From a5e765400be062437431445e638dbb1774574e53 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 7 Mar 2018 13:40:36 +0100
Subject: [PATCH] pkg/report: improve invalid-free format and ignore more
 mutex-related functions

---
 pkg/report/linux.go                  |  3 +
 pkg/report/testdata/linux/report/215 | 77 ++++++++++++++++++++++
 pkg/report/testdata/linux/report/216 | 98 ++++++++++++++++++++++++++++
 3 files changed, 178 insertions(+)
 create mode 100644 pkg/report/testdata/linux/report/215
 create mode 100644 pkg/report/testdata/linux/report/216

diff --git a/pkg/report/linux.go b/pkg/report/linux.go
index 69284b84..bccd615c 100644
--- a/pkg/report/linux.go
+++ b/pkg/report/linux.go
@@ -558,6 +558,8 @@ var linuxStackParams = &stackParams{
 		"down_write_trylock",
 		"up_read",
 		"up_write",
+		"mutex_lock",
+		"mutex_unlock",
 		"memcpy",
 		"memcmp",
 		"memset",
@@ -616,6 +618,7 @@ var linuxOopses = []*oops{
 						compile("Call Trace:"),
 						parseStackTrace,
 					},
+					skip: []string{"kmem_", "slab_", "kfree", "vunmap", "vfree"},
 				},
 			},
 			{
diff --git a/pkg/report/testdata/linux/report/215 b/pkg/report/testdata/linux/report/215
new file mode 100644
index 00000000..ffe9c3f7
--- /dev/null
+++ b/pkg/report/testdata/linux/report/215
@@ -0,0 +1,77 @@
+TITLE: general protection fault in drain_workqueue
+
+[   52.099632] kasan: GPF could be caused by NULL-ptr deref or user memory access
+[   52.106982] general protection fault: 0000 [#1] SMP KASAN
+[   52.112852] Modules linked in:
+[   52.116130] CPU: 1 PID: 4672 Comm: syzkaller354295 Not tainted 4.3.5+ #21
+[   52.123024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[   52.132353] task: ffff8801d5e522c0 ti: ffff8801d6fb0000 task.ti: ffff8801d6fb0000
+[   52.139937] RIP: 0010:[<ffffffff8143d030>]  [<ffffffff8143d030>] __lock_acquire+0xc00/0x4e80
+[   52.148604] RSP: 0018:ffff8801d6fb3420  EFLAGS: 00010002
+[   52.154021] RAX: dffffc0000000000 RBX: ffff8801d5e522c0 RCX: 0000000000000000
+[   52.161261] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000080
+[   52.168498] RBP: ffff8801d6fb35c0 R08: 0000000000000001 R09: 0000000000000000
+[   52.175735] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000080
+[   52.182974] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
+[   52.190213] FS:  0000000000000000(0000) GS:ffff8801dab00000(0000) knlGS:0000000000000000
+[   52.198407] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
+[   52.204256] CR2: 0000000020000340 CR3: 00000000bac51000 CR4: 00000000001626f0
+[   52.211498] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[   52.218734] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[   52.225972] Stack:
+[   52.228089]  0000000041b58ab3 ffffffff83c6ee98 ffffffff8143c430 ffff8801d5e522c0
+[   52.236058]  ffff8801d5e52b82 ffff8801d5e522c0 ffff8801d6fb3460 ffffffff81474b47
+[   52.244029]  ffff8801d6fb3608 ffffffff8143dbe8 0000000000000000 ffff8801d6fb3488
