Syzkaller can be instructed to execute programs under strace and capture the output.
If the strace_bin
is set to an strace
binary, syzkaller will automatically run each reproducer it managed to find under the strace
binary.
dashboard
, syzkaller will upload the resulting output as a normal log file if the generated reproducer still managed to produce the same crash.It is safer to compile strace
as a statically linked binary in order to prevent problems with mismatching libc versions on the kernel image used for fuzzing.
git clone https://github.com/strace/strace.git cd strace ./bootstrap ./configure --enable-mpers=no LDFLAGS='-static -pthread' make -j`nproc`
The resulting binary can be found at src/strace
.
It's possible to instruct syz-crush
to run the attached repro under strace. In order to do so, make sure strace_bin
is specified in the syz-manager config file and pass an extra -strace
argument to the command arguments.
If -strace file-name.log
is appended to the syz-repro
's arguments, the tool will run the resulting repro (if it managed to generate one) under strace and save its output.