Re: porting kcov to android

2016-07-05 Thread Dmitry Vyukov 
Well, something is broken.
Shadow in the report is complete mess (fc is heap redzone, while f4 is
stack redzone). I wonder if it is the bootstrap shadow page that is
used for both heap and stack. Or maybe we return poisoned pages to
pagealloc.
The first thing I would try is to disable stack and global
instrumentation (there are separate flags somewhere in the makefiles).


On Wed, Jul 6, 2016 at 6:57 AM, Baozeng  wrote:
> Hello all,
> I backported KASAN to 3.10.102 stable kerenl
> (ca1199fccf14540e86f6da955333e31d6fec5f3e), based on Andrey Ryabinin's work
> (backport KASAN to RHEL7-based (3.10 based) OpenVZ kernel). I met the
> following kernel panic when starting the kernel using the following command:
>
> qemu-system-x86_64 -hda ./wheezy.img -snapshot -m 2048 -net nic -net
> user,host=10.0.2.10,hostfwd=tcp::51727-:22 -nographic -enable-kvm -numa
> node,nodeid=0,cpus=0-1 -numa node,nodeid=1,cpus=2-3 -smp
> sockets=2,cores=2,threads=1 -usb -usbdevice mouse -usbdevice tablet -soundhw
> all -kernel ./bzImage -append console=ttyS0 root=/dev/sda debug
> earlyprintk=serial slub_debug=UZ
>
> any suggestions?
>
> ==
> BUG: KASan: out of bounds access in usage_match+0x63/0x70 at addr
> 88002c81ff40
> Read of size 8 by task khubd/923
> =
> BUG kmalloc-4096 (Not tainted): kasan: bad access detected
> -
>
> Disabling lock debugging due to kernel taint
> INFO: Allocated in input_dev_pm_ops+0x520/0x5e0 age=131944943344261 cpu=0
> pid=-536871936
> 0x41b58ab3
> [<  none  >] vsock_dgram_ops+0x337bd3/0x3a5a50 ??:?
> [<  none  >] sysfs_new_dirent+0x0/0x410
> /linux-stable/fs/sysfs/dir.c:1027
> 0x88002c8209d8
> 0xed000590413c
> 0xdc00
> 0x88002c8209e0
> 0x88002c820920
> [<  none  >] mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
> 0x11000590412f
> 0x88002c820958
> [<  none  >] sysfs_attr_ns+0x162/0x260
> /linux-stable/fs/sysfs/file.c:522
> 0x11000590412f
> 0x88002c820a18
> [<  none  >] dev_attr_uniq+0x0/0x60
> arch/x86/crypto/sha512-avx2-asm.o:?
> 0x8800280feae0
> INFO: Freed in sysfs_add_file_mode+0x141/0x2d0 age=6421765850 cpu=746719736
> pid=-30720
> 0x1242cf991f0
> 0x0002
> 0x41b58ab3
> [<  none  >] vsock_dgram_ops+0x337b87/0x3a5a50 ??:?
> [<  none  >] sysfs_add_file_mode+0x0/0x2d0
> /linux-stable/fs/sysfs/file.c:693
> 0x88002cf998c8
> INFO: Slab 0xeab20600 objects=7 used=0 fp=0x88002c818000
> flags=0x1fc4080
> INFO: Object 0x88002c81f8c0 @offset=30912 fp=0x0002
>
>
> Redzone 88002c8208c0: 1a 41 90 05 00 f1 ff 1f
> .A..
> Padding 88002c8209f8: 40 0a 82 2c 00 88 ff ff
> @..,
> CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
>  88002c818000 88002c81fc60 850cbe98 88002c81fc90
>  81584f48 88002d806f40 eab20600 88002c81f8c0
>   88002c81fcb8 8158b731 ed0005903fe8
> Call Trace:
> Memory state around the buggy address:
>  88002c81fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>  88002c81fe80: fc fc f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4
>>88002c81ff00: f4 f4 f2 f2 f2 f2 fc fc fc fc fc fc fc fc f2 f2
>^
>  88002c81ff80: f2 f2 fc fc fc fc fc fc fc fc f3 f3 f3 f3 fc fc
>  88002c82: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ==
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral
> protection fault:  [#1] SMP KASAN
> Modules linked in:
> CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
> task: 88002cf991f0 ti: 88002c82 task.ti: 88002c82
> RIP: 0010:[]  []
> cpuacct_charge+0x1ab/0x490
> RSP: :88002de03be0  EFLAGS: 00010046
> RAX: dc001d5585dc RBX: c5a0 RCX: eaac2ee0
> RDX: 869c2c60 RSI: 10c1a6c0 RDI: 860d3600
> RBP: 88002de03c28 R08: 0001 R09: 0001
> R10: 0020 R11: ed000fffb001 R12: 860d35a0
> R13: dc00 R14: 134c2dae R15: 2c820050
> FS:  () GS:88002de0() knlGS:
> CS:  0010 DS:  ES:  CR0: 8005003b
> CR2:  CR3: 0600d000 CR4: 06f0
> DR0:  DR1:

Re: porting kcov to android

2016-07-05 Thread Dmitry Vyukov 
Well, something is broken.
Shadow in the report is complete mess (fc is heap redzone, while f4 is
stack redzone). I wonder if it is the bootstrap shadow page that is
used for both heap and stack. Or maybe we return poisoned pages to
pagealloc.
The first thing I would try is to disable stack and global
instrumentation (there are separate flags somewhere in the makefiles).