+[   52.251988] Call Trace:
+[   52.254551]  [<ffffffff8143c430>] ? debug_check_no_locks_freed+0x2b0/0x2b0
+[   52.261534]  [<ffffffff81474b47>] ? debug_lockdep_rcu_enabled+0x77/0x90
+[   52.268254]  [<ffffffff8143dbe8>] ? __lock_acquire+0x17b8/0x4e80
+[   52.274381]  [<ffffffff81474b47>] ? debug_lockdep_rcu_enabled+0x77/0x90
+[   52.281128]  [<ffffffff8143c430>] ? debug_check_no_locks_freed+0x2b0/0x2b0
+[   52.288129]  [<ffffffff8143d423>] ? __lock_acquire+0xff3/0x4e80
+[   52.294169]  [<ffffffff81582cc4>] ? is_ftrace_trampoline+0xc4/0x120
+[   52.300556]  [<ffffffff8143d423>] ? __lock_acquire+0xff3/0x4e80
+[   52.306602]  [<ffffffff81474b47>] ? debug_lockdep_rcu_enabled+0x77/0x90
+[   52.313342]  [<ffffffff81442e2b>] lock_acquire+0x13b/0x350
+[   52.318953]  [<ffffffff8136e3c0>] ? drain_workqueue+0x90/0x4d0
+[   52.324905]  [<ffffffff81009544>] mutex_lock_nested+0xc4/0x950
+[   52.330845]  [<ffffffff8136e3c0>] ? drain_workqueue+0x90/0x4d0
+[   52.336785]  [<ffffffff8143c430>] ? debug_check_no_locks_freed+0x2b0/0x2b0
+[   52.343777]  [<ffffffff81225bc1>] ? dump_trace+0x171/0x330
+[   52.349371]  [<ffffffff81009480>] ? _mutex_lock_nest_lock+0x950/0x950
+[   52.355927]  [<ffffffff81e60209>] ? depot_save_stack+0x1c9/0x600
+[   52.362047]  [<ffffffff8136e3c0>] drain_workqueue+0x90/0x4d0
+[   52.367814]  [<ffffffff8143b79c>] ? mark_held_locks+0xcc/0x160
+[   52.373757]  [<ffffffff8136e330>] ? flush_workqueue+0x1750/0x1750
+[   52.379960]  [<ffffffff8100b6ee>] ? mutex_unlock+0xe/0x10
+[   52.385467]  [<ffffffff8143bdcd>] ? trace_hardirqs_on+0xd/0x10
+[   52.391409]  [<ffffffff82903760>] ? ucma_free_ctx+0xb40/0xb40
+[   52.397264]  [<ffffffff8137493c>] destroy_workqueue+0x7c/0x700
+[   52.403214]  [<ffffffff8100b668>] ? __mutex_unlock_slowpath+0x2c8/0x340
+[   52.409945]  [<ffffffff813748c0>] ? wq_sysfs_prep_attrs+0x2b0/0x2b0
+[   52.416320]  [<ffffffff8143bdcd>] ? trace_hardirqs_on+0xd/0x10
+[   52.422260]  [<ffffffff82903760>] ? ucma_free_ctx+0xb40/0xb40
+[   52.428117]  [<ffffffff8290399c>] ucma_close+0x23c/0x2e0
+[   52.433543]  [<ffffffff813a3a25>] ? __might_sleep+0x95/0x1a0
+[   52.439307]  [<ffffffff82903760>] ? ucma_free_ctx+0xb40/0xb40
+[   52.445162]  [<ffffffff81851948>] __fput+0x238/0x6f0
+[   52.450234]  [<ffffffff81851e8a>] ____fput+0x1a/0x20
+[   52.455311]  [<ffffffff8137ffd0>] task_work_run+0x1a0/0x240
+[   52.460996]  [<ffffffff81321b5d>] do_exit+0xc2d/0x29a0
+[   52.466246]  [<ffffffff81320f30>] ? release_task+0x20/0x20
+[   52.471837]  [<ffffffff813801e8>] ? __kernel_text_address+0x88/0xc0
+[   52.478210]  [<ffffffff81436840>] ? check_noncircular+0x20/0x20
+[   52.484242]  [<ffffffff8134e4e7>] ? get_signal+0x6a7/0x1600
+[   52.489925]  [<ffffffff81323a56>] do_group_exit+0x116/0x340
+[   52.495605]  [<ffffffff8134e4d4>] get_signal+0x694/0x1600
+[   52.501113]  [<ffffffff8121921e>] do_signal+0x7e/0x400
+[   52.506363]  [<ffffffff81e363f0>] ? debug_object_active_state+0x3b0/0x3b0
