Home
last modified time | relevance | path

Searched refs:syz (Results 1 – 25 of 223) sorted by relevance

123456789

/external/syzkaller/pkg/report/testdata/fuchsia/report/
D69 [00131.346] 01102.01116> <== fatal exception: process /tmp/syz-fuzzer[31717] thread pthread_t:0x118…
38 …01116> dso: id=1496e1863bc310a7322542c41969d8ca90d92878 base=0xd8af0615000 name=app:/tmp/syz-fuzzer
39 [00131.375] 01102.01116> bt#01: pc 0xd8af19736ef sp 0x6ef13e3cf6b8 (app:/tmp/syz-fuzzer,0x135e6ef)
40 [00131.375] 01102.01116> bt#02: pc 0xd8af1974ae5 sp 0x6ef13e3cf6c8 (app:/tmp/syz-fuzzer,0x135fae5)
41 [00131.375] 01102.01116> bt#03: pc 0xd8af1a30ba2 sp 0x6ef13e3cf6d8 (app:/tmp/syz-fuzzer,0x141bba2)
42 [00131.375] 01102.01116> bt#04: pc 0xd8af1a311c2 sp 0x6ef13e3cf6e8 (app:/tmp/syz-fuzzer,0x141c1c2)
43 [00131.375] 01102.01116> bt#05: pc 0xd8af1a36209 sp 0x6ef13e3cf6f8 (app:/tmp/syz-fuzzer,0x1421209)
44 [00131.375] 01102.01116> bt#06: pc 0xd8af1a2d8cc sp 0x6ef13e3cf708 (app:/tmp/syz-fuzzer,0x14188cc)
45 [00131.375] 01102.01116> bt#07: pc 0xd8af1a2d9ac sp 0x6ef13e3cf718 (app:/tmp/syz-fuzzer,0x14189ac)
46 [00131.375] 01102.01116> bt#08: pc 0xd8af1ccc289 sp 0x6ef13e3cf728 (app:/tmp/syz-fuzzer,0x16b7289)
[all …]
/external/clang/test/Analysis/diagnostics/
Dderef-track-symbolic-region.c12 void test(struct S syz, int *pp) { in test() argument
14 syz.x = foo(); // expected-note{{Value assigned to 'syz.x'}} in test()
16 struct S *ps = &syz; in test()
23 m += *syz.x; // expected-warning{{Dereference of null pointer (loaded from field 'x')}} in test()
27 void testTrackConstraintBRVisitorIsTrackingTurnedOn(struct S syz, int *pp) { in testTrackConstraintBRVisitorIsTrackingTurnedOn() argument
29 syz.x = foo(); // expected-note{{Value assigned to 'syz.x'}} in testTrackConstraintBRVisitorIsTrackingTurnedOn()
31 struct S *ps = &syz; in testTrackConstraintBRVisitorIsTrackingTurnedOn()
37 int *p = syz.x; //expected-note {{'p' initialized to a null pointer value}} in testTrackConstraintBRVisitorIsTrackingTurnedOn()
/external/syzkaller/docs/
Dreproducing_crashes.md6 …identify and minimize the program that causes a crash: `tools/syz-execprog` and `tools/syz-prog2c`.
8syz-execprog` executes a single syzkaller program or a set of programs in various modes (once or l…
10 Note: `syz-execprog` executes programs locally. So you need to copy `syz-execprog` and `syz-executo…
12 … single mmap call that maps whole required area. Again, test minimization with `syz-execprog` tool.
14 Now that you have a minimized program, check if the crash still reproduces with `./syz-execprog -th…
16 Now, run `syz-prog2c` tool on the program. It will give you executable C source. If the crash repro…
20 This process is automated to some degree in the `syz-repro` utility. You need to give it your manag…
22 ./syz-repro -config my.cfg crash-qemu-1-1455745459265726910
Dtroubleshooting.md6 from both the `syz-manager` top-level program and the `syz-fuzzer` instances. With this option
10 the `syz-manager` top-level program and the `syz-fuzzer` instances (which go to the
16 - Copy `syz-executor` and `syz-execprog` into a running VM.
17 - In the VM run `./syz-execprog -executor ./syz-executor -debug sampleprog` where
21 … In this case, running the `syz-execprog` test with the `-sandbox=setuid` option fixes the problem,
28 Please include syzkaller commit id that you use and `syz-manager` output with `-debug` flag enabled…
Dinternals.md13 The `syz-manager` process starts, monitors and restarts several VM instances, and starts a `syz-fuz…
15 As opposed to `syz-fuzzer` processes, it runs on a host with stable kernel which does not experienc…
17 The `syz-fuzzer` process runs inside of presumably unstable VMs.
18 … `syz-fuzzer` guides fuzzing process itself (input generation, mutation, minimization, etc) and se…
19 It also starts transient `syz-executor` processes.
21 Each `syz-executor` process executes a single input (a sequence of syscalls).
22 It accepts the program to execute from the `syz-fuzzer` process and sends results back.
27 The `syz-fuzzer` process generates programs to be executed by `syz-executor` based on syscall descr…
55 These logs can be fed to `syz-repro` tool for [crash location and minimization](reproducing_crashes…
56 or to `syz-execprog` tool for [manual localization](executing_syzkaller_programs.md).
