tools/create-image.sh: image does not boot in qemu

[ZHYfeng]

It is in 10.01.2018. Commits version is 8899d58437b396487d20e584c6f9aefd346eb130. When I use syzkaller/tools/create-image.sh to create a minimal Debian-stretch Linux image, the img cannot boot normally in qemu, which can be normal with old script.

[dvyukov]

Please provide reproduction instructions and qemu output.

[dvyukov]

@kees for stretch create-image.sh problem

[ZHYfeng]

instructions:

qemu-system-x86_64 \
  -kernel $KERNEL/arch/x86/boot/bzImage \
  -append "console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=QUZ"\
  -hda $IMAGE/stretch.img \
  -net user,hostfwd=tcp::10021-:22 -net nic \
  -enable-kvm \
  -nographic \
  -m 2G \
  -smp 2 \
  -pidfile vm.pid \
  2>&1 | tee vm.log

qemu output:

...
[FAILED] Failed to mount /sys/kernel/config.
[    5.904678] systemd-journald[1147]: Reserving 19200 entries in hash table.
[    5.907241] EXT4-fs (sda): re-mounted. Opts: (null)
See 'systemctl status sys-kernel-config.mount' for details.
[DEPEND] Dependency failed for Local File Systems.
[DEPEND] Dependency failed for Mark the need to relabel after reboot.
[    5.918939] systemd-journald[1147]: Vacuuming...
[    5.921744] systemd-journald[1147]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c3b20792cc02400ab79ffbc83da64400.
[    5.926555] systemd-journald[1147]: Flushing /dev/kmsg...
[  OK  ] Started Load Kernel Modules.
[FAILED] Failed to start Remount Root and Kernel File Systems.
See 'systemctl status systemd-remount-fs.service' for details.
...
You are in emergency mode. After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.
Press Enter for maintenance
(or press Control-D to continue): 
...

old script:

 #!/bin/bash
 # Copyright 2016 syzkaller project authors. All rights reserved.
 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 # create-image.sh creates a minimal Debian-wheezy Linux image suitable for syzkaller.
 set -eux
 # Create a minimal Debian-wheezy distributive as a directory.
 sudo rm -rf wheezy
 mkdir -p wheezy
 sudo debootstrap --include=openssh-server,curl,tar,gcc,libc6-dev,time,strace,sudo,less,psmisc wheezy wheezy
 # Set some defaults and enable promtless ssh to the machine for root.
 sudo sed -i '/^root/ { s/:x:/::/ }' wheezy/etc/passwd
 echo 'T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100' | sudo tee -a wheezy/etc/inittab
 printf '\nauto eth0\niface eth0 inet dhcp\n' | sudo tee -a wheezy/etc/network/interfaces
 echo 'debugfs /sys/kernel/debug debugfs defaults 0 0' | sudo tee -a wheezy/etc/fstab
 echo "kernel.printk = 7 4 1 3" | sudo tee -a wheezy/etc/sysctl.conf
 echo 'debug.exception-trace = 0' | sudo tee -a wheezy/etc/sysctl.conf
 echo "net.core.bpf_jit_enable = 1" | sudo tee -a wheezy/etc/sysctl.conf
 echo "net.core.bpf_jit_harden = 2" | sudo tee -a wheezy/etc/sysctl.conf
 echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a wheezy/etc/sysctl.conf
 echo -en "127.0.0.1\tlocalhost\n" | sudo tee wheezy/etc/hosts
 echo "nameserver 8.8.8.8" | sudo tee -a wheezy/etc/resolve.conf
 echo "syzkaller" | sudo tee wheezy/etc/hostname
 sudo mkdir -p wheezy/root/.ssh/
 rm -rf ssh
 mkdir -p ssh
 ssh-keygen -f ssh/id_rsa -t rsa -N ''
 cat ssh/id_rsa.pub | sudo tee wheezy/root/.ssh/authorized_keys
 # Build a disk image
 dd if=/dev/zero of=wheezy.img bs=1M seek=2047 count=1
 sudo mkfs.ext4 -F wheezy.img
 sudo mkdir -p /mnt/wheezy
 sudo mount -o loop wheezy.img /mnt/wheezy
 sudo cp -a wheezy/. /mnt/wheezy/.
 sudo umount /mnt/wheezy

[cakarlen]

I am also receiving the same error as stated above

[butterflyhack]

@kees for stretch create-image.sh problem

I use the create-image.sh, but qemu can not run. the output of log.

