Address Sanitizer 调用了 OOM-killer
Address Sanitizier invokes OOM-killer
我正在尝试使用 Address Sanitizer,但由于内存使用过多,内核一直在终止我的进程。如果没有 Address Sanitizer,该过程运行得很好。
该程序是使用 gcc-8.2.1 为 arm-v7a 编译的
-fno-omit-frame-pointer
-fsanitize=address
-fsanitize-recover=all
-fdata-sections
-ffunction-sections
-fPIC
我开始流程如下:
ASAN_OPTIONS=debug=1:verbosity=0:detect_leaks=0:abort_on_error=0:halt_on_error=0:check_initialization_order=1:allocator_may_return_null=1 ./Launcher
有没有办法减少 Address Sanitizer 的内存占用?不幸的是,启用交换不是一个选项。
这是 dmesg 打印的内核日志:
[512792.413376] Launcher invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0
[512792.424695] CPU: 3 PID: 7786 Comm: Launcher Tainted: G W 5.4.1 #1
[512792.432821] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[512792.439455] Backtrace:
[512792.442039] [<8010eb1c>] (dump_backtrace) from [<8010eee0>] (show_stack+0x20/0x24)
[512792.449721] r7:811d32ec r6:00000000 r5:60070113 r4:811d32ec
[512792.455500] [<8010eec0>] (show_stack) from [<80ba06e8>] (dump_stack+0xbc/0xe8)
[512792.462840] [<80ba062c>] (dump_stack) from [<80257360>] (dump_header+0x64/0x440)
[512792.470343] r10:00000a24 r9:a9a4ce00 r8:00016f9c r7:80e82aac r6:a749fce0 r5:a9a4ce00
[512792.478275] r4:a749fce0 r3:6f25b167
[512792.481958] [<802572fc>] (dump_header) from [<80256364>] (oom_kill_process+0x494/0x4ac)
[512792.490066] r10:00000a24 r9:a9a4c100 r8:00016f9c r7:80e82aac r6:a749fce0 r5:a9a4ce00
[512792.497996] r4:a9a4d264
[512792.500636] [<80255ed0>] (oom_kill_process) from [<80256e8c>] (out_of_memory+0xf8/0x4ec)
[512792.508830] r10:00000a24 r9:a9a4c100 r8:00016f9c r7:8110b640 r6:8110b640 r5:811d8860
[512792.516760] r4:a749fce0
[512792.519405] [<80256d94>] (out_of_memory) from [<802a0910>] (__alloc_pages_nodemask+0xf7c/0x13a4)
[512792.528295] r9:00000000 r8:81107d30 r7:811d5588 r6:0000233c r5:00000000 r4:00000000
[512792.536153] [<8029f994>] (__alloc_pages_nodemask) from [<80285d10>] (__pte_alloc+0x34/0x1ac)
[512792.544697] r10:74b94000 r9:00000000 r8:00000000 r7:a8b9e580 r6:a8b9e580 r5:a7445d28
[512792.552628] r4:a7445d28
[512792.555271] [<80285cdc>] (__pte_alloc) from [<802869c8>] (copy_page_range+0x4ec/0x650)
[512792.563295] r9:00000000 r8:00000000 r7:a8b9e580 r6:a7174f4c r5:a8b9e580 r4:a7445d28
[512792.571148] [<802864dc>] (copy_page_range) from [<801241b8>] (dup_mm+0x470/0x4e0)
[512792.578736] r10:a7174f14 r9:a7174f10 r8:a8b9d680 r7:a7c36420 r6:a7174f4c r5:a8b9e580
[512792.586667] r4:a7835d20
[512792.589307] [<80123d48>] (dup_mm) from [<801255e0>] (copy_process+0x10bc/0x1888)
[512792.596807] r10:a749ff60 r9:ffffffff r8:00000000 r7:a749e000 r6:9d283400 r5:a825c300
[512792.604738] r4:00100000
[512792.607378] [<80124524>] (copy_process) from [<80125fb8>] (_do_fork+0x90/0x750)
[512792.614792] r10:00100000 r9:a749e000 r8:801011c4 r7:a749e000 r6:a749ff60 r5:6f25b167
