Date: Fri, 20 Oct 2017 14:17:16 +0200 From: Dmitry Vyukov <dvyukov@google.com> To: Julian Elischer <julian@elischer.org>, freebsd-hackers@freebsd.org, syzkaller <syzkaller@googlegroups.com> Subject: Re: syzkaller for freebsd Message-ID: <CACT4Y%2Bbmm40UXgPPePB75BBQ%2B3tBT2L7332gw7mrk8EtZUH6BQ@mail.gmail.com> In-Reply-To: <ba957493-dacb-f05e-d81a-5357448f180a@elischer.org> References: <CACT4Y%2Bak76pMDefZ9sz_pOSRiH1XPQ7Jvo%2BV6XwX394krqLg-A@mail.gmail.com> <ba957493-dacb-f05e-d81a-5357448f180a@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 20, 2017 at 7:24 AM, Julian Elischer <julian@elischer.org> wrote: > On 19/10/17 8:05 pm, Dmitry Vyukov via freebsd-hackers wrote: >> >> Hello, >> >> Our team works on kernel testing and in particular on syzkaller system >> call fuzzer (https://github.com/google/syzkaller). It started as >> Linux-only fuzzer and has found 1000+ bugs in Linux. But we started >> evolving towards supporting more OSes recently and added basic FreeBSD >> support. I see that FreeBSD https://wiki.freebsd.org/IdeasPage >> mentions syzkaller/KASAN, so I am reaching out to you share our >> progress and discuss potential collaboration. Our main focus will >> probably stay around Linux/Fuchsia and we don't have any experience >> around FreeBSD kernel (e.g. implementing code coverage support and >> even building). But if there is an active interest on FreeBSD >> community side, we are ready to collaborate. >> >> So, I was able to run syzkaller in full setup (including VM >> management, console output monitoring, etc) and outlined the process >> here: >> https://github.com/google/syzkaller/blob/master/docs/freebsd.md >> >> To warm up your interest, here is list of things I've found so far. >> This is with off-the-shelf FreeBSD-11.1-RELEASE-amd64.qcow2 image. >> >> panic: ffs_write: type 0xfffff80003eee760 8 (0,0) >> https://pastebin.com/raw/Xm80kYSz >> This one even comes with a C reproducer (which is surprising, because >> syzkaller currently only generates/builds reproducers for Linux, still >> it somehow run on FreeBSD and triggered the crash): >> https://pastebin.com/raw/EZe8thej >> >> Fatal trap 12: page fault in atrtc_settime >> https://pastebin.com/raw/pFzSgNff >> >> Fatal trap 12: page fault in bufdone >> https://pastebin.com/raw/amHtWwQS >> >> Fatal trap 12: page fault in sctp_sosend >> https://pastebin.com/raw/Zf2hYwi7 >> >> Fatal trap 12: page fault in vnet_pf_uninit >> https://pastebin.com/raw/0AiJJz7D >> >> Fatal trap 9: general protection fault in udp_close >> https://pastebin.com/raw/DzKYRkSm >> >> There was also a bunch of silent crashes/hangs >> https://pastebin.com/raw/gp5HDmHZ >> >> But lots of things for full FreeBSD support are still missing. I've >> sketched a list here: >> >> https://github.com/google/syzkaller/blob/master/docs/freebsd.md#missing-things >> >> Some are harder to do, some are easier to do. Just running it with a >> debug kernel build (with debug info and as many debug checks as >> possible) would probably be the simplest one. >> >> Thanks, >> Dmitry Vyukov >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > A quick thing to do would be to run the linux binary and therefore test our > linux API.. it feeds into the same backend, so it would already give a lot > of coverage. +mailing lists again Yes, it's mentioned here: https://github.com/google/syzkaller/blob/master/docs/freebsd.md#missing-things
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACT4Y%2Bbmm40UXgPPePB75BBQ%2B3tBT2L7332gw7mrk8EtZUH6BQ>