Here is a streamlined explanation of what you need to repro and fix.
- clone serenity (assumes fixes from SerenityOS/serenity#13846)
Meta/serenity.sh rebuild-toolchain
- cd
Ports/openssh
and run./package.sh
- add
sync-local.sh
to serenity clone root:
printf "syzkaller modifications... "
pushd "$SERENITY_SOURCE_DIR/Build/$SERENITY_ARCH/"
# add key /root/.ssh/authorized_keys
if [ -z "$PUBKEY" ]; then
echo "Please set the PUBKEY env var to your ssh pubkey"
exit 1
fi
mkdir -p mnt/root/.ssh
chmod 700 mnt/root/.ssh/
echo "$PUBKEY" > mnt/root/.ssh/authorized_keys
chmod 600 mnt/root/.ssh/authorized_keys
chown -R 0:0 mnt/root/
# the scp binary from the openssh port ends up here. scp invokes
# another scp on the receiving end, expecting it to be in the path
echo "export PATH=/usr/local/bin/:$PATH" > mnt/root/.shellrc
# enable openssh server
cat <<EOF >> mnt/etc/SystemServer.ini
[SSHServer]
Executable=/usr/local/sbin/sshd
Arguments=-D
KeepAlive=1
SystemModes=text,graphical
EOF
# not sure why these keys are only sometimes go+r
chmod 600 mnt/etc/ssh/*key
# boot into text mode (when booted from grub image)
cat <<EOF > "$SERENITY_SOURCE_DIR"/Meta/grub-mbr.cfg
timeout=0
menuentry 'SerenityOS (text mode)' {
root=hd0,1
multiboot /boot/Prekernel fbdev=off root=/dev/hda1
module /boot/Kernel
}
EOF
popd
echo "done"
cd Build/i686
andPUBKEY="<your pubkey>" ninja grub-image
- clone my syzkaller fork
- checkout the
serenityos
branch make TARGETOS=serenity TARGETARCH=386 SOURCEDIR=~/repos/serenity/Kernel/
- create an empty workdir for szkaller to work with in the following file
- create a config file, swap out workdir, your homedir, ssh key, paths, ...:
{
"target": "serenity/386",
"http": "127.0.0.1:56741",
"sshkey": "/home/space/.ssh/id_ed25519",
"workdir": "/home/space/sk_serenity/",
"kernel_obj": "/home/space/repos/serenity/Build/i686/Kernel/",
"kernel_src": "/home/space/repos/serenity/Kernel/",
"syzkaller": "/home/space/repos/syzkaller",
"procs": 2,
"type": "qemu",
"cover": false,
"image": "/home/space/repos/serenity/Build/i686/grub_disk_image",
"vm": {
"count": 2,
"cpu": 2
}
}
./bin/syz-manager -config=<path to your config file> -debug
- now go back and undo the last commit in the syzkaller repo and try building syzkaller again.