From 3cf2eb3af83e1c599aff35ee39239c2bfeae8724 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 9 Dec 2019 07:42:48 +0100 Subject: [PATCH] tools/syz-check: add description checking utility syz-check parses vmlinux dwarf, extracts struct descriptions, compares them with what we have (size, fields, alignment, etc) and produces .warn files. This is first raw version, it can be improved in a number of ways. But it already helped to identify a critical issue #1542 and shows some wrong struct descriptions. Update #590 --- sys/linux/9p.txt.warn | 7 + sys/linux/binfmt.txt.warn | 1 + sys/linux/bpf.txt.warn | 87 +++++++ sys/linux/dev_binder.txt.warn | 48 ++++ sys/linux/dev_cdrom.txt.warn | 80 ++++++ sys/linux/dev_dri.txt.warn | 26 ++ sys/linux/dev_hidraw.txt.warn | 1 + sys/linux/dev_i2c.txt.warn | 1 + sys/linux/dev_infiniband_rdma.txt.warn | 121 ++++++++++ sys/linux/dev_infiniband_rdma_cm.txt.warn | 13 + sys/linux/dev_input.txt.warn | 8 + sys/linux/dev_kvm.txt.warn | 70 ++++++ sys/linux/dev_loop.txt.warn | 15 ++ sys/linux/dev_nbd.txt.warn | 1 + sys/linux/dev_ptmx.txt.warn | 25 ++ sys/linux/dev_ptp.txt.warn | 2 + sys/linux/dev_rtc.txt.warn | 1 + sys/linux/dev_sg.txt.warn | 29 +++ sys/linux/dev_snd_control.txt.warn | 8 + sys/linux/dev_snd_midi.txt.warn | 14 ++ sys/linux/dev_snd_pcm.txt.warn | 34 +++ sys/linux/dev_snd_seq.txt.warn | 42 ++++ sys/linux/dev_tlk_device.txt.warn | 9 + sys/linux/dev_uhid.txt.warn | 23 ++ sys/linux/dev_usbmon.txt.warn | 1 + sys/linux/dev_vfio.txt.warn | 4 + sys/linux/dev_video4linux.txt.warn | 71 ++++++ sys/linux/devio.txt.warn | 20 ++ sys/linux/filesystem.txt.warn | 4 + sys/linux/fs_ioctl.txt.warn | 22 ++ sys/linux/fscrypt.txt.warn | 14 ++ sys/linux/fuse.txt.warn | 5 + sys/linux/hafnium.txt.warn | 1 + sys/linux/io_uring.txt.warn | 5 + sys/linux/ipc.txt.warn | 38 +++ sys/linux/ipvs.txt.warn | 1 + sys/linux/key.txt.warn | 3 + sys/linux/mptcp.txt.warn | 4 + sys/linux/netfilter.txt.warn | 118 +++++++++ sys/linux/netfilter_arp.txt.warn | 27 +++ sys/linux/netfilter_bridge.txt.warn | 10 + sys/linux/netfilter_ipv4.txt.warn | 17 ++ sys/linux/netfilter_ipv6.txt.warn | 38 +++ sys/linux/netfilter_targets.txt.warn | 14 ++ sys/linux/perf.txt.warn | 57 +++++ sys/linux/smack.txt.warn | 3 + sys/linux/socket.txt.warn | 32 +++ sys/linux/socket_alg.txt.warn | 8 + sys/linux/socket_ax25.txt.warn | 9 + sys/linux/socket_bluetooth.txt.warn | 18 ++ sys/linux/socket_caif.txt.warn | 8 + sys/linux/socket_can.txt.warn | 7 + sys/linux/socket_inet.txt.warn | 10 + sys/linux/socket_inet6.txt.warn | 5 + sys/linux/socket_inet_sctp.txt.warn | 16 ++ sys/linux/socket_inet_tcp.txt.warn | 17 ++ sys/linux/socket_ipx.txt.warn | 2 + sys/linux/socket_isdn.txt.warn | 3 + sys/linux/socket_key.txt.warn | 8 + sys/linux/socket_llc.txt.warn | 1 + sys/linux/socket_netlink.txt.warn | 8 + .../socket_netlink_generic_devlink.txt.warn | 3 + sys/linux/socket_netlink_netfilter.txt.warn | 2 + sys/linux/socket_netlink_route.txt.warn | 2 + sys/linux/socket_netlink_route_sched.txt.warn | 46 ++++ sys/linux/socket_netlink_xfrm.txt.warn | 16 ++ sys/linux/socket_netrom.txt.warn | 3 + sys/linux/socket_nfc.txt.warn | 1 + sys/linux/socket_packet.txt.warn | 4 + sys/linux/socket_pppox.txt.warn | 2 + sys/linux/socket_rds.txt.warn | 6 + sys/linux/socket_rose.txt.warn | 7 + sys/linux/socket_rxrpc.txt.warn | 4 + sys/linux/socket_tipc.txt.warn | 9 + sys/linux/socket_unix.txt.warn | 8 + sys/linux/socket_vnet.txt.warn | 5 + sys/linux/socket_x25.txt.warn | 2 + sys/linux/socket_xdp.txt.warn | 4 + sys/linux/sys.txt.warn | 64 +++++ sys/linux/trusty.txt.warn | 12 + sys/linux/vnet.txt.warn | 69 ++++++ sys/linux/vusb.txt.warn | 33 +++ sys/linux/xattr.txt.warn | 5 + tools/syz-check/check.go | 228 ++++++++++++++++++ tools/syz-check/dwarf.go | 202 ++++++++++++++++ 85 files changed, 2032 insertions(+) create mode 100644 sys/linux/9p.txt.warn create mode 100644 sys/linux/binfmt.txt.warn create mode 100644 sys/linux/bpf.txt.warn create mode 100644 sys/linux/dev_binder.txt.warn create mode 100644 sys/linux/dev_cdrom.txt.warn create mode 100644 sys/linux/dev_dri.txt.warn create mode 100644 sys/linux/dev_hidraw.txt.warn create mode 100644 sys/linux/dev_i2c.txt.warn create mode 100644 sys/linux/dev_infiniband_rdma.txt.warn create mode 100644 sys/linux/dev_infiniband_rdma_cm.txt.warn create mode 100644 sys/linux/dev_input.txt.warn create mode 100644 sys/linux/dev_kvm.txt.warn create mode 100644 sys/linux/dev_loop.txt.warn create mode 100644 sys/linux/dev_nbd.txt.warn create mode 100644 sys/linux/dev_ptmx.txt.warn create mode 100644 sys/linux/dev_ptp.txt.warn create mode 100644 sys/linux/dev_rtc.txt.warn create mode 100644 sys/linux/dev_sg.txt.warn create mode 100644 sys/linux/dev_snd_control.txt.warn create mode 100644 sys/linux/dev_snd_midi.txt.warn create mode 100644 sys/linux/dev_snd_pcm.txt.warn create mode 100644 sys/linux/dev_snd_seq.txt.warn create mode 100644 sys/linux/dev_tlk_device.txt.warn create mode 100644 sys/linux/dev_uhid.txt.warn create mode 100644 sys/linux/dev_usbmon.txt.warn create mode 100644 sys/linux/dev_vfio.txt.warn create mode 100644 sys/linux/dev_video4linux.txt.warn create mode 100644 sys/linux/devio.txt.warn create mode 100644 sys/linux/filesystem.txt.warn create mode 100644 sys/linux/fs_ioctl.txt.warn create mode 100644 sys/linux/fscrypt.txt.warn create mode 100644 sys/linux/fuse.txt.warn create mode 100644 sys/linux/hafnium.txt.warn create mode 100644 sys/linux/io_uring.txt.warn create mode 100644 sys/linux/ipc.txt.warn create mode 100644 sys/linux/ipvs.txt.warn create mode 100644 sys/linux/key.txt.warn create mode 100644 sys/linux/mptcp.txt.warn create mode 100644 sys/linux/netfilter.txt.warn create mode 100644 sys/linux/netfilter_arp.txt.warn create mode 100644 sys/linux/netfilter_bridge.txt.warn create mode 100644 sys/linux/netfilter_ipv4.txt.warn create mode 100644 sys/linux/netfilter_ipv6.txt.warn create mode 100644 sys/linux/netfilter_targets.txt.warn create mode 100644 sys/linux/perf.txt.warn create mode 100644 sys/linux/smack.txt.warn create mode 100644 sys/linux/socket.txt.warn create mode 100644 sys/linux/socket_alg.txt.warn create mode 100644 sys/linux/socket_ax25.txt.warn create mode 100644 sys/linux/socket_bluetooth.txt.warn create mode 100644 sys/linux/socket_caif.txt.warn create mode 100644 sys/linux/socket_can.txt.warn create mode 100644 sys/linux/socket_inet.txt.warn create mode 100644 sys/linux/socket_inet6.txt.warn create mode 100644 sys/linux/socket_inet_sctp.txt.warn create mode 100644 sys/linux/socket_inet_tcp.txt.warn create mode 100644 sys/linux/socket_ipx.txt.warn create mode 100644 sys/linux/socket_isdn.txt.warn create mode 100644 sys/linux/socket_key.txt.warn create mode 100644 sys/linux/socket_llc.txt.warn create mode 100644 sys/linux/socket_netlink.txt.warn create mode 100644 sys/linux/socket_netlink_generic_devlink.txt.warn create mode 100644 sys/linux/socket_netlink_netfilter.txt.warn create mode 100644 sys/linux/socket_netlink_route.txt.warn create mode 100644 sys/linux/socket_netlink_route_sched.txt.warn create mode 100644 sys/linux/socket_netlink_xfrm.txt.warn create mode 100644 sys/linux/socket_netrom.txt.warn create mode 100644 sys/linux/socket_nfc.txt.warn create mode 100644 sys/linux/socket_packet.txt.warn create mode 100644 sys/linux/socket_pppox.txt.warn create mode 100644 sys/linux/socket_rds.txt.warn create mode 100644 sys/linux/socket_rose.txt.warn create mode 100644 sys/linux/socket_rxrpc.txt.warn create mode 100644 sys/linux/socket_tipc.txt.warn create mode 100644 sys/linux/socket_unix.txt.warn create mode 100644 sys/linux/socket_vnet.txt.warn create mode 100644 sys/linux/socket_x25.txt.warn create mode 100644 sys/linux/socket_xdp.txt.warn create mode 100644 sys/linux/sys.txt.warn create mode 100644 sys/linux/trusty.txt.warn create mode 100644 sys/linux/vnet.txt.warn create mode 100644 sys/linux/vusb.txt.warn create mode 100644 sys/linux/xattr.txt.warn create mode 100644 tools/syz-check/check.go create mode 100644 tools/syz-check/dwarf.go diff --git a/sys/linux/9p.txt.warn b/sys/linux/9p.txt.warn new file mode 100644 index 000000000000..35de68a0dc9d --- /dev/null +++ b/sys/linux/9p.txt.warn @@ -0,0 +1,7 @@ +0025: struct pipe_9p: no corresponding struct in kernel +0096: struct p9_qid: bad size: syz=13 kernel=16 +0098: field p9_qid.version/version: bad offset: syz=1 kernel=4 +0099: field p9_qid.path/path: bad offset: syz=5 kernel=8 +0109: struct p9_ropen: no corresponding struct in kernel +0156: struct p9_rstatfs: bad size: syz=60 kernel=64 +0168: struct p9_rgetattr: no corresponding struct in kernel diff --git a/sys/linux/binfmt.txt.warn b/sys/linux/binfmt.txt.warn new file mode 100644 index 000000000000..382871ee66e0 --- /dev/null +++ b/sys/linux/binfmt.txt.warn @@ -0,0 +1 @@ +0043: struct exec: no corresponding struct in kernel diff --git a/sys/linux/bpf.txt.warn b/sys/linux/bpf.txt.warn new file mode 100644 index 000000000000..abd7df73d3de --- /dev/null +++ b/sys/linux/bpf.txt.warn @@ -0,0 +1,87 @@ +0057: struct bpf_map_create_arg: no corresponding struct in kernel +0072: struct bpf_map_get_fd_by_id_arg: no corresponding struct in kernel +0078: struct bpf_map_lookup_arg: no corresponding struct in kernel +0085: struct bpf_map_update_arg: no corresponding struct in kernel +0092: struct bpf_map_delete_arg: no corresponding struct in kernel +0099: struct bpf_map_get_next_arg: no corresponding struct in kernel +0109: struct bpf_prog: bad number of fields: syz=21 kernel=20 +0109: struct bpf_prog: bad size: syz=120 kernel=56 +0110: field bpf_prog.type/pages: bad size: syz=4 kernel=2 +0111: field bpf_prog.ninsn/jited: bad bit size/offset: syz=0/0 kernel=1/0 +0111: field bpf_prog.ninsn/jited: bad offset: syz=4 kernel=2 +0111: field bpf_prog.ninsn/jited: bad size: syz=4 kernel=2 +0112: field bpf_prog.insns/jit_requested: bad bit size/offset: syz=0/0 kernel=1/1 +0112: field bpf_prog.insns/jit_requested: bad offset: syz=8 kernel=2 +0112: field bpf_prog.insns/jit_requested: bad size: syz=8 kernel=2 +0113: field bpf_prog.license/gpl_compatible: bad bit size/offset: syz=0/0 kernel=1/2 +0113: field bpf_prog.license/gpl_compatible: bad offset: syz=16 kernel=2 +0113: field bpf_prog.license/gpl_compatible: bad size: syz=8 kernel=2 +0114: field bpf_prog.loglev/cb_access: bad bit size/offset: syz=0/0 kernel=1/3 +0114: field bpf_prog.loglev/cb_access: bad offset: syz=24 kernel=2 +0114: field bpf_prog.loglev/cb_access: bad size: syz=4 kernel=2 +0115: field bpf_prog.logsize/dst_needed: bad bit size/offset: syz=0/0 kernel=1/4 +0115: field bpf_prog.logsize/dst_needed: bad offset: syz=28 kernel=2 +0115: field bpf_prog.logsize/dst_needed: bad size: syz=4 kernel=2 +0116: field bpf_prog.log/blinded: bad bit size/offset: syz=0/0 kernel=1/5 +0116: field bpf_prog.log/blinded: bad offset: syz=32 kernel=2 +0116: field bpf_prog.log/blinded: bad size: syz=8 kernel=2 +0117: field bpf_prog.kern_version/is_func: bad bit size/offset: syz=0/0 kernel=1/6 +0117: field bpf_prog.kern_version/is_func: bad offset: syz=40 kernel=2 +0117: field bpf_prog.kern_version/is_func: bad size: syz=4 kernel=2 +0118: field bpf_prog.flags/kprobe_override: bad bit size/offset: syz=0/0 kernel=1/7 +0118: field bpf_prog.flags/kprobe_override: bad offset: syz=44 kernel=2 +0118: field bpf_prog.flags/kprobe_override: bad size: syz=4 kernel=2 +0119: field bpf_prog.prog_name/has_callchain_buf: bad bit size/offset: syz=0/0 kernel=1/8 +0119: field bpf_prog.prog_name/has_callchain_buf: bad offset: syz=48 kernel=2 +0119: field bpf_prog.prog_name/has_callchain_buf: bad size: syz=16 kernel=2 +0120: field bpf_prog.prog_ifindex/enforce_expected_attach_type: bad bit size/offset: syz=0/0 kernel=1/9 +0120: field bpf_prog.prog_ifindex/enforce_expected_attach_type: bad offset: syz=64 kernel=2 +0120: field bpf_prog.prog_ifindex/enforce_expected_attach_type: bad size: syz=4 kernel=2 +0121: field bpf_prog.expected_attach_type/type: bad offset: syz=68 kernel=4 +0122: field bpf_prog.btf_fd/expected_attach_type: bad offset: syz=72 kernel=8 +0123: field bpf_prog.func_info_rec_size/len: bad offset: syz=76 kernel=12 +0124: field bpf_prog.func_info/jited_len: bad offset: syz=80 kernel=16 +0124: field bpf_prog.func_info/jited_len: bad size: syz=8 kernel=4 +0125: field bpf_prog.func_info_cnt/tag: bad offset: syz=88 kernel=20 +0125: field bpf_prog.func_info_cnt/tag: bad size: syz=4 kernel=8 +0126: field bpf_prog.line_info_rec_size/aux: bad offset: syz=92 kernel=32 +0126: field bpf_prog.line_info_rec_size/aux: bad size: syz=4 kernel=8 +0127: field bpf_prog.line_info/orig_prog: bad offset: syz=96 kernel=40 +0128: field bpf_prog.line_info_cnt/bpf_func: bad offset: syz=104 kernel=48 +0128: field bpf_prog.line_info_cnt/bpf_func: bad size: syz=4 kernel=8 +0129: field bpf_prog.attach_btf_id/: bad offset: syz=108 kernel=56 +0129: field bpf_prog.attach_btf_id/: bad size: syz=4 kernel=0 +0174: struct bpf_insn_generic: no corresponding struct in kernel +0182: struct bpf_insn_ldst: no corresponding struct in kernel +0207: struct bpf_insn_alu: no corresponding struct in kernel +0235: struct bpf_insn_jmp: no corresponding struct in kernel +0262: struct bpf_insn_call_helper: no corresponding struct in kernel +0269: struct bpf_insn_call_func: no corresponding struct in kernel +0280: struct bpf_insn_exit: no corresponding struct in kernel +0289: struct bpf_insn_init_r0: no corresponding struct in kernel +0301: struct bpf_insn_map: no corresponding struct in kernel +0313: struct bpf_insn_map_value: no corresponding struct in kernel +0335: struct bpf_obj_pin_map: no corresponding struct in kernel +0341: struct bpf_obj_pin_prog: no corresponding struct in kernel +0347: struct bpf_obj_get: no corresponding struct in kernel +0353: struct bpf_attach_arg: no corresponding struct in kernel +0360: struct bpf_detach_arg: no corresponding struct in kernel +0367: struct bpf_test_prog_arg: no corresponding struct in kernel +0382: struct bpf_obj_get_next_id_arg: no corresponding struct in kernel +0388: struct bpf_prog_get_fd_by_id_arg: no corresponding struct in kernel +0394: struct bpf_get_prog_info_arg: no corresponding struct in kernel +0400: struct bpf_prog_info: bad number of fields: syz=32 kernel=34 +0400: struct bpf_prog_info: bad size: syz=192 kernel=208 +0435: struct bpf_get_map_info_arg: no corresponding struct in kernel +0441: struct bpf_map_info: bad number of fields: syz=7 kernel=13 +0441: struct bpf_map_info: bad size: syz=40 kernel=80 +0451: struct bpf_get_btf_info_arg: no corresponding struct in kernel +0463: struct bpf_prog_query: no corresponding struct in kernel +0474: field bpf_raw_tracepoint.prog_fd/prog: bad size: syz=4 kernel=8 +0477: struct bpf_btf_load: no corresponding struct in kernel +0520: struct btf_type_int: no corresponding struct in kernel +0543: struct btf_type_array: no corresponding struct in kernel +0588: struct btf_type_fwd: no corresponding struct in kernel +0596: struct btf_type_func: no corresponding struct in kernel +0618: struct btf_type_var: no corresponding struct in kernel +0652: struct bpf_task_fd_query: no corresponding struct in kernel diff --git a/sys/linux/dev_binder.txt.warn b/sys/linux/dev_binder.txt.warn new file mode 100644 index 000000000000..d474ce5004e0 --- /dev/null +++ b/sys/linux/dev_binder.txt.warn @@ -0,0 +1,48 @@ +0085: struct binder_cmd_transaction: no corresponding struct in kernel +0090: struct binder_cmd_reply: no corresponding struct in kernel +0095: struct binder_cmd_transaction_sg: no corresponding struct in kernel +0101: struct binder_cmd_reply_sg: no corresponding struct in kernel +0110: struct binder_transaction_data: bad number of fields: syz=11 kernel=9 +0111: field binder_transaction_data.handle/target: bad size: syz=4 kernel=8 +0113: field binder_transaction_data.pad/cookie: bad offset: syz=4 kernel=8 +0113: field binder_transaction_data.pad/cookie: bad size: syz=4 kernel=8 +0114: field binder_transaction_data.cookie/code: bad offset: syz=8 kernel=16 +0114: field binder_transaction_data.cookie/code: bad size: syz=8 kernel=4 +0115: field binder_transaction_data.code/flags: bad offset: syz=16 kernel=20 +0116: field binder_transaction_data.flags/sender_pid: bad offset: syz=20 kernel=24 +0117: field binder_transaction_data.sender_pid/sender_euid: bad offset: syz=24 kernel=28 +0118: field binder_transaction_data.sender_euid/data_size: bad offset: syz=28 kernel=32 +0118: field binder_transaction_data.sender_euid/data_size: bad size: syz=4 kernel=8 +0119: field binder_transaction_data.data_size/offsets_size: bad offset: syz=32 kernel=40 +0120: field binder_transaction_data.offsets_size/data: bad offset: syz=40 kernel=48 +0120: field binder_transaction_data.offsets_size/data: bad size: syz=8 kernel=16 +0131: struct binder_offsets: no corresponding struct in kernel +0147: field flat_binder_object.binder/hdr: bad size: syz=24 kernel=4 +0148: field flat_binder_object.weak_binder/flags: bad offset: syz=24 kernel=4 +0148: field flat_binder_object.weak_binder/flags: bad size: syz=24 kernel=4 +0149: field flat_binder_object.handle/: bad offset: syz=48 kernel=8 +0149: field flat_binder_object.handle/: bad size: syz=24 kernel=8 +0150: field flat_binder_object.weak_handle/cookie: bad offset: syz=72 kernel=16 +0150: field flat_binder_object.weak_handle/cookie: bad size: syz=24 kernel=8 +0162: struct binder_fd_object: bad number of fields: syz=5 kernel=4 +0165: field binder_fd_object.fd/: bad size: syz=4 kernel=8 +0166: field binder_fd_object.pad2/cookie: bad offset: syz=12 kernel=16 +0166: field binder_fd_object.pad2/cookie: bad size: syz=4 kernel=8 +0170: struct binder_fd_array_object: bad number of fields: syz=4 kernel=5 +0172: field binder_fd_array_object.num_fds/pad: bad offset: syz=8 kernel=4 +0172: field binder_fd_array_object.num_fds/pad: bad size: syz=8 kernel=4 +0173: field binder_fd_array_object.parnt/num_fds: bad offset: syz=16 kernel=8 +0174: field binder_fd_array_object.parent_offset/parent: bad offset: syz=24 kernel=16 +0189: struct binder_cmd_free_buffer: no corresponding struct in kernel +0194: struct binder_cmd_increfs: no corresponding struct in kernel +0199: struct binder_cmd_acquire: no corresponding struct in kernel +0204: struct binder_cmd_release: no corresponding struct in kernel +0209: struct binder_cmd_decrefs: no corresponding struct in kernel +0214: struct binder_cmd_increfs_done: no corresponding struct in kernel +0220: struct binder_cmd_acquire_done: no corresponding struct in kernel +0226: struct binder_cmd_register_looper: no corresponding struct in