---

[FAILED] Failed to mount /proc/sys/fs/binfmt_misc. See 'systemctl status proc-sys-fs-binfmt_misc.mount' for details. [DEPEND] Dependency failed for Local File Systems. [DEPEND] Dependency failed for Mark the need to relabel after reboot. [ OK ] Started Load/Save Random Seed. [ OK ] Started Apply Kernel Variables. Starting Raise network interfaces... [ OK ] Closed Syslog Socket. [ OK ] Reached target Login Prompts. [ OK ] Started Emergency Shell. [ OK ] Reached target Emergency Mode. [ OK ] Reached target Timers. [ OK ] Reached target Local File Systems (Pre). Starting udev Kernel Device Manager... Starting Flush Journal to Persistent Storage... [ OK ] Started udev Kernel Device Manager. [ OK ] Started Flush Journal to Persistent Storage. Starting Create Volatile Files and Directories... [ OK ] Started Create Volatile Files and Directories. Starting Update UTMP about System Boot/Shutdown... Starting Network Time Synchronization... [ OK ] Started udev Coldplug all Devices. [ OK ] Started Update UTMP about System Boot/Shutdown. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Network Time Synchronization. [ OK ] Reached target System Time Synchronized. [ OK ] Found device /dev/ttyS0. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ 7.614197] random: crng init done [ 7.614631] random: 7 urandom warning(s) missed due to ratelimiting [FAILED] Failed to start Raise network interfaces. See 'systemctl status networking.service' for details. [ OK ] Reached target Network. You are in emergency mode. After logging in, type "journalctl -xPress Enter for maintenance (or press Control-D to continue):

please give me some help. thank you.

[dvyukov]

I've just tested the script on Debian rolling, and it worked perfectly:

Welcome to Debian GNU/Linux 9 (stretch)!

