search

pr0v3rbs / FirmAE

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
MIT License
642 stars 119 forks source link

rdinit cannot work in FirmAE_kernel-v4.1 #29

Closed xiaofeng-L closed 3 years ago

xiaofeng-L commented 3 years ago

When i check the qemu.final.serial.log, i found that the rdinit doesn't be executed. And the kernel used the default path (/sbin/init) to init the image. I found something, which may be related with this problem. [ 0.000000] Initrd not found or empty - disabling initrd

[ 2.091432] firmadyne: vfs_mknod[PID: 1 (swapper)]: file:ram major:1 minor:0

[ 2.092704] firmadyne: vfs_mknod[PID: 1 (swapper)]: file:root major:8 minor:1 [ 2.093032] firmadyne: do_mount[PID: 1 (swapper)]: mountpoint:/root, device:/dev/root, type:ext3 [ 2.095511] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8f485b00 [ 2.095719] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -47 [ 2.097562] firmadyne: do_mount[PID: 1 (swapper)]: mountpoint:/root, device:/dev/root, type:ext2 [ 2.099468] EXT2-fs (sda1): warning: mounting unchecked fs, running e2fsck is recommended [ 2.100492] VFS: Mounted root (ext2 filesystem) on device 8:1.

The origin log is followed. [ 0.000000] Linux version 4.1.17+ (firmae@ubuntu) (gcc version 5.3.0 (GCC) ) #28 Sat Oct 31 17:56:39 KST 2020 [ 0.000000] earlycon: Early serial console at I/O port 0x3f8 (options '38400n8') [ 0.000000] bootconsole [uart0] enabled [ 0.000000] CPU0 revision is: 00019300 (MIPS 24Kc) [ 0.000000] FPU revision is: 00739300 [ 0.000000] Software DMA cache coherency enabled [ 0.000000] Determined physical RAM map: [ 0.000000] memory: 00001000 @ 00000000 (reserved) [ 0.000000] memory: 000ef000 @ 00001000 (ROM data) [ 0.000000] memory: 00788000 @ 000f0000 (reserved) [ 0.000000] memory: 0f788000 @ 00878000 (usable) [ 0.000000] debug: ignoring loglevel setting. [ 0.000000] Wasting 69376 bytes for tracking 2168 unused pages [ 0.000000] Initrd not found or empty - disabling initrd [ 0.000000] Zone ranges: [ 0.000000] DMA [mem 0x0000000000000000-0x0000000000ffffff] [ 0.000000] Normal [mem 0x0000000001000000-0x000000000fffffff] [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x0000000000000000-0x000000000fffffff] [ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x000000000fffffff] [ 0.000000] On node 0 totalpages: 65536 [ 0.000000] free_area_init_node: node 0, pgdat 808155b0, node_mem_map 81000000 [ 0.000000] DMA zone: 32 pages used for memmap [ 0.000000] DMA zone: 0 pages reserved [ 0.000000] DMA zone: 4096 pages, LIFO batch:0 [ 0.000000] Normal zone: 480 pages used for memmap [ 0.000000] Normal zone: 61440 pages, LIFO batch:15 [ 0.000000] Primary instruction cache 2kB, VIPT, 2-way, linesize 16 bytes. [ 0.000000] Primary data cache 2kB, 2-way, VIPT, no aliases, linesize 16 bytes [ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 [ 0.000000] pcpu-alloc: [0] 0 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 65024 [ 0.000000] Kernel command line: root=/dev/sda1 console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/lxf_test_init.sh rw debug ignore_loglevel print-fatal-signals=1 FIRMAE_NETWORK=true FIRMAE_NVRAM=true FIRMAE_KERNEL=true FIRMAE_ETC=true user_debug=0 firmadyne.sysc [ 0.000000] found FIRMAE_KERNEL=t [ 0.000000] set the LD_PRELOAD=/firmadyne/libnvram_ioctl.so [ 0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes) [ 0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes) [ 0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes) [ 0.000000] Writing ErrCtl register=00000000 [ 0.000000] Readback ErrCtl register=00000000 [ 0.000000] Memory: 