Syzkaller can be instructed to execute programs under strace and capture the output.
If the strace_bin is set to an strace binary, syzkaller will automatically run each reproducer it managed to find under the strace binary.
dashboard, syzkaller will upload the resulting output as a normal log file if the generated reproducer still managed to produce the same crash.It is safer to compile strace as a statically linked binary in order to prevent problems with mismatching libc versions on the kernel image used for fuzzing.
git clone https://github.com/strace/strace.git cd strace ./bootstrap ./configure --enable-mpers=no LDFLAGS='-static -pthread' make -j`nproc`
The resulting binary can be found at src/strace.
It's possible to instruct syz-crush to run the attached repro under strace. In order to do so, make sure strace_bin is specified in the syz-manager config file and pass an extra -strace argument to the command arguments.
If -strace file-name.log is appended to the syz-repro's arguments, the tool will run the resulting repro (if it managed to generate one) under strace and save its output.