Bug 510292

Summary: LTP testcase munmap01 fails under valgrind
Product: [Developer tools] valgrind Reporter: mcermak
Component: generalAssignee: mcermak
Status: RESOLVED FIXED    
Severity: normal CC: mark
Priority: NOR    
Version First Reported In: 3.25 GIT   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: proposed patch
updated patch

Description mcermak 2025-10-06 08:51:50 UTC 
After upgrading LTP testsuite version to 20250930 (tracked in bug 510169) munmap01 syscall test started failing.  It however turns out that this testcase was substantially rewritten and the failure is expected:

> $ make -j"$(nproc)" ltpchecks TESTS=munmap01
> [ ... stuff deleted ... ]
> VALGRIND=/home/mcermak/WORK/valgrind/valgrind/vg-in-place \
>   /home/mcermak/WORK/valgrind/valgrind/auxprogs/ltp-tester.sh
> Running individual syscall tests specified in the TESTS env var ...
> [1/1] Testing munmap01 ...
> munmap01: unempty log2.filtered:
> ==1900711==
> ==1900711== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> ==1900711==  Access not within mapped region at address 0x483F000
> ==1900711==    at 0x401F9A: run (munmap01.c:46)
> ==1900711==    by 0x40D42F: fork_testrun.isra.0 (tst_test.c:1669)
> ==1900711==    by 0x40F894: tst_run_tcases (tst_test.c:2041)
> ==1900711==    by 0x401DCD: main (tst_test.h:738)
> ==1900711==  If you believe this happened as a result of a stack
> ==1900711==  overflow in your program's main thread (unlikely but
> ==1900711==  possible), you can try to increase the size of the
> ==1900711==  main thread stack using the --main-stacksize= flag.
> ==1900711==  The main thread stack size used in this run was 8388608.
> ==1900724==
> ==1900724== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> ==1900724==  Access not within mapped region at address 0x4840000
> ==1900724==    at 0x401F9A: run (munmap01.c:46)
> ==1900724==    by 0x40D42F: fork_testrun.isra.0 (tst_test.c:1669)
> ==1900724==    by 0x40F894: tst_run_tcases (tst_test.c:2041)
> ==1900724==    by 0x401DCD: main (tst_test.h:738)
> ==1900724==  If you believe this happened as a result of a stack
> ==1900724==  overflow in your program's main thread (unlikely but
> ==1900724==  possible), you can try to increase the size of the
> ==1900724==  main thread stack using the --main-stacksize= flag.
> ==1900724==  The main thread stack size used in this run was 8388608.
>
> Brief LTP test results summary
> -----------------------------------------
> FAIL: 1
> -----------------------------------------

Looking closer at the new version of the test it turns out that this test now intentionally tries to write to an unmaped region, and considers the resulting segfault an expected outcome.

> static void run(void)
> {
>       int status;
>
>       SAFE_MUNMAP(map_addr, map_len);
>       map_base = NULL;
>
>       /*
>        * Check whether further reference is possible to the unmapped memory
>        * region by writing to the first byte of region with some arbitrary
>        * number.
>        */
>       if (!SAFE_FORK()) {
>               *map_addr = 50; 
>               _exit(0);
>       }
>
>       SAFE_WAIT(&status);
>       if (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV) {
>               tst_res(TPASS, "Child was unable to access unmapped memory");
>               return;
>       }
>       tst_res(TFAIL, "Child succeeds to refer unmapped memory region");
> }

This false positive needs to be silenced via auxprogs/filters/munmap01.
Comment 1 mcermak 2025-10-06 08:55:21 UTC 
Created attachment 185548 [details]
proposed patch
Comment 2 Mark Wielaard 2025-10-09 16:36:04 UTC 
The filters/munmap01 file needs to be added to auxprogs/Makefile.am (LTP_FILTERS) so it gets included in a make dist.
OK with that change.

I wonder if we need a --really-quiet-even-for-fatal-crashes option?
Normally you would like to see these SEGVs messages. Just not in these contrived testcases.
And it seems all our filters are variants on these SEGV messages.
Comment 3 mcermak 2025-10-13 08:06:49 UTC 
Created attachment 185728 [details]
updated patch

Hi Mark,

(In reply to Mark Wielaard from comment #2)
> The filters/munmap01 file needs to be added to auxprogs/Makefile.am
> (LTP_FILTERS) so it gets included in a make dist.
> OK with that change.

Attached updated, rebased patch.

> I wonder if we need a --really-quiet-even-for-fatal-crashes option?
> Normally you would like to see these SEGVs messages. Just not in these
> contrived testcases.
> And it seems all our filters are variants on these SEGV messages.

These filters are rare:  Currently we have 4 filters for whole the LTP testsuite.
Introducing --really-quiet-even-for-fatal-crashes could paper over real issues.
As long as filters are conveniently maintainable, I think adding a filter is fine.

Thoughts?
Comment 4 Mark Wielaard 2025-10-24 15:24:41 UTC 
(In reply to mcermak from comment #3)
> > I wonder if we need a --really-quiet-even-for-fatal-crashes option?
> > Normally you would like to see these SEGVs messages. Just not in these
> > contrived testcases.
> > And it seems all our filters are variants on these SEGV messages.
> 
> These filters are rare:  Currently we have 4 filters for whole the LTP
> testsuite.
> Introducing --really-quiet-even-for-fatal-crashes could paper over real
> issues.
> As long as filters are conveniently maintainable, I think adding a filter is
> fine.
> 
> Thoughts?

You are probably right that it is fine for now.
Pushed your new filter.
If we have to add more in the future we can always some "super-quiet" option.

commit ef3f78a3d66db60af42d6b9118deb71bf8c4ba0b
Author: Martin Cermak <mcermak@redhat.com>
Date:   Mon Oct 13 09:53:56 2025 +0200

    Silence false positive failure of LTP munmap01
    
    After upgrading LTP testsuite version to 20250930 (tracked in bug
    510169) munmap01 syscall test started failing.  It however turns out
    that this testcase was substantially rewritten and the failure is
    expected.  This update will silence mentioned false positive.
    
    https://bugs.kde.org/show_bug.cgi?id=510292