251180K/262144K available (5331K kernel code, 246K rwdata, 1672K rodata, 228K init, 157K bss, 10964K reserved, 0K cma-reserved) [ 0.000000] NR_IRQS:256 [ 0.000000] CPU frequency 200.00 MHz [ 0.000000] clocksource MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112618227 ns [ 0.000053] sched_clock: 32 bits at 99MHz, resolution 10ns, wraps every 21474851834ns [ 0.002072] Console: colour dummy device 80x25 [ 0.004687] Calibrating delay loop... 2045.95 BogoMIPS (lpj=4091904) [ 0.043577] pid_max: default: 32768 minimum: 301 [ 0.044050] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes) [ 0.044182] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes) [ 0.055698] clocksource jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns [ 0.058189] NET: Registered protocol family 16 [ 0.065513] clocksource pit: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1601818034827 ns [ 0.073834] vgaarb: loaded [ 0.074401] SCSI subsystem initialized [ 0.074802] libata version 3.00 loaded. [ 0.075221] usbcore: registered new interface driver usbfs [ 0.075441] usbcore: registered new interface driver hub [ 0.075602] usbcore: registered new device driver usb [ 0.075898] pps_core: LinuxPPS API ver. 1 registered [ 0.075993] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti giometti@linux.it [ 0.076243] PTP clock support registered [ 0.076767] PCI host bridge to bus 0000:00 [ 0.077019] pci_bus 0000:00: root bus resource [mem 0x10000000-0x17ffffff] [ 0.077179] pci_bus 0000:00: root bus resource [io 0x1000-0x1fffff] [ 0.077330] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0] [ 0.077479] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] [ 0.077925] pci 0000:00:00.0: [11ab:4620] type 00 class 0x060000 [ 0.078330] pci 0000:00:00.0: [Firmware Bug]: reg 0x14: invalid BAR (can't size) [ 0.078475] pci 0000:00:00.0: [Firmware Bug]: reg 0x18: invalid BAR (can't size) [ 0.078680] pci 0000:00:00.0: [Firmware Bug]: reg 0x1c: invalid BAR (can't size) [ 0.078816] pci 0000:00:00.0: [Firmware Bug]: reg 0x20: invalid BAR (can't size) [ 0.078959] pci 0000:00:00.0: [Firmware Bug]: reg 0x24: invalid BAR (can't size) [ 0.079670] pci 0000:00:0a.0: [8086:7110] type 00 class 0x060100 [ 0.080035] pci 0000:00:0a.1: [8086:7111] type 00 class 0x010180 [ 0.080236] pci 0000:00:0a.1: reg 0x20: [io 0x0000-0x000f] [ 0.080368] pci 0000:00:0a.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7] [ 0.080505] pci 0000:00:0a.1: legacy IDE quirk: reg 0x14: [io 0x03f6] [ 0.080634] pci 0000:00:0a.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177] [ 0.080768] pci 0000:00:0a.1: legacy IDE quirk: reg 0x1c: [io 0x0376] [ 0.081034] pci 0000:00:0a.2: [8086:7112] type 00 class 0x0c0300 [ 0.081173] pci 0000:00:0a.2: reg 0x20: [io 0x0000-0x001f] [ 0.081391] pci 0000:00:0a.3: [8086:7113] type 00 class 0x068000 [ 0.081815] pci 0000:00:0a.3: quirk: [io 0x1000-0x103f] claimed by PIIX4 ACPI [ 0.081969] pci 0000:00:0a.3: quirk: [io 0x1100-0x110f] claimed by PIIX4 SMB [ 0.082273] pci 0000:00:12.0: [1013:00b8] type 00 class 0x030000 [ 0.082406] pci 0000:00:12.0: reg 0x10: [mem 0x00000000-0x01ffffff pref] [ 0.082533] pci 0000:00:12.0: reg 0x14: [mem 0x00000000-0x00000fff] [ 0.082729] pci 0000:00:12.0: reg 0x30: [mem 0x00000000-0x0000ffff pref] [ 0.083017] vgaarb: device added: PCI:0000:00:12.0,decodes=io+mem,owns=none,locks=none [ 0.083271] pci 0000:00:13.0: [8086:100e] type 00 class 0x020000 [ 0.083397] pci 0000:00:13.0: reg 0x10: [mem 0x00000000-0x0001ffff] [ 0.083517] pci 0000:00:13.0: reg 0x14: [io 0x0000-0x003f] [ 0.083627] pci 0000:00:13.0: reg 0x30: [mem 