Misaligned memory access in btf_ext__new() #391
Description
I compiled the minimal bpf application from https://github.com/libbpf/libbpf-bootstrap with ASan/UBSan and linked it against libbpf pointing at the master branch (built with ASan/UBSan as well). When I ran it I got a few UBSan warnings (I'm not sure whether it has anything to do with libbpf or the way bpf skeletons are generated by clang/bpftool though):
$ cat /proc/version
Linux version 5.14.10-100.fc33.x86_64 ([email protected]) (gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1), GNU ld version 2.35-18.fc33) #1 SMP Thu Oct 7 21:39:21 UTC 2021
$ bpftool --version
bpftool v5.14.9
features: libbfd, skeletons
$ clang --version
clang version 11.0.0 (Fedora 11.0.0-3.fc33)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
libbpf: loading object 'minimal_bpf' from buffer
libbpf: elf: section(2) tp/syscalls/sys_enter_write, size 104, link 0, flags 6, type=1
libbpf: sec 'tp/syscalls/sys_enter_write': found program 'handle_tp' at insn offset 0 (0 bytes), code size 13 insns (104 bytes)
libbpf: elf: section(3) license, size 13, link 0, flags 3, type=1
libbpf: license of minimal_bpf is Dual BSD/GPL
libbpf: elf: section(4) .bss, size 4, link 0, flags 3, type=8
libbpf: elf: section(5) .rodata, size 28, link 0, flags 2, type=1
libbpf: elf: section(6) .BTF, size 595, link 0, flags 0, type=1
libbpf: elf: section(7) .BTF.ext, size 160, link 0, flags 0, type=1
libbpf: elf: section(8) .eh_frame, size 48, link 0, flags 2, type=1
libbpf: elf: skipping unrecognized data section(8) .eh_frame
libbpf: elf: section(9) .symtab, size 192, link 15, flags 0, type=2
libbpf: elf: section(10) .reltp/syscalls/sys_enter_write, size 32, link 9, flags 0, type=9
libbpf: elf: section(13) .rel.eh_frame, size 16, link 9, flags 0, type=9
libbpf: elf: skipping relo section(13) .rel.eh_frame for section(8) .eh_frame
btf.c:2754:21: runtime error: member access within misaligned address 0x0000004d6487 for type 'const struct btf_ext_header', which requires 4 byte alignment
0x0000004d6487: note: pointer points here
6e 73 65 00 9f eb 01 00 20 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00 6c 00 00 00 80 00 00 00
^
#0 0x4c1a54 in btf_ext_parse_hdr /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2754
#1 0x4c1f52 in btf_ext__new /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2798
#2 0x4207ff in bpf_object__init_btf /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:2636
#3 0x425493 in bpf_object__elf_collect /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:3146
#4 0x452160 in __bpf_object__open /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6590
#5 0x4527ca in bpf_object__open_mem /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6655
#6 0x47d2e8 in bpf_object__open_skeleton /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:11052
#7 0x403b36 in minimal_bpf__open_opts .output/minimal.skel.h:57
#8 0x403bee in minimal_bpf__open .output/minimal.skel.h:71
#9 0x404ec6 in main /home/vagrant/libbpf-bootstrap/examples/c/minimal.c:39
#10 0x7fca3a7211e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
#11 0x4038cd in _start (/home/vagrant/libbpf-bootstrap/examples/c/minimal+0x4038cd)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior btf.c:2754:21 in
btf.c:2759:9: runtime error: member access within misaligned address 0x0000004d6487 for type 'const struct btf_ext_header', which requires 4 byte alignment
0x0000004d6487: note: pointer points here
6e 73 65 00 9f eb 01 00 20 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00 6c 00 00 00 80 00 00 00
^
#0 0x4c1afb in btf_ext_parse_hdr /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2759
#1 0x4c1f52 in btf_ext__new /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2798
#2 0x4207ff in bpf_object__init_btf /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:2636
#3 0x425493 in bpf_object__elf_collect /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:3146
#4 0x452160 in __bpf_object__open /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6590
#5 0x4527ca in bpf_object__open_mem /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6655
#6 0x47d2e8 in bpf_object__open_skeleton /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:11052
#7 0x403b36 in minimal_bpf__open_opts .output/minimal.skel.h:57
#8 0x403bee in minimal_bpf__open .output/minimal.skel.h:71
#9 0x404ec6 in main /home/vagrant/libbpf-bootstrap/examples/c/minimal.c:39
#10 0x7fca3a7211e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
#11 0x4038cd in _start (/home/vagrant/libbpf-bootstrap/examples/c/minimal+0x4038cd)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior btf.c:2759:9 in
btf.c:2762:16: runtime error: member access within misaligned address 0x0000004d6487 for type 'const struct btf_ext_header', which requires 4 byte alignment
0x0000004d6487: note: pointer points here
6e 73 65 00 9f eb 01 00 20 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00 6c 00 00 00 80 00 00 00
^
#0 0x4c1b89 in btf_ext_parse_hdr /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2762
#1 0x4c1f52 in btf_ext__new /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2798
#2 0x4207ff in bpf_object__init_btf /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:2636
#3 0x425493 in bpf_object__elf_collect /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:3146
#4 0x452160 in __bpf_object__open /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6590
#5 0x4527ca in bpf_object__open_mem /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6655
