search

google / syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer
Apache License 2.0
5.35k stars 1.22k forks source link

exceeds buffer length 1 #2749

Closed docfate111 closed 3 years ago

docfate111 commented 3 years ago

I'm running into issues on step 3 in adding a syzlang grammar after running the 3 commands. I added a txt file but am getting errors go version go1.13.8 linux/amd64

29~20.04.1-Ubuntu SMP Wed Aug 11 15:58:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

sys/linux/socket.txt:334:32: string value "vlan0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "vlan1\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "macvlan0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "macvlan1\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "ipvlan0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "ipvlan1\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "veth0_macvtap\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "veth1_macvtap\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "macvtap0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "macsec0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "geneve0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "geneve1\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "wg0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "wg1\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "wg2\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "wlan0\x00" exceeds buffer length 1 sys/linux/socket.txt:334:32: string value "wlan1\x00" exceeds buffer length 1 make[1]: [Makefile:147: .descriptions] Error 1 make: [Makefile:144: descriptions] Error 2

a-nogikh commented 3 years ago

If you provided a minimised sequence of steps to reproduce the issue, it would be much easier to help you spot the problem.

docfate111 commented 3 years ago

@a-nogikh I added a few txts under sys/linux https://github.com/docfate111/syzkaller then I followed the steps on this page https://github.com/google/syzkaller/blob/master/docs/syscall_descriptions.md and step 3 is where I run into the issue.

a-nogikh commented 3 years ago

Syzkaller seems at this moment to be not so tolerant to .const files that do not cover all arches. I assume that in your case you ran bin/syz-extract for a single architecture (which has overwritten .const files) and then called make generate, which iterates over all of them.

This is a problem and something must be done with it. Thanks for reporting.

For now you can try to regenerate .const files for all architectures (i.e. just don't specify the exact one, syzkaller then will iterate over them all), this should help.

docfate111 commented 3 years ago

What steps do I need to regenerate for all architectures? I keep running into compiler errors even after installing crosscompilers for all architectures with sudo make install dependencies. Shouldn't the constant be fine for all architectures? The only variation would be the ioctl number I think right?

docfate111 commented 3 years ago

Also originally I tried generating .const files for all architectures and that resulted in many errors even after installing dependencies. Then running individually solved the issue then I ran into the "exceeds buffer length 1" error. Tldr I am not able to regenerate .const files for all architectures even with all dependencies(cross-compilers etc) installed.

a-nogikh commented 3 years ago

Regarding compiler errors - please try to pull the latest syzkaller version and run the procedure again. https://github.com/google/syzkaller/pull/2755 should've fixed those errors (unless you were interested in fuzzing kvm on non i386/amd64 architectures).

docfate111 commented 3 years ago 
scriptions] Error 2
➜  othersyz git:(master) ✗ make
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
syscall ioctl$F2FS_IOC_DECOMPRESS_FILE is unsupported on all arches (typo?)
make[1]: *** [Makefile:147: .descriptions] Error 1
make: *** [Makefile:144: descriptions] Error 2
➜  othersyz git:(master) ✗ make
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
syscall ioctl$F2FS_IOC_COMPRESS_FILE is unsupported on all arches (typo?)
make[1]: *** [Makefile:147: .descriptions] Error 1
make: *** [Makefile:144: descriptions] Error 2
➜  othersyz git:(master) ✗ make
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
syscall ioctl$F2FS_IOC_SEC_TRIM_FILE is unsupported on all arches (typo?)
make[1]: *** [Makefile:147: .descriptions] Error 1
make: *** [Makefile:144: descriptions] Error 2

I reset the branch to the merge from #2755 and then ran make other than that the changes are in this `file

a-nogikh commented 3 years ago

I followed this sequence of steps and it worked fine.

$ git clone https://github.com/google/syzkaller.git syzkaller-test
$ cd syzkaller-test/
$ emacs sys/linux/fs_ioctl_f2fs.txt
$ make bin/syz-extract
$ ./bin/syz-extract -os linux -sourcedir "~/linux-src" -build fs_ioctl_f2fs.txt
$ make
docfate111 commented 3 years ago

thanks those commands worked for me as well. However when i start the fuzzer:

$ ./bin/syz-manager --config=setup.cfg
2021/09/14 15:52:36 machine check failed: mismatching manager/fuzzer git revisions: 07e953c105af057cb474bc086f68fb7ec5b241ec+ vs 58d094047fb1e61df8402ef854bd3bfb97826d6f
2021/09/14 15:52:46 vm-0: crash: lost connection to test machine

Looking at https://github.com/google/syzkaller/issues/2410 I rerun after running make TARGETOS=linux TARGETARCH=amd64 SOURCEDIR=$KSRC and the same error is still there.

a-nogikh commented 3 years ago

Does syzkaller folder from setup.cfg point to the same syzkaller checkout as the one, from which you're invoking the syz-manager binary?

docfate111 commented 3 years ago

No I forgot about that thank you.

docfate111 commented 3 years ago

Do I need to generate a .const file or something? When I list the syscalls from the file after "enable_syscalls" I get an error about all syscalls being disabled

docfate111 commented 3 years ago

I tried this by adding 2 new syscalls and enabling them

 git clone https://github.com/google/syzkaller.git syzkaller-test
$ cd syzkaller-test/
$ emacs sys/linux/fs_ioctl_f2fs.txt
$ make bin/syz-extract
$ ./bin/syz-extract -os linux -sourcedir "~/linux-src" -build uffd.txt
$ make

when i added the syscalls to enable syscalls I get an error saying no syscalls enabled

{
        "target": "linux/amd64",
        "http": "127.0.0.1:56741",
        "workdir":"/home/t/syzkaller-test/workdir",
        "kernel_src":"/home/t/kernels/staging",
        "kernel_obj":"/home/t/kernels/staging",
        "image":"/home/t/fuzzers/image/stretch.img",
        "sshkey":"/home/t/fuzzers/image/stretch.id_rsa",
        "syzkaller": "/home/t/syzkaller-test",
        "procs": 5,
        "enable_syscalls": ["userfaultfd", "ioctl$UFFDIO_WRITEPROTECT", "ioctl$UFFDIO_CONTINUE"],
        "type": "qemu",
        "reproduce":true,
        "vm": {
                "cmdline":"console=ttyS0 root=/dev/sda earlyprintk=serial net.ifnames=0",
                "count":9,
                "kernel":"bzImage",
                "cpu":2,
                "mem":2048
        }
}

https://github.com/docfate111/syzkaller/tree/misc_syscalls

dvyukov commented 3 years ago

Please use the mailing for future questions as asked by the issue template.