Date: Fri, 14 Jan 2022 03:07:32 -0800 From: Mark Millard <marklmi@yahoo.com> To: freebsd-current <freebsd-current@freebsd.org> Subject: Re: UBSAN report for main [so: 14] zpool status -x : applying non-zero offset 4 to null pointer Message-ID: <077AAF38-04D6-4986-83C8-A401E6A9A57C@yahoo.com> In-Reply-To: <62A093FB-BC32-42F7-B54B-05596A95C4A9@yahoo.com> References: <62A093FB-BC32-42F7-B54B-05596A95C4A9@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2022-Jan-14, at 01:50, Mark Millard <marklmi@yahoo.com> wrote: > # zpool status -x > all pools are healthy > /usr/main-src/sys/contrib/openzfs/module/nvpair/nvpair.c:3129:49: = runtime error: applying non-zero offset 4 to null pointer > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior = /usr/main-src/sys/contrib/openzfs/module/nvpair/nvpair.c:3129:49 in=20 >=20 >=20 > For reference (some manual line splitting): >=20 > # ~/fbsd-based-on-what-commit.sh -C /usr/main-src/ > branch: main > merge-base: a3522837b021a46f2de81303247599ea51163d13 > merge-base: CommitDate: 2022-01-04 03:39:24 +0000 > a3522837b021 (HEAD -> main, freebsd/main, freebsd/HEAD) ipfilter = userland: Fix branch mismerge > n252196 (--first-parent --count for merge-base) >=20 > # uname -apKU > FreeBSD amd64_ZFS 14.0-CURRENT FreeBSD 14.0-CURRENT #29 > main-n252196-a3522837b021-dirty: Mon Jan 3 22:17:33 PST 2022 > = root@amd64_ZFS:/usr/obj/BUILDs/main-amd64-nodbg-clang/usr/main-src/amd64.a= md64/sys/GENERIC-NODBG > amd64 amd64 1400046 1400046 I was able to do the following to give some internal context for the report: # env ASAN_OPTIONS=3Ddetect_container_overflow=3D0 lldb `which zpool` (lldb) target create "/sbin/zpool" Current executable set to '/sbin/zpool' (x86_64). (lldb) run status Process 95471 launched: '/sbin/zpool' (x86_64) pool: zoptb state: ONLINE scan: scrub repaired 0B in 00:00:51 with 0 errors on Sun Oct 31 = 21:48:04 2021 config: NAME STATE READ WRITE CKSUM zoptb ONLINE 0 0 0 nvd2p3 ONLINE 0 0 0 errors: No known data errors Process 95471 stopped * thread #1, name =3D 'zpool', stop reason =3D Nullptr with nonzero = offset frame #0: 0x000000000112fca0 zpool`::__ubsan_on_report() at = ubsan_monitor.cpp:39 36 } 37 =09 38 SANITIZER_WEAK_DEFAULT_IMPL -> 39 void __ubsan::__ubsan_on_report(void) {} 40 =09 41 void __ubsan::__ubsan_get_current_report_data(const char = **OutIssueKind, 42 const char = **OutMessage, (lldb) bt * thread #1, name =3D 'zpool', stop reason =3D Nullptr with nonzero = offset * frame #0: 0x000000000112fca0 zpool`::__ubsan_on_report() at = ubsan_monitor.cpp:39 frame #1: 0x000000000112a461 = zpool`__ubsan::Diag::~Diag(this=3D0x00007fffffffae50) at = ubsan_diag.cpp:354:29 frame #2: 0x000000000112f394 = zpool`handlePointerOverflowImpl(Data=3D<unavailable>, = Base=3D<unavailable>, Result=3D<unavailable>, = Opts=3D(FromUnrecoverableHandler =3D false, pc =3D 34378976794, bp =3D = 140737488335024)) at ubsan_diag.h:0:21 frame #3: 0x000000000112eeca = zpool`::__ubsan_handle_pointer_overflow(Data=3D<unavailable>, = Base=3D<unavailable>, Result=3D<unavailable>) at = ubsan_handlers.cpp:815:3 frame #4: 0x0000000801258e1a libnvpair.so.2`nvlist_common [inlined] = nvs_native(nvs=3D0x00007fffffffb170, nvl=3D0x0000603000000160, = buf=3D0x0000000000000000, buflen=3D0x00007fffffffb2c0) at = nvpair.c:3129:49 frame #5: 0x0000000801258dba = libnvpair.so.2`nvlist_common(nvl=3D<unavailable>, buf=3D<unavailable>, = buflen=3D0x00007fffffffb2c0, encoding=3D<unavailable>, = nvs_op=3D<unavailable>) at nvpair.c:2656:9 frame #6: 0x00000008014135ba = libzfs.so.4`zcmd_write_nvlist_com(hdl=3D<unavailable>, = outnv=3D<unavailable>, outlen=3D<unavailable>, nvl=3D0x0000603000000160) = at libzfs_util.c:1204:2 frame #7: 0x00000008013e0000 = libzfs.so.4`zpool_log_history(hdl=3D0x000061d000000080, message=3D"zpool = status") at libzfs_pool.c:4444:8 frame #8: 0x000000000113770c zpool`main(argc=3D<unavailable>, = argv=3D<unavailable>) at zpool_main.c:10986:10 frame #9: 0x00000000010ada2d zpool`_start(ap=3D<unavailable>, = cleanup=3D<unavailable>) at crt1_c.c:73:7 (lldb) up 4 frame #4: 0x0000000801258e1a libnvpair.so.2`nvlist_common [inlined] = nvs_native(nvs=3D0x00007fffffffb170, nvl=3D0x0000603000000160, = buf=3D0x0000000000000000, buflen=3D0x00007fffffffb2c0) at = nvpair.c:3129:49 3126=09 3127 nvs->nvs_ops =3D &nvs_native_ops; 3128=09 -> 3129 if ((err =3D nvs_native_create(nvs, &native, buf + = sizeof (nvs_header_t), 3130 *buflen - sizeof (nvs_header_t))) !=3D 0) 3131 return (err); 3132=09 (lldb) up 1 frame #5: 0x0000000801258dba = libnvpair.so.2`nvlist_common(nvl=3D<unavailable>, buf=3D<unavailable>, = buflen=3D0x00007fffffffb2c0, encoding=3D<unavailable>, = nvs_op=3D<unavailable>) at nvpair.c:2656:9 2653 */ 2654 if (nvl_endian !=3D host_endian) 2655 return (ENOTSUP); -> 2656 err =3D nvs_native(&nvs, nvl, buf, buflen); 2657 break; 2658 case NV_ENCODE_XDR: 2659 err =3D nvs_xdr(&nvs, nvl, buf, buflen); (lldb) up 1 frame #6: 0x00000008014135ba = libzfs.so.4`zcmd_write_nvlist_com(hdl=3D<unavailable>, = outnv=3D<unavailable>, outlen=3D<unavailable>, nvl=3D0x0000603000000160) = at libzfs_util.c:1204:2 1201 char *packed; 1202 size_t len; 1203=09 -> 1204 verify(nvlist_size(nvl, &len, NV_ENCODE_NATIVE) =3D=3D = 0); 1205=09 1206 if ((packed =3D zfs_alloc(hdl, len)) =3D=3D NULL) 1207 return (-1); (lldb) up 1 frame #7: 0x00000008013e0000 = libzfs.so.4`zpool_log_history(hdl=3D0x000061d000000080, message=3D"zpool = status") at libzfs_pool.c:4444:8 4441=09 4442 args =3D fnvlist_alloc(); 4443 fnvlist_add_string(args, "message", message); -> 4444 err =3D zcmd_write_src_nvlist(hdl, &zc, args); 4445 if (err =3D=3D 0) 4446 err =3D zfs_ioctl(hdl, ZFS_IOC_LOG_HISTORY, = &zc); 4447 nvlist_free(args); (lldb) up 1 frame #8: 0x000000000113770c zpool`main(argc=3D<unavailable>, = argv=3D<unavailable>) at zpool_main.c:10986:10 10983 free(newargv); 10984=09 10985 if (ret =3D=3D 0 && log_history) -> 10986 (void) zpool_log_history(g_zfs, = history_str); 10987=09 10988 libzfs_fini(g_zfs); 10989=09 (lldb) up 1 frame #9: 0x00000000010ada2d zpool`_start(ap=3D<unavailable>, = cleanup=3D<unavailable>) at crt1_c.c:73:7 70 #endif 71 =09 72 handle_static_init(argc, argv, env); -> 73 exit(main(argc, argv, env)); 74 } =3D=3D=3D Mark Millard marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?077AAF38-04D6-4986-83C8-A401E6A9A57C>