[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7156fdff-2ad9-b1f9-ff13-eb51e22e9261@gmail.com>
Date: Wed, 6 Jul 2016 13:08:17 +0800
From: Baozeng Ding <sploving1@...il.com>
To: Kuthonuzo Luruo <poll.stdin@...il.com>
Cc: syzkaller <syzkaller@...glegroups.com>,
Dmitry Vyukov <dvyukov@...gle.com>, aryabinin@...tuozzo.com,
linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org
Subject: Re: porting kcov to android
+ attachment for the patch.
On 2016/7/6 12:57, Baozeng wrote:
> Hello all,
> I backported KASAN to 3.10.102 stable kerenl (ca1199fccf14540e86f6da955333e31d6fec5f3e), based on Andrey Ryabinin's work (backport KASAN to RHEL7-based (3.10 based) OpenVZ kernel). I met the following kernel panic when starting the kernel using the following command:
>
> qemu-system-x86_64 -hda ./wheezy.img -snapshot -m 2048 -net nic -net user,host=10.0.2.10,hostfwd=tcp::51727-:22 -nographic -enable-kvm -numa node,nodeid=0,cpus=0-1 -numa node,nodeid=1,cpus=2-3 -smp sockets=2,cores=2,threads=1 -usb -usbdevice mouse -usbdevice tablet -soundhw all -kernel ./bzImage -append console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=UZ
>
> any suggestions?
>
> ==================================================================
> BUG: KASan: out of bounds access in usage_match+0x63/0x70 at addr ffff88002c81ff40
> Read of size 8 by task khubd/923
> =============================================================================
> BUG kmalloc-4096 (Not tainted): kasan: bad access detected
> -----------------------------------------------------------------------------
>
> Disabling lock debugging due to kernel taint
> INFO: Allocated in input_dev_pm_ops+0x520/0x5e0 age=131944943344261 cpu=0 pid=-536871936
> 0x41b58ab3
> [< none >] vsock_dgram_ops+0x337bd3/0x3a5a50 ??:?
> [< none >] sysfs_new_dirent+0x0/0x410 /linux-stable/fs/sysfs/dir.c:1027
> 0xffff88002c8209d8
> 0xffffed000590413c
> 0xdffffc0000000000
> 0xffff88002c8209e0
> 0xffff88002c820920
> [< none >] mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
> 0x1ffff1000590412f
> 0xffff88002c820958
> [< none >] sysfs_attr_ns+0x162/0x260 /linux-stable/fs/sysfs/file.c:522
> 0x1ffff1000590412f
> 0xffff88002c820a18
> [< none >] dev_attr_uniq+0x0/0x60 arch/x86/crypto/sha512-avx2-asm.o:?
> 0xffff8800280feae0
> INFO: Freed in sysfs_add_file_mode+0x141/0x2d0 age=6421765850 cpu=746719736 pid=-30720
> 0x1242cf991f0
> 0xffffffff00000002
> 0x41b58ab3
> [< none >] vsock_dgram_ops+0x337b87/0x3a5a50 ??:?
> [< none >] sysfs_add_file_mode+0x0/0x2d0 /linux-stable/fs/sysfs/file.c:693
> 0xffff88002cf998c8
> INFO: Slab 0xffffea0000b20600 objects=7 used=0 fp=0xffff88002c818000 flags=0x1fc000000004080
> INFO: Object 0xffff88002c81f8c0 @offset=30912 fp=0x0000000000000002
>
>
> Redzone ffff88002c8208c0: 1a 41 90 05 00 f1 ff 1f .A......
> Padding ffff88002c8209f8: 40 0a 82 2c 00 88 ff ff @..,....