[512792.622722] r4:00000001
[512792.625362] [<80125f28>] (_do_fork) from [<80126954>] (sys_clone+0x80/0x9c)
[512792.632428] r10:00000078 r9:a749e000 r8:801011c4 r7:00000078 r6:7649e000 r5:6f25b167
[512792.640358] r4:a749e000
[512792.643001] [<801268d4>] (sys_clone) from [<80101000>] (ret_fast_syscall+0x0/0x28)
[512792.650671] Exception stack(0xa749ffa8 to 0xa749fff0)
[512792.655828] ffa0: 54ad00fc 76ffe964 00100011 00000000 54ad00fc 00000000
[512792.664112] ffc0: 54ad00fc 76ffe964 7649e000 00000078 54ad0100 54ad0120 00000001 54ad0280
[512792.672391] ffe0: 00000078 54ad00e8 763d590b 763bf746
[512792.677546] r5:76ffe964 r4:54ad00fc
[512792.681484] Mem-Info:
[512792.683936] active_anon:158884 inactive_anon:15315 isolated_anon:0
active_file:1041 inactive_file:1140 isolated_file:0
unevictable:2224 dirty:8 writeback:1 unstable:0
slab_reclaimable:4553 slab_unreclaimable:4490
mapped:5064 shmem:17635 pagetables:1579 bounce:0
free:56987 free_pcp:173 free_cma:53962
[512792.718450] Node 0 active_anon:635536kB inactive_anon:61260kB active_file:4264kB inactive_file:5460kB unevictable:8896kB isolated(anon):0kB isolated(file):0kB mapped:21056kB dirty:32kB writeback:4kB shmem:70540kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[512792.742142] Normal free:226708kB min:3312kB low:4140kB high:4968kB active_anon:635436kB inactive_anon:61260kB active_file:4584kB inactive_file:5652kB unevictable:8896kB writepending:36kB present:1048576kB managed:1015668kB mlocked:0kB kernel_stack:1216kB pagetables:6316kB bounce:0kB free_pcp:192kB local_pcp:0kB free_cma:215848kB
[512792.771461] lowmem_reserve[]: 0 0 0
[512792.775161] Normal: 1651*4kB (UMEC) 839*8kB (UMEC) 495*16kB (UMEC) 221*32kB (UMEC) 78*64kB (UEC) 29*128kB (MC) 1*256kB (U) 40*512kB (C) 35*1024kB (C) 21*2048kB (C) 10*4096kB (C) 2*8192kB (C) 0*16384kB 1*32768kB (C) = 226708kB
[512792.795442] 20243 total pagecache pages
[512792.799391] 0 pages in swap cache
[512792.802816] Swap cache stats: add 0, delete 0, find 0/0
[512792.808232] Free swap = 0kB
[512792.811225] Total swap = 0kB
[512792.814296] 262144 pages RAM
[512792.817288] 0 pages HighMem/MovableOnly
[512792.821232] 8227 pages reserved
[512792.824558] 81920 pages cma reserved
[512792.828247] Tasks state (memory values in pages):
[512792.833057] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
[512792.841890] [ 211] 0 211 9965 1608 67584 0 0 systemd-journal
[512792.851149] [ 224] 0 224 3848 249 16384 0 -1000 systemd-udevd
[512792.860222] [ 317] 0 317 1559 339 12288 0 0 dhclient
[512792.868867] [ 316] 0 316 1559 348 14336 0 0 dhclient
[512792.877508] [ 333] 0 333 1810 856 14336 0 0 haveged
[512792.886061] [ 334] 101 334 4985 261 22528 0 0 systemd-timesyn
