP_CQE32 to work
Without this, the cmds would just fail and fuzzer wastes time
Commit: bc2d49993e4d884166511008c44e9bb58c7f8fd9
https://github.com/google/syzkaller/commit/bc2d49993e4d884166511008c44e9bb58c7f8fd9
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: add custom syz call to add a ublk device
All ublk ctrl commands operate on a particular device.
Instead of submitting control commands with random device ids
using syz_io_uring_submit, its better to record the ublk dev id
as a resource using a custom syzcall.
This also lets us capture the fuzzer generated dev info which we
can use in subsequent syzcalls
Commit: 325b59812c70f3e14e994a5c942ae81aaa46fc5e
https://github.com/google/syzkaller/commit/325b59812c70f3e14e994a5c942ae81aaa46fc5e
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M sys/linux/io_uring.txt
A sys/linux/ublk.txt
Log Message:
-----------
sys/linux: add ublk syzkaller definitions for control commands
Commit: acd03c0fbe79a188fe8899da6eda5095a79ab33e
https://github.com/google/syzkaller/commit/acd03c0fbe79a188fe8899da6eda5095a79ab33e
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
M sys/linux/ublk.txt
Log Message:
-----------
sys/linux: add syzcalls to do file IO on ublk char and block devs
Commit: 20b58cc34cd93de8dcf84964c24e18846b9d4178
https://github.com/google/syzkaller/commit/20b58cc34cd93de8dcf84964c24e18846b9d4178
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
M sys/linux/ublk.txt
A vm.log
A vm.pid
Log Message:
-----------
sys/linux: add ublk syzkaller definitions for IO cmds
I added customer syzcalls to initialize queues and process IO on it
The queue initialization complex is pretty complex and it would be
very hard for the fuzzer to get it right due to the mmap setup and
submitting and SQE with appropriate details for every slot in queue
to indicate ublk readiness of the queue
Also, we need to provide a custom syscall to process io on queue.
Once cqe is advanced, we need to send a response back to make progress
It can be hard for fuzzer to figure out the flow by itself
Commit: 8b0cbd7d19b80c3f535fb0ea5b61ecbec82aea28
https://github.com/google/syzkaller/commit/8b0cbd7d19b80c3f535fb0ea5b61ecbec82aea28
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M sys/linux/io_uring.txt
M sys/linux/ublk.txt
A sys/linux/ublk.txt.const
Log Message:
-----------
sys/linux: generate ublk const values
Commit: 0d1f19076a3616be0bf3a456930b275eebe86254
https://github.com/google/syzkaller/commit/0d1f19076a3616be0bf3a456930b275eebe86254
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M pkg/subsystem/linux/rules.go
M pkg/subsystem/lists/linux.go
Log Message:
-----------
pkg/subsystem: mechanical changes around new syzcalls
Commit: b6c77d2081e585e496350e9c765d7bb6deb2dfca
https://github.com/google/syzkaller/commit/b6c77d2081e585e496350e9c765d7bb6deb2dfca
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M pkg/vminfo/linux_syscalls.go
R vm.log
R vm.pid
Log Message:
-----------
pkg/vminfo: allow ublk syzcalls only when ublk control dev is present
Commit: 165d0ef4cb11280da2b0d89120b753b8e9f4aeb6
https://github.com/google/syzkaller/commit/165d0ef4cb11280da2b0d89120b753b8e9f4aeb6
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: replace uring and ublk structs with header imports
Commit: c5f9d079bd595c3a7dfe3662945b6471942b85b4
https://github.com/google/syzkaller/commit/c5f9d079bd595c3a7dfe3662945b6471942b85b4
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
A sys/linux/test/ublk
Log Message:
-----------
sys/linux: add a test to verify ublk works
Commit: aee9e85a8842e5f58997c074f6448bc1486cb6e6
https://github.com/google/syzkaller/commit/aee9e85a8842e5f58997c074f6448bc1486cb6e6
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: replace ublk_cmd header with struct definitions used
Commit: 9cfb3ca710b61b2f1e2032fa6d94d4a00f81ab36
https://github.com/google/syzkaller/commit/9cfb3ca710b61b2f1e2032fa6d94d4a00f81ab36
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: replace io_uring header with struct definitions
Compare: https://github.com/google/syzkaller/compare/52a39577b5c1%5E...9cfb3ca710b6
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
Home: https://github.com/google/syzkaller
Commit: 52a39577b5c1cd3da50358af5f9d95522237174e
https://github.com/google/syzkaller/commit/52a39577b5c1cd3da50358af5f9d95522237174e
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M CONTRIBUTORS
M sys/linux/io_uring.txt
M sys/linux/io_uring.txt.const
Log Message:
-----------
sys/linux: add large io uring sqe type for uring cmd ops
The existing io_uring_sqe type only 64 bytes of data.
