Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Jan 2022 03:07:32 -0800
From:      Mark Millard <marklmi@yahoo.com>
To:        freebsd-current <freebsd-current@freebsd.org>
Subject:   Re: UBSAN report for main [so: 14] zpool status -x : applying non-zero offset 4 to null pointer
Message-ID:  <077AAF38-04D6-4986-83C8-A401E6A9A57C@yahoo.com>
In-Reply-To: <62A093FB-BC32-42F7-B54B-05596A95C4A9@yahoo.com>
References:  <62A093FB-BC32-42F7-B54B-05596A95C4A9@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2022-Jan-14, at 01:50, Mark Millard <marklmi@yahoo.com> wrote:

> # zpool status -x
> all pools are healthy
> /usr/main-src/sys/contrib/openzfs/module/nvpair/nvpair.c:3129:49: =
runtime error: applying non-zero offset 4 to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior =
/usr/main-src/sys/contrib/openzfs/module/nvpair/nvpair.c:3129:49 in=20
>=20
>=20
> For reference (some manual line splitting):
>=20
> # ~/fbsd-based-on-what-commit.sh -C /usr/main-src/
> branch: main
> merge-base: a3522837b021a46f2de81303247599ea51163d13
> merge-base: CommitDate: 2022-01-04 03:39:24 +0000
> a3522837b021 (HEAD -> main, freebsd/main, freebsd/HEAD) ipfilter =
userland: Fix branch mismerge
> n252196 (--first-parent --count for merge-base)
>=20
> # uname -apKU
> FreeBSD amd64_ZFS 14.0-CURRENT FreeBSD 14.0-CURRENT #29
> main-n252196-a3522837b021-dirty: Mon Jan  3 22:17:33 PST 2022
> =
root@amd64_ZFS:/usr/obj/BUILDs/main-amd64-nodbg-clang/usr/main-src/amd64.a=
md64/sys/GENERIC-NODBG
> amd64 amd64 1400046 1400046

I was able to do the following to give some internal
context for the report:

# env ASAN_OPTIONS=3Ddetect_container_overflow=3D0 lldb `which zpool`
(lldb) target create "/sbin/zpool"
Current executable set to '/sbin/zpool' (x86_64).
(lldb) run status
Process 95471 launched: '/sbin/zpool' (x86_64)
  pool: zoptb
 state: ONLINE
  scan: scrub repaired 0B in 00:00:51 with 0 errors on Sun Oct 31 =
21:48:04 2021
config:

	NAME        STATE     READ WRITE CKSUM
	zoptb       ONLINE       0     0     0
	  nvd2p3    ONLINE       0     0     0

errors: No known data errors
Process 95471 stopped
* thread #1, name =3D 'zpool', stop reason =3D Nullptr with nonzero =
offset
    frame #0: 0x000000000112fca0 zpool`::__ubsan_on_report() at =
ubsan_monitor.cpp:39
   36  	}
   37  =09
   38  	SANITIZER_WEAK_DEFAULT_IMPL
-> 39  	void __ubsan::__ubsan_on_report(void) {}
   40  =09
   41  	void __ubsan::__ubsan_get_current_report_data(const char =
**OutIssueKind,
   42  	                                              const char =
**OutMessage,
(lldb) bt
* thread #1, name =3D 'zpool', stop reason =3D Nullptr with nonzero =
offset
  * frame #0: 0x000000000112fca0 zpool`::__ubsan_on_report() at =
ubsan_monitor.cpp:39
    frame #1: 0x000000000112a461 =
zpool`__ubsan::Diag::~Diag(this=3D0x00007fffffffae50) at =
ubsan_diag.cpp:354:29
    frame #2: 0x000000000112f394 =
zpool`handlePointerOverflowImpl(Data=3D<unavailable>, =
Base=3D<unavailable>, Result=3D<unavailable>, =
Opts=3D(FromUnrecoverableHandler =3D false, pc =3D 34378976794, bp =3D =
140737488335024)) at ubsan_diag.h:0:21
    frame #3: 0x000000000112eeca =
zpool`::__ubsan_handle_pointer_overflow(Data=3D<unavailable>, =
Base=3D<unavailable>, Result=3D<unavailable>) at =
ubsan_handlers.cpp:815:3
    frame #4: 0x0000000801258e1a libnvpair.so.2`nvlist_common [inlined] =
nvs_native(nvs=3D0x00007fffffffb170, nvl=3D0x0000603000000160, =
buf=3D0x0000000000000000, buflen=3D0x00007fffffffb2c0) at =
nvpair.c:3129:49
    frame #5: 0x0000000801258dba =
libnvpair.so.2`nvlist_common(nvl=3D<unavailable>, buf=3D<unavailable>, =
buflen=3D0x00007fffffffb2c0, encoding=3D<unavailable>, =
nvs_op=3D<unavailable>) at nvpair.c:2656:9
    frame #6: 0x00000008014135ba =
libzfs.so.4`zcmd_write_nvlist_com(hdl=3D<unavailable>, =
outnv=3D<unavailable>, outlen=3D<unavailable>, nvl=3D0x0000603000000160) =
at libzfs_util.c:1204:2
    frame #7: 0x00000008013e0000 =
libzfs.so.4`zpool_log_history(hdl=3D0x000061d000000080, message=3D"zpool =
status") at libzfs_pool.c:4444:8
    frame #8: 0x000000000113770c zpool`main(argc=3D<unavailable>, =
argv=3D<unavailable>) at zpool_main.c:10986:10
    frame #9: 0x00000000010ada2d zpool`_start(ap=3D<unavailable>, =
cleanup=3D<unavailable>) at crt1_c.c:73:7
(lldb) up 4
frame #4: 0x0000000801258e1a libnvpair.so.2`nvlist_common [inlined] =
nvs_native(nvs=3D0x00007fffffffb170, nvl=3D0x0000603000000160, =
buf=3D0x0000000000000000, buflen=3D0x00007fffffffb2c0) at =
nvpair.c:3129:49
   3126=09
   3127		nvs->nvs_ops =3D &nvs_native_ops;
   3128=09
-> 3129		if ((err =3D nvs_native_create(nvs, &native, buf + =
sizeof (nvs_header_t),
   3130		    *buflen - sizeof (nvs_header_t))) !=3D 0)
   3131			return (err);
   3132=09
(lldb) up 1
frame #5: 0x0000000801258dba =
libnvpair.so.2`nvlist_common(nvl=3D<unavailable>, buf=3D<unavailable>, =
buflen=3D0x00007fffffffb2c0, encoding=3D<unavailable>, =
nvs_op=3D<unavailable>) at nvpair.c:2656:9
   2653			 */
   2654			if (nvl_endian !=3D host_endian)
   2655				return (ENOTSUP);
-> 2656			err =3D nvs_native(&nvs, nvl, buf, buflen);
   2657			break;
   2658		case NV_ENCODE_XDR:
   2659			err =3D nvs_xdr(&nvs, nvl, buf, buflen);
(lldb) up 1
frame #6: 0x00000008014135ba =
libzfs.so.4`zcmd_write_nvlist_com(hdl=3D<unavailable>, =
outnv=3D<unavailable>, outlen=3D<unavailable>, nvl=3D0x0000603000000160) =
at libzfs_util.c:1204:2
   1201		char *packed;
   1202		size_t len;
   1203=09
-> 1204		verify(nvlist_size(nvl, &len, NV_ENCODE_NATIVE) =3D=3D =
0);
   1205=09
   1206		if ((packed =3D zfs_alloc(hdl, len)) =3D=3D NULL)
   1207			return (-1);
(lldb) up 1
frame #7: 0x00000008013e0000 =
libzfs.so.4`zpool_log_history(hdl=3D0x000061d000000080, message=3D"zpool =
status") at libzfs_pool.c:4444:8
   4441=09
   4442		args =3D fnvlist_alloc();
   4443		fnvlist_add_string(args, "message", message);
-> 4444		err =3D zcmd_write_src_nvlist(hdl, &zc, args);
   4445		if (err =3D=3D 0)
   4446			err =3D zfs_ioctl(hdl, ZFS_IOC_LOG_HISTORY, =
&zc);
   4447		nvlist_free(args);
(lldb) up 1
frame #8: 0x000000000113770c zpool`main(argc=3D<unavailable>, =
argv=3D<unavailable>) at zpool_main.c:10986:10
   10983		free(newargv);
   10984=09
   10985		if (ret =3D=3D 0 && log_history)
-> 10986			(void) zpool_log_history(g_zfs, =
history_str);
   10987=09
   10988		libzfs_fini(g_zfs);
   10989=09
(lldb) up 1
frame #9: 0x00000000010ada2d zpool`_start(ap=3D<unavailable>, =
cleanup=3D<unavailable>) at crt1_c.c:73:7
   70  	#endif
   71  =09
   72  		handle_static_init(argc, argv, env);
-> 73  		exit(main(argc, argv, env));
   74  	}



=3D=3D=3D
Mark Millard
marklmi at yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?077AAF38-04D6-4986-83C8-A401E6A9A57C>