[    5.691744] systemd[1]: Set hostname to <syzkaller>.
[    5.745057] systemd-system- (2227) used greatest stack depth: 20128 bytes left
[    5.748470] systemd-debug-g (2229) used greatest stack depth: 19320 bytes left
[    5.749925] systemd-rc-loca (2226) used greatest stack depth: 18912 bytes left
[    5.768110] systemd-gpt-aut (2233) used greatest stack depth: 17040 bytes left
[    5.785552] systemd-sysv-ge (2234) used greatest stack depth: 16256 bytes left
[    5.918098] systemd[1]: Listening on Journal Socket.
[  OK  ] Listening on Journal Socket.
[    5.921536] systemd[1]: Reached target Remote File Systems.
[  OK  ] Reached target Remote File Systems.
[    5.924612] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[    5.928197] systemd[1]: Listening on udev Control Socket.
[  OK  ] Listening on udev Control Socket.
[    5.931172] systemd[1]: Listening on Journal Audit Socket.
[  OK  ] Listening on Journal Audit Socket.
[    5.933815] systemd[1]: Listening on Syslog Socket.
[  OK  ] Listening on Syslog Socket.
[  OK  ] Created slice System Slice.
         Mounting Huge Pages File System...
         Mounting /sys/kernel/debug...
[  OK  ] Created slice system-getty.slice.
         Mounting /sys/kernel/config...
[  OK  ] Listening on Journal Socket (/dev/log).
         Starting Journal Service...
         Starting Remount Root and Kernel File Systems...
         Starting Load Kernel Modules...
[  OK  ] Reached target Swap.
[  OK  ] Set up automount Arbitrary Executab…rmats File System Automount Point.
         Mounting /proc/sys/fs/binfmt_misc...
[  OK  ] Listening on udev Kernel Socket.
         Mounting POSIX Message Queue File System...
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Slices.
[    6.020737] EXT4-fs (sda): re-mounted. Opts: (null)
         Starting Create Static Device Nodes in /dev...
[  OK  ] Created slice system-serial\x2dgetty.slice.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Reached target Encrypted Volumes.
[  OK  ] Reached target Paths.
[  OK  ] Mounted Huge Pages File System.
[  OK  ] Mounted /sys/kernel/debug.
[  OK  ] Mounted /sys/kernel/config.
[  OK  ] Mounted /proc/sys/fs/binfmt_misc.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Started Remount Root and Kernel File Systems.
[  OK  ] Started Load Kernel Modules.
         Starting Apply Kernel Variables...
         Mounting FUSE Control File System...
         Starting Load/Save Random Seed...
         Starting udev Coldplug all Devices...
[  OK  ] Mounted FUSE Control File System.
[  OK  ] Started Create Static Device Nodes in /dev.
[  OK  ] Started Apply Kernel Variables.
         Starting udev Kernel Device Manager...
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Reached target Local File Systems.
         Starting Raise network interfaces...
         Starting Mark the need to relabel after reboot...
[  OK  ] Started Load/Save Random Seed.
[  OK  ] Started Mark the need to relabel after reboot.
[  OK  ] Started udev Kernel Device Manager.
[  OK  ] Started Journal Service.
         Starting Flush Journal to Persistent Storage...
[    6.675198] systemd-journald[2243]: Received request to flush runtime journal from PID 1
[    6.677900] random: crng init done
[    6.678758] random: 7 urandom warning(s) missed due to ratelimiting
[  OK  ] Started Flush Journal to Persistent Storage.
         Starting Create Volatile Files and Directories...
[    6.709278] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[    6.709508] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[    6.712047] 8021q: adding VLAN 0 to HW filter on device eth0
[    6.714599] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[  OK  ] Started Create Volatile Files and Directories.
         Starting Update UTMP about System Boot/Shutdown...
         Starting Network Time Synchronization...
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[    6.851805] dhclient (2758) used greatest stack depth: 16224 bytes left
[  OK  ] Started Network Time Synchronization.
[  OK  ] Reached target System Time Synchronized.
[  OK  ] Started Raise network interfaces.
[  OK  ] Reached target Network.
[  OK  ] Reached target Sound Card.
[  OK  ] Started udev Coldplug all Devices.
[  OK  ] Reached target System Initialization.
[  OK  ] Reached target Basic System.
         Starting Permit User Sessions...
[  OK  ] Started Regular background program processing daemon.
[  OK  ] Started Daily Cleanup of Temporary Directories.
         Starting OpenBSD Secure Shell server...
[  OK  ] Started Daily apt download activities.
         Starting getty on tty2-tty6 if dbus and logind are not available...
[  OK  ] Started Daily apt upgrade and clean activities.
[  OK  ] Reached target Timers.
         Starting System Logging Service...
[  OK  ] Started Permit User Sessions.
[  OK  ] Found device /dev/ttyS0.
[  OK  ] Started Getty on tty3.
[  OK  ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[  OK  ] Started Getty on tty2.
[  OK  ] Started Serial Getty on ttyS0.
[  OK  ] Started Getty on tty1.
[  OK  ] Started System Logging Service.
         Starting Load/Save RF Kill Switch Status...
[  OK  ] Started Getty on tty4.
[  OK  ] Started Getty on tty5.
[  OK  ] Started Getty on tty6.
[  OK  ] Started getty on tty2-tty6 if dbus and logind are not available.
[  OK  ] Started OpenBSD Secure Shell server.
[  OK  ] Reached target Login Prompts.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: 