[512792.895309] [ 336] 104 336 1342 167 12288 0 0 rpcbind
[512792.903866] [ 368] 106 368 1333 218 12288 0 -900 dbus-daemon
[512792.912684] [ 369] 0 369 6193 356 22528 0 0 rsyslogd
[512792.921327] [ 370] 0 370 2681 178 18432 0 0 systemd-logind
[512792.930490] [ 372] 0 372 1625 158 14336 0 0 cron
[512792.938784] [ 431] 0 431 428 122 10240 0 0 motion_sensor
[512792.947870] [ 560] 0 560 8756 207 18432 0 0 automount
[512792.956597] [ 564] 0 564 1190 172 12288 0 0 login
[512792.964988] [ 566] 0 566 1338 98 12288 0 0 agetty
[512792.973372] [ 572] 0 572 2218 276 16384 0 -1000 sshd
[512792.981664] [ 574] 0 574 946 33 12288 0 0 inputattach
[512792.990569] [ 637] 0 637 3017 379 18432 0 0 systemd
[512792.999122] [ 640] 0 640 3504 402 20480 0 0 (sd-pam)
[512793.007768] [ 653] 0 653 1760 329 12288 0 0 bash
[512793.016057] [ 671] 0 671 2599 1116 18432 0 0 Server.
[512793.025310] [ 732] 0 732 1300 132 12288 0 0 dbus-daemon
[512793.034212] [ 31836] 0 31836 3173 980 22528 0 0 sshd
[512793.042428] [ 31847] 0 31847 422 154 8192 0 0 sftp-server
[512793.051332] [ 5350] 0 5350 2555 351 16384 0 0 sshd
[512793.059631] [ 5452] 0 5452 1793 379 16384 0 0 bash
[512793.067924] [ 5823] 0 5823 2555 350 16384 0 0 sshd
[512793.076216] [ 5833] 0 5833 1760 326 14336 0 0 bash
[512793.084509] [ 6822] 0 6822 792 31 10240 0 0 xinit
[512793.092813] [ 6823] 0 6823 29526 5386 112640 0 0 Xorg
[512793.101103] [ 6827] 0 6827 3655 866 22528 0 0 xterm
[512793.109488] [ 6829] 0 6829 1620 114 14336 0 0 bash
[512793.117784] [ 7256] 0 7256 1549 322 12288 0 0 watch
[512793.126169] [ 7363] 0 7363 127832 56725 520192 0 0 gdb
[512793.134370] [ 7368] 0 7368 281561 93707 1046528 0 0 Launcher
[512793.143613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),task=Launcher,pid=7368,uid=0
[512793.152974] Out of memory: Killed process 7368 (Launcher) total-vm:1126244kB, anon-rss:365128kB, file-rss:5700kB, shmem-rss:4000kB, UID:0 pgtables:1046528kB oom_score_adj:0
[512793.387824] oom_reaper: reaped process 7368 (Launcher), now anon-rss:0kB, file-rss:0kB, shmem-rss:4000kB
您可以减少一些 Asan 功能(或在单独的运行中一项一项启用它们):
# Disable UAR error detection (reduces code and heap size)
CFLAGS+='-fsanitize-address-use-after-return=never -fno-sanitize-address-use-after-scope'
export ASAN_OPTIONS="$ASAN_OPTIONS:detect_stack_use_after_return=1"
# Disable inline instrumentation (slower but saves code size)
CFLAGS+='-fsanitize-address-outline-instrumentation'
# Reduce heap quarantine (reduces heap consumption but also lowers chance of UAF detection)
export ASAN_OPTIONS="$ASAN_OPTIONS:quarantine_size_mb=16"
# Do not keep full backtrace of malloc origin (slightly complicates debugging but reduces heap size)
export ASAN_OPTIONS="$ASAN_OPTIONS:malloc_context_size=5"
编译器选项适用于 Clang,但 GCC 也有类似的开关。
