Re: porting kcov to android
From: Dmitry Vyukov
Date: Wed Jul 06 2016 - 01:24:53 EST
Well, something is broken.
Shadow in the report is complete mess (fc is heap redzone, while f4 is
stack redzone). I wonder if it is the bootstrap shadow page that is
used for both heap and stack. Or maybe we return poisoned pages to
pagealloc.
The first thing I would try is to disable stack and global
instrumentation (there are separate flags somewhere in the makefiles).
On Wed, Jul 6, 2016 at 6:57 AM, Baozeng <sploving1@xxxxxxxxx> wrote:
> Hello all,
> I backported KASAN to 3.10.102 stable kerenl
> (ca1199fccf14540e86f6da955333e31d6fec5f3e), based on Andrey Ryabinin's work
> (backport KASAN to RHEL7-based (3.10 based) OpenVZ kernel). I met the
> following kernel panic when starting the kernel using the following command:
>
> qemu-system-x86_64 -hda ./wheezy.img -snapshot -m 2048 -net nic -net
> user,host=10.0.2.10,hostfwd=tcp::51727-:22 -nographic -enable-kvm -numa
> node,nodeid=0,cpus=0-1 -numa node,nodeid=1,cpus=2-3 -smp
> sockets=2,cores=2,threads=1 -usb -usbdevice mouse -usbdevice tablet -soundhw
> all -kernel ./bzImage -append console=ttyS0 root=/dev/sda debug
> earlyprintk=serial slub_debug=UZ
>
> any suggestions?
>
> ==================================================================
> BUG: KASan: out of bounds access in usage_match+0x63/0x70 at addr
> ffff88002c81ff40
> Read of size 8 by task khubd/923
> =============================================================================
> BUG kmalloc-4096 (Not tainted): kasan: bad access detected
> -----------------------------------------------------------------------------
>
> Disabling lock debugging due to kernel taint
> INFO: Allocated in input_dev_pm_ops+0x520/0x5e0 age=131944943344261 cpu=0
> pid=-536871936
> 0x41b58ab3
> [< none >] vsock_dgram_ops+0x337bd3/0x3a5a50 ??:?
> [< none >] sysfs_new_dirent+0x0/0x410
> /linux-stable/fs/sysfs/dir.c:1027
> 0xffff88002c8209d8
> 0xffffed000590413c
> 0xdffffc0000000000
> 0xffff88002c8209e0
> 0xffff88002c820920
> [< none >] mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
> 0x1ffff1000590412f
> 0xffff88002c820958
> [< none >] sysfs_attr_ns+0x162/0x260
> /linux-stable/fs/sysfs/file.c:522
> 0x1ffff1000590412f
> 0xffff88002c820a18
> [< none >] dev_attr_uniq+0x0/0x60
> arch/x86/crypto/sha512-avx2-asm.o:?
> 0xffff8800280feae0
> INFO: Freed in sysfs_add_file_mode+0x141/0x2d0 age=6421765850 cpu=746719736
> pid=-30720
> 0x1242cf991f0
> 0xffffffff00000002
> 0x41b58ab3
> [< none >] vsock_dgram_ops+0x337b87/0x3a5a50 ??:?
> [< none >] sysfs_add_file_mode+0x0/0x2d0
> /linux-stable/fs/sysfs/file.c:693
> 0xffff88002cf998c8
> INFO: Slab 0xffffea0000b20600 objects=7 used=0 fp=0xffff88002c818000
> flags=0x1fc000000004080
> INFO: Object 0xffff88002c81f8c0 @offset=30912 fp=0x0000000000000002
>
>
> Redzone ffff88002c8208c0: 1a 41 90 05 00 f1 ff 1f
> .A......
> Padding ffff88002c8209f8: 40 0a 82 2c 00 88 ff ff
> @..,....
