* Dmitry Vyukov <dvyu...@google.com> wrote: > On Tue, Mar 8, 2016 at 5:27 PM, Ingo Molnar <mi...@kernel.org> wrote: > > > > * Dmitry Vyukov <dvyu...@google.com> wrote: > > > >> On Tue, Mar 8, 2016 at 4:54 PM, Ingo Molnar <mi...@kernel.org> wrote: > >> > > >> > * Dmitry Vyukov <dvyu...@google.com> wrote: > >> > > >> >> > so, according to the error message it wants a writable directory. > >> >> > Lets try it that > >> >> > way: > >> >> > > >> >> > triton:~> mkdir go > >> >> > triton:~> > >> >> > triton:~> export GOPATH=/home/mingo/go/ > >> >> > triton:~> go get github.com/google/syzkaller > >> >> > can't load package: package github.com/google/syzkaller: no > >> >> > buildable Go source files in > >> >> > /home/mingo/go/src/github.com/google/syzkaller > >> >> > >> >> Yes, GOPATH needs to be set a writable dir. > >> >> You can ignore "can't load package" error. The goal of that step is > >> >> checkout syzkaller with all dependencies into correct dirs under > >> >> GOPATH. That's already done by now. > >> >> Or you can do (/... at the end): > >> >> $ go get github.com/google/syzkaller/... > >> >> That will checkout and build. > >> >> Either way you can continue with the make step. > >> > > >> > Cool, the '/...' trick works. > >> > > >> > > >> >> > looks like someone wants 'Go' to be used as little as possible! ;-) > >> >> > >> >> You probably did not observe recently a noobie trying to build a C > >> >> project with sufficiently-complicate-build-system and a bunch of > >> >> dependencies that needs to be on specific, unknown revisions, and that > >> >> still does not compile with you compiler and does not link with your > >> >> linker, and then of course target machine has a wrong glibc version :) > >> > > >> > Nah, old Linux tools very much suck, we know that and we suffer from it. > >> > > >> > But new tools should not suck! :-) > >> > > >> > So, going from the description at: > >> > > >> > http://lkml.kernel.org/r/CACT4Y+Ym0TZLkmRrM0ZGgLpu8kqS-YjoWTMrvaLz=tx2tny...@mail.gmail.com > >> > > >> > I now have it built, and created > >> > $GOPATH/src/github.com/google/syzkaller/perf.cfg > >> > with: > >> > > >> > > >> > triton:~/go/src/github.com/google/syzkaller> cat perf.cfg > >> > { > >> > "http": "localhost:50000", > >> > "workdir": > >> > "/home/mingo/go/src/github.com/google/syzkaller/workdir", > >> > "syzkaller": "/home/mingo/go/src/github.com/google/syzkaller", > >> > "vmlinux": "-", > >> > "type": "local", > >> > "count": 1, > >> > "procs": 16, > >> > "nocover": true, > >> > "nodropprivs": true, > >> > "enable_syscalls": [ > >> > "getpid", > >> > "perf_event_open", > >> > "ioctl$PERF*", > >> > "prctl$void", > >> > "bpf$*", > >> > "sched_yield" > >> > ] > >> > } > >> > > >> > Then I tried to do: > >> > > >> > $ bin/syz-manager -config perf.cfg > >> > > >> > in ~/go/src/github.com/google/syzkaller, but that doesn't work because > >> > there's no > >> > 'bin' directory: > >> > > >> > triton:~/go/src/github.com/google/syzkaller> bin/syz-manager -config > >> > perf.cfg > >> > bash: bin/syz-manager: No such file or directory > >> > > >> > So that should really read something like: > >> > > >> > cd ~/go > >> > bin/syz-manager -config src/github.com/google/syzkaller/perf.cfg > >> > > >> > next roadblock: > >> > > >> > fomalhaut:~/go> bin/syz-manager -config > >> > src/github.com/google/syzkaller/perf.cfg > >> > 2016/03/08 16:53:44 bad config syzkaller param: can't find bin/syz-fuzzer > >> > > >> > so how do I proceed from here? > >> > >> > >> You need to call make in syzkaller dir, it will create > >> syzkaller/bin/syz-manager. I.e. > >> > >> $ cd /home/mingo/go/src/github.com/google/syzkaller > >> $ make > > > > Ok, cool, this got me further. > > > >> $ bin/syz-manager -config perf.cfg > > > > I now get periodic output of: > > > > fomalhaut:~/go/src/github.com/google/syzkaller> bin/syz-manager -config > > src/github.com/google/syzkaller/perf.cfg > > 2016/03/08 17:24:07 failed to read config file: open > > src/github.com/google/syzkaller/perf.cfg: no such file or directory > > fomalhaut:~/go/src/github.com/google/syzkaller> bin/syz-manager -config > > perf.cfg > > 2016/03/08 17:24:19 loading corpus... > > 2016/03/08 17:24:19 loaded 0 programs > > 2016/03/08 17:24:19 serving http on http://localhost:50000 > > 2016/03/08 17:24:19 serving rpc on tcp://127.0.0.1:37006 > > 2016/03/08 17:24:34 local-0: saving crash 'BUG: /sys/kernel/debug/kcov is > > missing (permission denied). Enable CONFIG_KCOV and mount debugfs.' to > > crash-local-0-1457454274467286949 > > 2016/03/08 17:24:34 local-0: lost connection: exit status 1 > > 2016/03/08 17:24:34 local-0: saving crash 'lost connection' to > > crash-local-0-1457454274467603509 > > 2016/03/08 17:24:49 local-0: saving crash 'BUG: /sys/kernel/debug/kcov is > > missing (permission denied). Enable CONFIG_KCOV and mount debugfs.' to > > crash-local-0-1457454289719432704 > > 2016/03/08 17:24:49 local-0: lost connection: exit status 1 > > 2016/03/08 17:24:49 local-0: saving crash 'lost connection' to > > crash-local-0-1457454289719774031 > > 2016/03/08 17:25:04 local-0: saving crash 'BUG: /sys/kernel/debug/kcov is > > missing (permission denied). Enable CONFIG_KCOV and mount debugfs.' to > > crash-local-0-1457454304992856310 > > 2016/03/08 17:25:04 local-0: lost connection: exit status 1 > > 2016/03/08 17:25:04 local-0: saving crash 'lost connection' to > > crash-local-0-1457454304993224299 > > 2016/03/08 17:25:20 local-0: saving crash 'BUG: /sys/kernel/debug/kcov is > > missing (permission denied). Enable CONFIG_KCOV and mount debugfs.' to > > crash-local-0-1457454320280216980 > > 2016/03/08 17:25:20 local-0: lost connection: exit status 1 > > 2016/03/08 17:25:20 local-0: saving crash 'lost connection' to > > crash-local-0-1457454320280581459 > > 2016/03/08 17:25:35 local-0: saving crash 'BUG: /sys/kernel/debug/kcov is > > missing (permission denied). Enable CONFIG_KCOV and mount debugfs.' to > > crash-local-0-1457454335572633035 > > 2016/03/08 17:25:35 local-0: lost connection: exit status 1 > > 2016/03/08 17:25:35 local-0: saving crash 'lost connection' to > > crash-local-0-1457454335572967343 > > 2016/03/08 17:25:50 local-0: saving crash 'BUG: /sys/kernel/debug/kcov is > > missing (permission denied). Enable CONFIG_KCOV and mount debugfs.' to > > crash-local-0-1457454350865099485 > > 2016/03/08 17:25:50 local-0: lost connection: exit status 1 > > 2016/03/08 17:25:50 local-0: saving crash 'lost connection' to > > crash-local-0-1457454350865429049 > > > > is CONFIG_KCOV=y a must-have feature? There's no KCOV support upstream that > > I can > > see. > > Change: > "nocover": true, > to: > "cover": false, > in the config file. > > KCOV will increase efficiency of the fuzzer, but it is not necessary. > As far as I understand Peter tested without KCOV.
