config: config example for ssh remote target about syzkaller HOT 15 CLOSED

I am not sure I understand the question.
Syzkaller never uses the kernel it runs on for fuzzing. Syz-manager process runs on host, and it tests other kernels. Other kernels can be either local VMs (qemu, kvmtool), remote VMs (gce) or physical devices (adb).

Or do you mean physically remote machines?
Syzkaller needs to know how to reboot test machines and obtain console output from these machines. We currently have this support only for android devices using adb and Suzy-Q/Android Serial Cable:
https://github.com/google/syzkaller/blob/master/vm/adb/adb.go
It is possible to implement support for other development boards. One would need to implement vm.Instance interface for them:
https://github.com/google/syzkaller/blob/master/vm/vm.go#L19

from syzkaller.

I use the ARMv8 Cloud (built on my own), host and test machine are all on the cloud.
Maybe I need the GCE config. Thanks a lot.

from syzkaller.

GCE config will not work per-se, it uses GCE APIs to create/destroy VMs and obtain console output.
You need to teach syzkaller how to reboot your machines and how to obtain console output. Then syzkaller will be able to use your cloud machines for fuzzing. Look at examples in vm/qemu, vm/adb, vm/gce.

from syzkaller.

ok, let me try to port on openstack cloud.
thanks a lot

from syzkaller.

Feel free to ask questions here.

First step would be to collect manual commands required to:

• "repair" a machine (bring into working state after a previous fuzzing session)
• obtain console output
• copy a file to the machine (scp)
• run a command on the machine and obtain stderr/stdout (ssh)

Next step is to automate these commands for syzkaller.

from syzkaller.

I have traced the code. But I still don't know what does "repair" mean.

from syzkaller.

Say we run fuzzing on the machine. Fuzzing leads to a kernel deadlock or memory corruption. So now the machine is not usable: ssh may not work, or even if it works programs hang or crash. Repair procedure needs to bring the machine into usable state again (e.g. recreate a VM, or reboot a physical device).

from syzkaller.

Got it.

from syzkaller.

@dvyukov a new question come out.
What does the "Forward" method stand for?
Thanks a lot

from syzkaller.

What exactly here is not clear?

	// Forward setups forwarding from within VM to host port port
	// and returns address to use in VM.
	Forward(port int) (string, error)

from syzkaller.

By forwarding it means TCP connection forwarding.

from syzkaller.

If openstack give my VM a public ip, I just fill the forward ip with that public ip?

from syzkaller.

No, it needs to return address of the machine where syz-manager is running as seen by the VM. syz-fuzzer running in the VM will use this address to connect to syz-manager.

from syzkaller.

!
Got it
Thx a lot

from syzkaller.

I think this is resolved.

from syzkaller.