On Wed, Jul 6, 2016 at 6:57 AM, Baozeng  wrote:
> Hello all,
> I backported KASAN to 3.10.102 stable kerenl
> (ca1199fccf14540e86f6da955333e31d6fec5f3e), based on Andrey Ryabinin's work
> (backport KASAN to RHEL7-based (3.10 based) OpenVZ kernel). I met the
> following kernel panic when starting the kernel using the following command:
>
> qemu-system-x86_64 -hda ./wheezy.img -snapshot -m 2048 -net nic -net
> user,host=10.0.2.10,hostfwd=tcp::51727-:22 -nographic -enable-kvm -numa
> node,nodeid=0,cpus=0-1 -numa node,nodeid=1,cpus=2-3 -smp
> sockets=2,cores=2,threads=1 -usb -usbdevice mouse -usbdevice tablet -soundhw
> all -kernel ./bzImage -append console=ttyS0 root=/dev/sda debug
> earlyprintk=serial slub_debug=UZ
>
> any suggestions?
>
> ==
> BUG: KASan: out of bounds access in usage_match+0x63/0x70 at addr
> 88002c81ff40
> Read of size 8 by task khubd/923
> =
> BUG kmalloc-4096 (Not tainted): kasan: bad access detected
> -
>
> Disabling lock debugging due to kernel taint
> INFO: Allocated in input_dev_pm_ops+0x520/0x5e0 age=131944943344261 cpu=0
> pid=-536871936
> 0x41b58ab3
> [<  none  >] vsock_dgram_ops+0x337bd3/0x3a5a50 ??:?
> [<  none  >] sysfs_new_dirent+0x0/0x410
> /linux-stable/fs/sysfs/dir.c:1027
> 0x88002c8209d8
> 0xed000590413c
> 0xdc00
> 0x88002c8209e0
> 0x88002c820920
> [<  none  >] mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
> 0x11000590412f
> 0x88002c820958
> [<  none  >] sysfs_attr_ns+0x162/0x260
> /linux-stable/fs/sysfs/file.c:522
> 0x11000590412f
> 0x88002c820a18
> [<  none  >] dev_attr_uniq+0x0/0x60
> arch/x86/crypto/sha512-avx2-asm.o:?
> 0x8800280feae0
> INFO: Freed in sysfs_add_file_mode+0x141/0x2d0 age=6421765850 cpu=746719736
> pid=-30720
> 0x1242cf991f0
> 0x0002
> 0x41b58ab3
> [<  none  >] vsock_dgram_ops+0x337b87/0x3a5a50 ??:?
> [<  none  >] sysfs_add_file_mode+0x0/0x2d0
> /linux-stable/fs/sysfs/file.c:693
> 0x88002cf998c8
> INFO: Slab 0xeab20600 objects=7 used=0 fp=0x88002c818000
> flags=0x1fc4080
> INFO: Object 0x88002c81f8c0 @offset=30912 fp=0x0002
>
>
> Redzone 88002c8208c0: 1a 41 90 05 00 f1 ff 1f
> .A..
> Padding 88002c8209f8: 40 0a 82 2c 00 88 ff ff
> @..,
> CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
>  88002c818000 88002c81fc60 850cbe98 88002c81fc90
>  81584f48 88002d806f40 eab20600 88002c81f8c0
>   88002c81fcb8 8158b731 ed0005903fe8
> Call Trace:
> Memory state around the buggy address:
>  88002c81fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>  88002c81fe80: fc fc f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4
>>88002c81ff00: f4 f4 f2 f2 f2 f2 fc fc fc fc fc fc fc fc f2 f2
>^
>  88002c81ff80: f2 f2 fc fc fc fc fc fc fc fc f3 f3 f3 f3 fc fc
>  88002c82: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ==
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral
> protection fault:  [#1] SMP KASAN
> Modules linked in:
> CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
> task: 88002cf991f0 ti: 88002c82 task.ti: 88002c82
> RIP: 0010:[]  []
> cpuacct_charge+0x1ab/0x490
> RSP: :88002de03be0  EFLAGS: 00010046
> RAX: dc001d5585dc RBX: c5a0 RCX: eaac2ee0
> RDX: 869c2c60 RSI: 10c1a6c0 RDI: 860d3600
> RBP: 88002de03c28 R08: 0001 R09: 0001
> R10: 0020 R11: ed000fffb001 R12: 860d35a0
> R13: dc00 R14: 134c2dae R15: 2c820050
> FS:  () GS:88002de0() knlGS:
> CS:  0010 DS:  ES:  CR0: 8005003b
> CR2:  CR3: 0600d000 CR4: 06f0
> DR0:  DR1:  DR2: