Re: Arm + KASAN + syzbot

From: Dmitry Vyukov <dvyukov@google.com>
To: Russell King - ARM Linux admin <linux@armlinux.org.uk>
Cc: Linus Walleij <linus.walleij@linaro.org>,
	Arnd Bergmann <arnd@arndb.de>,
	 Krzysztof Kozlowski <krzk@kernel.org>,
	syzkaller <syzkaller@googlegroups.com>,
	 kasan-dev <kasan-dev@googlegroups.com>,
	Hailong Liu <liu.hailong6@zte.com.cn>,
	 Linux ARM <linux-arm-kernel@lists.infradead.org>
Subject: Re: Arm + KASAN + syzbot
Date: Thu, 11 Mar 2021 11:54:22 +0100	[thread overview]
Message-ID: <CACT4Y+YhTGWNcZxe+W+kY4QP9m=Z8iaR5u6-hkQvjvqN4VD1Sw@mail.gmail.com> (raw)
In-Reply-To: <20210127101911.GL1551@shell.armlinux.org.uk>

On Wed, Jan 27, 2021 at 11:19 AM Russell King - ARM Linux admin
<linux@armlinux.org.uk> wrote:
>
> On Wed, Jan 27, 2021 at 09:24:06AM +0100, Linus Walleij wrote:
> > On Tue, Jan 26, 2021 at 10:24 PM Dmitry Vyukov <dvyukov@google.com> wrote:
> >
> > > I've set up an arm32 instance (w/o KASAN for now), but kernel fails during boot:
> > > https://groups.google.com/g/syzkaller-bugs/c/omh0Em-CPq0
> > > So far arm32 testing does not progress beyond attempts to boot.
> >
> > It is booting all right it seems.
> >
> > Today it looks like Hillf Danton found the problem: if I understand correctly
> > the code is executing arm32-on-arm64 (virtualized QEMU for ARM32
> > on ARM64?) and that was not working with the vexpress QEMU model
> > because not properly tested.
> >
> > I don't know if I understand the problem right though :/
>
> There is an issue with ARMv7 and the decompressor currently - see the
> patch from Ard - it's 9052/1 in the patch system.
>
> That's already known to stuff up my 32-bit ARM VMs under KVM - maybe
> other QEMU models are also affected by it.

Status update on the arm syzbot instance:

The boot issue is finally fixed:
https://syzkaller.appspot.com/bug?id=a85a0181a55e02756ce5ffa43c71d74a4e309263

and the instance is up and running:
https://syzkaller.appspot.com/upstream?manager=ci-qemu2-arm32

The instance config:
https://github.com/google/syzkaller/blob/master/dashboard/config/linux/upstream-arm-kasan.config

The instance has KASAN disabled because Go binaries don't run on KASAN kernel:
https://lore.kernel.org/linux-arm-kernel/CACT4Y+YdJoNTqnBSELcEbcbVsKBtJfYUc7_GSXbUQfAJN3JyRg@mail.gmail.com/

It also has KCOV disabled (so no coverage guidance and coverage
reports for now) because KCOV does not fully work on arm:
https://lore.kernel.org/linux-arm-kernel/20210119130010.GA2338@C02TD0UTHF1T.local/T/#m78fdfcc41ae831f91c93ad5dabe63f7ccfb482f0

But the instance seems to be efficient at finding 32-bit specific bugs.

The instance uses qemu tcg and -machine vexpress-a15 -cpu max flags.

The instance uses qemu emulation (-machine vexpress-a15 -cpu max) and
lots of debug configs, so it's quite slow and it makes sense to target
it at arm-specific parts of the kernel as much as possible (rather
than stress generic subsystems that are already stressed on x86). So
the question is: what arm-specific parts are there that we can reach
in qemu?
Can you think of any qemu flags (cpu features, device emulation, etc)?
Any kernel subsystems with heavy arm-specific parts that we may be
missing?

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel