Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add syzkaller testcase #1691

Open
wants to merge 1 commit into
base: master
from

Conversation

@sathnaga
Copy link
Member

commented Mar 19, 2019

This adds a syzkaller fuzzing testcase for powerpc
and it does the below steps
1. Install/Setup syzkaller in host
2. Setup Guest for passwordless ssh from host
3. Prepare and compile Guest kernel
4. Prepare syzkaller config with qemu params and guest params
5. Start sykaller with above config and run for specified time(test_timeout)
6. Test fails out incase of any host issues

More details about syzkaller can be found here https://github.com/google/syzkaller

Signed-off-by: Satheesh Rajendran sathnaga@linux.vnet.ibm.com

@sathnaga

This comment has been minimized.

Copy link
Member Author

commented Mar 19, 2019

# avocado run syzkaller --vt-type libvirt --vt-extra-params create_vm_libvirt=yes kill_vm_libvirt=yes env_cleanup=yes mem=20480 smp=2 take_regular_screendumps=no backup_image_before_testing=no libvirt_controller=virtio-scsi scsi_hba=virtio-scsi-pci drive_format=scsi-hd use_os_variant=no restore_image_after_testing=no vga=none display=nographic --vt-guest-os JeOS.27.ppc64le
JOB ID     : 64f785b526808b8de31d45914fe219a8a2942506
JOB LOG    : /home/sath/avocado-fvt-wrapper/results/job-2019-03-18T22.45-64f785b/job.log
 (1/1) powerkvm-qemu.syzkaller.power: PASS (1998.03 s)
RESULTS    : PASS 1 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0
JOB TIME   : 2004.29 s

@sathnaga sathnaga force-pushed the sathnaga:syzkaller branch from 548931a to 17ff2bc Mar 25, 2019

Add syzkaller testcase
This adds a syzkaller fuzzing testcase for powerpc
and it does the below steps
    1. Install/Setup syzkaller in host
    2. Setup Guest for passwordless ssh from host
    3. Prepare and compile Guest kernel
    4. Prepare syzkaller config with qemu params and guest params
    5. Start sykaller with above config and run for specified time(test_timeout)
    6. Test fails out incase of any host issues

More details about syzkaller can be found here https://github.com/google/syzkaller

Signed-off-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>

@sathnaga sathnaga force-pushed the sathnaga:syzkaller branch from 17ff2bc to 34923a4 Mar 25, 2019

@zhenyzha

This comment has been minimized.

Copy link

commented Jul 1, 2019

Tested "syzkaller" on Power8 RHEL.7.7 guest,fail.
Host_RHEL.m7.u6.qcow2.virtio_scsi.up.virtio_net.Guest.RHEL.7.7.ppc64le.io-github-autotest-qemu.syzkaller.power: ERROR: Command 'cd /root/go/src/github.com/google/syzkaller;make' failed

ERROR| CmdError: Command 'cd /root/go/src/github.com/google/syzkaller;make' failed.
stdout: 'export BUILDOS=linux\nexport NATIVEBUILDOS=linux\nexport HOSTOS=linux\nexport HOSTARCH=ppc64le\nexport TARGETOS=linux\nexport TARGETARCH=ppc64le\nexport TARGETVMARCH=ppc64le\nexport CC=gcc\nexport ADDCFLAGS=-O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=8192 -D__powerpc64__\nexport NCORES=10\nexport EXE=\nexport NATIVEBUILDOS=linux\n\nGOOS=linux GOARCH=ppc64le go install ./syz-manager\nGOOS=linux GOARCH=ppc64le go install ./syz-fuzzer\nmake fuzzer execprog stress executor\nexport BUILDOS=linux\nexport NATIVEBUILDOS=linux\nexport HOSTOS=linux\nexport HOSTARCH=ppc64le\nexport TARGETOS=linux\nexport TARGETARCH=ppc64le\nexport TARGETVMARCH=ppc64le\nexport CC=gcc\nexport ADDCFLAGS=-O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=8192 -D__powerpc64__\nexport NCORES=10\nexport EXE=\nexport NATIVEBUILDOS=linux\n\nmake[1]: Entering directory /root/go/src/github.com/google/syzkaller\'\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X \'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200\'" "-tags=syz_target syz_os_linux syz_arch_ppc64le " -o ./bin/linux_ppc64le/syz-fuzzer github.com/google/syzkaller/syz-fuzzer\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X \'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200\'" "-tags=syz_target syz_os_linux syz_arch_ppc64le " -o ./bin/linux_ppc64le/syz-execprog github.com/google/syzkaller/tools/syz-execprog\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X \'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200\'" "-tags=syz_target syz_os_linux syz_arch_ppc64le " -o ./bin/linux_ppc64le/syz-stress github.com/google/syzkaller/tools/syz-stress\nmkdir -p ./bin/linux_ppc64le\ngcc -o ./bin/linux_ppc64le/syz-executor executor/executor.cc \\\n\t-O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=8192 -D__powerpc64__ -DGOOS_linux=1 -DGOARCH_ppc64le=1 \\\n\t-DHOSTGOOS_linux=1 -DGIT_REVISION=\\"699d6448c8e087ef95dbe7d3fa79ef20bcf833b5\\"\nmake manager runtest repro mutate prog2c db upgrade\nexport BUILDOS=linux\nexport NATIVEBUILDOS=linux\nexport HOSTOS=linux\nexport HOSTARCH=ppc64le\nexport TARGETOS=linux\nexport TARGETARCH=ppc64le\nexport TARGETVMARCH=ppc64le\nexport CC=gcc\nexport ADDCFLAGS=-O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=8192 -D__powerpc64__\nexport NCORES=10\nexport EXE=\nexport NATIVEBUILDOS=linux\n\nmake[1]: Entering directory /root/go/src/github.com/google/syzkaller'\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X 'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200'" -o ./bin/syz-manager github.com/google/syzkaller/syz-manager\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X 'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200'" -o ./bin/syz-runtest github.com/google/syzkaller/tools/syz-runtest\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X 'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200'" -o ./bin/syz-repro github.com/google/syzkaller/tools/syz-repro\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X 'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200'" -o ./bin/syz-mutate github.com/google/syzkaller/tools/syz-mutate\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X 'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200'" -o ./bin/syz-prog2c github.com/google/syzkaller/tools/syz-prog2c\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X 'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200'" -o ./bin/syz-db github.com/google/syzkaller/tools/syz-db\nGOOS=linux GOARCH=ppc64le go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=699d6448c8e087ef95dbe7d3fa79ef20bcf833b5 -X 'github.com/google/syzkaller/sys.gitRevisionDate=Sat Jun 29 23:26:06 2019 +0200'" -o ./bin/syz-upgrade github.com/google/syzkaller/tools/syz-upgrade\nmake[1]: Leaving directory /root/go/src/github.com/google/syzkaller\'\nmake[1]: Leaving directory /root/go/src/github.com/google/syzkaller'\n'
stderr: "make[1]: warning: -jN forced in submake: disabling jobserver mode.\nIn file included from executor/common.h:391:0,\n from executor/executor.cc:136:\nexecutor/common_linux.h: In function 'void netlink_add_hsr(int, const char*, const char*, const char*)':\nexecutor/common_linux.h:229:15: error: 'IFLA_HSR_SLAVE1' was not declared in this scope\n netlink_attr(IFLA_HSR_SLAVE1, &ifindex1, sizeof(ifindex1));\n ^\nexecutor/common_linux.h:231:15: error: 'IFLA_HSR_SLAVE2' was not declared in this scope\n netlink_attr(IFLA_HSR_SLAVE2, &ifindex2, sizeof(ifindex2));\n ^\nmake[1]: *** [executor] Error 1\nmake[1]: *** Waiting for unfinished jobs....\nmake[1]: warning: -jN forced in submake: disabling jobserver mode.\nmake: *** [target] Error 2\nmake: *** Waiting for unfinished jobs....\n"
additional_info: None

@sathnaga

This comment has been minimized.

Copy link
Member Author

commented Jul 1, 2019

@zhenyzha Thanks for trying to run, from the error seems, syzkaller compilation itself is failing,
can you pls check manually to compile and figure out what/where is going wrong?

@zhenyzha

This comment has been minimized.

Copy link

commented Jul 1, 2019

@sathnaga OK I will try.

@sathnaga

This comment has been minimized.

Copy link
Member Author

commented Jul 1, 2019

@zhenyzha just tried to install golang package in rhel7.7, not available in the repo's in iso.
I did use fedora guest where golang and other dependency package was not an issue, probably you could try with that, anyways the guest kernel is going to be compiled from upstream.

@zhenyzha

This comment has been minimized.

Copy link

commented Jul 2, 2019

@sathnaga Thank you for your reply
I just tried to install golang package in rhel8.1.0,not available in the repo's in iso too.
This is already the latest iso in our test range.
So it seems that our test will not use this patch.
I will continue to pay attention to it in later versions.Thank you again for your reply.

Tested "syzkaller" on Power9 RHEL.8.1.0 guest,fail.
avocado.utils.process.CmdError: Command 'cd /root/avocado/job-results/job-2019-07-02T02.56-e99eff1/test-results/3-Host_RHEL.m8.u1.qcow2.virtio_scsi.up.virtio_net.Guest.RHEL.8.1.0.ppc64le.io-github-autotest-qemu.syzkaller.power/linux;git log -1;make ppc64le_guest_defconfig' failed.
stdout: b"commit ee50de7ff4f0fe4e7b0fc457fed650fc2c138f01\nAuthor: Michael Ellerman mpe@ellerman.id.au\nDate: Fri Jun 28 12:04:51 2019 +1000\n\n Automatic merge of branches 'master', 'next' and 'fixes' into merge\nUsing ./arch/powerpc/configs/ppc64_defconfig as base\nMerging ./arch/powerpc/configs/le.config\nMerging ./arch/powerpc/configs/guest.config\nValue of CONFIG_VIRTIO_BLK is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_BLK=m\nNew value: CONFIG_VIRTIO_BLK=y\n\nValue of CONFIG_SCSI_VIRTIO is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_SCSI_VIRTIO=m\nNew value: CONFIG_SCSI_VIRTIO=y\n\nValue of CONFIG_VIRTIO_NET is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_NET=m\nNew value: CONFIG_VIRTIO_NET=y\n\nValue of CONFIG_VIRTIO_CONSOLE is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_CONSOLE=m\nNew value: CONFIG_VIRTIO_CONSOLE=y\n\nValue of CONFIG_VIRTIO_PCI is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_PCI=m\nNew value: CONFIG_VIRTIO_PCI=y\n\nValue of CONFIG_VIRTIO_BALLOON is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_BALLOON=m\nNew value: CONFIG_VIRTIO_BALLOON=y\n\nValue of CONFIG_VHOST_NET is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VHOST_NET=m\nNew value: CONFIG_VHOST_NET=y\n\n#\n# merged configuration written to .config (needs make)\n#\n HOSTCC scripts/basic/fixdep\n HOSTCC scripts/kconfig/conf.o\n HOSTCC scripts/kconfig/confdata.o\n HOSTCC scripts/kconfig/expr.o\n LEX scripts/kconfig/lexer.lex.c\n"
stderr: b'/bin/sh: flex: command not found\nmake[2]: *** [scripts/Makefile.lib:184: scripts/kconfig/lexer.lex.c] Error 127\nmake[1]: *** [Makefile:557: olddefconfig] Error 2\nmake: *** [arch/powerpc/Makefile:324: ppc64le_guest_defconfig] Error 2\n'
additional_info: None

@sathnaga

This comment has been minimized.

Copy link
Member Author

commented Jul 2, 2019

@sathnaga Thank you for your reply
I just tried to install golang package in rhel8.1.0,not available in the repo's in iso too.
This is already the latest iso in our test range.
So it seems that our test will not use this patch.
I will continue to pay attention to it in later versions.Thank you again for your reply.

