Markakd
commented
12 months ago Hi Sheng,
I guess this may be mainly due to kernel configuration issue. But before
adjusting kernel configuration, would you try adding "sandbox": "namespace" to syzkaller config and see how it goes?
On Thu, Sep 14, 2023 at 12:09 AM Sheng Wu @.***> wrote:
Hi, I get this crash info WARNING in cgroup_apply_control_disable repeatedly while fuzzing the bug, and part of the console info is as follows:
2023/09/05 15:16:24 vm-0: crash: WARNING in cgroup_apply_control_disable 2023/09/05 15:16:28 vm-1: crash: WARNING in cgroup_apply_control_disable 2023/09/05 15:16:30 VMs 1, executed 114, corpus cover 0, corpus signal 0, object signal 0, max signal 0, crashes 18, repro 0 2023/09/05 15:16:39 vm-2: crash: WARNING in cgroup_apply_control_disable 2023/09/05 15:16:40 VMs 1, executed 121, corpus cover 0, corpus signal 0, object signal 0, max signal 0, crashes 19, repro 0 2023/09/05 15:16:47 vm-3: crash: WARNING in cgroup_apply_control_disable
I have changed the SYZ bug reports (d2c64e2/09fc5ec/8eceaff), and also the Ubuntu version (16.04/20.04), but it doesn't work, I still get the same crash info.
Maybe there's something wrong with the kernel configuration. I configured the kernel of each bug report with the following steps(take the first case in your Google doc https://docs.google.com/spreadsheets/d/1p2yOKEnEZNTxBQBe4RhJtbxnRMRovBgAaqZUCc_iOLE/edit#gid=0, d2c64e2 https://syzkaller.appspot.com/bug?id=d2c64e2d7c308cce1b51fd51addd4284cd825792 as an example:
- Get the kernel config https://syzkaller.appspot.com/text?tag=KernelConfig&x=be4578b3f1083656 in the first line of Crashes table below the report page.
- Download the corresponding Linux kernel version shown in the config. (In this case, the kernel version is 5.7.0)
- Unzip the kernel file, and patch it with the command patch [target_kernel_dir]/kernel/kcov.c -p1 < ./kernel.patch.
- Set the environment variable with export OBJ_FILE=[the_absolute_path_to_the_file_containing_critical_objects].
- Generate the .config file with make defconfig, and fully replace it with the SYZ bug report kernel config https://syzkaller.appspot.com/text?tag=KernelConfig&x=be4578b3f1083656. After that, edit some configs as follows:
Coverage collection.
CONFIG_KCOV=y
Debug info for symbolization.
CONFIG_DEBUG_INFO=y CONFIG_DEBUG_INFO_DWARF4=y
Memory bug detector
CONFIG_KASAN=y CONFIG_KASAN_INLINE=y
Required for Debian Stretch
CONFIG_CONFIGFS_FS=y CONFIG_SECURITYFS=y
CONFIG_CMDLINE_BOOL=y CONFIG_CMDLINE="net.ifnames=0"
These configs are reqired in the syzkaller setup https://github.com/google/syzkaller/blob/master/docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md .
- Save the config with make olddefconfig, and compile the kernel with your costomized gcc make CC=[path_to_our_gcc] -j
nproc.- Run the fuzzer with ./bin/syz-manager -config=config -auxiliary=./crash_report/1_poc.txt. The config and poc file are as follows: config file:
{ "target": "linux/amd64", "http": "127.0.0.1:56741", "workdir": "/opt/GREBE/GREBE/fuzzer/workdir", "kernel_obj": "/opt/GREBE/linux-kernel/linux-5.7", "image": "/opt/GREBE/image/bullseye.img", "sshkey": "/opt/GREBE/image/bullseye.id_rsa", "syzkaller": "/opt/GREBE/GREBE/fuzzer", "procs": 8, "type": "qemu", "reproduce": false, "vm": { "count": 4, "kernel": "/opt/GREBE/linux-kernel/linux-5.7/arch/x86/boot/bzImage", "snapshot": true, "cpu": 2, "mem": 2048 } }
poc file: (Syz repro https://syzkaller.appspot.com/text?tag=ReproSyz&x=143f0f95100000 column of the same crash line)
https://syzkaller.appspot.com/bug?id=d2c64e2d7c308cce1b51fd51addd4284cd825792
See https://goo.gl/kgGztJ for information about syzkaller reproducers.
{"procs":1,"sandbox":"none","fault_call":-1,"close_fds":true}
r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0xb, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$pppl2tp(r0, @.***={0x18, 0x1, {0x0, r1, 0x1, 0x0, 0x1, 0x0, {0xa, 0x4e20, 0x7, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x12}}, 0x3ff}}}, 0x3a)
Could you please help me with this problem? Or even some hints will be helpful, thanks!
— Reply to this email directly, view it on GitHub https://github.com/Markakd/GREBE/issues/8, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEOMNZNNKT566HREHK2NXWTX2KUUFANCNFSM6AAAAAA4XTOXUI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
DarkBoulder
Hi, I get this crash info
WARNING in cgroup_apply_control_disablerepeatedly while fuzzing the bug, and part of the console info is as follows:I have changed the SYZ bug reports (
d2c64e2/09fc5ec/8eceaff), and also the Ubuntu version (16.04/20.04), but it doesn't work, I still get the same crash info.Maybe there's something wrong with the kernel configuration. I configured the kernel of each bug report with the following steps(take the first case in your Google doc, d2c64e2 as an example:
Crashestable below the report page.patch [target_kernel_dir]/kernel/kcov.c -p1 < ./kernel.patch.export OBJ_FILE=[the_absolute_path_to_the_file_containing_critical_objects].make defconfig, and fully replace it with the SYZ bug report kernel config. After that, edit some configs as follows:These configs are reqired in the syzkaller setup.
make olddefconfig, and compile the kernel with your costomized gccmake CC=[path_to_our_gcc] -j `nproc`../bin/syz-manager -config=config -auxiliary=./crash_report/1_poc.txt. Theconfigandpocfile are as follows: config file:poc file: (Syz repro column of the same crash line)
Could you please help me with this problem? Or even some hints will be helpful, thanks!