lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7156fdff-2ad9-b1f9-ff13-eb51e22e9261@gmail.com>
Date:	Wed, 6 Jul 2016 13:08:17 +0800
From:	Baozeng Ding <sploving1@...il.com>
To:	Kuthonuzo Luruo <poll.stdin@...il.com>
Cc:	syzkaller <syzkaller@...glegroups.com>,
	Dmitry Vyukov <dvyukov@...gle.com>, aryabinin@...tuozzo.com,
	linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org
Subject: Re: porting kcov to android


+ attachment for the patch.
On 2016/7/6 12:57, Baozeng wrote:
> Hello all,
>     I backported KASAN to 3.10.102 stable kerenl (ca1199fccf14540e86f6da955333e31d6fec5f3e), based on Andrey Ryabinin's work (backport KASAN to RHEL7-based (3.10 based) OpenVZ kernel). I met the following kernel panic when starting the kernel using the following command:
> 
> qemu-system-x86_64 -hda ./wheezy.img -snapshot -m 2048 -net nic -net user,host=10.0.2.10,hostfwd=tcp::51727-:22 -nographic -enable-kvm -numa node,nodeid=0,cpus=0-1 -numa node,nodeid=1,cpus=2-3 -smp sockets=2,cores=2,threads=1 -usb -usbdevice mouse -usbdevice tablet -soundhw all -kernel ./bzImage -append console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=UZ
> 
> any suggestions?
> 
> ==================================================================
> BUG: KASan: out of bounds access in usage_match+0x63/0x70 at addr ffff88002c81ff40
> Read of size 8 by task khubd/923
> =============================================================================
> BUG kmalloc-4096 (Not tainted): kasan: bad access detected
> -----------------------------------------------------------------------------
> 
> Disabling lock debugging due to kernel taint
> INFO: Allocated in input_dev_pm_ops+0x520/0x5e0 age=131944943344261 cpu=0 pid=-536871936
>     0x41b58ab3
> [<      none      >] vsock_dgram_ops+0x337bd3/0x3a5a50 ??:?
> [<      none      >] sysfs_new_dirent+0x0/0x410 /linux-stable/fs/sysfs/dir.c:1027
>     0xffff88002c8209d8
>     0xffffed000590413c
>     0xdffffc0000000000
>     0xffff88002c8209e0
>     0xffff88002c820920
> [<      none      >] mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
>     0x1ffff1000590412f
>     0xffff88002c820958
> [<      none      >] sysfs_attr_ns+0x162/0x260 /linux-stable/fs/sysfs/file.c:522
>     0x1ffff1000590412f
>     0xffff88002c820a18
> [<      none      >] dev_attr_uniq+0x0/0x60 arch/x86/crypto/sha512-avx2-asm.o:?
>     0xffff8800280feae0
> INFO: Freed in sysfs_add_file_mode+0x141/0x2d0 age=6421765850 cpu=746719736 pid=-30720
>     0x1242cf991f0
>     0xffffffff00000002
>     0x41b58ab3
> [<      none      >] vsock_dgram_ops+0x337b87/0x3a5a50 ??:?
> [<      none      >] sysfs_add_file_mode+0x0/0x2d0 /linux-stable/fs/sysfs/file.c:693
>     0xffff88002cf998c8
> INFO: Slab 0xffffea0000b20600 objects=7 used=0 fp=0xffff88002c818000 flags=0x1fc000000004080
> INFO: Object 0xffff88002c81f8c0 @offset=30912 fp=0x0000000000000002
> 
> 
> Redzone ffff88002c8208c0: 1a 41 90 05 00 f1 ff 1f                          .A......
> Padding ffff88002c8209f8: 40 0a 82 2c 00 88 ff ff                          @..,....
> CPU: 0 PID: 923 Comm: khubd Tainted: G    B        3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org <http://qemu-project.org> 04/01/2014
>  ffff88002c818000 ffff88002c81fc60 ffffffff850cbe98 ffff88002c81fc90
>  ffffffff81584f48 ffff88002d806f40 ffffea0000b20600 ffff88002c81f8c0
>  0000000000000000 ffff88002c81fcb8 ffffffff8158b731 ffffed0005903fe8
> Call Trace:
> Memory state around the buggy address:
>  ffff88002c81fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>  ffff88002c81fe80: fc fc f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4
>>ffff88002c81ff00: f4 f4 f2 f2 f2 f2 fc fc fc fc fc fc fc fc f2 f2
>                                            ^
>  ffff88002c81ff80: f2 f2 fc fc fc fc fc fc fc fc f3 f3 f3 f3 fc fc
>  ffff88002c820000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ==================================================================
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] SMP KASAN
> Modules linked in:
> CPU: 0 PID: 923 Comm: khubd Tainted: G    B        3.10.102+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org <http://qemu-project.org> 04/01/2014
> task: ffff88002cf991f0 ti: ffff88002c820000 task.ti: ffff88002c820000
> RIP: 0010:[<ffffffff8134328b>]  [<ffffffff8134328b>] cpuacct_charge+0x1ab/0x490
> RSP: 0000:ffff88002de03be0  EFLAGS: 00010046
> RAX: dffffc001d5585dc RBX: 000000000000c5a0 RCX: 00000000eaac2ee0
> RDX: ffffffff869c2c60 RSI: 1ffffffff0c1a6c0 RDI: ffffffff860d3600
> RBP: ffff88002de03c28 R08: 0000000000000001 R09: 0000000000000001
> R10: 0000000000000020 R11: ffffed000fffb001 R12: ffffffff860d35a0
> R13: dffffc0000000000 R14: 00000000134c2dae R15: 000000002c820050
> FS:  0000000000000000(0000) GS:ffff88002de00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00000000ffffffff CR3: 000000000600d000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Stack:
>  ffffffff81343182 00000000146efbea ffff88007ffd8008 ffff88007ffd801c
>  ffff88002cf99238 ffff88002de124a8 0000000ee4d60d04 00000000134c2dae
>  ffff88002cf99278 ffff88002de03c78 ffffffff81317811 ffffffff8119be42
> Call Trace:
>  <IRQ>
>  [<     inline     >] ? __rcu_read_lock /linux-stable/include/linux/rcupdate.h:198
>  [<     inline     >] ? rcu_read_lock /linux-stable/include/linux/rcupdate.h:776
>  [<ffffffff81343182>] ? cpuacct_charge+0xa2/0x490 /linux-stable/kernel/sched/cpuacct.c:253
>  [<ffffffff81317811>] update_curr+0x291/0x610 /linux-stable/kernel/sched/fair.c:711
>  [<ffffffff8119be42>] ? kvm_clock_read+0x62/0xc0 /linux-stable/arch/x86/kernel/kvmclock.c:88
>  [<     inline     >] entity_tick /linux-stable/kernel/sched/fair.c:1987
>  [<ffffffff8131c070>] task_tick_fair+0x60/0x1430 /linux-stable/kernel/sched/fair.c:5778
>  [<ffffffff81309e68>] ? sched_clock_cpu+0x108/0x1b0 /linux-stable/kernel/sched/clock.c:258
>  [<ffffffff812ff07a>] scheduler_tick+0x29a/0x510 /linux-stable/kernel/sched/core.c:2748
>  [<ffffffff81281971>] update_process_times+0xa1/0xc0 /linux-stable/kernel/timer.c:1362
>  [<ffffffff81372528>] tick_sched_handle.isra.14+0xb8/0xf0 /linux-stable/kernel/time/tick-sched.c:146
>  [<ffffffff813725d0>] tick_sched_timer+0x70/0xa0 /linux-stable/kernel/time/tick-sched.c:1100
>  [<ffffffff812d39f7>] __run_hrtimer+0x127/0xd90 /linux-stable/kernel/hrtimer.c:1276
>  [<ffffffff81372560>] ? tick_sched_handle.isra.14+0xf0/0xf0 /linux-stable/kernel/time/tick-sched.c:143
>  [<ffffffff812d637d>] hrtimer_interrupt+0x32d/0x780 /linux-stable/kernel/hrtimer.c:1365
