* [Bug runtime/31699] New: UBSAN errors for systemtap map functions with Fedora Rawhide and Fedora 39 6.8.8 kernels
@ 2024-05-03 23:39 wcohen at redhat dot com
2024-05-03 23:59 ` [Bug runtime/31699] " wcohen at redhat dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: wcohen at redhat dot com @ 2024-05-03 23:39 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=31699
Bug ID: 31699
Summary: UBSAN errors for systemtap map functions with Fedora
Rawhide and Fedora 39 6.8.8 kernels
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
Assignee: systemtap at sourceware dot org
Reporter: wcohen at redhat dot com
Target Milestone: ---
The new Fedora 6.8.8 kernels enable UBSAN* options:
$ grep UBSAN /boot/config-6.8.8-200.fc39.x86_64
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_TRAP is not set
CONFIG_CC_HAS_UBSAN_BOUNDS_STRICT=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_BOUNDS_STRICT=y
CONFIG_UBSAN_SHIFT=y
# CONFIG_UBSAN_DIV_ZERO is not set
# CONFIG_UBSAN_BOOL is not set
# CONFIG_UBSAN_ENUM is not set
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_TEST_UBSAN is not set
When running the systemtap tests that use map function in the runtime with
kernel-6.8.8-200.fc39.x86_64 like the following:
sudo make installcheck RUNTESTFLAGS="systemtap.maps/*.exp"
Will see UBSAN messages in dmesg output like the following:
[ 682.493441] ------------[ cut here ]------------
[ 682.493444] UBSAN: array-index-out-of-bounds in
/home/wcohen/systemtap_write/install/share/systemtap/runtime/linux/map_runtime.h:111:3
[ 682.493445] index 0 is out of range for type 'hlist_head [*]'
[ 682.493447] CPU: 1 PID: 20290 Comm: stapio Tainted: G OE
6.8.8-200.fc39.x86_64 #1
[ 682.493449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-1.fc39 04/01/2014
[ 682.493449] Call Trace:
[ 682.493451] <TASK>
[ 682.493453] dump_stack_lvl+0x64/0x80
[ 682.493459] __ubsan_handle_out_of_bounds+0x95/0xd0
[ 682.493463] _stp_map_new_ii.constprop.0+0x171/0x280
[stap_879665d1a5a686ace4d39253fe17891_20290]
[ 682.493472] _stp_ctl_write_cmd+0xc20/0xf90
[stap_879665d1a5a686ace4d39253fe17891_20290]
[ 682.493478] proc_reg_write+0x5a/0xa0
[ 682.493480] vfs_write+0xed/0x470
[ 682.493482] ? __handle_mm_fault+0xba3/0xe50
[ 682.493484] ? mutex_lock+0x12/0x30
[ 682.493486] ksys_write+0x6f/0xf0
[ 682.493488] do_syscall_64+0x83/0x170
[ 682.493490] ? count_memcg_events.constprop.0+0x1a/0x30
[ 682.493491] ? handle_mm_fault+0xa2/0x360
[ 682.493493] ? do_user_addr_fault+0x304/0x690
[ 682.493495] ? clear_bhb_loop+0x55/0xb0
[ 682.493497] ? clear_bhb_loop+0x55/0xb0
[ 682.493498] ? clear_bhb_loop+0x55/0xb0
[ 682.493500] entry_SYSCALL_64_after_hwframe+0x78/0x80
[ 682.493501] RIP: 0033:0x7f0a3c7a8f1d
[ 682.493509] Code: e5 48 83 ec 20 48 89 55 e8 48 89 75 f0 89 7d f8 e8 08 1b
f8 ff 48 8b 55 e8 48 8b 75 f0 41 89 c0 8b 7d f8 b8 01 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 5f 1b f8 ff 48 8b
[ 682.493511] RSP: 002b:00007ffe6999e8b0 EFLAGS: 00000293 ORIG_RAX:
0000000000000001
[ 682.493512] RAX: ffffffffffffffda RBX: 0000000000000008 RCX:
00007f0a3c7a8f1d
[ 682.493514] RDX: 000000000000000c RSI: 00007ffe6999e8e0 RDI:
0000000000000004
[ 682.493515] RBP: 00007ffe6999e8d0 R08: 0000000000000000 R09:
00007ffe6999daa7
[ 682.493516] R10: 0000000000000008 R11: 0000000000000293 R12:
00007ffe6999ed60
[ 682.493516] R13: 0000000000000000 R14: 0000000000000001 R15:
00007ffe6999ede4
[ 682.493518] </TASK>
[ 682.493518] ---[ end trace ]---
[ 682.493547] stap_879665d1a5a686ace4d39253fe17891_20290 (foreach_limit.stp):
systemtap: 5.1/0.191, base: ffffffffc0b3c000, memory:
32data/52text/21ctx/32870net/225alloc kb, probes: 2
[ 682.493551] ------------[ cut here ]------------
[ 682.493551] UBSAN: array-index-out-of-bounds in
/home/wcohen/systemtap_write/install/share/systemtap/runtime/map-gen.c:818:21
[ 682.493552] index 217 is out of range for type 'hlist_head [*]'
[ 682.493553] CPU: 1 PID: 20290 Comm: stapio Tainted: G OE
6.8.8-200.fc39.x86_64 #1
[ 682.493554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-1.fc39 04/01/2014
[ 682.493555] Call Trace:
[ 682.493556] <TASK>
[ 682.493556] dump_stack_lvl+0x64/0x80
[ 682.493558] __ubsan_handle_out_of_bounds+0x95/0xd0
[ 682.493561] _stp_map_set_ii+0x1b9/0x1c0
[stap_879665d1a5a686ace4d39253fe17891_20290]
[ 682.493567] probe_6382+0x8e/0x25f0
[stap_879665d1a5a686ace4d39253fe17891_20290]
[ 682.493573] ? _printk+0x64/0x80
[ 682.493575] enter_be_probe.constprop.0+0x107/0x210
[stap_879665d1a5a686ace4d39253fe17891_20290]
[ 682.493580] _stp_ctl_write_cmd+0xd3c/0xf90
[stap_879665d1a5a686ace4d39253fe17891_20290]
[ 682.493586] proc_reg_write+0x5a/0xa0
[ 682.493588] vfs_write+0xed/0x470
[ 682.493589] ? __handle_mm_fault+0xba3/0xe50
[ 682.493591] ? mutex_lock+0x12/0x30
[ 682.493592] ksys_write+0x6f/0xf0
[ 682.493594] do_syscall_64+0x83/0x170
[ 682.493595] ? count_memcg_events.constprop.0+0x1a/0x30
[ 682.493597] ? handle_mm_fault+0xa2/0x360
[ 682.493598] ? do_user_addr_fault+0x304/0x690
[ 682.493600] ? clear_bhb_loop+0x55/0xb0
[ 682.493601] ? clear_bhb_loop+0x55/0xb0
[ 682.493603] ? clear_bhb_loop+0x55/0xb0
[ 682.493604] entry_SYSCALL_64_after_hwframe+0x78/0x80
[ 682.493605] RIP: 0033:0x7f0a3c7a8f1d
[ 682.493607] Code: e5 48 83 ec 20 48 89 55 e8 48 89 75 f0 89 7d f8 e8 08 1b
f8 ff 48 8b 55 e8 48 8b 75 f0 41 89 c0 8b 7d f8 b8 01 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 5f 1b f8 ff 48 8b
[ 682.493608] RSP: 002b:00007ffe6999e8b0 EFLAGS: 00000293 ORIG_RAX:
0000000000000001
[ 682.493610] RAX: ffffffffffffffda RBX: 0000000000000008 RCX:
00007f0a3c7a8f1d
[ 682.493610] RDX: 000000000000000c RSI: 00007ffe6999e8e0 RDI:
0000000000000004
[ 682.493611] RBP: 00007ffe6999e8d0 R08: 0000000000000000 R09:
00007ffe6999daa7
[ 682.493612] R10: 0000000000000008 R11: 0000000000000293 R12:
00007ffe6999ed60
[ 682.493613] R13: 0000000000000000 R14: 0000000000000001 R15:
00007ffe6999ede4
[ 682.493614] </TASK>
[ 682.493614] ---[ end trace ]---
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-05-06 14:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-03 23:39 [Bug runtime/31699] New: UBSAN errors for systemtap map functions with Fedora Rawhide and Fedora 39 6.8.8 kernels wcohen at redhat dot com
2024-05-03 23:59 ` [Bug runtime/31699] " wcohen at redhat dot com
2024-05-04 2:47 ` wcohen at redhat dot com
2024-05-06 14:11 ` wcohen at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).