For ioring_op_uring_cmds, 128 bytes are used to support 80 bytes
of uring cmd data
Commit: d4e52be282519b00bce82ba2513357906809df54
https://github.com/google/syzkaller/commit/d4e52be282519b00bce82ba2513357906809df54
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: add custom syz call to create io uring for ublk
ublk needs IORING_SETUP_SQE128 | IORING_SETUP_CQE32 to work
Without this, the cmds would just fail and fuzzer wastes time
Commit: bc2d49993e4d884166511008c44e9bb58c7f8fd9
https://github.com/google/syzkaller/commit/bc2d49993e4d884166511008c44e9bb58c7f8fd9
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: add custom syz call to add a ublk device
All ublk ctrl commands operate on a particular device.
Instead of submitting control commands with random device ids
using syz_io_uring_submit, its better to record the ublk dev id
as a resource using a custom syzcall.
This also lets us capture the fuzzer generated dev info which we
can use in subsequent syzcalls
Commit: 325b59812c70f3e14e994a5c942ae81aaa46fc5e
https://github.com/google/syzkaller/commit/325b59812c70f3e14e994a5c942ae81aaa46fc5e
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M sys/linux/io_uring.txt
A sys/linux/ublk.txt
Log Message:
-----------
sys/linux: add ublk syzkaller definitions for control commands
Commit: acd03c0fbe79a188fe8899da6eda5095a79ab33e
https://github.com/google/syzkaller/commit/acd03c0fbe79a188fe8899da6eda5095a79ab33e
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
M sys/linux/ublk.txt
Log Message:
-----------
sys/linux: add syzcalls to do file IO on ublk char and block devs
Commit: 20b58cc34cd93de8dcf84964c24e18846b9d4178
https://github.com/google/syzkaller/commit/20b58cc34cd93de8dcf84964c24e18846b9d4178
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
M sys/linux/ublk.txt
A vm.log
A vm.pid
Log Message:
-----------
sys/linux: add ublk syzkaller definitions for IO cmds
I added customer syzcalls to initialize queues and process IO on it
The queue initialization complex is pretty complex and it would be
very hard for the fuzzer to get it right due to the mmap setup and
submitting and SQE with appropriate details for every slot in queue
to indicate ublk readiness of the queue
Also, we need to provide a custom syscall to process io on queue.
Once cqe is advanced, we need to send a response back to make progress
It can be hard for fuzzer to figure out the flow by itself
Commit: 8b0cbd7d19b80c3f535fb0ea5b61ecbec82aea28
https://github.com/google/syzkaller/commit/8b0cbd7d19b80c3f535fb0ea5b61ecbec82aea28
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M sys/linux/io_uring.txt
M sys/linux/ublk.txt
A sys/linux/ublk.txt.const
Log Message:
-----------
sys/linux: generate ublk const values
Commit: 0d1f19076a3616be0bf3a456930b275eebe86254
https://github.com/google/syzkaller/commit/0d1f19076a3616be0bf3a456930b275eebe86254
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M pkg/subsystem/linux/rules.go
M pkg/subsystem/lists/linux.go
Log Message:
-----------
pkg/subsystem: mechanical changes around new syzcalls
Commit: b6c77d2081e585e496350e9c765d7bb6deb2dfca
https://github.com/google/syzkaller/commit/b6c77d2081e585e496350e9c765d7bb6deb2dfca
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M pkg/vminfo/linux_syscalls.go
R vm.log
R vm.pid
Log Message:
-----------
pkg/vminfo: allow ublk syzcalls only when ublk control dev is present
Commit: 165d0ef4cb11280da2b0d89120b753b8e9f4aeb6
https://github.com/google/syzkaller/commit/165d0ef4cb11280da2b0d89120b753b8e9f4aeb6
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: replace uring and ublk structs with header imports
Commit: c5f9d079bd595c3a7dfe3662945b6471942b85b4
https://github.com/google/syzkaller/commit/c5f9d079bd595c3a7dfe3662945b6471942b85b4
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
A sys/linux/test/ublk
Log Message:
-----------
sys/linux: add a test to verify ublk works
Commit: aee9e85a8842e5f58997c074f6448bc1486cb6e6
https://github.com/google/syzkaller/commit/aee9e85a8842e5f58997c074f6448bc1486cb6e6
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: replace ublk_cmd header with struct definitions used
Commit: 9cfb3ca710b61b2f1e2032fa6d94d4a00f81ab36
https://github.com/google/syzkaller/commit/9cfb3ca710b61b2f1e2032fa6d94d4a00f81ab36
Author: Teja Vojjala <tejav...@google.com>
Date: 2026-04-23 (Thu, 23 Apr 2026)
Changed paths:
M executor/common_linux.h
Log Message:
-----------
sys/linux: replace io_uring header with struct definitions
Compare: https://github.com/google/syzkaller/compare/52a39577b5c1%5E...9cfb3ca710b6
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
github-merge-queue[bot]
5:04 PM (4 hours ago) 5:04 PM
to syzk...@googlegroups.com
Branch: refs/heads/master
Compare: https://github.com/google/syzkaller/compare/c3ed5f4f5433...9cfb3ca710b6
Reply all
Reply to author
Forward
0 new messages