kernel +0230: struct binder_cmd_enter_looper: no corresponding struct in kernel +0234: struct binder_cmd_exit_looper: no corresponding struct in kernel +0238: struct binder_cmd_request_death: no corresponding struct in kernel +0244: struct binder_cmd_clear_death: no corresponding struct in kernel +0250: struct binder_cmd_dead_binder_done: no corresponding struct in kernel diff --git a/sys/linux/dev_cdrom.txt.warn b/sys/linux/dev_cdrom.txt.warn new file mode 100644 index 000000000000..05023867eeea --- /dev/null +++ b/sys/linux/dev_cdrom.txt.warn @@ -0,0 +1,80 @@ +0079: struct cdrom_output_buffer: no corresponding struct in kernel +0092: struct cdrom_msf_out_stub: no corresponding struct in kernel +0123: struct cdrom_addr: no corresponding struct in kernel +0177: field dvd_struct.physical/physical: bad offset: syz=1 kernel=0 +0178: field dvd_struct.copyright/copyright: bad offset: syz=85 kernel=0 +0179: field dvd_struct.disckey/disckey: bad offset: syz=89 kernel=0 +0179: field dvd_struct.disckey/disckey: bad size: syz=2056 kernel=2052 +0180: field dvd_struct.bca/bca: bad offset: syz=2145 kernel=0 +0181: field dvd_struct.manufact/manufact: bad offset: syz=2341 kernel=0 +0214: struct dvd_disckey: bad size: syz=2056 kernel=2052 +0217: field dvd_disckey.agid/agid: bad bit size/offset: syz=2/0 kernel=2/8 +0217: field dvd_disckey.agid/agid: bad offset: syz=4 kernel=0 +0218: field dvd_disckey.value/value: bad offset: syz=8 kernel=2 +0236: struct dvd_authinfo: bad size: syz=24 kernel=16 +0239: field dvd_authinfo.lsa/lsa: bad offset: syz=1 kernel=0 +0239: field dvd_authinfo.lsa/lsa: bad size: syz=8 kernel=4 +0240: field dvd_authinfo.hsc/hsc: bad offset: syz=9 kernel=0 +0240: field dvd_authinfo.hsc/hsc: bad size: syz=20 kernel=12 +0241: field dvd_authinfo.lsk/lsk: bad offset: syz=29 kernel=0 +0241: field dvd_authinfo.lsk/lsk: bad size: syz=16 kernel=8 +0242: field dvd_authinfo.lsc/lsc: bad offset: syz=45 kernel=0 +0242: field dvd_authinfo.lsc/lsc: bad size: syz=20 kernel=12 +0243: field dvd_authinfo.hsk/hsk: bad offset: syz=65 kernel=0 +0243: field dvd_authinfo.hsk/hsk: bad size: syz=16 kernel=8 +0244: field dvd_authinfo.lstk/lstk: bad offset: syz=81 kernel=0 +0244: field dvd_authinfo.lstk/lstk: bad size: syz=24 kernel=16 +0245: field dvd_authinfo.lsasf/lsasf: bad offset: syz=105 kernel=0 +0245: field dvd_authinfo.lsasf/lsasf: bad size: syz=8 kernel=4 +0246: field dvd_authinfo.hrpcs/hrpcs: bad offset: syz=113 kernel=0 +0247: field dvd_authinfo.lrpcs/lrpcs: bad offset: syz=115 kernel=0 +0253: struct dvd_lu_send_agid: bad size: syz=8 kernel=4 +0255: field dvd_lu_send_agid.agid/agid: bad bit size/offset: syz=2/0 kernel=2/8 +0255: field dvd_lu_send_agid.agid/agid: bad offset: syz=4 kernel=0 +0258: struct dvd_host_send_challenge: bad size: syz=20 kernel=12 +0260: field dvd_host_send_challenge.agid/agid: bad bit size/offset: syz=2/0 kernel=2/8 +0260: field dvd_host_send_challenge.agid/agid: bad offset: syz=4 kernel=0 +0262: field dvd_host_send_challenge.chal/chal: bad offset: syz=8 kernel=2 +0267: struct dvd_send_key: bad size: syz=16 kernel=8 +0269: field dvd_send_key.agid/agid: bad bit size/offset: syz=2/0 kernel=2/8 +0269: field dvd_send_key.agid/agid: bad offset: syz=4 kernel=0 +0271: field dvd_send_key.key/key: bad offset: syz=8 kernel=2 +0274: struct dvd_lu_send_challenge: bad size: syz=20 kernel=12 +0276: field dvd_lu_send_challenge.agid/agid: bad bit size/offset: syz=2/0 kernel=2/8 +0276: field dvd_lu_send_challenge.agid/agid: bad offset: syz=4 kernel=0 +0278: field dvd_lu_send_challenge.chal/chal: bad offset: syz=8 kernel=2 +0281: struct dvd_lu_send_title_key: bad size: syz=24 kernel=16 +0283: field dvd_lu_send_title_key.agid/agid: bad bit size/offset: syz=2/0 kernel=2/8 +0283: field dvd_lu_send_title_key.agid/agid: bad offset: syz=4 kernel=0 +0285: field dvd_lu_send_title_key.title_key/title_key: bad offset: syz=8 kernel=2 +0286: field dvd_lu_send_title_key.lba/lba: bad offset: syz=16 kernel=8 +0287: field dvd_lu_send_title_key.cpm/cpm: bad offset: syz=20 kernel=12 +0288: field dvd_lu_send_title_key.cp_sec/cp_sec: bad offset: syz=20 kernel=12 +0289: field dvd_lu_send_title_key.cgms/cgms: bad offset: syz=20 kernel=12 +0292: struct dvd_lu_send_asf: bad size: syz=8 kernel=4 +0294: field dvd_lu_send_asf.agid/agid: bad bit size/offset: syz=2/0 kernel=2/8 +0294: field dvd_lu_send_asf.agid/agid: bad offset: syz=4 kernel=0 +0296: field dvd_lu_send_asf.asf/asf: bad bit size/offset: syz=1/2 kernel=1/10 +0296: field dvd_lu_send_asf.asf/asf: bad offset: syz=4 kernel=0 +0324: struct request_sense: bad number of fields: syz=11 kernel=15 +0325: field request_sense.valid_err_code/error_code: bad bit size/offset: syz=0/0 kernel=7/0 +0326: field request_sense.segment_number/valid: bad bit size/offset: syz=0/0 kernel=1/7 +0326: field request_sense.segment_number/valid: bad offset: syz=1 kernel=0 +0327: field request_sense.ili_sense_key/segment_number: bad offset: syz=2 kernel=1 +0328: field request_sense.information/sense_key: bad bit size/offset: syz=0/0 kernel=4/0 +0328: field request_sense.information/sense_key: bad offset: syz=3 kernel=2 +0328: field request_sense.information/sense_key: bad size: syz=4 kernel=1 +0329: field request_sense.add_sense_len/reserved2: bad bit size/offset: syz=0/0 kernel=1/4 +0329: field request_sense.add_sense_len/reserved2: bad offset: syz=7 kernel=2 +0330: field request_sense.command_info/ili: bad bit size/offset: syz=0/0 kernel=1/5 +0330: field request_sense.command_info/ili: bad offset: syz=8 kernel=2 +0330: field request_sense.command_info/ili: bad size: syz=4 kernel=1 +0331: field request_sense.asc/reserved1: bad bit size/offset: syz=0/0 kernel=2/6 +0331: field request_sense.asc/reserved1: bad offset: syz=12 kernel=2 +0332: field request_sense.ascq/information: bad offset: syz=13 kernel=3 +0332: field request_sense.ascq/information: bad size: syz=1 kernel=4 +0333: field request_sense.fruc/add_sense_len: bad offset: syz=14 kernel=7 +0334: field request_sense.sks/command_info: bad offset: syz=15 kernel=8 +0334: field request_sense.sks/command_info: bad size: syz=3 kernel=4 +0335: field request_sense.asb/asc: bad offset: syz=18 kernel=12 +0335: field request_sense.asb/asc: bad size: syz=46 kernel=1 diff --git a/sys/linux/dev_dri.txt.warn b/sys/linux/dev_dri.txt.warn new file mode 100644 index 000000000000..fe1be3d20911 --- /dev/null +++ b/sys/linux/dev_dri.txt.warn @@ -0,0 +1,26 @@ +0114: struct drm_unique_in: no corresponding struct in kernel +0119: struct drm_unique_out: no corresponding struct in kernel +0131: struct drm_map: no corresponding struct in kernel +0140: struct drm_client: bad number of fields: syz=8 kernel=6 +0143: field drm_client.pid/pid: bad size: syz=4 kernel=8 +0145: field drm_client.pid_pad/uid: bad offset: syz=12 kernel=16 +0145: field drm_client.pid_pad/uid: bad size: syz=4 kernel=8 +0146: field drm_client.uid/magic: bad offset: syz=16 kernel=24 +0146: field drm_client.uid/magic: bad size: syz=4 kernel=8 +0148: field drm_client.uid_pad/iocs: bad offset: syz=20 kernel=32 +0148: field drm_client.uid_pad/iocs: bad size: syz=4 kernel=8 +0165: struct drm_ctx_priv_map: no corresponding struct in kernel +0170: struct drm_ctx: no corresponding struct in kernel +0175: struct drm_ctx_res: no corresponding struct in kernel +0180: struct drm_lock: no corresponding struct in kernel +0185: struct drm_buf_desc: no corresponding struct in kernel +0195: struct drm_buf_map: no corresponding struct in kernel +0201: struct drm_buf_pub: no corresponding struct in kernel +0208: struct drm_buf_free: no corresponding struct in kernel +0213: struct drm_dma: no corresponding struct in kernel +0226: struct drm_control: no corresponding struct in kernel +0243: struct drm_scatter_gather: no corresponding struct in kernel +0248: struct drm_wait_vblank: no corresponding struct in kernel +0303: struct drm_mode_crtc: bad number of fields: syz=8 kernel=9 +0311: field drm_mode_crtc.mode/mode_valid: bad size: syz=68 kernel=4 +0326: field drm_mode_modeinfo.vrefr/vrefresh: bad size: syz=2 kernel=4 diff --git a/sys/linux/dev_hidraw.txt.warn b/sys/linux/dev_hidraw.txt.warn new file mode 100644 index 000000000000..eba7657edfee --- /dev/null +++ b/sys/linux/dev_hidraw.txt.warn @@ -0,0 +1 @@ +0029: struct hidraw_get_report_arg: no corresponding struct in kernel diff --git a/sys/linux/dev_i2c.txt.warn b/sys/linux/dev_i2c.txt.warn new file mode 100644 index 000000000000..70fe6010fc30 --- /dev/null +++ b/sys/linux/dev_i2c.txt.warn @@ -0,0 +1 @@ +0032: struct i2c_smbus_data: no corresponding struct in kernel diff --git a/sys/linux/dev_infiniband_rdma.txt.warn b/sys/linux/dev_infiniband_rdma.txt.warn new file mode 100644 index 000000000000..80dcf77c0517 --- /dev/null +++ b/sys/linux/dev_infiniband_rdma.txt.warn @@ -0,0 +1,121 @@ +0075: struct mlx5_get_context_cmd_resp: no corresponding struct in kernel +0100: struct mlx5_get_context_cmd: no corresponding struct in kernel +0118: struct query_device_resp_ex: no corresponding struct in kernel +0187: struct query_device_cmd_ex: no corresponding struct in kernel +0231: struct alloc_pd_cmd_resp: no corresponding struct in kernel +0235: struct mlx5_alloc_pd_cmd_resp: no corresponding struct in kernel +0240: struct dealloc_pd_cmd: no corresponding struct in kernel +0250: struct create_ah_cmd_resp: no corresponding struct in kernel +0254: struct create_ah_cmd: no corresponding struct in kernel +0277: struct destroy_ah_cmd: no corresponding struct in kernel +0286: struct reg_mr_resp: no corresponding struct in kernel +0305: struct rereg_mr_resp: no corresponding struct in kernel +0325: struct dereg_mr_cmd: no corresponding struct in kernel +0332: struct alloc_mw_resp: no corresponding struct in kernel +0337: struct alloc_mw_cmd: no corresponding struct in kernel +0348: struct dealloc_mw_cmd: no corresponding struct in kernel +0359: struct create_comp_channel_resp: no corresponding struct in kernel +0363: struct create_comp_channel_cmd: no corresponding struct in kernel +0373: struct create_cq_resp: no corresponding struct in kernel +0378: struct mlx5_create_cq_cmd: no corresponding struct in kernel +0415: struct create_cq_ex_cmd: no corresponding struct in kernel +0448: struct destroy_cq_resp: no corresponding struct in kernel +0453: struct destroy_cq_cmd: no corresponding struct in kernel +0462: struct kern_wc: no corresponding struct in kernel +0486: struct poll_cq_cmd: no corresponding struct in kernel +0495: struct req_notify_cq_cmd: no corresponding struct in kernel +0506: struct create_qp_resp: no corresponding struct in kernel +0539: struct mlx5_create_qp_cmd: no corresponding struct in kernel +0569: struct mlx5_create_qp_resp: no corresponding struct in kernel +0612: struct destroy_qp_resp: no corresponding struct in kernel +0616: struct destroy_qp_cmd: no corresponding struct in kernel +0692: struct modify_qp_cmd: no corresponding struct in kernel +0749: struct create_wq_resp: no corresponding struct in kernel +0758: struct create_wq_cmd: no corresponding struct in kernel +0777: struct mlx5_create_wq_resp: no corresponding struct in kernel +0788: struct mlx5_create_wq_cmd: no corresponding struct in kernel +0817: struct destroy_wq_resp: no corresponding struct in kernel +0824: struct destroy_wq_cmd: no corresponding struct in kernel +0836: struct mlx5_modify_wq_cmd: no corresponding struct in kernel +0857: struct create_rwq_ind_table_resp: no corresponding struct in kernel +0866: struct create_rwq_ind_table_cmd: no corresponding struct in kernel +0879: struct destroy_rwq_ind_table_cmd: no corresponding struct in kernel +0887: struct rdma: bad number of fields: syz=3 kernel=6 +0887: struct rdma: bad size: syz=16 kernel=256 +0888: field rdma.remote_addr/qptype: bad size: syz=8 kernel=1 +0889: field rdma.rkey/prtype: bad offset: syz=8 kernel=1 +0889: field rdma.rkey/prtype: bad size: syz=4 kernel=1 +0890: field rdma.reserved/cms: bad offset: syz=12 kernel=2 +0890: field rdma.reserved/cms: bad size: syz=4 kernel=1 +0893: struct atomic: no corresponding struct in kernel +0901: struct ud: no corresponding struct in kernel +0908: struct xrc: no corresponding struct in kernel +0912: struct wr: no corresponding struct in kernel +0918: struct kern_send_wr: no corresponding struct in kernel +0940: struct post_send_resp: no corresponding struct in kernel +0956: struct post_recv_resp: no corresponding struct in kernel +0982: struct create_srq_resp: no corresponding struct in kernel +1002: struct mlx5_ib_create_srq_resp: no corresponding struct in kernel +1007: struct mlx5_create_srq_cmd: no corresponding struct in kernel +1041: struct query_srq_resp: no corresponding struct in kernel +1058: struct destroy_srq_resp: no corresponding struct in kernel +1062: struct destroy_srq_cmd: no corresponding struct in kernel +1071: struct kern_recv_wr: no corresponding struct in kernel +1077: struct post_srq_recv_resp: no corresponding struct in kernel +1092: struct open_xrcd_resp: no corresponding struct in kernel +1106: struct close_xrcd_cmd: no corresponding struct in kernel +1116: struct ib_flow_eth_filter: bad number of fields: syz=4 kernel=5 +1123: struct ib_flow_spec_eth: bad number of fields: syz=5 kernel=4 +1126: field ib_flow_spec_eth.reserved/val: bad size: syz=2 kernel=16 +1127: field ib_flow_spec_eth.val/mask: bad offset: syz=8 kernel=22 +1131: struct ib_flow_ipv4_filter: bad number of fields: syz=6 kernel=7 +1140: struct ib_flow_spec_ipv4: bad number of fields: syz=5 kernel=4 +1143: field ib_flow_spec_ipv4.reserved/val: bad offset: syz=6 kernel=8 +1143: field ib_flow_spec_ipv4.reserved/val: bad size: syz=2 kernel=12 +1144: field ib_flow_spec_ipv4.val/mask: bad offset: syz=8 kernel=20 +1155: field ib_flow_ipv6_filter.reserved/real_sz: bad size: syz=1 kernel=0 +1158: struct ib_flow_spec_ipv6: bad number of fields: syz=5 kernel=4 +1161: field ib_flow_spec_ipv6.reserved/val: bad offset: syz=6 kernel=8 +1161: field ib_flow_spec_ipv6.reserved/val: bad size: syz=2 kernel=40 +1162: field ib_flow_spec_ipv6.val/mask: bad offset: syz=8 kernel=48 +1166: struct ib_flow_tcp_udp_filter: bad number of fields: syz=2 kernel=3 +1171: struct ib_flow_spec_tcp_udp: bad number of fields: syz=5 kernel=4 +1174: field ib_flow_spec_tcp_udp.reserved/val: bad size: syz=2 kernel=4 +1175: field ib_flow_spec_tcp_udp.val/mask: bad offset: syz=8 kernel=10 +1179: struct ib_flow_esp_filter: bad number of fields: syz=2 kernel=3 +1184: struct ib_flow_spec_esp: bad number of fields: syz=5 kernel=4 +1187: field ib_flow_spec_esp.reserved/val: bad offset: syz=6 kernel=8 +1187: field ib_flow_spec_esp.reserved/val: bad size: syz=2 kernel=8 +1188: field ib_flow_spec_esp.val/mask: bad offset: syz=8 kernel=16 +1192: struct ib_flow_tunnel_filter: bad number of fields: syz=1 kernel=2 +1196: struct ib_flow_spec_tunnel: bad number of fields: syz=5 kernel=4 +1199: field ib_flow_spec_tunnel.reserved/val: bad offset: syz=6 kernel=8 +1199: field ib_flow_spec_tunnel.reserved/val: bad size: syz=2 kernel=4 +1200: field ib_flow_spec_tunnel.val/mask: bad offset: syz=8 kernel=12 +1204: struct ib_flow_gre_filter: bad number of fields: syz=3 kernel=4 +1210: struct ib_flow_spec_gre: bad number of fields: syz=5 kernel=4 +1213: field ib_flow_spec_gre.reserved/val: bad offset: syz=6 kernel=8 +1213: field ib_flow_spec_gre.reserved/val: bad size: syz=2 kernel=8 +1214: field ib_flow_spec_gre.val/mask: bad offset: syz=8 kernel=16 +1218: struct ib_flow_mpls_filter: bad number of fields: syz=1 kernel=2 +1222: struct ib_flow_spec_mpls: bad number of fields: syz=5 kernel=4 +1225: field ib_flow_spec_mpls.reserved/val: bad offset: syz=6 kernel=8 +1225: field ib_flow_spec_mpls.reserved/val: bad size: syz=2 kernel=4 +1226: field ib_flow_spec_mpls.val/mask: bad offset: syz=8 kernel=12 +1230: struct ib_flow_spec_action_tag: bad number of fields: syz=5 kernel=3 +1230: struct ib_flow_spec_action_tag: bad size: syz=16 kernel=12 +1233: field ib_flow_spec_action_tag.reserved/tag_id: bad offset: syz=6 kernel=8 +1233: field ib_flow_spec_action_tag.reserved/tag_id: bad size: syz=2 kernel=4 +1238: struct ib_flow_spec_action_drop: bad number of fields: syz=3 kernel=2 +1244: struct ib_uverbs_flow_spec_action_count: bad number of fields: syz=5 kernel=3 +1245: field ib_uverbs_flow_spec_action_count.type/: bad size: syz=4 kernel=8 +1246: field ib_uverbs_flow_spec_action_count.size/handle: bad offset: syz=4 kernel=8 +1246: field ib_uverbs_flow_spec_action_count.size/handle: bad size: syz=2 kernel=4 +1247: field ib_uverbs_flow_spec_action_count.reserved0/reserved1: bad offset: syz=6 kernel=12 +1247: field ib_uverbs_flow_spec_action_count.reserved0/reserved1: bad size: syz=2 kernel=4 +1252: struct union_ib_flow_spec: no corresponding struct in kernel +1284: struct create_flow_resp: no corresponding struct in kernel +1300: struct destroy_flow_cmd: no corresponding struct in kernel +1318: struct ib_uverbs_create_counters_cmd: no corresponding struct in kernel +1337: struct ib_uverbs_destroy_counters_cmd: no corresponding struct in kernel +1357: struct ib_uverbs_read_counters_cmd: no corresponding struct in kernel diff --git a/sys/linux/dev_infiniband_rdma_cm.txt.warn b/sys/linux/dev_infiniband_rdma_cm.txt.warn new file mode 100644 index 000000000000..e773260534ed --- /dev/null +++ b/sys/linux/dev_infiniband_rdma_cm.txt.warn @@ -0,0 +1,13 @@ +0164: struct rdma_ucm_create_mcast_id_resp: no corresponding struct in kernel +0179: struct rdma_ucm_leave_mcast: no corresponding struct in kernel +0189: struct rdma_ucm_event_resp: bad number of fields: syz=2 kernel=6 +0191: field rdma_ucm_event_resp.id/id: bad size: syz=8 kernel=4 +0196: struct rdma_ucm_set_option: bad number of fields: syz=4 kernel=5 +0197: field rdma_ucm_set_option.id_tos/optval: bad size: syz=24 kernel=8 +0198: field rdma_ucm_set_option.id_resuseaddr/id: bad offset: syz=24 kernel=8 +0198: field rdma_ucm_set_option.id_resuseaddr/id: bad size: syz=24 kernel=4 +0199: field rdma_ucm_set_option.id_afonly/level: bad offset: syz=48 kernel=12 +0199: field rdma_ucm_set_option.id_afonly/level: bad size: syz=24 kernel=4 +0200: field rdma_ucm_set_option.ib_path/optname: bad offset: syz=72 kernel=16 +0200: field rdma_ucm_set_option.ib_path/optname: bad size: syz=24 kernel=4 +0245: struct sockaddr_rdma_cm: no corresponding struct in kernel diff --git a/sys/linux/dev_input.txt.warn b/sys/linux/dev_input.txt.warn new file mode 100644 index 000000000000..c784eafdaf5b --- /dev/null +++ b/sys/linux/dev_input.txt.warn @@ -0,0 +1,8 @@ +0058: struct