0x00000000-0x0003ffff pref] [ 0.083853] pci 0000:00:14.0: [8086:100e] type 00 class 0x020000 [ 0.083974] pci 0000:00:14.0: reg 0x10: [mem 0x00000000-0x0001ffff] [ 0.084092] pci 0000:00:14.0: reg 0x14: [io 0x0000-0x003f] [ 0.084219] pci 0000:00:14.0: reg 0x30: [mem 0x00000000-0x0003ffff pref] [ 0.084451] pci 0000:00:15.0: [8086:100e] type 00 class 0x020000 [ 0.084570] pci 0000:00:15.0: reg 0x10: [mem 0x00000000-0x0001ffff] [ 0.084689] pci 0000:00:15.0: reg 0x14: [io 0x0000-0x003f] [ 0.084800] pci 0000:00:15.0: reg 0x30: [mem 0x00000000-0x0003ffff pref] [ 0.085023] pci 0000:00:16.0: [8086:100e] type 00 class 0x020000 [ 0.085153] pci 0000:00:16.0: reg 0x10: [mem 0x00000000-0x0001ffff] [ 0.085275] pci 0000:00:16.0: reg 0x14: [io 0x0000-0x003f] [ 0.085387] pci 0000:00:16.0: reg 0x30: [mem 0x00000000-0x0003ffff pref] [ 0.085690] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 [ 0.086268] pci 0000:00:12.0: BAR 0: assigned [mem 0x10000000-0x11ffffff pref] [ 0.086484] pci 0000:00:13.0: BAR 6: assigned [mem 0x12000000-0x1203ffff pref] [ 0.086647] pci 0000:00:14.0: BAR 6: assigned [mem 0x12040000-0x1207ffff pref] [ 0.086854] pci 0000:00:15.0: BAR 6: assigned [mem 0x12080000-0x120bffff pref] [ 0.087058] pci 0000:00:16.0: BAR 6: assigned [mem 0x120c0000-0x120fffff pref] [ 0.087206] pci 0000:00:13.0: BAR 0: assigned [mem 0x12100000-0x1211ffff] [ 0.087381] pci 0000:00:14.0: BAR 0: assigned [mem 0x12120000-0x1213ffff] [ 0.087521] pci 0000:00:15.0: BAR 0: assigned [mem 0x12140000-0x1215ffff] [ 0.087651] pci 0000:00:16.0: BAR 0: assigned [mem 0x12160000-0x1217ffff] [ 0.087779] pci 0000:00:12.0: BAR 6: assigned [mem 0x12180000-0x1218ffff pref] [ 0.087911] pci 0000:00:12.0: BAR 1: assigned [mem 0x12190000-0x12190fff] [ 0.088055] pci 0000:00:13.0: BAR 1: assigned [io 0x1040-0x107f] [ 0.088210] pci 0000:00:14.0: BAR 1: assigned [io 0x1080-0x10bf] [ 0.088340] pci 0000:00:15.0: BAR 1: assigned [io 0x10c0-0x10ff] [ 0.088459] pci 0000:00:16.0: BAR 1: assigned [io 0x1400-0x143f] [ 0.088574] pci 0000:00:0a.2: BAR 4: assigned [io 0x1440-0x145f] [ 0.088688] pci 0000:00:0a.1: BAR 4: assigned [io 0x1460-0x146f] [ 0.092513] cfg80211: Calling CRDA to update world regulatory domain [ 0.093461] Switched to clocksource MIPS [ 0.099765] NET: Registered protocol family 2 [ 0.101697] TCP established hash table entries: 2048 (order: 1, 8192 bytes) [ 0.102037] TCP bind hash table entries: 2048 (order: 1, 8192 bytes) [ 0.102223] TCP: Hash tables configured (established 2048 bind 2048) [ 0.102487] UDP hash table entries: 256 (order: 0, 4096 bytes) [ 0.102647] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes) [ 0.103264] NET: Registered protocol family 1 [ 0.103636] PCI: Enabling device 0000:00:0a.2 (0000 -> 0001) [ 0.104206] PCI: CLS 0 bytes, default 16 [ 0.108546] futex hash table entries: 256 (order: -1, 3072 bytes) [ 0.110911] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.111190] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. [ 0.111528] romfs: ROMFS MTD (C) 2007 Red Hat, Inc. [ 0.115156] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251) [ 0.115352] io scheduler noop registered [ 0.115491] io scheduler cfq registered (default) [ 0.115647] firmadyne: devfs: 1, execute: 1, procfs: 1, syscall: 255 [ 0.116129] firmadyne: Cannot register character device: gpio, 0xfc, 0x0! [ 0.116727] firmadyne: Cannot register character device: watchdog, 0xa, 0x82! [ 0.116869] firmadyne: Cannot register character device: wdt, 0xfd, 0x0! [ 0.156180] PCI: Enabling device 0000:00:12.0 (0000 -> 0002) [ 0.156792] cirrusfb 0000:00:12.0: Cirrus Logic chipset