syzkaller for freebsd
Dmitry Vyukov
dvyukov at google.com
Sat Oct 21 07:13:38 UTC 2017
On Fri, Oct 20, 2017 at 9:55 PM, Joe Nosay <superbisquit at gmail.com> wrote:
> Have any of you tried this on other CPU architectures - RISC, et al?
Other architectures are not supported yet. So, no.
The most profitable would be 386 because it will trigger 32-bit entry
points. Based on other experience with Linux, amd64/armd64/ppc64 does
not make lots of difference (except virtualization support, which is
not supported for freebsd anyway).
> On Fri, Oct 20, 2017 at 8:17 AM, Dmitry Vyukov via freebsd-hackers
> <freebsd-hackers at freebsd.org> wrote:
>>
>> On Fri, Oct 20, 2017 at 7:24 AM, Julian Elischer <julian at elischer.org>
>> wrote:
>> > On 19/10/17 8:05 pm, Dmitry Vyukov via freebsd-hackers wrote:
>> >>
>> >> Hello,
>> >>
>> >> Our team works on kernel testing and in particular on syzkaller system
>> >> call fuzzer (https://github.com/google/syzkaller). It started as
>> >> Linux-only fuzzer and has found 1000+ bugs in Linux. But we started
>> >> evolving towards supporting more OSes recently and added basic FreeBSD
>> >> support. I see that FreeBSD https://wiki.freebsd.org/IdeasPage
>> >> mentions syzkaller/KASAN, so I am reaching out to you share our
>> >> progress and discuss potential collaboration. Our main focus will
>> >> probably stay around Linux/Fuchsia and we don't have any experience
>> >> around FreeBSD kernel (e.g. implementing code coverage support and
>> >> even building). But if there is an active interest on FreeBSD
>> >> community side, we are ready to collaborate.
>> >>
>> >> So, I was able to run syzkaller in full setup (including VM
>> >> management, console output monitoring, etc) and outlined the process
>> >> here:
>> >> https://github.com/google/syzkaller/blob/master/docs/freebsd.md
>> >>
>> >> To warm up your interest, here is list of things I've found so far.
>> >> This is with off-the-shelf FreeBSD-11.1-RELEASE-amd64.qcow2 image.
>> >>
>> >> panic: ffs_write: type 0xfffff80003eee760 8 (0,0)
>> >> https://pastebin.com/raw/Xm80kYSz
>> >> This one even comes with a C reproducer (which is surprising, because
>> >> syzkaller currently only generates/builds reproducers for Linux, still
>> >> it somehow run on FreeBSD and triggered the crash):
>> >> https://pastebin.com/raw/EZe8thej
>> >>
>> >> Fatal trap 12: page fault in atrtc_settime
>> >> https://pastebin.com/raw/pFzSgNff
>> >>
>> >> Fatal trap 12: page fault in bufdone
>> >> https://pastebin.com/raw/amHtWwQS
>> >>
>> >> Fatal trap 12: page fault in sctp_sosend
>> >> https://pastebin.com/raw/Zf2hYwi7
>> >>
>> >> Fatal trap 12: page fault in vnet_pf_uninit
>> >> https://pastebin.com/raw/0AiJJz7D
>> >>
>> >> Fatal trap 9: general protection fault in udp_close
>> >> https://pastebin.com/raw/DzKYRkSm
>> >>
>> >> There was also a bunch of silent crashes/hangs
>> >> https://pastebin.com/raw/gp5HDmHZ
>> >>
>> >> But lots of things for full FreeBSD support are still missing. I've
>> >> sketched a list here:
>> >>
>> >>
>> >> https://github.com/google/syzkaller/blob/master/docs/freebsd.md#missing-things
>> >>
>> >> Some are harder to do, some are easier to do. Just running it with a
>> >> debug kernel build (with debug info and as many debug checks as
>> >> possible) would probably be the simplest one.
>> >>
>> >> Thanks,
>> >> Dmitry Vyukov
>> >> _______________________________________________
>> >> freebsd-hackers at freebsd.org mailing list
>> >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> >> To unsubscribe, send any mail to
>> >> "freebsd-hackers-unsubscribe at freebsd.org"
>> >
>> >
>> > A quick thing to do would be to run the linux binary and therefore test
>> > our
>> > linux API.. it feeds into the same backend, so it would already give a
>> > lot
>> > of coverage.
>>
>> +mailing lists again
>>
>> Yes, it's mentioned here:
>>
>> https://github.com/google/syzkaller/blob/master/docs/freebsd.md#missing-things
>> _______________________________________________
>> freebsd-hackers at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
>
More information about the freebsd-hackers
mailing list