Home | History | Annotate | Download | only in tools 
      1 #!/bin/bash
      2 # Copyright 2018 syzkaller project authors. All rights reserved.
      3 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
      4 
      5 # This script setups everything that's needed to run syzkaller
      6 # using qemu on known working syzkaller/kernel revisions.
      7 # Tested on Ubuntu 16.04 and Debian rolling. The script downloads a bunch
      8 # of stuff, so make sure you have a good internet connection.
      9 # But first ensure that you have KVM enabled in BIOS and in kernel,
     10 # otherwise fuzzing will be very slow and lots of things will time out, see:
     11 # https://help.ubuntu.com/community/KVM/Installation
     12 # https://www.linux-kvm.org/page/FAQ
     13 # If everything goes successfully, the script will start syz-manager
     14 # that will start fuzzing Linux kernel. You should see periodic log lines
     15 # of the following form:
     16 # 2018/04/01 10:00:00 VMs 10, executed 50170, cover 42270, crashes 0, repro 0
     17 # syz-manager web UI contains a summary of crashes:
     18 # http://localhost:20000
     19 # You can always abort syz-manager with Ctrl+C and start it again by running
     20 # the last command of this script.
     21 
     22 set -eux
     23 
     24 export DIR=$PWD
     25 export PATH=$DIR/go/bin:$PATH
     26 export GOPATH=$DIR/gopath
     27 export GOROOT=
     28 export NVM=$(((`free -g | grep "Mem:" | awk '{print $2}'`-1)/3))
     29 
     30 sudo apt-get install -y -q make git curl bison flex bc libssl-dev gcc g++ qemu-system-x86
     31 
     32 curl https://dl.google.com/go/go1.10.1.linux-amd64.tar.gz | tar -xz
     33 curl https://storage.googleapis.com/syzkaller/gcc-7.tar.gz | tar -xz
     34 curl https://storage.googleapis.com/syzkaller/corpus.db.tar.gz | tar -xz
     35 wget https://storage.googleapis.com/syzkaller/wheezy.img
     36 wget https://storage.googleapis.com/syzkaller/wheezy.img.key
     37 chmod 0600 wheezy.img.key
     38 mkdir workdir
     39 mv corpus.db workdir/
     40 
     41 go get -d github.com/google/syzkaller/...
     42 (cd $GOPATH/src/github.com/google/syzkaller; \
     43     git checkout ad7d294798bac1b8da37cf303e44ade90689bb1c; \
     44     make; \
     45 )
     46 
     47 git clone --branch v4.13 --single-branch --depth=1 \
     48 	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
     49 curl https://gist.githubusercontent.com/dvyukov/2c63231d1cd0d162ac6bebb4627f045c/raw/c3d5c80d391ba4853d6a6453db38c249f40b4b8b/gistfile1.txt > linux/.config
     50 (cd linux; make -j32 CC=$DIR/gcc/bin/gcc)
     51 
     52 cat <<'EOF' | sed "s#DIR#$DIR#g" | sed "s#NVM#$NVM#g" > config
     53 {
     54     "name": "demo",
     55     "target": "linux/amd64",
     56     "http": ":20000",
     57     "workdir": "DIR/workdir",
     58     "vmlinux": "DIR/linux/vmlinux",
     59     "syzkaller": "DIR/gopath/src/github.com/google/syzkaller",
     60     "image": "DIR/wheezy.img",
     61     "sshkey": "DIR/wheezy.img.key",
     62     "sandbox": "none",
     63     "procs": 8,
     64     "type": "qemu",
     65     "vm": {
     66         "count": NVM,
     67         "cpu": 4,
     68         "mem": 2048,
     69         "kernel": "DIR/linux/arch/x86/boot/bzImage"
     70     }
     71 }
     72 EOF
     73 
     74 gopath/src/github.com/google/syzkaller/bin/syz-manager -config config
     75