Closed DarkBoulder closed 1 year ago
It seems like the command
make allyesconfig
could fully compile all Linux kernel .c files and generate bitcode file.
Now I have another problem:
executing /home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer --crash-report=/home/aota08/GREBE/GREBE/fuzzer/workdir/crash_report/1.txt --call-graph=/home/aota08/GREBE/GREBE/fuzzer/workdir/crash_report/1.txt_cg.txt /home/aota08/GREBE/linux-kernel/linux-5.6/net/l2tp/l2tp_core.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/net/core/sock.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/rcu/tree.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/rcu/tree.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/softirq.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/softirq.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/softirq.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/arch/x86/kernel/apic/apic.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/arch/x86/entry/entry_64.S.bc
Total 9 file(s)
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer: error loading file '/home/aota08/GREBE/linux-kernel/linux-5.6/arch/x86/entry/entry_64.S.bc'
inserting l2tp_session_free __sk_destruct
inserting __sk_destruct rcu_do_batch
inserting rcu_do_batch rcu_core
inserting rcu_core __do_softirq
inserting __do_softirq invoke_softirq
inserting invoke_softirq irq_exit
inserting irq_exit exiting_irq
inserting exiting_irq smp_apic_timer_interrupt
inserting smp_apic_timer_interrupt apic_timer_interrupt
Here is the crash location l2tp_session_free net/l2tp/l2tp_core.c:1572 explicit checking? 1
analyzer: /home/aota08/GREBE/GREBE/analyzer/src/lib/CrashAnalyzer.cc:248: void CrashAnalyzer::dump(llvm::StringRef): Assertion `Ctx->TaintSrc.size() > 0 || Ctx->TmpTaintSrc.size() > 0' failed.
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer[0x4babdf]
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer[0x4b8e72]
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer[0x4bb455]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7fa406c63390]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x38)[0x7fa40601c438]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x16a)[0x7fa40601e03a]
/lib/x86_64-linux-gnu/libc.so.6(+0x2dbe7)[0x7fa406014be7]
/lib/x86_64-linux-gnu/libc.so.6(+0x2dc92)[0x7fa406014c92]
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer[0x44aee5]
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer[0x44acf8]
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer[0x415f83]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fa406007840]
/home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer[0x414349]
Stack dump:
0. Program arguments: /home/aota08/GREBE/GREBE/analyzer/build/lib/analyzer --crash-report=/home/aota08/GREBE/GREBE/fuzzer/workdir/crash_report/1.txt --call-graph=/home/aota08/GREBE/GREBE/fuzzer/workdir/crash_report/1.txt_cg.txt /home/aota08/GREBE/linux-kernel/linux-5.6/net/l2tp/l2tp_core.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/net/core/sock.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/rcu/tree.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/rcu/tree.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/softirq.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/softirq.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/kernel/softirq.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/arch/x86/kernel/apic/apic.c.bc /home/aota08/GREBE/linux-kernel/linux-5.6/arch/x86/entry/entry_64.S.bc
Aborted (core dumped)
Traceback (most recent call last):
File "run_analyze.py", line 72, in <module>
run_case(sys.argv[1], sys.argv[2])
File "run_analyze.py", line 69, in run_case
shutil.copyfile("/tmp/ca_result", report_path+"_sts.txt")
File "/usr/lib/python3.5/shutil.py", line 114, in copyfile
with open(src, 'rb') as fsrc:
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/ca_result'
Why does the assertion `Ctx->TaintSrc.size() > 0 || Ctx->TmpTaintSrc.size() > 0' failed when I have all the required bitcode files?
Hey, sorry for the late reply.
It looks like the taint source is not found. There might be some bugs in analyzing the crash location.
I realized that I need to use the kernel version and config options described in syzbot report, like this, and the analysis can run correctly. Sorry for my interruption.
I realized that I need to use the kernel version and config options described in syzbot report, like this, and the analysis can run correctly. Sorry for my interruption.
I realized that I need to use the kernel version and config options described in syzbot report, like this, and the analysis can run correctly. Sorry for my interruption.
hi, I met a same problem. I use the kernel version and config from your link.
But it still report "analyzer: /home/aota08/GREBE/GREBE/analyzer/src/lib/CrashAnalyzer.cc:248: void CrashAnalyzer::dump(llvm::StringRef): Assertion `Ctx->TaintSrc.size() > 0 || Ctx->TmpTaintSrc.size() > 0' failed."
can you give me some advice? thanks
I am trying to analyze this crash: https://syzkaller.appspot.com/bug?id=bdeea91ae259b3a42aa8ed8d8c91afd871eb5d80, and I compiled the clang with your patch. However, when I compiled the Linux kernel with command
, I didn't get all .c files' bitcode file, and the missing bitcode files is needed. The error messages are as follows:
So is my kernel compile command wrong?