syzkaller icon indicating copy to clipboard operation
syzkaller copied to clipboard

Published 20 hours ago verified publisher icon google

docs: update riscv setup instructions

Open LegendSaber opened this issue 2 years ago • 4 comments

I follow the blog https://github.com/google/syzkaller/blob/master/docs/linux/setup_linux-host_qemu-vm_riscv64-kernel.md to set up a fuzz testing environment. And, I can connect by ssh, if I startup Linux by using qemu. However, if I begin fuzzing, Syzkaller will always output 'vm-0:crash: lost connection to test machine'

If I run the fuzz testing in debug mode. The output as follow: debug1: remote forward success for: listen 41165, connect 127.0.0.1:41165 debug1: Sending command: cd / && /syz-fuzzer -executor=/syz-executor -name=vm-0 -arch=riscv64 -manager=localhost:41165 -sandbox=none -procs=1 -cover=true -debug=true -test=false -vv=100 -optional=slowdown=10:raw_cover=false:sandbox_arg=0 buildroot login: [ 20.576356] syz-fuzzer[134]: unhandled signal 11 code 0x1 at 0x0000000000000ba0 in syz-fuzzer[10000+4a2000] [ 20.577385] CPU: 1 PID: 134 Comm: syz-fuzzer Not tainted 5.9.0-rc1 #1 [ 20.577797] epc: 0000000000000ba0 ra : 0000003fd2ed3872 sp : 0000003fffb8da68 [ 20.578117] gp : 0000002aaaed0af8 tp : 0000003fce0b96c8 t0 : 0000003fffb8db50 [ 20.578897] t1 : 0000003fd2ed3bdc t2 : 0000000000000010 s0 : 0000003fffb8db08 [ 20.579313] s1 : 0000003fd2ed4000 a0 : 0000003fd2ed4000 a1 : 0000003fffb8db10 [ 20.579739] a2 : 0000000000000020 a3 : 0000000000000002 a4 : 0000000000000002 [ 20.580099] a5 : 000000000000000f a6 : ffffffffffffff97 a7 : 0000003fd2ed380a [ 20.580472] s2 : 0000000000000001 s3 : 0000003fffb8db10 s4 : 0000003fd2ed4030 [ 20.580834] s5 : 0000003fd2ed4010 s6 : 000000000000004f s7 : 0000000000000004 [ 20.581344] s8 : 0000003fd2ed4004 s9 : 0000003fd2ed4010 s10: 0000003fd2ed4008 [ 20.581728] s11: 0000003fd2ed4038 t3 : 0000000000000ba0 t4 : 0000000001555769 [ 20.582073] t5 : 0000000000000000 t6 : 00000000014361e4 [ 20.582646] status: 8000000000006020 badaddr: 0000000000000ba0 cause: 000000000000000c debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0 debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2100, received 2412 bytes, in 0.2 seconds Bytes per second: sent 11839.0, received 13597.9 debug1: Exit status -1 2023/10/10 09:28:07 vm-0: crash: lost connection to test machine

If I startup Linux by using qemu,and scp the syz-fuzzer and syz-executor to the system by myself. Then, I execute ./syz-fuzzer -executor=./syz-executor -name=vm-0 -arch=riscv64 -manager=localhost:41165 -sandbox=none -procs=1 -cover=true -debug=true -test=false -vv=100 -optional=slowdown=10:raw_cover=false:sandbox_arg=0. The output as follow: [ 56.074183] syz-fuzzer[133]: unhandled signal 11 code 0x1 at 0x0000000000000ba0 in syz-fuzzer[10000+4a2000] [ 56.075565] CPU: 0 PID: 133 Comm: syz-fuzzer Not tainted 5.9.0-rc1 #1 [ 56.076079] epc: 0000000000000ba0 ra : 0000003fee70a872 sp : 0000003fffe3aa98 [ 56.076503] gp : 0000002adc7b6b08 tp : 0000003fc035b6c8 t0 : 0000003fffe3ab80 [ 56.076910] t1 : 0000003fee70abdc t2 : 0000000000000010 s0 : 0000003fffe3ab38 [ 56.077381] s1 : 0000003fee70b000 a0 : 0000003fee70b000 a1 : 0000003fffe3ab40 [ 56.078133] a2 : 0000000000000020 a3 : 0000000000000002 a4 : 0000000000000002 [ 56.078556] a5 : 000000000000000f a6 : 0000000000000070 a7 : 0000003fee70a80a [ 56.078992] s2 : 0000000000000001 s3 : 0000003fffe3ab40 s4 : 0000003fee70b030 [ 56.079387] s5 : 0000003fee70b010 s6 : 000000000000004f s7 : 0000000000000004 [ 56.079786] s8 : 0000003fee70b004 s9 : 0000003fee70b010 s10: 0000003fee70b008 [ 56.080178] s11: 0000003fee70b038 t3 : 0000000000000ba0 t4 : 000000000156e3dc [ 56.080554] t5 : 0000000000000000 t6 : 00000000014361e4 [ 56.080870] status: 8000000000006020 badaddr: 0000000000000ba0 cause: 000000000000000c Segmentation fault

LegendSaber avatar Oct 10 '23 10:10 LegendSaber

Do simple Go binaries run on the machine?

dvyukov avatar Oct 10 '23 10:10 dvyukov

Do simple Go binaries run on the machine?

Well, simple Go binaries can not run on the machine. So, how can I solve the problem?

LegendSaber avatar Oct 11 '23 02:10 LegendSaber

I am not sure we have riscv experts here who can answer this without debugging.

dvyukov avatar Oct 11 '23 03:10 dvyukov

I am not sure we have riscv experts here who can answer this without debugging.

The new versions of the Go compiler and the RISC-V GCC compiler cannot run syz-fuzzer and syz-executor compiled on Linux 5.9-rc1. You need to either adjust the versions of these two compilers or use a higher version of the Linux kernel.

LegendSaber avatar Oct 13 '23 05:10 LegendSaber