> CPU: 0 PID: 923 Comm: khubd Tainted: G B 3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org <http://qemu-project.org> 04/01/2014
> ffff88002c818000 ffff88002c81fc60 ffffffff850cbe98 ffff88002c81fc90
> ffffffff81584f48 ffff88002d806f40 ffffea0000b20600 ffff88002c81f8c0
> 0000000000000000 ffff88002c81fcb8 ffffffff8158b731 ffffed0005903fe8
> Call Trace:
> Memory state around the buggy address:
> ffff88002c81fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff88002c81fe80: fc fc f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4
>>ffff88002c81ff00: f4 f4 f2 f2 f2 f2 fc fc fc fc fc fc fc fc f2 f2
> ^
> ffff88002c81ff80: f2 f2 fc fc fc fc fc fc fc fc f3 f3 f3 f3 fc fc
> ffff88002c820000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ==================================================================
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] SMP KASAN
> Modules linked in:
> CPU: 0 PID: 923 Comm: khubd Tainted: G B 3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org <http://qemu-project.org> 04/01/2014
> task: ffff88002cf991f0 ti: ffff88002c820000 task.ti: ffff88002c820000
> RIP: 0010:[<ffffffff8134328b>] [<ffffffff8134328b>] cpuacct_charge+0x1ab/0x490
> RSP: 0000:ffff88002de03be0 EFLAGS: 00010046
> RAX: dffffc001d5585dc RBX: 000000000000c5a0 RCX: 00000000eaac2ee0
> RDX: ffffffff869c2c60 RSI: 1ffffffff0c1a6c0 RDI: ffffffff860d3600
> RBP: ffff88002de03c28 R08: 0000000000000001 R09: 0000000000000001
> R10: 0000000000000020 R11: ffffed000fffb001 R12: ffffffff860d35a0
> R13: dffffc0000000000 R14: 00000000134c2dae R15: 000000002c820050
> FS: 0000000000000000(0000) GS:ffff88002de00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00000000ffffffff CR3: 000000000600d000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Stack:
> ffffffff81343182 00000000146efbea ffff88007ffd8008 ffff88007ffd801c
> ffff88002cf99238 ffff88002de124a8 0000000ee4d60d04 00000000134c2dae
> ffff88002cf99278 ffff88002de03c78 ffffffff81317811 ffffffff8119be42
> Call Trace:
> <IRQ>
> [< inline >] ? __rcu_read_lock /linux-stable/include/linux/rcupdate.h:198
> [< inline >] ? rcu_read_lock /linux-stable/include/linux/rcupdate.h:776
> [<ffffffff81343182>] ? cpuacct_charge+0xa2/0x490 /linux-stable/kernel/sched/cpuacct.c:253
> [<ffffffff81317811>] update_curr+0x291/0x610 /linux-stable/kernel/sched/fair.c:711
> [<ffffffff8119be42>] ? kvm_clock_read+0x62/0xc0 /linux-stable/arch/x86/kernel/kvmclock.c:88
> [< inline >] entity_tick /linux-stable/kernel/sched/fair.c:1987
> [<ffffffff8131c070>] task_tick_fair+0x60/0x1430 /linux-stable/kernel/sched/fair.c:5778
> [<ffffffff81309e68>] ? sched_clock_cpu+0x108/0x1b0 /linux-stable/kernel/sched/clock.c:258
> [<ffffffff812ff07a>] scheduler_tick+0x29a/0x510 /linux-stable/kernel/sched/core.c:2748
> [<ffffffff81281971>] update_process_times+0xa1/0xc0 /linux-stable/kernel/timer.c:1362
> [<ffffffff81372528>] tick_sched_handle.isra.14+0xb8/0xf0 /linux-stable/kernel/time/tick-sched.c:146
> [<ffffffff813725d0>] tick_sched_timer+0x70/0xa0 /linux-stable/kernel/time/tick-sched.c:1100
> [<ffffffff812d39f7>] __run_hrtimer+0x127/0xd90 /linux-stable/kernel/hrtimer.c:1276
> [<ffffffff81372560>] ? tick_sched_handle.isra.14+0xf0/0xf0 /linux-stable/kernel/time/tick-sched.c:143