on PCI bus, RAM (4096 kB) at 0x10000000 [ 0.420931] Console: switching to colour frame buffer device 80x30 [ 0.434710] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled [ 0.436165] console [ttyS0] disabled [ 0.461458] serial8250.0: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 0.462079] console [ttyS0] enabled [ 0.462079] console [ttyS0] enabled [ 0.462294] bootconsole [uart0] disabled [ 0.462294] bootconsole [uart0] disabled [ 0.487200] serial8250.0: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A [ 0.512399] serial8250.0: ttyS2 at MMIO 0x1f000900 (irq = 20, base_baud = 230400) is a 16550A [ 0.521444] brd: module loaded [ 0.525227] loop: module loaded [ 0.525767] ata_piix 0000:00:0a.1: version 2.13 [ 0.526122] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001) [ 0.529259] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8fe99580 [ 0.529723] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -35 [ 0.529934] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8fe99400 [ 0.530121] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -36 [ 0.530377] scsi host0: ata_piix [ 0.530965] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8fe9cb80 [ 0.531162] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -37 [ 0.531320] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8fe9ca00 [ 0.531508] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -38 [ 0.531635] scsi host1: ata_piix [ 0.531929] ata1: PATA max UDMA/33 cmd 0x1f0 ctl 0x3f6 bmdma 0x1460 irq 14 [ 0.532081] ata2: PATA max UDMA/33 cmd 0x170 ctl 0x376 bmdma 0x1468 irq 15 [ 0.533262] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0 [ 0.533468] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0 [ 0.533732] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0 [ 0.533907] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0 [ 0.534080] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0 [ 0.534267] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0 [ 0.534557] nand: device found, Manufacturer ID: 0x98, Chip ID: 0x39 [ 0.534688] nand: Toshiba NAND 128MiB 1,8V 8-bit [ 0.534791] nand: 128 MiB, SLC, erase size: 16 KiB, page size: 512, OOB size: 16 [ 0.535262] flash size: 128 MiB [ 0.535335] page size: 512 bytes [ 0.535401] OOB area size: 16 bytes [ 0.535472] sector size: 16 KiB [ 0.535536] pages number: 262144 [ 0.535601] pages per sector: 32 [ 0.535665] bus width: 8 [ 0.535718] bits in sector size: 14 [ 0.535788] bits in page size: 9 [ 0.535858] bits in OOB size: 4 [ 0.535924] flash size with OOB: 135168 KiB [ 0.536007] page address bytes: 4 [ 0.536091] sector address bytes: 3 [ 0.536182] options: 0x42 [ 0.537663] Scanning device for bad blocks [ 0.591211] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8feaca80 [ 0.591429] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -39 [ 0.593232] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8feac980 [ 0.593468] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -40 [ 0.593737] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8feac880 [ 0.593931] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -41 [ 0.594088] firmadyne: do_fork[PID: 40 (kworker/u2:2)]: clone_flags:0x800712, stack_size:0x8feacc00 [ 0.594288] firmadyne: do_fork_ret[PID: 40 (kworker/u2:2)] = -42 [ 0.594449] firmadyne: do_fork[PID: 42 (kworker/u2:2)]: clone_flags:0x800112, stack_size:0x8feacc00 [ 0.594677] firmadyne: do_fork_ret[PID: 42 (kworker/u2:2)] = -43 [ 0.595175] firmadyne: do_execve[PID: 43 (kworker/u2:2)]: argv: /sbin/modprobe -q -- ofpart, envp: HOME=/ TERM=linux PATH=/sbin:/usr/sbin:/bin:/usr/bin

