syz-manager: add a smoke test

[a-nogikh]

One possible way:

• Add UML fuzzing support.
• Build a minimalistic UML kernel image and include it to the Docker image
  • defconfig with KCOV and DEBUG_DWARF4 gives a ~88MB vmlinux and linux files.
• Run fuzzing for 1(?) minute: then verify that coverage/signal/execution speed stats are reasonable.

[dvyukov]

Dup of #604?

[a-nogikh]

I'd say a sub-issue :)

[a-nogikh]

UML currently just crashes when compiled with defconfig + KCOV:

$ ./linux  --help
Segmentation fault

Theoretically we could also use qemu, though. But not sure how well we could integrate that into pre-submit CI tests.

[dvyukov]

We don't have UML support in syzkaller.

We run CI on our machines with our docker image, so theoretically we could use qemu there.

[a-nogikh]

We don't have UML support in syzkaller.

I know. But, if it's not too difficult to support it, it will be a lightweighter solution.

[tarasmadan]

UML support sounds like +1 dependency. Is it?
Do you mind to go infra as a code way? We can define some deployment/update scripts for syzbot project and use this smoke testing project as a pilot.

[a-nogikh]

A small qemu image:

$ git checkout v6.4
$ make CC=clang LD=ld.lld defconfig
$ ./scripts/config -d HID -d SOUND -d DRM -d USB -d WIRELESS -d NETFILTER -d NFS -d MEDIA_SUPPORT -d SECURITY_SELINUX -e KCOV -e KCOV_ENABLE_COMPARISONS
$ make CC=clang LD=ld.lld -j64

bzImage is ~12 MB.

qemu boot time (until login prompt) is ~3.8 seconds under KVM, 23 seconds without it.

qemu-system-x86_64   -m 2G   -smp 2,sockets=2,cores=1    -drive file=/tmp/buildroot-amd64,format=raw  -net nic,model=e1000 -accel tcg -nographic  -snapshot -machine pc-q35-7.1

The amd64 buildroot image is ~175MB with qcow2: It's 97MB if we also pass the -c flag.

qemu-img convert -f raw -O qcow2 /tmp/buildroot-amd64 buildroot.qcow2

[a-nogikh]

Without KCOV_ENABLE_COMPARISONS, non-KVM qemu boots in 13 seconds.

[dvyukov]

syz-manager now has smoke-test mode.