Arm + KASAN + syzbot

Tue Jan 19 06:17:37 EST 2021

On Tue, Jan 19, 2021 at 12:13 PM Russell King - ARM Linux admin
<linux at armlinux.org.uk> wrote:
>
> On Tue, Jan 19, 2021 at 12:05:01PM +0100, Dmitry Vyukov wrote:
> > But I also spied this in your makefile:
> >
> > config-earlydebug: config-base
> > $(CURDIR)/scripts/config --file $(config_file) \
> > --enable DEBUG_LL \
> > --enable EARLY_PRINTK \
> > --enable DEBUG_VEXPRESS_UART0_RS1 \
> >
> > With these configs, qemu prints something more useful:
> >
> > pulseaudio: set_sink_input_volume() failed
> > pulseaudio: Reason: Invalid argument
> > pulseaudio: set_sink_input_mute() failed
> > pulseaudio: Reason: Invalid argument
> > Error: invalid dtb and unrecognized/unsupported machine ID
> >   r1=0x000008e0, r2=0x00000000
> > Available machine support:
> > ID (hex) NAME
> > ffffffff Generic DT based system
> > ffffffff Samsung Exynos (Flattened Device Tree)
> > ffffffff Hisilicon Hi3620 (Flattened Device Tree)
> > ffffffff ARM-Versatile Express
> > Please check your kernel config and/or bootloader.
> >
> >
> > What does this mean? And is this affected by KASAN?... I do specify
> > the ARM-Versatile Express machine...
> >
> > Can it be too large kernel size which is not supported/properly
> > diagnosed by qemu/kernel?
>
> It means that your kernel only supports DT platforms, but there was
> no DT passed to the kernel (r2 is the pointer to DT). Consequently
> the kernel has no idea what hardware it is running on.
>
> I don't use qemu very much, so I can't suggest anything.

I do pass DT and it boots fine w/o KASAN, so it seems to be poor
diagnostics of something else.

It seems to be due to kernel size. I enabled CONFIG_KASAN_OUTLINE=y
and CONFIG_CC_OPTIMIZE_FOR_SIZE=y and now it boots...

Almost...
Now I got the following, which will prevent it from booting with
panic_on_warn that syzbot uses.

------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at kernel/printk/printk.c:2790
register_console+0x2f4/0x3c4 kernel/printk/printk.c:2790
console 'earlycon0' already registered
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0-rc4-next-20210119 #27
Hardware name: ARM-Versatile Express
Backtrace:
[<82e981d0>] (dump_backtrace) from [<82e98430>] (show_stack+0x18/0x1c
arch/arm/kernel/traps.c:252)
 r7:00000080 r6:600001d3 r5:00000000 r4:84efddc0
[<82e98418>] (show_stack) from [<82ead110>] (__dump_stack
lib/dump_stack.c:79 [inline])
[<82e98418>] (show_stack) from [<82ead110>] (dump_stack+0x9c/0xc4
lib/dump_stack.c:120)
[<82ead074>] (dump_stack) from [<8024c6bc>] (__warn+0x12c/0x174
kernel/panic.c:609)
 r7:8303c220 r6:802e5554 r5:84a03c20 r4:8303c7e0
[<8024c590>] (__warn) from [<82e99040>] (warn_slowpath_fmt+0xb8/0x114
kernel/panic.c:635)
 r10:8303c7e0 r9:00000009 r8:00000ae6 r7:802e5554 r6:8303c220 r5:84a03c20
 r4:6f940780
[<82e98f8c>] (warn_slowpath_fmt) from [<802e5554>]
(register_console+0x2f4/0x3c4 kernel/printk/printk.c:2790)
 r10:848f747e r9:848f7472 r8:830000c0 r7:84a70a20 r6:85d00dc0 r5:84a70a20
 r4:84a70a20
[<802e5260>] (register_console) from [<84808424>]
(setup_early_printk+0x24/0x34 arch/arm/kernel/early_printk.c:43)
 r10:848f747e r9:848f7472 r8:830000c0 r7:849203d8 r6:848f747e r5:848f7472
 r4:85d018e0
[<84808400>] (setup_early_printk) from [<848004e4>]
(do_early_param+0x90/0xdc init/main.c:735)
 r5:848f7472 r4:8491fc04
[<84800454>] (do_early_param) from [<8028079c>] (parse_one
kernel/params.c:153 [inline])
[<84800454>] (do_early_param) from [<8028079c>]
(parse_args+0x37c/0x460 kernel/params.c:188)
 r9:848f7472 r8:83000a00 r7:00000000 r6:848f7485 r5:848f7000 r4:84a03de0
[<80280420>] (parse_args) from [<84800ddc>]
(parse_early_options+0x38/0x48 init/main.c:745)
 r10:856ed8c0 r9:80008000 r8:000002de r7:00000000 r6:848f7404 r5:848f7000
 r4:000002de
[<84800da4>] (parse_early_options) from [<84800e64>]
(parse_early_param+0x78/0x94 init/main.c:760)
[<84800dec>] (parse_early_param) from [<848057c8>]
(setup_arch+0x250/0xc5c arch/arm/kernel/setup.c:1129)
 r7:848f7a80 r6:84a6a200 r5:848f20f8 r4:84a03f80
[<84805578>] (setup_arch) from [<84800ff0>] (start_kernel+0x7c/0x3e4
init/main.c:873)
 r10:30c5387d r9:412fc0f1 r8:88000000 r7:000008e0 r6:ffffffff r5:84a50c40
 r4:856ed000
[<84800f74>] (start_kernel) from [<00000000>] (0x0)
 r6:30c0387d r5:00000000 r4:84800334
irq event stamp: 0
hardirqs last  enabled at (0): [<00000000>] 0x0
hardirqs last disabled at (0): [<00000000>] 0x0
softirqs last  enabled at (0): [<00000000>] 0x0
softirqs last disabled at (0): [<00000000>] 0x0
random: get_random_bytes called from init_oops_id kernel/panic.c:546
[inline] with crng_init=0
random: get_random_bytes called from init_oops_id+0x2c/0x4c
kernel/panic.c:543 with crng_init=0
---[ end trace 0000000000000000 ]---