[ANALYZE] [PID: 43 (kworker/u2:2)]: /sbin/modprobe -q -- ofpart envp: HOME=/ TERM=linux PATH=/sbin:/usr/sbin:/bin:/usr/bin

[ 0.597024] Creating 11 MTD partitions on "NAND 128MiB 1,8V 8-bit": [ 0.597262] 0x000000000000-0x000000100000 : "NAND simulator partition 0" [ 0.598779] 0x000000100000-0x000000200000 : "NAND simulator partition 1" [ 0.599388] 0x000000200000-0x000000300000 : "NAND simulator partition 2" [ 0.599948] 0x000000300000-0x000000400000 : "NAND simulator partition 3" [ 0.600527] 0x000000400000-0x000000500000 : "NAND simulator partition 4" [ 0.601091] 0x000000500000-0x000000600000 : "NAND simulator partition 5" [ 0.601659] 0x000000600000-0x000000700000 : "NAND simulator partition 6" [ 0.602380] 0x000000700000-0x000000800000 : "NAND simulator partition 7" [ 0.602946] 0x000000800000-0x000000900000 : "NAND simulator partition 8" [ 0.603541] 0x000000900000-0x000000a00000 : "NAND simulator partition 9" [ 0.604140] 0x000000a00000-0x000008000000 : "NAND simulator partition 10" [ 0.606272] tun: Universal TUN/TAP device driver, 1.6 [ 0.606383] tun: (C) 1999-2004 Max Krasnyansky maxk@qualcomm.com [ 0.606733] pcnet32: pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de [ 0.606947] e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI [ 0.607103] e1000: Copyright (c) 1999-2006 Intel Corporation. [ 0.607295] PCI: Enabling device 0000:00:13.0 (0000 -> 0003) [ 0.944250] ata2.01: NODEV after polling detection [ 0.945075] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100 [ 0.945739] ata1.01: NODEV after polling detection [ 0.946153] ata1.00: ATA-7: QEMU HARDDISK, 2.5+, max UDMA/100 [ 0.946283] ata1.00: 2097152 sectors, multi 16: LBA48 [ 0.946786] ata2.00: configured for UDMA/33 [ 0.947432] ata1.00: configured for UDMA/33 [ 0.951043] scsi 0:0:0:0: Direct-Access ATA QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5 [ 0.953600] sd 0:0:0:0: [sda] 2097152 512-byte logical blocks: (1.07 GB/1.00 GiB) [ 0.954734] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5 [ 0.955974] sd 0:0:0:0: [sda] Write Protect is off [ 0.956097] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 0.957060] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 0.959177] sda: sda1 [ 0.960791] sd 0:0:0:0: [sda] Attached SCSI disk [ 0.981404] e1000 0000:00:13.0 eth0: (PCI:33MHz:32-bit) 52:54:00:12:34:56 [ 0.981747] e1000 0000:00:13.0 eth0: Intel(R) PRO/1000 Network Connection [ 0.981929] PCI: Enabling device 0000:00:14.0 (0000 -> 0003) [ 1.348610] e1000 0000:00:14.0 eth1: (PCI:33MHz:32-bit) 52:54:00:12:34:57 [ 1.349062] e1000 0000:00:14.0 eth1: Intel(R) PRO/1000 Network Connection [ 1.349338] PCI: Enabling device 0000:00:15.0 (0000 -> 0003) [ 1.717923] e1000 0000:00:15.0 eth2: (PCI:33MHz:32-bit) 52:54:00:12:34:58 [ 1.718335] e1000 0000:00:15.0 eth2: Intel(R) PRO/1000 Network Connection [ 1.718609] PCI: Enabling device 0000:00:16.0 (0000 -> 0003) [ 2.061263] e1000 0000:00:16.0 eth3: (PCI:33MHz:32-bit) 52:54:00:12:34:59 [ 2.061454] e1000 0000:00:16.0 eth3: Intel(R) PRO/1000 Network Connection [ 2.061723] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k [ 2.061839] e1000e: Copyright(c) 1999 - 2014 Intel Corporation. [ 2.062169] PPP generic driver version 2.4.2 [ 2.062518] PPP Deflate Compression module registered [ 2.062772] PPP MPPE Compression module registered [ 2.062882] NET: Registered protocol family 24 [ 2.063046] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 2.063197] ehci-pci: EHCI PCI platform driver [ 2.063401] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 2.063540] ohci-pci: OHCI PCI platform driver [ 2.063713] uhci_hcd: USB Universal Host Controller Interface driver [ 2.064585] uhci_hcd 0000:00:0a.2: UHCI Host Controller [ 2.064844] uhci_hcd 0000:00:0a.2: new USB bus registered, assigned bus number 1 [ 2.065249] uhci_hcd 0000:00:0a.2: irq 11, io base 0x00001440 [ 2.068330] hub 1-0:1.0: USB hub found [ 2.068589] hub 1-0:1.0: 2 ports detected [ 2.070355] usbcore: registered new interface driver usb-storage [ 2.070830] mousedev: PS/2 mouse device common for all mice [ 2.071168] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8f432b00 [ 2.071392] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -44 [ 2.072320] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0 [ 2.072565] rtc_cmos rtc_cmos: alarms up to one day, 242 bytes nvram [ 2.072790] i2c /dev entries driver [ 2.072988] piix4_smbus 0000:00:0a.3: SMBus Host Controller at 0x1100, revision 0 [ 2.073597] sdhci: Secure Digital Host Controller Interface driver [ 2.073741] sdhci: Copyright(c) Pierre Ossman [ 2.073967] hidraw: raw HID events driver (C) Jiri Kosina [ 2.075046] usbcore: registered new interface driver usbhid [ 2.075164] usbhid: USB HID core driver [ 2.075397] Netfilter messages via NETLINK v0.30. [ 2.075706] nf_conntrack version 0.5.0 (3924 buckets, 15696 max) [ 2.076342] ctnetlink v0.93: registering with nfnetlink. [ 2.076876] ipip: IPv4 over IPv4 tunneling driver [ 2.078639] ip_tables: (C) 2000-2006 Netfilter Core Team [ 2.079431] arp_tables: (C) 2002 David S. Miller [ 2.080008] Initializing XFRM netlink socket [ 2.080248] NET: Registered protocol family 10 [ 2.081540] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8f45ab80 [ 2.081733] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -45 [ 2.083207] ip6_tables: (C) 2000-2006 Netfilter Core Team [ 2.083954] sit: IPv6 over IPv4 tunneling driver [ 2.085437] NET: Registered protocol family 17 [ 2.085776] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this. [ 2.086083] Bridge firewalling registered [ 2.086182] Ebtables v2.0 registered [ 2.086762] 8021q: 802.1Q VLAN Support v1.8 [ 2.088000] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x80a10580 [ 2.088210] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -46 [ 2.088709] rtc_cmos rtc_cmos: setting system clock to 2021-07-22 03:54:47 UTC (1626926087)