input_event: bad number of fields: syz=4 kernel=5 +0059: field input_event.time/__sec: bad size: syz=16 kernel=8 +0060: field input_event.type/__usec: bad offset: syz=16 kernel=8 +0060: field input_event.type/__usec: bad size: syz=2 kernel=8 +0061: field input_event.code/type: bad offset: syz=18 kernel=16 +0062: field input_event.val/code: bad offset: syz=20 kernel=18 +0062: field input_event.val/code: bad size: syz=4 kernel=2 +0082: struct ff_effect_u: no corresponding struct in kernel diff --git a/sys/linux/dev_kvm.txt.warn b/sys/linux/dev_kvm.txt.warn new file mode 100644 index 000000000000..e76f977a173b --- /dev/null +++ b/sys/linux/dev_kvm.txt.warn @@ -0,0 +1,70 @@ +0162: struct kvm_text_x86: no corresponding struct in kernel +0169: struct kvm_text_x86_real: no corresponding struct in kernel +0175: struct kvm_text_x86_16: no corresponding struct in kernel +0181: struct kvm_text_x86_32: no corresponding struct in kernel +0187: struct kvm_text_x86_64: no corresponding struct in kernel +0193: struct kvm_text_arm64: no corresponding struct in kernel +0199: struct kvm_setup_opt_x86: no corresponding struct in kernel +0211: struct kvm_setup_opt_cr0: no corresponding struct in kernel +0216: struct kvm_setup_opt_cr4: no corresponding struct in kernel +0221: struct kvm_setup_opt_efer: no corresponding struct in kernel +0226: struct kvm_setup_opt_flags: no corresponding struct in kernel +0231: struct kvm_setup_opt_cstype0: no corresponding struct in kernel +0236: struct kvm_setup_opt_cstype3: no corresponding struct in kernel +0241: struct kvm_setup_opt_dstype0: no corresponding struct in kernel +0246: struct kvm_setup_opt_dstype3: no corresponding struct in kernel +0251: struct kvm_setup_opt_vmwrite: no corresponding struct in kernel +0264: struct kvm_setup_opt_arm64: no corresponding struct in kernel +0270: struct kvm_setup_opt_feature: no corresponding struct in kernel +0291: struct kvm_arm_device_addr: no corresponding struct in kernel +0314: struct kvm_s390_interrupt: no corresponding struct in kernel +0364: struct kvm_one_reg: no corresponding struct in kernel +0369: struct kvm_s390_ucas_mapping: no corresponding struct in kernel +0375: struct kvm_dirty_tlb: no corresponding struct in kernel +0393: struct kvm_assigned_msix_entry: no corresponding struct in kernel +0399: struct kvm_assigned_msix_nr: no corresponding struct in kernel +0418: struct kvm_irq_routing_entry_u: no corresponding struct in kernel +0430: struct kvm_irq_routing_msi: bad number of fields: syz=3 kernel=4 +0430: struct kvm_irq_routing_msi: bad size: syz=12 kernel=16 +0449: struct kvm_assigned_irq: no corresponding struct in kernel +0456: struct kvm_assigned_pci_dev: no corresponding struct in kernel +0476: struct kvm_xsave: bad size: syz=1024 kernel=4096 +0477: field kvm_xsave.region/region: bad size: syz=1024 kernel=4096 +0480: struct kvm_enable_cap_cpu: no corresponding struct in kernel +0487: struct kvm_enable_cap_vm: no corresponding struct in kernel +0502: struct kvm_vcpu_events: bad number of fields: syz=19 kernel=9 +0502: struct kvm_vcpu_events: bad size: syz=28 kernel=64 +0503: field kvm_vcpu_events.exinjec/exception: bad size: syz=1 kernel=8 +0504: field kvm_vcpu_events.exnr/interrupt: bad offset: syz=1 kernel=8 +0504: field kvm_vcpu_events.exnr/interrupt: bad size: syz=1 kernel=4 +0505: field kvm_vcpu_events.exhec/nmi: bad offset: syz=2 kernel=12 +0505: field kvm_vcpu_events.exhec/nmi: bad size: syz=1 kernel=4 +0506: field kvm_vcpu_events.pad1/sipi_vector: bad offset: syz=3 kernel=16 +0506: field kvm_vcpu_events.pad1/sipi_vector: bad size: syz=1 kernel=4 +0507: field kvm_vcpu_events.exec/flags: bad offset: syz=4 kernel=20 +0509: field kvm_vcpu_events.ininjec/smi: bad offset: syz=8 kernel=24 +0509: field kvm_vcpu_events.ininjec/smi: bad size: syz=1 kernel=4 +0510: field kvm_vcpu_events.innr/reserved: bad offset: syz=9 kernel=28 +0510: field kvm_vcpu_events.innr/reserved: bad size: syz=1 kernel=27 +0511: field kvm_vcpu_events.insoft/exception_has_payload: bad offset: syz=10 kernel=55 +0512: field kvm_vcpu_events.inshad/exception_payload: bad offset: syz=11 kernel=56 +0512: field kvm_vcpu_events.inshad/exception_payload: bad size: syz=1 kernel=8 +0586: struct kvm_translation: bad number of fields: syz=5 kernel=6 +0605: struct kvm_regs: bad number of fields: syz=3 kernel=18 +0606: field kvm_regs.gp/rax: bad size: syz=128 kernel=8 +0607: field kvm_regs.rip/rbx: bad offset: syz=128 kernel=8 +0608: field kvm_regs.rflags/rcx: bad offset: syz=136 kernel=16 +0658: field kvm_fpu.fsw/fsw: bad size: syz=1 kernel=2 +0659: field kvm_fpu.ftws/ftwx: bad offset: syz=131 kernel=132 +0660: field kvm_fpu.pad1/pad1: bad offset: syz=132 kernel=133 +0689: struct kvm_irqchip: bad size: syz=224 kernel=520 +0692: field kvm_irqchip.chip/chip: bad size: syz=216 kernel=512 +0695: struct kvm_irq_chip: no corresponding struct in kernel +0728: struct kvm_ioapic_redir: no corresponding struct in kernel +0742: struct kvm_mce_cap: no corresponding struct in kernel +0783: struct kvm_nested_state: bad number of fields: syz=7 kernel=5 +0783: struct kvm_nested_state: bad size: syz=8320 kernel=128 +0787: field kvm_nested_state.vmx/hdr: bad size: syz=24 kernel=120 +0788: field kvm_nested_state.pad/data: bad offset: syz=32 kernel=128 +0788: field kvm_nested_state.pad/data: bad size: syz=96 kernel=0 +0793: struct kvm_vmx_nested_state: no corresponding struct in kernel diff --git a/sys/linux/dev_loop.txt.warn b/sys/linux/dev_loop.txt.warn new file mode 100644 index 000000000000..23dfe2325f67 --- /dev/null +++ b/sys/linux/dev_loop.txt.warn @@ -0,0 +1,15 @@ +0031: struct loop_info: bad size: syz=152 kernel=168 +0033: field loop_info.lo_device/lo_device: bad offset: syz=4 kernel=8 +0033: field loop_info.lo_device/lo_device: bad size: syz=4 kernel=8 +0034: field loop_info.lo_inode/lo_inode: bad offset: syz=8 kernel=16 +0034: field loop_info.lo_inode/lo_inode: bad size: syz=4 kernel=8 +0035: field loop_info.lo_rdevice/lo_rdevice: bad offset: syz=12 kernel=24 +0035: field loop_info.lo_rdevice/lo_rdevice: bad size: syz=4 kernel=8 +0036: field loop_info.lo_offset/lo_offset: bad offset: syz=16 kernel=32 +0037: field loop_info.lo_enc_type/lo_encrypt_type: bad offset: syz=20 kernel=36 +0038: field loop_info.lo_enc_key_size/lo_encrypt_key_size: bad offset: syz=24 kernel=40 +0039: field loop_info.lo_flags/lo_flags: bad offset: syz=28 kernel=44 +0040: field loop_info.lo_name/lo_name: bad offset: syz=32 kernel=48 +0041: field loop_info.lo_enc_key/lo_encrypt_key: bad offset: syz=96 kernel=112 +0042: field loop_info.lo_init/lo_init: bad offset: syz=128 kernel=144 +0043: field loop_info.reserved/reserved: bad offset: syz=144 kernel=160 diff --git a/sys/linux/dev_nbd.txt.warn b/sys/linux/dev_nbd.txt.warn new file mode 100644 index 000000000000..568961db4fdd --- /dev/null +++ b/sys/linux/dev_nbd.txt.warn @@ -0,0 +1 @@ +0053: struct nbd_sock_pair: no corresponding struct in kernel diff --git a/sys/linux/dev_ptmx.txt.warn b/sys/linux/dev_ptmx.txt.warn new file mode 100644 index 000000000000..5c9718fa895a --- /dev/null +++ b/sys/linux/dev_ptmx.txt.warn @@ -0,0 +1,25 @@ +0168: struct termios: bad number of fields: syz=12 kernel=6 +0174: field termios.cc0/c_cc: bad size: syz=1 kernel=19 +0194: struct termio: bad number of fields: syz=10 kernel=6 +0194: struct termio: bad size: syz=20 kernel=18 +0200: field termio.cc0/c_cc: bad size: syz=1 kernel=8 +0214: struct io_cmap: no corresponding struct in kernel +0223: struct unimapdesc_in: no corresponding struct in kernel +0228: struct unimapdesc_out: no corresponding struct in kernel +0238: struct unimapinit: no corresponding struct in kernel +0289: struct tiocl_selection: bad number of fields: syz=6 kernel=5 +0289: struct tiocl_selection: bad size: syz=11 kernel=10 +0290: field tiocl_selection.subcode/xs: bad size: syz=1 kernel=2 +0291: field tiocl_selection.xs/ys: bad offset: syz=1 kernel=2 +0292: field tiocl_selection.ys/xe: bad offset: syz=3 kernel=4 +0293: field tiocl_selection.xe/ye: bad offset: syz=5 kernel=6 +0294: field tiocl_selection.ye/sel_mode: bad offset: syz=7 kernel=8 +0300: struct loadlut: no corresponding struct in kernel +0308: struct tiocl_shift_state: no corresponding struct in kernel +0313: struct tioctl_scroll_console: no corresponding struct in kernel +0327: field serial_struct.close_delay/close_delay: bad size: syz=4 kernel=2 +0328: field serial_struct.io_type/io_type: bad offset: syz=36 kernel=34 +0329: field serial_struct.reserved_char/reserved_char: bad offset: syz=37 kernel=35 +0330: field serial_struct.hub6/hub6: bad offset: syz=40 kernel=36 +0331: field serial_struct.closing_wait/closing_wait: bad offset: syz=44 kernel=40 +0332: field serial_struct.closing_wait2/closing_wait2: bad offset: syz=46 kernel=42 diff --git a/sys/linux/dev_ptp.txt.warn b/sys/linux/dev_ptp.txt.warn new file mode 100644 index 000000000000..7500a93b7b49 --- /dev/null +++ b/sys/linux/dev_ptp.txt.warn @@ -0,0 +1,2 @@ +0045: struct ptp_sys_offset: bad number of fields: syz=2 kernel=3 +0051: struct ptp_sys_offset_extended: bad number of fields: syz=2 kernel=3 diff --git a/sys/linux/dev_rtc.txt.warn b/sys/linux/dev_rtc.txt.warn new file mode 100644 index 000000000000..3ae88eed6251 --- /dev/null +++ b/sys/linux/dev_rtc.txt.warn @@ -0,0 +1 @@ +0052: struct rtc_pll_info: no corresponding struct in kernel diff --git a/sys/linux/dev_sg.txt.warn b/sys/linux/dev_sg.txt.warn new file mode 100644 index 000000000000..5cae97c34f59 --- /dev/null +++ b/sys/linux/dev_sg.txt.warn @@ -0,0 +1,29 @@ +0051: struct sg_io_hdr: bad number of fields: syz=20 kernel=22 +0056: field sg_io_hdr.data/iovec_count: bad size: syz=14 kernel=2 +0057: field sg_io_hdr.cmdp/dxfer_len: bad offset: syz=24 kernel=12 +0057: field sg_io_hdr.cmdp/dxfer_len: bad size: syz=8 kernel=4 +0058: field sg_io_hdr.sbp/dxferp: bad offset: syz=32 kernel=16 +0059: field sg_io_hdr.timeout/cmdp: bad offset: syz=40 kernel=24 +0059: field sg_io_hdr.timeout/cmdp: bad size: syz=4 kernel=8 +0060: field sg_io_hdr.flags/sbp: bad offset: syz=44 kernel=32 +0060: field sg_io_hdr.flags/sbp: bad size: syz=4 kernel=8 +0061: field sg_io_hdr.pack_id/timeout: bad offset: syz=48 kernel=40 +0062: field sg_io_hdr.usr_ptr/flags: bad offset: syz=52 kernel=44 +0062: field sg_io_hdr.usr_ptr/flags: bad size: syz=8 kernel=4 +0063: field sg_io_hdr.status/pack_id: bad offset: syz=60 kernel=48 +0063: field sg_io_hdr.status/pack_id: bad size: syz=1 kernel=4 +0064: field sg_io_hdr.masked_status/usr_ptr: bad offset: syz=61 kernel=56 +0064: field sg_io_hdr.masked_status/usr_ptr: bad size: syz=1 kernel=8 +0065: field sg_io_hdr.msg_status/status: bad offset: syz=62 kernel=64 +0066: field sg_io_hdr.sb_len_wr/masked_status: bad offset: syz=63 kernel=65 +0067: field sg_io_hdr.host_status/msg_status: bad offset: syz=64 kernel=66 +0067: field sg_io_hdr.host_status/msg_status: bad size: syz=2 kernel=1 +0068: field sg_io_hdr.driver_status/sb_len_wr: bad offset: syz=66 kernel=67 +0068: field sg_io_hdr.driver_status/sb_len_wr: bad size: syz=2 kernel=1 +0069: field sg_io_hdr.resid/host_status: bad size: syz=4 kernel=2 +0070: field sg_io_hdr.duration/driver_status: bad offset: syz=72 kernel=70 +0070: field sg_io_hdr.duration/driver_status: bad size: syz=4 kernel=2 +0071: field sg_io_hdr.info/resid: bad offset: syz=76 kernel=72 +0074: struct sg_io_hdr_data: no corresponding struct in kernel +0079: struct sg_io_hdr_data_buffer: no corresponding struct in kernel +0085: struct sg_io_hdr_data_scatter: no corresponding struct in kernel diff --git a/sys/linux/dev_snd_control.txt.warn b/sys/linux/dev_snd_control.txt.warn new file mode 100644 index 000000000000..12623b875301 --- /dev/null +++ b/sys/linux/dev_snd_control.txt.warn @@ -0,0 +1,8 @@ +0061: struct snd_ctl_elem_info: bad number of fields: syz=12 kernel=8 +0067: field snd_ctl_elem_info.items/value: bad size: syz=4 kernel=128 +0068: field snd_ctl_elem_info.item/dimen: bad offset: syz=84 kernel=208 +0068: field snd_ctl_elem_info.item/dimen: bad size: syz=4 kernel=8 +0069: field snd_ctl_elem_info.name/reserved: bad offset: syz=88 kernel=216 +0069: field snd_ctl_elem_info.name/reserved: bad size: syz=64 kernel=56 +0078: struct snd_ctl_elem_value: bad number of fields: syz=4 kernel=5 +0080: field snd_ctl_elem_value.indir/indirect: bad bit size/offset: syz=0/0 kernel=1/0 diff --git a/sys/linux/dev_snd_midi.txt.warn b/sys/linux/dev_snd_midi.txt.warn new file mode 100644 index 000000000000..ff2ab43f82ff --- /dev/null +++ b/sys/linux/dev_snd_midi.txt.warn @@ -0,0 +1,14 @@ +0026: struct snd_rawmidi_info_raw: no corresponding struct in kernel +0040: struct snd_rawmidi_params: bad size: syz=32 kernel=48 +0042: field snd_rawmidi_params.buffer_size/buffer_size: bad offset: syz=4 kernel=8 +0042: field snd_rawmidi_params.buffer_size/buffer_size: bad size: syz=4 kernel=8 +0043: field snd_rawmidi_params.avail_min/avail_min: bad offset: syz=8 kernel=16 +0043: field snd_rawmidi_params.avail_min/avail_min: bad size: syz=4 kernel=8 +0044: field snd_rawmidi_params.no_active_sensing/no_active_sensing: bad bit size/offset: syz=0/0 kernel=1/0 +0044: field snd_rawmidi_params.no_active_sensing/no_active_sensing: bad offset: syz=12 kernel=24 +0045: field snd_rawmidi_params.reserved/reserved: bad offset: syz=16 kernel=25 +0048: struct snd_rawmidi_status: bad size: syz=48 kernel=56 +0051: field snd_rawmidi_status.avail/avail: bad size: syz=4 kernel=8 +0052: field snd_rawmidi_status.xruns/xruns: bad offset: syz=28 kernel=32 +0052: field snd_rawmidi_status.xruns/xruns: bad size: syz=4 kernel=8 +0053: field snd_rawmidi_status.reserved/reserved: bad offset: syz=32 kernel=40 diff --git a/sys/linux/dev_snd_pcm.txt.warn b/sys/linux/dev_snd_pcm.txt.warn new file mode 100644 index 000000000000..b3857bceabf4 --- /dev/null +++ b/sys/linux/dev_snd_pcm.txt.warn @@ -0,0 +1,34 @@ +0071: struct snd_pcm_hw_params_old: bad size: syz=344 kernel=256 +0073: field snd_pcm_hw_params_old.masks/masks: bad size: syz=96 kernel=12 +0074: field snd_pcm_hw_params_old.intervals/intervals: bad offset: syz=100 kernel=16 +0075: field snd_pcm_hw_params_old.rmask/rmask: bad offset: syz=244 kernel=160 +0076: field snd_pcm_hw_params_old.cmask/cmask: bad offset: syz=248 kernel=164 +0077: field snd_pcm_hw_params_old.info/info: bad offset: syz=252 kernel=168 +0078: field snd_pcm_hw_params_old.msbits/msbits: bad offset: syz=256 kernel=172 +0079: field snd_pcm_hw_params_old.rate_num/rate_num: bad offset: syz=260 kernel=176 +0080: field snd_pcm_hw_params_old.rate_den/rate_den: bad offset: syz=264 kernel=180 +0081: field snd_pcm_hw_params_old.fifo_size/fifo_size: bad offset: syz=272 kernel=184 +0082: field snd_pcm_hw_params_old.reserved/reserved: bad offset: syz=280 kernel=192 +0085: struct snd_pcm_sw_params: bad number of fields: syz=12 kernel=13 +0102: field snd_pcm_sync_ptr.status/s: bad offset: syz=4 kernel=8 +0103: field snd_pcm_sync_ptr.control/c: bad size: syz=16 kernel=64 +0111: struct snd_pcm_status: bad number of fields: syz=13 kernel=15 +0113: field snd_pcm_status.trigger_tstamp_sec/trigger_tstamp: bad size: syz=8 kernel=16 +0114: field snd_pcm_status.trigger_tstamp_nsec/tstamp: bad offset: syz=16 kernel=24 +0114: field snd_pcm_status.trigger_tstamp_nsec/tstamp: bad size: syz=8 kernel=16 +0115: field snd_pcm_status.tstamp_sec/appl_ptr: bad offset: syz=24 kernel=40 +0116: field snd_pcm_status.tstamp_nsec/hw_ptr: bad offset: syz=32 kernel=48 +0117: field snd_pcm_status.appl_ptr/delay: bad offset: syz=40 kernel=56 +0118: field snd_pcm_status.hw_ptr/avail: bad offset: syz=48 kernel=64 +0119: field snd_pcm_status.delay/avail_max: bad offset: syz=56 kernel=72 +0120: field snd_pcm_status.avail/overrange: bad offset: syz=64 kernel=80 +0121: field snd_pcm_status.avail_max/suspended_state: bad offset: syz=72 kernel=88 +0121: field snd_pcm_status.avail_max/suspended_state: bad size: syz=8 kernel=4 +0122: field snd_pcm_status.overrange/audio_tstamp_data: bad offset: syz=80 kernel=92 +0122: field snd_pcm_status.overrange/audio_tstamp_data: bad size: syz=8 kernel=4 +0123: field snd_pcm_status.suspended_state/audio_tstamp: bad offset: syz=88 kernel=96 +0123: field snd_pcm_status.suspended_state/audio_tstamp: bad size: syz=4 kernel=16 +0124: field snd_pcm_status.audio_tstamp_data/driver_tstamp: bad offset: syz=92 kernel=112 +0124: field snd_pcm_status.audio_tstamp_data/driver_tstamp: bad size: syz=4 kernel=16 +0139: struct snd_interval: bad number of fields: syz=3 kernel=6 +0142: field snd_interval.flags/openmin: bad bit size/offset: syz=0/0 kernel=1/0 diff --git a/sys/linux/dev_snd_seq.txt.warn b/sys/linux/dev_snd_seq.txt.warn new file mode 100644 index 000000000000..1b3f33333b46 --- /dev/null +++ b/sys/linux/dev_snd_seq.txt.warn @@ -0,0 +1,42 @@ +0083: struct snd_seq_client_info: bad number of fields: syz=9 kernel=11 +0092: field snd_seq_client_info.pad/card: bad size: syz=64 kernel=4 +0095: struct snd_seq_port_info: bad size: syz=176 kernel=168 +0107: field snd_seq_port_info.timeq/time_queue: bad size: syz=4 kernel=1 +0108: field snd_seq_port_info.pad/reserved: bad offset: syz=112 kernel=109 +0124: field snd_seq_queue_info.locked/locked: bad bit size/offset: syz=0/0 kernel=1/0 +0125: field snd_seq_queue_info.name/name: bad offset: syz=12 kernel=9 +0130: struct snd_seq_queue_status: bad size: syz=104 kernel=92 +0134: field snd_seq_queue_status.time/time: bad offset: syz=16 kernel=12 +0134: field snd_seq_queue_status.time/time: bad size: syz=16 kernel=8 +0135: field snd_seq_queue_status.runnint/running: bad offset: syz=32 kernel=20 +0136: field snd_seq_queue_status.flags/flags: bad offset: syz=36 kernel=24 +0137: field snd_seq_queue_status.pad/reserved: bad offset: syz=40 kernel=28 +0140: struct snd_seq_queue_timer: bad size: syz=92 kernel=96 +0143: field snd_seq_queue_timer.id/u: bad size: syz=20 kernel=24 +0144: field snd_seq_queue_timer.pad/reserved: bad offset: syz=28 kernel=32 +0172: struct snd_seq_remove_events: bad size: syz=80 kernel=64 +0174: field snd_seq_remove_events.time/time: bad offset: syz=8 kernel=4 +0174: field snd_seq_remove_events.time/time: bad size: syz=16 kernel=8 +0175: field snd_seq_remove_events.queue/queue: bad offset: syz=24 kernel=12 +0176: field snd_seq_remove_events.dest/dest: bad offset: syz=25 kernel=13 +0177: field snd_seq_remove_events.chan/channel: bad offset: syz=27 kernel=15 +0178: field snd_seq_remove_events.type/type: bad offset: syz=28 kernel=16 +0179: field snd_seq_remove_events.tag/tag: bad offset: syz=32 kernel=20 +0180: field snd_seq_remove_events.pad/reserved: bad offset: syz=36 kernel=24 +0194: struct snd_seq_event: bad size: syz=48 kernel=28 +0199: field snd_seq_event.time/time: bad offset: syz=8 kernel=4 +0199: field snd_seq_event.time/time: bad size: syz=16 kernel=8 +0200: field snd_seq_event.src/source: bad offset: syz=24 kernel=12 +0201: field snd_seq_event.dst/dest: bad offset: syz=26 kernel=14 +0202: field snd_seq_event.data/data: bad offset: syz=32 kernel=16 +0202: field snd_seq_event.data/data: bad size: syz=16 kernel=12 +0205: struct snd_seq_event_data: no corresponding struct in kernel +0227: struct snd_seq_ev_ctrl: bad number of fields: syz=3 kernel=6 +0229: field snd_seq_ev_ctrl.param/unused1: bad offset: syz=4 kernel=1 +0229: field snd_seq_ev_ctrl.param/unused1: bad size: syz=4 kernel=1 +0230: field snd_seq_ev_ctrl.val/unused2: bad offset: syz=8 kernel=2 +0230: field snd_seq_ev_ctrl.val/unused2: bad size: syz=4 kernel=1 +0246: struct snd_seq_ev_queue_control: bad number of fields: syz=2 kernel=3 +0248: field snd_seq_ev_queue_control.param/pad: bad offset: syz=4 kernel=1 +0248: field snd_seq_ev_queue_control.param/pad: bad size: syz=8 kernel=3 +0272: struct snd_seq_timestamp: no corresponding struct in kernel diff --git a/sys/linux/dev_tlk_device.txt.warn b/sys/linux/dev_tlk_device.txt.warn new file mode 100644 index 000000000000..88b91bed3f56 --- /dev/null +++ b/sys/linux/dev_tlk_device.txt.warn @@ -0,0 +1,9 @@ +0026: struct te_service_id: no corresponding struct in kernel +0033: struct te_opensession: no corresponding struct in kernel +0039: struct te_closesession: no corresponding struct in kernel +0044: struct te_answer: no corresponding struct in kernel +0050: struct te_launchop: no corresponding struct in kernel +0056: struct te_operation: no corresponding struct in kernel +0065: struct te_int_mem_union: no corresponding struct in kernel +0070: struct te_mem: no corresponding struct in kernel +0075: struct te_oper_param: no corresponding struct in kernel diff --git a/sys/linux/dev_uhid.txt.warn b/sys/linux/dev_uhid.txt.warn new file mode 100644 index 000000000000..d253243f2de3 --- /dev/null +++ b/sys/linux/dev_uhid.txt.warn @@ -0,0 +1,23 @@ +0018: struct uhid_create_req: bad number of fields: syz=11 kernel=10 +0018: struct uhid_create_req: bad size: syz=288 kernel=284 +0019: field uhid_create_req.type/name: bad size: syz=4 kernel=128 +0020: field uhid_create_req.name/phys: bad offset: syz=4 kernel=128 +0020: field uhid_create_req.name/phys: bad size: syz=128 kernel=64 +0021: field uhid_create_req.phys/uniq: bad offset: syz=132 kernel=192 +0022: field uhid_create_req.uniq/rd_data: bad offset: syz=196 kernel=256 +0022: field uhid_create_req.uniq/rd_data: bad size: syz=64 kernel=8 +0023: field uhid_create_req.rd_data/rd_size: bad offset: syz=260 kernel=264 +0023: field uhid_create_req.rd_data/rd_size: bad size: syz=8 kernel=2 +0024: field uhid_create_req.rd_size/bus: bad offset: syz=268 kernel=266 +0025: field uhid_create_req.bus/vendor: bad offset: syz=270 kernel=268 +0025: field uhid_create_req.bus/vendor: bad size: syz=2 kernel=4 +0046: struct uhid_destroy_req: no corresponding struct in kernel +0050: struct uhid_input_req: bad number of fields: syz=3 kernel=2 +0050: struct uhid_input_req: bad size: syz=4102 kernel=4098 +0051: field uhid_input_req.type/data: bad size: syz=4 kernel=4096 +0052: field uhid_input_req.data/size: bad offset: syz=4 kernel=4096 +0052: field uhid_input_req.data/size: bad size: syz=4096 kernel=2 +0062: struct uhid_get_report_req: bad number of fields: syz=4 kernel=3 +0062: struct uhid_get_report_req: bad size: syz=10 kernel=6 +0064: field uhid_get_report_req.id/rnum: bad size: syz=4 kernel=1 +0065: field uhid_get_report_req.rnum/rtype: bad offset: syz=8 kernel=5 diff --git a/sys/linux/dev_usbmon.txt.warn b/sys/linux/dev_usbmon.txt.warn new file mode 100644 index 000000000000..2d83961b28a6 --- /dev/null +++ b/sys/linux/dev_usbmon.txt.warn @@ -0,0 +1 @@ +0052: struct mon_bin_union: no corresponding struct in kernel diff --git a/sys/linux/dev_vfio.txt.warn b/sys/linux/dev_vfio.txt.warn new file mode 100644 index 000000000000..139826e853ad --- /dev/null +++ b/sys/linux/dev_vfio.txt.warn @@ -0,0 +1,4 @@ +0026: struct vfio_iommu_type1_info: bad number of fields: syz=3 kernel=4 +0026: struct vfio_iommu_type1_info: bad size: syz=16 kernel=24 +0040: struct vfio_iommu_type1_dma_unmap: bad number of fields: syz=5 kernel=4 +0040: struct vfio_iommu_type1_dma_unmap: bad size: syz=32 kernel=24 diff --git a/sys/linux/dev_video4linux.txt.warn b/sys/linux/dev_video4linux.txt.warn new file mode 100644 index 000000000000..323050d160db --- /dev/null +++ b/sys/linux/dev_video4linux.txt.warn @@ -0,0 +1,71 @@ +0146: struct v4l2_capability: bad size: syz=88 kernel=104 +0148: field v4l2_capability.card/card: bad size: syz=16 kernel=32 +0149: field v4l2_capability.bus_version/bus_info: bad offset: syz=32 kernel=48 +0150: field v4l2_capability.version/version: bad offset: syz=64 kernel=80 +0151: field v4l2_capability.capabilities/capabilities: bad offset: syz=68 kernel=84 +0152: field v4l2_capability.device_caps/device_caps: bad offset: syz=72 kernel=88 +0153: field v4l2_capability.reserved/reserved: bad offset: syz=76 kernel=92 +0170: struct v4l2_format_fmt: no corresponding struct in kernel +0262: struct v4l2_requestbuffers: bad number of fields: syz=4 kernel=5 +0266: field v4l2_requestbuffers.reserved/capabilities: bad size: syz=8 kernel=4 +0269: struct v4l2_buffer: bad number of fields: syz=12 kernel=13 +0269: struct v4l2_buffer: bad size: syz=80 kernel=88 +0274: field v4l2_buffer.timestamp/field: bad size: syz=16 kernel=4 +0275: field v4l2_buffer.timecode/timestamp: bad offset: syz=32 kernel=24 +0276: field v4l2_buffer.sequence/timecode: bad offset: syz=48 kernel=40 +0276: field v4l2_buffer.sequence/timecode: bad size: syz=4 kernel=16 +0277: field v4l2_buffer.memory/sequence: bad offset: syz=52 kernel=56 +0278: field v4l2_buffer.m/memory: bad offset: syz=56 kernel=60 +0278: field v4l2_buffer.m/memory: bad size: syz=8 kernel=4 +0279: field v4l2_buffer.length/m: bad size: syz=4 kernel=8 +0280: field v4l2_buffer.reserved2/length: bad offset: syz=68 kernel=72 +0281: field v4l2_buffer.reserved/reserved2: bad offset: syz=72 kernel=76 +0284: struct v4l2_buffer_union: no corresponding struct in kernel +0309: struct v4l2_plane_union: no corresponding struct in kernel +0322: struct v4l2_framebuffer_union: no corresponding struct in kernel +0347: struct v4l2_streamparm_union: no corresponding struct in kernel +0422: struct v4l2_querymenu_union: no corresponding struct in kernel +0490: struct v4l2_ext_controls: bad number of fields: syz=5 kernel=6 +0494: field v4l2_ext_controls.reserved/request_fd: bad size: syz=8 kernel=4 +0495: field v4l2_ext_controls.controls/reserved: bad offset: syz=24 kernel=16 +0495: field v4l2_ext_controls.controls/reserved: bad size: syz=8 kernel=4 +0505: struct v4l2_ext_u: no corresponding struct in kernel +0523: struct v4l2_frmsizeenum_union: no corresponding struct in kernel +0552: struct v4l2_frmivalenum_union: no corresponding struct in kernel +0590: struct v4l2_dbg_match_union: no corresponding struct in kernel +0611: struct v4l2_dv_timings_union: no corresponding struct in kernel +0616: struct v4l2_bt_timings: bad number of fields: syz=17 kernel=20 +0633: field v4l2_bt_timings.reserved/picture_aspect: bad size: syz=56 kernel=8 +0652: struct v4l2_event_union: no corresponding struct in kernel +0676: struct v4l2_event_ctrl_union: no corresponding struct in kernel +0702: struct v4l2_create_buffers: bad number of fields: syz=5 kernel=6 +0707: field v4l2_create_buffers.reserved/capabilities: bad size: syz=32 kernel=4 +0724: struct v4l2_decoder_cmd_u: no corresponding struct in kernel +0730: struct v4l2_decoder_cmd_start: no corresponding struct in kernel +0749: struct v4l2_dv_timings_cap_u: no corresponding struct in kernel +0800: struct v4l2_standard: bad size: syz=60 kernel=72 +0802: field v4l2_standard.id/id: bad offset: syz=4 kernel=8 +0802: field v4l2_standard.id/id: bad size: syz=4 kernel=8 +0803: field v4l2_standard.name/name: bad offset: syz=8 kernel=16 +0804: field v4l2_standard.frameperiod/frameperiod: bad offset: syz=32 kernel=40 +0805: field v4l2_standard.framelines/framelines: bad offset: syz=40 kernel=48 +0806: field v4l2_standard.reserved/reserved: bad offset: syz=44 kernel=52 +0809: struct v4l2_input: bad size: syz=72 kernel=80 +0815: field v4l2_input.std/std: bad size: syz=4 kernel=8 +0816: field v4l2_input.status/status: bad offset: syz=52 kernel=56 +0817: field v4l2_input.capabilities/capabilities: bad offset: syz=56 kernel=60 +0818: field v4l2_input.reserved/reserved: bad offset: syz=60 kernel=64 +0821: struct v4l2_output: bad size: syz=68 kernel=72 +0827: field v4l2_output.std/std: bad size: syz=4 kernel=8 +0828: field v4l2_output.capabilities/capabilities: bad offset: syz=52 kernel=56 +0829: field v4l2_output.reserved/reserved: bad offset: syz=56 kernel=60 +0832: struct v4l2_subdev_format: bad size: syz=72 kernel=88 +0835: field v4l2_subdev_format.format/format: bad size: syz=32 kernel=48 +0836: field v4l2_subdev_format.reserved/reserved: bad offset: syz=40 kernel=56 +0839: struct v4l2_mbus_framefmt: bad number of fields: syz=8 kernel=9 +0839: struct v4l2_mbus_framefmt: bad size: syz=32 kernel=48 +0845: field v4l2_mbus_framefmt.ycbcr_enc/ycbcr_enc: bad size: syz=4 kernel=2 +0846: field v4l2_mbus_framefmt.quantization/quantization: bad offset: syz=24 kernel=22 +0846: field v4l2_mbus_framefmt.quantization/quantization: bad size: syz=4 kernel=2 +0847: field v4l2_mbus_framefmt.xfer_func/xfer_func: bad offset: syz=28 kernel=24 +0847: field v4l2_mbus_framefmt.xfer_func/xfer_func: bad size: syz=4 kernel=2 diff --git a/sys/linux/devio.txt.warn b/sys/linux/devio.txt.warn new file mode 100644 index 000000000000..f18d15d32811 --- /dev/null +++ b/sys/linux/devio.txt.warn @@ -0,0 +1,20 @@ +0053: struct usbdevfs_ep: no corresponding struct in kernel +0070: struct usbdevfs_bulktransfer: bad number of fields: syz=6 kernel=4 +0071: field usbdevfs_bulktransfer.ep/ep: bad size: syz=1 kernel=4 +0072: field usbdevfs_bulktransfer.pad0/len: bad offset: syz=1 kernel=4 +0072: field usbdevfs_bulktransfer.pad0/len: bad size: syz=1 kernel=4 +0073: field usbdevfs_bulktransfer.pad1/timeout: bad offset: syz=2 kernel=8 +0073: field usbdevfs_bulktransfer.pad1/timeout: bad size: syz=2 kernel=4 +0074: field usbdevfs_bulktransfer.len/data: bad offset: syz=4 kernel=16 +0074: field usbdevfs_bulktransfer.len/data: bad size: syz=4 kernel=8 +0101: struct usbdevfs_urb_control: no corresponding struct in kernel +0124: struct usbdevfs_urb_bulk: no corresponding struct in kernel +0139: struct usbdevfs_urb_interrupt: no corresponding struct in kernel +0184: field usbdevfs_ioctl.usbdevfs_disconnect/ifno: bad size: syz=16 kernel=4 +0185: field usbdevfs_ioctl.usbdevfs_connect/ioctl_code: bad offset: syz=16 kernel=4 +0185: field usbdevfs_ioctl.usbdevfs_connect/ioctl_code: bad size: syz=16 kernel=4 +0186: field usbdevfs_ioctl.usbdevfs_driver/data: bad offset: syz=32 kernel=8 +0186: field usbdevfs_ioctl.usbdevfs_driver/data: bad size: syz=16 kernel=8 +0189: struct usbdevfs_ioctl_disconnect: no corresponding struct in kernel +0195: struct usbdevfs_ioctl_connect: no corresponding struct in kernel +0201: struct usbdevfs_ioctl_driver: no corresponding struct in kernel diff --git a/sys/linux/filesystem.txt.warn b/sys/linux/filesystem.txt.warn new file mode 100644 index 000000000000..246fb2ef24ea --- /dev/null +++ b/sys/linux/filesystem.txt.warn @@ -0,0 +1,4 @@ +0052: struct nbd_filename: no corresponding struct in kernel +0058: struct loop_filename: no corresponding struct in kernel +0112: struct fs_image_segment: no corresponding struct in kernel +0199: struct uuid_str: no corresponding struct in kernel diff --git a/sys/linux/fs_ioctl.txt.warn b/sys/linux/fs_ioctl.txt.warn new file mode 100644 index 000000000000..38dcda8a849d --- /dev/null +++ b/sys/linux/fs_ioctl.txt.warn @@ -0,0 +1,22 @@ +0044: struct file_clone_range: bad number of fields: syz=5 kernel=4 +0045: field file_clone_range.src_fd/src_fd: bad size: syz=4 kernel=8 +0046: field file_clone_range.pad/src_offset: bad offset: syz=4 kernel=8 +0046: field file_clone_range.pad/src_offset: bad size: syz=4 kernel=8 +0047: field file_clone_range.src_offset/src_length: bad offset: syz=8 kernel=16 +0048: field file_clone_range.src_length/dest_offset: bad offset: syz=16 kernel=24 +0061: struct file_dedupe_range_info: bad number of fields: syz=6 kernel=5 +0062: field file_dedupe_range_info.dest_fd/dest_fd: bad size: syz=4 kernel=8 +0063: field file_dedupe_range_info.pad/dest_offset: bad offset: syz=4 kernel=8 +0063: field file_dedupe_range_info.pad/dest_offset: bad size: syz=4 kernel=8 +0064: field file_dedupe_range_info.dest_offset/bytes_deduped: bad offset: syz=8 kernel=16 +0065: field file_dedupe_range_info.bytes_deduped/status: bad offset: syz=16 kernel=24 +0065: field file_dedupe_range_info.bytes_deduped/status: bad size: syz=8 kernel=4 +0066: field file_dedupe_range_info.status/reserved: bad offset: syz=24 kernel=28 +0070: struct fsxattr: bad size: syz=32 kernel=28 +0076: field fsxattr.fsx_pad/fsx_pad: bad offset: syz=24 kernel=20 +0088: struct fiemap_extent: bad number of fields: syz=9 kernel=6 +0092: field fiemap_extent.pad1/fe_reserved64: bad size: syz=8 kernel=16 +0093: field fiemap_extent.pad2/fe_flags: bad offset: syz=32 kernel=40 +0093: field fiemap_extent.pad2/fe_flags: bad size: syz=8 kernel=4 +0094: field fiemap_extent.flags/fe_reserved: bad offset: syz=40 kernel=44 +0094: field fiemap_extent.flags/fe_reserved: bad size: syz=4 kernel=12 diff --git a/sys/linux/fscrypt.txt.warn b/sys/linux/fscrypt.txt.warn new file mode 100644 index 000000000000..69e6efd4b07e --- /dev/null +++ b/sys/linux/fscrypt.txt.warn @@ -0,0 +1,14 @@ +0021: struct fscrypt_policy_v1: bad number of fields: syz=4 kernel=5 +0023: field fscrypt_policy_v1.modes/contents_encryption_mode: bad size: syz=2 kernel=1 +0024: field fscrypt_policy_v1.flags/filenames_encryption_mode: bad offset: syz=3 kernel=2 +0025: field fscrypt_policy_v1.master_key_descriptor/flags: bad offset: syz=4 kernel=3 +0025: field fscrypt_policy_v1.master_key_descriptor/flags: bad size: syz=8 kernel=1 +0028: struct fscrypt_policy_v2: bad number of fields: syz=5 kernel=6 +0030: field fscrypt_policy_v2.modes/contents_encryption_mode: bad size: syz=2 kernel=1 +0031: field fscrypt_policy_v2.flags/filenames_encryption_mode: bad offset: syz=3 kernel=2 +0032: field fscrypt_policy_v2.reserved/flags: bad offset: syz=4 kernel=3 +0032: field fscrypt_policy_v2.reserved/flags: bad size: syz=4 kernel=1 +0033: field fscrypt_policy_v2.master_key_identifier/__reserved: bad offset: syz=8 kernel=4 +0033: field fscrypt_policy_v2.master_key_identifier/__reserved: bad size: syz=16 kernel=4 +0041: struct fscrypt_policy_modes: no corresponding struct in kernel +0068: struct fscrypt_key_specifier_payload: no corresponding struct in kernel diff --git a/sys/linux/fuse.txt.warn b/sys/linux/fuse.txt.warn new file mode 100644 index 000000000000..3923f6f921fa --- /dev/null +++ b/sys/linux/fuse.txt.warn @@ -0,0 +1,5 @@ +0063: struct fuse_init_out: bad number of fields: syz=9 kernel=11 +0072: field fuse_init_out.unused/max_pages: bad size: syz=36 kernel=2 +0125: struct fuse_kstatfs: bad number of fields: syz=9 kernel=10 +0134: field fuse_kstatfs.padding_spare/padding: bad size: syz=28 kernel=4 +0167: struct fuse_create_open_out: no corresponding struct in kernel diff --git a/sys/linux/hafnium.txt.warn b/sys/linux/hafnium.txt.warn new file mode 100644 index 000000000000..c1030f11c792 --- /dev/null +++ b/sys/linux/hafnium.txt.warn @@ -0,0 +1 @@ +0020: struct sockaddr_hf: no corresponding struct in kernel diff --git a/sys/linux/io_uring.txt.warn b/sys/linux/io_uring.txt.warn new file mode 100644 index 000000000000..7c3c1da322aa --- /dev/null +++ b/sys/linux/io_uring.txt.warn @@ -0,0 +1,5 @@ +0031: struct io_uring_params: bad number of fields: syz=8 kernel=9 +0037: field io_uring_params.resv/features: bad size: syz=20 kernel=4 +0038: field io_uring_params.sq_off/resv: bad offset: syz=40 kernel=24 +0038: field io_uring_params.sq_off/resv: bad size: syz=40 kernel=16 +0039: field io_uring_params.cq_off/sq_off: bad offset: syz=80 kernel=40 diff --git a/sys/linux/ipc.txt.warn b/sys/linux/ipc.txt.warn new file mode 100644 index 000000000000..d2d818f6f31f --- /dev/null +++ b/sys/linux/ipc.txt.warn @@ -0,0 +1,38 @@ +0073: struct ipc_perm: bad number of fields: syz=10 kernel=7 +0073: struct ipc_perm: bad size: syz=48 kernel=28 +0086: struct msqid_ds: bad number of fields: syz=11 kernel=13 +0086: struct msqid_ds: bad size: syz=120 kernel=104 +0087: field msqid_ds.perm/msg_perm: bad size: syz=48 kernel=28 +0088: field msqid_ds.stime/msg_first: bad offset: syz=48 kernel=32 +0089: field msqid_ds.rtime/msg_last: bad offset: syz=56 kernel=40 +0090: field msqid_ds.ctime/msg_stime: bad offset: syz=64 kernel=48 +0091: field msqid_ds.cbytes/msg_rtime: bad offset: syz=72 kernel=56 +0092: field msqid_ds.qnum/msg_ctime: bad offset: syz=80 kernel=64 +0093: field msqid_ds.qbytes/msg_lcbytes: bad offset: syz=88 kernel=72 +0094: field msqid_ds.lspid/msg_lqbytes: bad offset: syz=96 kernel=80 +0094: field msqid_ds.lspid/msg_lqbytes: bad size: syz=4 kernel=8 +0095: field msqid_ds.lrpid/msg_cbytes: bad offset: syz=100 kernel=88 +0095: field msqid_ds.lrpid/msg_cbytes: bad size: syz=4 kernel=2 +0096: field msqid_ds.pad0/msg_qnum: bad offset: syz=104 kernel=90 +0096: field msqid_ds.pad0/msg_qnum: bad size: syz=8 kernel=2 +0097: field msqid_ds.pad1/msg_qbytes: bad offset: syz=112 kernel=92 +0097: field msqid_ds.pad1/msg_qbytes: bad size: syz=8 kernel=2 +0100: struct shmid_ds: bad size: syz=112 kernel=88 +0101: field shmid_ds.perm/shm_perm: bad size: syz=48 kernel=28 +0102: field shmid_ds.segsz/shm_segsz: bad offset: syz=48 kernel=28 +0103: field shmid_ds.atime/shm_atime: bad offset: syz=56 kernel=32 +0104: field shmid_ds.dtime/shm_dtime: bad offset: syz=64 kernel=40 +0105: field shmid_ds.ctime/shm_ctime: bad offset: syz=72 kernel=48 +0106: field shmid_ds.cpid/shm_cpid: bad offset: syz=80 kernel=56 +0107: field shmid_ds.lpid/shm_lpid: bad offset: syz=84 kernel=60 +0108: field shmid_ds.nattch/shm_nattch: bad offset: syz=88 kernel=64 +0109: field shmid_ds.unused0/shm_unused: bad offset: syz=90 kernel=66 +0110: field shmid_ds.unused1/shm_unused2: bad offset: syz=96 kernel=72 +0111: field shmid_ds.unused2/shm_unused3: bad offset: syz=104 