>  [<ffffffff812d6050>] ? hrtimer_get_next_event+0x150/0x150 /linux-stable/kernel/hrtimer.c:1183
>  [<ffffffff81377c52>] ? trace_hardirqs_off+0x12/0x20 /linux-stable/kernel/lockdep.c:2642
>  [<ffffffff81424e79>] ? rcu_irq_enter+0xb9/0x120 /linux-stable/kernel/rcutree.c:627
>  [<     inline     >] local_apic_timer_interrupt /linux-stable/arch/x86/kernel/apic/apic.c:911
>  [<ffffffff81186547>] smp_apic_timer_interrupt+0xe7/0x180 /linux-stable/arch/x86/kernel/apic/apic.c:938
>  [<ffffffff8510a0b2>] apic_timer_interrupt+0x72/0x80 /linux-stable/arch/x86/kernel/entry_64.S:1188
>  <EOI>
>  [<     inline     >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
>  [<     inline     >] ? buffered_rmqueue /linux-stable/mm/page_alloc.c:1536
>  [<ffffffff814d809e>] ? get_page_from_freelist+0x91e/0x19b0 /linux-stable/mm/page_alloc.c:1974
>  [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
>  [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
>  [<ffffffff814d7780>] ? free_reserved_area+0x1a0/0x1a0 /linux-stable/arch/x86/include/asm/page_64.h:17
>  [<     inline     >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
>  [<ffffffff813813f3>] ? lock_is_held+0x153/0x1c0 /linux-stable/kernel/lockdep.c:3640
>  [<ffffffff814d994e>] __alloc_pages_nodemask+0x28e/0x14e0 /linux-stable/mm/page_alloc.c:2663
>  [<ffffffff813818e0>] ? debug_show_all_locks+0x480/0x480 /linux-stable/kernel/lockdep.c:4162
>  [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
>  [<ffffffff813a1303>] ? __module_text_address+0x13/0x150 /linux-stable/kernel/module.c:3845
>  [<ffffffff8158df07>] ? __asan_report_store8_noabort+0x17/0x20 /linux-stable/mm/kasan/report.c:272
>  [<ffffffff814d96c0>] ? __alloc_pages_direct_compact+0x590/0x590 /linux-stable/include/linux/compaction.h:59
>  [<ffffffff813823a8>] ? __lock_acquire+0xac8/0x49c0 /linux-stable/kernel/lockdep.c:3081
>  [<     inline     >] ? debug_spin_unlock /linux-stable/lib/spinlock_debug.c:102
>  [<ffffffff82668db0>] ? do_raw_spin_unlock+0x100/0x260 /linux-stable/lib/spinlock_debug.c:158
>  [<ffffffff813818e0>] ? debug_show_all_locks+0x480/0x480 /linux-stable/kernel/lockdep.c:4162
>  [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
>  [<ffffffff813823a8>] ? __lock_acquire+0xac8/0x49c0 /linux-stable/kernel/lockdep.c:3081
>  [<ffffffff815789c1>] alloc_pages_current+0x181/0x390 /linux-stable/mm/mempolicy.c:2051
>  [<     inline     >] ? allocate_slab /linux-stable/mm/slub.c:1312
>  [<ffffffff81586895>] ? new_slab+0x2e5/0x370 /linux-stable/mm/slub.c:1386
>  [<     inline     >] alloc_pages /linux-stable/include/linux/gfp.h:334
>  [<     inline     >] alloc_slab_page /linux-stable/mm/slub.c:1298
>  [<     inline     >] allocate_slab /linux-stable/mm/slub.c:1322
>  [<ffffffff815868bc>] new_slab+0x30c/0x370 /linux-stable/mm/slub.c:1386
>  [<     inline     >] new_slab_objects /linux-stable/mm/slub.c:2162
>  [<ffffffff81589364>] __slab_alloc+0x4b4/0x5d0 /linux-stable/mm/slub.c:2323
>  [<     inline     >] ? kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
>  [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
>  [<     inline     >] ? kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
>  [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
>  [<     inline     >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
>  [<ffffffff813813f3>] ? lock_is_held+0x153/0x1c0 /linux-stable/kernel/lockdep.c:3640
>  [<     inline     >] ? kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
>  [<ffffffff8171b778>] ? sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
