Accessing Kernel Logs in the Qemu VM

[Muhammad Adil Inam]

Hi, 

The task I am trying to achieve is to get a log of all the kernel functions invoked within the Qemu VM during the fuzzing process. 

Based on my understanding, Syzkaller does not log kernel functions executed during fuzzing, so I reconfigured the Linux Kernel to make sure the kernel itself is logging the information I require for my analysis. For this purpose, I enabled "function_tracer" and  "function_graph_tracer" options within the kernel build configuration that log the caller and callee for each executed kernel function. 

I was able to again run syzkaller on the updated linux kernel with function logging capabilities. However, the part I am struggling with is how to access the kernel logs located within the qemu VM.

Would appreciate any input in this regard!

Thanks, 

Adil

[Dmitry Vyukov]

Hi Adil,

If you want to access logs manually once, then you can find the qemu
ssh forwarding port in ps command output, e.g.:

bin💻 ps afxu | grep qemu
dvyukov 3652413 75.7 0.4 3679924 970660 pts/1 Sl 11:31 0:03 |
\_ qemu-system-x86_64 -m 3072 -smp 2 -chardev
socket,id=SOCKSYZ,server=on,nowait,host=localhost,port=51727 -mon
chardev=SOCKSYZ,mode=control -display none -serial stdio -no-reboot
-name VM-0 -device virtio-rng-pci -enable-kvm -cpu host,migratable=off
-device e1000,netdev=net0 -netdev
user,id=net0,restrict=on,hostfwd=tcp:127.0.0.1:1569-:22 -hda
/usr/local/google/home/dvyukov/bin/buildroot-amd64-2021.08 -snapshot
-kernel /usr/local/google/home/dvyukov/src/linux2_build_amd64/arch/x86/boot/bzImage
-append root=/dev/sda console=ttyS0 root=/dev/sda1

Here the forward port is 1569.
And then you can ssh/scp from that VM (but hurry before syzkaller
crashes it :)).