s2e debug mode error

[Kaixiang Chen]

Hi, when I used ./launch-s2e.sh debug, and run inside gdb, but it gives me

(gdb) r

Starting program: /home/ckx/aegpro-s2e/build/s2e/qemu-debug/x86_64-softmmu/qemu-system-x86_64 -drive file=/home/ckx/aegpro-s2e/images/debian-8.7.1-x86_64/image.raw.s2e,format=s2e,cache=writeback -k en-us -monitor null -m 256M -enable-kvm -serial file:serial.txt -net none -net nic,model=e1000 -loadvm ready

Starting libs2e...

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

[New Thread 0x15554f213700 (LWP 10351)]

Warning: vlan 0 is not connected to host network

s2e-block: dirty sectors on close:0

s2e-block: dirty after restore: 624 (ro=0)

s2e-block: wasted sectors: 1552

KVM: entry failed, hardware error 0x80000021

If you're running a guest on an Intel machine without unrestricted mode

support, the failure can be most likely due to the guest entering an invalid

state for Intel VT. For example, the guest maybe running in big real mode

which is not supported on less recent Intel processors.

EAX=00000000 EBX=00000002 ECX=ffffffff EDX=f7739878

ESI=ff7fe574 EDI=ff7fff10 EBP=00000000 ESP=ff7ee4c0

EIP=080487d0 EFL=00000246 [---Z-P-] CPL=3 II=0 A20=1 SMM=0 HLT=0

ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]

CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA]

SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]

DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]

FS =0000 00000000 00000000 00000000

GS =0063 f758e940 ffffffff 00d0f300 DPL=3 DS   [-WA]

LDT=0000 00000000 00000000 00008200 DPL=0 LDT

TR =0040 0fc14ec0 00002087 00008900 DPL=0 TSS64-avl

GDT=     ffff88000fc09000 0000007f

IDT=     ffffffffff57b000 00000fff

CR0=80050033 CR2=00007fdafa2ab000 CR3=000000000da8e000 CR4=000006f0

DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 

DR6=00000000ffff0ff0 DR7=0000000000000400

EFER=0000000000000d01

Code=40 8e 04 08 e8 ab fd ff ff 83 c4 10 90 90 90 90 90 90 90 90 <31> c0 0f 3f 00 00 00 00 00 00 00 00 85 c0 74 f0 83 ec 0c 68 60 8e 04 08 e8 83 fd ff ff 83

    

and  bt shows like:

(gdb) bt
#0  0x00001555533a75d3 in select () at ../sysdeps/unix/syscall-template.S:84
#1  0x00005555556cedce in os_host_main_loop_wait (timeout=1000)
    at /home/ckx/aegpro-s2e/source/s2e/qemu/main-loop.c:304
#2  0x00005555556cef14 in main_loop_wait (nonblocking=0)
    at /home/ckx/aegpro-s2e/source/s2e/qemu/main-loop.c:486
#3  0x00005555556c287d in main_loop ()
    at /home/ckx/aegpro-s2e/source/s2e/qemu/vl.c:1579
#4  0x00005555556c9327 in main (argc=18, argv=0x7fffffffdb58,
    envp=0x7fffffffdbf0) at /home/ckx/aegpro-s2e/source/s2e/qemu/vl.c:3777

Is there any way for debugging?

 

[Vitaly Chipounov]

Hi,

Could you please dump the stack for all the threads?

Vitaly

--
--
You received this message because you are a member of the S2E Developer Forum.
To post to this group, send email to s2e...@googlegroups.com
To unsubscribe from this group, send email to s2e-dev+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/s2e-dev

---
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Kaixiang Chen]

Do you mean dumping the whole stack ?

There are total two threads. Stack dumped and stored in files thread1dump and thread2dump.

(gdb) thread 2 

(gdb) bt

#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185

#1  0x0000555555703828 in qemu_cond_wait (cond=0x5555564b9f40, mutex=0x555556430300 <qemu_global_mutex>) at /home/ckx/aegpro-s2e/source/s2e/qemu/qemu-thread-posix.c:113

#2  0x00005555557736f0 in qemu_kvm_wait_io_event (env=0x5555564ba290) at /home/ckx/aegpro-s2e/source/s2e/qemu/cpus.c:763

#3  0x0000555555773840 in qemu_kvm_cpu_thread_fn (arg=0x5555564ba290) at /home/ckx/aegpro-s2e/source/s2e/qemu/cpus.c:799

#4  0x000015555367b6ba in start_thread (arg=0x15554f213700) at pthread_create.c:333

#5  0x00001555533b141d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

(gdb) info frame

Stack level 0, frame at 0x15554f212d40:

 rip = 0x155553681360 in pthread_cond_wait@@GLIBC_2.3.2 (../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185); saved rip = 0x555555703828

 called by frame at 0x15554f212d70

 source language asm.

 Arglist at 0x15554f212d08, args: 

 Locals at 0x15554f212d08, Previous frame's sp is 0x15554f212d40

 Saved registers:

  rip at 0x15554f212d38

(gdb) dump memory thread2dump 0x15554f212d10 0x15554f214000

(gdb) 

(gdb) thread 1

[Switching to thread 1 (Thread 0x155555497880 (LWP 93634))]

#0  0x00001555533a75d3 in select () at ../sysdeps/unix/syscall-template.S:84

84 ../sysdeps/unix/syscall-template.S: No such file or directory.

(gdb) ls

Undefined command: "ls".  Try "help".

(gdb) 

Undefined command: "ls".  Try "help".

(gdb) info frame

Stack level 0, frame at 0x7fffffffd6d0:

 rip = 0x1555533a75d3 in select (../sysdeps/unix/syscall-template.S:84); saved rip = 0x5555556cedce

 called by frame at 0x7fffffffd720

 source language asm.

 Arglist at 0x7fffffffd6b8, args: 

 Locals at 0x7fffffffd6b8, Previous frame's sp is 0x7fffffffd6d0

 Saved registers:

  rip at 0x7fffffffd6c8

(gdb) bt

#0  0x00001555533a75d3 in select () at ../sysdeps/unix/syscall-template.S:84

#1  0x00005555556cedce in os_host_main_loop_wait (timeout=1000) at /home/ckx/aegpro-s2e/source/s2e/qemu/main-loop.c:304

#2  0x00005555556cef14 in main_loop_wait (nonblocking=0) at /home/ckx/aegpro-s2e/source/s2e/qemu/main-loop.c:486

#3  0x00005555556c287d in main_loop () at /home/ckx/aegpro-s2e/source/s2e/qemu/vl.c:1579

#4  0x00005555556c9327 in main (argc=18, argv=0x7fffffffdb58, envp=0x7fffffffdbf0) at /home/ckx/aegpro-s2e/source/s2e/qemu/vl.c:3777

(gdb)

(gdb) dump memory dump1thread 0x7fffffffd6c0 0x7ffffffff000

[Vitaly Chipounov]

It looks like QEMU talks to the real /dev/kvm, libs2e.so doesn't seem to intercept it properly despite being loaded ("Starting libs2e" message is present).

In a correct execution, you should see "Opening /dev/kvm" in the output. This message is not present, so it looks like libs2e.c doesn't intercept the open syscall properly (it assumes qemu uses open64()).

Please check with gdb which syscall QEMU actually calls. Maybe it's different on your system.

Vitaly

[Kaixiang Chen]

thx，I resolved it just now. I noticed libs2e.so not loaded. So I manage to fix it by adding env LD_PRELOAD=$LIBS2E  in launch.sh. Then the whole cmd is like that:

Thanks for your help!

[Vitaly Chipounov]

So "launch-s2e.sh debug" still doesn't work? I see you added gdb manually to the non-debug part of the launcher.

Vitaly

--

[陈凯翔]

Actually，I add the environment value to the debug part of the launcher. “Set environment LD_PRELOAD =...” doesn’t work in debug mode.So I need to set env manually in the context.

