Re: CONFIG_KASAN triggers ASAN bug in GCC 13.3.0 and 14.1.0

From: Uros Bizjak
Date: Mon Dec 16 2024 - 12:03:01 EST


On Mon, Dec 16, 2024 at 5:20 PM Matt Fleming <matt@xxxxxxxxxxxxxxxx> wrote:
>
> On Sat, Dec 14, 2024 at 1:17 AM Uros Bizjak <ubizjak@xxxxxxxxx> wrote:
> >
> > Does your config include CONFIG_UBSAN_BOOL=y ?
>
> Yes, it does!
>
> > There is a rare interaction between CONFIG_KASAN and CONFIG_UBSAN_BOOL
> > (aka -fsanitize=bool), reported in [1] and fixed for gcc-14.2 in [2].
> >
> > [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111736#c42
> >
> > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115172
> >
> > Otherwise, please attach your .config, and I'll look into this issue.
>
> Thanks. Disabling CONFIG_UBSAN_BOOL does indeed make the kernels boot again.
>
> Should CONFIG_UBSAN_BOOL have a dependency on GCC 14.4+ ?

No, this is a very rare Oops that triggers only with gcc-14.1 version
and only when both KASAN and UBSAN are enabled. This is actually the
problem with sanitization of the percpu address when named address
spaces are enabled (IOW, sanitization of __seg_gs prefixed address).
UBSAN creates a temporary in memory, but forgets to copy memory tags,
including named address space qualifier from the original. Later ASAN
sanitizes this location as a normal variable (due to missing
qualifier), but actually should be disabled for __seg_gs prefixed
addresses.

Your report is only *the second* since sanitizers were re-enabled with
named address spaces. gcc-14.2 that includes the fix is available
since August 2024, and since sanitizers are strictly development
tools, my proposed solution would be to simply upgrade the compiler to
gcc-14.2 release.

Uros.