> CPU: 0 PID: 923 Comm: khubd Tainted: G B 3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
> ffff88002c818000 ffff88002c81fc60 ffffffff850cbe98 ffff88002c81fc90
> ffffffff81584f48 ffff88002d806f40 ffffea0000b20600 ffff88002c81f8c0
> 0000000000000000 ffff88002c81fcb8 ffffffff8158b731 ffffed0005903fe8
> Call Trace:
> Memory state around the buggy address:
> ffff88002c81fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff88002c81fe80: fc fc f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4
>>ffff88002c81ff00: f4 f4 f2 f2 f2 f2 fc fc fc fc fc fc fc fc f2 f2
> ^
> ffff88002c81ff80: f2 f2 fc fc fc fc fc fc fc fc f3 f3 f3 f3 fc fc
> ffff88002c820000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ==================================================================
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral
> protection fault: 0000 [#1] SMP KASAN
> Modules linked in:
> CPU: 0 PID: 923 Comm: khubd Tainted: G B 3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
> task: ffff88002cf991f0 ti: ffff88002c820000 task.ti: ffff88002c820000
> RIP: 0010:[<ffffffff8134328b>] [<ffffffff8134328b>]
> cpuacct_charge+0x1ab/0x490
> RSP: 0000:ffff88002de03be0 EFLAGS: 00010046
> RAX: dffffc001d5585dc RBX: 000000000000c5a0 RCX: 00000000eaac2ee0
> RDX: ffffffff869c2c60 RSI: 1ffffffff0c1a6c0 RDI: ffffffff860d3600
> RBP: ffff88002de03c28 R08: 0000000000000001 R09: 0000000000000001
> R10: 0000000000000020 R11: ffffed000fffb001 R12: ffffffff860d35a0
> R13: dffffc0000000000 R14: 00000000134c2dae R15: 000000002c820050
> FS: 0000000000000000(0000) GS:ffff88002de00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00000000ffffffff CR3: 000000000600d000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Stack:
> ffffffff81343182 00000000146efbea ffff88007ffd8008 ffff88007ffd801c
> ffff88002cf99238 ffff88002de124a8 0000000ee4d60d04 00000000134c2dae
> ffff88002cf99278 ffff88002de03c78 ffffffff81317811 ffffffff8119be42
> Call Trace:
> <IRQ>
> [< inline >] ? __rcu_read_lock
> /linux-stable/include/linux/rcupdate.h:198
> [< inline >] ? rcu_read_lock
> /linux-stable/include/linux/rcupdate.h:776
> [<ffffffff81343182>] ? cpuacct_charge+0xa2/0x490
> /linux-stable/kernel/sched/cpuacct.c:253
> [<ffffffff81317811>] update_curr+0x291/0x610
> /linux-stable/kernel/sched/fair.c:711
> [<ffffffff8119be42>] ? kvm_clock_read+0x62/0xc0
> /linux-stable/arch/x86/kernel/kvmclock.c:88
> [< inline >] entity_tick /linux-stable/kernel/sched/fair.c:1987
> [<ffffffff8131c070>] task_tick_fair+0x60/0x1430
> /linux-stable/kernel/sched/fair.c:5778
> [<ffffffff81309e68>] ? sched_clock_cpu+0x108/0x1b0
> /linux-stable/kernel/sched/clock.c:258
> [<ffffffff812ff07a>] scheduler_tick+0x29a/0x510
> /linux-stable/kernel/sched/core.c:2748
> [<ffffffff81281971>] update_process_times+0xa1/0xc0
> /linux-stable/kernel/timer.c:1362
> [<ffffffff81372528>] tick_sched_handle.isra.14+0xb8/0xf0
> /linux-stable/kernel/time/tick-sched.c:146
> [<ffffffff813725d0>] tick_sched_timer+0x70/0xa0
> /linux-stable/kernel/time/tick-sched.c:1100
> [<ffffffff812d39f7>] __run_hrtimer+0x127/0xd90
> /linux-stable/kernel/hrtimer.c:1276
> [<ffffffff81372560>] ? tick_sched_handle.isra.14+0xf0/0xf0
> /linux-stable/kernel/time/tick-sched.c:143
> [<ffffffff812d637d>] hrtimer_interrupt+0x32d/0x780
> /linux-stable/kernel/hrtimer.c:1365
> [<ffffffff812d6050>] ? hrtimer_get_next_event+0x150/0x150
> /linux-stable/kernel/hrtimer.c:1183
> [<ffffffff81377c52>] ? trace_hardirqs_off+0x12/0x20