kernel=80 +0114: struct semid_ds: bad number of fields: syz=6 kernel=8 +0115: field semid_ds.perm/sem_perm: bad size: syz=48 kernel=28 +0116: field semid_ds.otime/sem_otime: bad offset: syz=48 kernel=32 +0117: field semid_ds.ctime/sem_ctime: bad offset: syz=56 kernel=40 +0118: field semid_ds.nsems/sem_base: bad offset: syz=64 kernel=48 +0119: field semid_ds.pad0/sem_pending: bad offset: syz=72 kernel=56 +0120: field semid_ds.pad1/sem_pending_last: bad offset: syz=80 kernel=64 diff --git a/sys/linux/ipvs.txt.warn b/sys/linux/ipvs.txt.warn new file mode 100644 index 000000000000..108c7913edb0 --- /dev/null +++ b/sys/linux/ipvs.txt.warn @@ -0,0 +1 @@ +0130: struct ip_vs_svcdest_user: no corresponding struct in kernel diff --git a/sys/linux/key.txt.warn b/sys/linux/key.txt.warn new file mode 100644 index 000000000000..d815affc3e4f --- /dev/null +++ b/sys/linux/key.txt.warn @@ -0,0 +1,3 @@ +0064: struct key_desc: no corresponding struct in kernel +0149: struct key_restriction_keyring: no corresponding struct in kernel +0155: struct key_restriction_keyring_chain: no corresponding struct in kernel diff --git a/sys/linux/mptcp.txt.warn b/sys/linux/mptcp.txt.warn new file mode 100644 index 000000000000..428d403ff65d --- /dev/null +++ b/sys/linux/mptcp.txt.warn @@ -0,0 +1,4 @@ +0057: struct mptcp_mp_join_option: no corresponding struct in kernel +0064: struct mptcp_syn_option: no corresponding struct in kernel +0074: struct mptcp_synack_option: no corresponding struct in kernel +0092: struct mptcp_mp_fclose_option: no corresponding struct in kernel diff --git a/sys/linux/netfilter.txt.warn b/sys/linux/netfilter.txt.warn new file mode 100644 index 000000000000..5530bb363ce2 --- /dev/null +++ b/sys/linux/netfilter.txt.warn @@ -0,0 +1,118 @@ +0083: struct nf_inet_addr: no corresponding struct in kernel +0088: struct nf_conntrack_man_proto: no corresponding struct in kernel +0256: struct xt_bpf_info_v1: bad number of fields: syz=3 kernel=5 +0257: field xt_bpf_info_v1.bytecode/mode: bad size: syz=528 kernel=2 +0258: field xt_bpf_info_v1.pinned/bpf_program_num_elem: bad offset: syz=528 kernel=2 +0258: field xt_bpf_info_v1.pinned/bpf_program_num_elem: bad size: syz=528 kernel=2 +0259: field xt_bpf_info_v1.fd/fd: bad offset: syz=1056 kernel=4 +0259: field xt_bpf_info_v1.fd/fd: bad size: syz=8 kernel=4 +0262: struct xt_bpf_info_bytecode: no corresponding struct in kernel +0270: struct xt_bpf_info_pinned: no corresponding struct in kernel +0278: struct xt_bpf_info_fd: no corresponding struct in kernel +0293: struct xt_conntrack_mtinfo_common: no corresponding struct in kernel +0313: struct xt_conntrack_mtinfo1: bad number of fields: syz=3 kernel=19 +0313: struct xt_conntrack_mtinfo1: bad size: syz=156 kernel=152 +0314: field xt_conntrack_mtinfo1.common/origsrc_addr: bad size: syz=152 kernel=16 +0315: field xt_conntrack_mtinfo1.state_mask/origsrc_mask: bad offset: syz=152 kernel=16 +0315: field xt_conntrack_mtinfo1.state_mask/origsrc_mask: bad size: syz=1 kernel=16 +0316: field xt_conntrack_mtinfo1.status_mask/origdst_addr: bad offset: syz=153 kernel=32 +0316: field xt_conntrack_mtinfo1.status_mask/origdst_addr: bad size: syz=1 kernel=16 +0319: struct xt_conntrack_mtinfo2: bad number of fields: syz=3 kernel=19 +0320: field xt_conntrack_mtinfo2.common/origsrc_addr: bad size: syz=152 kernel=16 +0321: field xt_conntrack_mtinfo2.state_mask/origsrc_mask: bad offset: syz=152 kernel=16 +0321: field xt_conntrack_mtinfo2.state_mask/origsrc_mask: bad size: syz=2 kernel=16 +0322: field xt_conntrack_mtinfo2.status_mask/origdst_addr: bad offset: syz=154 kernel=32 +0322: field xt_conntrack_mtinfo2.status_mask/origdst_addr: bad size: syz=2 kernel=16 +0325: struct xt_conntrack_mtinfo3: bad number of fields: syz=7 kernel=23 +0326: field xt_conntrack_mtinfo3.common/origsrc_addr: bad size: syz=152 kernel=16 +0327: field xt_conntrack_mtinfo3.state_mask/origsrc_mask: bad offset: syz=152 kernel=16 +0327: field xt_conntrack_mtinfo3.state_mask/origsrc_mask: bad size: syz=2 kernel=16 +0328: field xt_conntrack_mtinfo3.status_mask/origdst_addr: bad offset: syz=154 kernel=32 +0328: field xt_conntrack_mtinfo3.status_mask/origdst_addr: bad size: syz=2 kernel=16 +0329: field xt_conntrack_mtinfo3.origsrc_port_high/origdst_mask: bad offset: syz=156 kernel=48 +0329: field xt_conntrack_mtinfo3.origsrc_port_high/origdst_mask: bad size: syz=2 kernel=16 +0330: field xt_conntrack_mtinfo3.origdst_port_high/replsrc_addr: bad offset: syz=158 kernel=64 +0330: field xt_conntrack_mtinfo3.origdst_port_high/replsrc_addr: bad size: syz=2 kernel=16 +0331: field xt_conntrack_mtinfo3.replsrc_port_high/replsrc_mask: bad offset: syz=160 kernel=80 +0331: field xt_conntrack_mtinfo3.replsrc_port_high/replsrc_mask: bad size: syz=2 kernel=16 +0332: field xt_conntrack_mtinfo3.repldst_port_high/repldst_addr: bad offset: syz=162 kernel=96 +0332: field xt_conntrack_mtinfo3.repldst_port_high/repldst_addr: bad size: syz=2 kernel=16 +0339: struct xt_tcp: bad number of fields: syz=8 kernel=6 +0340: field xt_tcp.spts_min/spts: bad size: syz=2 kernel=4 +0341: field xt_tcp.spts_max/dpts: bad offset: syz=2 kernel=4 +0341: field xt_tcp.spts_max/dpts: bad size: syz=2 kernel=4 +0342: field xt_tcp.dpts_min/option: bad offset: syz=4 kernel=8 +0342: field xt_tcp.dpts_min/option: bad size: syz=2 kernel=1 +0343: field xt_tcp.dpts_max/flg_mask: bad offset: syz=6 kernel=9 +0343: field xt_tcp.dpts_max/flg_mask: bad size: syz=2 kernel=1 +0344: field xt_tcp.option/flg_cmp: bad offset: syz=8 kernel=10 +0345: field xt_tcp.flg_mask/invflags: bad offset: syz=9 kernel=11 +0352: struct xt_udp: bad number of fields: syz=5 kernel=3 +0353: field xt_udp.spts_min/spts: bad size: syz=2 kernel=4 +0354: field xt_udp.spts_max/dpts: bad offset: syz=2 kernel=4 +0354: field xt_udp.spts_max/dpts: bad size: syz=2 kernel=4 +0355: field xt_udp.dpts_min/invflags: bad offset: syz=4 kernel=8 +0355: field xt_udp.dpts_min/invflags: bad size: syz=2 kernel=1 +0393: field xt_connmark_mtinfo1.invert/invert: bad size: syz=4 kernel=1 +0402: struct xt_connbytes_info: bad number of fields: syz=4 kernel=3 +0403: field xt_connbytes_info.count_from/count: bad size: syz=8 kernel=16 +0404: field xt_connbytes_info.count_to/what: bad offset: syz=8 kernel=16 +0404: field xt_connbytes_info.count_to/what: bad size: syz=8 kernel=1 +0405: field xt_connbytes_info.what/direction: bad offset: syz=16 kernel=17 +0419: struct xt_sctp_info: bad number of fields: syz=10 kernel=8 +0420: field xt_sctp_info.dpts_min/dpts: bad size: syz=2 kernel=4 +0421: field xt_sctp_info.dpts_max/spts: bad offset: syz=2 kernel=4 +0421: field xt_sctp_info.dpts_max/spts: bad size: syz=2 kernel=4 +0422: field xt_sctp_info.spts_min/chunkmap: bad offset: syz=4 kernel=8 +0422: field xt_sctp_info.spts_min/chunkmap: bad size: syz=2 kernel=256 +0423: field xt_sctp_info.spts_max/chunk_match_type: bad offset: syz=6 kernel=264 +0423: field xt_sctp_info.spts_max/chunk_match_type: bad size: syz=2 kernel=4 +0424: field xt_sctp_info.chunkmap/flag_info: bad offset: syz=8 kernel=268 +0424: field xt_sctp_info.chunkmap/flag_info: bad size: syz=256 kernel=12 +0425: field xt_sctp_info.chunk_match_type/flag_count: bad offset: syz=264 kernel=280 +0426: field xt_sctp_info.flag_info/flags: bad offset: syz=268 kernel=284 +0426: field xt_sctp_info.flag_info/flags: bad size: syz=12 kernel=4 +0427: field xt_sctp_info.flag_count/invflags: bad offset: syz=280 kernel=288 +0480: struct xt_dccp_info: bad number of fields: syz=8 kernel=6 +0481: field xt_dccp_info.dpts_min/dpts: bad size: syz=2 kernel=4 +0482: field xt_dccp_info.dpts_max/spts: bad offset: syz=2 kernel=4 +0482: field xt_dccp_info.dpts_max/spts: bad size: syz=2 kernel=4 +0483: field xt_dccp_info.spts_min/flags: bad offset: syz=4 kernel=8 +0484: field xt_dccp_info.spts_max/invflags: bad offset: syz=6 kernel=10 +0485: field xt_dccp_info.flags/typemask: bad offset: syz=8 kernel=12 +0486: field xt_dccp_info.invflags/option: bad offset: syz=10 kernel=14 +0486: field xt_dccp_info.invflags/option: bad size: syz=2 kernel=1 +0569: struct xt_comment_info: no corresponding struct in kernel +0573: struct xt_ipcomp: bad number of fields: syz=4 kernel=3 +0574: field xt_ipcomp.spis_min/spis: bad size: syz=4 kernel=8 +0575: field xt_ipcomp.spis_max/invflags: bad offset: syz=4 kernel=8 +0575: field xt_ipcomp.spis_max/invflags: bad size: syz=4 kernel=1 +0576: field xt_ipcomp.invflags/hdrres: bad offset: syz=8 kernel=9 +0582: struct xt_statistic_info: bad number of fields: syz=6 kernel=4 +0585: field xt_statistic_info.every/u: bad size: syz=4 kernel=12 +0586: field xt_statistic_info.packet/master: bad offset: syz=8 kernel=16 +0586: field xt_statistic_info.packet/master: bad size: syz=4 kernel=8 +0591: struct xt_recent_mtinfo: no corresponding struct in kernel +0630: struct xt_policy_elem: bad number of fields: syz=10 kernel=7 +0631: field xt_policy_elem.saddr/: bad size: syz=16 kernel=64 +0632: field xt_policy_elem.smask/spi: bad offset: syz=16 kernel=64 +0632: field xt_policy_elem.smask/spi: bad size: syz=16 kernel=4 +0633: field xt_policy_elem.daddr/reqid: bad offset: syz=32 kernel=68 +0633: field xt_policy_elem.daddr/reqid: bad size: syz=16 kernel=4 +0634: field xt_policy_elem.dmask/proto: bad offset: syz=48 kernel=72 +0634: field xt_policy_elem.dmask/proto: bad size: syz=16 kernel=1 +0635: field xt_policy_elem.spi/mode: bad offset: syz=64 kernel=73 +0635: field xt_policy_elem.spi/mode: bad size: syz=4 kernel=1 +0636: field xt_policy_elem.reqid/match: bad offset: syz=68 kernel=74 +0636: field xt_policy_elem.reqid/match: bad size: syz=4 kernel=1 +0637: field xt_policy_elem.proto/invert: bad offset: syz=72 kernel=75 +0666: struct xt_physdev_info: bad size: syz=105 kernel=66 +0668: field xt_physdev_info.in_mask/in_mask: bad offset: syz=30 kernel=16 +0669: field xt_physdev_info.physoutdev/physoutdev: bad offset: syz=46 kernel=32 +0670: field xt_physdev_info.out_mask/out_mask: bad offset: syz=75 kernel=48 +0671: field xt_physdev_info.invert/invert: bad offset: syz=91 kernel=64 +0672: field xt_physdev_info.bitmask/bitmask: bad offset: syz=92 kernel=65 +0770: struct xt_esp: bad number of fields: syz=3 kernel=2 +0771: field xt_esp.spis_min/spis: bad size: syz=4 kernel=8 +0772: field xt_esp.spis_max/invflags: bad offset: syz=4 kernel=8 +0772: field xt_esp.spis_max/invflags: bad size: syz=4 kernel=1 diff --git a/sys/linux/netfilter_arp.txt.warn b/sys/linux/netfilter_arp.txt.warn new file mode 100644 index 000000000000..a1f2c056e304 --- /dev/null +++ b/sys/linux/netfilter_arp.txt.warn @@ -0,0 +1,27 @@ +0042: struct arpt_entry_matches: no corresponding struct in kernel +0051: struct arpt_entry_underflow: no corresponding struct in kernel +0056: struct arpt_entry_underflow_matches: no corresponding struct in kernel +0064: struct arpt_arp_or_uncond: no corresponding struct in kernel +0072: struct arpt_arp: bad size: syz=210 kernel=164 +0077: field arpt_arp.src_devaddr/arhln: bad size: syz=16 kernel=1 +0078: field arpt_arp.src_devmask/arhln_mask: bad offset: syz=40 kernel=17 +0078: field arpt_arp.src_devmask/arhln_mask: bad size: syz=16 kernel=1 +0079: field arpt_arp.tgt_devaddr/src_devaddr: bad offset: syz=56 kernel=18 +0079: field arpt_arp.tgt_devaddr/src_devaddr: bad size: syz=16 kernel=32 +0080: field arpt_arp.tgt_devmask/tgt_devaddr: bad offset: syz=80 kernel=50 +0080: field arpt_arp.tgt_devmask/tgt_devaddr: bad size: syz=16 kernel=32 +0081: field arpt_arp.arpop/arpop: bad offset: syz=96 kernel=82 +0082: field arpt_arp.arpop_mask/arpop_mask: bad offset: syz=98 kernel=84 +0083: field arpt_arp.arhrd/arhrd: bad offset: syz=100 kernel=86 +0084: field arpt_arp.arhrd_mask/arhrd_mask: bad offset: syz=102 kernel=88 +0085: field arpt_arp.arpro/arpro: bad offset: syz=104 kernel=90 +0086: field arpt_arp.arpro_mask/arpro_mask: bad offset: syz=106 kernel=92 +0087: field arpt_arp.iniface/iniface: bad offset: syz=108 kernel=94 +0088: field arpt_arp.outiface/outiface: bad offset: syz=124 kernel=110 +0089: field arpt_arp.iniface_mask/iniface_mask: bad offset: syz=150 kernel=126 +0090: field arpt_arp.outiface_mask/outiface_mask: bad offset: syz=180 kernel=142 +0091: field arpt_arp.flags/flags: bad offset: syz=196 kernel=158 +0092: field arpt_arp.invflags/invflags: bad offset: syz=198 kernel=160 +0095: struct arpt_devaddr: no corresponding struct in kernel +0100: struct arpt_devmask: no corresponding struct in kernel +0123: struct arpt_counters_info: no corresponding struct in kernel diff --git a/sys/linux/netfilter_bridge.txt.warn b/sys/linux/netfilter_bridge.txt.warn new file mode 100644 index 000000000000..4aa910516305 --- /dev/null +++ b/sys/linux/netfilter_bridge.txt.warn @@ -0,0 +1,10 @@ +0114: struct ebt_getinfo: no corresponding struct in kernel +0125: struct ebt_get_entries: no corresponding struct in kernel +0236: struct ebt_ip_info: bad number of fields: syz=12 kernel=10 +0245: field ebt_ip_info.sport_min/: bad size: syz=2 kernel=4 +0246: field ebt_ip_info.sport_max/: bad offset: syz=22 kernel=24 +0246: field ebt_ip_info.sport_max/: bad size: syz=2 kernel=4 +0253: struct ebt_ip6_info: bad number of fields: syz=12 kernel=10 +0262: field ebt_ip6_info.sport_min/: bad size: syz=2 kernel=4 +0263: field ebt_ip6_info.sport_max/: bad offset: syz=70 kernel=72 +0263: field ebt_ip6_info.sport_max/: bad size: syz=2 kernel=4 diff --git a/sys/linux/netfilter_ipv4.txt.warn b/sys/linux/netfilter_ipv4.txt.warn new file mode 100644 index 000000000000..7eaa1de3d747 --- /dev/null +++ b/sys/linux/netfilter_ipv4.txt.warn @@ -0,0 +1,17 @@ +0072: struct ipt_entry_underflow: no corresponding struct in kernel +0077: struct ipt_entry_underflow_matches: no corresponding struct in kernel +0086: struct ipt_ip_or_uncond: no corresponding struct in kernel +0094: struct ipt_ip: bad size: syz=120 kernel=84 +0101: field ipt_ip.iniface_mask/iniface_mask: bad offset: syz=60 kernel=48 +0102: field ipt_ip.outiface_mask/outiface_mask: bad offset: syz=90 kernel=64 +0103: field ipt_ip.proto/proto: bad offset: syz=106 kernel=80 +0104: field ipt_ip.flags/flags: bad offset: syz=108 kernel=82 +0105: field ipt_ip.invflags/invflags: bad offset: syz=109 kernel=83 +0171: struct ipt_icmp: bad number of fields: syz=4 kernel=3 +0173: field ipt_icmp.code_min/code: bad size: syz=1 kernel=2 +0174: field ipt_icmp.code_max/invflags: bad offset: syz=2 kernel=3 +0178: struct ipt_ah: bad number of fields: syz=3 kernel=2 +0179: field ipt_ah.spi_min/spis: bad size: syz=4 kernel=8 +0180: field ipt_ah.spi_max/invflags: bad offset: syz=4 kernel=8 +0180: field ipt_ah.spi_max/invflags: bad size: syz=4 kernel=1 +0184: struct xt_osf_info: no corresponding struct in kernel diff --git a/sys/linux/netfilter_ipv6.txt.warn b/sys/linux/netfilter_ipv6.txt.warn new file mode 100644 index 000000000000..e2443859354c --- /dev/null +++ b/sys/linux/netfilter_ipv6.txt.warn @@ -0,0 +1,38 @@ +0072: struct ip6t_entry_underflow: no corresponding struct in kernel +0077: struct ip6t_entry_underflow_matches: no corresponding struct in kernel +0086: struct ip6t_ip6_or_uncond: no corresponding struct in kernel +0094: struct ip6t_ip6: bad size: syz=165 kernel=136 +0101: field ip6t_ip6.iniface_mask/iniface_mask: bad offset: syz=105 kernel=96 +0102: field ip6t_ip6.outiface_mask/outiface_mask: bad offset: syz=135 kernel=112 +0103: field ip6t_ip6.proto/proto: bad offset: syz=152 kernel=128 +0104: field ip6t_ip6.tos/tos: bad offset: syz=154 kernel=130 +0105: field ip6t_ip6.flags/flags: bad offset: syz=155 kernel=131 +0106: field ip6t_ip6.invflags/invflags: bad offset: syz=156 kernel=132 +0153: struct ip6t_icmp: bad number of fields: syz=4 kernel=3 +0155: field ip6t_icmp.code_min/code: bad size: syz=1 kernel=2 +0156: field ip6t_icmp.code_max/invflags: bad offset: syz=2 kernel=3 +0160: struct ip6t_rt: bad number of fields: syz=8 kernel=7 +0162: field ip6t_rt.segsleft_min/segsleft: bad size: syz=4 kernel=8 +0163: field ip6t_rt.segsleft_max/hdrlen: bad offset: syz=8 kernel=12 +0164: field ip6t_rt.hdrlen/flags: bad offset: syz=12 kernel=16 +0164: field ip6t_rt.hdrlen/flags: bad size: syz=4 kernel=1 +0165: field ip6t_rt.flags/invflags: bad offset: syz=16 kernel=17 +0166: field ip6t_rt.invflags/addrs: bad offset: syz=17 kernel=20 +0166: field ip6t_rt.invflags/addrs: bad size: syz=1 kernel=256 +0167: field ip6t_rt.addrs/addrnr: bad offset: syz=20 kernel=276 +0167: field ip6t_rt.addrs/addrnr: bad size: syz=256 kernel=1 +0174: struct ip6t_mh: bad number of fields: syz=3 kernel=2 +0175: field ip6t_mh.types_min/types: bad size: syz=1 kernel=2 +0176: field ip6t_mh.types_max/invflags: bad offset: syz=1 kernel=2 +0191: struct ip6t_frag: bad number of fields: syz=5 kernel=4 +0192: field ip6t_frag.ids_min/ids: bad size: syz=4 kernel=8 +0193: field ip6t_frag.ids_max/hdrlen: bad offset: syz=4 kernel=8 +0194: field ip6t_frag.hdrlen/flags: bad offset: syz=8 kernel=12 +0194: field ip6t_frag.hdrlen/flags: bad size: syz=4 kernel=1 +0195: field ip6t_frag.flags/invflags: bad offset: syz=12 kernel=13 +0210: struct ip6t_ah: bad number of fields: syz=5 kernel=4 +0211: field ip6t_ah.spis_min/spis: bad size: syz=4 kernel=8 +0212: field ip6t_ah.spis_max/hdrlen: bad offset: syz=4 kernel=8 +0213: field ip6t_ah.hdrlen/hdrres: bad offset: syz=8 kernel=12 +0213: field ip6t_ah.hdrlen/hdrres: bad size: syz=4 kernel=1 +0214: field ip6t_ah.hdrres/invflags: bad offset: syz=12 kernel=13 diff --git a/sys/linux/netfilter_targets.txt.warn b/sys/linux/netfilter_targets.txt.warn new file mode 100644 index 000000000000..3caa53d624b4 --- /dev/null +++ b/sys/linux/netfilter_targets.txt.warn @@ -0,0 +1,14 @@ +0225: struct xt_hmark_info: bad number of fields: syz=11 kernel=9 +0228: field xt_hmark_info.src_port_mask/port_mask: bad size: syz=2 kernel=4 +0229: field xt_hmark_info.dst_port_mask/port_set: bad offset: syz=34 kernel=36 +0229: field xt_hmark_info.dst_port_mask/port_set: bad size: syz=2 kernel=4 +0230: field xt_hmark_info.src_port_set/flags: bad offset: syz=36 kernel=40 +0230: field xt_hmark_info.src_port_set/flags: bad size: syz=2 kernel=4 +0231: field xt_hmark_info.dst_port_set/proto_mask: bad offset: syz=38 kernel=44 +0232: field xt_hmark_info.flags/hashrnd: bad offset: syz=40 kernel=48 +0233: field xt_hmark_info.proto_mask/hmodulus: bad offset: syz=44 kernel=52 +0233: field xt_hmark_info.proto_mask/hmodulus: bad size: syz=2 kernel=4 +0234: field xt_hmark_info.hashrnd/hoffset: bad offset: syz=48 kernel=56 +0280: struct xt_set_info_v0: bad number of fields: syz=5 kernel=2 +0282: field xt_set_info_v0.flags/u: bad size: syz=24 kernel=28 +0349: struct xt_synproxy_info: no corresponding struct in kernel diff --git a/sys/linux/perf.txt.warn b/sys/linux/perf.txt.warn new file mode 100644 index 000000000000..2c3e7a0fe8d7 --- /dev/null +++ b/sys/linux/perf.txt.warn @@ -0,0 +1,57 @@ +0043: struct perf_event_attr: bad number of fields: syz=50 kernel=52 +0043: struct perf_event_attr: bad size: syz=112 kernel=120 +0048: field perf_event_attr.config0/config: bad size: syz=1 kernel=8 +0049: field perf_event_attr.config1/: bad offset: syz=9 kernel=16 +0049: field perf_event_attr.config1/: bad size: syz=1 kernel=8 +0050: field perf_event_attr.config2/sample_type: bad offset: syz=10 kernel=24 +0050: field perf_event_attr.config2/sample_type: bad size: syz=1 kernel=8 +0051: field perf_event_attr.config3/read_format: bad offset: syz=11 kernel=32 +0051: field perf_event_attr.config3/read_format: bad size: syz=1 kernel=8 +0052: field perf_event_attr.config4/disabled: bad bit size/offset: syz=0/0 kernel=1/0 +0052: field perf_event_attr.config4/disabled: bad offset: syz=12 kernel=40 +0052: field perf_event_attr.config4/disabled: bad size: syz=4 kernel=8 +0053: field perf_event_attr.sample_freq/inherit: bad bit size/offset: syz=0/0 kernel=1/1 +0053: field perf_event_attr.sample_freq/inherit: bad offset: syz=16 kernel=40 +0054: field perf_event_attr.sample_type/pinned: bad bit size/offset: syz=0/0 kernel=1/2 +0054: field perf_event_attr.sample_type/pinned: bad offset: syz=24 kernel=40 +0055: field perf_event_attr.read_format/exclusive: bad bit size/offset: syz=0/0 kernel=1/3 +0055: field perf_event_attr.read_format/exclusive: bad offset: syz=32 kernel=40 +0057: field perf_event_attr.disabled/exclude_user: bad bit size/offset: syz=1/0 kernel=1/4 +0058: field perf_event_attr.inherit/exclude_kernel: bad bit size/offset: syz=1/1 kernel=1/5 +0059: field perf_event_attr.pinned/exclude_hv: bad bit size/offset: syz=1/2 kernel=1/6 +0060: field perf_event_attr.exclusive/exclude_idle: bad bit size/offset: syz=1/3 kernel=1/7 +0061: field perf_event_attr.exclude_user/mmap: bad bit size/offset: syz=1/4 kernel=1/8 +0062: field perf_event_attr.exclude_kernel/comm: bad bit size/offset: syz=1/5 kernel=1/9 +0063: field perf_event_attr.exclude_hv/freq: bad bit size/offset: syz=1/6 kernel=1/10 +0064: field perf_event_attr.exclude_idle/inherit_stat: bad bit size/offset: syz=1/7 kernel=1/11 +0065: field perf_event_attr.mmap/enable_on_exec: bad bit size/offset: syz=1/8 kernel=1/12 +0066: field perf_event_attr.comm/task: bad bit size/offset: syz=1/9 kernel=1/13 +0067: field perf_event_attr.freq/watermark: bad bit size/offset: syz=1/10 kernel=1/14 +0068: field perf_event_attr.inherit_stat/precise_ip: bad bit size/offset: syz=1/11 kernel=2/15 +0069: field perf_event_attr.enable_on_exec/mmap_data: bad bit size/offset: syz=1/12 kernel=1/17 +0070: field perf_event_attr.task/sample_id_all: bad bit size/offset: syz=1/13 kernel=1/18 +0071: field perf_event_attr.watermark/exclude_host: bad bit size/offset: syz=1/14 kernel=1/19 +0072: field perf_event_attr.precise_ip/exclude_guest: bad bit size/offset: syz=2/15 kernel=1/20 +0073: field perf_event_attr.mmap_data/exclude_callchain_kernel: bad bit size/offset: syz=1/17 kernel=1/21 +0074: field perf_event_attr.sample_id_all/exclude_callchain_user: bad bit size/offset: syz=1/18 kernel=1/22 +0075: field perf_event_attr.exclude_host/mmap2: bad bit size/offset: syz=1/19 kernel=1/23 +0076: field perf_event_attr.exclude_guest/comm_exec: bad bit size/offset: syz=1/20 kernel=1/24 +0077: field perf_event_attr.exclude_callchain_kernel/use_clockid: bad bit size/offset: syz=1/21 kernel=1/25 +0078: field perf_event_attr.exclude_callchain_user/context_switch: bad bit size/offset: syz=1/22 kernel=1/26 +0079: field perf_event_attr.mmap2/write_backward: bad bit size/offset: syz=1/23 kernel=1/27 +0080: field perf_event_attr.comm_exec/namespaces: bad bit size/offset: syz=1/24 kernel=1/28 +0081: field perf_event_attr.use_clockid/ksymbol: bad bit size/offset: syz=1/25 kernel=1/29 +0082: field perf_event_attr.context_switch/bpf_event: bad bit size/offset: syz=1/26 kernel=1/30 +0083: field perf_event_attr.write_backward/aux_output: bad bit size/offset: syz=1/27 kernel=1/31 +0084: field perf_event_attr.namespaces/__reserved_1: bad bit size/offset: syz=1/28 kernel=32/32 +0085: field perf_event_attr.__reserved_1/: bad bit size/offset: syz=35/29 kernel=0/0 +0085: field perf_event_attr.__reserved_1/: bad offset: syz=40 kernel=48 +0085: field perf_event_attr.__reserved_1/: bad size: syz=8 kernel=4 +0087: field perf_event_attr.wakeup_events/bp_type: bad offset: syz=48 kernel=52 +0088: field perf_event_attr.bp_type/: bad offset: syz=52 kernel=56 +0088: field perf_event_attr.bp_type/: bad size: syz=4 kernel=8 +0089: field perf_event_attr.bp_config/: bad offset: syz=56 kernel=64 +0089: field perf_event_attr.bp_config/: bad size: syz=16 kernel=8 +0100: struct perf_bp_config: no corresponding struct in kernel +0105: struct perf_bp: no corresponding struct in kernel +0110: struct perf_config_ext: no corresponding struct in kernel diff --git a/sys/linux/smack.txt.warn b/sys/linux/smack.txt.warn new file mode 100644 index 000000000000..4df6d5b1f42d --- /dev/null +++ b/sys/linux/smack.txt.warn @@ -0,0 +1,3 @@ +0078: struct smackfs_cipso_category: no corresponding struct in kernel +0110: struct smack_ipv6: no corresponding struct in kernel +0153: struct smack_ipv4: no corresponding struct in kernel diff --git a/sys/linux/socket.txt.warn b/sys/linux/socket.txt.warn new file mode 100644 index 000000000000..50718285bd85 --- /dev/null +++ b/sys/linux/socket.txt.warn @@ -0,0 +1,32 @@ +0052: struct sock_pair: no corresponding struct in kernel +0061: struct sockaddr: bad number of fields: syz=17 kernel=2 +0062: field sockaddr.in/sa_family: bad size: syz=16 kernel=2 +0063: field sockaddr.ax25/sa_data: bad offset: syz=16 kernel=2 +0063: field sockaddr.ax25/sa_data: bad size: syz=16 kernel=14 +0082: struct sockaddr_storage: no corresponding struct in kernel +0119: struct sockaddr_generic: no corresponding struct in kernel +0124: struct sockaddr_storage_generic: no corresponding struct in kernel +0129: struct send_msghdr: no corresponding struct in kernel +0139: struct msghdr_sock: no corresponding struct in kernel +0149: struct send_mmsghdr: no corresponding struct in kernel +0154: struct mmsghdr_sock: no corresponding struct in kernel +0159: struct recv_msghdr: no corresponding struct in kernel +0169: struct recv_mmsghdr: no corresponding struct in kernel +0330: struct ifr_ifru: no corresponding struct in kernel +0384: struct devname_mask: no corresponding struct in kernel +0407: struct ifs_ifsu: no corresponding struct in kernel +0460: field ifconf.req/ifc_len: bad size: syz=16 kernel=4 +0461: field ifconf.buf/ifc_ifcu: bad offset: syz=16 kernel=8 +0461: field ifconf.buf/ifc_ifcu: bad size: syz=16 kernel=8 +0464: struct ifconf_buf: no corresponding struct in kernel +0469: struct ifconf_req: no corresponding struct in kernel +0476: struct brctl_arg: no corresponding struct in kernel +0482: struct brctl_arg_get: no corresponding struct in kernel +0488: struct brctl_arg_add_del: no corresponding struct in kernel +0494: struct brctl_arg_generic: no corresponding struct in kernel +0615: struct ethtool_modinfo: bad size: syz=20 kernel=44 +0619: field ethtool_modinfo.reserved/reserved: bad size: syz=8 kernel=32 +0745: struct ethtool_flow_union: no corresponding struct in kernel +0844: struct ethtool_rx_ntuple: no corresponding struct in kernel +0851: struct ethtool_rx_ntuple_flow_spec: no corresponding struct in kernel +0862: struct ethtool_rx_ntuple_flow_spec_union: no corresponding struct in kernel diff --git a/sys/linux/socket_alg.txt.warn b/sys/linux/socket_alg.txt.warn new file mode 100644 index 000000000000..0cacc00285e4 --- /dev/null +++ b/sys/linux/socket_alg.txt.warn @@ -0,0 +1,8 @@ +0034: struct alg_name: no corresponding struct in kernel +0039: struct alg_aead_name: no corresponding struct in kernel +0044: struct alg_hash_name: no corresponding struct in kernel +0049: struct alg_skcipher_name: no corresponding struct in kernel +0053: struct alg_compress_name: no corresponding struct in kernel +0060: struct msghdr_alg: no corresponding struct in kernel +0084: struct cmsghdr_alg_op: no corresponding struct in kernel +0091: struct cmsghdr_alg_assoc: no corresponding struct in kernel diff --git a/sys/linux/socket_ax25.txt.warn b/sys/linux/socket_ax25.txt.warn new file mode 100644 index 000000000000..f11a0adbf150 --- /dev/null +++ b/sys/linux/socket_ax25.txt.warn @@ -0,0 +1,9 @@ +0028: struct ax25_address: bad number of fields: syz=6 kernel=1 +0039: struct ax25_address_remote: no corresponding struct in kernel +0050: struct ax25_address_bcast: no corresponding struct in kernel +0061: struct ax25_address_default: no corresponding struct in kernel +0072: struct ax25_address_null: no corresponding struct in kernel +0088: struct sockaddr_ax25_uid: no corresponding struct in kernel +0108: struct ax25_devname: no corresponding struct in kernel +0114: struct ax25_devname_rose: no corresponding struct in kernel +0120: struct ax25_devname_netrom: no corresponding struct in kernel diff --git a/sys/linux/socket_bluetooth.txt.warn b/sys/linux/socket_bluetooth.txt.warn new file mode 100644 index 000000000000..c9ac3b6357e7 --- /dev/null +++ b/sys/linux/socket_bluetooth.txt.warn @@ -0,0 +1,18 @@ +0049: struct vhci_command_vendor_pkt: no corresponding struct in kernel +0133: struct sockaddr_hci: bad size: syz=12 kernel=6 +0135: field sockaddr_hci.dev/hci_dev: bad offset: syz=4 kernel=2 +0135: field sockaddr_hci.dev/hci_dev: bad size: syz=4 kernel=2 +0136: field sockaddr_hci.chan/hci_channel: bad offset: syz=8 kernel=4 +0139: struct hci_inquiry_req: bad number of fields: syz=7 kernel=5 +0139: struct hci_inquiry_req: bad size: syz=12 kernel=10 +0140: field hci_inquiry_req.dev/dev_id: bad size: syz=4 kernel=2 +0141: field hci_inquiry_req.flags/flags: bad offset: syz=4 kernel=2 +0142: field hci_inquiry_req.lap0/lap: bad offset: syz=6 kernel=4 +0142: field hci_inquiry_req.lap0/lap: bad size: syz=1 kernel=3 +0149: struct hci_ufilter: bad number of fields: syz=4 kernel=3 +0151: field hci_ufilter.event0/event_mask: bad size: syz=4 kernel=8 +0152: field hci_ufilter.event1/opcode: bad offset: syz=8 kernel=12 +0152: field hci_ufilter.event1/opcode: bad size: syz=4 kernel=2 +0169: struct bdaddr: no corresponding struct in kernel +0193: struct l2cap_conninfo: bad number of fields: syz=4 kernel=2 +0195: field l2cap_conninfo.devcls0/dev_class: bad size: syz=1 kernel=3 diff --git a/sys/linux/socket_caif.txt.warn b/sys/linux/socket_caif.txt.warn new file mode 100644 index 000000000000..95eee9e96c52 --- /dev/null +++ b/sys/linux/socket_caif.txt.warn @@ -0,0 +1,8 @@ +0016: struct sockaddr_caif: bad number of fields: syz=5 kernel=2 +0017: field sockaddr_caif.at/family: bad size: syz=4 kernel=2 +0018: field sockaddr_caif.util/u: bad size: syz=18 kernel=20 +0024: struct sockaddr_caif_at: no corresponding struct in kernel +0029: struct sockaddr_caif_util: no corresponding struct in kernel +0035: struct sockaddr_caif_dgm: no corresponding struct in kernel +0041: struct sockaddr_caif_rfm: no corresponding struct in kernel +0047: struct sockaddr_caif_dbg: no corresponding struct in kernel diff --git a/sys/linux/socket_can.txt.warn b/sys/linux/socket_can.txt.warn new file mode 100644 index 000000000000..7159a2d0bf79 --- /dev/null +++ b/sys/linux/socket_can.txt.warn @@ -0,0 +1,7 @@ +0057: struct sockaddr_can: bad number of fields: syz=4 kernel=3 +0057: struct sockaddr_can: bad size: syz=16 kernel=24 +0060: field sockaddr_can.rx_id/can_addr: bad size: syz=4 kernel=16 +0064: struct sockaddr_can_j1939: no corresponding struct in kernel +0072: struct can_j1939_pgn: no corresponding struct in kernel +0096: struct msghdr_can_j1939: no corresponding struct in kernel +0134: struct canid_t: no corresponding struct in kernel diff --git a/sys/linux/socket_inet.txt.warn b/sys/linux/socket_inet.txt.warn new file mode 100644 index 000000000000..cbc7d572fc34 --- /dev/null +++ b/sys/linux/socket_inet.txt.warn @@ -0,0 +1,10 @@ +0016: struct sockaddr_in: bad number of fields: syz=3 kernel=4 +0022: struct sockaddr_storage_in: no corresponding struct in kernel +0088: struct ip_mreq: no corresponding struct in kernel +0121: struct group_req_in: no corresponding struct in kernel +0126: struct group_source_req_in: no corresponding struct in kernel +0176: struct rtentry_in: no corresponding struct in kernel +0194: struct sockaddr_ethernet: no corresponding struct in kernel +0201: struct arpreq_in: no corresponding struct in kernel +0211: struct msghdr_inet: no corresponding struct in kernel +0221: struct mmsghdr_inet: no corresponding struct in kernel diff --git a/sys/linux/socket_inet6.txt.warn b/sys/linux/socket_inet6.txt.warn new file mode 100644 index 000000000000..240e73046e42 --- /dev/null +++ b/sys/linux/socket_inet6.txt.warn @@ -0,0 +1,5 @@ +0024: struct sockaddr_storage_in6: no corresponding struct in kernel +0135: struct group_req_in6: no corresponding struct in kernel +0140: struct group_source_req_in6: no corresponding struct in kernel +0195: struct msghdr_inet6: no corresponding struct in kernel +0205: struct mmsghdr_inet6: no corresponding struct in kernel diff --git a/sys/linux/socket_inet_sctp.txt.warn b/sys/linux/socket_inet_sctp.txt.warn new file mode 100644 index 000000000000..473d61ac3634 --- /dev/null +++ b/sys/linux/socket_inet_sctp.txt.warn @@ -0,0 +1,16 @@ +0023: struct msghdr_sctp: no corresponding struct in kernel +0043: struct cmsghdr_sctp_init: no corresponding struct in kernel +0050: struct cmsghdr_sctp_sndrcv: no corresponding struct in kernel +0057: struct cmsghdr_sctp_sndinfo: no corresponding struct in kernel +0064: struct cmsghdr_sctp_prinfo: no corresponding struct in kernel +0076: struct cmsghdr_sctp_authinfo: no corresponding struct in kernel +0087: struct cmsghdr_sctp_dstaddrv4: no corresponding struct in kernel +0094: struct cmsghdr_sctp_dstaddrv6: no corresponding struct in kernel +0365: struct sockaddr_storage_sctp: no corresponding struct in kernel +0374: struct sctp_paddrparams: bad number of fields: syz=7 kernel=9 +0374: struct sctp_paddrparams: bad size: syz=152 kernel=156 +0400: struct sctp_event_subscribe: bad number of fields: syz=11 kernel=14 +0400: struct sctp_event_subscribe: bad size: syz=11 kernel=14 +0507: struct sctp_paddrthlds: no corresponding struct in kernel +0544: struct sctp_assoc_stats: bad number of fields: syz=3 kernel=17 +0547: field sctp_assoc_stats.status/sas_maxrto: bad size: syz=120 kernel=8 diff --git a/sys/linux/socket_inet_tcp.txt.warn b/sys/linux/socket_inet_tcp.txt.warn new file mode 100644 index 000000000000..11d813ce9dbf --- /dev/null +++ b/sys/linux/socket_inet_tcp.txt.warn @@ -0,0 +1,17 @@ +0102: struct sockaddr_storage_tcp: no corresponding struct in kernel +0107: struct tcp_md5sig: bad number of fields: syz=5 kernel=6 +0109: field tcp_md5sig.__tcpm_pad1/tcpm_flags: bad size: syz=2 kernel=1 +0110: field tcp_md5sig.tcpm_keylen/tcpm_prefixlen: bad offset: syz=130 kernel=129 +0110: field tcp_md5sig.tcpm_keylen/tcpm_prefixlen: bad size: syz=2 kernel=1 +0111: field tcp_md5sig.__tcpm_pad2/tcpm_keylen: bad offset: syz=132 kernel=130 +0111: field tcp_md5sig.__tcpm_pad2/tcpm_keylen: bad size: syz=4 kernel=2 +0112: field tcp_md5sig.tcpm_key/__tcpm_pad: bad offset: syz=136 kernel=132 +0112: field tcp_md5sig.tcpm_key/__tcpm_pad: bad size: syz=80 kernel=4 +0115: struct tcp_repair_opt: bad number of fields: syz=4 kernel=2 +0116: field tcp_repair_opt.mss/opt_code: bad size: syz=8 kernel=4 +0117: field tcp_repair_opt.window/opt_val: bad offset: syz=8 kernel=4 +0117: field tcp_repair_opt.window/opt_val: bad size: syz=8 kernel=4 +0122: struct tcp_repair_opt_mss: no corresponding struct in kernel +0127: struct tcp_repair_opt_window: no corresponding struct in kernel +0133: struct tcp_repair_opt_sack_perm: no corresponding struct in kernel +0138: struct tcp_repair_opt_timestamp: no corresponding struct in kernel diff --git a/sys/linux/socket_ipx.txt.warn b/sys/linux/socket_ipx.txt.warn new file mode 100644 index 000000000000..d5fa44350805 --- /dev/null +++ b/sys/linux/socket_ipx.txt.warn @@ -0,0 +1,2 @@ +0025: struct sockaddr_ipx: no corresponding struct in kernel +0050: struct ipx_config_data: no corresponding struct in kernel diff --git a/sys/linux/socket_isdn.txt.warn b/sys/linux/socket_isdn.txt.warn new file mode 100644 index 000000000000..9acce4613d46 --- /dev/null +++ b/sys/linux/socket_isdn.txt.warn @@ -0,0 +1,3 @@ +0030: struct mISDN_devinfo: bad size: syz=116 kernel=56 +0038: field mISDN_devinfo.name/name: bad size: syz=80 kernel=20 +0097: struct capi20_command: no corresponding struct in kernel diff --git a/sys/linux/socket_key.txt.warn b/sys/linux/socket_key.txt.warn new file mode 100644 index 000000000000..185d2e058fa0 --- /dev/null +++ b/sys/linux/socket_key.txt.warn @@ -0,0 +1,8 @@ +0019: struct send_msghdr_key: no corresponding struct in kernel +0029: struct iovec_sadb_msg: no corresponding struct in kernel +0106: struct sadb_ident: no corresponding struct in kernel +0122: struct sadb_x_policy: bad number of fields: syz=8 kernel=7 +0122: struct sadb_x_policy: bad size: syz=64 kernel=16 +0133: struct sadb_x_ipsecrequest: bad number of fields: syz=9 kernel=7 +0133: struct sadb_x_ipsecrequest: bad size: syz=48 kernel=16 +0196: struct sadb_filter_addr: no corresponding struct in kernel diff --git a/sys/linux/socket_llc.txt.warn b/sys/linux/socket_llc.txt.warn new file mode 100644 index 000000000000..ca172ec3ade3 --- /dev/null +++ b/sys/linux/socket_llc.txt.warn @@ -0,0 +1 @@ +0027: struct sockaddr_llc: bad number of fields: syz=7 kernel=8 diff --git a/sys/linux/socket_netlink.txt.warn b/sys/linux/socket_netlink.txt.warn new file mode 100644 index 000000000000..9d9887edea0f --- /dev/null +++ b/sys/linux/socket_netlink.txt.warn @@ -0,0 +1,8 @@ +0036: struct sockaddr_nl: bad number of fields: syz=3 kernel=4 +0037: field sockaddr_nl.kern/nl_family: bad size: syz=12 kernel=2 +0038: field sockaddr_nl.proc/nl_pad: bad offset: syz=12 kernel=2 +0038: field sockaddr_nl.proc/nl_pad: bad size: syz=12 kernel=2 +0039: field sockaddr_nl.unspec/nl_pid: bad offset: syz=24 kernel=4 +0039: field sockaddr_nl.unspec/nl_pid: bad size: syz=12 kernel=4 +0042: struct sockaddr_nl_send: no corresponding struct in kernel +0128: struct nl_mmap_req: no corresponding struct in kernel diff --git a/sys/linux/socket_netlink_generic_devlink.txt.warn