> [<ffffffff812d637d>] hrtimer_interrupt+0x32d/0x780 /linux-stable/kernel/hrtimer.c:1365
> [<ffffffff812d6050>] ? hrtimer_get_next_event+0x150/0x150 /linux-stable/kernel/hrtimer.c:1183
> [<ffffffff81377c52>] ? trace_hardirqs_off+0x12/0x20 /linux-stable/kernel/lockdep.c:2642
> [<ffffffff81424e79>] ? rcu_irq_enter+0xb9/0x120 /linux-stable/kernel/rcutree.c:627
> [< inline >] local_apic_timer_interrupt /linux-stable/arch/x86/kernel/apic/apic.c:911
> [<ffffffff81186547>] smp_apic_timer_interrupt+0xe7/0x180 /linux-stable/arch/x86/kernel/apic/apic.c:938
> [<ffffffff8510a0b2>] apic_timer_interrupt+0x72/0x80 /linux-stable/arch/x86/kernel/entry_64.S:1188
> <EOI>
> [< inline >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
> [< inline >] ? buffered_rmqueue /linux-stable/mm/page_alloc.c:1536
> [<ffffffff814d809e>] ? get_page_from_freelist+0x91e/0x19b0 /linux-stable/mm/page_alloc.c:1974
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
> [<ffffffff814d7780>] ? free_reserved_area+0x1a0/0x1a0 /linux-stable/arch/x86/include/asm/page_64.h:17
> [< inline >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
> [<ffffffff813813f3>] ? lock_is_held+0x153/0x1c0 /linux-stable/kernel/lockdep.c:3640
> [<ffffffff814d994e>] __alloc_pages_nodemask+0x28e/0x14e0 /linux-stable/mm/page_alloc.c:2663
> [<ffffffff813818e0>] ? debug_show_all_locks+0x480/0x480 /linux-stable/kernel/lockdep.c:4162
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
> [<ffffffff813a1303>] ? __module_text_address+0x13/0x150 /linux-stable/kernel/module.c:3845
> [<ffffffff8158df07>] ? __asan_report_store8_noabort+0x17/0x20 /linux-stable/mm/kasan/report.c:272
> [<ffffffff814d96c0>] ? __alloc_pages_direct_compact+0x590/0x590 /linux-stable/include/linux/compaction.h:59
> [<ffffffff813823a8>] ? __lock_acquire+0xac8/0x49c0 /linux-stable/kernel/lockdep.c:3081
> [< inline >] ? debug_spin_unlock /linux-stable/lib/spinlock_debug.c:102
> [<ffffffff82668db0>] ? do_raw_spin_unlock+0x100/0x260 /linux-stable/lib/spinlock_debug.c:158
> [<ffffffff813818e0>] ? debug_show_all_locks+0x480/0x480 /linux-stable/kernel/lockdep.c:4162
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
> [<ffffffff813823a8>] ? __lock_acquire+0xac8/0x49c0 /linux-stable/kernel/lockdep.c:3081
> [<ffffffff815789c1>] alloc_pages_current+0x181/0x390 /linux-stable/mm/mempolicy.c:2051
> [< inline >] ? allocate_slab /linux-stable/mm/slub.c:1312
> [<ffffffff81586895>] ? new_slab+0x2e5/0x370 /linux-stable/mm/slub.c:1386
> [< inline >] alloc_pages /linux-stable/include/linux/gfp.h:334
> [< inline >] alloc_slab_page /linux-stable/mm/slub.c:1298
> [< inline >] allocate_slab /linux-stable/mm/slub.c:1322
> [<ffffffff815868bc>] new_slab+0x30c/0x370 /linux-stable/mm/slub.c:1386
> [< inline >] new_slab_objects /linux-stable/mm/slub.c:2162
> [<ffffffff81589364>] __slab_alloc+0x4b4/0x5d0 /linux-stable/mm/slub.c:2323
> [< inline >] ? kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
> [< inline >] ? kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
> [< inline >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
> [<ffffffff813813f3>] ? lock_is_held+0x153/0x1c0 /linux-stable/kernel/lockdep.c:3640
> [< inline >] ? kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
