Created attachment 201852 [details]
When using the attached test program (which is part of syzkaller) results in a lockup of the operating system. I tested this on FreeBSD head r343837 on amd64 and arm64.
The problem was introduced by the change of head/sys/conf/files in base r343746.
The problem is that calling clang with -fsanitize-coverage=trace-pc,trace-cmp -fno-sanitize=all does not turn off the coverage sanitizer.
This can be demonstrated:
tuexen@epyc:~ % cat test.c
tuexen@epyc:~ % cc -fsanitize-coverage=trace-pc,trace-cmp -o test_1.o -c test.c
tuexen@epyc:~ % cc -fsanitize-coverage=trace-pc,trace-cmp -fno-sanitize-coverage=trace-pc,trace-cmp -o test_2.o -c test.c
tuexen@epyc:~ % cc -fsanitize-coverage=trace-pc,trace-cmp -fno-sanitize=all -o test_3.o -c test.c
tuexen@epyc:~ % ls -l test_?.o
-rw-r--r-- 1 tuexen wheel 1928 Feb 9 11:44 test_1.o
-rw-r--r-- 1 tuexen wheel 1016 Feb 9 11:44 test_2.o
-rw-r--r-- 1 tuexen wheel 1928 Feb 9 11:44 test_3.o
tuexen@epyc:~ % diff test_1.o test_3.o
So wither this is a bug in clang or you can't use -fno-sanitize=all to turn off the coverage sanitizers.
A potential fix is discussed in review D19135.
A commit references this bug:
Date: Mon Feb 11 15:38:05 UTC 2019
New revision: 344012
Fix flags used when compiling kern_kcov.c and subr_coverage.c.
Without this fix, the usage of kernel coverage would lockup the system.
Thanks to Andrew for suggesting the final form of the fix.
Reviewed by: andrew@, emaste@
Differential Revision: https://reviews.freebsd.org/D19135