The image is (gunzip it after download): https://storage.googleapis.com/syzkaller/images/buildroot-arm64-2020.11.gz
Kernel: https://storage.googleapis.com/syzkaller/temp/arm64-Image
qemu command line:
qemu-system-aarch64 \ -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \ -device virtio-blk-device,drive=hd0 \ -drive if=none,format=raw,id=hd0,file=buildroot-arm64-2020.11 \ -kernel arm64-Image \ -nographic \ -device virtio-rng-pci \ -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \ -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon"
Reproducer:
#include <stdlib.h> #include <string.h> #include <sys/syscall.h> #include <sys/types.h> #include <unistd.h>
int main(void) { int fd = syscall(__NR_openat, 0xffffffffffffff9cul, "/dev/ttyS3", 0ul, 0ul); char ch = 0; syscall(__NR_ioctl, fd, 0x5412, &ch); // TIOCSTI return 0; }
Build with: arch64-linux-gnu-gcc prog.c -static
scp to the VM and run. The image has password-less root ssh.
The image is (gunzip it after download): /storage. googleapis. com/syzkaller/ images/ buildroot- arm64-2020. 11.gz
https:/
Kernel: /storage. googleapis. com/syzkaller/ temp/arm64- Image
https:/
qemu command line:
qemu-system-aarch64 \ tion=on, graphics= on,usb= on -cpu cortex-a57 -smp 2 -m 2G \ blk-device, drive=hd0 \ format= raw,id= hd0,file= buildroot- arm64-2020. 11 \ 10.0.2. 10,hostfwd= tcp::10022- :22 -net nic,model= virtio- net-pci \
-machine virt,virtualiza
-device virtio-
-drive if=none,
-kernel arm64-Image \
-nographic \
-device virtio-rng-pci \
-net user,host=
-append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon"
Reproducer:
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
int main(void) __NR_openat, 0xfffffffffffff f9cul, "/dev/ttyS3", 0ul, 0ul); __NR_ioctl, fd, 0x5412, &ch); // TIOCSTI
{
int fd = syscall(
char ch = 0;
syscall(
return 0;
}
Build with: linux-gnu- gcc prog.c -static
arch64-
scp to the VM and run. The image has password-less root ssh.