Tested "syzkaller" on Power9 RHEL.8.1.0 guest,fail.
avocado.utils.process.CmdError: Command 'cd /root/avocado/job-results/job-2019-07-02T02.56-e99eff1/test-results/3-Host_RHEL.m8.u1.qcow2.virtio_scsi.up.virtio_net.Guest.RHEL.8.1.0.ppc64le.io-github-autotest-qemu.syzkaller.power/linux;git log -1;make ppc64le_guest_defconfig' failed.
stdout: b"commit ee50de7ff4f0fe4e7b0fc457fed650fc2c138f01\nAuthor: Michael Ellerman mpe@ellerman.id.au\nDate: Fri Jun 28 12:04:51 2019 +1000\n\n Automatic merge of branches 'master', 'next' and 'fixes' into merge\nUsing ./arch/powerpc/configs/ppc64_defconfig as base\nMerging ./arch/powerpc/configs/le.config\nMerging ./arch/powerpc/configs/guest.config\nValue of CONFIG_VIRTIO_BLK is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_BLK=m\nNew value: CONFIG_VIRTIO_BLK=y\n\nValue of CONFIG_SCSI_VIRTIO is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_SCSI_VIRTIO=m\nNew value: CONFIG_SCSI_VIRTIO=y\n\nValue of CONFIG_VIRTIO_NET is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_NET=m\nNew value: CONFIG_VIRTIO_NET=y\n\nValue of CONFIG_VIRTIO_CONSOLE is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_CONSOLE=m\nNew value: CONFIG_VIRTIO_CONSOLE=y\n\nValue of CONFIG_VIRTIO_PCI is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_PCI=m\nNew value: CONFIG_VIRTIO_PCI=y\n\nValue of CONFIG_VIRTIO_BALLOON is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VIRTIO_BALLOON=m\nNew value: CONFIG_VIRTIO_BALLOON=y\n\nValue of CONFIG_VHOST_NET is redefined by fragment ./arch/powerpc/configs/guest.config:\nPrevious value: CONFIG_VHOST_NET=m\nNew value: CONFIG_VHOST_NET=y\n\n#\n# merged configuration written to .config (needs make)\n#\n HOSTCC scripts/basic/fixdep\n HOSTCC scripts/kconfig/conf.o\n HOSTCC scripts/kconfig/confdata.o\n HOSTCC scripts/kconfig/expr.o\n LEX scripts/kconfig/lexer.lex.c\n"
stderr: b'/bin/sh: flex: command not found\nmake[2]: *** [scripts/Makefile.lib:184: scripts/kconfig/lexer.lex.c] Error 127\nmake[1]: *** [Makefile:557: olddefconfig] Error 2\nmake: *** [arch/powerpc/Makefile:324: ppc64le_guest_defconfig] Error 2\n'
additional_info: None

Sure, this is mostly helpful for upstream test environment, Thanks for trying :-)
you can refer my blog on same, https://sathnaga86.com/2019/03/19/run-syzkaller-using-avocado-and-op-test.html

@PaulYuuu

This comment has been minimized.

Copy link
Contributor

commented Jul 3, 2019

@zhenyzha just tried to install golang package in rhel7.7, not available in the repo's in iso.

Maybe you need to install it from epel repository.

I did use fedora guest where golang and other dependency package was not an issue, probably you could try with that, anyways the guest kernel is going to be compiled from upstream.

error log:

In file included from executor/common.h:391:0,
                 from executor/executor.cc:136:
executor/common_linux.h: In function ‘void netlink_add_hsr(int, const char*, const char*, const char*)’:
executor/common_linux.h:229:15: error: ‘IFLA_HSR_SLAVE1’ was not declared in this scope
  netlink_attr(IFLA_HSR_SLAVE1, &ifindex1, sizeof(ifindex1));
               ^
executor/common_linux.h:231:15: error: ‘IFLA_HSR_SLAVE2’ was not declared in this scope
  netlink_attr(IFLA_HSR_SLAVE2, &ifindex2, sizeof(ifindex2));

stderr: b'/bin/sh: flex: command not found\nmake[2]: *** [scripts/Makefile.lib:184: scripts/kconfig/lexer.lex.c] Error 127\nmake[1]: *** [Makefile:557: olddefconfig] Error 2\nmake: *** [arch/powerpc/Makefile:324: ppc64le_guest_defconfig] Error 2\n'

Need to install flex at first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.