Ok, so now I get: fomalhaut:~/go/src/github.com/google/syzkaller> bin/syz-manager -config perf.cfg 2016/03/08 17:39:25 loading corpus... 2016/03/08 17:39:25 loaded 0 programs 2016/03/08 17:39:25 serving http on http://localhost:50000 2016/03/08 17:39:25 serving rpc on tcp://127.0.0.1:33809 | |-sshd(49552)---sshd(49555)---bash(49562)---syz-manager(49652)-+-syz-fuzzer(49661)-+-syz-executor(49935) | | | |-syz-executor(49936) | | | |-syz-executor(49937) | | | |-syz-executor(49938) | | | |-syz-executor(49939) | | | |-syz-executor(49940) | | | |-syz-executor(49941) | | | |-syz-executor(49942) | | | |-syz-executor(49943) | | | |-syz-executor(49944) | | | |-syz-executor(49945) | | | |-syz-executor(49946) | | | |-syz-executor(49947) | | | |-syz-executor(49948) | | | |-syz-executor(49949) | | | |-syz-executor(49950) | | | |-{syz-fuzzer}(49662) | | | |-{syz-fuzzer}(49663) | | | |-{syz-fuzzer}(49664) | | | |-{syz-fuzzer}(49665) | | | |-{syz-fuzzer}(49666) | | | |-{syz-fuzzer}(49688) | | | |-{syz-fuzzer}(49689) | | | |-{syz-fuzzer}(49690) | | | |-{syz-fuzzer}(49691) | | | |-{syz-fuzzer}(49692) | | | |-{syz-fuzzer}(49693) | | | |-{syz-fuzzer}(49694) | | | |-{syz-fuzzer}(49695) | | | |-{syz-fuzzer}(49696) | | | |-{syz-fuzzer}(49697) | | | |-{syz-fuzzer}(49698) | | | |-{syz-fuzzer}(49699) | | | |-{syz-fuzzer}(49700) | | | |-{syz-fuzzer}(49701) | | | |-{syz-fuzzer}(49704) | | | |-{syz-fuzzer}(49705) | | | |-{syz-fuzzer}(49706) | | | |-{syz-fuzzer}(49710) | | | |-{syz-fuzzer}(49711) | | | |-{syz-fuzzer}(49737) | | | |-{syz-fuzzer}(49739) | | | |-{syz-fuzzer}(49762) | | | |-{syz-fuzzer}(49764) | | | |-{syz-fuzzer}(49787) | | | |-{syz-fuzzer}(49789) | | | |-{syz-fuzzer}(49802) | | | |-{syz-fuzzer}(49803) | | | |-{syz-fuzzer}(49804) | | | |-{syz-fuzzer}(49818) | | | |-{syz-fuzzer}(49822) | | | |-{syz-fuzzer}(49846) | | | |-{syz-fuzzer}(49847) | | | |-{syz-fuzzer}(49848) | | | |-{syz-fuzzer}(49849) | | | |-{syz-fuzzer}(49850) | | | |-{syz-fuzzer}(49851) | | | |-{syz-fuzzer}(49852) | | | |-{syz-fuzzer}(49893) | | | |-{syz-fuzzer}(49894) | | | |-{syz-fuzzer}(49895) | | | |-{syz-fuzzer}(49896) | | | |-{syz-fuzzer}(49933) | | | `-{syz-fuzzer}(49934) | | |-{syz-manager}(49653) | | |-{syz-manager}(49654) | | |-{syz-manager}(49655) | | |-{syz-manager}(49656) | | |-{syz-manager}(49657) | | |-{syz-manager}(49658) | | |-{syz-manager}(49659) | | |-{syz-manager}(49667) | | |-{syz-manager}(49668) | | |-{syz-manager}(49669) | | |-{syz-manager}(49670) | | |-{syz-manager}(49671) | | |-{syz-manager}(49672) | | |-{syz-manager}(49673) | | |-{syz-manager}(49674) | | |-{syz-manager}(49675) | | |-{syz-manager}(49676) | | |-{syz-manager}(49677) | | |-{syz-manager}(49678) | | |-{syz-manager}(49679) | | |-{syz-manager}(49680) | | |-{syz-manager}(49681) | | |-{syz-manager}(49682) | | |-{syz-manager}(49683) | | |-{syz-manager}(49684) | | |-{syz-manager}(49685) | | |-{syz-manager}(49686) | | |-{syz-manager}(49687) | | |-{syz-manager}(49913) | | `-{syz-manager}(49914) I'm seeing some zombies: 49935 pts/2 Z+ 0:00 [syz-executor] <defunct> 49936 pts/2 Z+ 0:00 [syz-executor] <defunct> 49937 pts/2 Z+ 0:00 [syz-executor] <defunct> 49938 pts/2 Z+ 0:00 [syz-executor] <defunct> 49939 pts/2 Z+ 0:00 [syz-executor] <defunct> 49940 pts/2 Z+ 0:00 [syz-executor] <defunct> 49941 pts/2 Z+ 0:00 [syz-executor] <defunct> 49942 pts/2 Z+ 0:00 [syz-executor] <defunct> 49943 pts/2 Z+ 0:00 [syz-executor] <defunct> 49944 pts/2 Z+ 0:00 [syz-executor] <defunct> 49945 pts/2 Z+ 0:00 [syz-executor] <defunct> 49946 pts/2 Z+ 0:00 [syz-executor] <defunct> 49947 pts/2 Z+ 0:00 [syz-executor] <defunct> 49948 pts/2 Z+ 0:00 [syz-executor] <defunct> 49949 pts/2 Z+ 0:00 [syz-executor] <defunct> 49950 pts/2 Z+ 0:00 [syz-executor] <defun does it mean it found a kernel bug already? It only had a couple of seconds of runtime: 49652 mingo 20 0 1434276 52144 11344 S 0.0 0.0 0:00.54 syz-manager 49661 mingo 20 0 2196672 43948 10448 S 0.0 0.0 0:05.59 syz-fuzzer Thanks, Ingo