b/sys/linux/socket_netlink_generic_devlink.txt.warn new file mode 100644 index 000000000000..3378d5117b90 --- /dev/null +++ b/sys/linux/socket_netlink_generic_devlink.txt.warn @@ -0,0 +1,3 @@ +0015: struct devlink_devname: no corresponding struct in kernel +0021: struct devlink_handle_nsim: no corresponding struct in kernel +0026: struct devlink_handle_pci: no corresponding struct in kernel diff --git a/sys/linux/socket_netlink_netfilter.txt.warn b/sys/linux/socket_netlink_netfilter.txt.warn new file mode 100644 index 000000000000..9256604efd0a --- /dev/null +++ b/sys/linux/socket_netlink_netfilter.txt.warn @@ -0,0 +1,2 @@ +0017: struct msghdr_nl_netfilter: no corresponding struct in kernel +0027: struct iovec_nl_netfilter: no corresponding struct in kernel diff --git a/sys/linux/socket_netlink_route.txt.warn b/sys/linux/socket_netlink_route.txt.warn new file mode 100644 index 000000000000..1b2a74a50116 --- /dev/null +++ b/sys/linux/socket_netlink_route.txt.warn @@ -0,0 +1,2 @@ +0621: struct ifla_vf_mac: bad number of fields: syz=3 kernel=2 +0623: field ifla_vf_mac.mac/mac: bad size: syz=6 kernel=32 diff --git a/sys/linux/socket_netlink_route_sched.txt.warn b/sys/linux/socket_netlink_route_sched.txt.warn new file mode 100644 index 000000000000..e4288833f4ed --- /dev/null +++ b/sys/linux/socket_netlink_route_sched.txt.warn @@ -0,0 +1,46 @@ +0068: struct tcm_handle: no corresponding struct in kernel +0468: struct tc_netem_slot: bad number of fields: syz=4 kernel=6 +0468: struct tc_netem_slot: bad size: syz=24 kernel=40 +0492: field tc_prio_qopt.priomap/priomap: bad size: syz=15 kernel=16 +0512: struct tc_sfq_qopt_v1: bad number of fields: syz=11 kernel=12 +0512: struct tc_sfq_qopt_v1: bad size: syz=68 kernel=72 +0523: field tc_sfq_qopt_v1.stats/max_P: bad size: syz=24 kernel=4 +0543: struct tc_tbf_qopt: bad size: syz=12 kernel=36 +0960: struct m_ctinfo_options: no corresponding struct in kernel +1114: struct tc_gen: no corresponding struct in kernel +1124: struct tc_connmark: bad number of fields: syz=2 kernel=6 +1125: field tc_connmark.tc_gen/index: bad size: syz=20 kernel=4 +1126: field tc_connmark.zone/capab: bad offset: syz=20 kernel=4 +1126: field tc_connmark.zone/capab: bad size: syz=2 kernel=4 +1134: struct tc_csum: bad number of fields: syz=2 kernel=6 +1135: field tc_csum.tc_gen/index: bad size: syz=20 kernel=4 +1136: field tc_csum.update_flags/capab: bad offset: syz=20 kernel=4 +1145: struct tc_ife: bad number of fields: syz=2 kernel=6 +1146: field tc_ife.tc_gen/index: bad size: syz=20 kernel=4 +1147: field tc_ife.flags/capab: bad offset: syz=20 kernel=4 +1147: field tc_ife.flags/capab: bad size: syz=2 kernel=4 +1150: struct tc_mirred: bad number of fields: syz=3 kernel=7 +1151: field tc_mirred.tc_gen/index: bad size: syz=20 kernel=4 +1152: field tc_mirred.eaction/capab: bad offset: syz=20 kernel=4 +1153: field tc_mirred.ifindex/action: bad offset: syz=24 kernel=8 +1156: struct tc_mpls: bad number of fields: syz=2 kernel=6 +1157: field tc_mpls.tc_gen/index: bad size: syz=20 kernel=4 +1158: field tc_mpls.m_action/capab: bad offset: syz=20 kernel=4 +1161: struct tc_nat: bad number of fields: syz=5 kernel=9 +1162: field tc_nat.tc_gen/index: bad size: syz=20 kernel=4 +1163: field tc_nat.old_addr/capab: bad offset: syz=20 kernel=4 +1164: field tc_nat.new_addr/action: bad offset: syz=24 kernel=8 +1165: field tc_nat.mask/refcnt: bad offset: syz=28 kernel=12 +1166: field tc_nat.flags/bindcnt: bad offset: syz=32 kernel=16 +1192: struct m_pedit_key_ex: no corresponding struct in kernel +1197: struct tc_skbmod: bad number of fields: syz=2 kernel=6 +1198: field tc_skbmod.tc_gen/index: bad size: syz=20 kernel=4 +1199: field tc_skbmod.flags/capab: bad offset: syz=24 kernel=4 +1199: field tc_skbmod.flags/capab: bad size: syz=8 kernel=4 +1202: struct tc_tunnel_key: bad number of fields: syz=2 kernel=6 +1203: field tc_tunnel_key.tc_gen/index: bad size: syz=20 kernel=4 +1204: field tc_tunnel_key.t_action/capab: bad offset: syz=20 kernel=4 +1207: struct tc_vlan: bad number of fields: syz=2 kernel=6 +1208: field tc_vlan.tc_gen/index: bad size: syz=20 kernel=4 +1209: field tc_vlan.v_action/capab: bad offset: syz=20 kernel=4 +1331: struct tc_estimator: no corresponding struct in kernel diff --git a/sys/linux/socket_netlink_xfrm.txt.warn b/sys/linux/socket_netlink_xfrm.txt.warn new file mode 100644 index 000000000000..0da1771a064b --- /dev/null +++ b/sys/linux/socket_netlink_xfrm.txt.warn @@ -0,0 +1,16 @@ +0201: struct xfrm_user_migrate: bad number of fields: syz=8 kernel=10 +0201: struct xfrm_user_migrate: bad size: syz=44 kernel=76 +0204: field xfrm_user_migrate.proto/new_daddr: bad size: syz=1 kernel=16 +0205: field xfrm_user_migrate.mode/new_saddr: bad offset: syz=33 kernel=48 +0205: field xfrm_user_migrate.mode/new_saddr: bad size: syz=1 kernel=16 +0206: field xfrm_user_migrate.reserved/proto: bad offset: syz=34 kernel=64 +0206: field xfrm_user_migrate.reserved/proto: bad size: syz=2 kernel=1 +0207: field xfrm_user_migrate.reqid/mode: bad offset: syz=36 kernel=65 +0207: field xfrm_user_migrate.reqid/mode: bad size: syz=4 kernel=1 +0208: field xfrm_user_migrate.old_family/reserved: bad offset: syz=40 kernel=66 +0209: field xfrm_user_migrate.new_family/reqid: bad offset: syz=42 kernel=68 +0209: field xfrm_user_migrate.new_family/reqid: bad size: syz=2 kernel=4 +0232: struct xfrmu_spdhthresh4: no corresponding struct in kernel +0237: struct xfrmu_spdhthresh6: no corresponding struct in kernel +0321: struct xfrm_address: no corresponding struct in kernel +0326: struct xfrm_filter: no corresponding struct in kernel diff --git a/sys/linux/socket_netrom.txt.warn b/sys/linux/socket_netrom.txt.warn new file mode 100644 index 000000000000..45803e38a250 --- /dev/null +++ b/sys/linux/socket_netrom.txt.warn @@ -0,0 +1,3 @@ +0038: struct address_netrom_dev: no corresponding struct in kernel +0048: struct nr_route_struct: bad size: syz=120 kernel=112 +0051: field nr_route_struct.device/device: bad offset: syz=12 kernel=11 diff --git a/sys/linux/socket_nfc.txt.warn b/sys/linux/socket_nfc.txt.warn new file mode 100644 index 000000000000..0e78d1c403ee --- /dev/null +++ b/sys/linux/socket_nfc.txt.warn @@ -0,0 +1 @@ +0051: struct nfc_llcp_send_msghdr: no corresponding struct in kernel diff --git a/sys/linux/socket_packet.txt.warn b/sys/linux/socket_packet.txt.warn new file mode 100644 index 000000000000..95cad5599176 --- /dev/null +++ b/sys/linux/socket_packet.txt.warn @@ -0,0 +1,4 @@ +0032: struct sockaddr_ll: bad number of fields: syz=8 kernel=7 +0039: field sockaddr_ll.sll_addr/sll_addr: bad size: syz=6 kernel=8 +0056: struct packet_mreq: no corresponding struct in kernel +0098: struct packet_fanout_val: no corresponding struct in kernel diff --git a/sys/linux/socket_pppox.txt.warn b/sys/linux/socket_pppox.txt.warn new file mode 100644 index 000000000000..d8408638047d --- /dev/null +++ b/sys/linux/socket_pppox.txt.warn @@ -0,0 +1,2 @@ +0047: struct sockaddr_pppoe: no corresponding struct in kernel +0102: struct sockaddr_pptp: no corresponding struct in kernel diff --git a/sys/linux/socket_rds.txt.warn b/sys/linux/socket_rds.txt.warn new file mode 100644 index 000000000000..22ad23da60e7 --- /dev/null +++ b/sys/linux/socket_rds.txt.warn @@ -0,0 +1,6 @@ +0027: struct msghdr_rds: no corresponding struct in kernel +0064: struct rds_atomic_args: bad number of fields: syz=9 kernel=6 +0068: field rds_atomic_args.arg1/: bad size: syz=8 kernel=32 +0069: field rds_atomic_args.arg2/flags: bad offset: syz=32 kernel=56 +0070: field rds_atomic_args.mask1/user_token: bad offset: syz=40 kernel=64 +0104: struct rds_rdma_cookie_t: no corresponding struct in kernel diff --git a/sys/linux/socket_rose.txt.warn b/sys/linux/socket_rose.txt.warn new file mode 100644 index 000000000000..0744e6650200 --- /dev/null +++ b/sys/linux/socket_rose.txt.warn @@ -0,0 +1,7 @@ +0051: struct rose_address: bad number of fields: syz=2 kernel=1 +0057: struct rose_address_remote: no corresponding struct in kernel +0066: struct rose_address_dev: no corresponding struct in kernel +0074: struct rose_route_struct: bad size: syz=108 kernel=88 +0078: field rose_route_struct.device/device: bad offset: syz=24 kernel=15 +0079: field rose_route_struct.ndigis/ndigis: bad offset: syz=40 kernel=31 +0080: field rose_route_struct.digipeaters/digipeaters: bad offset: syz=41 kernel=32 diff --git a/sys/linux/socket_rxrpc.txt.warn b/sys/linux/socket_rxrpc.txt.warn new file mode 100644 index 000000000000..f00f12167396 --- /dev/null +++ b/sys/linux/socket_rxrpc.txt.warn @@ -0,0 +1,4 @@ +0026: struct sockaddr_rxrpc: bad number of fields: syz=2 kernel=5 +0027: field sockaddr_rxrpc.in4/srx_family: bad size: syz=24 kernel=2 +0028: field sockaddr_rxrpc.in6/srx_service: bad offset: syz=24 kernel=2 +0028: field sockaddr_rxrpc.in6/srx_service: bad size: syz=36 kernel=2 diff --git a/sys/linux/socket_tipc.txt.warn b/sys/linux/socket_tipc.txt.warn new file mode 100644 index 000000000000..d791761066e9 --- /dev/null +++ b/sys/linux/socket_tipc.txt.warn @@ -0,0 +1,9 @@ +0050: struct tipc_pair: no corresponding struct in kernel +0055: struct sockaddr_tipc: bad number of fields: syz=3 kernel=4 +0056: field sockaddr_tipc.nameseq/family: bad size: syz=16 kernel=2 +0057: field sockaddr_tipc.name/addrtype: bad offset: syz=16 kernel=2 +0057: field sockaddr_tipc.name/addrtype: bad size: syz=16 kernel=1 +0058: field sockaddr_tipc.id/scope: bad offset: syz=32 kernel=3 +0058: field sockaddr_tipc.id/scope: bad size: syz=12 kernel=1 +0068: struct msghdr_tipc: no corresponding struct in kernel +0078: struct tipc_address_name: no corresponding struct in kernel diff --git a/sys/linux/socket_unix.txt.warn b/sys/linux/socket_unix.txt.warn new file mode 100644 index 000000000000..57f2219a35be --- /dev/null +++ b/sys/linux/socket_unix.txt.warn @@ -0,0 +1,8 @@ +0029: struct unix_pair: no corresponding struct in kernel +0035: field sockaddr_un.file/sun_family: bad size: syz=110 kernel=2 +0036: field sockaddr_un.abs/sun_path: bad offset: syz=110 kernel=2 +0036: field sockaddr_un.abs/sun_path: bad size: syz=8 kernel=108 +0039: struct sockaddr_un_file: no corresponding struct in kernel +0044: struct sockaddr_un_abstract: no corresponding struct in kernel +0050: struct msghdr_un: no corresponding struct in kernel +0065: struct cmsg_un_cred: no corresponding struct in kernel diff --git a/sys/linux/socket_vnet.txt.warn b/sys/linux/socket_vnet.txt.warn new file mode 100644 index 000000000000..f459e82113a8 --- /dev/null +++ b/sys/linux/socket_vnet.txt.warn @@ -0,0 +1,5 @@ +0072: struct vmaddr_cid: no corresponding struct in kernel +0080: struct vmaddr_cid64: no corresponding struct in kernel +0117: struct vhost_msg: bad number of fields: syz=3 kernel=2 +0117: struct vhost_msg: bad size: syz=104 kernel=72 +0119: field vhost_msg.iotlb/: bad size: syz=32 kernel=64 diff --git a/sys/linux/socket_x25.txt.warn b/sys/linux/socket_x25.txt.warn new file mode 100644 index 000000000000..0d5867388eaa --- /dev/null +++ b/sys/linux/socket_x25.txt.warn @@ -0,0 +1,2 @@ +0041: struct x25_address: bad number of fields: syz=2 kernel=1 +0048: struct x25_address_remote: no corresponding struct in kernel diff --git a/sys/linux/socket_xdp.txt.warn b/sys/linux/socket_xdp.txt.warn new file mode 100644 index 000000000000..4c89fc40af06 --- /dev/null +++ b/sys/linux/socket_xdp.txt.warn @@ -0,0 +1,4 @@ +0037: struct sockaddr_xdp_bind: no corresponding struct in kernel +0047: struct msghdr_xdp: no corresponding struct in kernel +0057: struct xdp_umem_reg: bad number of fields: syz=4 kernel=5 +0057: struct xdp_umem_reg: bad size: syz=24 kernel=32 diff --git a/sys/linux/sys.txt.warn b/sys/linux/sys.txt.warn new file mode 100644 index 000000000000..4b55d13ba751 --- /dev/null +++ b/sys/linux/sys.txt.warn @@ -0,0 +1,64 @@ +0210: field seccomp_metadata.flags/flags: bad size: syz=4 kernel=8 +0252: struct clone_args: bad number of fields: syz=11 kernel=10 +0257: field clone_args.exit_signal/exit_signal: bad size: syz=4 kernel=8 +0258: field clone_args.exit_signal_pad/stack: bad offset: syz=36 kernel=40 +0258: field clone_args.exit_signal_pad/stack: bad size: syz=4 kernel=8 +0259: field clone_args.stack/stack_size: bad offset: syz=40 kernel=48 +0260: field clone_args.stack_size/tls: bad offset: syz=48 kernel=56 +0261: field clone_args.tls/set_tid: bad offset: syz=56 kernel=64 +0262: field clone_args.set_tid/set_tid_size: bad offset: syz=64 kernel=72 +0515: struct pipefd: no corresponding struct in kernel +0527: struct stat: bad size: syz=68 kernel=144 +0528: field stat.dev/st_dev: bad size: syz=2 kernel=8 +0529: field stat.ino/st_ino: bad offset: syz=4 kernel=8 +0529: field stat.ino/st_ino: bad size: syz=4 kernel=8 +0530: field stat.mode/st_nlink: bad offset: syz=8 kernel=16 +0530: field stat.mode/st_nlink: bad size: syz=2 kernel=8 +0531: field stat.nlink/st_mode: bad offset: syz=10 kernel=24 +0531: field stat.nlink/st_mode: bad size: syz=2 kernel=4 +0532: field stat.uid/st_uid: bad offset: syz=12 kernel=28 +0533: field stat.gid/st_gid: bad offset: syz=16 kernel=32 +0534: field stat.rdev/__pad0: bad offset: syz=20 kernel=36 +0534: field stat.rdev/__pad0: bad size: syz=2 kernel=4 +0535: field stat.size/st_rdev: bad offset: syz=24 kernel=40 +0535: field stat.size/st_rdev: bad size: syz=4 kernel=8 +0536: field stat.blksize/st_size: bad offset: syz=28 kernel=48 +0536: field stat.blksize/st_size: bad size: syz=4 kernel=8 +0537: field stat.blocks/st_blksize: bad offset: syz=32 kernel=56 +0537: field stat.blocks/st_blksize: bad size: syz=4 kernel=8 +0538: field stat.atime/st_blocks: bad offset: syz=36 kernel=64 +0538: field stat.atime/st_blocks: bad size: syz=4 kernel=8 +0539: field stat.ansec/st_atime: bad offset: syz=40 kernel=72 +0539: field stat.ansec/st_atime: bad size: syz=4 kernel=8 +0540: field stat.mtime/st_atime_nsec: bad offset: syz=44 kernel=80 +0540: field stat.mtime/st_atime_nsec: bad size: syz=4 kernel=8 +0541: field stat.mnsec/st_mtime: bad offset: syz=48 kernel=88 +0541: field stat.mnsec/st_mtime: bad size: syz=4 kernel=8 +0542: field stat.ctime/st_mtime_nsec: bad offset: syz=52 kernel=96 +0542: field stat.ctime/st_mtime_nsec: bad size: syz=4 kernel=8 +0543: field stat.cnsec/st_ctime: bad offset: syz=56 kernel=104 +0543: field stat.cnsec/st_ctime: bad size: syz=4 kernel=8 +0544: field stat.pad1/st_ctime_nsec: bad offset: syz=60 kernel=112 +0544: field stat.pad1/st_ctime_nsec: bad size: syz=4 kernel=8 +0545: field stat.pad2/__unused: bad offset: syz=64 kernel=120 +0545: field stat.pad2/__unused: bad size: syz=4 kernel=24 +0578: struct sigset: no corresponding struct in kernel +0582: struct sigset_size: no corresponding struct in kernel +0609: struct itimerspec: no corresponding struct in kernel +0628: field sigevent.u/_sigev_un: bad size: syz=16 kernel=48 +0631: struct sigevent_u: no corresponding struct in kernel +0638: struct sigevent_thread: no corresponding struct in kernel +0644: struct cap_header: no corresponding struct in kernel +0649: struct cap_data: no corresponding struct in kernel +0664: struct fd_set: no corresponding struct in kernel +0693: struct mq_attr: bad number of fields: syz=8 kernel=5 +0698: field mq_attr.res0/__reserved: bad size: syz=8 kernel=32 +0760: struct siginfo: bad number of fields: syz=3 kernel=1 +0761: field siginfo.signo/: bad size: syz=4 kernel=128 +0768: struct timex: no corresponding struct in kernel +0797: struct ustat: bad number of fields: syz=5 kernel=4 +0800: field ustat.nampac0/f_fname: bad size: syz=4 kernel=6 +0801: field ustat.nampac1/f_fpack: bad offset: syz=20 kernel=22 +0801: field ustat.nampac1/f_fpack: bad size: syz=4 kernel=6 +0823: struct sched_attr: bad number of fields: syz=8 kernel=10 +0823: struct sched_attr: bad size: syz=48 kernel=56 diff --git a/sys/linux/trusty.txt.warn b/sys/linux/trusty.txt.warn new file mode 100644 index 000000000000..44992bd7f7f6 --- /dev/null +++ b/sys/linux/trusty.txt.warn @@ -0,0 +1,12 @@ +0046: struct trusty_gatekeeper_error: no corresponding struct in kernel +0052: struct trusty_gatekeeper_retry: no corresponding struct in kernel +0078: struct trusty_password_handle: no corresponding struct in kernel +0107: struct trusty_km_secure_msg: no corresponding struct in kernel +0188: struct trusty_km_supported_digests: no corresponding struct in kernel +0206: struct trusty_km_configure: no corresponding struct in kernel +0270: struct trusty_authorization_bytes: no corresponding struct in kernel +0342: struct trusty_avb_rollback_index: no corresponding struct in kernel +0425: struct trusty_storage_file_close_req: no corresponding struct in kernel +0429: struct trusty_storage_file_read_req: no corresponding struct in kernel +0448: struct trusty_storage_file_get_size_req: no corresponding struct in kernel +0452: struct trusty_storage_file_set_size_req: no corresponding struct in kernel diff --git a/sys/linux/vnet.txt.warn b/sys/linux/vnet.txt.warn new file mode 100644 index 000000000000..c326d42643f8 --- /dev/null +++ b/sys/linux/vnet.txt.warn @@ -0,0 +1,69 @@ +0009: struct vnet_fragmentation: no corresponding struct in kernel +0019: struct tcp_resources: no corresponding struct in kernel +0044: struct mac_addr_link_local: no corresponding struct in kernel +0058: struct mac_addr: bad number of fields: syz=7 kernel=1 +0072: struct vlan_tag_ad: no corresponding struct in kernel +0079: struct vlan_tag_q: no corresponding struct in kernel +0159: struct arp_ether_ipv4_packet: no corresponding struct in kernel +0171: struct arp_ether_ipv6_packet: no corresponding struct in kernel +0239: struct ipx_network: no corresponding struct in kernel +0245: struct ipx_node: no corresponding struct in kernel +0251: struct ipx_addr: no corresponding struct in kernel +0317: struct ipv4_addr_initdev: no corresponding struct in kernel +0324: struct ipv4_addr: no corresponding struct in kernel +0370: struct ipv4_option_end: no corresponding struct in kernel +0375: struct ipv4_option_noop: no corresponding struct in kernel +0439: struct ipv4_option_ra: no corresponding struct in kernel +0488: struct ipv6_addr_empty: no corresponding struct in kernel +0499: struct ipv6_addr_initdev: no corresponding struct in kernel +0507: struct ipv6_addr_loopback: no corresponding struct in kernel +0512: struct ipv6_addr_ipv4: no corresponding struct in kernel +0518: struct ipv6_addr_multicast1: no corresponding struct in kernel +0525: struct ipv6_addr_multicast2: no corresponding struct in kernel +0532: struct ipv6_addr: no corresponding