github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/images/syzkaller/README.md (about)

     1  syzkaller is an unsupervised coverage-guided kernel fuzzer.
     2  
     3  *   [Github](https://github.com/google/syzkaller)
     4  *   [gVisor dashboard](https://syzkaller.appspot.com/gvisor)
     5  
     6  # How to run syzkaller.
     7  
     8  First, we need to load a syzkaller docker image:
     9  
    10  ```bash
    11  make load-syzkaller
    12  ```
    13  
    14  or we can rebuild it to use an up-to-date version of the master branch:
    15  
    16  ```bash
    17  make rebuild-syzkaller
    18  ```
    19  
    20  Then we need to create a directory with all artifacts that we will need to run a
    21  syzkaller. Then we will bind-mount this directory to a docker container.
    22  
    23  We need to build runsc and place it on the artifact directory:
    24  
    25  ```bash
    26  make RUNTIME_DIR=/tmp/syzkaller refresh
    27  ```
    28  
    29  The next step is to create a syzkaller config. We can copy the default one and
    30  customize it:
    31  
    32  ```bash
    33  cp images/syzkaller/default-gvisor-config.cfg /tmp/syzkaller/syzkaller.cfg
    34  ```
    35  
    36  Now we can start syzkaller in a docker container:
    37  
    38  ```bash
    39  docker run --privileged -it --rm \
    40      -v /tmp/syzkaller:/tmp/syzkaller \
    41      gvisor.dev/images/syzkaller:latest
    42  ```
    43  
    44  All logs will be in /tmp/syzkaller/workdir.
    45  
    46  # How to run a syz repro.
    47  
    48  We need to repeat all preparation steps from the previous section and save a
    49  syzkaller repro in /tmp/syzkaller/repro.
    50  
    51  Now we can run syz-repro to reproduce a crash:
    52  
    53  ```bash
    54  docker run --privileged -it --rm -v \
    55      /tmp/syzkaller:/tmp/syzkaller --entrypoint="" \
    56      gvisor.dev/images/syzkaller:latest ./bin/syz-repro -config \
    57      /tmp/syzkaller/syzkaller.cfg /tmp/syzkaller/repro
    58  ```