clang-20 built kernel fails to boot with UBSAN_ALIGNMENT=y while gcc-14 built kernel boots ok with UBSAN_ALIGNMENT=y (v6.17-rc2, ppc64)

[ernsteiswuerfel]

Apart from reporting many UBSAN: misaligned-access cases the kernel also fails booting with several BUG: Unable to handle kernel instruction fetch and Oops: Kernel access of bad area, sig: 11 [#1] inbetween v6.17-rc2 fails to boot on my PowerMac G5 and Talos II:

[...]
kernel tried to execute exec-protected page (c0000000040ab100) - exploit attempt? (uid: 0)
systemd[1]: Mounting Kernel Debug File System...
BUG: Unable to handle kernel instruction fetch
Faulting instruction address: 0xc0000000040ab100
Oops: Kernel access of bad area, sig: 11 [#1]
BE PAGE_SIZE=4K MMU=Hash  SMP NR_CPUS=4 PowerMac
Modules linked in:
------------[ cut here ]------------
UBSAN: misaligned-access in kernel/module/main.c:3890:2
member access within misaligned address c00000000621f2a8 for type 'struct module'
kernel tried to execute exec-protected page (c0000000040ab100) - exploit attempt? (uid: 0)
which requires 128 byte alignment
CPU: 0 UID: 0 PID: 120 Comm: (mount) Tainted: G                 N  6.17.0-rc2-PMacG5 #3 PREEMPTLAZY 
Tainted: [N]=TEST
Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac
Call Trace:
[c00000000c9cb0e0] [c000000002d54e48] dump_stack_lvl+0x5c/0xe4 (unreliable)
[c00000000c9cb120] [c000000001a3ad7c] ubsan_epilogue+0x1c/0x70
[c00000000c9cb190] [c000000001a3a2bc] ubsan_type_mismatch_common+0x2bc/0x2e0
[c00000000c9cb230] [c000000001a3a32c] __ubsan_handle_type_mismatch_v1+0x4c/0x70
[c00000000c9cb270] [c0000000003dba40] print_modules+0x160/0x300
[c00000000c9cb370] [c00000000003c898] __die+0x118/0x1b0
[c00000000c9cb410] [c00000000003399c] die+0x19c/0x2c0
[c00000000c9cb490] [c0000000000a84bc] bad_page_fault+0x31c/0x7f0
[c00000000c9cb530] [c0000000000b8b98] do_hash_fault+0x298/0x7c0
[c00000000c9cb5b0] [c000000000007c54] instruction_access_common_virt+0x194/0x1a0
---- interrupt: 400 at __long_branch_path_put+0x0/0x20
NIP:  c0000000040ab100 LR: c000000002b22e98 CTR: c0000000003147b8
REGS: c00000000c9cb5e0 TRAP: 0400   Tainted: G                 N   (6.17.0-rc2-PMacG5)
MSR:  9000000010009032 <SF,HV,EE,ME,IR,DR,RI>  CR: 22222220  XER: 00000000
IRQMASK: 0 
GPR00: c000000002b22e8c c00000000c9cb880 c000000003468cb0 c00000000c9cb8d0 
GPR04: fffffffffffffcff 0000000000000000 0000000000000000 0000000000000000 
GPR08: 000000000000167e 0000000000000000 0000000000000001 c000000006573810 
GPR12: 0000000022222220 c000000007516000 c00000000731d2f0 0000000000000000 
GPR16: c0000000073166a0 c00000000a19f1e8 c00000000731d070 c00000000731d090 
GPR20: c00000000731d0b0 c00000000731be90 c00000000731beb0 c00000000731d0f0 
GPR24: c00000000731d0d0 c00000000731d150 c00000000731d130 c0000000043b7580 
GPR28: c0000000043b7600 c000000007511f80 c00000000c9cb8d0 c00000000731c410 
NIP [c0000000040ab100] __long_branch_path_put+0x0/0x20
LR [c000000002b22e98] unix_find_other+0x6b8/0xdb0
---- interrupt: 400
[c00000000c9cb880] [c000000002b22e8c] unix_find_other+0x6ac/0xdb0 (unreliable)
[c00000000c9cb970] [c000000002b180e8] unix_stream_connect+0x258/0x1200
[c00000000c9cbac0] [c0000000023f5b3c] __sys_connect_file+0xec/0x420
[c00000000c9cbb20] [c0000000023f5f40] __sys_connect+0xd0/0x140
[c00000000c9cbbf0] [c0000000023f5fd0] sys_connect+0x20/0x40
[c00000000c9cbc10] [c0000000000436e0] system_call_exception+0x260/0x11d0
[c00000000c9cbe50] [c00000000000b4d4] system_call_common+0xf4/0x258
---- interrupt: c00 at 0x3fff9244e094
NIP:  00003fff9244e094 LR: 00003fff9244e0f0 CTR: 0000000000000000
REGS: c00000000c9cbe80 TRAP: 0c00   Tainted: G                 N   (6.17.0-rc2-PMacG5)
MSR:  900000000200f032 <SF,HV,VEC,EE,PR,FP,ME,IR,DR,RI>  CR: 2408248c  XER: 00000000
IRQMASK: 0 
GPR00: 0000000000000148 00003fffe8ec90f0 00003fff925e7100 0000000000000003 
GPR04: 00003fffe8ec92c8 000000000000001e 0000000000000000 0000000000000000 
GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
GPR12: 0000000000000000 00003fff92e43f60 00003fffe8ec9e18 000000012b58a480 
GPR16: 00003fffe8ec9898 0000000000000000 0000000000000000 0000000000000000 
GPR20: 000000012b58bad0 00003fffe8ec9810 0000000000000000 0000000000000003 
GPR24: 0000000000000003 0000000000000003 00000000ffffffff 00000000ffffffff 
GPR28: 00003fffe8ec92c8 0000000000000003 0000000123dc0250 000000000000001b 
NIP [00003fff9244e094] 0x3fff9244e094
LR [00003fff9244e0f0] 0x3fff9244e0f0
---- interrupt: c00
---[ end trace ]---
BUG: Unable to handle kernel instruction fetch

