From e8823ffcb46cddbe95f4c20fe0247e8c4d88fd12 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Tue, 13 Oct 2020 21:59:07 -0700
Subject: [PATCH 1/4] trusty: fuzz: Helper library

Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: Ife058ca25417e6bee4bf593b10a4e7e4000f9f2f
---
 trusty/fuzz/Android.bp                  |  42 +++++++++
 trusty/fuzz/include/trusty/fuzz/utils.h |  48 +++++++++++
 trusty/fuzz/utils.cpp                   | 109 ++++++++++++++++++++++++
 3 files changed, 199 insertions(+)
 create mode 100644 trusty/fuzz/Android.bp
 create mode 100644 trusty/fuzz/include/trusty/fuzz/utils.h
 create mode 100644 trusty/fuzz/utils.cpp

diff --git a/trusty/fuzz/Android.bp b/trusty/fuzz/Android.bp
new file mode 100644
index 000000000..969431ce2
--- /dev/null
+++ b/trusty/fuzz/Android.bp
@@ -0,0 +1,42 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+    name: "trusty_fuzzer_defaults",
+    static_libs: [
+        "libtrusty_fuzz_utils",
+    ],
+    shared_libs: [
+        "libbase",
+        "liblog",
+    ],
+    cflags: [
+        "-Wall",
+        "-Werror",
+    ],
+    fuzz_config: {
+        fuzz_on_haiku_device: false,
+        fuzz_on_haiku_host: false,
+    },
+}
+
+cc_library {
+    name: "libtrusty_fuzz_utils",
+    srcs: ["utils.cpp"],
+    export_include_dirs: ["include"],
+    shared_libs: [
+        "libbase",
+        "liblog",
+    ],
+}
diff --git a/trusty/fuzz/include/trusty/fuzz/utils.h b/trusty/fuzz/include/trusty/fuzz/utils.h
new file mode 100644
index 000000000..7418927ad
--- /dev/null
+++ b/trusty/fuzz/include/trusty/fuzz/utils.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+#include <android-base/result.h>
+#include <android-base/unique_fd.h>
+
+#define TIPC_MAX_MSG_SIZE PAGE_SIZE
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+class TrustyApp {
+  public:
+    TrustyApp(std::string tipc_dev, std::string ta_port);
+
+    android::base::Result<void> Connect();
+    android::base::Result<void> Read(void* buf, size_t len);
+    android::base::Result<void> Write(const void* buf, size_t len);
+
+    android::base::Result<int> GetRawFd();
+
+  private:
+    std::string tipc_dev_;
+    std::string ta_port_;
+    android::base::unique_fd ta_fd_;
+};
+
+}  // namespace fuzz
+}  // namespace trusty
+}  // namespace android
diff --git a/trusty/fuzz/utils.cpp b/trusty/fuzz/utils.cpp
new file mode 100644
index 000000000..a389e0b61
--- /dev/null
+++ b/trusty/fuzz/utils.cpp
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2020 The Android Open Sourete Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "trusty-fuzz-utils"
+
+#include <trusty/fuzz/utils.h>
+
+#include <android-base/logging.h>
+#include <android-base/unique_fd.h>
+#include <linux/ioctl.h>
+#include <linux/types.h>
+#include <linux/uio.h>
+
+using android::base::ErrnoError;
+using android::base::Error;
+using android::base::Result;
+using android::base::unique_fd;
+
+#define TIPC_IOC_MAGIC 'r'
+#define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)
+
+static const size_t kTimeoutSeconds = 5;
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+TrustyApp::TrustyApp(std::string tipc_dev, std::string ta_port)
+    : tipc_dev_(tipc_dev), ta_port_(ta_port), ta_fd_(-1) {}
+
+Result<void> TrustyApp::Connect() {
+    /*
+     * TODO: We can't use libtrusty because (yet)
+     * (1) cc_fuzz can't deal with vendor components (b/170753563)
+     * (2) We need non-blocking behavior to detect Trusty going down.
+     * (we could implement the timeout in the fuzzing code though, as
+     * it needs to be around the call to read())
+     */
+    alarm(kTimeoutSeconds);
+    int fd = open(tipc_dev_.c_str(), O_RDWR);
+    alarm(0);
+    if (fd < 0) {
+        return ErrnoError() << "failed to open TIPC device: ";
+    }
+    ta_fd_.reset(fd);
+
+    // This ioctl will time out in the kernel if it can't connect.
+    int rc = TEMP_FAILURE_RETRY(ioctl(ta_fd_, TIPC_IOC_CONNECT, ta_port_.c_str()));
+    if (rc < 0) {
+        return ErrnoError() << "failed to connect to TIPC service: ";
+    }
+
+    return {};
+}
+
+Result<void> TrustyApp::Read(void* buf, size_t len) {
+    if (ta_fd_ == -1) {
+        return Error() << "TA is not connected to yet: ";
+    }
+
+    alarm(kTimeoutSeconds);
+    int rc = read(ta_fd_, buf, len);
+    alarm(0);
+    if (rc < 0) {
+        return Error() << "failed to read TIPC message from TA: ";
+    }
+
+    return {};
+}
+
+Result<void> TrustyApp::Write(const void* buf, size_t len) {
+    if (ta_fd_ == -1) {
+        return Error() << "TA is not connected to yet: ";
+    }
+
+    alarm(kTimeoutSeconds);
+    int rc = write(ta_fd_, buf, len);
+    alarm(0);
+    if (rc < 0) {
+        return Error() << "failed to read TIPC message from TA: ";
+    }
+
+    return {};
+}
+
+Result<int> TrustyApp::GetRawFd() {
+    if (ta_fd_ == -1) {
+        return Error() << "TA is not connected to yet: ";
+    }
+
+    return ta_fd_;
+}
+
+}  // namespace fuzz
+}  // namespace trusty
+}  // namespace android

