Bug 449838 - sigsegv liburing the 'impossible' happened:
Summary: sigsegv liburing the 'impossible' happened:
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: memcheck (show other bugs)
Version: 3.18.1
Platform: Arch Linux Linux
: NOR minor
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-02-09 10:55 UTC by Daniele
Modified: 2022-02-09 22:46 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Daniele 2022-02-09 10:55:00 UTC 
SUMMARY
***
i was trying to test my software linking liburing but valgrind segfault.
probably this is a problem
VgTs_Runnable syscall 425 (lwpid 1181013)                                                                                                             
==1181013==    at 0x4AE418D: syscall (in /usr/lib/libc-2.33.so) 

LOG
***
$ valgrind --undef-value-errors=no --tool=memcheck --leak-check=yes --show-reachable=yes --num-callers=20 --track-fds=yes ./notstd -i
                                                                                                                                              
==1181013== Memcheck, a memory error detector                                                                                                                            
==1181013== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.                                                                                              
==1181013== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info                                                                                           
==1181013== Command: ./nostd -i                                                                                                                                          
==1181013==                                                                                                                                                              
info           file.c[ 199]:{0x4BB8800} f_begin():: deadpoll flags:0x1                                                                                                   
info         memory.c[ 326]:{0x4BB8800} mem_alloc():: allocate 248, extend 1, total 256, align 8, offset 0, real 0x4bbc040, addr 0x4bbc048                               
info         memory.c[  85]:{0x4BB8800} mem_header_page_alloc()::                                                                                                        
info         memory.c[  71]:{0x4BB8800} mem_page_alloc():: 3                                                                                                             
info         memory.c[ 113]:{0x4BB8800} mem_header_new():: new:0x4853fc8 next:0x4853f90                                                                                  
info         memory.c[ 340]:{0x4BB8800} mem_alloc():: header address:0x4853fc8                                                                                           
--1181013-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting                                                                                   
--1181013-- si_code=1;  Faulting address: 0x1000;  sp: 0x1002c8dc38                                                                                                      
                                                                                                                                                                         
valgrind: the 'impossible' happened:                                                                                                                                     
   Killed by fatal signal                                                                                                                                                
                                                                                                                                                                         
host stacktrace:                                                                                                                                                         
==1181013==    at 0x58040C66: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x5804EA90: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x5809EEFB: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x58117E09: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x5809CF3A: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x5809D5CD: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x58098E02: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x5809AEE7: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
==1181013==    by 0x580E40F0: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)                                                                                            
                                                                                                                                                                         
sched status:                                                                                                                                                            
  running_tid=1
                                                                                                                                                                         
Thread 1: status = VgTs_Runnable syscall 425 (lwpid 1181013)                                                                                                             
==1181013==    at 0x4AE418D: syscall (in /usr/lib/libc-2.33.so)                                                                                                          
==1181013==    by 0x49C5EA5: ??? (in /usr/lib/liburing.so.2.1.0)
==1181013==    by 0x49C5478: io_uring_queue_init_params (in /usr/lib/liburing.so.2.1.0)
==1181013==    by 0x49C5528: io_uring_queue_init (in /usr/lib/liburing.so.2.1.0)
==1181013==    by 0x126027: deadpoll_new (deadpoll.c:122)
==1181013==    by 0x10B7CE: f_begin (file.c:200)
==1181013==    by 0x1278CC: __libc_csu_init (in /home/vbextreme/Project/c/notstd/build/nostd)
==1181013==    by 0x4A12AB0: (below main) (in /usr/lib/libc-2.33.so)
client stack range: [0x1FFEFFD000 0x1FFF000FFF] client SP: 0x1FFF000458
valgrind stack range: [0x1002B8E000 0x1002C8DFFF] top usage: 8656 of 1048576


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

SOFTWARE/OS VERSIONS
Arch linux 
Linux arci 5.16.4-arch1-1 #1 SMP PREEMPT Sat, 29 Jan 2022 19:08:13 +0000 x86_64 GNU/Linux
Comment 1 Mark Wielaard 2022-02-09 11:20:57 UTC 
Would it be possible to install debuginfo for liburing and valgrind? That would give somewhat more usable backtraces.

Also could you try running with --trace-syscalls=yes? That might give us a hint about which syscall we are trying to handle.

I suspect we are sanity checking one of the arguments and are following a stray pointer.

If you have a self contained reproducer that would also be helpful.
Comment 2 Daniele 2022-02-09 11:51:17 UTC 
isolate bug need time, but can try

--trace-syscalls=yes
LOG
***
==7498== Memcheck, a memory error detector
==7498== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==7498== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==7498== Command: ./nostd -i
==7498== 
SYSCALL[7498,1](12) sys_brk ( 0x0 ) --> [pre-success] Success(0x4032000) 
SYSCALL[7498,1](158) arch_prctl ( 12289, 1fff000540 ) --> [pre-fail] Failure(0x16) 
SYSCALL[7498,1](63) sys_newuname ( 0x1fff000130 )[sync] --> Success(0x0) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x40318e0(/usr/lib/valgrind/vgpreload_core-amd64-linux.so), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](0) sys_read ( 3, 0x1ffeffed38, 832 ) --> [async] ... 
SYSCALL[7498,1](0) ... [async] --> Success(0x340) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffeffebe0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 16400, 1, 2050, 3, 0 ) --> [pre-success] Success(0x4832000) 
SYSCALL[7498,1](9) sys_mmap ( 0x4833000, 4096, 5, 2066, 3, 4096 ) --> [pre-success] Success(0x4833000) 
SYSCALL[7498,1](9) sys_mmap ( 0x4834000, 4096, 1, 2066, 3, 8192 ) --> [pre-success] Success(0x4834000) 
SYSCALL[7498,1](9) sys_mmap ( 0x4835000, 8192, 3, 2066, 3, 8192 ) --> [pre-success] Success(0x4835000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x4031e20(/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](0) sys_read ( 3, 0x1ffeffed38, 832 ) --> [async] ... 
SYSCALL[7498,1](0) ... [async] --> Success(0x340) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffeffebe0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 8192, 3, 34, 4294967295, 0 ) --> [pre-success] Success(0x4837000) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 94528, 1, 2050, 3, 0 ) --> [pre-success] Success(0x4839000) 
SYSCALL[7498,1](10) sys_mprotect ( 0x483e000, 69632, 0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x483e000, 53248, 5, 2066, 3, 20480 ) --> [pre-success] Success(0x483e000) 
SYSCALL[7498,1](9) sys_mmap ( 0x484b000, 12288, 1, 2066, 3, 73728 ) --> [pre-success] Success(0x484b000) 
SYSCALL[7498,1](9) sys_mmap ( 0x484f000, 8192, 3, 2066, 3, 86016 ) --> [pre-success] Success(0x484f000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](21) sys_access ( 0x4029f20(/etc/ld.so.preload), 4 )[sync] --> Failure(0x2) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x4026d5b(/etc/ld.so.cache), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffefff730 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 143124, 1, 2, 3, 0 ) --> [pre-success] Success(0x4851000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x4837520(/usr/lib/libm.so.6), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](0) sys_read ( 3, 0x1ffefff888, 832 ) --> [async] ... 
SYSCALL[7498,1](0) ... [async] --> Success(0x340) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffefff730 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 1323032, 1, 2050, 3, 0 ) --> [pre-success] Success(0x4874000) 
SYSCALL[7498,1](10) sys_mprotect ( 0x4883000, 1257472, 0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x4883000, 630784, 5, 2066, 3, 61440 ) --> [pre-success] Success(0x4883000) 
SYSCALL[7498,1](9) sys_mmap ( 0x491d000, 622592, 1, 2066, 3, 692224 ) --> [pre-success] Success(0x491d000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49b6000, 8192, 3, 2066, 3, 1314816 ) --> [pre-success] Success(0x49b6000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x4837a20(/usr/lib/librt.so.1), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](0) sys_read ( 3, 0x1ffefff868, 832 ) --> [async] ... 
SYSCALL[7498,1](0) ... [async] --> Success(0x340) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffefff710 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 43520, 1, 2050, 3, 0 ) --> [pre-success] Success(0x49b8000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49bb000, 16384, 5, 2066, 3, 12288 ) --> [pre-success] Success(0x49bb000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49bf000, 8192, 1, 2066, 3, 28672 ) --> [pre-success] Success(0x49bf000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49c1000, 8192, 3, 2066, 3, 32768 ) --> [pre-success] Success(0x49c1000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x4837f20(/usr/lib/liburing.so.2), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](0) sys_read ( 3, 0x1ffefff848, 832 ) --> [async] ... 
SYSCALL[7498,1](0) ... [async] --> Success(0x340) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffefff6f0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 24592, 1, 2050, 3, 0 ) --> [pre-success] Success(0x49c3000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49c5000, 8192, 5, 2066, 3, 8192 ) --> [pre-success] Success(0x49c5000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49c7000, 4096, 1, 2066, 3, 16384 ) --> [pre-success] Success(0x49c7000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49c8000, 8192, 3, 2066, 3, 16384 ) --> [pre-success] Success(0x49c8000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x4838420(/usr/lib/libpthread.so.0), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](0) sys_read ( 3, 0x1ffefff828, 832 ) --> [async] ... 
SYSCALL[7498,1](0) ... [async] --> Success(0x340) 
SYSCALL[7498,1](17) sys_pread64 ( 3, 0x1ffefff6f0, 80, 792 ) --> [async] ... 
SYSCALL[7498,1](17) ... [async] --> Success(0x50) 
SYSCALL[7498,1](17) sys_pread64 ( 3, 0x1ffefff6a0, 68, 872 ) --> [async] ... 
SYSCALL[7498,1](17) ... [async] --> Success(0x44) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffefff6d0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 131472, 1, 2050, 3, 0 ) --> [pre-success] Success(0x49ca000) 
SYSCALL[7498,1](10) sys_mprotect ( 0x49d1000, 81920, 0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x49d1000, 61440, 5, 2066, 3, 28672 ) --> [pre-success] Success(0x49d1000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49e0000, 16384, 1, 2066, 3, 90112 ) --> [pre-success] Success(0x49e0000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49e5000, 8192, 3, 2066, 3, 106496 ) --> [pre-success] Success(0x49e5000) 
SYSCALL[7498,1](9) sys_mmap ( 0x49e7000, 12688, 3, 50, 4294967295, 0 ) --> [pre-success] Success(0x49e7000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](257) sys_openat ( 4294967196, 0x4838920(/usr/lib/libc.so.6), 524288 ) --> [async] ... 
