syzkaller on risc-v
Dmitry Vyukov
dvyukov at google.com
Wed Jul 1 06:03:44 EDT 2020
On Tue, Jun 30, 2020 at 5:10 PM Tobias Klauser <tklauser at distanz.ch> wrote:
>
> On 2020-06-30 at 14:48:31 +0200, Dmitry Vyukov <dvyukov at google.com> wrote:
> [...]
> > 6. I observed lots of what looks like user-space process memory
> > corruptions. There included thousands of panics in our Go programs
> > with things that I would consider "impossible", at least they did not
> > come up before in our syzbot fuzzing. Also some Go runtime
> > "impossible" crashes, e.g.:
> > https://gist.githubusercontent.com/dvyukov/fb489ed93f7180621c71714ee07e53dc/raw/a7d2e98a56da17af2aec79c164cd3a8e154ecf5c/gistfile1.txt
> > Maybe it's a known issue? Should we use tip instead of 1.14? Is it more stable?
> > Though it's not necessary Go b/c kernel contains hundreds of memory
> > corruptions and we observed kernel corrupting user-space processes
> > routinely. This is especially true without KASAN because kernel
> > corruptions are not caught early. However, the ratio and nature of
> > crashes makes me suspect some issue in Go risc-v runtime.
>
> I haven't seen any of these crashes myself when testing the syzkaller
> port, but then again I only ran it for rather brief amounts of time
> (~1h) on my laptop using the riscv defconfig and a few additional
> configs enabled.
>
> AFAIK Go tip has seen quite some improvments to its RISC-V port, so it
> might be worth giving it (or Go 1.14beta1) a try.
No luck. I tried:
go version devel +4b28f5ded3 Tue Jun 30 13:18:16 2020 +0000 linux/amd64
and the log is still full of these crashes we don't see on any other instances:
2020/07/01 11:48:09 vm-2: crash: panic: invalid argument to Intn
2020/07/01 11:48:09 vm-28: crash: panic: invalid argument to Intn
2020/07/01 11:48:10 vm-25: crash: panic: invalid argument to Intn
2020/07/01 11:48:11 vm-35: crash: panic: invalid argument to Intn
2020/07/01 11:48:15 VMs 13, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 391, repro 0
2020/07/01 11:48:16 vm-16: crash: panic: invalid argument to Intn
2020/07/01 11:48:25 vm-6: crash: panic: invalid argument to Intn
2020/07/01 11:48:25 VMs 11, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 393, repro 0
2020/07/01 11:48:29 vm-0: crash: panic: invalid argument to Intn
2020/07/01 11:48:35 VMs 14, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 394, repro 0
2020/07/01 11:48:45 VMs 17, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 394, repro 0
2020/07/01 11:48:55 VMs 19, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 394, repro 0
2020/07/01 11:49:05 VMs 22, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 394, repro 0
2020/07/01 11:49:15 VMs 32, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 394, repro 0
2020/07/01 11:49:25 VMs 33, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 394, repro 0
2020/07/01 11:49:35 VMs 33, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 394, repro 0
2020/07/01 11:49:44 vm-12: crash: panic: invalid argument to Intn
2020/07/01 11:49:45 VMs 35, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 395, repro 0
2020/07/01 11:49:49 vm-32: crash: panic: invalid argument to Intn
2020/07/01 11:49:51 vm-5: crash: panic: invalid argument to Intn
2020/07/01 11:49:52 vm-34: crash: panic: invalid argument to Intn
2020/07/01 11:49:52 vm-9: crash: panic: invalid argument to Intn
2020/07/01 11:49:54 vm-17: crash: panic: invalid argument to Intn
2020/07/01 11:49:55 VMs 32, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 400, repro 0
2020/07/01 11:49:59 vm-22: crash: panic: invalid argument to Intn
2020/07/01 11:50:05 VMs 33, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 401, repro 0
2020/07/01 11:50:15 VMs 33, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 401, repro 0