struct in kernel +0602: struct ipv6_fragment_ext_header: no corresponding struct in kernel +0636: struct ipv6_tlv_pad1: no corresponding struct in kernel +0648: struct ipv6_tlv_ra: no corresponding struct in kernel +0654: struct ipv6_tlv_jumbo: no corresponding struct in kernel +0677: struct ipv6_tlv_hao: no corresponding struct in kernel +0683: struct ipv6_tlv_enc_lim: no corresponding struct in kernel +0766: struct tcp_nop_option: no corresponding struct in kernel +0771: struct tcp_eol_option: no corresponding struct in kernel +0776: struct tcp_mss_option: no corresponding struct in kernel +0783: struct tcp_window_option: no corresponding struct in kernel +0790: struct tcp_sack_perm_option: no corresponding struct in kernel +0803: struct tcp_timestamp_option: no corresponding struct in kernel +0811: struct tcp_md5sig_option: no corresponding struct in kernel +0831: struct tcp_exp_smc_option: no corresponding struct in kernel +0978: struct erspan_md1: no corresponding struct in kernel +0984: struct erspan_md2: bad number of fields: syz=11 kernel=9 +0984: struct erspan_md2: bad size: syz=16 kernel=8 +0986: field erspan_md2.version/sgt: bad size: syz=4 kernel=2 +0987: field erspan_md2.timestamp/hwid_upper: bad bit size/offset: syz=0/0 kernel=2/0 +0987: field erspan_md2.timestamp/hwid_upper: bad offset: syz=8 kernel=6 +0987: field erspan_md2.timestamp/hwid_upper: bad size: syz=4 kernel=1 +0988: field erspan_md2.sgt/ft: bad bit size/offset: syz=0/0 kernel=5/2 +0988: field erspan_md2.sgt/ft: bad offset: syz=12 kernel=6 +0988: field erspan_md2.sgt/ft: bad size: syz=2 kernel=1 +0989: field erspan_md2.hwid_upper/p: bad bit size/offset: syz=2/0 kernel=1/7 +0989: field erspan_md2.hwid_upper/p: bad offset: syz=14 kernel=6 +0990: field erspan_md2.ft/o: bad bit size/offset: syz=5/2 kernel=1/0 +0990: field erspan_md2.ft/o: bad offset: syz=14 kernel=7 +0991: field erspan_md2.p/gra: bad bit size/offset: syz=1/7 kernel=2/1 +0991: field erspan_md2.p/gra: bad offset: syz=14 kernel=7 +0992: field erspan_md2.o/dir: bad bit size/offset: syz=1/0 kernel=1/3 +0992: field erspan_md2.o/dir: bad offset: syz=15 kernel=7 +0993: field erspan_md2.gra/hwid: bad bit size/offset: syz=2/1 kernel=4/4 +0993: field erspan_md2.gra/hwid: bad offset: syz=15 kernel=7 +1102: struct icmp_timestamp_packet: no corresponding struct in kernel +1113: struct icmp_timestamp_reply_packet: no corresponding struct in kernel +1124: struct icmp_info_request_packet: no corresponding struct in kernel +1132: struct icmp_info_reply_packet: no corresponding struct in kernel +1140: struct icmp_address_request_packet: no corresponding struct in kernel +1147: struct icmp_address_reply_packet: no corresponding struct in kernel +1255: struct icmpv6_mld_packet: no corresponding struct in kernel +1371: struct dccp_header: no corresponding struct in kernel +1427: struct mpls_label: bad number of fields: syz=4 kernel=1 +1428: field mpls_label.label/entry: bad bit size/offset: syz=20/0 kernel=0/0 +1528: struct tipc_name_distributor_hdr: no corresponding struct in kernel +1563: struct tipc_name_publication: no corresponding struct in kernel diff --git a/sys/linux/vusb.txt.warn b/sys/linux/vusb.txt.warn new file mode 100644 index 000000000000..8bbdbd285e44 --- /dev/null +++ b/sys/linux/vusb.txt.warn @@ -0,0 +1,33 @@ +0188: struct vusb_connect_string_descriptor: no corresponding struct in kernel +0193: struct vusb_descriptors: no corresponding struct in kernel +0221: struct vusb_responses: no corresponding struct in kernel +0329: struct usb_wireless_cap_descriptor: no corresponding struct in kernel +0346: struct usb_ext_cap_descriptor: bad number of fields: syz=7 kernel=4 +0351: field usb_ext_cap_descriptor.bmAttributes1/bmAttributes: bad bit size/offset: syz=8/0 kernel=0/0 +0443: struct usb_hub_descriptor_hs: no corresponding struct in kernel +0456: struct usb_hub_descriptor_ss: no corresponding struct in kernel +0535: struct usb_endpoint_descriptor_hid_in: no corresponding struct in kernel +0539: struct usb_endpoint_descriptor_hid_out: no corresponding struct in kernel +0547: struct vusb_descriptors_hid: no corresponding struct in kernel +0559: struct vusb_responses_hid: no corresponding struct in kernel +0573: struct usb_hid_descriptor_hid: no corresponding struct in kernel +0584: struct usb_hid_class_descriptor_report: no corresponding struct in kernel +0667: struct usb_endpoint_descriptor_printer_out: no corresponding struct in kernel +0671: struct usb_endpoint_descriptor_printer_in: no corresponding struct in kernel +0679: struct vusb_descriptors_printer: no corresponding struct in kernel +0686: struct vusb_responses_printer: no corresponding struct in kernel +0738: struct usb_endpoint_descriptor_cdc_ecm_notify: no corresponding struct in kernel +0742: struct usb_endpoint_descriptor_cdc_ecm_in: no corresponding struct in kernel +0746: struct usb_endpoint_descriptor_cdc_ecm_out: no corresponding struct in kernel +0871: struct usb_cdc_ecm_mbm_guid: no corresponding struct in kernel +0927: struct vusb_descriptors_cdc_ecm: no corresponding struct in kernel +0935: struct usb_cdc_ecm_mac: no corresponding struct in kernel +0942: struct vusb_responses_cdc_ecm: no corresponding struct in kernel +0976: struct usb_endpoint_descriptors_cdc_ncm_data: no corresponding struct in kernel +1005: struct vusb_descriptors_cdc_ncm: no corresponding struct in kernel +1013: struct vusb_responses_cdc_ncm: no corresponding struct in kernel +1107: struct uac1_ac_header_descriptor_2: no corresponding struct in kernel +1262: struct uac_as_out_endpoint_descriptor: no corresponding struct in kernel +1266: struct uac_as_in_endpoint_descriptor: no corresponding struct in kernel +1288: struct vusb_descriptors_uac1: no corresponding struct in kernel +1295: struct vusb_responses_uac1: no corresponding struct in kernel diff --git a/sys/linux/xattr.txt.warn b/sys/linux/xattr.txt.warn new file mode 100644 index 000000000000..15ed8ee27baf --- /dev/null +++ b/sys/linux/xattr.txt.warn @@ -0,0 +1,5 @@ +0080: struct vfs_cap_data_v1: no corresponding struct in kernel +0096: struct vfs_cap_elem: no corresponding struct in kernel +0133: struct evm_ima_xattr_digest_md5: no corresponding struct in kernel +0138: struct evm_ima_xattr_digest_sha1: no corresponding struct in kernel +0169: struct xattr_overlay_nlink: no corresponding struct in kernel diff --git a/tools/syz-check/check.go b/tools/syz-check/check.go new file mode 100644 index 000000000000..bde088a78472 --- /dev/null +++ b/tools/syz-check/check.go @@ -0,0 +1,228 @@ +// Copyright 2019 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +// syz-check does best-effort static correctness checking of the syscall descriptions in sys/os/*.txt. +// Use: +// $ go install ./tools/syz-check +// $ syz-check -obj /linux/vmlinux +// Currently it works only for linux and only for one arch at a time. +// The vmlinux files should include debug info and enable all relevant configs (since we parse dwarf). +// The results are produced in sys/os/*.warn files. +// On implementation level syz-check parses vmlinux dwarf, extracts struct descriptions +// and compares them with what we have (size, fields, alignment, etc). +package main + +import ( + "bytes" + "debug/dwarf" + "flag" + "fmt" + "os" + "path/filepath" + "runtime" + "runtime/pprof" + "sort" + + "github.com/google/syzkaller/pkg/ast" + "github.com/google/syzkaller/pkg/compiler" + "github.com/google/syzkaller/pkg/osutil" + "github.com/google/syzkaller/prog" + "github.com/google/syzkaller/sys/targets" +) + +func main() { + var ( + flagOS = flag.String("os", runtime.GOOS, "OS") + flagArch = flag.String("arch", runtime.GOARCH, "arch") + flagKernelObject = flag.String("obj", "", "kernel object file") + flagCPUProfile = flag.String("cpuprofile", "", "write CPU profile to this file") + flagMEMProfile = flag.String("memprofile", "", "write memory profile to this file") + ) + flag.Parse() + if *flagCPUProfile != "" { + f, err := os.Create(*flagCPUProfile) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to create cpuprofile file: %v\n", err) + os.Exit(1) + } + defer f.Close() + if err := pprof.StartCPUProfile(f); err != nil { + fmt.Fprintf(os.Stderr, "failed to start cpu profile: %v\n", err) + os.Exit(1) + } + defer pprof.StopCPUProfile() + } + if *flagMEMProfile != "" { + defer func() { + f, err := os.Create(*flagMEMProfile) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to create memprofile file: %v\n", err) + os.Exit(1) + } + defer f.Close() + runtime.GC() + if err := pprof.WriteHeapProfile(f); err != nil { + fmt.Fprintf(os.Stderr, "failed to write mem profile: %v\n", err) + os.Exit(1) + } + }() + } + if err := check(*flagOS, *flagArch, *flagKernelObject); err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } +} + +func check(OS, arch, obj string) error { + structs, err := parseKernelObject(obj) + if err != nil { + return err + } + structDescs, locs, err := parseDescriptions(OS, arch) + if err != nil { + return err + } + warnings, err := checkImpl(structs, structDescs, locs) + if err != nil { + return err + } + return writeWarnings(OS, arch, warnings) +} + +func writeWarnings(OS, arch string, warnings map[string][]string) error { + allFiles, err := filepath.Glob(filepath.Join("sys", OS, "*.warn")) + if err != nil { + return err + } + toRemove := make(map[string]bool) + for _, file := range allFiles { + toRemove[file] = true + } + for file, warns := range warnings { + sort.Strings(warns) + buf := new(bytes.Buffer) + for _, warn := range warns { + fmt.Fprintf(buf, "%v\n", warn) + } + warnFile := filepath.Join("sys", OS, file+".warn") + if err := osutil.WriteFile(warnFile, buf.Bytes()); err != nil { + return err + } + delete(toRemove, warnFile) + } + for file := range toRemove { + os.Remove(file) + } + return nil +} + +func checkImpl(structs map[string]*dwarf.StructType, structDescs []*prog.KeyedStruct, + locs map[string]*ast.Struct) (map[string][]string, error) { + warnings := make(map[string][]string) + checked := make(map[string]bool) + for _, str := range structDescs { + typ := str.Desc + if typ.Varlen() { + continue + } + astStruct := locs[typ.Name()] + if astStruct == nil { + // TODO: that's a template. Handle templates. + continue + } + if checked[typ.Name()] { + continue + } + checked[typ.Name()] = true + + if err := checkStruct(warnings, typ, astStruct, structs[typ.Name()]); err != nil { + return nil, err + } + + } + return warnings, nil +} + +func checkStruct(warnings map[string][]string, typ *prog.StructDesc, astStruct *ast.Struct, + str *dwarf.StructType) error { + warn := func(pos ast.Pos, msg string, args ...interface{}) { + warnings[pos.File] = append(warnings[pos.File], + fmt.Sprintf("%04v: ", pos.Line)+fmt.Sprintf(msg, args...)) + } + if str == nil { + warn(astStruct.Pos, "struct %v: no corresponding struct in kernel", typ.Name()) + return nil + } + if typ.Size() != uint64(str.ByteSize) { + warn(astStruct.Pos, "struct %v: bad size: syz=%v kernel=%v", typ.Name(), typ.Size(), str.ByteSize) + } + // TODO: handle unions, currently we should report some false errors. + ai := 0 + offset := uint64(0) + for _, field := range typ.Fields { + if prog.IsPad(field) { + offset += field.Size() + continue + } + if ai < len(str.Field) { + fld := str.Field[ai] + if field.Size() != uint64(fld.Type.Size()) { + warn(astStruct.Fields[ai].Pos, "field %v.%v/%v: bad size: syz=%v kernel=%v", + typ.Name(), field.FieldName(), fld.Name, field.Size(), fld.Type.Size()) + } + if offset != uint64(fld.ByteOffset) { + warn(astStruct.Fields[ai].Pos, "field %v.%v/%v: bad offset: syz=%v kernel=%v", + typ.Name(), field.FieldName(), fld.Name, offset, fld.ByteOffset) + } + // How would you define bitfield offset? + // Offset of the beginning of the field from the beginning of the memory location, right? + // No, DWARF defines it as offset of the end of the field from the end of the memory location. + offset := fld.Type.Size()*8 - fld.BitOffset - fld.BitSize + if fld.BitSize == 0 { + // And to make things even more interesting this calculation + // does not work for normal variables. + offset = 0 + } + if field.BitfieldLength() != uint64(fld.BitSize) || + field.BitfieldOffset() != uint64(offset) { + warn(astStruct.Fields[ai].Pos, "field %v.%v/%v: bad bit size/offset: syz=%v/%v kernel=%v/%v", + typ.Name(), field.FieldName(), fld.Name, + field.BitfieldLength(), field.BitfieldOffset(), + fld.BitSize, offset) + } + } + ai++ + if !field.BitfieldMiddle() { + offset += field.Size() + } + } + if ai != len(str.Field) { + warn(astStruct.Pos, "struct %v: bad number of fields: syz=%v kernel=%v", typ.Name(), ai, len(str.Field)) + } + return nil +} + +func parseDescriptions(OS, arch string) ([]*prog.KeyedStruct, map[string]*ast.Struct, error) { + eh := func(pos ast.Pos, msg string) {} + top := ast.ParseGlob(filepath.Join("sys", OS, "*.txt"), eh) + if top == nil { + return nil, nil, fmt.Errorf("failed to parse txt files") + } + consts := compiler.DeserializeConstsGlob(filepath.Join("sys", OS, "*_"+arch+".const"), eh) + if consts == nil { + return nil, nil, fmt.Errorf("failed to parse const files") + } + prg := compiler.Compile(top, consts, targets.Get(OS, arch), eh) + if prg == nil { + return nil, nil, fmt.Errorf("failed to compile descriptions") + } + prog.RestoreLinks(prg.Syscalls, prg.Resources, prg.StructDescs) + locs := make(map[string]*ast.Struct) + for _, decl := range top.Nodes { + switch n := decl.(type) { + case *ast.Struct: + locs[n.Name.Name] = n + } + } + return prg.StructDescs, locs, nil +} diff --git a/tools/syz-check/dwarf.go b/tools/syz-check/dwarf.go new file mode 100644 index 000000000000..adda9817344a --- /dev/null +++ b/tools/syz-check/dwarf.go @@ -0,0 +1,202 @@ +// Copyright 2019 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +package main + +import ( + "debug/dwarf" + "debug/elf" + "fmt" + "runtime" + "strings" +) + +func parseKernelObject(obj string) (map[string]*dwarf.StructType, error) { + file, err := elf.Open(obj) + if err != nil { + return nil, err + } + var sections []*elf.Section + for _, sec := range file.Sections { + // We don't need these for our purposes and dropping them speeds up parsing a lot. + //nolint:misspell + if sec.Name == ".debug_line" || strings.HasPrefix(sec.Name, ".rela.") { + continue + } + sections = append(sections, sec) + } + file.Sections = sections + debugInfo, err := file.DWARF() + if err != nil { + return nil, err + } + // DWARF parsing in Go is slow, so we parallelize it as much as possible. + // First stage extracts top-level compilation units and sends them over unitc. + // Next parallel stage consumes units, extracts struct offsets and sends them over offsetc. + // Next parallel stage consumes offsets, extracts struct types and sends them over structc. + // Last stage consumes structs, deduplicates them and builds the resulting map. + numProcs := runtime.GOMAXPROCS(0) + numTypes := numProcs/8 + 1 + buffer := 100 * numProcs + unitc := make(chan Unit, buffer) + offsetc := make(chan []dwarf.Offset, buffer) + structc := make(chan []*dwarf.StructType, buffer) + errc := make(chan error) + + go extractCompilationUnits(debugInfo, unitc, errc) + + uniterrc := make(chan error, numProcs) + for p := 0; p < numProcs; p++ { + go extractOffsets(debugInfo, unitc, offsetc, uniterrc) + } + go func() { + var err error + for p := 0; p < numProcs; p++ { + if err1 := <-uniterrc; err1 != nil { + err = err1 + } + } + close(offsetc) + errc <- err + }() + + structerrc := make(chan error, numTypes) + for p := 0; p < numTypes; p++ { + // Only parallel extraction of types races with each other, + // so we can reuse debugInfo for one of the goroutines. + debugInfo1 := debugInfo + if p != 0 { + debugInfo1 = nil + } + go extractStructs(file, debugInfo1, offsetc, structc, structerrc) + } + go func() { + var err error + for p := 0; p < numTypes; p++ { + if err1 := <-structerrc; err1 != nil { + err = err1 + } + } + close(structc) + errc <- err + }() + + result := make(map[string]*dwarf.StructType) + go func() { + for structs := range structc { + for _, str := range structs { + result[str.StructName] = str + } + } + errc <- nil + }() + + for i := 0; i < 4; i++ { + if err := <-errc; err != nil { + return nil, err + } + } + return result, nil +} + +type Unit struct { + start dwarf.Offset + end dwarf.Offset +} + +func extractCompilationUnits(debugInfo *dwarf.Data, unitc chan Unit, errc chan error) { + defer close(unitc) + const sentinel = ^dwarf.Offset(0) + prev := sentinel + for r := debugInfo.Reader(); ; { + ent, err := r.Next() + if err != nil { + errc <- err + return + } + if ent == nil { + if prev != sentinel { + unitc <- Unit{prev, sentinel} + } + errc <- nil + break + } + if ent.Tag != dwarf.TagCompileUnit { + errc <- fmt.Errorf("found unexpected tag %v on top level", ent.Tag) + return + } + if prev != sentinel { + unitc <- Unit{prev, ent.Offset} + } + prev = ent.Offset + r.SkipChildren() + } +} + +func extractOffsets(debugInfo *dwarf.Data, unitc chan Unit, offsetc chan []dwarf.Offset, errc chan error) { + r := debugInfo.Reader() + var offsets []dwarf.Offset + for unit := range unitc { + r.Seek(unit.start) + for { + ent, err := r.Next() + if err != nil { + errc <- err + return + } + if ent == nil || ent.Offset >= unit.end { + break + } + if ent.Tag == dwarf.TagStructType || ent.Tag == dwarf.TagTypedef { + offsets = append(offsets, ent.Offset) + } + if ent.Tag != dwarf.TagCompileUnit { + r.SkipChildren() + } + } + offsetc <- offsets + offsets = make([]dwarf.Offset, 0, len(offsets)) + } + errc <- nil +} + +func extractStructs(file *elf.File, debugInfo *dwarf.Data, offsetc chan []dwarf.Offset, + structc chan []*dwarf.StructType, errc chan error) { + if debugInfo == nil { + var err error + debugInfo, err = file.DWARF() + if err != nil { + errc <- err + return + } + } + var structs []*dwarf.StructType + appendStruct := func(str *dwarf.StructType) { + if str.StructName != "" && str.ByteSize > 0 { + structs = append(structs, str) + } + } + for offsets := range offsetc { + for _, off := range offsets { + typ1, err := debugInfo.Type(off) + if err != nil { + errc <- err + return + } + switch typ := typ1.(type) { + case *dwarf.StructType: + appendStruct(typ) + case *dwarf.TypedefType: + if str, ok := typ.Type.(*dwarf.StructType); ok { + str.StructName = typ.Name + appendStruct(str) + } + default: + errc <- fmt.Errorf("got not struct/typedef") + } + } + structc <- structs + structs = make([]*dwarf.StructType, 0, len(structs)) + } + errc <- nil +}