From owner-freebsd-hackers@freebsd.org  Sat Oct 21 07:13:38 2017
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D368FE4F8CD
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Sat, 21 Oct 2017 07:13:38 +0000 (UTC)
 (envelope-from dvyukov@google.com)
Received: from mail-io0-x242.google.com (mail-io0-x242.google.com
 [IPv6:2607:f8b0:4001:c06::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A28F276711
 for <freebsd-hackers@freebsd.org>; Sat, 21 Oct 2017 07:13:38 +0000 (UTC)
 (envelope-from dvyukov@google.com)
Received: by mail-io0-x242.google.com with SMTP id f20so15373012ioj.9
 for <freebsd-hackers@freebsd.org>; Sat, 21 Oct 2017 00:13:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=zrkdGjmbWn/23xsdC4opiNA6jzQt6+yLwtFkFPI45Vg=;
 b=FnAyOSnfrLio8s58qxu+meInSr45+78jV1x6xTNQed6fhY8swzZuKwXRNuuP8A19+p
 vCRPVUnU6FrErNHNFKpco7JfiwTT/NaPxQK+5m1bNq3DcNsSv/MKSCNDM6LGwxgcfKrK
 zO1y3LJ6NILkTKhqA0S4qkLmD8/yrBJ6pwUFsWWha7BTDUz1CO0rZLbAbh9X1H/ztozX
 KBdA1anooerkGUkLDew64huEM1WfDcDbsdIKQ67eQD9MHuOi/olLm0zz8sSRmq7b214J
 Zla91qUCP4BzDHXz5APIGD6eJPwCGMhhonyfqX+Tha4vNjs5E95qA8PBtB7S+XYp6Imh
 eXNg==
X-Gm-Message-State: AMCzsaVETBLJL/CwAJ2+VHrxKCnnYgzHcTp5TSFLmVE92te7KTwRUWAj
 PBgSrWo0Cwiu9N0a6zybEgX3XOWLTrbSsPr5OJ6vLg==
X-Google-Smtp-Source: ABhQp+Q+cOkZknwJ59dgSJQjSR4t624VoJak4JXX4OWesaYAWWgIa3+UKixB1eOJM6BlcGu9lzgDyxO4FCu1fHrCayM=
X-Received: by 10.107.10.157 with SMTP id 29mr9408981iok.285.1508570017563;
 Sat, 21 Oct 2017 00:13:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.155.231 with HTTP; Sat, 21 Oct 2017 00:13:17 -0700 (PDT)
In-Reply-To: <CA+WntOvEAPh=aB2FKQF8M6=1JrTiiatMveTE=BwA_UktWnon+g@mail.gmail.com>
References: <CACT4Y+ak76pMDefZ9sz_pOSRiH1XPQ7Jvo+V6XwX394krqLg-A@mail.gmail.com>
 <ba957493-dacb-f05e-d81a-5357448f180a@elischer.org>
 <CACT4Y+bmm40UXgPPePB75BBQ+3tBT2L7332gw7mrk8EtZUH6BQ@mail.gmail.com>
 <CA+WntOvEAPh=aB2FKQF8M6=1JrTiiatMveTE=BwA_UktWnon+g@mail.gmail.com>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Sat, 21 Oct 2017 09:13:17 +0200
Message-ID: <CACT4Y+Z-8QVjcHd2WH=rH9D0wvaHQefv0H8KysmbCokcEcodMQ@mail.gmail.com>
Subject: Re: syzkaller for freebsd
To: Joe Nosay <superbisquit@gmail.com>
Cc: Julian Elischer <julian@elischer.org>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>, 
 syzkaller <syzkaller@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailman-Approved-At: Sat, 21 Oct 2017 10:48:36 +0000
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Oct 2017 07:13:38 -0000

On Fri, Oct 20, 2017 at 9:55 PM, Joe Nosay <superbisquit@gmail.com> wrote:
> Have any of you tried this on other CPU architectures - RISC, et al?

Other architectures are not supported yet. So, no.

The most profitable would be 386 because it will trigger 32-bit entry
points. Based on other experience with Linux, amd64/armd64/ppc64 does
not make lots of difference (except virtualization support, which is
not supported for freebsd anyway).


