Linux 6.5 compat: UBSAN now complains about flex-array declarations with array[1]

[satmandu]

See https://www.spinics.net/lists/linux-xfs/msg73588.html & https://patchwork.kernel.org/project/xfs/patch/168934592239.3368057.13821438121542148084.stgit@frogsfrogsfrogs/ for more information on changes which were also made to xfs to fix such issues.

System information

Type	Version/Name
Distribution Name	Ubuntu
Distribution Version	Lunar (23.04)
Kernel Version	6.5.0-rc4
Architecture	x86_64
OpenZFS Version	2.2.0-rc3 w/ 6.5 patches ( #15138 6751634 325505e #15101 #15099 )

Describe the problem you're observing

[   27.714798] ZFS: Loaded module v2.2.0rc3-lunar3, ZFS pool version 5000, ZFS filesystem version 5
[   27.811205] ================================================================================
[   27.812311] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_leaf.c:395:26
[   27.813393] index 365 is out of range for type 'uint16_t [1]'
[   27.814362] CPU: 1 PID: 306 Comm: zpool Tainted: P           OE      6.5.0-rc4 #1
[   27.815338] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   27.816313] Call Trace:
[   27.817280]  <TASK>
[   27.818237]  dump_stack_lvl+0x48/0x60
[   27.819200]  dump_stack+0x10/0x20
[   27.820146]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   27.821092]  zap_leaf_lookup+0x175/0x180 [zfs]
[   27.822208]  ? spl_kvmalloc+0x7a/0xa0 [spl]
[   27.823164]  fzap_lookup+0xda/0x1c0 [zfs]
[   27.824247]  zap_lookup_impl+0xae/0x390 [zfs]
[   27.825331]  zap_lookup+0xa7/0x100 [zfs]
[   27.826409]  spa_ld_trusted_config+0x77/0x7e0 [zfs]
[   27.827499]  ? dsl_pool_init+0x36/0x70 [zfs]
[   27.828578]  spa_ld_mos_with_trusted_config.part.0+0x20/0xb0 [zfs]
[   27.829662]  spa_load+0x139/0x1950 [zfs]
[   27.830784]  ? zpool_get_load_policy+0x194/0x1a0 [zfs]
[   27.831714]  ? nvt_lookup_name_type.isra.0+0x6f/0xb0 [zfs]
[   27.832634]  spa_tryimport+0x15b/0x460 [zfs]
[   27.833576]  zfs_ioc_pool_tryimport+0x79/0xd0 [zfs]
[   27.834506]  zfsdev_ioctl_common+0x893/0x9f0 [zfs]
[   27.835453]  ? kvmalloc_node+0x4b/0xe0
[   27.836233]  zfsdev_ioctl+0x57/0xe0 [zfs]
[   27.837189]  __x64_sys_ioctl+0x94/0xd0
[   27.837999]  do_syscall_64+0x55/0x80
[   27.838814]  ? count_memcg_events.constprop.0+0x1e/0x30
[   27.839562]  ? handle_mm_fault+0xad/0x360
[   27.840298]  ? exit_to_user_mode_prepare+0x35/0x170
[   27.841029]  ? irqentry_exit_to_user_mode+0x9/0x20
[   27.841748]  ? irqentry_exit+0x33/0x40
[   27.842451]  ? exc_page_fault+0x89/0x170
[   27.843172]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   27.843856] RIP: 0033:0x7f19be9459ef
[   27.844526] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   27.845249] RSP: 002b:00007ffe1b29ee40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   27.845980] RAX: ffffffffffffffda RBX: 000055c823b3e570 RCX: 00007f19be9459ef
[   27.846731] RDX: 00007ffe1b29eeb0 RSI: 0000000000005a06 RDI: 0000000000000003
[   27.847442] RBP: 00007ffe1b2a2490 R08: 0000000000000000 R09: 00007f19bea2b420
[   27.848141] R10: 000055c823b5f000 R11: 0000000000000246 R12: 000055c823ae42c0
[   27.848828] R13: 00007ffe1b29eeb0 R14: 00007ffe1b2a2570 R15: 0000000000000000
[   27.849506]  </TASK>
[   27.850176] ================================================================================
[   27.854916] ================================================================================
[   27.855655] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:314:44
[   27.856383] index 1 is out of range for type 'mzap_ent_phys_t [1]'
[   27.857099] CPU: 0 PID: 306 Comm: zpool Tainted: P           OE      6.5.0-rc4 #1
[   27.857819] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   27.858544] Call Trace:
[   27.859280]  <TASK>
[   27.859989]  dump_stack_lvl+0x48/0x60
[   27.860687]  dump_stack+0x10/0x20
[   27.861364]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   27.862045]  zap_lockdir_impl+0x86b/0x880 [zfs]
[   27.862894]  zap_lockdir+0x91/0xb0 [zfs]
[   27.863712]  zap_cursor_retrieve+0x1d7/0x390 [zfs]
[   27.864532]  ? spl_kvmalloc+0x7a/0xa0 [spl]
[   27.865213]  spa_features_check+0xbd/0x1b0 [zfs]
[   27.866029]  spa_load+0x6cd/0x1950 [zfs]
[   27.866854]  ? zpool_get_load_policy+0x194/0x1a0 [zfs]
[   27.867631]  ? nvt_lookup_name_type.isra.0+0x6f/0xb0 [zfs]
[   27.868400]  spa_tryimport+0x15b/0x460 [zfs]
[   27.869204]  zfs_ioc_pool_tryimport+0x79/0xd0 [zfs]
[   27.870002]  zfsdev_ioctl_common+0x893/0x9f0 [zfs]
[   27.870798]  ? kvmalloc_node+0x4b/0xe0
[   27.871423]  zfsdev_ioctl+0x57/0xe0 [zfs]
[   27.872170]  __x64_sys_ioctl+0x94/0xd0
[   27.872766]  do_syscall_64+0x55/0x80
[   27.873353]  ? count_memcg_events.constprop.0+0x1e/0x30
[   27.873939]  ? handle_mm_fault+0xad/0x360
[   27.874512]  ? exit_to_user_mode_prepare+0x35/0x170
[   27.875054]  ? irqentry_exit_to_user_mode+0x9/0x20
[   27.875569]  ? irqentry_exit+0x33/0x40
[   27.876082]  ? exc_page_fault+0x89/0x170
[   27.876595]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   27.877111] RIP: 0033:0x7f19be9459ef
[   27.877625] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   27.878194] RSP: 002b:00007ffe1b29ee40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   27.878808] RAX: ffffffffffffffda RBX: 000055c823b3e570 RCX: 00007f19be9459ef
[   27.879397] RDX: 00007ffe1b29eeb0 RSI: 0000000000005a06 RDI: 0000000000000003
[   27.879988] RBP: 00007ffe1b2a2490 R08: 0000000000000000 R09: 00007f19bea2b420
[   27.880579] R10: 000055c823b5f000 R11: 0000000000000246 R12: 000055c823ae42c0
[   27.881168] R13: 00007ffe1b29eeb0 R14: 00007ffe1b2a2570 R15: 0000000000000000
[   27.881757]  </TASK>
[   27.882346] ================================================================================
[   27.882977] ================================================================================
[   27.883569] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:473:34
[   27.884170] index 2 is out of range for type 'mzap_ent_phys_t [1]'
[   27.884772] CPU: 0 PID: 306 Comm: zpool Tainted: P           OE      6.5.0-rc4 #1
[   27.885380] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   27.885997] Call Trace:
[   27.886638]  <TASK>
[   27.887252]  dump_stack_lvl+0x48/0x60
[   27.887868]  dump_stack+0x10/0x20
[   27.888480]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   27.889094]  zap_lockdir_impl+0x849/0x880 [zfs]
[   27.889841]  zap_lockdir+0x91/0xb0 [zfs]
[   27.890601]  zap_cursor_retrieve+0x1d7/0x390 [zfs]
[   27.891363]  ? spl_kvmalloc+0x7a/0xa0 [spl]
[   27.891989]  spa_features_check+0xbd/0x1b0 [zfs]
[   27.892735]  spa_load+0x6cd/0x1950 [zfs]
[   27.893453]  ? zpool_get_load_policy+0x194/0x1a0 [zfs]
[   27.894109]  ? nvt_lookup_name_type.isra.0+0x6f/0xb0 [zfs]
[   27.894788]  spa_tryimport+0x15b/0x460 [zfs]
[   27.895470]  zfs_ioc_pool_tryimport+0x79/0xd0 [zfs]
[   27.896146]  zfsdev_ioctl_common+0x893/0x9f0 [zfs]
[   27.896823]  ? kvmalloc_node+0x4b/0xe0
[   27.897366]  zfsdev_ioctl+0x57/0xe0 [zfs]
[   27.898030]  __x64_sys_ioctl+0x94/0xd0
[   27.898560]  do_syscall_64+0x55/0x80
[   27.899124]  ? count_memcg_events.constprop.0+0x1e/0x30
[   27.899654]  ? handle_mm_fault+0xad/0x360
[   27.900175]  ? exit_to_user_mode_prepare+0x35/0x170
[   27.900694]  ? irqentry_exit_to_user_mode+0x9/0x20
[   27.901205]  ? irqentry_exit+0x33/0x40
[   27.901705]  ? exc_page_fault+0x89/0x170
[   27.902209]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   27.902742] RIP: 0033:0x7f19be9459ef
[   27.903248] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   27.903811] RSP: 002b:00007ffe1b29ee40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   27.904389] RAX: ffffffffffffffda RBX: 000055c823b3e570 RCX: 00007f19be9459ef
[   27.904973] RDX: 00007ffe1b29eeb0 RSI: 0000000000005a06 RDI: 0000000000000003
[   27.905557] RBP: 00007ffe1b2a2490 R08: 0000000000000000 R09: 00007f19bea2b420
[   27.906142] R10: 000055c823b5f000 R11: 0000000000000246 R12: 000055c823ae42c0
[   27.906758] R13: 00007ffe1b29eeb0 R14: 00007ffe1b2a2570 R15: 0000000000000000
[   27.907347]  </TASK>
[   27.907935] ================================================================================
[   27.908573] ================================================================================