> /linux-stable/kernel/lockdep.c:2642
> [<ffffffff81424e79>] ? rcu_irq_enter+0xb9/0x120
> /linux-stable/kernel/rcutree.c:627
> [< inline >] local_apic_timer_interrupt
> /linux-stable/arch/x86/kernel/apic/apic.c:911
> [<ffffffff81186547>] smp_apic_timer_interrupt+0xe7/0x180
> /linux-stable/arch/x86/kernel/apic/apic.c:938
> [<ffffffff8510a0b2>] apic_timer_interrupt+0x72/0x80
> /linux-stable/arch/x86/kernel/entry_64.S:1188
> <EOI>
> [< inline >] ? arch_local_irq_restore
> /linux-stable/arch/x86/include/asm/paravirt.h:829
> [< inline >] ? buffered_rmqueue /linux-stable/mm/page_alloc.c:1536
> [<ffffffff814d809e>] ? get_page_from_freelist+0x91e/0x19b0
> /linux-stable/mm/page_alloc.c:1974
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0
> /linux-stable/kernel/lockdep.c:2177
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0
> /linux-stable/kernel/lockdep.c:2177
> [<ffffffff814d7780>] ? free_reserved_area+0x1a0/0x1a0
> /linux-stable/arch/x86/include/asm/page_64.h:17
> [< inline >] ? arch_local_irq_restore
> /linux-stable/arch/x86/include/asm/paravirt.h:829
> [<ffffffff813813f3>] ? lock_is_held+0x153/0x1c0
> /linux-stable/kernel/lockdep.c:3640
> [<ffffffff814d994e>] __alloc_pages_nodemask+0x28e/0x14e0
> /linux-stable/mm/page_alloc.c:2663
> [<ffffffff813818e0>] ? debug_show_all_locks+0x480/0x480
> /linux-stable/kernel/lockdep.c:4162
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0
> /linux-stable/kernel/lockdep.c:2177
> [<ffffffff813a1303>] ? __module_text_address+0x13/0x150
> /linux-stable/kernel/module.c:3845
> [<ffffffff8158df07>] ? __asan_report_store8_noabort+0x17/0x20
> /linux-stable/mm/kasan/report.c:272
> [<ffffffff814d96c0>] ? __alloc_pages_direct_compact+0x590/0x590
> /linux-stable/include/linux/compaction.h:59
> [<ffffffff813823a8>] ? __lock_acquire+0xac8/0x49c0
> /linux-stable/kernel/lockdep.c:3081
> [< inline >] ? debug_spin_unlock
> /linux-stable/lib/spinlock_debug.c:102
> [<ffffffff82668db0>] ? do_raw_spin_unlock+0x100/0x260
> /linux-stable/lib/spinlock_debug.c:158
> [<ffffffff813818e0>] ? debug_show_all_locks+0x480/0x480
> /linux-stable/kernel/lockdep.c:4162
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0
> /linux-stable/kernel/lockdep.c:2177
> [<ffffffff813823a8>] ? __lock_acquire+0xac8/0x49c0
> /linux-stable/kernel/lockdep.c:3081
> [<ffffffff815789c1>] alloc_pages_current+0x181/0x390
> /linux-stable/mm/mempolicy.c:2051
> [< inline >] ? allocate_slab /linux-stable/mm/slub.c:1312
> [<ffffffff81586895>] ? new_slab+0x2e5/0x370 /linux-stable/mm/slub.c:1386
> [< inline >] alloc_pages /linux-stable/include/linux/gfp.h:334
> [< inline >] alloc_slab_page /linux-stable/mm/slub.c:1298
> [< inline >] allocate_slab /linux-stable/mm/slub.c:1322
> [<ffffffff815868bc>] new_slab+0x30c/0x370 /linux-stable/mm/slub.c:1386
> [< inline >] new_slab_objects /linux-stable/mm/slub.c:2162
> [<ffffffff81589364>] __slab_alloc+0x4b4/0x5d0 /linux-stable/mm/slub.c:2323
> [< inline >] ? kmem_cache_zalloc
> /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410
> /linux-stable/fs/sysfs/dir.c:381
> [< inline >] ? kmem_cache_zalloc
> /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410
> /linux-stable/fs/sysfs/dir.c:381
> [< inline >] ? arch_local_irq_restore
> /linux-stable/arch/x86/include/asm/paravirt.h:829
> [<ffffffff813813f3>] ? lock_is_held+0x153/0x1c0
> /linux-stable/kernel/lockdep.c:3640
> [< inline >] ? kmem_cache_zalloc
> /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410