>  [<     inline     >] slab_alloc_node /linux-stable/mm/slub.c:2397
>  [<     inline     >] slab_alloc /linux-stable/mm/slub.c:2437
>  [<ffffffff81589663>] kmem_cache_alloc+0x1e3/0x220 /linux-stable/mm/slub.c:2442
>  [<     inline     >] ? __mutex_unlock_common_slowpath /linux-stable/kernel/mutex.c:479
>  [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410 /linux-stable/kernel/mutex.c:488
>  [<     inline     >] kmem_cache_zalloc /linux-stable/include/linux/slab.h:509
>  [<ffffffff8171b778>] sysfs_new_dirent+0xf8/0x410 /linux-stable/fs/sysfs/dir.c:381
>  [<ffffffff8171b680>] ? sysfs_readdir+0x7d0/0x7d0 /linux-stable/fs/sysfs/dir.c:1027
>  [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
>  [<ffffffff81717412>] ? sysfs_attr_ns+0x162/0x260 /linux-stable/fs/sysfs/file.c:522
>  [<ffffffff81719161>] sysfs_add_file_mode+0x141/0x2d0 /linux-stable/fs/sysfs/file.c:539
>  [<ffffffff81719020>] ? sysfs_remove_file_from_group+0x170/0x170 /linux-stable/fs/sysfs/file.c:693
>  [<     inline     >] ? __mutex_unlock_common_slowpath /linux-stable/kernel/mutex.c:479
>  [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410 /linux-stable/kernel/mutex.c:488
>  [<ffffffff8138025a>] ? trace_hardirqs_on_caller+0x30a/0x690 /linux-stable/kernel/lockdep.c:2598
>  [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20 /linux-stable/kernel/lockdep.c:2604
>  [<ffffffff850e6a97>] ? __mutex_unlock_slowpath+0x267/0x410 /linux-stable/kernel/mutex.c:489
>  [<     inline     >] create_files /linux-stable/fs/sysfs/group.c:48
>  [<ffffffff81721b7f>] internal_create_group+0x31f/0x7b0 /linux-stable/fs/sysfs/group.c:82
>  [<ffffffff81721860>] ? unmap_bin_file+0x1b0/0x1b0 ??:?
>  [<ffffffff8171e330>] ? sysfs_rename_link+0x2d0/0x2d0 /linux-stable/fs/sysfs/symlink.c:214
>  [<ffffffff8172202f>] sysfs_create_group+0x1f/0x30 /linux-stable/fs/sysfs/group.c:104
>  [<ffffffff82c2d9ab>] device_add_groups+0xab/0x150 /linux-stable/drivers/base/core.c:472
>  [<     inline     >] device_add_attrs /linux-stable/drivers/base/core.c:510
>  [<ffffffff82c3218b>] device_add+0xd1b/0x1710 /linux-stable/drivers/base/core.c:1080
>  [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
>  [<     inline     >] ? do_init_timer /linux-stable/kernel/timer.c:634
>  [<ffffffff8127cad7>] ? init_timer_key+0x157/0x4b0 /linux-stable/kernel/timer.c:652
>  [<ffffffff83717713>] input_register_device+0x503/0xc90 /linux-stable/drivers/input/input.c:2085
>  [<ffffffff83ef6dfa>] hidinput_connect+0xe4a/0xb550 /linux-stable/drivers/hid/hid-input.c:1385
>  [<ffffffff83ef5fb0>] ? hid_map_usage_clear.constprop.5+0x160/0x160 /linux-stable/include/linux/hid.h:817
>  [<ffffffff83f24520>] ? hid_irq_out+0x2e0/0x2e0 /linux-stable/drivers/hid/usbhid/hid-core.c:458
>  [<ffffffff812ca250>] ? wake_up_bit+0xf0/0xf0 /linux-stable/include/linux/list.h:188
>  [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20 /linux-stable/kernel/lockdep.c:2604
>  [<     inline     >] ? __raw_spin_unlock_irqrestore /linux-stable/include/linux/spinlock_api_smp.h:162
>  [<ffffffff850ef48b>] ? _raw_spin_unlock_irqrestore+0x4b/0xb0 /linux-stable/kernel/spinlock.c:177
>  [<     inline     >] ? spin_unlock_irqrestore /linux-stable/include/linux/spinlock.h:348
>  [<ffffffff83f2991e>] ? usbhid_submit_report+0x6e/0x80 /linux-stable/drivers/hid/usbhid/hid-core.c:648
>  [<ffffffff83eeb2b3>] hid_connect+0x923/0xc70 /linux-stable/drivers/hid/hid-core.c:1479
>  [<ffffffff8158d3b1>] ? memset+0x31/0x40 /linux-stable/mm/kasan/kasan.c:278
