github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/setup.md (about) 1 # How to set up syzkaller 2 3 Generic setup instructions for fuzzing Linux kernel are outlined [here](linux/setup.md). 4 5 For other kernels see: 6 [FreeBSD](freebsd/README.md), 7 [Darwin/XNU](darwin/README.md), 8 [Fuchsia](fuchsia/README.md), 9 [NetBSD](netbsd/README.md), 10 [OpenBSD](openbsd/setup.md), 11 [Windows](windows/README.md). 12 13 After following these instructions you should be able to run `syz-manager`, see it executing programs, and be able to access statistics exposed at `http://127.0.0.1:56741` (or whatever address you've specified in the manager config). 14 If everything is working properly, a typical execution log would look like: 15 16 ``` 17 $ ./bin/syz-manager -config=my.cfg 18 2017/06/14 16:39:05 loading corpus... 19 2017/06/14 16:39:05 loaded 0 programs (0 total, 0 deleted) 20 2017/06/14 16:39:05 serving http on http://127.0.0.1:56741 21 2017/06/14 16:39:05 serving rpc on tcp://127.0.0.1:34918 22 2017/06/14 16:39:05 booting test machines... 23 2017/06/14 16:39:05 wait for the connection from test machine... 24 2017/06/14 16:39:59 received first connection from test machine vm-9 25 2017/06/14 16:40:05 executed 293, cover 43260, crashes 0, repro 0 26 2017/06/14 16:40:15 executed 5992, cover 88463, crashes 0, repro 0 27 2017/06/14 16:40:25 executed 10959, cover 116991, crashes 0, repro 0 28 2017/06/14 16:40:35 executed 15504, cover 132403, crashes 0, repro 0 29 ``` 30 31 At this point it's important to ensure that syzkaller is able to collect code coverage of the executed programs 32 (unless you specified `"cover": false` in the config or coverage is not yet supported for the kernel you're fuzzing). 33 The `cover` counter on the web page should be non zero. 34 35 More information on the configuration file format is available [here](configuration.md). 36 37 See [this page](troubleshooting.md) for troubleshooting tips.