Alexander Potapenko issues

Results 19 issues of


                                            Alexander Potapenko

syz-manager: hide the "Crashes" table if reporting to dashboard

When syzkaller is running stand-alone, it has a list of crashes on the status page, that is up-to-date and contains the crashes detected during the current invocation. However when a...

enhancement

Stale

pkg/ifuzz/x86: potential issues with instruction decoding

pkg/ifuzz/x86 does not fully implement instruction decoding, ignoring some of the opcode field combinations. Because of that, there can be ambiguity in instruction parsing, that depends on the order of...

bug

sys, executor: incorrect handling of syz_io_uring_setup()

The following program: ``` r0 = syz_open_dev$usbmon(&(0x7f0000000180), 0x0, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000240)={0x0}) ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x8000) ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x0) syz_io_uring_setup(0x100b7e, &(0x7f0000000280)={0x0, 0x0, 0x1810}, &(0x7f0000000000), &(0x7f00000000c0)) ``` consistently smashes the kcov mapping...

bug

sys/linux: generating ioctl(FS_IOC_SETFLAGS) and ioctl(FS_IOC_FSSETXATTR) may break VM

The following program: ``` r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20,...

bug

Better support for non-4K pages

Marc Zyngier notices that syzkaller reproducers always seem to be generated with an implicit requirement that PAGE_SIZE is 4kB. However, arm64 supports 4, 16 and 64kB as the base page...

enhancement

Kvm vgic

******************************************************************************* Before sending a pull request, please review Contribution Guidelines: https://github.com/google/syzkaller/blob/master/docs/contributing.md *******************************************************************************

executor: linux: Android and gVisor are unable to mount tmpfs with sandbox=none

https://github.com/google/syzkaller/pull/4959 broke program execution on Android: ``` SYZFAIL: mount(tmpfs) failed (errno 28: No space left on device) loop exited with status 67 ``` and gVisor: ``` SYZFAIL: mount(proc) failed (errno...

bug

oss-fuzz targets need improvement

The existing libFuzzer targets used by oss-fuzz may require some massage. I was looking at `./tests/fuzz/ext2fs_image_read_write_fuzzer` built with `./configure --enable-fuzzing --enable-addrsan`, and want to share my findings. 1. Running `ext2fs_image_read_write_fuzzer`...