> On Fri, Oct 20, 2017 at 8:17 AM, Dmitry Vyukov via freebsd-hackers
> <freebsd-hackers@freebsd.org> wrote:
>>
>> On Fri, Oct 20, 2017 at 7:24 AM, Julian Elischer <julian@elischer.org>
>> wrote:
>> > On 19/10/17 8:05 pm, Dmitry Vyukov via freebsd-hackers wrote:
>> >>
>> >> Hello,
>> >>
>> >> Our team works on kernel testing and in particular on syzkaller system
>> >> call fuzzer (https://github.com/google/syzkaller). It started as
>> >> Linux-only fuzzer and has found 1000+ bugs in Linux. But we started
>> >> evolving towards supporting more OSes recently and added basic FreeBSD
>> >> support. I see that FreeBSD https://wiki.freebsd.org/IdeasPage
>> >> mentions syzkaller/KASAN, so I am reaching out to you share our
>> >> progress and discuss potential collaboration. Our main focus will
>> >> probably stay around Linux/Fuchsia and we don't have any experience
>> >> around FreeBSD kernel (e.g. implementing code coverage support and
>> >> even building). But if there is an active interest on FreeBSD
>> >> community side, we are ready to collaborate.
>> >>
>> >> So, I was able to run syzkaller in full setup (including VM
>> >> management, console output monitoring, etc) and outlined the process
>> >> here:
>> >> https://github.com/google/syzkaller/blob/master/docs/freebsd.md
>> >>
>> >> To warm up your interest, here is list of things I've found so far.
>> >> This is with off-the-shelf FreeBSD-11.1-RELEASE-amd64.qcow2 image.
>> >>
>> >> panic: ffs_write: type 0xfffff80003eee760 8 (0,0)
>> >> https://pastebin.com/raw/Xm80kYSz
>> >> This one even comes with a C reproducer (which is surprising, because
>> >> syzkaller currently only generates/builds reproducers for Linux, still
>> >> it somehow run on FreeBSD and triggered the crash):
>> >> https://pastebin.com/raw/EZe8thej
>> >>
>> >> Fatal trap 12: page fault in atrtc_settime
>> >> https://pastebin.com/raw/pFzSgNff
>> >>
>> >> Fatal trap 12: page fault in bufdone
>> >> https://pastebin.com/raw/amHtWwQS
>> >>
>> >> Fatal trap 12: page fault in sctp_sosend
>> >> https://pastebin.com/raw/Zf2hYwi7
>> >>
>> >> Fatal trap 12: page fault in vnet_pf_uninit
>> >> https://pastebin.com/raw/0AiJJz7D
>> >>
>> >> Fatal trap 9: general protection fault in udp_close
>> >> https://pastebin.com/raw/DzKYRkSm
>> >>
>> >> There was also a bunch of silent crashes/hangs
>> >> https://pastebin.com/raw/gp5HDmHZ
>> >>
>> >> But lots of things for full FreeBSD support are still missing. I've
>> >> sketched a list here:
>> >>
>> >>
>> >> https://github.com/google/syzkaller/blob/master/docs/freebsd.md#missing-things
>> >>
>> >> Some are harder to do, some are easier to do. Just running it with a
>> >> debug kernel build (with debug info and as many debug checks as
>> >> possible) would probably be the simplest one.
>> >>
>> >> Thanks,
>> >> Dmitry Vyukov
>> >> _______________________________________________
>> >> freebsd-hackers@freebsd.org mailing list
>> >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> >> To unsubscribe, send any mail to
>> >> "freebsd-hackers-unsubscribe@freebsd.org"
>> >
>> >
>> > A quick thing to do would be to run the linux binary and therefore test
>> > our
>> > linux API..  it feeds into the same backend, so it would already give a
>> > lot
>> > of coverage.
>>
>> +mailing lists again
>>
>> Yes, it's mentioned here:
>>
>> https://github.com/google/syzkaller/blob/master/docs/freebsd.md#missing-things
>> _______________________________________________
>> freebsd-hackers@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
>