> [< inline >] slab_alloc_node /linux-stable/mm/slub.c:2397
> [< inline >] slab_alloc /linux-stable/mm/slub.c:2437
> [<ffffffff81589663>] kmem_cache_alloc+0x1e3/0x220 /linux-stable/mm/slub.c:2442
> [< inline >] ? __mutex_unlock_common_slowpath /linux-stable/kernel/mutex.c:479
> [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410 /linux-stable/kernel/mutex.c:488
> [< inline >] kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
> [<ffffffff8171b778>] sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
> [<ffffffff8171b680>] ? sysfs_readdir+0x7d0/0x7d0 /linux-stable/fs/sysfs/dir.c:1027
> [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
> [<ffffffff81717412>] ? sysfs_attr_ns+0x162/0x260 /linux-stable/fs/sysfs/file.c:522
> [<ffffffff81719161>] sysfs_add_file_mode+0x141/0x2d0 /linux-stable/fs/sysfs/file.c:539
> [<ffffffff81719020>] ? sysfs_remove_file_from_group+0x170/0x170 /linux-stable/fs/sysfs/file.c:693
> [< inline >] ? __mutex_unlock_common_slowpath /linux-stable/kernel/mutex.c:479
> [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410 /linux-stable/kernel/mutex.c:488
> [<ffffffff8138025a>] ? trace_hardirqs_on_caller+0x30a/0x690 /linux-stable/kernel/lockdep.c:2598
> [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20 /linux-stable/kernel/lockdep.c:2604
> [<ffffffff850e6a97>] ? __mutex_unlock_slowpath+0x267/0x410 /linux-stable/kernel/mutex.c:489
> [< inline >] create_files /linux-stable/fs/sysfs/group.c:48
> [<ffffffff81721b7f>] internal_create_group+0x31f/0x7b0 /linux-stable/fs/sysfs/group.c:82
> [<ffffffff81721860>] ? unmap_bin_file+0x1b0/0x1b0 ??:?
> [<ffffffff8171e330>] ? sysfs_rename_link+0x2d0/0x2d0 /linux-stable/fs/sysfs/symlink.c:214
> [<ffffffff8172202f>] sysfs_create_group+0x1f/0x30 /linux-stable/fs/sysfs/group.c:104
> [<ffffffff82c2d9ab>] device_add_groups+0xab/0x150 /linux-stable/drivers/base/core.c:472
> [< inline >] device_add_attrs /linux-stable/drivers/base/core.c:510
> [<ffffffff82c3218b>] device_add+0xd1b/0x1710 /linux-stable/drivers/base/core.c:1080
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
> [< inline >] ? do_init_timer /linux-stable/kernel/timer.c:634
> [<ffffffff8127cad7>] ? init_timer_key+0x157/0x4b0 /linux-stable/kernel/timer.c:652
> [<ffffffff83717713>] input_register_device+0x503/0xc90 /linux-stable/drivers/input/input.c:2085
> [<ffffffff83ef6dfa>] hidinput_connect+0xe4a/0xb550 /linux-stable/drivers/hid/hid-input.c:1385
> [<ffffffff83ef5fb0>] ? hid_map_usage_clear.constprop.5+0x160/0x160 /linux-stable/include/linux/hid.h:817
> [<ffffffff83f24520>] ? hid_irq_out+0x2e0/0x2e0 /linux-stable/drivers/hid/usbhid/hid-core.c:458
> [<ffffffff812ca250>] ? wake_up_bit+0xf0/0xf0 /linux-stable/include/linux/list.h:188
> [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20 /linux-stable/kernel/lockdep.c:2604
> [< inline >] ? __raw_spin_unlock_irqrestore /linux-stable/include/linux/spinlock_api_smp.h:162
> [<ffffffff850ef48b>] ? _raw_spin_unlock_irqrestore+0x4b/0xb0 /linux-stable/kernel/spinlock.c:177
> [< inline >] ? spin_unlock_irqrestore /linux-stable/include/linux/spinlock.h:348
> [<ffffffff83f2991e>] ? usbhid_submit_report+0x6e/0x80 /linux-stable/drivers/hid/usbhid/hid-core.c:648
> [<ffffffff83eeb2b3>] hid_connect+0x923/0xc70 /linux-stable/drivers/hid/hid-core.c:1479