至于交换,我们在 RAM 中启用 compressed swap 方面经验丰富。
我正在尝试使用 Address Sanitizer,但由于内存使用过多,内核一直在终止我的进程。如果没有 Address Sanitizer,该过程运行得很好。
该程序是使用 gcc-8.2.1 为 arm-v7a 编译的
-fno-omit-frame-pointer
-fsanitize=address
-fsanitize-recover=all
-fdata-sections
-ffunction-sections
-fPIC
我开始流程如下:
ASAN_OPTIONS=debug=1:verbosity=0:detect_leaks=0:abort_on_error=0:halt_on_error=0:check_initialization_order=1:allocator_may_return_null=1 ./Launcher
有没有办法减少 Address Sanitizer 的内存占用?不幸的是,启用交换不是一个选项。
这是 dmesg 打印的内核日志:
[512792.413376] Launcher invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0
[512792.424695] CPU: 3 PID: 7786 Comm: Launcher Tainted: G W 5.4.1 #1
[512792.432821] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[512792.439455] Backtrace:
[512792.442039] [<8010eb1c>] (dump_backtrace) from [<8010eee0>] (show_stack+0x20/0x24)
[512792.449721] r7:811d32ec r6:00000000 r5:60070113 r4:811d32ec
[512792.455500] [<8010eec0>] (show_stack) from [<80ba06e8>] (dump_stack+0xbc/0xe8)
[512792.462840] [<80ba062c>] (dump_stack) from [<80257360>] (dump_header+0x64/0x440)
[512792.470343] r10:00000a24 r9:a9a4ce00 r8:00016f9c r7:80e82aac r6:a749fce0 r5:a9a4ce00
[512792.478275] r4:a749fce0 r3:6f25b167
[512792.481958] [<802572fc>] (dump_header) from [<80256364>] (oom_kill_process+0x494/0x4ac)
[512792.490066] r10:00000a24 r9:a9a4c100 r8:00016f9c r7:80e82aac r6:a749fce0 r5:a9a4ce00
[512792.497996] r4:a9a4d264
[512792.500636] [<80255ed0>] (oom_kill_process) from [<80256e8c>] (out_of_memory+0xf8/0x4ec)
[512792.508830] r10:00000a24 r9:a9a4c100 r8:00016f9c r7:8110b640 r6:8110b640 r5:811d8860
[512792.516760] r4:a749fce0
[512792.519405] [<80256d94>] (out_of_memory) from [<802a0910>] (__alloc_pages_nodemask+0xf7c/0x13a4)
[512792.528295] r9:00000000 r8:81107d30 r7:811d5588 r6:0000233c r5:00000000 r4:00000000
[512792.536153] [<8029f994>] (__alloc_pages_nodemask) from [<80285d10>] (__pte_alloc+0x34/0x1ac)
[512792.544697] r10:74b94000 r9:00000000 r8:00000000 r7:a8b9e580 r6:a8b9e580 r5:a7445d28
[512792.552628] r4:a7445d28
[512792.555271] [<80285cdc>] (__pte_alloc) from [<802869c8>] (copy_page_range+0x4ec/0x650)
[512792.563295] r9:00000000 r8:00000000 r7:a8b9e580 r6:a7174f4c r5:a8b9e580 r4:a7445d28
[512792.571148] [<802864dc>] (copy_page_range) from [<801241b8>] (dup_mm+0x470/0x4e0)
[512792.578736] r10:a7174f14 r9:a7174f10 r8:a8b9d680 r7:a7c36420 r6:a7174f4c r5:a8b9e580
[512792.586667] r4:a7835d20
[512792.589307] [<80123d48>] (dup_mm) from [<801255e0>] (copy_process+0x10bc/0x1888)
[512792.596807] r10:a749ff60 r9:ffffffff r8:00000000 r7:a749e000 r6:9d283400 r5:a825c300
[512792.604738] r4:00100000
[512792.607378] [<80124524>] (copy_process) from [<80125fb8>] (_do_fork+0x90/0x750)
[512792.614792] r10:00100000 r9:a749e000 r8:801011c4 r7:a749e000 r6:a749ff60 r5:6f25b167
