Re: UBSAN report for main [so: 14] zpool status -x : applying non-zero offset 4 to null pointer
Date: Fri, 14 Jan 2022 11:07:32 UTC
On 2022-Jan-14, at 01:50, Mark Millard <marklmi@yahoo.com> wrote:
> # zpool status -x
> all pools are healthy
> /usr/main-src/sys/contrib/openzfs/module/nvpair/nvpair.c:3129:49: runtime error: applying non-zero offset 4 to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/sys/contrib/openzfs/module/nvpair/nvpair.c:3129:49 in
>
>
> For reference (some manual line splitting):
>
> # ~/fbsd-based-on-what-commit.sh -C /usr/main-src/
> branch: main
> merge-base: a3522837b021a46f2de81303247599ea51163d13
> merge-base: CommitDate: 2022-01-04 03:39:24 +0000
> a3522837b021 (HEAD -> main, freebsd/main, freebsd/HEAD) ipfilter userland: Fix branch mismerge
> n252196 (--first-parent --count for merge-base)
>
> # uname -apKU
> FreeBSD amd64_ZFS 14.0-CURRENT FreeBSD 14.0-CURRENT #29
> main-n252196-a3522837b021-dirty: Mon Jan 3 22:17:33 PST 2022
> root@amd64_ZFS:/usr/obj/BUILDs/main-amd64-nodbg-clang/usr/main-src/amd64.amd64/sys/GENERIC-NODBG
> amd64 amd64 1400046 1400046
I was able to do the following to give some internal
context for the report:
# env ASAN_OPTIONS=detect_container_overflow=0 lldb `which zpool`
(lldb) target create "/sbin/zpool"
Current executable set to '/sbin/zpool' (x86_64).
(lldb) run status
Process 95471 launched: '/sbin/zpool' (x86_64)
pool: zoptb
state: ONLINE
scan: scrub repaired 0B in 00:00:51 with 0 errors on Sun Oct 31 21:48:04 2021
config:
NAME STATE READ WRITE CKSUM
zoptb ONLINE 0 0 0
nvd2p3 ONLINE 0 0 0
errors: No known data errors
Process 95471 stopped
* thread #1, name = 'zpool', stop reason = Nullptr with nonzero offset
frame #0: 0x000000000112fca0 zpool`::__ubsan_on_report() at ubsan_monitor.cpp:39
36 }
37
38 SANITIZER_WEAK_DEFAULT_IMPL
-> 39 void __ubsan::__ubsan_on_report(void) {}
40
41 void __ubsan::__ubsan_get_current_report_data(const char **OutIssueKind,
42 const char **OutMessage,
(lldb) bt
* thread #1, name = 'zpool', stop reason = Nullptr with nonzero offset
* frame #0: 0x000000000112fca0 zpool`::__ubsan_on_report() at ubsan_monitor.cpp:39
frame #1: 0x000000000112a461 zpool`__ubsan::Diag::~Diag(this=0x00007fffffffae50) at ubsan_diag.cpp:354:29
frame #2: 0x000000000112f394 zpool`handlePointerOverflowImpl(Data=<unavailable>, Base=<unavailable>, Result=<unavailable>, Opts=(FromUnrecoverableHandler = false, pc = 34378976794, bp = 140737488335024)) at ubsan_diag.h:0:21
frame #3: 0x000000000112eeca zpool`::__ubsan_handle_pointer_overflow(Data=<unavailable>, Base=<unavailable>, Result=<unavailable>) at ubsan_handlers.cpp:815:3
frame #4: 0x0000000801258e1a libnvpair.so.2`nvlist_common [inlined] nvs_native(nvs=0x00007fffffffb170, nvl=0x0000603000000160, buf=0x0000000000000000, buflen=0x00007fffffffb2c0) at nvpair.c:3129:49
