From: Ihor Solodrai <ihor.solodrai@linux.dev>
To: Eduard Zingerman <eddyz87@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>
Cc: "Amery Hung" <ameryhung@gmail.com>,
"Mykyta Yatsenko" <yatsenko@meta.com>,
"Alexis Lothoré" <alexis.lothore@bootlin.com>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-team@meta.com
Subject: Re: [PATCH bpf-next v1 00/14] selftests/bpf: Fixes for userspace ASAN
Date: Fri, 13 Feb 2026 08:13:38 -0800 [thread overview]
Message-ID: <de259393-c414-4834-bd62-b65774e201a7@linux.dev> (raw)
In-Reply-To: <b1399390b3e34961c3afd5a6a06c3c7bb3a4666a.camel@gmail.com>
On 2/12/26 4:23 PM, Eduard Zingerman wrote:
> On Thu, 2026-02-12 at 15:57 -0800, Ihor Solodrai wrote:
>
> [...]
>
>>> CFLAGS += -g $(OPT_FLAGS) -rdynamic -std=gnu11 \
>>> - -Wall -Werror -fno-omit-frame-pointer \
>>> + -Wall -fno-omit-frame-pointer \
>>
>> I think you've cheated a little bit here, because with -Werror
>
> It's just a model of a memory error, see below an example that does
> not generate compiler warnings.
>
>> If it's removed, then I can reproduce the same stacktrace, which AFAIU
>> is an invalid dereference inside the ASAN itself.
>
> See below, if I remove custom signal handler there is a regular ASAN
> error message:
>
> ==156==ERROR: AddressSanitizer: SEGV on unknown address 0xfffffffffffffffa (pc 0x7fa03160df4a bp 0x7fa0317bc980 sp 0x7ffee7c85170 T0)
> ==156==The signal is caused by a WRITE memory access.
> #0 0x7fa03160df4a in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/lib64/libasan.so.8+0xdf4a) (BuildId: d3cb6206dff19da52969c009f4cd93611901c478)
> #1 0x7fa0316e5bb9 in free.part.0 (/lib64/libasan.so.8+0xe5bb9) (BuildId: d3cb6206dff19da52969c009f4cd93611901c478)
> #2 0x000000d19cd9 in free_test_states /home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs.c:1930
> #3 0x000000d1a897 in main /home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs.c:2107
> #4 0x7fa0313c45f4 in __libc_start_call_main (/lib64/libc.so.6+0x35f4) (BuildId: a1dda014206b55b07f58fe8db80121b752dc3d03)
> #5 0x7fa0313c46a7 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x36a7) (BuildId: a1dda014206b55b07f58fe8db80121b752dc3d03)
> #6 0x000000401934 in _start (/home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs+0x401934) (BuildId: 9190db005d475ee7a8e9294bb32cfbd520c330dc)
>
> ==156==Register values:
> rax = 0x0000000000000002 rbx = 0x000000000000000a rcx = 0x0000000000000000 rdx = 0x0000000000000003
> rdi = 0x000000000000000a rsi = 0x000000000000000a rbp = 0x00007fa0317bc980 rsp = 0x00007ffee7c85170
> r8 = 0x00007ffee7c851d0 r9 = 0x0000000000000001 r10 = 0x0000000000000005 r11 = 0x0000000000401935
> r12 = 0x00007ffee7c851d0 r13 = 0xfffffffffffffffa r14 = 0x0000000000000001 r15 = 0x0000000000000000
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV /home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs.c:1930 in free_test_states
>
> So, there is indeed a conflict between test_progs signal handler and
> ASAN default signal handler.
As it turns out, only one signal handler can be installed at a time [1].
From man [2]:
The sigaction() system call is used to *change* the action taken by
a process on receipt of a specific signal.
So what happens is test_prog's custom signal handler *overwrites* ASAN's
signal handler leading to the weirdness we are seeing.
[1] https://stackoverflow.com/questions/17102919/is-it-valid-to-have-multiple-signal-handlers-for-same-signal
[2] https://man7.org/linux/man-pages/man2/sigaction.2.html
We should probably do then:
diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
index 02a85dda30e6..77a36f6ca352 100644
--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -1672,14 +1672,15 @@ static void server_main(void)
{
pthread_t *dispatcher_threads;
struct dispatch_data *data;
+ int i;
+
+#ifndef __SANITIZE_ADDRESS__
struct sigaction sigact_int = {
.sa_handler = sigint_handler,
.sa_flags = SA_RESETHAND,
};
- int i;
-
sigaction(SIGINT, &sigact_int, NULL);
-
+#endif
dispatcher_threads = calloc(sizeof(pthread_t), env.workers);
data = calloc(sizeof(struct dispatch_data), env.workers);
>
> [...]