[512792.622722] r4:00000001
[512792.625362] [<80125f28>] (_do_fork) from [<80126954>] (sys_clone+0x80/0x9c)
[512792.632428] r10:00000078 r9:a749e000 r8:801011c4 r7:00000078 r6:7649e000 r5:6f25b167
[512792.640358] r4:a749e000
[512792.643001] [<801268d4>] (sys_clone) from [<80101000>] (ret_fast_syscall+0x0/0x28)
[512792.650671] Exception stack(0xa749ffa8 to 0xa749fff0)
[512792.655828] ffa0: 54ad00fc 76ffe964 00100011 00000000 54ad00fc 00000000
[512792.664112] ffc0: 54ad00fc 76ffe964 7649e000 00000078 54ad0100 54ad0120 00000001 54ad0280
[512792.672391] ffe0: 00000078 54ad00e8 763d590b 763bf746
[512792.677546] r5:76ffe964 r4:54ad00fc
[512792.681484] Mem-Info:
[512792.683936] active_anon:158884 inactive_anon:15315 isolated_anon:0
active_file:1041 inactive_file:1140 isolated_file:0
unevictable:2224 dirty:8 writeback:1 unstable:0
slab_reclaimable:4553 slab_unreclaimable:4490
mapped:5064 shmem:17635 pagetables:1579 bounce:0
free:56987 free_pcp:173 free_cma:53962
[512792.718450] Node 0 active_anon:635536kB inactive_anon:61260kB active_file:4264kB inactive_file:5460kB unevictable:8896kB isolated(anon):0kB isolated(file):0kB mapped:21056kB dirty:32kB writeback:4kB shmem:70540kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[512792.742142] Normal free:226708kB min:3312kB low:4140kB high:4968kB active_anon:635436kB inactive_anon:61260kB active_file:4584kB inactive_file:5652kB unevictable:8896kB writepending:36kB present:1048576kB managed:1015668kB mlocked:0kB kernel_stack:1216kB pagetables:6316kB bounce:0kB free_pcp:192kB local_pcp:0kB free_cma:215848kB
[512792.771461] lowmem_reserve[]: 0 0 0
[512792.775161] Normal: 1651*4kB (UMEC) 839*8kB (UMEC) 495*16kB (UMEC) 221*32kB (UMEC) 78*64kB (UEC) 29*128kB (MC) 1*256kB (U) 40*512kB (C) 35*1024kB (C) 21*2048kB (C) 10*4096kB (C) 2*8192kB (C) 0*16384kB 1*32768kB (C) = 226708kB
[512792.795442] 20243 total pagecache pages
[512792.799391] 0 pages in swap cache
[512792.802816] Swap cache stats: add 0, delete 0, find 0/0
[512792.808232] Free swap = 0kB
[512792.811225] Total swap = 0kB
[512792.814296] 262144 pages RAM
[512792.817288] 0 pages HighMem/MovableOnly
[512792.821232] 8227 pages reserved
[512792.824558] 81920 pages cma reserved
[512792.828247] Tasks state (memory values in pages):
[512792.833057] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
[512792.841890] [ 211] 0 211 9965 1608 67584 0 0 systemd-journal
[512792.851149] [ 224] 0 224 3848 249 16384 0 -1000 systemd-udevd
[512792.860222] [ 317] 0 317 1559 339 12288 0 0 dhclient
[512792.868867] [ 316] 0 316 1559 348 14336 0 0 dhclient
[512792.877508] [ 333] 0 333 1810 856 14336 0 0 haveged
[512792.886061] [ 334] 101 334 4985 261 22528 0 0 systemd-timesyn
[512792.895309] [ 336] 104 336 1342 167 12288 0 0 rpcbind
