Arm + KASAN + syzbot

Dmitry Vyukov dvyukov at google.com
Mon Jan 18 11:31:36 EST 2021 

Hello Arm maintainers,

We are considering setting up an Arm 32-bit instance on syzbot for
continuous testing using qemu emulation and I have several questions
related to that.

1. Is there interest in this on your end? What git tree/branch should
be used for testing (contains latest development and is regularly
updated with fixes)?

2. I see KASAN has just become supported for Arm, which is very
useful, but I can't boot a kernel with KASAN enabled. I am using
v5.11-rc4 and this config without KASAN boots fine:
https://gist.githubusercontent.com/dvyukov/12de2905f9479ba2ebdcc603c2fec79b/raw/c8fd3f5e8328259fe760ce9a57f3e6c6f5a95c8f/gistfile1.txt
using the following qemu command line:
qemu-system-arm \
  -machine vexpress-a15 -cpu max -smp 2 -m 2G \
  -device virtio-blk-device,drive=hd0 \
  -drive if=none,format=raw,id=hd0,file=image-arm -snapshot \
  -kernel arch/arm/boot/zImage \
  -dtb arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb \
  -nographic \
  -netdev user,host=10.0.2.10,hostfwd=tcp::10022-:22,id=net0 -device
virtio-net-device,netdev=net0 \
  -append "root=/dev/vda earlycon earlyprintk=serial console=ttyAMA0
oops=panic panic_on_warn=1 panic=86400 vmalloc=512M"

However, when I enable KASAN and get this config:
https://gist.githubusercontent.com/dvyukov/a7e3edd35cc39a1b69b11530c7d2e7ac/raw/7cbda88085d3ccd11227224a1c9964ccb8484d4e/gistfile1.txt

kernel does not boot, qemu only prints the following output and then silence:
pulseaudio: set_sink_input_volume() failed
pulseaudio: Reason: Invalid argument
pulseaudio: set_sink_input_mute() failed
pulseaudio: Reason: Invalid argument

What am I doing wrong?

3. CONFIG_KCOV does not seem to fully work.
It seems to work except for when the kernel crashes, and that's the
most interesting scenario for us. When the kernel crashes for other
reasons, crash handlers re-crashe in KCOV making all crashes
unactionable and indistinguishable.
Here are some samples (search for __sanitizer_cov_trace):
https://gist.githubusercontent.com/dvyukov/c8a7ff1c00a5223c5143fd90073f5bc4/raw/c0f4ac7fd7faad7253843584fed8620ac6006338/gistfile1.txt
Perhaps some additional Makefiles in arch/arm need KCOV_INSTRUMENT :=
n to fix this.
And LKDTM can be used for testing:
https://www.kernel.org/doc/html/latest/fault-injection/provoke-crashes.html

Thanks

More information about the linux-arm-kernel mailing list