gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/images/syzkaller/README.md (about) 1 syzkaller is an unsupervised coverage-guided kernel fuzzer. 2 3 * [Github](https://github.com/google/syzkaller) 4 * [gVisor dashboard](https://syzkaller.appspot.com/gvisor) 5 6 # How to run syzkaller. 7 8 First, we need to load a syzkaller docker image: 9 10 ```bash 11 make load-syzkaller 12 ``` 13 14 or we can rebuild it to use an up-to-date version of the master branch: 15 16 ```bash 17 make rebuild-syzkaller 18 ``` 19 20 Then we need to create a directory with all artifacts that we will need to run a 21 syzkaller. Then we will bind-mount this directory to a docker container. 22 23 We need to build runsc and place it on the artifact directory: 24 25 ```bash 26 make RUNTIME_DIR=/tmp/syzkaller refresh 27 ``` 28 29 The next step is to create a syzkaller config. We can copy the default one and 30 customize it: 31 32 ```bash 33 cp images/syzkaller/default-gvisor-config.cfg /tmp/syzkaller/syzkaller.cfg 34 ``` 35 36 Now we can start syzkaller in a docker container: 37 38 ```bash 39 docker run --privileged -it --rm \ 40 -v /tmp/syzkaller:/tmp/syzkaller \ 41 gvisor.dev/images/syzkaller:latest 42 ``` 43 44 All logs will be in /tmp/syzkaller/workdir. 45 46 # How to run a syz repro. 47 48 We need to repeat all preparation steps from the previous section and save a 49 syzkaller repro in /tmp/syzkaller/repro. 50 51 Now we can run syz-repro to reproduce a crash: 52 53 ```bash 54 docker run --privileged -it --rm -v \ 55 /tmp/syzkaller:/tmp/syzkaller --entrypoint="" \ 56 gvisor.dev/images/syzkaller:latest ./bin/syz-repro -config \ 57 /tmp/syzkaller/syzkaller.cfg /tmp/syzkaller/repro 58 ```