[   27.909251] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:1632:28
[   27.909928] index 2 is out of range for type 'mzap_ent_phys_t [1]'
[   27.910621] CPU: 1 PID: 306 Comm: zpool Tainted: P           OE      6.5.0-rc4 #1
[   27.911305] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   27.911998] Call Trace:
[   27.912690]  <TASK>
[   27.913379]  dump_stack_lvl+0x48/0x60
[   27.914073]  dump_stack+0x10/0x20
[   27.914763]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   27.915455]  zap_cursor_retrieve+0x35d/0x390 [zfs]
[   27.916305]  spa_features_check+0xbd/0x1b0 [zfs]
[   27.917146]  spa_load+0x6cd/0x1950 [zfs]
[   27.917994]  ? zpool_get_load_policy+0x194/0x1a0 [zfs]
[   27.918811]  ? nvt_lookup_name_type.isra.0+0x6f/0xb0 [zfs]
[   27.919624]  spa_tryimport+0x15b/0x460 [zfs]
[   27.920435]  zfs_ioc_pool_tryimport+0x79/0xd0 [zfs]
[   27.921205]  zfsdev_ioctl_common+0x893/0x9f0 [zfs]
[   27.921972]  ? kvmalloc_node+0x4b/0xe0
[   27.922589]  zfsdev_ioctl+0x57/0xe0 [zfs]
[   27.923346]  __x64_sys_ioctl+0x94/0xd0
[   27.923956]  do_syscall_64+0x55/0x80
[   27.924562]  ? count_memcg_events.constprop.0+0x1e/0x30
[   27.925167]  ? handle_mm_fault+0xad/0x360
[   27.925765]  ? exit_to_user_mode_prepare+0x35/0x170
[   27.926372]  ? irqentry_exit_to_user_mode+0x9/0x20
[   27.926941]  ? irqentry_exit+0x33/0x40
[   27.927462]  ? exc_page_fault+0x89/0x170
[   27.927979]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   27.928490] RIP: 0033:0x7f19be9459ef
[   27.928993] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   27.929555] RSP: 002b:00007ffe1b29ee40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   27.930135] RAX: ffffffffffffffda RBX: 000055c823b3e570 RCX: 00007f19be9459ef
[   27.930747] RDX: 00007ffe1b29eeb0 RSI: 0000000000005a06 RDI: 0000000000000003
[   27.931334] RBP: 00007ffe1b2a2490 R08: 0000000000000000 R09: 00007f19bea2b420
[   27.931921] R10: 000055c823b5f000 R11: 0000000000000246 R12: 000055c823ae42c0
[   27.932509] R13: 00007ffe1b29eeb0 R14: 00007ffe1b2a2570 R15: 0000000000000000
[   27.933101]  </TASK>
[   27.933693] ================================================================================
[   27.934566] ================================================================================
[   27.935254] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:339:46
[   27.935938] index 1 is out of range for type 'mzap_ent_phys_t [1]'
[   27.936620] CPU: 0 PID: 306 Comm: zpool Tainted: P           OE      6.5.0-rc4 #1
[   27.937307] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   27.938001] Call Trace:
[   27.938702]  <TASK>
[   27.939316]  dump_stack_lvl+0x48/0x60
[   27.939934]  dump_stack+0x10/0x20
[   27.940548]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   27.941167]  mze_find+0xfa/0x110 [zfs]
[   27.941916]  zap_lookup_impl+0x103/0x390 [zfs]
[   27.942692]  zap_lookup+0xa7/0x100 [zfs]
[   27.943438]  feature_get_refcount_from_disk+0x62/0xd0 [zfs]
[   27.944187]  spa_load+0x7b4/0x1950 [zfs]
[   27.944944]  ? zpool_get_load_policy+0x194/0x1a0 [zfs]
[   27.945672]  ? nvt_lookup_name_type.isra.0+0x6f/0xb0 [zfs]
[   27.946399]  spa_tryimport+0x15b/0x460 [zfs]
[   27.947188]  zfs_ioc_pool_tryimport+0x79/0xd0 [zfs]
[   27.947908]  zfsdev_ioctl_common+0x893/0x9f0 [zfs]
[   27.948598]  ? kvmalloc_node+0x4b/0xe0
[   27.949151]  zfsdev_ioctl+0x57/0xe0 [zfs]
[   27.949828]  __x64_sys_ioctl+0x94/0xd0
[   27.950376]  do_syscall_64+0x55/0x80
[   27.950948]  ? count_memcg_events.constprop.0+0x1e/0x30
[   27.951496]  ? handle_mm_fault+0xad/0x360
[   27.952036]  ? exit_to_user_mode_prepare+0x35/0x170
[   27.952574]  ? irqentry_exit_to_user_mode+0x9/0x20
[   27.953114]  ? irqentry_exit+0x33/0x40
[   27.953642]  ? exc_page_fault+0x89/0x170
[   27.954165]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   27.954715] RIP: 0033:0x7f19be9459ef
[   27.955227] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   27.955786] RSP: 002b:00007ffe1b29ee40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   27.956367] RAX: ffffffffffffffda RBX: 000055c823b3e570 RCX: 00007f19be9459ef
[   27.956951] RDX: 00007ffe1b29eeb0 RSI: 0000000000005a06 RDI: 0000000000000003
[   27.957539] RBP: 00007ffe1b2a2490 R08: 0000000000000000 R09: 00007f19bea2b420
[   27.958127] R10: 000055c823b5f000 R11: 0000000000000246 R12: 000055c823ae42c0
[   27.958742] R13: 00007ffe1b29eeb0 R14: 00007ffe1b2a2570 R15: 0000000000000000
[   27.959333]  </TASK>
[   27.959937] ================================================================================
[   27.960558] ================================================================================
[   27.961152] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:1021:27
[   27.961757] index 1 is out of range for type 'mzap_ent_phys_t [1]'
[   27.962361] CPU: 0 PID: 306 Comm: zpool Tainted: P           OE      6.5.0-rc4 #1
[   27.963000] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   27.963619] Call Trace:
[   27.964237]  <TASK>
[   27.964852]  dump_stack_lvl+0x48/0x60
[   27.965471]  dump_stack+0x10/0x20
[   27.966085]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   27.966732]  zap_lookup_impl+0x34e/0x390 [zfs]
[   27.967482]  zap_lookup+0xa7/0x100 [zfs]
[   27.968226]  feature_get_refcount_from_disk+0x62/0xd0 [zfs]
[   27.968977]  spa_load+0x7b4/0x1950 [zfs]
[   27.969732]  ? zpool_get_load_policy+0x194/0x1a0 [zfs]
[   27.970459]  ? nvt_lookup_name_type.isra.0+0x6f/0xb0 [zfs]
[   27.971209]  spa_tryimport+0x15b/0x460 [zfs]
[   27.971933]  zfs_ioc_pool_tryimport+0x79/0xd0 [zfs]
[   27.972619]  zfsdev_ioctl_common+0x893/0x9f0 [zfs]
[   27.973303]  ? kvmalloc_node+0x4b/0xe0
[   27.973854]  zfsdev_ioctl+0x57/0xe0 [zfs]
[   27.974529]  __x64_sys_ioctl+0x94/0xd0
[   27.975083]  do_syscall_64+0x55/0x80
[   27.975627]  ? count_memcg_events.constprop.0+0x1e/0x30
[   27.976168]  ? handle_mm_fault+0xad/0x360
[   27.976703]  ? exit_to_user_mode_prepare+0x35/0x170
[   27.977243]  ? irqentry_exit_to_user_mode+0x9/0x20
[   27.977776]  ? irqentry_exit+0x33/0x40
[   27.978297]  ? exc_page_fault+0x89/0x170
[   27.978818]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   27.979331] RIP: 0033:0x7f19be9459ef
[   27.979834] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   27.980396] RSP: 002b:00007ffe1b29ee40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   27.980976] RAX: ffffffffffffffda RBX: 000055c823b3e570 RCX: 00007f19be9459ef
[   27.981561] RDX: 00007ffe1b29eeb0 RSI: 0000000000005a06 RDI: 0000000000000003
[   27.982147] RBP: 00007ffe1b2a2490 R08: 0000000000000000 R09: 00007f19bea2b420
[   27.982740] R10: 000055c823b5f000 R11: 0000000000000246 R12: 000055c823ae42c0
[   27.983328] R13: 00007ffe1b29eeb0 R14: 00007ffe1b2a2570 R15: 0000000000000000
[   27.983920]  </TASK>
[   27.984511] ================================================================================
[   28.110649] ================================================================================
[   28.111338] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:1387:22
[   28.112019] index 2 is out of range for type 'mzap_ent_phys_t [1]'
[   28.112699] CPU: 0 PID: 396 Comm: txg_sync Tainted: P           OE      6.5.0-rc4 #1
[   28.113386] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.114080] Call Trace:
[   28.114779]  <TASK>
[   28.115469]  dump_stack_lvl+0x48/0x60
[   28.116166]  dump_stack+0x10/0x20
[   28.116857]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.117551]  zap_update+0x2a0/0x2b0 [zfs]
[   28.118426]  feature_sync+0x57/0x150 [zfs]
[   28.119280]  spa_feature_incr+0x74/0x120 [zfs]
[   28.120121]  space_map_alloc+0x73/0x80 [zfs]
[   28.120966]  spa_generate_syncing_log_sm+0xd1/0x250 [zfs]
[   28.121819]  spa_flush_metaslabs+0xa8/0x410 [zfs]
[   28.122675]  ? dmu_buf_rele+0x3b/0x40 [zfs]
[   28.123508]  ? mutex_lock+0x12/0x40
[   28.124167]  spa_sync+0x626/0x1040 [zfs]
[   28.124978]  ? spa_txg_history_init_io+0x114/0x120 [zfs]
[   28.125792]  txg_sync_thread+0x1fd/0x390 [zfs]
[   28.126616]  ? spl_kmem_free+0x29/0x30 [spl]
[   28.127178]  ? txg_register_callbacks+0xb0/0xb0 [zfs]
[   28.127860]  ? txg_register_callbacks+0xb0/0xb0 [zfs]
[   28.128535]  ? spl_taskq_fini+0x80/0x80 [spl]
[   28.129084]  thread_generic_wrapper+0x5c/0x70 [spl]