I used the following qemu command line:

qemu-system-x86_64 -hda stretch.img -snapshot -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic -nographic -kernel arch/x86/boot/bzImage -append "kvm-intel.nested=1 kvm-intel.unrestricted_guest=1 kvm-intel.ept=1 kvm-intel.flexpriority=1 kvm-intel.vpid=1 kvm-intel.emulate_invalid_guest_state=1 kvm-intel.eptad=1 kvm-intel.enable_shadow_vmcs=1 kvm-intel.pml=1 kvm-intel.enable_apicv=1 console=ttyS0 root=/dev/sda earlyprintk=serial slub_debug=UZ vsyscall=native rodata=n oops=panic panic_on_warn=1 panic=86400 ima_policy=tcb" -enable-kvm -pidfile vm_pid -m 2G -smp 4 -cpu host

Perhaps you need some additional kernel config. Try this config: https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-kasan.config And if it works, bisect from it to find the missing options in your config.

[balbassam]

I had the same issue. After bisecting from the config I found that there are two config options which are needed:

CONFIG_CONFIGFS_FS=y
CONFIG_SECURITYFS=y

I created a pull request to reflect that in the docs #776

[mogrein]

I had the same issue. Commenting out configfs and securityfs lines from /etc/fstab worked for me as well.

[tscosine]

Not the problem about kernel config, since I use the default defconfig and kvm config, then make -j8 but cannot boot as well.

The real cause of boot error is the missing of two config in kernel .config file: CONFIG_CONFIGFS_FS=y CONFIG_SECURITYFS=y

Thanks @balbassam

[dvyukov]

Mentioned this in the docs: https://github.com/google/syzkaller/commit/8eb18c0bbcc63fd1fed11acb265edd5d0de79964#diff-b38a9d5dd9039210ad54e42eea14fef7

[zhanggenex]

use latest gcc and linux kernel will handle this problem my configuration: gcc 8.4, linux-4.20.13

[minhbq-99]

I had the same issue even after adding CONFIG_CONFIGFS_FS=y CONFIG_SECURITYFS=y. I use gcc-6 to build Linux-4.6.1

[minhbq-99]

I added CONFIG_E1000=y and it worked

[johnjago]

I made a mistake that resulted in this error. Following the guide for the x86-64 kernel, I added these to the top of .config after generating the default config:

CONFIG_KCOV=y
CONFIG_DEBUG_INFO=y
CONFIG_KASAN=y
CONFIG_KASAN_INLINE=y
CONFIG_CONFIGFS_FS=y
CONFIG_SECURITYFS=y

When I ran make CC="$GCC/bin/gcc" oldconfig, these warnings appeared:

.config:3977:warning: override: reassigning to symbol CONFIGFS_FS
.config:4095:warning: override: reassigning to symbol SECURITYFS
.config:4459:warning: override: reassigning to symbol DEBUG_INFO
.config:4501:warning: override: reassigning to symbol KASAN
.config:4507:warning: override: reassigning to symbol KCOV

It turns out that I had to remove lines like # CONFIG_KCOV is not set for each of the added settings. I don't see why these comments should override my definitions at the top, but it resulted in me getting the error described in this issue because I was actually compiling the kernel without the necessary configs.

[bird8693]

:warning: override: reassigning

How did you resovle it?

[droogie]

Mine was failing due to specifically /proc/sys/fs/binfmt_misc as well...

[FAILED] Failed to mount /proc/sys/fs/binfmt_misc. See 'systemctl status proc-sys-fs-binfmt_misc.mount' for details. [DEPEND] Dependency failed for Local File Systems. [DEPEND] Dependency failed for Mark the need to relabel after reboot.

I solved this by ensuring that the following was enabled in my kernel config CONFIG_BINFMT_MISC=y

[Sunxingzhezhexingsun]

CONFIG_BINFMT_MISC=y

Thanks! Your solution solved my problem, too !!! My environment: GCC-9.3.0 linux-4.19.204 I met the error "Failed to mount /proc/sys/fs/binfmt_misc" while QEMU boot the kernel. And this problem solved after setting CONFIG_BINFMT_MISC=y in kernel .config