Re: [PATCH bpf-next v1 00/14] selftests/bpf: Fixes for userspace ASAN

[Eduard Zingerman]

On Thu, 2026-02-12 at 15:57 -0800, Ihor Solodrai wrote:

[...]

> >  CFLAGS += -g $(OPT_FLAGS) -rdynamic -std=gnu11                         \
> > -         -Wall -Werror -fno-omit-frame-pointer                         \
> > +         -Wall -fno-omit-frame-pointer                         \
> 
> I think you've cheated a little bit here, because with -Werror

It's just a model of a memory error, see below an example that does
not generate compiler warnings.

> If it's removed, then I can reproduce the same stacktrace, which AFAIU
> is an invalid dereference inside the ASAN itself.

See below, if I remove custom signal handler there is a regular ASAN
error message:

  ==156==ERROR: AddressSanitizer: SEGV on unknown address 0xfffffffffffffffa (pc 0x7fa03160df4a bp 0x7fa0317bc980 sp 0x7ffee7c85170 T0)
  ==156==The signal is caused by a WRITE memory access.
      #0 0x7fa03160df4a in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/lib64/libasan.so.8+0xdf4a) (BuildId: d3cb6206dff19da52969c009f4cd93611901c478)
      #1 0x7fa0316e5bb9 in free.part.0 (/lib64/libasan.so.8+0xe5bb9) (BuildId: d3cb6206dff19da52969c009f4cd93611901c478)
      #2 0x000000d19cd9 in free_test_states /home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs.c:1930
      #3 0x000000d1a897 in main /home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs.c:2107
      #4 0x7fa0313c45f4 in __libc_start_call_main (/lib64/libc.so.6+0x35f4) (BuildId: a1dda014206b55b07f58fe8db80121b752dc3d03)
      #5 0x7fa0313c46a7 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x36a7) (BuildId: a1dda014206b55b07f58fe8db80121b752dc3d03)
      #6 0x000000401934 in _start (/home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs+0x401934) (BuildId: 9190db005d475ee7a8e9294bb32cfbd520c330dc)
  
  ==156==Register values:
  rax = 0x0000000000000002  rbx = 0x000000000000000a  rcx = 0x0000000000000000  rdx = 0x0000000000000003  
  rdi = 0x000000000000000a  rsi = 0x000000000000000a  rbp = 0x00007fa0317bc980  rsp = 0x00007ffee7c85170  
   r8 = 0x00007ffee7c851d0   r9 = 0x0000000000000001  r10 = 0x0000000000000005  r11 = 0x0000000000401935  
  r12 = 0x00007ffee7c851d0  r13 = 0xfffffffffffffffa  r14 = 0x0000000000000001  r15 = 0x0000000000000000  
  AddressSanitizer can not provide additional info.
  SUMMARY: AddressSanitizer: SEGV /home/eddy/work/bpf-next/tools/testing/selftests/bpf/test_progs.c:1930 in free_test_states

So, there is indeed a conflict between test_progs signal handler and
ASAN default signal handler.

[...]

--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -1913,6 +1913,8 @@ static int worker_main(int sock)
        return 0;
 }
 
+void *ptr;
+
 static void free_test_states(void)
 {
        int i, j;
@@ -1924,7 +1926,8 @@ static void free_test_states(void)
                        free_subtest_state(&test_state->subtest_states[j]);
 
                free(test_state->subtest_states);
-               free(test_state->log_buf);
+               ptr = test_state->log_buf + 10;
+               free(ptr);
                test_state->subtest_states = NULL;
                test_state->log_buf = NULL;
        }
@@ -1944,13 +1947,15 @@ int main(int argc, char **argv)
                .parser = parse_arg,
                .doc = argp_program_doc,
        };
-       struct sigaction sigact = {
-               .sa_handler = crash_handler,
-               .sa_flags = SA_RESETHAND,
-               };
+       /*
+        * struct sigaction sigact = {
+        *      .sa_handler = crash_handler,
+        *      .sa_flags = SA_RESETHAND,
+        *      };
+        */
        int err, i;
 
-       sigaction(SIGSEGV, &sigact, NULL);
+       //sigaction(SIGSEGV, &sigact, NULL);
 
        env.stdout_saved = stdout;
        env.stderr_saved = stderr;