[   28.129629]  kthread+0xef/0x120
[   28.130165]  ? kthread_complete_and_exit+0x20/0x20
[   28.130697]  ret_from_fork+0x36/0x50
[   28.131218]  ? kthread_complete_and_exit+0x20/0x20
[   28.131738]  ret_from_fork_asm+0x11/0x20
[   28.132253]  </TASK>
[   28.132760] ================================================================================
[   28.134081] ================================================================================
[   28.134628] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:1447:4
[   28.135220] index 48 is out of range for type 'mzap_ent_phys_t [1]'
[   28.135814] CPU: 2 PID: 396 Comm: txg_sync Tainted: P           OE      6.5.0-rc4 #1
[   28.136414] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.137023] Call Trace:
[   28.137630]  <TASK>
[   28.138231]  dump_stack_lvl+0x48/0x60
[   28.138822]  dump_stack+0x10/0x20
[   28.139353]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.139888]  zap_remove_impl+0x1be/0x1d0 [zfs]
[   28.140554]  zap_remove+0x8b/0xe0 [zfs]
[   28.141217]  zap_remove_int+0x6b/0x90 [zfs]
[   28.141877]  spa_cleanup_old_sm_logs+0xfe/0x180 [zfs]
[   28.142547]  metaslab_unflushed_bump+0x123/0x160 [zfs]
[   28.143222]  spa_flush_metaslabs+0x211/0x410 [zfs]
[   28.143893]  spa_sync+0x626/0x1040 [zfs]
[   28.144564]  ? spa_txg_history_init_io+0x114/0x120 [zfs]
[   28.145235]  txg_sync_thread+0x1fd/0x390 [zfs]
[   28.145905]  ? spl_kmem_free+0x29/0x30 [spl]
[   28.146451]  ? txg_register_callbacks+0xb0/0xb0 [zfs]
[   28.147125]  ? txg_register_callbacks+0xb0/0xb0 [zfs]
[   28.147793]  ? spl_taskq_fini+0x80/0x80 [spl]
[   28.148339]  thread_generic_wrapper+0x5c/0x70 [spl]
[   28.148885]  kthread+0xef/0x120
[   28.149382]  ? kthread_complete_and_exit+0x20/0x20
[   28.149852]  ret_from_fork+0x36/0x50
[   28.150315]  ? kthread_complete_and_exit+0x20/0x20
[   28.150780]  ret_from_fork_asm+0x11/0x20
[   28.151243]  </TASK>
[   28.151702] ================================================================================
[   28.172651] ================================================================================
[   28.173435] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:314:44
[   28.174086] index 1 is out of range for type 'mzap_ent_phys_t [1]'
[   28.174624] CPU: 1 PID: 396 Comm: txg_sync Tainted: P           OE      6.5.0-rc4 #1
[   28.175152] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.175678] Call Trace:
[   28.176197]  <TASK>
[   28.176706]  dump_stack_lvl+0x48/0x60
[   28.177212]  dump_stack+0x10/0x20
[   28.177713]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.178221]  mzap_addent+0x2b7/0x2d0 [zfs]
[   28.178909]  zap_add_impl+0x33d/0x360 [zfs]
[   28.179566]  zap_add+0xca/0xf0 [zfs]
[   28.180219]  zap_add_int_key+0x7d/0xa0 [zfs]
[   28.180874]  spa_generate_syncing_log_sm+0xe9/0x250 [zfs]
[   28.181536]  spa_flush_metaslabs+0xa8/0x410 [zfs]
[   28.182198]  ? dmu_buf_rele+0x3b/0x40 [zfs]
[   28.182847]  ? mutex_lock+0x12/0x40
[   28.183354]  spa_sync+0x626/0x1040 [zfs]
[   28.184046]  ? spa_txg_history_init_io+0x114/0x120 [zfs]
[   28.184748]  txg_sync_thread+0x1fd/0x390 [zfs]
[   28.185452]  ? txg_register_callbacks+0xb0/0xb0 [zfs]
[   28.186155]  ? spl_taskq_fini+0x80/0x80 [spl]
[   28.186683]  thread_generic_wrapper+0x5c/0x70 [spl]
[   28.187206]  kthread+0xef/0x120
[   28.187714]  ? kthread_complete_and_exit+0x20/0x20
[   28.188229]  ret_from_fork+0x36/0x50
[   28.188740]  ? kthread_complete_and_exit+0x20/0x20
[   28.189254]  ret_from_fork_asm+0x11/0x20
[   28.189769]  </TASK>
[   28.190280] ================================================================================
[   28.208303] ================================================================================
[   28.209136] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_micro.c:1234:52
[   28.209784] index 2 is out of range for type 'mzap_ent_phys_t [1]'
[   28.210317] CPU: 3 PID: 396 Comm: txg_sync Tainted: P           OE      6.5.0-rc4 #1
[   28.210860] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.211409] Call Trace:
[   28.211945]  <TASK>
[   28.212471]  dump_stack_lvl+0x48/0x60
[   28.212998]  dump_stack+0x10/0x20
[   28.213509]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.214017]  mzap_addent+0x298/0x2d0 [zfs]
[   28.214709]  zap_add_impl+0x33d/0x360 [zfs]
[   28.215369]  zap_add+0xca/0xf0 [zfs]
[   28.216028]  zap_add_int_key+0x7d/0xa0 [zfs]
[   28.216686]  spa_generate_syncing_log_sm+0xe9/0x250 [zfs]
[   28.217354]  spa_flush_metaslabs+0xa8/0x410 [zfs]
[   28.218021]  ? dmu_buf_rele+0x3b/0x40 [zfs]
[   28.218690]  ? mutex_lock+0x12/0x40
[   28.219206]  spa_sync+0x626/0x1040 [zfs]
[   28.219874]  ? spa_txg_history_init_io+0x114/0x120 [zfs]
[   28.220538]  txg_sync_thread+0x1fd/0x390 [zfs]
[   28.221204]  ? txg_register_callbacks+0xb0/0xb0 [zfs]
[   28.221869]  ? spl_taskq_fini+0x80/0x80 [spl]
[   28.222395]  thread_generic_wrapper+0x5c/0x70 [spl]
[   28.222926]  kthread+0xef/0x120
[   28.223438]  ? kthread_complete_and_exit+0x20/0x20
[   28.223957]  ret_from_fork+0x36/0x50
[   28.224473]  ? kthread_complete_and_exit+0x20/0x20
[   28.224991]  ret_from_fork_asm+0x11/0x20
[   28.225510]  </TASK>
[   28.226029] ================================================================================
[   28.273173] ================================================================================
[   28.273733] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_leaf.c:444:49
[   28.274275] index 1 is out of range for type 'uint16_t [1]'
[   28.274840] CPU: 0 PID: 424 Comm: zfs Tainted: P           OE      6.5.0-rc4 #1
[   28.275385] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.275930] Call Trace:
[   28.276468]  <TASK>
[   28.276996]  dump_stack_lvl+0x48/0x60
[   28.277522]  dump_stack+0x10/0x20
[   28.278043]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.278569]  zap_leaf_lookup_closest+0x203/0x220 [zfs]
[   28.279280]  fzap_cursor_retrieve+0x10f/0x380 [zfs]
[   28.279958]  zap_cursor_retrieve+0x266/0x390 [zfs]
[   28.280635]  ? dbuf_cache_multilist_index_func+0x31/0x40 [zfs]
[   28.281303]  ? mutex_lock+0x12/0x40
[   28.281839]  dsl_prop_get_all_impl+0x247/0x7b0 [zfs]
[   28.282525]  ? dmu_buf_rele+0x3b/0x40 [zfs]
[   28.283200]  ? spl_kvmalloc+0x7a/0xa0 [spl]
[   28.283746]  ? __kmalloc_node+0x52/0xd0
[   28.284279]  ? spl_kvmalloc+0x7a/0xa0 [spl]
[   28.284821]  ? spl_kvmalloc+0x7a/0xa0 [spl]
[   28.285359]  ? strlcat+0x56/0x80
[   28.285882]  ? dsl_dir_name+0x104/0x1a0 [zfs]
[   28.286555]  ? strlcat+0x56/0x80
[   28.287037]  ? dsl_dir_name+0x104/0x1a0 [zfs]
[   28.287633]  ? strlcat+0x56/0x80
[   28.288095]  dsl_prop_get_all_ds+0xcf/0x1a0 [zfs]
[   28.288694]  dsl_prop_get_all+0x13/0x20 [zfs]
[   28.289289]  zfs_ioc_objset_stats_impl+0x79/0x110 [zfs]
[   28.289882]  zfs_ioc_objset_stats+0x66/0x80 [zfs]
[   28.290475]  zfsdev_ioctl_common+0x893/0x9f0 [zfs]
[   28.291094]  ? kvmalloc_node+0x4b/0xe0
[   28.291558]  zfsdev_ioctl+0x57/0xe0 [zfs]
[   28.292179]  __x64_sys_ioctl+0x94/0xd0
[   28.292667]  do_syscall_64+0x55/0x80
[   28.293145]  ? exit_to_user_mode_prepare+0x35/0x170
[   28.293619]  ? irqentry_exit_to_user_mode+0x9/0x20
[   28.294086]  ? irqentry_exit+0x33/0x40
[   28.294544]  ? exc_page_fault+0x89/0x170
[   28.295002]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   28.295433] RIP: 0033:0x7ff30dd899ef
[   28.295863] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   28.296350] RSP: 002b:00007ffd29f1c430 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   28.296854] RAX: ffffffffffffffda RBX: 0000555cec9ffd10 RCX: 00007ff30dd899ef
[   28.297360] RDX: 00007ffd29f1c4c0 RSI: 0000000000005a12 RDI: 0000000000000003
[   28.297870] RBP: 00007ffd29f1c4b0 R08: 00000000ffffffff R09: 0000000000000000
[   28.298379] R10: 0000000000000022 R11: 0000000000000246 R12: 00007ffd29f1c4c0
[   28.298924] R13: 0000555cec9fd2c0 R14: 00007ffd29f1c4c0 R15: 00007ff30d500758
[   28.299438]  </TASK>
[   28.299952] ================================================================================
[   28.743998] ================================================================================
[   28.744910] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/sa.c:339:4
[   28.745681] index 1 is out of range for type 'uint16_t [1]'
[   28.746338] CPU: 0 PID: 542 Comm: run-init Tainted: P           OE      6.5.0-rc4 #1
[   28.746944] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.747533] Call Trace:
[   28.748120]  <TASK>
[   28.748707]  dump_stack_lvl+0x48/0x60
[   28.749299]  dump_stack+0x10/0x20
[   28.749882]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.750469]  sa_attr_op+0x408/0x460 [zfs]
[   28.751268]  sa_lookup_uio+0x8a/0x110 [zfs]
[   28.752006]  zfs_readlink+0x10b/0x180 [zfs]
[   28.752729]  zpl_get_link_common.constprop.0+0xdf/0x150 [zfs]
[   28.753457]  ? zpl_get_link_common.constprop.0+0x150/0x150 [zfs]
[   28.754185]  zpl_get_link+0x36/0x70 [zfs]
[   28.754919]  step_into+0x657/0x740
[   28.755504]  walk_component+0x51/0x170
[   28.756089]  link_path_walk.part.0.constprop.0+0x269/0x3a0
[   28.756682]  ? path_init+0x28c/0x3c0
[   28.757273]  path_lookupat+0x3e/0x190
[   28.757864]  filename_lookup+0xe4/0x1e0
[   28.758454]  user_path_at_empty+0x3e/0x60
[   28.759006]  do_faccessat+0x111/0x2f0
[   28.759530]  __x64_sys_access+0x1c/0x20
[   28.760052]  do_syscall_64+0x55/0x80
[   28.760575]  ? exit_to_user_mode_prepare+0x35/0x170
[   28.761099]  ? syscall_exit_to_user_mode+0x26/0x40
[   28.761624]  ? do_syscall_64+0x61/0x80
[   28.762147]  ? exit_to_user_mode_prepare+0x35/0x170
[   28.762699]  ? syscall_exit_to_user_mode+0x26/0x40
[   28.763225]  ? __x64_sys_statfs+0x16/0x20
[   28.763750]  ? do_syscall_64+0x61/0x80
[   28.764275]  ? exc_page_fault+0x89/0x170
[   28.764800]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   28.765327] RIP: 0033:0x7fdb651aaaab
[   28.765854] Code: 77 05 c3 0f 1f 40 00 48 8b 15 69 a3 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 0f 1f 40 00 f3 0f 1e fa b8 15 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 39 a3 0e 00 f7 d8
[   28.766436] RSP: 002b:00007ffca41e01c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000015
[   28.767063] RAX: ffffffffffffffda RBX: 00007ffca41e04e8 RCX: 00007fdb651aaaab
[   28.767664] RDX: 00007ffca41e0278 RSI: 0000000000000001 RDI: 00007ffca41e0d3f
[   28.768233] RBP: 000056205c3c81a9 R08: 0000000000000000 R09: 0000000000000000
[   28.768771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   28.769329] R13: 000056205c3c39a6 R14: 0000000000000002 R15: 000056205c3c8ad8
[   28.769861]  </TASK>
[   28.770416] ================================================================================
[   28.772136] ================================================================================
[   28.772748] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/sa.c:1733:24
[   28.773357] index 1 is out of range for type 'uint16_t [1]'
[   28.773959] CPU: 3 PID: 542 Comm: run-init Tainted: P           OE      6.5.0-rc4 #1
[   28.774564] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.775182] Call Trace:
[   28.775792]  <TASK>
[   28.776401]  dump_stack_lvl+0x48/0x60
[   28.777017]  dump_stack+0x10/0x20
[   28.777621]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.778228]  sa_find_idx_tab+0x239/0x270 [zfs]
[   28.779021]  sa_build_index+0xa3/0x360 [zfs]
[   28.779784]  sa_handle_get_from_db+0x120/0x170 [zfs]
[   28.780545]  zfs_znode_sa_init+0xb1/0xe0 [zfs]
[   28.781329]  zfs_znode_alloc+0x19d/0x7c0 [zfs]
[   28.782117]  ? aggsum_add+0x19f/0x1b0 [zfs]
[   28.782889]  zfs_zget+0x25b/0x2a0 [zfs]
[   28.783639]  zfs_dirent_lock+0x3e8/0x6a0 [zfs]
[   28.784384]  zfs_dirlook+0xaa/0x2e0 [zfs]
[   28.785124]  ? zfs_zaccess+0x2a0/0x480 [zfs]
[   28.785863]  zfs_lookup+0x258/0x410 [zfs]
[   28.786606]  zpl_lookup+0xe0/0x210 [zfs]
[   28.787335]  __lookup_slow+0x7f/0x120
[   28.787913]  walk_component+0x100/0x170
[   28.788483]  path_lookupat+0x67/0x190
[   28.789046]  filename_lookup+0xe4/0x1e0
[   28.789601]  ? zpl_ioctl_fideduperange+0x20/0x20 [zfs]
[   28.790298]  user_path_at_empty+0x3e/0x60
[   28.790838]  do_faccessat+0x111/0x2f0
[   28.791331]  __x64_sys_access+0x1c/0x20
[   28.791826]  do_syscall_64+0x55/0x80
[   28.792319]  ? exit_to_user_mode_prepare+0x35/0x170
[   28.792816]  ? syscall_exit_to_user_mode+0x26/0x40
[   28.793311]  ? do_syscall_64+0x61/0x80
