Re: porting kcov to android
Well, something is broken. Shadow in the report is complete mess (fc is heap redzone, while f4 is stack redzone). I wonder if it is the bootstrap shadow page that is used for both heap and stack. Or maybe we return poisoned pages to pagealloc. The first thing I would try is to disable stack and global instrumentation (there are separate flags somewhere in the makefiles). On Wed, Jul 6, 2016 at 6:57 AM, Baozengwrote: > Hello all, > I backported KASAN to 3.10.102 stable kerenl > (ca1199fccf14540e86f6da955333e31d6fec5f3e), based on Andrey Ryabinin's work > (backport KASAN to RHEL7-based (3.10 based) OpenVZ kernel). I met the > following kernel panic when starting the kernel using the following command: > > qemu-system-x86_64 -hda ./wheezy.img -snapshot -m 2048 -net nic -net > user,host=10.0.2.10,hostfwd=tcp::51727-:22 -nographic -enable-kvm -numa > node,nodeid=0,cpus=0-1 -numa node,nodeid=1,cpus=2-3 -smp > sockets=2,cores=2,threads=1 -usb -usbdevice mouse -usbdevice tablet -soundhw > all -kernel ./bzImage -append console=ttyS0 root=/dev/sda debug > earlyprintk=serial slub_debug=UZ > > any suggestions? > > == > BUG: KASan: out of bounds access in usage_match+0x63/0x70 at addr > 88002c81ff40 > Read of size 8 by task khubd/923 > = > BUG kmalloc-4096 (Not tainted): kasan: bad access detected > - > > Disabling lock debugging due to kernel taint > INFO: Allocated in input_dev_pm_ops+0x520/0x5e0 age=131944943344261 cpu=0 > pid=-536871936 > 0x41b58ab3 > [< none >] vsock_dgram_ops+0x337bd3/0x3a5a50 ??:? > [< none >] sysfs_new_dirent+0x0/0x410 > /linux-stable/fs/sysfs/dir.c:1027 > 0x88002c8209d8 > 0xed000590413c > 0xdc00 > 0x88002c8209e0 > 0x88002c820920 > [< none >] mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252 > 0x11000590412f > 0x88002c820958 > [< none >] sysfs_attr_ns+0x162/0x260 > /linux-stable/fs/sysfs/file.c:522 > 0x11000590412f > 0x88002c820a18 > [< none >] dev_attr_uniq+0x0/0x60 > arch/x86/crypto/sha512-avx2-asm.o:? > 0x8800280feae0 > INFO: Freed in sysfs_add_file_mode+0x141/0x2d0 age=6421765850 cpu=746719736 > pid=-30720 > 0x1242cf991f0 > 0x0002 > 0x41b58ab3 > [< none >] vsock_dgram_ops+0x337b87/0x3a5a50 ??:? > [< none >] sysfs_add_file_mode+0x0/0x2d0 > /linux-stable/fs/sysfs/file.c:693 > 0x88002cf998c8 > INFO: Slab 0xeab20600 objects=7 used=0 fp=0x88002c818000 > flags=0x1fc4080 > INFO: Object 0x88002c81f8c0 @offset=30912 fp=0x0002 > > > Redzone 88002c8208c0: 1a 41 90 05 00 f1 ff 1f > .A.. > Padding 88002c8209f8: 40 0a 82 2c 00 88 ff ff > @.., > CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 > 88002c818000 88002c81fc60 850cbe98 88002c81fc90 > 81584f48 88002d806f40 eab20600 88002c81f8c0 > 88002c81fcb8 8158b731 ed0005903fe8 > Call Trace: > Memory state around the buggy address: > 88002c81fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > 88002c81fe80: fc fc f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4 >>88002c81ff00: f4 f4 f2 f2 f2 f2 fc fc fc fc fc fc fc fc f2 f2 >^ > 88002c81ff80: f2 f2 fc fc fc fc fc fc fc fc f3 f3 f3 f3 fc fc > 88002c82: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > == > kasan: CONFIG_KASAN_INLINE enabled > kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral > protection fault: [#1] SMP KASAN > Modules linked in: > CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 > task: 88002cf991f0 ti: 88002c82 task.ti: 88002c82 > RIP: 0010:[] [] > cpuacct_charge+0x1ab/0x490 > RSP: :88002de03be0 EFLAGS: 00010046 > RAX: dc001d5585dc RBX: c5a0 RCX: eaac2ee0 > RDX: 869c2c60 RSI: 10c1a6c0 RDI: 860d3600 > RBP: 88002de03c28 R08: 0001 R09: 0001 > R10: 0020 R11: ed000fffb001 R12: 860d35a0 > R13: dc00 R14: 134c2dae R15: 2c820050 > FS: () GS:88002de0() knlGS: > CS: 0010 DS: ES: CR0: 8005003b > CR2: CR3: 0600d000 CR4: 06f0 > DR0: DR1:
Re: porting kcov to android