Faulting instruction address: 0xc0000000040ab100
CPU: 0 UID: 0 PID: 120 Comm: (mount) Tainted: G                 N  6.17.0-rc2-PMacG5 #3 PREEMPTLAZY 
Tainted: [N]=TEST
Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac
NIP:  c0000000040ab100 LR: c000000002b22e98 CTR: c0000000003147b8
REGS: c00000000c9cb5e0 TRAP: 0400   Tainted: G                 N   (6.17.0-rc2-PMacG5)
MSR:  9000000010009032 <SF,HV,EE,ME,IR,DR,RI>  CR: 22222220  XER: 00000000
IRQMASK: 0 
GPR00: c000000002b22e8c c00000000c9cb880 c000000003468cb0 c00000000c9cb8d0 
GPR04: fffffffffffffcff 0000000000000000 0000000000000000 0000000000000000 
GPR08: 000000000000167e 0000000000000000 0000000000000001 c000000006573810 
GPR12: 0000000022222220 c000000007516000 c00000000731d2f0 0000000000000000 
GPR16: c0000000073166a0 c00000000a19f1e8 c00000000731d070 c00000000731d090 
GPR20: c00000000731d0b0 c00000000731be90 c00000000731beb0 c00000000731d0f0 
GPR24: c00000000731d0d0 c00000000731d150 c00000000731d130 c0000000043b7580 
GPR28: c0000000043b7600 c000000007511f80 c00000000c9cb8d0 c00000000731c410 
NIP [c0000000040ab100] __long_branch_path_put+0x0/0x20
LR [c000000002b22e98] unix_find_other+0x6b8/0xdb0
Call Trace:
[c00000000c9cb880] [c000000002b22e8c] unix_find_other+0x6ac/0xdb0 (unreliable)
[c00000000c9cb970] [c000000002b180e8] unix_stream_connect+0x258/0x1200
[c00000000c9cbac0] [c0000000023f5b3c] __sys_connect_file+0xec/0x420
[c00000000c9cbb20] [c0000000023f5f40] __sys_connect+0xd0/0x140
[c00000000c9cbbf0] [c0000000023f5fd0] sys_connect+0x20/0x40
[c00000000c9cbc10] [c0000000000436e0] system_call_exception+0x260/0x11d0
[c00000000c9cbe50] [c00000000000b4d4] system_call_common+0xf4/0x258
---- interrupt: c00 at 0x3fff9244e094
NIP:  00003fff9244e094 LR: 00003fff9244e0f0 CTR: 0000000000000000
REGS: c00000000c9cbe80 TRAP: 0c00   Tainted: G                 N   (6.17.0-rc2-PMacG5)
MSR:  900000000200f032 <SF,HV,VEC,EE,PR,FP,ME,IR,DR,RI>  CR: 2408248c  XER: 00000000
IRQMASK: 0 
GPR00: 0000000000000148 00003fffe8ec90f0 00003fff925e7100 0000000000000003 
GPR04: 00003fffe8ec92c8 000000000000001e 0000000000000000 0000000000000000 
GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
GPR12: 0000000000000000 00003fff92e43f60 00003fffe8ec9e18 000000012b58a480 
GPR16: 00003fffe8ec9898 0000000000000000 0000000000000000 0000000000000000 
GPR20: 000000012b58bad0 00003fffe8ec9810 0000000000000000 0000000000000003 
GPR24: 0000000000000003 0000000000000003 00000000ffffffff 00000000ffffffff 
GPR28: 00003fffe8ec92c8 0000000000000003 0000000123dc0250 000000000000001b 
NIP [00003fff9244e094] 0x3fff9244e094
LR [00003fff9244e0f0] 0x3fff9244e0f0
---- interrupt: c00
Code: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 <00000000> 00000000 00000000 00000000 
---[ end trace 0000000000000000 ]---

note: (mount)[120] exited with irqs disabled
Oops: Kernel access of bad area, sig: 11 [#2]
BE PAGE_SIZE=4K MMU=Hash  SMP NR_CPUS=4 PowerMac
Modules linked in:
CPU: 1 UID: 0 PID: 121 Comm: (mount) Tainted: G      D          N  6.17.0-rc2-PMacG5 #3 PREEMPTLAZY 
Tainted: [D]=DIE, [N]=TEST
Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac
NIP:  c0000000040ab100 LR: c000000002b22e98 CTR: c0000000003147b8
REGS: c00000000465b620 TRAP: 0400   Tainted: G      D          N   (6.17.0-rc2-PMacG5)
MSR:  9000000010009032 <SF,HV,EE,ME,IR,DR,RI>  CR: 22222224  XER: 00000000
IRQMASK: 0 
GPR00: c000000002b22e8c c00000000465b8c0 c000000003468cb0 c00000000465b910 
GPR04: fffffffffffffcff 0000000000000000 0000000000000000 0000000000000000 
GPR08: 0000000000001684 0000000000000000 0000000000000001 c000000006573810 
GPR12: 0000000022222220 c00000000ffffc00 c00000000731d2f0 0000000000000000 
GPR16: c0000000073166a0 c00000000a19f1e8 c00000000731d070 c00000000731d090 
GPR20: c00000000731d0b0 c00000000731be90 c00000000731beb0 c00000000731d0f0 
GPR24: c00000000731d0d0 c00000000731d150 c00000000731d130 c0000000043b7580 
GPR28: c0000000043b7600 c000000007511f80 c00000000465b910 c00000000731c410 
NIP [c0000000040ab100] __long_branch_path_put+0x0/0x20
LR [c000000002b22e98] unix_find_other+0x6b8/0xdb0
Call Trace:
[c00000000465b8c0] [c000000002b22e8c] unix_find_other+0x6ac/0xdb0 (unreliable)
[c00000000465b9b0] [c000000002b180e8] unix_stream_connect+0x258/0x1200
[c00000000465bb00] [c0000000023f5b3c] __sys_connect_file+0xec/0x420
[c00000000465bb60] [c0000000023f5f40] __sys_connect+0xd0/0x140
[c00000000465bc30] [c0000000023f5fd0] sys_connect+0x20/0x40
[c00000000465bc50] [c0000000000436e0] system_call_exception+0x260/0x11d0
[c00000000465be50] [c00000000000b4d4] system_call_common+0xf4/0x258
---- interrupt: c00 at 0x3fffaf25e094
NIP:  00003fffaf25e094 LR: 00003fffaf25e0f0 CTR: 0000000000000000
REGS: c00000000465be80 TRAP: 0c00   Tainted: G      D          N   (6.17.0-rc2-PMacG5)
MSR:  900000000200f032 <SF,HV,VEC,EE,PR,FP,ME,IR,DR,RI>  CR: 2408248c  XER: 00000000
IRQMASK: 0 
GPR00: 0000000000000148 00003fffd26ae9f0 00003fffaf3f7100 0000000000000003 
GPR04: 00003fffd26aebc8 000000000000001e 0000000000000000 0000000000000000 
GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
GPR12: 0000000000000000 00003fffafc45f60 00003fffd26af718 000000014e9b0480 
GPR16: 00003fffd26af198 0000000000000000 0000000000000000 0000000000000000 
GPR20: 000000014e9b1ad0 00003fffd26af110 0000000000000000 0000000000000003 
GPR24: 0000000000000003 0000000000000003 00000000ffffffff 00000000ffffffff 
GPR28: 00003fffd26aebc8 0000000000000003 00000001308c0250 000000000000001b 
NIP [00003fffaf25e094] 0x3fffaf25e094
LR [00003fffaf25e0f0] 0x3fffaf25e0f0
---- interrupt: c00
Code: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 <00000000> 00000000 00000000 00000000 
---[ end trace 0000000000000000 ]---
[...]