SYSCALL[7498,1](257) ... [async] --> Success(0x3) 
SYSCALL[7498,1](0) sys_read ( 3, 0x1ffefff808, 832 ) --> [async] ... 
SYSCALL[7498,1](0) ... [async] --> Success(0x340) 
SYSCALL[7498,1](17) sys_pread64 ( 3, 0x1ffefff410, 784, 64 ) --> [async] ... 
SYSCALL[7498,1](17) ... [async] --> Success(0x310) 
SYSCALL[7498,1](17) sys_pread64 ( 3, 0x1ffefff3b0, 80, 848 ) --> [async] ... 
SYSCALL[7498,1](17) ... [async] --> Success(0x50) 
SYSCALL[7498,1](17) sys_pread64 ( 3, 0x1ffefff360, 68, 928 ) --> [async] ... 
SYSCALL[7498,1](17) ... [async] --> Success(0x44) 
SYSCALL[7498,1](262) sys_newfstatat ( 3, 0x4026572(), 0x1ffefff6b0 )[sync] --> Success(0x0) 
SYSCALL[7498,1](17) sys_pread64 ( 3, 0x1ffefff300, 784, 64 ) --> [async] ... 
SYSCALL[7498,1](17) ... [async] --> Success(0x310) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 1880536, 1, 2050, 3, 0 ) --> [pre-success] Success(0x49eb000) 
SYSCALL[7498,1](9) sys_mmap ( 0x4a11000, 1355776, 5, 2066, 3, 155648 ) --> [pre-success] Success(0x4a11000) 
SYSCALL[7498,1](9) sys_mmap ( 0x4b5c000, 311296, 1, 2066, 3, 1511424 ) --> [pre-success] Success(0x4b5c000) 
SYSCALL[7498,1](9) sys_mmap ( 0x4ba8000, 24576, 3, 2066, 3, 1818624 ) --> [pre-success] Success(0x4ba8000) 
SYSCALL[7498,1](9) sys_mmap ( 0x4bae000, 33240, 3, 50, 4294967295, 0 ) --> [pre-success] Success(0x4bae000) 
SYSCALL[7498,1](3) sys_close ( 3 )[sync] --> Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 8192, 3, 34, 4294967295, 0 ) --> [pre-success] Success(0x4bb7000) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 12288, 3, 34, 4294967295, 0 ) --> [pre-success] Success(0x4bb9000) 
SYSCALL[7498,1](158) arch_prctl ( 4098, 4bb8800 ) --> [pre-success] Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x4ba8000, 12288, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x49e5000, 4096, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x49c8000, 4096, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x49c1000, 4096, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x49b6000, 4096, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x484f000, 4096, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x4835000, 4096, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x12d000, 4096, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](10) sys_mprotect ( 0x402e000, 8192, 1 )[sync] --> Success(0x0) 
SYSCALL[7498,1](11) sys_munmap ( 0x4851000, 143124 )[sync] --> Success(0x0) 
SYSCALL[7498,1](218) sys_set_tid_address ( 0x4bb8ad0 )[sync] --> Success(0x1d4a) 
SYSCALL[7498,1](273) sys_set_robust_list ( 0x4bb8ae0, 24 )[sync] --> Success(0x0) 
SYSCALL[7498,1](13) sys_rt_sigaction ( 32, 0x1fff000400, 0x0, 8 ) --> [pre-success] Success(0x0) 
SYSCALL[7498,1](13) sys_rt_sigaction ( 33, 0x1fff000400, 0x0, 8 ) --> [pre-success] Success(0x0) 
SYSCALL[7498,1](14) sys_rt_sigprocmask ( 1, 0x1fff000578, 0x0, 8 ) --> [pre-success] Success(0x0) 
SYSCALL[7498,1](302) sys_prlimit64 ( 0, 3, 0x0, 0x1fff000560 ) --> [pre-success] Success(0x0) 
SYSCALL[7498,1](9) sys_mmap ( 0x0, 12288, 7, 34, 4294967295, 0 ) --> [pre-success] Success(0x4851000) 
SYSCALL[7498,1](425) sys_io_uring_setup ( 0x1000, 137422177456 )[sync] --> Success(0x3) --7498-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--7498-- si_code=1;  Faulting address: 0x1000;  sp: 0x1002c8dc38