>  [<ffffffff83eea990>] ? extract+0xc0/0xc0 /linux-stable/drivers/hid/hid-core.c:998
>  [<     inline     >] hid_hw_start /linux-stable/include/linux/hid.h:886
>  [<ffffffff83eef381>] hid_device_probe+0x301/0x500 /linux-stable/drivers/hid/hid-core.c:1955
>  [<ffffffff83eef080>] ? hid_add_device+0x9e0/0x9e0 /linux-stable/drivers/hid/hid-core.c:685
>  [<     inline     >] really_probe /linux-stable/drivers/base/dd.c:302
>  [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0 /linux-stable/drivers/base/dd.c:399
>  [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0 /linux-stable/drivers/base/dd.c:313
>  [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0 /linux-stable/drivers/base/dd.c:412
>  [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0 /linux-stable/drivers/base/bus.c:451
>  [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30 /linux-stable/drivers/base/bus.c:797
>  [<ffffffff82c3a68b>] device_attach+0x12b/0x180 /linux-stable/drivers/base/dd.c:447
>  [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0 /linux-stable/drivers/base/bus.c:541
>  [<ffffffff82c323aa>] device_add+0xf3a/0x1710 /linux-stable/drivers/base/core.c:1099
>  [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
>  [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
>  [<ffffffff820a0d01>] ? debugfs_create_file+0x51/0x70 /linux-stable/fs/debugfs/inode.c:403
>  [<ffffffff83eee98b>] hid_add_device+0x2eb/0x9e0 /linux-stable/drivers/hid/hid-core.c:2406
>  [<ffffffff83eee6a0>] ? hid_ignore+0x80/0x80 /linux-stable/drivers/hid/hid-core.c:2295
>  [<ffffffff83f2bc6a>] usbhid_probe+0xb1a/0x1100 /linux-stable/drivers/hid/usbhid/hid-core.c:1364
>  [<ffffffff8355e649>] usb_probe_interface+0x319/0x6e0 /linux-stable/drivers/usb/core/driver.c:335
>  [<ffffffff8355e330>] ? usb_match_dynamic_id+0x100/0x100 /linux-stable/drivers/usb/core/driver.c:202
>  [<     inline     >] really_probe /linux-stable/drivers/base/dd.c:302
>  [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0 /linux-stable/drivers/base/dd.c:399
>  [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0 /linux-stable/drivers/base/dd.c:313
>  [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0 /linux-stable/drivers/base/dd.c:412
>  [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0 /linux-stable/drivers/base/bus.c:451
>  [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30 /linux-stable/drivers/base/bus.c:797
>  [<ffffffff82c3a68b>] device_attach+0x12b/0x180 /linux-stable/drivers/base/dd.c:447
>  [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0 /linux-stable/drivers/base/bus.c:541
>  [<ffffffff82c323aa>] device_add+0xf3a/0x1710 /linux-stable/drivers/base/core.c:1099
>  [<     inline     >] ? __mutex_unlock_common_slowpath /linux-stable/kernel/mutex.c:479
>  [<ffffffff850e6a87>] ? __mutex_unlock_slowpath+0x257/0x410 /linux-stable/kernel/mutex.c:488
>  [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
>  [<ffffffff850e6c55>] ? mutex_unlock+0x15/0x20 /linux-stable/kernel/mutex.c:252
>  [<     inline     >] ? usb_device_supports_ltm /linux-stable/include/linux/usb.h:699
>  [<ffffffff83531e87>] ? usb_enable_ltm+0x97/0x350 /linux-stable/drivers/usb/core/hub.c:2855
>  [<ffffffff8355a6d9>] usb_set_configuration+0xce9/0x17c0 /linux-stable/drivers/usb/core/message.c:1898
>  [<ffffffff83576afc>] generic_probe+0x6c/0xe0 /linux-stable/drivers/usb/core/generic.c:171
>  [<ffffffff8355c20f>] usb_probe_device+0x6f/0xc0 /linux-stable/drivers/usb/core/driver.c:231
>  [<ffffffff8355c1a0>] ? usb_register_device_driver+0x2a0/0x2a0 /linux-stable/drivers/usb/core/driver.c:841
>  [<     inline     >] really_probe /linux-stable/drivers/base/dd.c:302
>  [<ffffffff82c3a8aa>] driver_probe_device+0x15a/0xad0 /linux-stable/drivers/base/dd.c:399
>  [<ffffffff82c3b220>] ? driver_probe_device+0xad0/0xad0 /linux-stable/drivers/base/dd.c:313
>  [<ffffffff82c3b2b0>] __device_attach+0x90/0xc0 /linux-stable/drivers/base/dd.c:412
>  [<ffffffff82c34b7a>] bus_for_each_drv+0x13a/0x1d0 /linux-stable/drivers/base/bus.c:451
>  [<ffffffff82c34a40>] ? bus_rescan_devices+0x30/0x30 /linux-stable/drivers/base/bus.c:797
>  [<ffffffff82c3a68b>] device_attach+0x12b/0x180 /linux-stable/drivers/base/dd.c:447
>  [<ffffffff82c38166>] bus_probe_device+0x1e6/0x2d0 /linux-stable/drivers/base/bus.c:541
>  [<ffffffff82c323aa>] device_add+0xf3a/0x1710 /linux-stable/drivers/base/core.c:1099
>  [<ffffffff82c2fd70>] ? dev_notice+0xf0/0xf0 /linux-stable/drivers/base/core.c:2039
>  [<ffffffff829ea425>] ? add_device_randomness+0xe5/0x130 /linux-stable/drivers/char/random.c:651
>  [<ffffffff82c31470>] ? device_private_init+0x190/0x190 /linux-stable/drivers/base/core.c:975
>  [<     inline     >] ? slab_free /linux-stable/mm/slub.c:2661
>  [<ffffffff81588681>] ? kfree+0x271/0x290 /linux-stable/mm/slub.c:3411
>  [<ffffffff82c393ea>] ? dev_get_drvdata+0x6a/0x90 /linux-stable/drivers/base/dd.c:598
>  [<ffffffff8353c5bd>] usb_new_device+0x76d/0xd20 /linux-stable/drivers/usb/core/hub.c:2399
>  [<     inline     >] hub_port_connect_change /linux-stable/drivers/usb/core/hub.c:4604
>  [<     inline     >] hub_events /linux-stable/drivers/usb/core/hub.c:4893
>  [<ffffffff835402bb>] hub_thread+0x138b/0x3ea0 /linux-stable/drivers/usb/core/hub.c:4953
>  [<ffffffff8353ef30>] ? hub_port_debounce+0x310/0x310 /linux-stable/drivers/usb/core/hub.c:3965
>  [<     inline     >] ? arch_local_irq_restore /linux-stable/arch/x86/include/asm/paravirt.h:829
>  [<ffffffff813885d0>] ? lock_acquire+0x1b0/0x520 /linux-stable/kernel/lockdep.c:3604
>  [<ffffffff8132a34b>] ? idle_balance+0x45b/0x6e0 /linux-stable/kernel/sched/fair.c:5306
>  [<     inline     >] ? debug_spin_lock_after /linux-stable/lib/spinlock_debug.c:91
>  [<ffffffff826689ab>] ? do_raw_spin_lock+0x20b/0x400 /linux-stable/lib/spinlock_debug.c:138
>  [<ffffffff812f3960>] ? perf_trace_sched_process_exec+0x460/0x460 /linux-stable/arch/x86/include/asm/stacktrace.h:112
>  [<ffffffff81377f19>] ? check_chain_key+0x2b9/0x4d0 /linux-stable/kernel/lockdep.c:2177
>  [<ffffffff8137fecd>] ? mark_held_locks+0x2ad/0x330 /linux-stable/kernel/lockdep.c:2525
>  [<     inline     >] ? __raw_spin_unlock_irq /linux-stable/include/linux/spinlock_api_smp.h:169
>  [<ffffffff850ef3ec>] ? _raw_spin_unlock_irq+0x2c/0x80 /linux-stable/kernel/spinlock.c:185
>  [<ffffffff8138025a>] ? trace_hardirqs_on_caller+0x30a/0x690 /linux-stable/kernel/lockdep.c:2598
>  [<ffffffff813805f2>] ? trace_hardirqs_on+0x12/0x20 /linux-stable/kernel/lockdep.c:2604
>  [<     inline     >] ? __raw_spin_unlock_irq /linux-stable/include/linux/spinlock_api_smp.h:169
>  [<ffffffff850ef3ec>] ? _raw_spin_unlock_irq+0x2c/0x80 /linux-stable/kernel/spinlock.c:185
>  [<     inline     >] ? finish_lock_switch /linux-stable/kernel/sched/sched.h:848
>  [<ffffffff812ed159>] ? finish_task_switch+0xf9/0x260 /linux-stable/kernel/sched/core.c:1900
>  [<     inline     >] ? finish_lock_switch /linux-stable/kernel/sched/sched.h:839
>  [<ffffffff812ed12d>] ? finish_task_switch+0xcd/0x260 /linux-stable/kernel/sched/core.c:1900
>  [<ffffffff812ca250>] ? wake_up_bit+0xf0/0xf0 /linux-stable/include/linux/list.h:188
>  [<ffffffff812c72ed>] ? __kthread_parkme+0xed/0x170 /linux-stable/kernel/kthread.c:162
>  [<ffffffff8353ef30>] ? hub_port_debounce+0x310/0x310 /linux-stable/drivers/usb/core/hub.c:3965
>  [<ffffffff812c8283>] kthread+0x1d3/0x240 /linux-stable/drivers/block/aoe/aoecmd.c:1303
>  [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530 /linux-stable/include/linux/list.h:27
>  [<ffffffff812fda31>] ? schedule_tail+0x31/0x210 /linux-stable/kernel/sched/core.c:1963
>  [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530 /linux-stable/include/linux/list.h:27
>  [<ffffffff85109218>] ret_from_fork+0x58/0x90 /linux-stable/arch/x86/kernel/entry_64.S:573
>  [<ffffffff812c80b0>] ? kthread_worker_fn+0x530/0x530 /linux-stable/include/linux/list.h:27
> Code: 0f 85 17 02 00 00 4c 8b 63 68 4d 85 e4 74 77 49 8d 7c 24 60 48 89 fe 48 c1 ee 03 42 80 3c 2e 00 0f 85 2d 02 00 00 49 8b 5c 24 60 <80> 38 00 0f 85 b7 02 00 00 4a 03 1c fa 48 89 de 48 c1 ee 03 42
> RIP  [<ffffffff8134328b>] cpuacct_charge+0x1ab/0x490 /linux-stable/kernel/sched/cpuacct.c:258
>  RSP <ffff88002de03be0>
> ---[ end trace 4d690b5b318b4d40 ]---
> Kernel panic - not syncing: Fatal exception in interrupt
> 
> 
> 
> 2016-06-20 22:06 GMT+08:00 Kuthonuzo Luruo <poll.stdin@...il.com <mailto:poll.stdin@...il.com>>:
> 
>     Heh, I backported KASAN to 2.6.32 kernel. Biggest difficulty was shadow memory inititialization due to differences in early boot code with 4.x kernel.
> 
>     Kuthonuzo
> 
> 
>     On Mon, Jun 20, 2016 at 7:10 PM, 'Alexander Potapenko' via syzkaller <syzkaller@...glegroups.com <mailto:syzkaller@...glegroups.com>> wrote:
> 
>         Hi,
> 
>         On Mon, Jun 20, 2016 at 3:36 PM, Baozeng <sploving1@...il.com <mailto:sploving1@...il.com>> wrote:
>         > Hello all,
>         >      As we know syzkaller could use KASAN to find more memory bugs. Has
>         > anyone ported KASAN to older version of  kernel,  for instance 3.10 ?  (Most
>         > of current android's kernel version is 3.10 or evern older). Thanks.
> 
>         I've ported KASAN to 3.14 and 3.18, but I wouldn't call that a
>         pleasant experience. Feel free to ask your questions though.
>         > Best Regards,
>         > Baozeng
>         >
>         > 2016-06-15 17:02 GMT+08:00 Alexander Potapenko <glider@...gle.com <mailto:glider@...gle.com>>:
>         >>
>         >> Baozeng,
>         >>
>         >> In order to use ConsoleDev you'll need a serial port support in the
>         >> kernel, and an external serial port attached to the Android device.
>         >> If you don't have a serial port, you'll probably need to change adb.go
>         >> to read the dmesg output from adb shell.
>         >>
>         >> HTH,
>         >> Alex
>         >>
>         >> On Wed, Jun 15, 2016 at 2:46 AM, Baozeng <sploving1@...il.com <mailto:sploving1@...il.com>> wrote:
>         >> > Thank you Alexander. We will have a try.
>         >> > Dmitry, I have another stupid question. I took a look at the adb.go, and
>         >> > find a ConsoleDev config. Could you give me an example how to use it?
>         >> > how
>         >> > to use a "cat " command to get the log from the console device. Does it
>         >> > need
>         >> > to install any other tool to debug the android device, like this
>         >> > https://developer.chrome.com/devtools/docs/remote-debugging?  Thank you
>         >> > in
>         >> > advance.