>
> --- a/tools/testing/selftests/bpf/test_progs.c
> +++ b/tools/testing/selftests/bpf/test_progs.c
> @@ -1913,6 +1913,8 @@ static int worker_main(int sock)
> return 0;
> }
>
> +void *ptr;
> +
> static void free_test_states(void)
> {
> int i, j;
> @@ -1924,7 +1926,8 @@ static void free_test_states(void)
> free_subtest_state(&test_state->subtest_states[j]);
>
> free(test_state->subtest_states);
> - free(test_state->log_buf);
> + ptr = test_state->log_buf + 10;
> + free(ptr);
> test_state->subtest_states = NULL;
> test_state->log_buf = NULL;
> }
> @@ -1944,13 +1947,15 @@ int main(int argc, char **argv)
> .parser = parse_arg,
> .doc = argp_program_doc,
> };
> - struct sigaction sigact = {
> - .sa_handler = crash_handler,
> - .sa_flags = SA_RESETHAND,
> - };
> + /*
> + * struct sigaction sigact = {
> + * .sa_handler = crash_handler,
> + * .sa_flags = SA_RESETHAND,
> + * };
> + */
> int err, i;
>
> - sigaction(SIGSEGV, &sigact, NULL);
> + //sigaction(SIGSEGV, &sigact, NULL);
>
> env.stdout_saved = stdout;
> env.stderr_saved = stderr;
next prev parent reply other threads:[~2026-02-13 16:13 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-12 1:13 [PATCH bpf-next v1 00/14] selftests/bpf: Fixes for userspace ASAN Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 01/14] selftests/bpf: Pass through build flags to bpftool and resolve_btfids Ihor Solodrai
2026-02-12 2:39 ` Alexei Starovoitov
2026-02-12 3:08 ` Ihor Solodrai
2026-02-13 0:08 ` Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 02/14] resolve_btfids: Fix memory leaks reported by ASAN Ihor Solodrai
2026-02-12 11:28 ` Jiri Olsa
2026-02-12 1:13 ` [PATCH bpf-next v1 03/14] selftests/bpf: Add DENYLIST.asan Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 04/14] selftests/bpf: Refactor bpf_get_ksyms() trace helper Ihor Solodrai
2026-02-12 11:29 ` Jiri Olsa
2026-02-17 20:42 ` Ihor Solodrai
2026-02-18 13:14 ` Jiri Olsa
2026-02-13 9:56 ` Alexis Lothoré
2026-02-12 1:13 ` [PATCH bpf-next v1 05/14] selftests/bpf: Fix memory leaks in tests Ihor Solodrai
2026-02-12 23:08 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 06/14] selftests/bpf: Fix cleanup in check_fd_array_cnt__fd_array_too_big() Ihor Solodrai
2026-02-12 23:17 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 07/14] veristat: Fix a memory leak for preset ENUMERATOR Ihor Solodrai
2026-02-12 13:37 ` Mykyta Yatsenko
2026-02-12 1:13 ` [PATCH bpf-next v1 08/14] selftests/bpf: Fix use-after-free in xdp_metadata test Ihor Solodrai
2026-02-12 13:40 ` Mykyta Yatsenko
2026-02-12 1:13 ` [PATCH bpf-next v1 09/14] selftests/bpf: Fix double thread join in uprobe_multi_test Ihor Solodrai
2026-02-12 11:29 ` Jiri Olsa
2026-02-12 14:49 ` Mykyta Yatsenko
2026-02-13 16:48 ` Jiri Olsa
2026-02-12 1:13 ` [PATCH bpf-next v1 10/14] selftests/bpf: Fix resource leaks caused by missing cleanups Ihor Solodrai
2026-02-13 0:45 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 11/14] selftests/bpf: Free bpf_object in test_sysctl Ihor Solodrai
2026-02-13 0:54 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 12/14] selftests/bpf: Fix array bounds warning in jit_disasm_helpers Ihor Solodrai
2026-02-13 1:02 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 13/14] selftests/bpf: Fix out-of-bounds array access bugs reported by ASAN Ihor Solodrai
2026-02-13 1:11 ` Eduard Zingerman
2026-02-17 23:27 ` Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 14/14] selftests/bpf: Check BPFTOOL env var in detect_bpftool_path() Ihor Solodrai
2026-02-12 15:03 ` Mykyta Yatsenko
2026-02-13 10:36 ` Alexis Lothoré
2026-02-12 22:00 ` [PATCH bpf-next v1 00/14] selftests/bpf: Fixes for userspace ASAN Eduard Zingerman
2026-02-12 23:57 ` Ihor Solodrai
2026-02-13 0:23 ` Eduard Zingerman
2026-02-13 16:13 ` Ihor Solodrai [this message]
2026-02-13 18:06 ` Eduard Zingerman
2026-02-12 23:26 ` Eduard Zingerman
2026-02-13 17:56 ` Ihor Solodrai
2026-02-13 18:09 ` Eduard Zingerman
2026-02-13 18:29 ` Ihor Solodrai
2026-02-13 18:35 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=de259393-c414-4834-bd62-b65774e201a7@linux.dev \
--to=ihor.solodrai@linux.dev \
--cc=alexis.lothore@bootlin.com \
--cc=ameryhung@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=yatsenko@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox