Segmentation fault of QEMU

[Hongduo Zhao]

Hi, Vitaly!

I encountered a very confusing problem. While exploring in a server-side application, the S2E suddenly terminated at state switching, and prompted with "./launch-s2e.sh: line 120: 1416113 Segmentation fault LD_PRELOAD=$LIBS2E $QEMU $QEMU_ARGS $*". I know this means that the QEMU received a segv, and this situation is reproducible, but I don't have any idea why could this happen.

There are some warnings "93 [State 204] HostFiles: HostFiles : Forking new state with open files, expect errors!"  I don't know what these warnings mean, are they related to the segv? Or do you have any idea how I can prevent the segv?

The debug.txt and modified bootstrap.sh are provided as attachment.

Best Regards, 

Hongduo

[Vitaly Chipounov]

Hi,

Can you please export the full project (s2e export_project) so that I can run it if needed?
Do you have a stack trace by any chance? You can run it in gdb (./launch-s2e.sh debug).

Thanks,
Vitaly

[Hongduo Zhao]

Hi, Vitaly!

The exported project is attached. You also need to use our toolset in order to run the crashed project. It includes a custom S2E plugin, a little modification of S2E original codebase, and a hook library to achieve our specific goal, the toolset is also attached. I think you only need to install the plugin and codebase modification (step 2, 3, 4 in README.md Installation section). By the way, the modification of S2E codebase does nothing in this crashed project, it only makes the rebuild of S2E succeed.

We also modify the bootstrap.sh (functions: customize_setup_environment and customize_execute), it takes an archive (s2e-archive-opener-pat.tar.gz) including our target server-side program, and lets it run properly in S2E environment. The target program is a server listening on the loopback network interface and the image we use is Ubuntu 22.04.

Unfortunately, I can not run the debug mode with ./launch-s2e.sh debug, the error screenshot is also attached.

Since we introduced some new stuff to S2E. If it is infeasible to run the project, just let me know!

Thanks, 

Hongduo

--
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/s2e-dev/4775356f-2b48-4653-8808-9d74f1a0c69dn%40googlegroups.com.

[Hongduo Zhao]

Hi, Vitaly!

I think I've found what's wrong. After I commented one line in the custom function in bootstrap.sh (line 193), the crash stopped happening. This line uses "s2ecmd put" to put a file written by the target program from the guest to the host. The reason why this action can cause crash is not clear, but after removing this action, s2e runs without crash anymore.

Regards, 

Hongduo

[Vitaly Chipounov]

Hi,

Thanks for investigating this. Can you reproduce the issue with unmodified S2E and a minimal bootstrap.sh? You mentioned that removing s2e put solves it, maybe it's the cause? It's not clear from the screenshot if the kvm error is caused by the debug mode or by s2e put.

Vitaly

To view this discussion visit https://groups.google.com/d/msgid/s2e-dev/CADbiE1t47z-tT6_zmpzvZ1dR8vbLjqNqpSeXsh3dOdvq3QDemw%40mail.gmail.com.