> [<ffffffff8158d3b1>] ? memset+0x31/0x40 /linux-stable/mm/kasan/kasan.c:278
> [<ffffffff83eea990>] ? extract+0xc0/0xc0 /linux-stable/drivers/hid/hid-core.c:998
> [< inline >] hid_hw_start /linux-stable/include/linux/hid.h:886
> [<ffffffff83eef381>] hid_device_probe+0x301/0x500 /linux-stable/drivers/hid/hid-core.c:1955
> [<ffffffff83eef080>] ? hid_add_device+0x9e0/0x9e0 /linux-stable/drivers/hid/hid-core.c:685
> [< inline >] really_probe /linux-stable/drivers/base/dd.c:302
> [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0 /linux-stable/drivers/base/dd.c:399
> [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0 /linux-stable/drivers/base/dd.c:313
> [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0 /linux-stable/drivers/base/dd.c:412
> [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0 /linux-stable/drivers/base/bus.c:451
> [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30 /linux-stable/drivers/base/bus.c:797
> [<ffffffff82c3a68b>] device_attach+0x12b/0x180 /linux-stable/drivers/base/dd.c:447
> [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0 /linux-stable/drivers/base/bus.c:541
> [<ffffffff82c323aa>] device_add+0xf3a/0x1710 /linux-stable/drivers/base/core.c:1099
> [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
> [<ffffffff820a0d01>] ? debugfs_create_file+0x51/0x70 /linux-stable/fs/debugfs/inode.c:403
> [<ffffffff83eee98b>] hid_add_device+0x2eb/0x9e0 /linux-stable/drivers/hid/hid-core.c:2406
> [<ffffffff83eee6a0>] ? hid_ignore+0x80/0x80 /linux-stable/drivers/hid/hid-core.c:2295
> [<ffffffff83f2bc6a>] usbhid_probe+0xb1a/0x1100 /linux-stable/drivers/hid/usbhid/hid-core.c:1364
> [<ffffffff8355e649>] usb_probe_interface+0x319/0x6e0 /linux-stable/drivers/usb/core/driver.c:335
> [<ffffffff8355e330>] ? usb_match_dynamic_id+0x100/0x100 /linux-stable/drivers/usb/core/driver.c:202
> [< inline >] really_probe /linux-stable/drivers/base/dd.c:302
> [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0 /linux-stable/drivers/base/dd.c:399
> [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0 /linux-stable/drivers/base/dd.c:313
> [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0 /linux-stable/drivers/base/dd.c:412
> [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0 /linux-stable/drivers/base/bus.c:451
> [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30 /linux-stable/drivers/base/bus.c:797
> [<ffffffff82c3a68b>] device_attach+0x12b/0x180 /linux-stable/drivers/base/dd.c:447
> [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0 /linux-stable/drivers/base/bus.c:541
> [<ffffffff82c323aa>] device_add+0xf3a/0x1710 /linux-stable/drivers/base/core.c:1099
> [< inline >] ? __mutex_unlock_common_slowpath /linux-stable/kernel/mutex.c:479
> [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410 /linux-stable/kernel/mutex.c:488
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
> [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
> [< inline >] ? usb_device_supports_ltm /linux-stable/include/linux/usb.h:699
> [<ffffffff83531e87>] ? usb_enable_ltm+0x97/0x350 /linux-stable/drivers/usb/core/hub.c:2855
> [<ffffffff8355a6d9>] usb_set_configuration+0xce9/0x17c0 /linux-stable/drivers/usb/core/message.c:1898