#6 0x47d2e8 in bpf_object__open_skeleton /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:11052
#7 0x403b36 in minimal_bpf__open_opts .output/minimal.skel.h:57
#8 0x403bee in minimal_bpf__open .output/minimal.skel.h:71
#9 0x404ec6 in main /home/vagrant/libbpf-bootstrap/examples/c/minimal.c:39
#10 0x7fca3a7211e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
#11 0x4038cd in _start (/home/vagrant/libbpf-bootstrap/examples/c/minimal+0x4038cd)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior btf.c:2762:16 in
btf.c:2767:9: runtime error: member access within misaligned address 0x0000004d6487 for type 'const struct btf_ext_header', which requires 4 byte alignment
0x0000004d6487: note: pointer points here
6e 73 65 00 9f eb 01 00 20 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00 6c 00 00 00 80 00 00 00
^
#0 0x4c1c3d in btf_ext_parse_hdr /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2767
#1 0x4c1f52 in btf_ext__new /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2798
#2 0x4207ff in bpf_object__init_btf /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:2636
#3 0x425493 in bpf_object__elf_collect /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:3146
#4 0x452160 in __bpf_object__open /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6590
#5 0x4527ca in bpf_object__open_mem /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6655
#6 0x47d2e8 in bpf_object__open_skeleton /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:11052
#7 0x403b36 in minimal_bpf__open_opts .output/minimal.skel.h:57
#8 0x403bee in minimal_bpf__open .output/minimal.skel.h:71
#9 0x404ec6 in main /home/vagrant/libbpf-bootstrap/examples/c/minimal.c:39
#10 0x7fca3a7211e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
#11 0x4038cd in _start (/home/vagrant/libbpf-bootstrap/examples/c/minimal+0x4038cd)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior btf.c:2767:9 in
btf.c:2772:9: runtime error: member access within misaligned address 0x0000004d6487 for type 'const struct btf_ext_header', which requires 4 byte alignment
0x0000004d6487: note: pointer points here
6e 73 65 00 9f eb 01 00 20 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00 6c 00 00 00 80 00 00 00
^
#0 0x4c1d30 in btf_ext_parse_hdr /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2772
#1 0x4c1f52 in btf_ext__new /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2798
#2 0x4207ff in bpf_object__init_btf /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:2636
#3 0x425493 in bpf_object__elf_collect /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:3146
#4 0x452160 in __bpf_object__open /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6590
#5 0x4527ca in bpf_object__open_mem /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6655
#6 0x47d2e8 in bpf_object__open_skeleton /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:11052
#7 0x403b36 in minimal_bpf__open_opts .output/minimal.skel.h:57
#8 0x403bee in minimal_bpf__open .output/minimal.skel.h:71
#9 0x404ec6 in main /home/vagrant/libbpf-bootstrap/examples/c/minimal.c:39
#10 0x7fca3a7211e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
#11 0x4038cd in _start (/home/vagrant/libbpf-bootstrap/examples/c/minimal+0x4038cd)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior btf.c:2772:9 in
btf.c:2777:22: runtime error: member access within misaligned address 0x0000004d6487 for type 'const struct btf_ext_header', which requires 4 byte alignment
0x0000004d6487: note: pointer points here
6e 73 65 00 9f eb 01 00 20 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00 6c 00 00 00 80 00 00 00
^
#0 0x4c1e23 in btf_ext_parse_hdr /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2777
#1 0x4c1f52 in btf_ext__new /home/vagrant/libbpf-bootstrap/libbpf/src/btf.c:2798
#2 0x4207ff in bpf_object__init_btf /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:2636
#3 0x425493 in bpf_object__elf_collect /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:3146
#4 0x452160 in __bpf_object__open /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6590
#5 0x4527ca in bpf_object__open_mem /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:6655
#6 0x47d2e8 in bpf_object__open_skeleton /home/vagrant/libbpf-bootstrap/libbpf/src/libbpf.c:11052
#7 0x403b36 in minimal_bpf__open_opts .output/minimal.skel.h:57
#8 0x403bee in minimal_bpf__open .output/minimal.skel.h:71
#9 0x404ec6 in main /home/vagrant/libbpf-bootstrap/examples/c/minimal.c:39
#10 0x7fca3a7211e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
#11 0x4038cd in _start (/home/vagrant/libbpf-bootstrap/examples/c/minimal+0x4038cd)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior btf.c:2777:22 in
libbpf: looking for externs among 8 symbols...
libbpf: collected 0 externs total
libbpf: map 'minimal_.rodata' (global data): at sec_idx 5, offset 0, flags 480.
libbpf: map 0 is "minimal_.rodata"
libbpf: map 'minimal_.bss' (global data): at sec_idx 4, offset 0, flags 400.
libbpf: map 1 is "minimal_.bss"
libbpf: sec '.reltp/syscalls/sys_enter_write': collecting relocation for section(2) 'tp/syscalls/sys_enter_write'
libbpf: sec '.reltp/syscalls/sys_enter_write': relo #0: insn #2 against 'my_pid'
libbpf: prog 'handle_tp': found data map 1 (minimal_.bss, sec 4, off 0) for insn 2
libbpf: sec '.reltp/syscalls/sys_enter_write': relo #1: insn #6 against '.rodata'
libbpf: prog 'handle_tp': found data map 0 (minimal_.rodata, sec 5, off 0) for insn 6
libbpf: map 'minimal_.rodata': created successfully, fd=4
libbpf: map 'minimal_.bss': created successfully, fd=5