[ 2.091432] firmadyne: vfs_mknod[PID: 1 (swapper)]: file:ram major:1 minor:0

[ 2.092704] firmadyne: vfs_mknod[PID: 1 (swapper)]: file:root major:8 minor:1 [ 2.093032] firmadyne: do_mount[PID: 1 (swapper)]: mountpoint:/root, device:/dev/root, type:ext3 [ 2.095511] firmadyne: do_fork[PID: 2 (kthreadd)]: clone_flags:0x800712, stack_size:0x8f485b00 [ 2.095719] firmadyne: do_fork_ret[PID: 2 (kthreadd)] = -47 [ 2.097562] firmadyne: do_mount[PID: 1 (swapper)]: mountpoint:/root, device:/dev/root, type:ext2 [ 2.099468] EXT2-fs (sda1): warning: mounting unchecked fs, running e2fsck is recommended [ 2.100492] VFS: Mounted root (ext2 filesystem) on device 8:1. [ 2.100687] firmadyne: do_mount[PID: 1 (swapper)]: mountpoint:/, device:., type:(null) [ 2.101419] Freeing YAMON memory: 956k freed [ 2.109002] Freeing unused kernel memory: 228K (80817000 - 80850000) [ 2.109181] firmadyne: do_execve[PID: 1 (swapper)]: argv: /sbin/init, envp: HOME=/ TERM=linux LD_PRELOAD=/firmadyne/libnvram_ioctl.so FIRMAE_NETWORK=true FIRMAE_NVRAM=true FIRMAE_KERNEL=true FIRMAE_ETC=true user_debug=0

envp: HOME=/ TERM=linux LD_PRELOAD=/firmadyne/libnvram_ioctl.so FIRMAE_NETWORK=true FIRMAE_NVRAM=true FIRMAE_KERNEL=true FIRMAE_ETC=true user_debug=0