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==7498==    at 0x58040C66: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x5804EA90: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x5809EEFB: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x58117E09: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x5809CF3A: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x5809D5CD: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x58098E02: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x5809AEE7: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==7498==    by 0x580E40F0: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable syscall 425 (lwpid 7498)
==7498==    at 0x4AE418D: syscall (in /usr/lib/libc-2.33.so)
==7498==    by 0x49C5EA5: ??? (in /usr/lib/liburing.so.2.1.0)
==7498==    by 0x49C5478: io_uring_queue_init_params (in /usr/lib/liburing.so.2.1.0)
==7498==    by 0x49C5528: io_uring_queue_init (in /usr/lib/liburing.so.2.1.0)
==7498==    by 0x1233C7: deadpoll_new (deadpoll.c:122)
==7498==    by 0x10B723: f_begin (file.c:200)
==7498==    by 0x124BAC: __libc_csu_init (in /home/vbextreme/Project/c/notstd/build/nostd)
==7498==    by 0x4A12AB0: (below main) (in /usr/lib/libc-2.33.so)
client stack range: [0x1FFEFFE000 0x1FFF000FFF] client SP: 0x1FFF000468
valgrind stack range: [0x1002B8E000 0x1002C8DFFF] top usage: 8656 of 1048576


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.
Comment 3 Mark Wielaard 2022-02-09 11:57:50 UTC 
(In reply to Daniele from comment #2)
> isolate bug need time, but can try
> 
> --trace-syscalls=yes
> LOG
> [...]
> SYSCALL[7498,1](425) sys_io_uring_setup ( 0x1000, 137422177456 )[sync] -->
> Success(0x3) --7498-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11
> (SIGSEGV) - exiting
> --7498-- si_code=1;  Faulting address: 0x1000;  sp: 0x1002c8dc38

Thanks. That looks like it is in POST(sys_io_uring_setup) where we do:

      if (VG_(clo_track_fds))
         ML_(record_fd_open_with_given_name)(tid, RES, (HChar*)(Addr)ARG1);

If it is, then using --track-fds=no should make the crash disappear.
Could you try that?
Comment 4 Daniele 2022-02-09 12:37:39 UTC 
yes with--track-fds=no valgrind not crash

for reproduce you need only to call io_uring_queue_init()
https://pastebin.com/MzFxQGmb

log
https://pastebin.com/eEYqmMAe
Comment 5 Mark Wielaard 2022-02-09 13:26:50 UTC 
(In reply to Daniele from comment #4)
> yes with--track-fds=no valgrind not crash
> 
> for reproduce you need only to call io_uring_queue_init()
> https://pastebin.com/MzFxQGmb

Thanks. I think the solution is simply to not try to associate a name with the fd returned from io_uring_setup.

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index ac2a9f0c3..792589766 100644
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -13206,7 +13206,7 @@ POST(sys_io_uring_setup)
       SET_STATUS_Failure( VKI_EMFILE );
    } else {
       if (VG_(clo_track_fds))
-         ML_(record_fd_open_with_given_name)(tid, RES, (HChar*)(Addr)ARG1);
+         ML_(record_fd_open_nameless)(tid, RES);
       POST_MEM_WRITE(ARG2 + offsetof(struct vki_io_uring_params, sq_off),
                      sizeof(struct vki_io_sqring_offsets) +
                      sizeof(struct vki_io_cqring_offsets));

I don't know io_uring really well. But I assume there isn't really a name (file) associated with the io_uring fds?

With the above the example program run under valgrind with --track-fds=yes simply reports:

$ ./vg-in-place -q --track-fds=yes ./t
==1481833== FILE DESCRIPTORS: 4 open (3 std) at exit.
==1481833== Open file descriptor 3:
==1481833==    at 0x4978ECD: syscall (syscall.S:38)
==1481833==    by 0x4869921: UnknownInlinedFun (syscall.c:48)
==1481833==    by 0x4869921: io_uring_queue_init_params (setup.c:143)
==1481833==    by 0x48699CB: io_uring_queue_init (setup.c:168)
==1481833==    by 0x401169: main (t.c:19)

Which I assume is ok without a filename associated with the file descriptor?
Comment 6 Daniele 2022-02-09 14:32:06 UTC 
I think there is no name behind that fd, the fd are returned from io_uring_setup systemcall
https://manpages.debian.org/unstable/liburing-dev/io_uring_setup.2.en.html

it will definitely be fine until someone complains about the lack of a name.
Comment 7 Mark Wielaard 2022-02-09 22:42:49 UTC 
Thanks for the feedback. This should be fixed now by the following commit:

commit c90561e20f7df2e9c5ae30f1cdafd330b0172345 (HEAD -> master)
Author: Mark Wielaard <mark@klomp.org>
Date:   Wed Feb 9 23:37:53 2022 +0100

    Do not try to record fd name for io_uring_setup
    
    In POST(sys_io_uring_setup) we tried to use record_fd_open_with_given_name
    with ARG1 as name. But ARG1 isn't a char pointer. So this might crash with
    --track-fds=yes. Since no (file) name is associated with the fd returned by
    io_uring_setup use record_fd_open_nameless instead.
    
    https://bugs.kde.org/show_bug.cgi?id=449838
Comment 8 Daniele 2022-02-09 22:46:29 UTC 
thank you for fixing the bug