> [<ffffffff83576afc>] generic_probe+0x6c/0xe0 /linux-stable/drivers/usb/core/generic.c:171
> [<ffffffff8355c20f>] usb_probe_device+0x6f/0xc0 /linux-stable/drivers/usb/core/driver.c:231
> [<ffffffff8355c1a0>] ? usb_register_device_driver+0x2a0/0x2a0 /linux-stable/drivers/usb/core/driver.c:841
> [< inline >] really_probe /linux-stable/drivers/base/dd.c:302
> [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0 /linux-stable/drivers/base/dd.c:399
> [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0 /linux-stable/drivers/base/dd.c:313
> [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0 /linux-stable/drivers/base/dd.c:412
> [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0 /linux-stable/drivers/base/bus.c:451
> [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30 /linux-stable/drivers/base/bus.c:797
> [<ffffffff82c3a68b>] device_attach+0x12b/0x180 /linux-stable/drivers/base/dd.c:447
> [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0 /linux-stable/drivers/base/bus.c:541
> [<ffffffff82c323aa>] device_add+0xf3a/0x1710 /linux-stable/drivers/base/core.c:1099
> [<ffffffff82c2fd70>] ? dev_notice+0xf0/0xf0 /linux-stable/drivers/base/core.c:2039
> [<ffffffff829ea425>] ? add_device_randomness+0xe5/0x130 /linux-stable/drivers/char/random.c:651
> [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
> [< inline >] ? slab_free /linux-stable/mm/slub.c:2661
> [<ffffffff81588681>] ? kfree+0x271/0x290 /linux-stable/mm/slub.c:3411
> [<ffffffff82c393ea>] ? dev_get_drvdata+0x6a/0x90 /linux-stable/drivers/base/dd.c:598
> [<ffffffff8353c5bd>] usb_new_device+0x76d/0xd20 /linux-stable/drivers/usb/core/hub.c:2399
> [< inline >] hub_port_connect_change /linux-stable/drivers/usb/core/hub.c:4604
> [< inline >] hub_events /linux-stable/drivers/usb/core/hub.c:4893
> [<ffffffff835402bb>] hub_thread+0x138b/0x3ea0 /linux-stable/drivers/usb/core/hub.c:4953
> [<ffffffff8353ef30>] ? hub_port_debounce+0x310/0x310 /linux-stable/drivers/usb/core/hub.c:3965
> [< inline >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
> [<ffffffff813885d0>] ? lock_acquire+0x1b0/0x520 /linux-stable/kernel/lockdep.c:3604
> [<ffffffff8132a34b>] ? idle_balance+0x45b/0x6e0 /linux-stable/kernel/sched/fair.c:5306
> [< inline >] ? debug_spin_lock_after /linux-stable/lib/spinlock_debug.c:91
> [<ffffffff826689ab>] ? do_raw_spin_lock+0x20b/0x400 /linux-stable/lib/spinlock_debug.c:138
> [<ffffffff812f3960>] ? perf_trace_sched_process_exec+0x460/0x460 /linux-stable/arch/x86/include/asm/stacktrace.h:112
> [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
> [<ffffffff8137fecd>] ? mark_held_locks+0x2ad/0x330 /linux-stable/kernel/lockdep.c:2525
> [< inline >] ? __raw_spin_unlock_irq /linux-stable/include/linux/spinlock_api_smp.h:169
> [<ffffffff850ef3ec>] ? _raw_spin_unlock_irq+0x2c/0x80 /linux-stable/kernel/spinlock.c:185
> [<ffffffff8138025a>] ? trace_hardirqs_on_caller+0x30a/0x690 /linux-stable/kernel/lockdep.c:2598
> [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20 /linux-stable/kernel/lockdep.c:2604
> [< inline >] ? __raw_spin_unlock_irq /linux-stable/include/linux/spinlock_api_smp.h:169
> [<ffffffff850ef3ec>] ? _raw_spin_unlock_irq+0x2c/0x80 /linux-stable/kernel/spinlock.c:185
> [< inline >] ? finish_lock_switch /linux-stable/kernel/sched/sched.h:848
> [<ffffffff812ed159>] ? finish_task_switch+0xf9/0x260 /linux-stable/kernel/sched/core.c:1900
> [< inline >] ? finish_lock_switch /linux-stable/kernel/sched/sched.h:839
> [<ffffffff812ed12d>] ? finish_task_switch+0xcd/0x260 /linux-stable/kernel/sched/core.c:1900
> [<ffffffff812ca250>] ? wake_up_bit+0xf0/0xf0 /linux-stable/include/linux/list.h:188
> [<ffffffff812c72ed>] ? __kthread_parkme+0xed/0x170 /linux-stable/kernel/kthread.c:162
> [<ffffffff8353ef30>] ? hub_port_debounce+0x310/0x310 /linux-stable/drivers/usb/core/hub.c:3965
> [<ffffffff812c8283>] kthread+0x1d3/0x240 /linux-stable/drivers/block/aoe/aoecmd.c:1303
> [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530 /linux-stable/include/linux/list.h:27
> [<ffffffff812fda31>] ? schedule_tail+0x31/0x210 /linux-stable/kernel/sched/core.c:1963
> [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530 /linux-stable/include/linux/list.h:27
> [<ffffffff85109218>] ret_from_fork+0x58/0x90 /linux-stable/arch/x86/kernel/entry_64.S:573
> [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530 /linux-stable/include/linux/list.h:27
> Code: 0f 85 17 02 00 00 4c 8b 63 68 4d 85 e4 74 77 49 8d 7c 24 60 48 89 fe 48 c1 ee 03 42 80 3c 2e 00 0f 85 2d 02 00 00 49 8b 5c 24 60 <80> 38 00 0f 85 b7 02 00 00 4a 03 1c fa 48 89 de 48 c1 ee 03 42
> RIP [<ffffffff8134328b>] cpuacct_charge+0x1ab/0x490 /linux-stable/kernel/sched/cpuacct.c:258
> RSP <ffff88002de03be0>
> ---[ end trace 4d690b5b318b4d40 ]---
> Kernel panic - not syncing: Fatal exception in interrupt
>
>
>
> 2016-06-20 22:06 GMT+08:00 Kuthonuzo Luruo <poll.stdin@...il.com <mailto:poll.stdin@...il.com>>:
>
> Heh, I backported KASAN to 2.6.32 kernel. Biggest difficulty was shadow memory inititialization due to differences in early boot code with 4.x kernel.
>
> Kuthonuzo
>
>
> On Mon, Jun 20, 2016 at 7:10 PM, 'Alexander Potapenko' via syzkaller <syzkaller@...glegroups.com <mailto:syzkaller@...glegroups.com>> wrote:
>
> Hi,
>
> On Mon, Jun 20, 2016 at 3:36 PM, Baozeng <sploving1@...il.com <mailto:sploving1@...il.com>> wrote:
> > Hello all,
> > As we know syzkaller could use KASAN to find more memory bugs. Has
> > anyone ported KASAN to older version of kernel, for instance 3.10 ? (Most
> > of current android's kernel version is 3.10 or evern older). Thanks.
>
> I've ported KASAN to 3.14 and 3.18, but I wouldn't call that a
> pleasant experience. Feel free to ask your questions though.
> > Best Regards,
> > Baozeng
> >
> > 2016-06-15 17:02 GMT+08:00 Alexander Potapenko <glider@...gle.com <mailto:glider@...gle.com>>:
> >>
> >> Baozeng,
> >>
> >> In order to use ConsoleDev you'll need a serial port support in the
> >> kernel, and an external serial port attached to the Android device.
> >> If you don't have a serial port, you'll probably need to change adb.go
> >> to read the dmesg output from adb shell.
> >>
> >> HTH,
> >> Alex
> >>
> >> On Wed, Jun 15, 2016 at 2:46 AM, Baozeng <sploving1@...il.com <mailto:sploving1@...il.com>> wrote:
> >> > Thank you Alexander. We will have a try.
> >> > Dmitry, I have another stupid question. I took a look at the adb.go, and
> >> > find a ConsoleDev config. Could you give me an example how to use it?