Vitaly Chipounov <vit...@cyberhaven.io>于2018年3月21日 周三23:04写道：

So "launch-s2e.sh debug" still doesn't work? I see you added gdb manually to the non-debug part of the launcher.

Vitaly

On Wed, Mar 21, 2018 at 3:22 AM, Kaixiang Chen <ckx10...@gmail.com> wrote:

thx，I resolved it just now. I noticed libs2e.so not loaded. So I manage to fix it by adding env LD_PRELOAD=$LIBS2E  in launch.sh. Then the whole cmd is like that:

Thanks for your help!

--
--
You received this message because you are a member of the S2E Developer Forum.
To post to this group, send email to s2e...@googlegroups.com

To unsubscribe from this group, send email to s2e-dev+u...@googlegroups.com

For more options, visit this group at http://groups.google.com/group/s2e-dev

---
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
You received this message because you are a member of the S2E Developer Forum.
To post to this group, send email to s2e...@googlegroups.com

To unsubscribe from this group, send email to s2e-dev+u...@googlegroups.com

For more options, visit this group at http://groups.google.com/group/s2e-dev

---
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Kaixiang Chen

[Vitaly Chipounov]

In debug mode, launch-s2e.sh uses the gdb.ini script. Judging from your logs, libs2e.so was loaded fine but didn't intercept the open() syscall. I am trying to figure out why.

Which OS/compiler version are you using? Could you send me your debug qemu binary?

Vitaly

On Wed, Mar 21, 2018 at 11:14 AM, 陈凯翔 <ckx10...@gmail.com> wrote:

Actually，I add the environment value to the debug part of the launcher. “Set environment LD_PRELOAD =...” doesn’t work in debug mode.So I need to set env manually in the context.

Vitaly Chipounov <vit...@cyberhaven.io>于2018年3月21日 周三23:04写道：

So "launch-s2e.sh debug" still doesn't work? I see you added gdb manually to the non-debug part of the launcher.

Vitaly

On Wed, Mar 21, 2018 at 3:22 AM, Kaixiang Chen <ckx10...@gmail.com> wrote:

thx，I resolved it just now. I noticed libs2e.so not loaded. So I manage to fix it by adding env LD_PRELOAD=$LIBS2E  in launch.sh. Then the whole cmd is like that:

Thanks for your help!

--
--
You received this message because you are a member of the S2E Developer Forum.
To post to this group, send email to s2e...@googlegroups.com

To unsubscribe from this group, send email to s2e-dev+unsubscribe@googlegroups.com

For more options, visit this group at http://groups.google.com/group/s2e-dev

---
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
You received this message because you are a member of the S2E Developer Forum.
To post to this group, send email to s2e...@googlegroups.com

To unsubscribe from this group, send email to s2e-dev+unsubscribe@googlegroups.com

For more options, visit this group at http://groups.google.com/group/s2e-dev

---
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Kaixiang Chen

--

--
You received this message because you are a member of the S2E Developer Forum.
To post to this group, send email to s2e...@googlegroups.com

To unsubscribe from this group, send email to s2e-dev+unsubscribe@googlegroups.com

For more options, visit this group at http://groups.google.com/group/s2e-dev

---
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+unsubscribe@googlegroups.com.

[Kaixiang Chen]

Yes, that's strange. 

 My machine runs on Ubuntu 16.04 , compiler specified is clang-3.9. 

[Kaixiang Chen]

Qemu binary is too big to share on  forum. So I have mailed it .

[Vitaly Chipounov]

Thanks, I tried it, it works for me. I haven't tried S2E on Ubuntu 16.04 though, just on Ubuntu 16.04 Server LTS.

You shouldn't need to add env to command line, it's already taken care of by gdb.ini.

Vitaly

On Wed, Mar 21, 2018 at 12:13 PM, Kaixiang Chen <ckx10...@gmail.com> wrote:

Qemu binary is too big to share on  forum. So I have mailed it .

--