[ 2.113744] spurious 8259A interrupt: IRQ7. [ 2.117034] firmadyne: mmap_region[PID: 1 (init)]: addr:0x400000 -> 0x46c000, file:busybox [ 2.119160] firmadyne: mmap_region[PID: 1 (init)]: addr:0x7731b000 -> 0x77332000, file:ld-uClibc-0.9.33.2.so

[ 2.123927] firmadyne: mmap_region[PID: 1 (init)]: addr:0x77303000 -> 0x7730b000, file:libnvram_ioctl.so

[ 2.126148] firmadyne: mmap_region[PID: 1 (init)]: addr:0x772dc000 -> 0x772e2000, file:libcrypt-0.9.33.2.so

[ 2.127392] firmadyne: mmap_region[PID: 1 (init)]: addr:0x772b7000 -> 0x772cc000, file:libm-0.9.33.2.so

[ 2.129229] firmadyne: mmap_region[PID: 1 (init)]: addr:0x77200000 -> 0x7729f000, file:libuClibc-0.9.33.2.so

[ 2.134806] firmadyne: vfs_ioctl[PID: 1 (init)]: cmd:0x0 arg:0x540d [ 2.135267] firmadyne: vfs_ioctl[PID: 1 (init)]: cmd:0x1 arg:0x540d [ 2.136973] firmadyne: do_fork[PID: 1 (init)]: clone_flags:0x4112, stack_size:0x0 [ 2.137329] firmadyne: sys_reboot[PID: 48 (init)]: magic1:fee1dead, magic2:28121969, cmd:0

[ 2.137809] firmadyne: do_fork_ret[PID: 1 (init)] = -48

[ 2.139181] firmadyne: vfs_ioctl[PID: 1 (init)]: cmd:0x0 arg:0x5484 [ 2.139572] firmadyne: vfs_ioctl[PID: 1 (init)]: cmd:0x0 arg:0x540d [ 2.139752] firmadyne: vfs_ioctl[PID: 1 (init)]: cmd:0x0 arg:0x540e [ 2.140119] firmadyne: vfs_ioctl[PID: 1 (init)]: cmd:0x0 arg:0x540d

init started: BusyBox v1.12.1 (2018-02-03 16:38:35 CST)

[ 2.143085] firmadyne: vfs_ioctl[PID: 1 (init)]: cmd:0x3 arg:0x540d

[ 2.145034] firmadyne: do_fork[PID: 1 (init)]: clone_flags:0x4112, stack_size:0x0 [ 2.145354] firmadyne: vfs_ioctl[PID: 49 (init)]: cmd:0x0 arg:0x540d [ 2.145494] firmadyne: vfs_ioctl[PID: 49 (init)]: cmd:0x0 arg:0x540e [ 2.145653] firmadyne: vfs_ioctl[PID: 49 (init)]: cmd:0x0 arg:0x540d

starting pid 49, tty '': '/etc_ro/rcS' [ 2.146298] firmadyne: do_execve[PID: 49 (init)]: argv: /etc_ro/rcS, envp: HOME=/ TERM=vt102 LD_PRELOAD=/firmadyne/libnvram_ioctl.so FIRMAE_NETWORK=true FIRMAE_NVRAM=true FIRMAE_KERNEL=true FIRMAE_ETC=true user_debug=0 PATH=/sbin:/usr/sbin:/bin:/usr/bin SHELL=/bin/sh USER=root

envp: HOME=/ TERM=vt102 LD_PRELOAD=/firmadyne/libnvram_ioctl.so FIRMAE_NETWORK=true FIRMAE_NVRAM=true FIRMAE_KERNEL=true FIRMAE_ETC=true user_debug=0 PATH=/sbin:/usr/sbin:/bin:/usr/bin SHELL=/bin/sh USER=root

xiaofeng-L commented 3 years ago

This image is DIR-878 (mipsel)

pr0v3rbs commented 3 years ago

It seems the 4.1 kernel does not comport well with the rdinit, I suggest that use the init.

I tested on the DIR-878, and init parameter works correctly.