> /linux-stable/fs/sysfs/dir.c:381
> [< inline >] slab_alloc_node /linux-stable/mm/slub.c:2397
> [< inline >] slab_alloc /linux-stable/mm/slub.c:2437
> [<ffffffff81589663>] kmem_cache_alloc+0x1e3/0x220
> /linux-stable/mm/slub.c:2442
> [< inline >] ? __mutex_unlock_common_slowpath
> /linux-stable/kernel/mutex.c:479
> [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410
> /linux-stable/kernel/mutex.c:488
> [< inline >] kmem_cache_zalloc
> /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] sysfs_new_dirent+0xf8/0x410
> /linux-stable/fs/sysfs/dir.c:381
> [<ffffffff8171b680>] ? sysfs_readdir+0x7d0/0x7d0
> /linux-stable/fs/sysfs/dir.c:1027
> [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20
> /linux-stable/kernel/mutex.c:252
> [<ffffffff81717412>] ? sysfs_attr_ns+0x162/0x260
> /linux-stable/fs/sysfs/file.c:522
> [<ffffffff81719161>] sysfs_add_file_mode+0x141/0x2d0
> /linux-stable/fs/sysfs/file.c:539
> [<ffffffff81719020>] ? sysfs_remove_file_from_group+0x170/0x170
> /linux-stable/fs/sysfs/file.c:693
> [< inline >] ? __mutex_unlock_common_slowpath
> /linux-stable/kernel/mutex.c:479
> [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410
> /linux-stable/kernel/mutex.c:488
> [<ffffffff8138025a>] ? trace_hardirqs_on_caller+0x30a/0x690
> /linux-stable/kernel/lockdep.c:2598
> [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20
> /linux-stable/kernel/lockdep.c:2604
> [<ffffffff850e6a97>] ? __mutex_unlock_slowpath+0x267/0x410
> /linux-stable/kernel/mutex.c:489
> [< inline >] create_files /linux-stable/fs/sysfs/group.c:48
> [<ffffffff81721b7f>] internal_create_group+0x31f/0x7b0
> /linux-stable/fs/sysfs/group.c:82
> [<ffffffff81721860>] ? unmap_bin_file+0x1b0/0x1b0 ??:?
> [<ffffffff8171e330>] ? sysfs_rename_link+0x2d0/0x2d0
> /linux-stable/fs/sysfs/symlink.c:214
> [<ffffffff8172202f>] sysfs_create_group+0x1f/0x30
> /linux-stable/fs/sysfs/group.c:104
> [<ffffffff82c2d9ab>] device_add_groups+0xab/0x150
> /linux-stable/drivers/base/core.c:472
> [< inline >] device_add_attrs /linux-stable/drivers/base/core.c:510
> [<ffffffff82c3218b>] device_add+0xd1b/0x1710
> /linux-stable/drivers/base/core.c:1080
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190
> /linux-stable/drivers/base/core.c:975
> [< inline >] ? do_init_timer /linux-stable/kernel/timer.c:634
> [<ffffffff8127cad7>] ? init_timer_key+0x157/0x4b0
> /linux-stable/kernel/timer.c:652
> [<ffffffff83717713>] input_register_device+0x503/0xc90
> /linux-stable/drivers/input/input.c:2085
> [<ffffffff83ef6dfa>] hidinput_connect+0xe4a/0xb550
> /linux-stable/drivers/hid/hid-input.c:1385
> [<ffffffff83ef5fb0>] ? hid_map_usage_clear.constprop.5+0x160/0x160
> /linux-stable/include/linux/hid.h:817
> [<ffffffff83f24520>] ? hid_irq_out+0x2e0/0x2e0
> /linux-stable/drivers/hid/usbhid/hid-core.c:458
> [<ffffffff812ca250>] ? wake_up_bit+0xf0/0xf0
> /linux-stable/include/linux/list.h:188
> [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20
> /linux-stable/kernel/lockdep.c:2604
> [< inline >] ? __raw_spin_unlock_irqrestore
> /linux-stable/include/linux/spinlock_api_smp.h:162
> [<ffffffff850ef48b>] ? _raw_spin_unlock_irqrestore+0x4b/0xb0
> /linux-stable/kernel/spinlock.c:177
> [< inline >] ? spin_unlock_irqrestore
> /linux-stable/include/linux/spinlock.h:348
> [<ffffffff83f2991e>] ? usbhid_submit_report+0x6e/0x80
> /linux-stable/drivers/hid/usbhid/hid-core.c:648
> [<ffffffff83eeb2b3>] hid_connect+0x923/0xc70
> /linux-stable/drivers/hid/hid-core.c:1479
> [<ffffffff8158d3b1>] ? memset+0x31/0x40 /linux-stable/mm/kasan/kasan.c:278
> [<ffffffff83eea990>] ? extract+0xc0/0xc0
> /linux-stable/drivers/hid/hid-core.c:998
> [< inline >] hid_hw_start /linux-stable/include/linux/hid.h:886
> [<ffffffff83eef381>] hid_device_probe+0x301/0x500
> /linux-stable/drivers/hid/hid-core.c:1955
> [<ffffffff83eef080>] ? hid_add_device+0x9e0/0x9e0
> /linux-stable/drivers/hid/hid-core.c:685
> [< inline >] really_probe /linux-stable/drivers/base/dd.c:302
> [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0
> /linux-stable/drivers/base/dd.c:399
> [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0
> /linux-stable/drivers/base/dd.c:313
> [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0
> /linux-stable/drivers/base/dd.c:412
> [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0
> /linux-stable/drivers/base/bus.c:451
> [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30
> /linux-stable/drivers/base/bus.c:797
> [<ffffffff82c3a68b>] device_attach+0x12b/0x180
> /linux-stable/drivers/base/dd.c:447
> [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0
> /linux-stable/drivers/base/bus.c:541
> [<ffffffff82c323aa>] device_add+0xf3a/0x1710
> /linux-stable/drivers/base/core.c:1099
> [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20
> /linux-stable/kernel/mutex.c:252
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190
> /linux-stable/drivers/base/core.c:975
> [<ffffffff820a0d01>] ? debugfs_create_file+0x51/0x70
> /linux-stable/fs/debugfs/inode.c:403
> [<ffffffff83eee98b>] hid_add_device+0x2eb/0x9e0
> /linux-stable/drivers/hid/hid-core.c:2406
> [<ffffffff83eee6a0>] ? hid_ignore+0x80/0x80
> /linux-stable/drivers/hid/hid-core.c:2295
> [<ffffffff83f2bc6a>] usbhid_probe+0xb1a/0x1100
> /linux-stable/drivers/hid/usbhid/hid-core.c:1364
> [<ffffffff8355e649>] usb_probe_interface+0x319/0x6e0
> /linux-stable/drivers/usb/core/driver.c:335
> [<ffffffff8355e330>] ? usb_match_dynamic_id+0x100/0x100
> /linux-stable/drivers/usb/core/driver.c:202
> [< inline >] really_probe /linux-stable/drivers/base/dd.c:302
> [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0
> /linux-stable/drivers/base/dd.c:399
> [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0
> /linux-stable/drivers/base/dd.c:313
> [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0
> /linux-stable/drivers/base/dd.c:412
> [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0
> /linux-stable/drivers/base/bus.c:451
> [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30
> /linux-stable/drivers/base/bus.c:797
> [<ffffffff82c3a68b>] device_attach+0x12b/0x180
> /linux-stable/drivers/base/dd.c:447
> [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0
> /linux-stable/drivers/base/bus.c:541
> [<ffffffff82c323aa>] device_add+0xf3a/0x1710
> /linux-stable/drivers/base/core.c:1099
> [< inline >] ? __mutex_unlock_common_slowpath
> /linux-stable/kernel/mutex.c:479
> [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410
> /linux-stable/kernel/mutex.c:488
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190
> /linux-stable/drivers/base/core.c:975
> [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20
> /linux-stable/kernel/mutex.c:252
> [< inline >] ? usb_device_supports_ltm
> /linux-stable/include/linux/usb.h:699
> [<ffffffff83531e87>] ? usb_enable_ltm+0x97/0x350
> /linux-stable/drivers/usb/core/hub.c:2855
> [<ffffffff8355a6d9>] usb_set_configuration+0xce9/0x17c0
> /linux-stable/drivers/usb/core/message.c:1898