From 10ffc3417df3c781e8a1f9cf3de0e4f66a51a45b Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Tue, 13 Oct 2020 22:05:09 -0700
Subject: [PATCH 2/4] trusty: Fuzzer for Gatekeeper TA

Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: If55b93b1a15c5bd9a1148ff54a859635a6e7290c
---
 trusty/gatekeeper/fuzz/Android.bp | 19 +++++++++++
 trusty/gatekeeper/fuzz/fuzz.cpp   | 53 +++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 trusty/gatekeeper/fuzz/Android.bp
 create mode 100644 trusty/gatekeeper/fuzz/fuzz.cpp

diff --git a/trusty/gatekeeper/fuzz/Android.bp b/trusty/gatekeeper/fuzz/Android.bp
new file mode 100644
index 000000000..27605aaa7
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/Android.bp
@@ -0,0 +1,19 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_fuzz {
+    name: "trusty_gatekeeper_fuzzer",
+    defaults: ["trusty_fuzzer_defaults"],
+    srcs: ["fuzz.cpp"],
+}
diff --git a/trusty/gatekeeper/fuzz/fuzz.cpp b/trusty/gatekeeper/fuzz/fuzz.cpp
new file mode 100644
index 000000000..b1f643f94
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/fuzz.cpp
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#undef NDEBUG
+
+#include <assert.h>
+#include <log/log.h>
+#include <stdlib.h>
+#include <trusty/fuzz/utils.h>
+#include <unistd.h>
+
+#define TIPC_DEV "/dev/trusty-ipc-dev0"
+#define GATEKEEPER_PORT "com.android.trusty.gatekeeper"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    static uint8_t buf[TIPC_MAX_MSG_SIZE];
+
+    android::trusty::fuzz::TrustyApp ta(TIPC_DEV, GATEKEEPER_PORT);
+
+    auto ret = ta.Connect();
+    /*
+     * If we can't connect, then assume TA crashed.
+     * TODO: Get some more info, e.g. stacks, to help Haiku dedup crashes.
+     */
+    assert(ret.ok());
+
+    /* Send message to test server */
+    ret = ta.Write(data, size);
+    if (!ret.ok()) {
+        return -1;
+    }
+
+    /* Read message from test server */
+    ret = ta.Read(&buf, sizeof(buf));
+    if (!ret.ok()) {
+        return -1;
+    }
+
+    return 0;
+}

From 6c0fb906f662ae9a5116acf2a10ba6c4c7beed96 Mon Sep 17 00:00:00 2001
From: Stephen Crane <sjc@immunant.com>
Date: Tue, 13 Oct 2020 22:05:09 -0700
Subject: [PATCH 3/4] trusty: Add corpus for gatekeeper fuzzer

Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: I30bb2844972df952d853f0809e2eb8d5b5a1dd9c
---
 trusty/gatekeeper/fuzz/Android.bp                 |   5 +++++
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr | Bin 0 -> 154 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0 | Bin 0 -> 154 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8 | Bin 0 -> 122 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ | Bin 0 -> 154 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu | Bin 0 -> 92 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10 | Bin 0 -> 92 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa | Bin 0 -> 122 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v | Bin 0 -> 122 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV | Bin 0 -> 154 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21 | Bin 0 -> 154 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX | Bin 0 -> 122 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9 | Bin 0 -> 122 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-moapss | Bin 0 -> 154 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb | Bin 0 -> 92 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq | Bin 0 -> 122 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF | Bin 0 -> 60 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x | Bin 0 -> 122 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS | Bin 0 -> 154 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My | Bin 0 -> 78 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af | Bin 0 -> 78 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-amyF62 | Bin 0 -> 78 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5 | Bin 0 -> 90 bytes
 .../gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn | Bin 0 -> 78 bytes
 37 files changed, 5 insertions(+)
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5
 create mode 100644 trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn

diff --git a/trusty/gatekeeper/fuzz/Android.bp b/trusty/gatekeeper/fuzz/Android.bp
index 27605aaa7..7ffa77674 100644
--- a/trusty/gatekeeper/fuzz/Android.bp
+++ b/trusty/gatekeeper/fuzz/Android.bp
@@ -16,4 +16,9 @@ cc_fuzz {
     name: "trusty_gatekeeper_fuzzer",
     defaults: ["trusty_fuzzer_defaults"],
     srcs: ["fuzz.cpp"],
+
+    // The initial corpus for this fuzzer was derived by dumping messages from
+    // the `secure_env` emulator interface for cuttlefish while enrolling a new
+    // password in the emulator.
+    corpus: ["corpus/*"],
 }
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr
new file mode 100644
index 0000000000000000000000000000000000000000..f3c1f79b7ac513cffebd184f8aaa7a29f67f9443
GIT binary patch
literal 154
zcmZQ%U|^U8#2~PsjS<2Cl2$;>bdAYb*iwA$6qqpM^e^70_<qmt)sW)X@?z?Kl(qf$
zG~@Kt*bVM15ndbaZ`qf8JHh$I4F(6GZo$=tPg3^Q1U%U`m0^p&y`V~C9Q*tT^YT5v
sf2YQ8JNcV&#m2@h4<p!omwHxfRK1ikc`H?Ux<N8^zx3lMgOaj?0Q*Na#Q*>R

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0
new file mode 100644
index 0000000000000000000000000000000000000000..b3e65859f13d657690fbe60d307b66acf13ae6f7
GIT binary patch
literal 154
zcmZQ%U|^U8#2~PsjS<2Cl2$;>)Ti{kSW@fnMwoEX>Z-CtC8n)rrP=Eyt>hQ|bo?Rv
z-+~@4_Mj_&_kNiDb@swD0$g&J6B!(Ux@B&?yK|MPDp6HV=tcaxCGRdZ-rm17OVR4C
tcVGANX@6}(j&-XmaQ&EADZJI;d(8>WgU<w}O}ij=&E!edgS3K~H2^nhJJ<jK

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8
new file mode 100644
index 0000000000000000000000000000000000000000..1cec4138901a20cd4f6f44509030fb01002240a0
GIT binary patch
literal 122
zcmZQ%U|=W$Vsu~y6kysSmhr=TuA4a{RCe04^R;T%rcIt3IgyjoxNNb&yRStRQ(Sa8
z=6!iyrx$+K%)&x$UMb&J1_hvo8A=VUe`hlI_i_g6&V0G!I>YgZOU<(m>@(#rs4{&r
G{~!R?$|m~&

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ
new file mode 100644
index 0000000000000000000000000000000000000000..85d38c710efb6160c2f126cc9474f500d5da56c1
GIT binary patch
literal 154
zcmZQ%U|^U8#2~PsjS<2Cl2$;>Bwp{a$?4ePZ!lqtmru|C6`sVp>Ydr=JKth2|KvaI
z(RN=}*>d7tsb!40$NnZ=uwLWjF2>*h)ZMu{r1s#Awg1hh|M#2gK6l;0z6{x(nelcv
t>+(~r7c5`1zA$|)li<6Y_p{aRB$;Rb_gO3SpuUYcb%#}V_u{WsDgZ6PJmCNU

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu
new file mode 100644
index 0000000000000000000000000000000000000000..f8e146720519d0fe41d60ef2cb04d13ff9966454
GIT binary patch
literal 92
zcmZQzU|<LVVh~u+#>n6Rq-AcsyK|MPDp6HV=tcaxCGRdZ-rm17OVR4CcVGANX@6}(
pj&-XmaQ&EADZJI;d(8>WgU<w}O}ij=&E!edgS3K~H6XJ<007_SBX|G+

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10
new file mode 100644
index 0000000000000000000000000000000000000000..c221077c1136699f3b50a3e0b5a84b5e1eb283f4
GIT binary patch
literal 92
zcmZQzU|<LVVh~u+#>n6Rq&ruK)E>OC_P_b`|9*4b=dL^0mm%9TGv4lIU4E+dg5_)0
p7pAXe5`35Qezw}3B=hY5K5K;@)VDFG?y&0aUi{Tc1!NWo008zEBE<jz

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa
new file mode 100644
index 0000000000000000000000000000000000000000..1cec4138901a20cd4f6f44509030fb01002240a0
GIT binary patch
literal 122
zcmZQ%U|=W$Vsu~y6kysSmhr=TuA4a{RCe04^R;T%rcIt3IgyjoxNNb&yRStRQ(Sa8
z=6!iyrx$+K%)&x$UMb&J1_hvo8A=VUe`hlI_i_g6&V0G!I>YgZOU<(m>@(#rs4{&r
G{~!R?$|m~&

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v
new file mode 100644
index 0000000000000000000000000000000000000000..1cec4138901a20cd4f6f44509030fb01002240a0
GIT binary patch
literal 122
zcmZQ%U|=W$Vsu~y6kysSmhr=TuA4a{RCe04^R;T%rcIt3IgyjoxNNb&yRStRQ(Sa8
z=6!iyrx$+K%)&x$UMb&J1_hvo8A=VUe`hlI_i_g6&V0G!I>YgZOU<(m>@(#rs4{&r
G{~!R?$|m~&

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV
new file mode 100644
index 0000000000000000000000000000000000000000..f3c1f79b7ac513cffebd184f8aaa7a29f67f9443
GIT binary patch
literal 154
zcmZQ%U|^U8#2~PsjS<2Cl2$;>bdAYb*iwA$6qqpM^e^70_<qmt)sW)X@?z?Kl(qf$
zG~@Kt*bVM15ndbaZ`qf8JHh$I4F(6GZo$=tPg3^Q1U%U`m0^p&y`V~C9Q*tT^YT5v
sf2YQ8JNcV&#m2@h4<p!omwHxfRK1ikc`H?Ux<N8^zx3lMgOaj?0Q*Na#Q*>R

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21
new file mode 100644
index 0000000000000000000000000000000000000000..f3c1f79b7ac513cffebd184f8aaa7a29f67f9443
GIT binary patch
literal 154
zcmZQ%U|^U8#2~PsjS<2Cl2$;>bdAYb*iwA$6qqpM^e^70_<qmt)sW)X@?z?Kl(qf$
zG~@Kt*bVM15ndbaZ`qf8JHh$I4F(6GZo$=tPg3^Q1U%U`m0^p&y`V~C9Q*tT^YT5v
sf2YQ8JNcV&#m2@h4<p!omwHxfRK1ikc`H?Ux<N8^zx3lMgOaj?0Q*Na#Q*>R

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX
new file mode 100644
index 0000000000000000000000000000000000000000..1cec4138901a20cd4f6f44509030fb01002240a0
GIT binary patch
literal 122
zcmZQ%U|=W$Vsu~y6kysSmhr=TuA4a{RCe04^R;T%rcIt3IgyjoxNNb&yRStRQ(Sa8
z=6!iyrx$+K%)&x$UMb&J1_hvo8A=VUe`hlI_i_g6&V0G!I>YgZOU<(m>@(#rs4{&r
G{~!R?$|m~&

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9
new file mode 100644
index 0000000000000000000000000000000000000000..1cec4138901a20cd4f6f44509030fb01002240a0
GIT binary patch
literal 122
zcmZQ%U|=W$Vsu~y6kysSmhr=TuA4a{RCe04^R;T%rcIt3IgyjoxNNb&yRStRQ(Sa8
z=6!iyrx$+K%)&x$UMb&J1_hvo8A=VUe`hlI_i_g6&V0G!I>YgZOU<(m>@(#rs4{&r
G{~!R?$|m~&

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss
new file mode 100644
index 0000000000000000000000000000000000000000..85d38c710efb6160c2f126cc9474f500d5da56c1
GIT binary patch
literal 154
zcmZQ%U|^U8#2~PsjS<2Cl2$;>Bwp{a$?4ePZ!lqtmru|C6`sVp>Ydr=JKth2|KvaI
z(RN=}*>d7tsb!40$NnZ=uwLWjF2>*h)ZMu{r1s#Awg1hh|M#2gK6l;0z6{x(nelcv
t>+(~r7c5`1zA$|)li<6Y_p{aRB$;Rb_gO3SpuUYcb%#}V_u{WsDgZ6PJmCNU

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb
new file mode 100644
index 0000000000000000000000000000000000000000..09f9d746e17a5d245c00c633336344a34ee3b1cd
GIT binary patch
literal 92
zcmZQzU|<LVVh~u+#>n6Rqy<+SK1tbI6Yyl)RE917_JS&naqROW%**%u{+$}X?c{I9
o6&oA3Jd9xTUFun_QT0;F<gHZY=?2Nv{nC%43`)ulg3JN|09;}qGXMYp

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq
new file mode 100644
index 0000000000000000000000000000000000000000..1cec4138901a20cd4f6f44509030fb01002240a0
GIT binary patch
literal 122
zcmZQ%U|=W$Vsu~y6kysSmhr=TuA4a{RCe04^R;T%rcIt3IgyjoxNNb&yRStRQ(Sa8
z=6!iyrx$+K%)&x$UMb&J1_hvo8A=VUe`hlI_i_g6&V0G!I>YgZOU<(m>@(#rs4{&r
G{~!R?$|m~&

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF
new file mode 100644
index 0000000000000000000000000000000000000000..d42956deba739499e5bc8bac2adc335bb97d422d
GIT binary patch
literal 60
zcmZQzU|=u-Vi-^WGG-_>wEmsR;NQy`s5|rJj_VA^BQ7=1I<U`_zo5$W$^3&bwE&HY
B5K#aC

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x
new file mode 100644
index 0000000000000000000000000000000000000000..1cec4138901a20cd4f6f44509030fb01002240a0
GIT binary patch
literal 122
zcmZQ%U|=W$Vsu~y6kysSmhr=TuA4a{RCe04^R;T%rcIt3IgyjoxNNb&yRStRQ(Sa8
z=6!iyrx$+K%)&x$UMb&J1_hvo8A=VUe`hlI_i_g6&V0G!I>YgZOU<(m>@(#rs4{&r
G{~!R?$|m~&

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS
new file mode 100644
index 0000000000000000000000000000000000000000..f3c1f79b7ac513cffebd184f8aaa7a29f67f9443
GIT binary patch
literal 154
zcmZQ%U|^U8#2~PsjS<2Cl2$;>bdAYb*iwA$6qqpM^e^70_<qmt)sW)X@?z?Kl(qf$
zG~@Kt*bVM15ndbaZ`qf8JHh$I4F(6GZo$=tPg3^Q1U%U`m0^p&y`V~C9Q*tT^YT5v
sf2YQ8JNcV&#m2@h4<p!omwHxfRK1ikc`H?Ux<N8^zx3lMgOaj?0Q*Na#Q*>R

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi
new file mode 100644
index 0000000000000000000000000000000000000000..08b3449141ed6b6764c29f8f3d0942c7008376d7
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lY!wHle4g;_}VE*VvHcR<Q}JgNMhKT0744|?f?J)

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc
new file mode 100644
index 0000000000000000000000000000000000000000..55074005211e130495e3456e8750b36fc2d766d7
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lY!wHle4g;_}VE*VvHcR<le_`ki@Vv0aeZhegFUf

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG
new file mode 100644
index 0000000000000000000000000000000000000000..ffa74cb7c195966ffe2f497cfb727147813b1a58
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYwE2SjG?Uxo+l2VvHcR<lbuyNMhKT0CqtJ)c^nh

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b
new file mode 100644
index 0000000000000000000000000000000000000000..21cdd9c7a25514f87ea57cd005ce129ec5a45e88
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lY!wHle4g;_}VE*VvHcR<lf^kNMhKT06y9U(f|Me

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj
new file mode 100644
index 0000000000000000000000000000000000000000..23a8c0810c10e89356e1911f056407ede6106e6b
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYwE2SjG?Uxo+l2VvHcR<lZM;NMhKT0C|4~?EnA(

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN
new file mode 100644
index 0000000000000000000000000000000000000000..1795d0982778658d1301b8371309f84ef8c507c2
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYwE2SjG?Uxo+l2VvHcR<R0fhBr)tv09(ce5&!@I

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O
new file mode 100644
index 0000000000000000000000000000000000000000..4f69edfd4d0ff4b4a511886ad6b2e741f511bef1
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYv3J-eZ%~vBTex#27(r$vsZ{ki@Vv0gx~UKmY&$

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt
new file mode 100644
index 0000000000000000000000000000000000000000..ba6d1cbcec389a781645b4897f58ac6cb80a7a2e
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYwE2SjG?Uxo+l2VvHcR<lf`SNMhKT0B~9csQ>@~

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My
new file mode 100644
index 0000000000000000000000000000000000000000..631ef79f2f959ad6ae8815340655d669f368826f
GIT binary patch
literal 78
zcmZQzU}$h-KmaQslj$0hv#_Q3+9`}samMLiyif7{p5Ln>#joYX)cq)H`|oMS>8Y_B
U+*u;LHr(H`FZp(Y^NSk{0AE@c8UO$Q

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky
new file mode 100644
index 0000000000000000000000000000000000000000..02d4820eba0fd03d0000b85ceb60700b9fbf0a85
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYwE2SjG?Uxo+l2VvHcR<R0fjBr)tv0AL0NG5`Po

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP
new file mode 100644
index 0000000000000000000000000000000000000000..6d7574fd58cb59005b8a96d90a3243b40033b67d
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYwE2SjG?Uxo+l2VvHcR<lf^+NMhKT0B|@4r~m)}

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af
new file mode 100644
index 0000000000000000000000000000000000000000..47f518dc80fc06abc0827e0ff9c96e55d1e92e1d
GIT binary patch
literal 78
zcmZQzU}$h-KmaQslc`VXd9kF{-;In=@uJmLWr<2mTg^(d*G*c<FZ${DL-xM~JzVTT
VSN`t(F#GH5g=Yk~<Sr*N006g280Y{1

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62
new file mode 100644
index 0000000000000000000000000000000000000000..3a5fdf5e8ce6b33ddcfc5a2b0091baaebe156d7e
GIT binary patch
literal 78
zcmZQzU}$h-KmaQslWB`s#t-kgZsv?o@oCS_*Q#BcHhFI3L{3iQvc&@Lz7|zXana?N
U_vLw=Uieuv3k$h<rF>f%0J9DkG5`Po

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA
new file mode 100644
index 0000000000000000000000000000000000000000..bab5da1e6826ea4b2f4499dde4d2fa30cc41c961
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lY!wHle4g;_}VE*VvHcR<lbvlNMhKT07T;j{{R30

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM
new file mode 100644
index 0000000000000000000000000000000000000000..fae917357cd23be9e7e1acd4cd08486369255f5d
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYya6>3OlF*58dtVvHcR<lZMPNMhKT0EOEJ6951J

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I
new file mode 100644
index 0000000000000000000000000000000000000000..51e36302153cf49052b25553a56ca99f5375b1bd
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYwE2SjG?Uxo+l2VvHcR<le_Wk;Jew0f-t0TL1t6

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5
new file mode 100644
index 0000000000000000000000000000000000000000..173d77eaf575e5f7dfcd2b88ca0a81ad8226515f
GIT binary patch
literal 90
ocmZQ%U}y+pKmb<+lYv3J-eZ%~vBTex#27(r$vsZ?NMhKT0Dn>j!2kdN

literal 0
HcmV?d00001

diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn
new file mode 100644
index 0000000000000000000000000000000000000000..96f9e4240b5dc9a5ef8ab11ba4fe6c32d9df5c24
GIT binary patch
literal 78
zcmZQzU}$h-KmaQslS#bZW0TXd!`~R8;ubHTp8qR6iFMUGv(I<F#a{l&f7+w%zO1t4
V#Jf_<7;}&PO}b#c#>rib0RS868l(UK

literal 0
HcmV?d00001


From 5e3a3ce0112d38fce565e6ec66bebf4197d94ce8 Mon Sep 17 00:00:00 2001
From: Stephen Crane <sjc@immunant.com>
Date: Fri, 30 Oct 2020 15:04:38 -0700
Subject: [PATCH 4/4] trusty: fuzz: dump trusty kernel logs on crash

Adds an Abort() function to the fuzzer utils library that grabs and
prints the relevant trusty kernel logs before exiting the fuzzer.

Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: I7741c7e5e0ffdc402e3d3dd9a7e5856e2a640dd2
---
 trusty/fuzz/include/trusty/fuzz/utils.h |  2 ++
 trusty/fuzz/utils.cpp                   | 45 ++++++++++++++++++++++++-
 trusty/gatekeeper/fuzz/fuzz.cpp         |  4 ++-
 3 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/trusty/fuzz/include/trusty/fuzz/utils.h b/trusty/fuzz/include/trusty/fuzz/utils.h
index 7418927ad..bca84e96d 100644
--- a/trusty/fuzz/include/trusty/fuzz/utils.h
+++ b/trusty/fuzz/include/trusty/fuzz/utils.h
@@ -43,6 +43,8 @@ class TrustyApp {
     android::base::unique_fd ta_fd_;
 };
 
+void Abort();
+
 }  // namespace fuzz
 }  // namespace trusty
 }  // namespace android
diff --git a/trusty/fuzz/utils.cpp b/trusty/fuzz/utils.cpp
index a389e0b61..240afe705 100644
--- a/trusty/fuzz/utils.cpp
+++ b/trusty/fuzz/utils.cpp
@@ -23,6 +23,9 @@
 #include <linux/ioctl.h>
 #include <linux/types.h>
 #include <linux/uio.h>
+#include <log/log_read.h>
+#include <time.h>
+#include <iostream>
 
 using android::base::ErrnoError;
 using android::base::Error;
@@ -32,7 +35,42 @@ using android::base::unique_fd;
 #define TIPC_IOC_MAGIC 'r'
 #define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)
 
-static const size_t kTimeoutSeconds = 5;
+namespace {
+
+const size_t kTimeoutSeconds = 5;
+const std::string kTrustyLogTag = "trusty-log";
+
+const time_t kInitialTime = time(nullptr);
+
+void PrintTrustyLog() {
+    auto logger_list = android_logger_list_open(LOG_ID_KERNEL, ANDROID_LOG_NONBLOCK, 1000, 0);
+    if (logger_list == nullptr) {
+        std::cerr << "Could not open android kernel log\n";
+        return;
+    }
+
+    while (true) {
+        log_msg log_msg;
+        int rc = android_logger_list_read(logger_list, &log_msg);
+        if (rc < 0) {
+            break;
+        }
+        if (log_msg.entry.sec < kInitialTime) {
+            continue;
+        }
+        char* msg = log_msg.msg();
+        if (msg) {
+            std::string line(msg, log_msg.entry.len);
+            if (line.find(kTrustyLogTag) != std::string::npos) {
+                std::cerr << line.substr(kTrustyLogTag.length() + 2) << std::endl;
+            }
+        }
+    }
+
+    android_logger_list_free(logger_list);
+}
+
+}  // namespace
 
 namespace android {
 namespace trusty {
@@ -104,6 +142,11 @@ Result<int> TrustyApp::GetRawFd() {
     return ta_fd_;
 }
 
+void Abort() {
+    PrintTrustyLog();
+    exit(-1);
+}
+
 }  // namespace fuzz
 }  // namespace trusty
 }  // namespace android
diff --git a/trusty/gatekeeper/fuzz/fuzz.cpp b/trusty/gatekeeper/fuzz/fuzz.cpp
index b1f643f94..f8ec93131 100644
--- a/trusty/gatekeeper/fuzz/fuzz.cpp
+++ b/trusty/gatekeeper/fuzz/fuzz.cpp
@@ -35,7 +35,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
      * If we can't connect, then assume TA crashed.
      * TODO: Get some more info, e.g. stacks, to help Haiku dedup crashes.
      */
-    assert(ret.ok());
+    if (!ret.ok()) {
+        android::trusty::fuzz::Abort();
+    }
 
     /* Send message to test server */
     ret = ta.Write(data, size);