setup_syzkaller_demo.sh

#!/bin/bash
set -ex

KERNEL_VERSION=6.10
STARTING_FOLDER=$PWD
WORKING_DIRECTORY=$PWD/working/
KERNEL_PARENT_FOLDER=$WORKING_DIRECTORY/kernel/
KERNEL_FOLDER=$WORKING_DIRECTORY/kernel/linux-$KERNEL_VERSION
KERNEL_IMAGE=$KERNEL_FOLDER/arch/x86_64/boot/bzImage
KERNEL_EXTRA_CONFIGS=$PWD/kernel/kernel-configs/extra-syzkaller.config
IMAGE_FOLDER=$WORKING_DIRECTORY/image/
IMAGE=$IMAGE_FOLDER/bullseye.img

mkdir -p $WORKING_DIRECTORY
mkdir -p $KERNEL_PARENT_FOLDER
mkdir -p $IMAGE_FOLDER

# apt dependencies
sudo apt update
sudo apt install -y debootstrap qemu-system build-essential libncurses-dev bison flex libssl-dev libelf-dev bc git make clang-15 docker.io qemu-system

# compile kernel
NOHAT_PATCH=Y CC=gcc helpers/kernel/get-and-compile-kernel.sh $KERNEL_VERSION $KERNEL_PARENT_FOLDER $KERNEL_EXTRA_CONFIGS
#helpers/kernel/get-and-compile-kernel.sh $KERNEL_VERSION $KERNEL_PARENT_FOLDER $KERNEL_EXTRA_CONFIGS
# get debian image from syzkaller repo
helpers/image/get-syzkaller-image.sh $IMAGE_FOLDER

# Configure syzkaller
# install go

if ! command -v go &> /dev/null
then
  cd
	wget https://go.dev/dl/go1.22.1.linux-amd64.tar.gz
	tar -xvf go*-amd64.tar.gz
	mkdir gopath
	export GOROOT=~/go
	export PATH=$GOROOT/bin:$PATH
	export GOPATH=~/gopath/
	echo export GOROOT=~/go >> ~/.bashrc
	echo export PATH=$GOROOT/bin:$PATH >> ~/.bashrc
	echo export GOPATH=~/gopath/ >> ~/.bashrc
	go version
  source ~/.bashrc
  cd -
else
    echo "Go is already installed. Know that currently the latest syzkaller version requires go 1.23!"
fi

cd $WORKING_DIRECTORY

# clean previous directory
rm -rf syzkaller/
git clone https://github.com/google/syzkaller
cd syzkaller
git checkout e1ac59f4ea80a1bbd000a998317a5321e6723b8f
tools/syz-env make

cat << EOF > ./config.json
{
  "target": "linux/amd64",
  "http": "0.0.0.0:56741",
  "syzkaller": "./",
  "workdir": "./workdir",
  "kernel_obj": "../kernel/linux-$KERNEL_VERSION/",
  "image": "../image/bullseye.img",
  "sshkey": "../image/bullseye.id_rsa",
  "procs": 4,
  "type": "qemu",
  "vm": {
    "qemu_args": "-enable-kvm",
    "cmdline": "net.ifnames=0 panic_on_warn=1",
    "count": 2,
    "cpu": 2,
    "mem": 4096,
    "kernel": "../kernel/linux-$KERNEL_VERSION//arch/x86/boot/bzImage"
  }
}
EOF

cat << EOF > ./config_syzdemo.json
{
  "target": "linux/amd64",
  "http": "0.0.0.0:56741",
  "syzkaller": "./",
  "workdir": "./workdir",
  "kernel_obj": "../kernel/linux-$KERNEL_VERSION/",
  "image": "../image/bullseye.img",
  "sshkey": "../image/bullseye.id_rsa",
  "procs": 4,
  "type": "qemu",
  "enable_syscalls":[
    "openat\$demo",
    "ioctl\$IOCTL_DEMO_NORMAL",
    "ioctl\$IOCTL_DEMO_BUG",
    "ioctl\$IOCTL_DEMO_KASAN"
  ],
  "vm": {
    "qemu_args": "-enable-kvm",
    "cmdline": "net.ifnames=0 panic_on_warn=1",
    "count": 2,
    "cpu": 2,
    "mem": 4096,
    "kernel": "../kernel/linux-$KERNEL_VERSION/arch/x86/boot/bzImage"
  }
}
EOF

cd ../
cat << EOF > ./run.sh
export KERNEL=./kernel/linux-$KERNEL_VERSION/
export IMAGE=./image/

qemu-system-x86_64 \\
        -m 2G \\
        -smp 2 \\
        -kernel \$KERNEL/arch/x86/boot/bzImage \\
        -append "console=ttyS0 root=/dev/sda earlyprintk=serial net.ifnames=0" \\
        -drive file=\$IMAGE/bullseye.img,format=raw \\
        -net user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 \\
        -net nic,model=e1000 \\
        -enable-kvm \\
        -snapshot \\
        -nographic \\
        -pidfile vm.pid \\
        2>&1 | tee vm.log
EOF
chmod +x run.sh

cd $STARTING_FOLDER

# Configure main script ./start.sh
echo "[+] Setup completed. You should find everything in the ./working/ directory"