> [<ffffffff83576afc>] generic_probe+0x6c/0xe0
> /linux-stable/drivers/usb/core/generic.c:171
> [<ffffffff8355c20f>] usb_probe_device+0x6f/0xc0
> /linux-stable/drivers/usb/core/driver.c:231
> [<ffffffff8355c1a0>] ? usb_register_device_driver+0x2a0/0x2a0
> /linux-stable/drivers/usb/core/driver.c:841
> [< inline >] really_probe /linux-stable/drivers/base/dd.c:302
> [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0
> /linux-stable/drivers/base/dd.c:399
> [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0
> /linux-stable/drivers/base/dd.c:313
> [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0
> /linux-stable/drivers/base/dd.c:412
> [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0
> /linux-stable/drivers/base/bus.c:451
> [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30
> /linux-stable/drivers/base/bus.c:797
> [<ffffffff82c3a68b>] device_attach+0x12b/0x180
> /linux-stable/drivers/base/dd.c:447
> [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0
> /linux-stable/drivers/base/bus.c:541
> [<ffffffff82c323aa>] device_add+0xf3a/0x1710
> /linux-stable/drivers/base/core.c:1099
> [<ffffffff82c2fd70>] ? dev_notice+0xf0/0xf0
> /linux-stable/drivers/base/core.c:2039
> [<ffffffff829ea425>] ? add_device_randomness+0xe5/0x130
> /linux-stable/drivers/char/random.c:651
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190
> /linux-stable/drivers/base/core.c:975
> [< inline >] ? slab_free /linux-stable/mm/slub.c:2661
> [<ffffffff81588681>] ? kfree+0x271/0x290 /linux-stable/mm/slub.c:3411
> [<ffffffff82c393ea>] ? dev_get_drvdata+0x6a/0x90
> /linux-stable/drivers/base/dd.c:598
> [<ffffffff8353c5bd>] usb_new_device+0x76d/0xd20
> /linux-stable/drivers/usb/core/hub.c:2399
> [< inline >] hub_port_connect_change
> /linux-stable/drivers/usb/core/hub.c:4604
> [< inline >] hub_events /linux-stable/drivers/usb/core/hub.c:4893
> [<ffffffff835402bb>] hub_thread+0x138b/0x3ea0
> /linux-stable/drivers/usb/core/hub.c:4953
> [<ffffffff8353ef30>] ? hub_port_debounce+0x310/0x310
> /linux-stable/drivers/usb/core/hub.c:3965
> [< inline >] ? arch_local_irq_restore
> /linux-stable/arch/x86/include/asm/paravirt.h:829
> [<ffffffff813885d0>] ? lock_acquire+0x1b0/0x520
> /linux-stable/kernel/lockdep.c:3604
> [<ffffffff8132a34b>] ? idle_balance+0x45b/0x6e0
> /linux-stable/kernel/sched/fair.c:5306
> [< inline >] ? debug_spin_lock_after
> /linux-stable/lib/spinlock_debug.c:91
> [<ffffffff826689ab>] ? do_raw_spin_lock+0x20b/0x400
> /linux-stable/lib/spinlock_debug.c:138
> [<ffffffff812f3960>] ? perf_trace_sched_process_exec+0x460/0x460
> /linux-stable/arch/x86/include/asm/stacktrace.h:112
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0
> /linux-stable/kernel/lockdep.c:2177
> [<ffffffff8137fecd>] ? mark_held_locks+0x2ad/0x330
> /linux-stable/kernel/lockdep.c:2525
> [< inline >] ? __raw_spin_unlock_irq
> /linux-stable/include/linux/spinlock_api_smp.h:169
> [<ffffffff850ef3ec>] ? _raw_spin_unlock_irq+0x2c/0x80
> /linux-stable/kernel/spinlock.c:185
> [<ffffffff8138025a>] ? trace_hardirqs_on_caller+0x30a/0x690
> /linux-stable/kernel/lockdep.c:2598
> [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20
> /linux-stable/kernel/lockdep.c:2604
> [< inline >] ? __raw_spin_unlock_irq
> /linux-stable/include/linux/spinlock_api_smp.h:169
> [<ffffffff850ef3ec>] ? _raw_spin_unlock_irq+0x2c/0x80
> /linux-stable/kernel/spinlock.c:185
> [< inline >] ? finish_lock_switch
> /linux-stable/kernel/sched/sched.h:848
> [<ffffffff812ed159>] ? finish_task_switch+0xf9/0x260
> /linux-stable/kernel/sched/core.c:1900
> [< inline >] ? finish_lock_switch
> /linux-stable/kernel/sched/sched.h:839
> [<ffffffff812ed12d>] ? finish_task_switch+0xcd/0x260
> /linux-stable/kernel/sched/core.c:1900
> [<ffffffff812ca250>] ? wake_up_bit+0xf0/0xf0
> /linux-stable/include/linux/list.h:188
> [<ffffffff812c72ed>] ? __kthread_parkme+0xed/0x170
> /linux-stable/kernel/kthread.c:162
> [<ffffffff8353ef30>] ? hub_port_debounce+0x310/0x310
> /linux-stable/drivers/usb/core/hub.c:3965
> [<ffffffff812c8283>] kthread+0x1d3/0x240
> /linux-stable/drivers/block/aoe/aoecmd.c:1303
> [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530
> /linux-stable/include/linux/list.h:27
> [<ffffffff812fda31>] ? schedule_tail+0x31/0x210
> /linux-stable/kernel/sched/core.c:1963
> [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530
> /linux-stable/include/linux/list.h:27
> [<ffffffff85109218>] ret_from_fork+0x58/0x90
> /linux-stable/arch/x86/kernel/entry_64.S:573
> [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530
> /linux-stable/include/linux/list.h:27
> Code: 0f 85 17 02 00 00 4c 8b 63 68 4d 85 e4 74 77 49 8d 7c 24 60 48 89 fe
> 48 c1 ee 03 42 80 3c 2e 00 0f 85 2d 02 00 00 49 8b 5c 24 60 <80> 38 00 0f 85
> b7 02 00 00 4a 03 1c fa 48 89 de 48 c1 ee 03 42
> RIP [<ffffffff8134328b>] cpuacct_charge+0x1ab/0x490
> /linux-stable/kernel/sched/cpuacct.c:258
> RSP <ffff88002de03be0>
> ---[ end trace 4d690b5b318b4d40 ]---
> Kernel panic - not syncing: Fatal exception in interrupt
>
>
>
> 2016-06-20 22:06 GMT+08:00 Kuthonuzo Luruo <poll.stdin@xxxxxxxxx>:
>>
>> Heh, I backported KASAN to 2.6.32 kernel. Biggest difficulty was shadow
>> memory inititialization due to differences in early boot code with 4.x
>> kernel.
>>
>> Kuthonuzo
>>
>>
>> On Mon, Jun 20, 2016 at 7:10 PM, 'Alexander Potapenko' via syzkaller
>> <syzkaller@xxxxxxxxxxxxxxxx> wrote:
>>>
>>> Hi,
>>>
>>> On Mon, Jun 20, 2016 at 3:36 PM, Baozeng <sploving1@xxxxxxxxx> wrote:
>>> > Hello all,
>>> > As we know syzkaller could use KASAN to find more memory bugs. Has
>>> > anyone ported KASAN to older version of kernel, for instance 3.10 ?
>>> > (Most
>>> > of current android's kernel version is 3.10 or evern older). Thanks.
>>>
>>> I've ported KASAN to 3.14 and 3.18, but I wouldn't call that a
>>> pleasant experience. Feel free to ask your questions though.
>>> > Best Regards,
>>> > Baozeng
>>> >
>>> > 2016-06-15 17:02 GMT+08:00 Alexander Potapenko <glider@xxxxxxxxxx>:
>>> >>
>>> >> Baozeng,
>>> >>
>>> >> In order to use ConsoleDev you'll need a serial port support in the
>>> >> kernel, and an external serial port attached to the Android device.
>>> >> If you don't have a serial port, you'll probably need to change adb.go
>>> >> to read the dmesg output from adb shell.
>>> >>
>>> >> HTH,
>>> >> Alex
>>> >>
>>> >> On Wed, Jun 15, 2016 at 2:46 AM, Baozeng <sploving1@xxxxxxxxx> wrote:
>>> >> > Thank you Alexander. We will have a try.
>>> >> > Dmitry, I have another stupid question. I took a look at the adb.go,
>>> >> > and
>>> >> > find a ConsoleDev config. Could you give me an example how to use
>>> >> > it?
>>> >> > how
>>> >> > to use a "cat " command to get the log from the console device. Does
>>> >> > it
>>> >> > need
>>> >> > to install any other tool to debug the android device, like this
>>> >> > https://developer.chrome.com/devtools/docs/remote-debugging? Thank
>>> >> > you
>>> >> > in
>>> >> > advance.
>>> >> >
>>> >> > 2016-06-14 21:32 GMT+08:00 Alexander Potapenko <glider@xxxxxxxxxx>:
>>> >> >>
>>> >> >> Hi Baozeng,
>>> >> >>
>>> >> >> You may want to take a look at the discussion at
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> http://lists.infradead.org/pipermail/linux-arm-kernel/2016-March/419034.html,
>>> >> >> namely at the list of files for which kcov instrumentation should
>>> >> >> be
>>> >> >> disabled.
>>> >> >> If your kernel doesn't boot, try carpet-disabling
>>> >> >> arch/arm64/boot/*
>>> >> >> and arch/arm64/kernel/*, and then you can bisect further.
>>> >> >>
>>> >> >> Alex
>>> >> >>
>>> >> >> On Tue, Jun 14, 2016 at 11:31 AM, Dmitry Vyukov <dvyukov@xxxxxxxxx>
>>> >> >> wrote:
>>> >> >> > On Tue, Jun 14, 2016 at 11:21 AM, Baozeng <sploving1@xxxxxxxxx>
>>> >> >> > wrote:
>>> >> >> >> Hi Dmitry,
>>> >> >> >> We've ported kcov to arm64 android kernel (nexus 6P
>>> >> >> >> device).
>>> >> >> >> But
>>> >> >> >> it
>>> >> >> >> cannot boot. The size of the kernel is 1.3 M larger than the
>>> >> >> >> origin
>>> >> >> >> one
>>> >> >> >> without kcov. Does this affect the booting of the android
>>> >> >> >> device?
>>> >> >> >
>>> >> >> > +syzkaller mailing list
>>> >> >> >
>>> >> >> > Hi Baozeng,
>>> >> >> >
>>> >> >> > We've ported kcov to arm64 and use it with some Android devices.
>>> >> >> > +Alexander knows more. Did we mail the patches upstream?
>>> >> >> >
>>> >> >> > The boot issue is most likely to bad interaction of kcov
>>> >> >> > instrumentation with some early bootstrap files. Most likely you
>>> >> >> > need
>>> >> >> > to disable instrumentation of some boot files.
>>> >> >> >
>>> >> >> > --
>>> >> >> > You received this message because you are subscribed to the
>>> >> >> > Google
>>> >> >> > Groups "syzkaller" group.
>>> >> >> > To unsubscribe from this group and stop receiving emails from it,
>>> >> >> > send
>>> >> >> > an email to syzkaller+unsubscribe@xxxxxxxxxxxxxxxxx
>>> >> >> > For more options, visit https://groups.google.com/d/optout.
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >> Alexander Potapenko
>>> >> >> Software Engineer
>>> >> >>
>>> >> >> Google Germany GmbH
>>> >> >> Erika-Mann-StraÃe, 33
>>> >> >> 80636 MÃnchen
>>> >> >>
>>> >> >> GeschÃftsfÃhrer: Matthew Scott Sucherman, Paul Terence Manicle
>>> >> >> Registergericht und -nummer: Hamburg, HRB 86891
>>> >> >> Sitz der Gesellschaft: Hamburg
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > Best Regards,
>>> >> > Baozeng Ding
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Alexander Potapenko
>>> >> Software Engineer
>>> >>
>>> >> Google Germany GmbH
>>> >> Erika-Mann-StraÃe, 33
>>> >> 80636 MÃnchen
>>> >>
>>> >> GeschÃftsfÃhrer: Matthew Scott Sucherman, Paul Terence Manicle
>>> >> Registergericht und -nummer: Hamburg, HRB 86891
>>> >> Sitz der Gesellschaft: Hamburg
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Best Regards,
>>> > Baozeng Ding
>>> >
>>>
>>>
>>>
>>> --
>>> Alexander Potapenko
>>> Software Engineer
>>>
>>> Google Germany GmbH
>>> Erika-Mann-StraÃe, 33
>>> 80636 MÃnchen
>>>
>>> GeschÃftsfÃhrer: Matthew Scott Sucherman, Paul Terence Manicle
>>> Registergericht und -nummer: Hamburg, HRB 86891
>>> Sitz der Gesellschaft: Hamburg
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "syzkaller" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to syzkaller+unsubscribe@xxxxxxxxxxxxxxxxx
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>
>
>
> --
> Best Regards,
> Baozeng Ding
>