On Thu, May 25, 2023 at 12:00 PM Pengfei Xu <
pengf...@intel.com> wrote:
>
> Hi Aleksandr,
>
> On 2023-05-25 at 11:00:37 +0200, Aleksandr Nogikh wrote:
> > Hi,
> >
> > When syzkaller finds a reproducer, it extracts mounted images
> > automatically. If it's a local syzkaller instance, the intention was
> > that it places mount_%d.gz files into the corresponding crash folder
> > in the workdir. Though I've just found out there was a small bug and
> > sent a fix [1], you can apply the patch locally if you want to test it
> > before it's merged.
> >
> Thanks for your guide!
> Yes, I have installed your patch and make syzkaller to have a try, seems it
> needs some time to generate the image.
> Is there some quickly way to generate the raw image?
It needs to hit a bug and. then find a reproducer, this will
unfortunately take some time.
You could speed it up if you paste some syz reproducers for fs bugs to
sys/linux/test, it will then use them as seed programs and crash
faster.
>
> > Otherwise, the big data blob (in your case starting with \x78 and
> > ending with \x08) is already the gzipped fs image, so all you need is
> > to save that big binary string to a .gz file (and run gunzip, if you
> > want the raw image).
> Thanks for suggestion!
> I saved the \x78 and end with \x08 string into one .gz file, there
> is still some "\n" newlines in it.
> Seems it's not proper .gz file, is there something wrong I did or I missed?
Did you try to just paste the binary to a file and then feed it to gunzip?
I mean just something like
memcpy(
"\x78\x9c\xec\xdd\x7d\x6c\x5d\x75\xfd\xc0\xf1\xd3\xae\x2d\x2d\xfc\x7e\x38"
...
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x70\x53\x00\x00\x00\xff\xff\x87\xfa"
"\x41\x08",
1, 47378, fd);
--
Aleksandr