Well, something is broken. Shadow in the report is complete mess (fc is heap redzone, while f4 is stack redzone). I wonder if it is the bootstrap shadow page that is used for both heap and stack. Or maybe we return poisoned pages to pagealloc. The first thing I would try is to disable stack and global instrumentation (there are separate flags somewhere in the makefiles). On Wed, Jul 6, 2016 at 6:57 AM, Baozeng wrote: > Hello all, > I backported KASAN to 3.10.102 stable kerenl > (ca1199fccf14540e86f6da955333e31d6fec5f3e), based on Andrey Ryabinin's work > (backport KASAN to RHEL7-based (3.10 based) OpenVZ kernel). I met the > following kernel panic when starting the kernel using the following command: > > qemu-system-x86_64 -hda ./wheezy.img -snapshot -m 2048 -net nic -net > user,host=10.0.2.10,hostfwd=tcp::51727-:22 -nographic -enable-kvm -numa > node,nodeid=0,cpus=0-1 -numa node,nodeid=1,cpus=2-3 -smp > sockets=2,cores=2,threads=1 -usb -usbdevice mouse -usbdevice tablet -soundhw > all -kernel ./bzImage -append console=ttyS0 root=/dev/sda debug > earlyprintk=serial slub_debug=UZ > > any suggestions? > > == > BUG: KASan: out of bounds access in usage_match+0x63/0x70 at addr > 88002c81ff40 > Read of size 8 by task khubd/923 > = > BUG kmalloc-4096 (Not tainted): kasan: bad access detected > - > > Disabling lock debugging due to kernel taint > INFO: Allocated in input_dev_pm_ops+0x520/0x5e0 age=131944943344261 cpu=0 > pid=-536871936 > 0x41b58ab3 > [< none >] vsock_dgram_ops+0x337bd3/0x3a5a50 ??:? > [< none >] sysfs_new_dirent+0x0/0x410 > /linux-stable/fs/sysfs/dir.c:1027 > 0x88002c8209d8 > 0xed000590413c > 0xdc00 > 0x88002c8209e0 > 0x88002c820920 > [< none >] mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252 > 0x11000590412f > 0x88002c820958 > [< none >] sysfs_attr_ns+0x162/0x260 > /linux-stable/fs/sysfs/file.c:522 > 0x11000590412f > 0x88002c820a18 > [< none >] dev_attr_uniq+0x0/0x60 > arch/x86/crypto/sha512-avx2-asm.o:? > 0x8800280feae0 > INFO: Freed in sysfs_add_file_mode+0x141/0x2d0 age=6421765850 cpu=746719736 > pid=-30720 > 0x1242cf991f0 > 0x0002 > 0x41b58ab3 > [< none >] vsock_dgram_ops+0x337b87/0x3a5a50 ??:? > [< none >] sysfs_add_file_mode+0x0/0x2d0 > /linux-stable/fs/sysfs/file.c:693 > 0x88002cf998c8 > INFO: Slab 0xeab20600 objects=7 used=0 fp=0x88002c818000 > flags=0x1fc4080 > INFO: Object 0x88002c81f8c0 @offset=30912 fp=0x0002 > > > Redzone 88002c8208c0: 1a 41 90 05 00 f1 ff 1f > .A.. > Padding 88002c8209f8: 40 0a 82 2c 00 88 ff ff > @.., > CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 > 88002c818000 88002c81fc60 850cbe98 88002c81fc90 > 81584f48 88002d806f40 eab20600 88002c81f8c0 > 88002c81fcb8 8158b731 ed0005903fe8 > Call Trace: > Memory state around the buggy address: > 88002c81fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > 88002c81fe80: fc fc f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4 >>88002c81ff00: f4 f4 f2 f2 f2 f2 fc fc fc fc fc fc fc fc f2 f2 >^ > 88002c81ff80: f2 f2 fc fc fc fc fc fc fc fc f3 f3 f3 f3 fc fc > 88002c82: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > == > kasan: CONFIG_KASAN_INLINE enabled > kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral > protection fault: [#1] SMP KASAN > Modules linked in: > CPU: 0 PID: 923 Comm: khubd Tainted: GB3.10.102+ #2 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 > task: 88002cf991f0 ti: 88002c82 task.ti: 88002c82 > RIP: 0010:[] [] > cpuacct_charge+0x1ab/0x490 > RSP: :88002de03be0 EFLAGS: 00010046 > RAX: dc001d5585dc RBX: c5a0 RCX: eaac2ee0 > RDX: 869c2c60 RSI: 10c1a6c0 RDI: 860d3600 > RBP: 88002de03c28 R08: 0001 R09: 0001 > R10: 0020 R11: ed000fffb001 R12: 860d35a0 > R13: dc00 R14: 134c2dae R15: 2c820050 > FS: () GS:88002de0() knlGS: > CS: 0010 DS: ES: CR0: 8005003b > CR2: CR3: 0600d000 CR4: 06f0 > DR0: DR1: DR2: