github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/tools/syz-diff/benchmark/run.sh

github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/tools/syz-diff/benchmark/run.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  # Copyright 2024 syzkaller project authors. All rights reserved.
     4  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     5  
     6  # The script assumes that there exist workdir_net and workdir_fs folders with networking and fs corpuses correspondingly.
     7  
     8  if [ "$#" -ne 3 ]; then
     9    echo "Usage: $0 <first_linux_repo> <second_linux_repo> <image_path>"
    10    exit 1
    11  fi
    12  
    13  BASE_KERNEL="$1"
    14  PATCHED_KERNEL="$2"
    15  IMAGE_PATH="$3"
    16  
    17  SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P)"
    18  BASE_DIR=$(dirname "$(dirname "$(dirname "$SCRIPT_DIR")")")
    19  
    20  KERNEL_CONFIG="$(mktemp)"
    21  wget -q -O "$KERNEL_CONFIG" 'https://raw.githubusercontent.com/google/syzkaller/master/dashboard/config/linux/upstream-apparmor-kasan.config'
    22  
    23  patch_config_file() {
    24    FILE="$1"
    25    KERNEL_PATH="$2"
    26    sed -i "s|%KERNEL%|$KERNEL_PATH|g" "$FILE"
    27    sed -i "s|%SYZKALLER%|$BASE_DIR|g" "$FILE"
    28    sed -i "s|%IMAGE%|$IMAGE_PATH|g" "$FILE"
    29  }
    30  
    31  run_experiment() {
    32    GUILTY_COMMIT="$1"
    33    TYPE="$2"
    34    TITLE="$3"
    35  
    36    PATCHED_CONFIG="$SCRIPT_DIR/patched_$TYPE.cfg"
    37    PATCHED_WORKDIR="$BASE_DIR/workdir_$TYPE"
    38  
    39    echo "--------"
    40    date
    41    echo "COMMIT: $GUILTY_COMMIT"
    42    echo "TITLE: $TITLE"
    43  
    44    echo "Building the base kernel"
    45    (
    46      cd "$BASE_KERNEL"
    47      git clean -fxfd
    48      git reset --hard "$GUILTY_COMMIT"
    49      git revert "$GUILTY_COMMIT" --no-edit
    50      cp "$KERNEL_CONFIG" .config
    51      make CC=clang LD=ld.lld olddefconfig
    52      make CC=clang LD=ld.lld -j32
    53    ) >/dev/null 2>&1
    54  
    55    echo "Building the patched kernel"
    56    (
    57      cd "$PATCHED_KERNEL"
    58      git clean -fxfd
    59      git reset --hard "$GUILTY_COMMIT"
    60      cp "$KERNEL_CONFIG" .config
    61      make CC=clang LD=ld.lld olddefconfig
    62      make CC=clang LD=ld.lld -j32
    63    ) >/dev/null 2>&1
    64  
    65    WORKDIR_NAME="experiment/$(date +"%Y-%m-%d_%H-%M-%S")_$GUILTY_COMMIT"
    66    mkdir -p "$WORKDIR_NAME"
    67    WORKDIR_PATH=$(realpath "$WORKDIR_NAME")
    68    echo "COMMIT: $GUILTY_COMMIT" > "$WORKDIR_PATH/description.txt"
    69    echo "TITLE: $TITLE" >> "$WORKDIR_PATH/description.txt"
    70    echo "WORKDIR: $WORKDIR_NAME"
    71    (
    72      cd "$BASE_KERNEL"
    73      git show "$GUILTY_COMMIT" > "$WORKDIR_PATH/patch.diff"
    74    )
    75    # Prepare syzkaller configs.
    76    cp base.cfg "$WORKDIR_PATH/"
    77    patch_config_file "$WORKDIR_PATH/base.cfg" "$BASE_KERNEL"
    78    cp "$PATCHED_CONFIG" "$WORKDIR_PATH/patched.cfg"
    79    patch_config_file "$WORKDIR_PATH/patched.cfg" "$PATCHED_KERNEL"
    80    rm -rf "$PATCHED_WORKDIR/crashes"
    81  
    82    (
    83      cd "$WORKDIR_PATH"
    84      timeout 3h "$BASE_DIR/bin/syz-diff" -base base.cfg -new patched.cfg -patch patch.diff -vv 1 2>&1 | tee "log.log" | grep "patched-only"
    85    )
    86    cp -r "$PATCHED_WORKDIR/crashes" "$WORKDIR_PATH"
    87  }
    88  
    89  run_experiment 17194be4c8e1 net "general protection fault in ethnl_phy_doit"
    90  run_experiment d18d3f0a24fc net "KASAN: slab-use-after-free Read in l2tp_tunnel_del_work"
    91  run_experiment 181a42edddf5 net "WARNING in hci_conn_del"
    92  run_experiment 401cb7dae813 net "stack segment fault in cpu_map_redirect"
    93  run_experiment 186b1ea73ad8 net "kernel BUG in dev_gro_receive"
    94  run_experiment af0cb3fa3f9e net "KASAN: slab-use-after-free Read in htab_map_alloc"
    95  run_experiment f7a8b10bfd61 net "WARNING in rdev_scan"
    96  run_experiment 948dbafc15da net "KASAN: global-out-of-bounds Read in __nla_validate_parse"
    97  run_experiment c3718936ec47 net "WARNING: suspicious RCU usage in in6_dump_addrs"
    98  
    99  run_experiment 94a69db2367e fs "possible deadlock in xfs_ilock"
   100  run_experiment 275dca4630c1 fs "KASAN: slab-use-after-free Read in kill_f2fs_super"
   101  run_experiment 16aac5ad1fa9 fs "general protection fault in ovl_encode_real_fh"
   102  run_experiment b5357cb268c4 fs "KASAN: slab-out-of-bounds Read in btrfs_qgroup_inherit"
   103  run_experiment 310ee0902b8d fs "WARNING in ext4_iomap_begin"
   104  run_experiment 744a56389f73 fs "WARNING in __fortify_report"
   105  run_experiment c3defd99d58c fs "divide error in ext4_mb_regular_allocator"
   106  run_experiment 11a347fb6cef fs "kernel BUG in iov_iter_revert"
   107  run_experiment 0586d0a89e77 fs "kernel BUG in btrfs_folio_end_all_writers"