Same kernel built with GCC-14 boots fine with UBSAN_ALIGNMENT=y enabled (also reporting many misaligned accesses). Without UBSAN_ALIGNMENT both kernels boot fine, clang-20 and gcc-14 one.

Full dmesg and .config attached.

config_617-rc2_g5+clang.txt
config_617-rc2_g5+.txt
dmesg_617-rc2_g5+clang.txt
dmesg_617-rc2_g5+.txt

[nathanchance]

Is this a regression from clang-19?

Cc @kees, have you ever seen something like this? I don’t know how much testing UBSAN_ALIGNMENT has seen.

[kees]

I have ignored UBSAN_ALIGNMENT because it is so hugely noisy. :P

[ernsteiswuerfel]

Is this a regression from clang-19?

Strictly speaking no, 'cause a UBSAN_ALIGNMENT enabled v6.17-rc2 won't build at all with clang-19:

 # LLVM=1 make
  CALL    scripts/checksyscalls.sh
  CC      kernel/sched/fair.o
kernel/sched/fair.c:10932:20: error: stack frame size (2480) exceeds limit (2048) in 'update_sd_lb_stats' [-Werror,-Wframe-larger-than]
 10932 | static inline void update_sd_lb_stats(struct lb_env *env, struct sd_lb_stats *sds)
       |                    ^
1 error generated.
make[4]: *** [scripts/Makefile.build:287: kernel/sched/fair.o] Error 1
make[3]: *** [scripts/Makefile.build:556: kernel/sched] Error 2
make[2]: *** [scripts/Makefile.build:556: kernel] Error 2
make[1]: *** [/usr/src/linux-git/Makefile:2011: .] Error 2
make: *** [Makefile:248: __sub-make] Error 2