>         >> >
>         >> > 2016-06-14 21:32 GMT+08:00 Alexander Potapenko <glider@...gle.com <mailto:glider@...gle.com>>:
>         >> >>
>         >> >> Hi Baozeng,
>         >> >>
>         >> >> You may want to take a look at the discussion at
>         >> >>
>         >> >>
>         >> >> http://lists.infradead.org/pipermail/linux-arm-kernel/2016-March/419034.html,
>         >> >> namely at the list of files for which kcov instrumentation should be
>         >> >> disabled.
>         >> >> If your kernel doesn't boot, try carpet-disabling  arch/arm64/boot/*
>         >> >> and arch/arm64/kernel/*, and then you can bisect further.
>         >> >>
>         >> >> Alex
>         >> >>
>         >> >> On Tue, Jun 14, 2016 at 11:31 AM, Dmitry Vyukov <dvyukov@...il.com <mailto:dvyukov@...il.com>>
>         >> >> wrote:
>         >> >> > On Tue, Jun 14, 2016 at 11:21 AM, Baozeng <sploving1@...il.com <mailto:sploving1@...il.com>>
>         >> >> > wrote:
>         >> >> >> Hi Dmitry,
>         >> >> >>      We've ported kcov to arm64 android kernel  (nexus 6P device).
>         >> >> >> But
>         >> >> >> it
>         >> >> >> cannot boot. The size of the kernel is 1.3 M larger than the origin
>         >> >> >> one
>         >> >> >> without kcov. Does this affect the booting of the android device?
>         >> >> >
>         >> >> > +syzkaller mailing list
>         >> >> >
>         >> >> > Hi Baozeng,
>         >> >> >
>         >> >> > We've ported kcov to arm64 and use it with some Android devices.
>         >> >> > +Alexander knows more. Did we mail the patches upstream?
>         >> >> >
>         >> >> > The boot issue is most likely to bad interaction of kcov
>         >> >> > instrumentation with some early bootstrap files. Most likely you need
>         >> >> > to disable instrumentation of some boot files.
>         >> >> >
>         >> >> > --
>         >> >> > You received this message because you are subscribed to the Google
>         >> >> > Groups "syzkaller" group.
>         >> >> > To unsubscribe from this group and stop receiving emails from it,
>         >> >> > send
>         >> >> > an email to syzkaller+unsubscribe@...glegroups.com <mailto:syzkaller%2Bunsubscribe@...glegroups.com>.
>         >> >> > For more options, visit https://groups.google.com/d/optout.
>         >> >>
>         >> >>
>         >> >>
>         >> >> --
>         >> >> Alexander Potapenko
>         >> >> Software Engineer
>         >> >>
>         >> >> Google Germany GmbH
>         >> >> Erika-Mann-Straße, 33
>         >> >> 80636 München
>         >> >>
>         >> >> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
>         >> >> Registergericht und -nummer: Hamburg, HRB 86891
>         >> >> Sitz der Gesellschaft: Hamburg
>         >> >
>         >> >
>         >> >
>         >> >
>         >> > --
>         >> >      Best Regards,
>         >> >      Baozeng Ding
>         >> >
>         >>
>         >>
>         >>
>         >> --
>         >> Alexander Potapenko
>         >> Software Engineer
>         >>
>         >> Google Germany GmbH
>         >> Erika-Mann-Straße, 33
>         >> 80636 München
>         >>
>         >> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
>         >> Registergericht und -nummer: Hamburg, HRB 86891
>         >> Sitz der Gesellschaft: Hamburg
>         >
>         >
>         >
>         >
>         > --
>         >      Best Regards,
>         >      Baozeng Ding
>         >
> 
> 
> 
>         --
>         Alexander Potapenko
>         Software Engineer
> 
>         Google Germany GmbH
>         Erika-Mann-Straße, 33
>         80636 München
> 
>         Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
>         Registergericht und -nummer: Hamburg, HRB 86891
>         Sitz der Gesellschaft: Hamburg
> 
>         --
>         You received this message because you are subscribed to the Google Groups "syzkaller" group.
>         To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@...glegroups.com <mailto:syzkaller%2Bunsubscribe@...glegroups.com>.
>         For more options, visit https://groups.google.com/d/optout.
> 
> 
> 
> 
> 
> -- 
>      Best Regards,
>      Baozeng Ding
>                                                                 

View attachment "KASAN_3.10.102_x86_64.patch" of type "text/plain" (108327 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