+[   52.513258]  [<ffffffff812191a0>] ? __handle_signal+0x18b0/0x18b0
+[   52.519459]  [<ffffffff8187fbc0>] ? putname+0xe0/0x120
+[   52.524705]  [<ffffffff81474d58>] ? rcu_read_lock_sched_held+0x108/0x120
+[   52.531511]  [<ffffffff817e64c3>] ? kmem_cache_free+0x243/0x2b0
+[   52.537537]  [<ffffffff8187fbc5>] ? putname+0xe5/0x120
+[   52.542782]  [<ffffffff8101a4da>] ? prepare_exit_to_usermode+0x11a/0x390
+[   52.549590]  [<ffffffff8101a539>] prepare_exit_to_usermode+0x179/0x390
+[   52.556225]  [<ffffffff8101a817>] syscall_return_slowpath+0xc7/0x5c0
+[   52.562687]  [<ffffffff8316a4e3>] int_ret_from_sys_call+0x25/0xba
diff --git a/pkg/report/testdata/linux/report/216 b/pkg/report/testdata/linux/report/216
new file mode 100644
index 00000000..45b33b2e
--- /dev/null
+++ b/pkg/report/testdata/linux/report/216
@@ -0,0 +1,98 @@
+TITLE: KASAN: invalid-free in xt_free_table_info
+
+[  368.542732] ==================================================================
+[  368.550228] BUG: KASAN: double-free or invalid-free in kvfree+0x36/0x60
+[  368.556946] 
+[  368.558547] CPU: 1 PID: 4260 Comm: syz-executor4 Not tainted 4.16.0-rc4+ #254
+[  368.565787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[  368.575111] Call Trace:
+[  368.577669]  dump_stack+0x194/0x24d
+[  368.581271]  ? arch_local_irq_restore+0x53/0x53
+[  368.585910]  ? show_regs_print_info+0x18/0x18
+[  368.590383]  ? find_next_bit+0xcc/0x100
+[  368.594331]  ? kvfree+0x36/0x60
+[  368.597583]  print_address_description+0x73/0x250
+[  368.602394]  ? kvfree+0x36/0x60
+[  368.605641]  ? kvfree+0x36/0x60
+[  368.608891]  kasan_report_invalid_free+0x55/0x80
+[  368.613620]  __kasan_slab_free+0x145/0x170
+[  368.617827]  ? kvfree+0x36/0x60
+[  368.621077]  kasan_slab_free+0xe/0x10
+[  368.624851]  kfree+0xd9/0x260
+[  368.627930]  kvfree+0x36/0x60
+[  368.631009]  xt_free_table_info+0xaf/0x170
+[  368.635228]  __do_replace+0x810/0xa70
+[  368.639016]  ? compat_table_info+0x4a0/0x4a0
+[  368.643404]  ? kasan_check_write+0x14/0x20
+[  368.647610]  ? _copy_from_user+0x99/0x110
+[  368.651731]  do_ip6t_set_ctl+0x40f/0x5f0
+[  368.655765]  ? translate_compat_table+0x1c50/0x1c50
+[  368.660762]  ? mutex_unlock+0xd/0x10
+[  368.664444]  ? nf_sockopt_find.constprop.0+0x1a7/0x220
+[  368.669692]  nf_setsockopt+0x67/0xc0
+[  368.673380]  ipv6_setsockopt+0x10b/0x130
+[  368.677416]  tcp_setsockopt+0x82/0xd0
+[  368.681194]  sock_common_setsockopt+0x95/0xd0
+[  368.685664]  SyS_setsockopt+0x189/0x360
+[  368.689615]  ? SyS_recv+0x40/0x40
+[  368.693044]  ? mm_fault_error+0x2c0/0x2c0
+[  368.697163]  ? move_addr_to_kernel+0x60/0x60
+[  368.701544]  ? do_syscall_64+0xb7/0x940
+[  368.705490]  ? SyS_recv+0x40/0x40
+[  368.708916]  do_syscall_64+0x281/0x940
+[  368.712774]  ? __do_page_fault+0xc90/0xc90
+[  368.716982]  ? trace_event_raw_event_sys_exit+0x260/0x260
+[  368.722489]  ? syscall_return_slowpath+0x550/0x550
+[  368.727397]  ? retint_user+0x18/0x18