Dwindows.md5 syz-extract -os=windows
6 syz-sysgen
9 `sys/windows/windows.txt` was auto-extracted from windows headers with `tools/syz-declextract`.
15 cl executor\executor_windows.cc /EHsc -o bin\windows_amd64\syz-executor.exe \
25 To run `syz-stress`:
27 bin\windows_amd64\syz-stress.exe -executor c:\full\path\to\bin\windows_amd64\syz-executor.exe
45 Then start `syz-manager` with config similar to the following one:
Dhub.md3 `syz-hub` program can be used to connect several `syz-manager`'s together and
6 Build `syz-hub` with `make hub`. Then create a config file along the lines of:
21 And start it with `bin/syz-hub -config hub.cfg`. Then add the following
22 additional parameters to `syz-manager` config files of each manager:
Dexecuting_syzkaller_programs.md28 $ scp bin/linux_amd64/syz-execprog bin/linux_amd64/syz-executor program test@machine
33 $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program
36 Several useful `syz-execprog` flags:
56syz-execprog` flags based on the values in the header. Namely, `Threaded`/`Collide`/`Procs`/`Sandb…
Dci.md3 (syz-ci)[syz-ci/] command provides support for continuous fuzzing with syzkaller.
4 It runs several syz-manager's, polls and rebuilds images for managers and polls
Dfreebsd.md9 To build C `syz-executor` binary, copy `executor/*` files to a FreeBSD machine and build there with:
11 c++ executor/executor_freebsd.cc -o syz-executor -O1 -lpthread -DGOOS=\"freebsd\" -DGIT_REVISION=\"…
74 Then, start `syz-manager` with:
76 bin/syz-manager -config freebsd.cfg
88 If something does not work, add `-debug` flag to `syz-manager`.
101 - Last but not least, we need to support FreeBSD in `syz-ci` command (including building kernel/ima…
Dsyscall_descriptions.md24 The first step is extraction of values of symbolic constants from Linux sources using `syz-extract`…
25 `syz-extract` generates a small C program that includes kernel headers referenced by `include` dire…
51 If the subsystem is not present in the mainline kernel, then you need to manually run `syz-extract`…
53 make bin/syz-extract
54 bin/syz-extract -os linux -arch $ARCH -sourcedir "$LINUX" -builddir "$LINUXBLD" <new>.txt
57 If the subsystem is supported on several architectures, then run `syz-extract` for each arch.
/external/syzkaller/pkg/report/testdata/linux/report/
D1139 [ 292.679059] CPU: 1 PID: 22157 Comm: syz-executor5 Not tainted 4.14.0+ #129
19 [ 292.742848] sctp: [Deprecated]: syz-executor0 (pid 22154) Use of int in max_burst socket option …
21 [ 292.760875] sctp: [Deprecated]: syz-executor0 (pid 22154) Use of int in max_burst socket option …
30 [ 292.817577] sctp: [Deprecated]: syz-executor0 (pid 22198) Use of int in max_burst socket option …
32 [ 292.837972] sctp: [Deprecated]: syz-executor2 (pid 22199) Use of int in max_burst socket option …
34 [ 292.844964] sctp: [Deprecated]: syz-executor0 (pid 22198) Use of int in max_burst socket option …
36 [ 292.850158] sctp: [Deprecated]: syz-executor2 (pid 22199) Use of int in max_burst socket option …
38 [ 292.878797] sctp: [Deprecated]: syz-executor0 (pid 22205) Use of int in max_burst socket option …
40 [ 292.889594] sctp: [Deprecated]: syz-executor0 (pid 22205) Use of int in max_burst socket option …
43 [ 292.914495] sctp: [Deprecated]: syz-executor0 (pid 22212) Use of int in max_burst socket option …
[all …]
D77 [ 522.565344] netlink: 3 bytes leftover after parsing attributes in process 'syz-executor5'.
8 [ 536.429346] NMI watchdog: BUG: soft lockup - CPU#1 stuck for 11s! [syz-executor7:16813]
11 [ 536.440808] CPU: 1 PID: 16813 Comm: syz-executor7 Not tainted 4.3.5-smp-DEV #119
15 netlink: 3 bytes leftover after parsing attributes in process 'syz-executor5'.
16 NMI watchdog: BUG: soft lockup - CPU#1 stuck for 11s! [syz-executor7:16813]
18 CPU: 1 PID: 16813 Comm: syz-executor7 Not tainted 4.3.5-smp-DEV #119
D1159 [ 76.661705] CPU: 0 PID: 14413 Comm: syz-executor0 Not tainted 4.9.65-g8ae26d1 #98
20 [ 76.882228] syz-executor2/14420 is trying to release lock (mrt_lock) at:
25 [ 76.906710] 2 locks held by syz-executor2/14420:
30 [ 76.932918] CPU: 1 PID: 14420 Comm: syz-executor2 Not tainted 4.9.65-g8ae26d1 #98
D1373 [ 45.718728] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor6/6976
5 [ 45.732732] CPU: 1 PID: 6976 Comm: syz-executor6 Not tainted 4.9.69-g3f1d77c #108
14 [ 45.793029] program syz-executor0 not setting count and/or reply_len properly
17 [ 45.793029] program syz-executor0 not setting count and/or reply_len properly
D683 [ 213.269287] BUG: spinlock recursion on CPU#0, syz-executor7/5032
4 [ 213.281506] lock: 0xffff88006c122d00, .magic: dead4ead, .owner: syz-executor7/5032, .owner_cpu:…
5 [ 213.285112] CPU: 0 PID: 5032 Comm: syz-executor7 Not tainted 4.9.0-rc7+ #58
D1364 [ 62.873963] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/11203
6 [ 62.888081] CPU: 1 PID: 11203 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107
16 …00 audit(1513230272.694:51): avc: denied { setopt } for pid=11219 comm="syz-executor6" scontext…
D1167 [ 264.323751] syz-executor1/1081 is trying to release lock (mrt_lock) at:
12 [ 264.348145] 1 lock held by syz-executor1/1081:
16 [ 264.365364] CPU: 1 PID: 1081 Comm: syz-executor1 Not tainted 4.9.65-gea83e4a #95
D751 TITLE: BUG: scheduling while atomic: syz-executor/ADDR
3 [ 185.479466] BUG: scheduling while atomic: syz-executor0/19425/0x00000000
6 [ 185.494289] CPU: 1 PID: 19425 Comm: syz-executor0 Tainted: G W 4.3.5+ #11
/external/syzkaller/
DMakefile30 go run tools/syz-env/env.go))
34 $(error syz-env failed)
85 bin/syz-sysgen bin/syz-extract bin/syz-fmt \
99 GOOS=$(HOSTOS) GOARCH=$(HOSTARCH) $(HOSTGO) install ./syz-manager
103 GOOS=$(TARGETGOOS) GOARCH=$(TARGETGOARCH) $(GO) install ./syz-fuzzer
109 $(CC) -o ./bin/$(TARGETOS)_$(TARGETARCH)/syz-executor$(EXE) executor/executor.cc \
/external/syzkaller/pkg/email/
Dreply_test.go32 #syz foo
38 > #syz foo
48 #syz foo
54 > #syz foo
64 #syz foo`,
68 > #syz foo
Dparser_test.go148 #syz fix: bar baz `,
156 #syz fix: bar baz
165 > #syz fix: bar baz
175 #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git
183 #syz test:
191 #syz test:
201 #syz test_5_arg_cmd arg1
213 #syz test_5_arg_cmd arg1
220 #syz test_5_arg_cmd arg1
228 #syz test_5_arg_cmd arg1
[all …]
/external/syzkaller/docs/akaros/
DREADME.md11 `syz-stress` can be run as follows:
14 make TARGETOS=linux syz-stress
16 scp -P 5555 -i akaros_id_rsa -o IdentitiesOnly=yes bin/akaros_amd64/syz-executor root@localhost:/
17 …inux_amd64/syz-stress -os=akaros -ipc=pipe -procs=8 -executor "/usr/bin/ssh -p 5555 -i akaros_id_r…
/external/syzkaller/pkg/report/testdata/akaros/report/
D331 Addr 0x00000000004005f0 is in syz-executor at offset 0x00000000000005f0
48 #01 Addr 0x00000000004005f0 is in syz-executor at offset 0x00000000000005f0
49 #02 Addr 0x0000000000410394 is in syz-executor at offset 0x0000000000010394
78 Addr 0x00000000004005f0 is in syz-executor at offset 0x00000000000005f0
95 #01 Addr 0x00000000004005f0 is in syz-executor at offset 0x00000000000005f0
96 #02 Addr 0x0000000000410394 is in syz-executor at offset 0x0000000000010394
125 Addr 0x00000000004005f0 is in syz-executor at offset 0x00000000000005f0
141 #01 Addr 0x00000000004005f0 is in syz-executor at offset 0x00000000000005f0
142 #02 Addr 0x0000000000410394 is in syz-executor at offset 0x0000000000010394
/external/apache-commons-math/src/main/java/org/apache/commons/math/optimization/fitting/
DHarmonicCoefficientsGuesser.java201 double syz = 0.0; in guessAOmega() local
232 syz += f2Integral * fPrime2Integral; in guessAOmega()
237 double c1 = sy2 * sxz - sxy * syz; in guessAOmega()
238 double c2 = sxy * sxz - sx2 * syz; in guessAOmega()

123456789