This is an announcement of the first release of the Berserker toolkit for (semi-)automated fuzz testing and testcase minimization of Linux kernel filesystem implementations. The toolkit consists of the following components and their documentation: * Debian sid (unstable) based root filesystem image with scripts inside and set to run automatically that will test filesystems based on kernel commandline parameters, intended to be run inside a virtual machine (KVM); a 32-bit x86 system * berserker-testfs.py, a script to automate running fuzz tests inside KVM on a filesystem image (simply give as parameters the filesystem type, a working filesystem image and a kernel bzImage - see --help). This script takes care of running KVM and interpreting the output. Its return values make it suitable for using in "git bisect run". By default the VM will fuzz and run until it has produced a crash. * berserker-minimize.sh (and fuzz-minimize used by it), a program to derive a crash-inducing test case with minimal differences to a pristine filesystem image by repeatedly automatically running berserker-testfs.py on different images. Takes as input the kernel image to use, a pristine filesystem image and a fuzzed filesystem image that causes the kernel to crash. To get the source: git clone http://www.niksula.hut.fi/~sliedes/berserker/berserker.git The repository contains a script (download-binaries.sh) that downloads some files (*at least until my university gets unhappy with the bandwidth used): * the root filesystem (hda.autotest; 112 MiB compressed, 501 MiB uncompressed); and for quick start * a vanilla 3.3.4 bzImage for amd64 suitable for use with the system (config file included in the git repository) * testimg.ext4, a 10 MiB ext4 filesystem with the required layout (described in more detail in the README file) The actual fuzzer used is zzuf (Debian package zzuf) by Sam Hocevar. I believe it is similar in spirit to fsfuzzer which appears to be more familiar to the kernel community; zzuf was chosen because I was more familiar with it and because it was packaged for Debian. Two examples of (what appears to be) ext4 bugs found with this toolkit, both reproducible with a 1-bit difference to a pristine filesystem: http://www.spinics.net/lists/linux-ext4/msg31850.html (sorry, by mistake the subject doesn't quite reflect the bug...) http://www.spinics.net/lists/linux-ext4/msg31853.html See the included README file for a very quick introduction and some more detailed documentation. Sami Liedes
Attachment:
signature.asc
Description: Digital signature
