syzkaller icon indicating copy to clipboard operation
syzkaller copied to clipboard

Published 20 hours ago verified publisher icon google

pkg/cover/backend: found unexpected tag PartialUnit on top level

Open jirislaby opened this issue 1 year ago • 2 comments

Describe the bug In the syzkaller web, when I click on coverage, I get:

failed to generate coverage profile: found unexpected tag PartialUnit on top level

Expected behavior Coverage is shown If I put continue instead of return in here, it seems to proceed (but is obviously wrong): https://github.com/google/syzkaller/blob/6388bc36373b7e4e4dbac9101b34007e839a74bd/pkg/cover/backend/dwarf.go#L299-L301

My vmlinux actually has more partial units than compile units:

dwarfdump kernel_obj/vmlinux|grep -E 'DW_TAG_(partial|compile)_unit\>'|sort |uniq -c
   4616 < 0><0x0000000b>  DW_TAG_compile_unit
  14291 < 0><0x0000000b>  DW_TAG_partial_unit

DWARF specs say:

A normal compilation unit typically represents the text and data contributed to an executable by a single relocatable object file. It may be derived from several source files, including pre- processed “include files.” A partial compilation unit typically represents a part of the text and data of a relocatable object file, in a manner that can potentially be shared with the results of other compilations to save space. It may be derived from an “include file”, template instantiation, or other implementation-dependent portion of a compilation. A normal compilation unit can also function in a manner similar to a partial compilation unit in some cases.

A compilation unit entry owns debugging information entries that represent all or part of the declarations made in the corresponding compilation. In the case of a partial compilation unit, the containing scope of its owned declarations is indicated by imported unit entries in one or more other compilation unit entries that refer to that partial compilation unit

Additional context I believe syzkaller should support partial units too.

jirislaby avatar Oct 13 '23 06:10 jirislaby

Hi Jiri,

Thanks for the report. How can we reproduce such kernel build with DW_TAG_partial_unit? Do you know how to get them in a unit test? Some special compiler flags? The DWARF excerpt suggests that DW_TAG_partial_unit contains the same subtags as DW_TAG_compile_unit, if so doing:

   if ent.Tag != dwarf.TagCompileUnit && ent.Tag != dwarf.TagPartialUnit {

may work?

dvyukov avatar Oct 13 '23 08:10 dvyukov

Hi,

I was using our (openSUSE) kernel rpm tooling to build a "syzkaller" kernel (easy for me to build, transfer and install). The tooling uses dwz to compress the dwarf info. I believe it's exactly the source of these partial units.

Even with the if you propose above, there is TAG_BaseType at the root. And I suppose many more.

Now I switched to classic make && make modules_install model and have no issue.

Apart from this issue, it was pretty cumbersome, because syzkaller does not support separate *.debug files with .debug_info sections (using .gnu_debuglink). So I had to eu-unstrip all interesting binaries to work this around.

Further, the paths were hell (like sources referenced in .debug_* sections as /usr/src/debug/...).

I am not sure anyone wants to invest time to fix all this.

jirislaby avatar Oct 16 '23 11:10 jirislaby