I booted the patched kernel and it seems to have gone farther and I believe
reached init before crashing.
boot> b bsd.anton
booting hd0a:bsd.anton: 12380226+2360336+270368+0+675840
[684182+128+754752+529898]=0x10d8f48
entry point at 0x1001000
[ using 1969992 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2018 OpenBSD. All rights reserved.
https://www.OpenBSD.org
OpenBSD 6.4-current (SYZKALLER) #0: Tue Nov 27 17:40:55 PST 2018
syzkaller@ci-openbsd.syzkaller
:/home/syzkaller/src/sys/arch/amd64/compile/SYZKALLER
real mem = 17163079680 (16367MB)
avail mem = 16632164352 (15861MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xbffffcf0 (20 entries)
bios0: vendor Google version "Google" date 01/01/2011
bios0: Google Google Compute Engine
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC WAET SRAT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU @ 2.30GHz, 2300.42 MHz, 06-3f-00
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 999MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.55 MHz, 06-3f-00
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.53 MHz, 06-3f-00
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.54 MHz, 06-3f-00
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.57 MHz, 06-3f-00
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.56 MHz, 06-3f-00
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 1, core 1, package 0
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.54 MHz, 06-3f-00
cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu6: 256KB 64b/line 8-way L2 cache
cpu6: smt 1, core 2, package 0
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.57 MHz, 06-3f-00
cpu7:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.
2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,XSAVEOPT,MELTDOWN
cpu7: 256KB 64b/line 8-way L2 cache
cpu7: smt 1, core 3, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
acpicpu4 at acpi0: C1(@1 halt!)
acpicpu5 at acpi0: C1(@1 halt!)
acpicpu6 at acpi0: C1(@1 halt!)
acpicpu7 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0: _OSC failed
acpicmos0 at acpi0
"QEMU0001" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371AB PIIX4 ISA" rev 0x03
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: SMBus
disabled
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio0: qsize 8192
scsibus1 at vioscsi0: 253 targets
sd0 at scsibus1 targ 1 lun 0: <Google, PersistentDisk, 1> SCSI4 0/direct
fixed serial.Google_PersistentDisk_
sd0: 10240MB, 512 bytes/sector, 20971520 sectors, thin
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio1: address 42:01:0a:80:00:2f
virtio1: msix per-VQ
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (cea3ae3572e2c76c.a) swap on sd0b dump on sd0b
SeaBIOS (version 1.8.2-20181014_101610-google)
Total RAM Size = 0x0000000400000000 = 16384 MiB
On Mon, Nov 26, 2018 at 10:56 AM Anton Lindqvist <an...@openbsd.org> wrote:
> On Mon, Nov 26, 2018 at 08:43:12AM -0800, Greg Steuck wrote:
> > Thanks for the patch, I'll give it a go. Should I make up a patch
> reporting
> > #error when trying to build kcov with MP in the meantime? The next person
> > won't have to find it the hard way...
>
> Please try out the diff first. I'd rather try coming up with a proper
> fix before adding any #error directives.
>
> >
> > On Sun, Nov 25, 2018 at 11:21 PM Anton Lindqvist <an...@openbsd.org>
> wrote:
> >
> > > Hi Greg,
> > >
> > > On Sun, Nov 25, 2018 at 10:13:52AM -0800, Greg Steuck wrote:
> > > > Hi Anton,
> > > >
> > > > I tried to boot a kernel with kcov based on GENERIC.MP and the
> machine
> > > > reboots without a peep immediately after
> > > >
> > > > vmm0 at mainbus0: VMX (using slow L1TF mitigation)
> > > >
> > > > Switching off either of kcov or MP results in normally working
> kernels.
> > > I'm
> > > > attaching two concatenated dmesgs. The effect is reproducible on
> real HW
> > > > and on GCE VM. Broken config is just:
> > > > $ cat /sys/arch/amd64/conf/SYZKALLER
> > > > include "arch/amd64/conf/GENERIC.MP"
> > > > pseudo-device kcov 1
> > > >
> > > > Disabling either vmm or kcov in broken kernel UKC doesn't prevent
> > > crashes.
> > >
> > > Known limitation, I haven't spent much time on making kcov MP-safe.
> > > Especially since it's primarily used inside a VM through vmm which
> > > currently is limited to a single CPU.
> > >
> > > However, I did some investigation before and concluded that the problem
> > > resides in the trace routine which is called from
> > > cpu_boot_secondary_processors() before the secondary CPU is accessible
> > > through curcpu(). I came up with a hackish solution to this problem
> (see
> > > diff below) that got rejected; kettenis@ mentioned that we instead
> > > should set MSR_GSBASE earlier in cpu_hatch() but I never managed to get
> > > the right people involved with knowledge in this area. I might take a
> > > look myself.
> > >
> > > In the meantime, you could give the diff a try. It might be the case
> > > that more functions are not eligible for tracing. OpenBSD as no method
> > > of turning of tracing for a given source file like Linux does. This
> > > might become necessary since I fear many more functions will not cope
> > > with tracing.
> > >
> > > Index: dev/kcov.c
> > > ===================================================================
> > > RCS file: /cvs/src/sys/dev/kcov.c,v
> > > retrieving revision 1.4
> > > diff -u -p -r1.4 kcov.c
> > > --- dev/kcov.c 27 Aug 2018 15:57:39 -0000 1.4
> > > +++ dev/kcov.c 8 Sep 2018 21:51:20 -0000
> > > @@ -49,6 +49,7 @@ struct kcov_dev {
> > > };
> > >
> > > void kcovattach(int);
> > > +void kcov_attachhook(struct device *);
> > >
> > > int kd_alloc(struct kcov_dev *, unsigned long);
> > > void kd_free(struct kcov_dev *);
> > > @@ -57,6 +58,7 @@ struct kcov_dev *kd_lookup(int);
> > > static inline int inintr(void);
> > >
> > > TAILQ_HEAD(, kcov_dev) kd_list = TAILQ_HEAD_INITIALIZER(kd_list);
> > > +int kcov_attached = 0;
> > >
> > > #ifdef KCOV_DEBUG
> > > int kcov_debug = 1;
> > > @@ -76,12 +78,11 @@ int kcov_debug = 1;
> > > void
> > > __sanitizer_cov_trace_pc(void)
> > > {
> > > - extern int cold;
> > > struct kcov_dev *kd;
> > > uint64_t idx;
> > >
> > > - /* Do not trace during boot. */
> > > - if (cold)
> > > + /* Do not trace before the root file system is mounted. */
> > > + if (!kcov_attached)
> > > return;
> > >
> > > /* Do not trace in interrupts to prevent noisy coverage. */
> > > @@ -102,6 +103,13 @@ __sanitizer_cov_trace_pc(void)
> > > void
> > > kcovattach(int count)
> > > {
> > > + config_mountroot(NULL, kcov_attachhook);
> > > +}
> > > +
> > > +void
> > > +kcov_attachhook(struct device *dev)
> > > +{
> > > + kcov_attached = 1;
> > > }
> > >
> > > int
> > >
> >
> >
> > --
> > nest.cx is Gmail hosted, use PGP for anything private. Key:
> > http://goo.gl/6dMsr
> > Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
>
--
nest.cx is Gmail hosted, use PGP for anything private. Key:
http://goo.gl/6dMsr
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
