blob: f93897d31ba52bc37201168e0d972899d79031ea [file] [log] [blame]
# Copyright 2018 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# This script setups everything that's needed to run syzkaller
# using qemu on known working syzkaller/kernel revisions.
# Tested on Ubuntu 16.04 and Debian rolling. The script downloads a bunch
# of stuff, so make sure you have a good internet connection.
# But first ensure that you have KVM enabled in BIOS and in kernel,
# otherwise fuzzing will be very slow and lots of things will time out, see:
# If everything goes successfully, the script will start syz-manager
# that will start fuzzing Linux kernel. You should see periodic log lines
# of the following form:
# 2018/04/01 10:00:00 VMs 10, executed 50170, cover 42270, crashes 0, repro 0
# syz-manager web UI contains a summary of crashes:
# http://localhost:20000
# You can always abort syz-manager with Ctrl+C and start it again by running
# the last command of this script.
set -eux
export DIR=$PWD
export PATH=$DIR/go/bin:$PATH
export GOPATH=$DIR/gopath
export GOROOT=
export NVM=$(((`free -g | grep "Mem:" | awk '{print $2}'`-1)/3))
sudo apt-get install -y -q make git curl bison flex bc libssl-dev gcc g++ qemu-system-x86
curl | tar -xz
curl | tar -xz
curl | tar -xz
chmod 0600 wheezy.img.key
mkdir workdir
mv corpus.db workdir/
go get -d
(cd $GOPATH/src/; \
git checkout ad7d294798bac1b8da37cf303e44ade90689bb1c; \
make; \
git clone --branch v4.13 --single-branch --depth=1 \
curl > linux/.config
(cd linux; make -j32 CC=$DIR/gcc/bin/gcc)
cat <<'EOF' | sed "s#DIR#$DIR#g" | sed "s#NVM#$NVM#g" > config
"name": "demo",
"target": "linux/amd64",
"http": ":20000",
"workdir": "DIR/workdir",
"vmlinux": "DIR/linux/vmlinux",
"syzkaller": "DIR/gopath/src/",
"image": "DIR/wheezy.img",
"sshkey": "DIR/wheezy.img.key",
"sandbox": "none",
"procs": 8,
"type": "qemu",
"vm": {
"count": NVM,
"cpu": 4,
"mem": 2048,
"kernel": "DIR/linux/arch/x86/boot/bzImage"
gopath/src/ -config config