frame #5: 0x0000000801258dba libnvpair.so.2`nvlist_common(nvl=<unavailable>, buf=<unavailable>, buflen=0x00007fffffffb2c0, encoding=<unavailable>, nvs_op=<unavailable>) at nvpair.c:2656:9
frame #6: 0x00000008014135ba libzfs.so.4`zcmd_write_nvlist_com(hdl=<unavailable>, outnv=<unavailable>, outlen=<unavailable>, nvl=0x0000603000000160) at libzfs_util.c:1204:2
frame #7: 0x00000008013e0000 libzfs.so.4`zpool_log_history(hdl=0x000061d000000080, message="zpool status") at libzfs_pool.c:4444:8
frame #8: 0x000000000113770c zpool`main(argc=<unavailable>, argv=<unavailable>) at zpool_main.c:10986:10
frame #9: 0x00000000010ada2d zpool`_start(ap=<unavailable>, cleanup=<unavailable>) at crt1_c.c:73:7
(lldb) up 4
frame #4: 0x0000000801258e1a libnvpair.so.2`nvlist_common [inlined] nvs_native(nvs=0x00007fffffffb170, nvl=0x0000603000000160, buf=0x0000000000000000, buflen=0x00007fffffffb2c0) at nvpair.c:3129:49
3126
3127 nvs->nvs_ops = &nvs_native_ops;
3128
-> 3129 if ((err = nvs_native_create(nvs, &native, buf + sizeof (nvs_header_t),
3130 *buflen - sizeof (nvs_header_t))) != 0)
3131 return (err);
3132
(lldb) up 1
frame #5: 0x0000000801258dba libnvpair.so.2`nvlist_common(nvl=<unavailable>, buf=<unavailable>, buflen=0x00007fffffffb2c0, encoding=<unavailable>, nvs_op=<unavailable>) at nvpair.c:2656:9
2653 */
2654 if (nvl_endian != host_endian)
2655 return (ENOTSUP);
-> 2656 err = nvs_native(&nvs, nvl, buf, buflen);
2657 break;
2658 case NV_ENCODE_XDR:
2659 err = nvs_xdr(&nvs, nvl, buf, buflen);
(lldb) up 1
frame #6: 0x00000008014135ba libzfs.so.4`zcmd_write_nvlist_com(hdl=<unavailable>, outnv=<unavailable>, outlen=<unavailable>, nvl=0x0000603000000160) at libzfs_util.c:1204:2
1201 char *packed;
1202 size_t len;
1203
-> 1204 verify(nvlist_size(nvl, &len, NV_ENCODE_NATIVE) == 0);
1205
1206 if ((packed = zfs_alloc(hdl, len)) == NULL)
1207 return (-1);
(lldb) up 1
frame #7: 0x00000008013e0000 libzfs.so.4`zpool_log_history(hdl=0x000061d000000080, message="zpool status") at libzfs_pool.c:4444:8
4441
4442 args = fnvlist_alloc();
4443 fnvlist_add_string(args, "message", message);
-> 4444 err = zcmd_write_src_nvlist(hdl, &zc, args);
4445 if (err == 0)
4446 err = zfs_ioctl(hdl, ZFS_IOC_LOG_HISTORY, &zc);
4447 nvlist_free(args);
(lldb) up 1
frame #8: 0x000000000113770c zpool`main(argc=<unavailable>, argv=<unavailable>) at zpool_main.c:10986:10
10983 free(newargv);
10984
10985 if (ret == 0 && log_history)
-> 10986 (void) zpool_log_history(g_zfs, history_str);
10987
10988 libzfs_fini(g_zfs);
10989
(lldb) up 1
frame #9: 0x00000000010ada2d zpool`_start(ap=<unavailable>, cleanup=<unavailable>) at crt1_c.c:73:7
70 #endif
71
72 handle_static_init(argc, argv, env);
-> 73 exit(main(argc, argv, env));
74 }
===
Mark Millard
marklmi at yahoo.com