2020/07/01 11:50:25 VMs 33, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 401, repro 0
2020/07/01 11:50:30 vm-10: crash: panic: invalid argument to Intn
2020/07/01 11:50:35 VMs 32, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 402, repro 0
2020/07/01 11:50:45 VMs 33, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 402, repro 0
2020/07/01 11:50:50 vm-8: crash: panic: invalid argument to Intn
2020/07/01 11:50:54 vm-13: crash: panic: invalid argument to Intn
2020/07/01 11:50:54 vm-37: crash: panic: invalid argument to Intn
2020/07/01 11:50:55 VMs 30, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 405, repro 0
2020/07/01 11:51:05 VMs 30, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 405, repro 0
2020/07/01 11:51:15 VMs 30, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 405, repro 0
2020/07/01 11:51:25 VMs 35, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 405, repro 0
2020/07/01 11:51:26 vm-27: crash: panic: invalid argument to Intn
2020/07/01 11:51:29 vm-31: crash: panic: invalid argument to Intn
2020/07/01 11:51:35 VMs 34, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 407, repro 0
2020/07/01 11:51:36 vm-15: crash: panic: invalid argument to Intn
2020/07/01 11:51:36 vm-23: crash: panic: invalid argument to Intn
2020/07/01 11:51:40 vm-39: crash: panic: invalid argument to Intn
2020/07/01 11:51:42 vm-7: crash: panic: invalid argument to Intn
2020/07/01 11:51:45 vm-4: crash: panic: invalid argument to Intn
2020/07/01 11:51:45 VMs 29, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 412, repro 0
2020/07/01 11:51:52 vm-19: crash: panic: invalid argument to Intn
2020/07/01 11:51:54 vm-26: crash: panic: invalid argument to Intn
2020/07/01 11:51:55 VMs 27, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 414, repro 0
2020/07/01 11:52:03 vm-38: crash: panic: invalid argument to Intn
2020/07/01 11:52:03 vm-36: crash: panic: invalid argument to Intn
2020/07/01 11:52:05 VMs 26, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 416, repro 0
2020/07/01 11:52:07 vm-11: crash: panic: invalid argument to Intn
2020/07/01 11:52:12 vm-33: crash: panic: invalid argument to Intn
2020/07/01 11:52:13 vm-29: crash: panic: invalid argument to Intn
2020/07/01 11:52:15 vm-20: crash: panic: invalid argument to Intn
2020/07/01 11:52:15 VMs 22, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 420, repro 0
2020/07/01 11:52:16 vm-24: crash: panic: invalid argument to Intn
2020/07/01 11:52:17 vm-3: crash: panic: invalid argument to Intn
2020/07/01 11:52:17 vm-30: crash: panic: invalid argument to Intn
2020/07/01 11:52:18 vm-14: crash: panic: invalid argument to Intn
2020/07/01 11:52:20 vm-21: crash: panic: invalid argument to Intn
2020/07/01 11:52:20 vm-18: crash: panic: invalid argument to Intn
2020/07/01 11:52:22 vm-1: crash: panic: invalid argument to Intn
2020/07/01 11:52:25 VMs 18, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 427, repro 0
2020/07/01 11:52:35 VMs 18, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 427, repro 0
2020/07/01 11:52:43 vm-2: crash: panic: invalid argument to Intn
2020/07/01 11:52:44 vm-25: crash: panic: invalid argument to Intn
2020/07/01 11:52:44 vm-35: crash: panic: invalid argument to Intn
2020/07/01 11:52:45 VMs 15, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 430, repro 0
2020/07/01 11:52:46 vm-16: crash: panic: invalid argument to Intn
2020/07/01 11:52:47 vm-28: crash: panic: invalid argument to Intn
2020/07/01 11:52:51 vm-9: crash: panic: invalid argument to Intn
2020/07/01 11:52:54 vm-6: crash: panic: invalid argument to Intn
2020/07/01 11:52:55 VMs 12, executed 153462, corpus cover 79651,
corpus signal 174611, max signal 185505, crashes 434, repro 0
2020/07/01 11:53:00 vm-0: crash: panic: invalid argument to Intn
More information about the linux-riscv
mailing list