> >> > how
> >> > to use a "cat " command to get the log from the console device. Does it
> >> > need
> >> > to install any other tool to debug the android device, like this
> >> > https://developer.chrome.com/devtools/docs/remote-debugging? Thank you
> >> > in
> >> > advance.
> >> >
> >> > 2016-06-14 21:32 GMT+08:00 Alexander Potapenko <glider@...gle.com <mailto:glider@...gle.com>>:
> >> >>
> >> >> Hi Baozeng,
> >> >>
> >> >> You may want to take a look at the discussion at
> >> >>
> >> >>
> >> >> http://lists.infradead.org/pipermail/linux-arm-kernel/2016-March/419034.html,
> >> >> namely at the list of files for which kcov instrumentation should be
> >> >> disabled.
> >> >> If your kernel doesn't boot, try carpet-disabling arch/arm64/boot/*
> >> >> and arch/arm64/kernel/*, and then you can bisect further.
> >> >>
> >> >> Alex
> >> >>
> >> >> On Tue, Jun 14, 2016 at 11:31 AM, Dmitry Vyukov <dvyukov@...il.com <mailto:dvyukov@...il.com>>
> >> >> wrote:
> >> >> > On Tue, Jun 14, 2016 at 11:21 AM, Baozeng <sploving1@...il.com <mailto:sploving1@...il.com>>
> >> >> > wrote:
> >> >> >> Hi Dmitry,
> >> >> >> We've ported kcov to arm64 android kernel (nexus 6P device).
> >> >> >> But
> >> >> >> it
> >> >> >> cannot boot. The size of the kernel is 1.3 M larger than the origin
> >> >> >> one
> >> >> >> without kcov. Does this affect the booting of the android device?
> >> >> >
> >> >> > +syzkaller mailing list
> >> >> >
> >> >> > Hi Baozeng,
> >> >> >
> >> >> > We've ported kcov to arm64 and use it with some Android devices.
> >> >> > +Alexander knows more. Did we mail the patches upstream?
> >> >> >
> >> >> > The boot issue is most likely to bad interaction of kcov
> >> >> > instrumentation with some early bootstrap files. Most likely you need
> >> >> > to disable instrumentation of some boot files.
> >> >> >
> >> >> > --
> >> >> > You received this message because you are subscribed to the Google
> >> >> > Groups "syzkaller" group.
> >> >> > To unsubscribe from this group and stop receiving emails from it,
> >> >> > send
> >> >> > an email to syzkaller+unsubscribe@...glegroups.com <mailto:syzkaller%2Bunsubscribe@...glegroups.com>.
> >> >> > For more options, visit https://groups.google.com/d/optout.
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Alexander Potapenko
> >> >> Software Engineer
> >> >>
> >> >> Google Germany GmbH
> >> >> Erika-Mann-Straße, 33
> >> >> 80636 München
> >> >>
> >> >> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
> >> >> Registergericht und -nummer: Hamburg, HRB 86891
> >> >> Sitz der Gesellschaft: Hamburg
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Best Regards,
> >> > Baozeng Ding
> >> >
> >>
> >>
> >>
> >> --
> >> Alexander Potapenko
> >> Software Engineer
> >>
> >> Google Germany GmbH
> >> Erika-Mann-Straße, 33
> >> 80636 München
> >>
> >> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
> >> Registergericht und -nummer: Hamburg, HRB 86891
> >> Sitz der Gesellschaft: Hamburg
> >
> >
> >
> >
> > --
> > Best Regards,
> > Baozeng Ding
> >
>
>
>
> --
> Alexander Potapenko
> Software Engineer
>
> Google Germany GmbH
> Erika-Mann-Straße, 33
> 80636 München
>
> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@...glegroups.com <mailto:syzkaller%2Bunsubscribe@...glegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
> --
> Best Regards,
> Baozeng Ding
>
View attachment "KASAN_3.10.102_x86_64.patch" of type "text/plain" (108327 bytes)
Powered by blists - more mailing lists