+[  368.731089]  ? trace_hardirqs_off_thunk+0x1a/0x1c
+[  368.735910]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[  368.741079] RIP: 0033:0x45697a
+[  368.744246] RSP: 002b:0000000000a3e3b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
+[  368.751927] RAX: ffffffffffffffda RBX: 0000000000a3e3e0 RCX: 000000000045697a
+[  368.759168] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000013
+[  368.766407] RBP: 00000000006fd900 R08: 00000000000003b8 R09: 0000000000004000
+[  368.773647] R10: 00000000006fb6e0 R11: 0000000000000206 R12: 0000000000000000
+[  368.780886] R13: 0000000000000013 R14: 0000000000000029 R15: 00000000006fb740
+[  368.788140] 
+[  368.789739] Allocated by task 7667:
+[  368.793338]  save_stack+0x43/0xd0
+[  368.796763]  kasan_kmalloc+0xad/0xe0
+[  368.800448]  __kmalloc_track_caller+0x15e/0x760
+[  368.805090]  kmemdup+0x24/0x50
+[  368.808255]  selinux_cred_prepare+0x43/0xa0
+[  368.812547]  security_prepare_creds+0x7d/0xb0
+[  368.817015]  prepare_creds+0x2b1/0x360
+[  368.820883]  SyS_access+0x8f/0x6a0
+[  368.824399]  do_syscall_64+0x281/0x940
+[  368.828256]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[  368.833413] 
+[  368.835015] Freed by task 7667:
+[  368.838269]  save_stack+0x43/0xd0
+[  368.841698]  __kasan_slab_free+0x11a/0x170
+[  368.845913]  kasan_slab_free+0xe/0x10
+[  368.849682]  kfree+0xd9/0x260
+[  368.852757]  selinux_cred_free+0x48/0x70
+[  368.856789]  security_cred_free+0x48/0x80
+[  368.860906]  put_cred_rcu+0x106/0x400
+[  368.864678]  rcu_process_callbacks+0xd6c/0x17f0
+[  368.869315]  __do_softirq+0x2d7/0xb85
+[  368.873084] 
+[  368.874686] The buggy address belongs to the object at ffff8801c95e2880
+[  368.874686]  which belongs to the cache kmalloc-32 of size 32
+[  368.887135] The buggy address is located 0 bytes inside of
+[  368.887135]  32-byte region [ffff8801c95e2880, ffff8801c95e28a0)
+[  368.898715] The buggy address belongs to the page:
+[  368.903616] page:ffffea0007257880 count:1 mapcount:0 mapping:ffff8801c95e2000 index:0xffff8801c95e2fc1
+[  368.913035] flags: 0x2fffc0000000100(slab)
+[  368.917246] raw: 02fffc0000000100 ffff8801c95e2000 ffff8801c95e2fc1 000000010000000f
+[  368.925100] raw: ffffea0006eae820 ffffea0006bb8b20 ffff8801dac001c0 0000000000000000
+[  368.932954] page dumped because: kasan: bad access detected
+[  368.938630] 
+[  368.940228] Memory state around the buggy address:
+[  368.945126]  ffff8801c95e2780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
+[  368.952455]  ffff8801c95e2800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
+[  368.959793] >ffff8801c95e2880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
+[  368.967127]                    ^
+[  368.970461]  ffff8801c95e2900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
+[  368.977790]  ffff8801c95e2980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
+[  368.985119] ==================================================================