From 8f3b15c4213fbdd6918d7ddd9ffa9fd4a623dc49 Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Thu, 28 Nov 2024 11:02:58 +0100 Subject: docs: update reproduction instructions 1. Get rid of executing_syzkaller_programs.md as it now mostly overlaps with reproducing_crashes.md. 2. Update the instructions on building the kernel with syzbot compilers. 3. Update the links throughout the documentation. --- docs/executing_syzkaller_programs.md | 73 ------------------------------------ 1 file changed, 73 deletions(-) delete mode 100644 docs/executing_syzkaller_programs.md (limited to 'docs/executing_syzkaller_programs.md') diff --git a/docs/executing_syzkaller_programs.md b/docs/executing_syzkaller_programs.md deleted file mode 100644 index a9e9ff9bd..000000000 --- a/docs/executing_syzkaller_programs.md +++ /dev/null @@ -1,73 +0,0 @@ -# Executing syzkaller programs - -This page describes how to execute existing syzkaller programs for the purpose -of bug reproduction. This way you can replay a single program or a whole -execution log with several programs. - -1. Setup Go toolchain (if you don't yet have it, you need version 1.16 or higher): -Download latest Go distribution from (https://golang.org/dl/). Unpack it to `$HOME/goroot`. -``` bash -export GOROOT=$HOME/goroot -export GOPATH=$HOME/gopath -``` - -2. Download syzkaller sources: -``` bash -git clone https://github.com/google/syzkaller -``` - -Note that your syzkaller revision must be the same as the one that generated the -program you're trying to execute. - -3. Build necessary syzkaller binaries: -``` bash -cd syzkaller -make -``` - -4. Copy binaries and the program to test machine (substitute target `linux_amd64` -as necessary): -``` bash -scp -P 10022 -i bullseye.img.key bin/linux_amd64/syz-execprog bin/linux_amd64/syz-executor program root@localhost: -``` - -5. Run the program on the test machine: -``` bash -./syz-execprog -repeat=0 -procs=8 program -``` - -Several useful `syz-execprog` flags: -``` - -procs int - number of parallel processes to execute programs (default 1) - -repeat int - repeat execution that many times (0 for infinite loop) (default 1) - -sandbox string - sandbox for fuzzing (none/setuid/namespace) (default "setuid") - -threaded - use threaded mode in executor (default true) -``` - -If you pass `-threaded=0`, programs will be executed as a simple single-threaded -sequence of syscalls. `-threaded=1` forces execution of each syscall in a -separate thread, so that execution can proceed over blocking syscalls. - -Older syzkaller versions also had the following flag: -``` - -collide - collide syscalls to provoke data races (default true) -``` -`-collide=1` forced second round of execution of syscalls when pairs of syscalls -are executed concurrently. You might need to use this flag if you're running an -old reproducer. - - -If you are replaying a reproducer program that contains a header along the -following lines: -``` -# {Threaded:true Repeat:true RepeatTimes:0 Procs:8 Slowdown:1 Sandbox:none Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true UseTmpDir:true HandleSegv:true Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} -``` -then you need to adjust `syz-execprog` flags based on the values in the -header. Namely, `Threaded`/`Procs`/`Sandbox` directly relate to -`-threaded`/`-procs`/`-sandbox` flags. If `Repeat` is set to `true`, add -`-repeat=0` flag to `syz-execprog`. -- cgit mrf-deployment