github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/strace.md

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/strace.md (about)

     1  # Strace
     2  
     3  Syzkaller can be instructed to execute programs under
     4  [strace](https://strace.io/) and capture the output.
     5  
     6  If the `strace_bin` is set to an `strace` binary, syzkaller will automatically
     7  run each reproducer it managed to find under the `strace` binary.
     8  * If a syz-manager is attached to a `dashboard`, syzkaller will upload the
     9    resulting output as a normal log file if the generated reproducer still
    10    managed to produce the same crash.
    11  * Otherwise, the output of strace will be saved to a separate file and will be
    12    accessible through the syz-manager's web interface.
    13  
    14  ## How to compile the strace binary
    15  
    16  It is safer to compile `strace` as a statically linked binary in order to
    17  prevent problems with mismatching libc versions on the kernel image used for
    18  fuzzing.
    19  
    20  ```
    21  git clone https://github.com/strace/strace.git
    22  cd strace
    23  ./bootstrap
    24  ./configure --enable-mpers=no LDFLAGS='-static -pthread'
    25  make -j`nproc`
    26  ```
    27  
    28  The resulting binary can be found at `src/strace`.
    29  
    30  ## syz-crush
    31  
    32  It's possible to instruct `syz-crush` to run the attached repro under strace. In
    33  order to do so, make sure `strace_bin` is specified in the syz-manager config
    34  file and pass an extra `-strace` argument to the command arguments.
    35  
    36  ## syz-repro
    37  
    38  If `-strace file-name.log` is appended to the `syz-repro`'s arguments, the tool
    39  will run the resulting repro (if it managed to generate one) under strace and
    40  save its output.