[512792.903866] [ 368] 106 368 1333 218 12288 0 -900 dbus-daemon
[512792.912684] [ 369] 0 369 6193 356 22528 0 0 rsyslogd
[512792.921327] [ 370] 0 370 2681 178 18432 0 0 systemd-logind
[512792.930490] [ 372] 0 372 1625 158 14336 0 0 cron
[512792.938784] [ 431] 0 431 428 122 10240 0 0 motion_sensor
[512792.947870] [ 560] 0 560 8756 207 18432 0 0 automount
[512792.956597] [ 564] 0 564 1190 172 12288 0 0 login
[512792.964988] [ 566] 0 566 1338 98 12288 0 0 agetty
[512792.973372] [ 572] 0 572 2218 276 16384 0 -1000 sshd
[512792.981664] [ 574] 0 574 946 33 12288 0 0 inputattach
[512792.990569] [ 637] 0 637 3017 379 18432 0 0 systemd
[512792.999122] [ 640] 0 640 3504 402 20480 0 0 (sd-pam)
[512793.007768] [ 653] 0 653 1760 329 12288 0 0 bash
[512793.016057] [ 671] 0 671 2599 1116 18432 0 0 Server.
[512793.025310] [ 732] 0 732 1300 132 12288 0 0 dbus-daemon
[512793.034212] [ 31836] 0 31836 3173 980 22528 0 0 sshd
[512793.042428] [ 31847] 0 31847 422 154 8192 0 0 sftp-server
[512793.051332] [ 5350] 0 5350 2555 351 16384 0 0 sshd
[512793.059631] [ 5452] 0 5452 1793 379 16384 0 0 bash
[512793.067924] [ 5823] 0 5823 2555 350 16384 0 0 sshd
[512793.076216] [ 5833] 0 5833 1760 326 14336 0 0 bash
[512793.084509] [ 6822] 0 6822 792 31 10240 0 0 xinit
[512793.092813] [ 6823] 0 6823 29526 5386 112640 0 0 Xorg
[512793.101103] [ 6827] 0 6827 3655 866 22528 0 0 xterm
[512793.109488] [ 6829] 0 6829 1620 114 14336 0 0 bash
[512793.117784] [ 7256] 0 7256 1549 322 12288 0 0 watch
[512793.126169] [ 7363] 0 7363 127832 56725 520192 0 0 gdb
[512793.134370] [ 7368] 0 7368 281561 93707 1046528 0 0 Launcher
[512793.143613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),task=Launcher,pid=7368,uid=0
[512793.152974] Out of memory: Killed process 7368 (Launcher) total-vm:1126244kB, anon-rss:365128kB, file-rss:5700kB, shmem-rss:4000kB, UID:0 pgtables:1046528kB oom_score_adj:0
[512793.387824] oom_reaper: reaped process 7368 (Launcher), now anon-rss:0kB, file-rss:0kB, shmem-rss:4000kB
您可以减少一些 Asan 功能(或在单独的运行中一项一项启用它们):
# Disable UAR error detection (reduces code and heap size)
CFLAGS+='-fsanitize-address-use-after-return=never -fno-sanitize-address-use-after-scope'
export ASAN_OPTIONS="$ASAN_OPTIONS:detect_stack_use_after_return=1"
# Disable inline instrumentation (slower but saves code size)
CFLAGS+='-fsanitize-address-outline-instrumentation'
# Reduce heap quarantine (reduces heap consumption but also lowers chance of UAF detection)
export ASAN_OPTIONS="$ASAN_OPTIONS:quarantine_size_mb=16"
# Do not keep full backtrace of malloc origin (slightly complicates debugging but reduces heap size)
export ASAN_OPTIONS="$ASAN_OPTIONS:malloc_context_size=5"
编译器选项适用于 Clang,但 GCC 也有类似的开关。
至于交换,我们在 RAM 中启用 compressed swap 方面经验丰富。