[   28.793806]  ? exit_to_user_mode_prepare+0x35/0x170
[   28.794303]  ? syscall_exit_to_user_mode+0x26/0x40
[   28.794821]  ? __x64_sys_statfs+0x16/0x20
[   28.795313]  ? do_syscall_64+0x61/0x80
[   28.795804]  ? exc_page_fault+0x89/0x170
[   28.796296]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   28.796789] RIP: 0033:0x7fdb651aaaab
[   28.797278] Code: 77 05 c3 0f 1f 40 00 48 8b 15 69 a3 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 0f 1f 40 00 f3 0f 1e fa b8 15 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 39 a3 0e 00 f7 d8
[   28.797824] RSP: 002b:00007ffca41e01c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000015
[   28.798387] RAX: ffffffffffffffda RBX: 00007ffca41e04e8 RCX: 00007fdb651aaaab
[   28.798978] RDX: 00007ffca41e0278 RSI: 0000000000000001 RDI: 00007ffca41e0d3f
[   28.799547] RBP: 000056205c3c81a9 R08: 0000000000000000 R09: 0000000000000000
[   28.800119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   28.800691] R13: 000056205c3c39a6 R14: 0000000000000002 R15: 000056205c3c8ad8
[   28.801266]  </TASK>
[   28.801851] ================================================================================
[   28.858889] ================================================================================
[   28.860019] UBSAN: array-index-out-of-bounds in /var/lib/dkms/zfs/2.2.0rc3/build/module/zfs/zap_leaf.c:661:24
[   28.861023] index 18 is out of range for type 'uint16_t [1]'
[   28.861878] CPU: 3 PID: 1 Comm: run-init Tainted: P           OE      6.5.0-rc4 #1
[   28.862619] Hardware name: Apple Inc. Macmini7,1/Mac-35C5E08120C7EEAF, BIOS 249.0.0.0.0 06/11/2020
[   28.863316] Call Trace:
[   28.863996]  <TASK>
[   28.864671]  dump_stack_lvl+0x48/0x60
[   28.865314]  dump_stack+0x10/0x20
[   28.865914]  __ubsan_handle_out_of_bounds+0xc6/0x100
[   28.866514]  zap_entry_normalization_conflict+0x188/0x1a0 [zfs]
[   28.867297]  fzap_lookup+0x146/0x1c0 [zfs]
[   28.868045]  zap_lookup_impl+0xae/0x390 [zfs]
[   28.868790]  zap_lookup_norm+0xb0/0x110 [zfs]
[   28.869531]  zfs_dirent_lock+0x375/0x6a0 [zfs]
[   28.870306]  zfs_dirlook+0xaa/0x2e0 [zfs]
[   28.871057]  ? zfs_zaccess+0x2a0/0x480 [zfs]
[   28.871792]  zfs_lookup+0x258/0x410 [zfs]
[   28.872553]  zpl_lookup+0xe0/0x210 [zfs]
[   28.873305]  path_openat+0x639/0x1140
[   28.873897]  ? rrm_exit+0x59/0xc0 [zfs]
[   28.874653]  do_filp_open+0xaf/0x160
[   28.875141]  ? zpl_ioctl_fideduperange+0x20/0x20 [zfs]
[   28.875763]  ? zpl_ioctl_fideduperange+0x20/0x20 [zfs]
[   28.876380]  do_open_execat+0x5a/0xf0
[   28.876871]  open_exec+0x2b/0x50
[   28.877358]  load_elf_binary+0x210/0x1780
[   28.877847]  bprm_execve+0x28a/0x670
[   28.878333]  do_execveat_common.isra.0+0x1a9/0x250
[   28.878845]  __x64_sys_execve+0x37/0x50
[   28.879330]  do_syscall_64+0x55/0x80
[   28.879816]  ? do_syscall_64+0x61/0x80
[   28.880300]  ? do_syscall_64+0x61/0x80
[   28.880781]  ? do_syscall_64+0x61/0x80
[   28.881257]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   28.881739] RIP: 0033:0x7f991965a52b
[   28.882220] Code: b5 11 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 8d 94 fa ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa b8 3b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d bd 38 11 00 f7 d8 64 89 01 48
[   28.882788] RSP: 002b:00007ffdee85ac88 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   28.883341] RAX: ffffffffffffffda RBX: 00007ffdee85afa0 RCX: 00007f991965a52b
[   28.883898] RDX: 00007ffdee85afb8 RSI: 00007ffdee85afa8 RDI: 00007ffdee85ce84
[   28.884455] RBP: 00005621c0ee01a9 R08: 0000000000000000 R09: 0000000000000000
[   28.885015] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000
[   28.885576] R13: 00005621c0edb9a6 R14: 0000000000000002 R15: 00005621c0ee0ad8
[   28.886139]  </TASK>
[   28.887918] ================================================================================

Describe how to reproduce the problem

I have a packaged PPA for use with ubuntu 22.10 (Ubuntu Lunar) here: https://launchpad.net/~satadru-umich/+archive/ubuntu/zfs-experimental/

Relevant kernel config options:

src/kernel/linux-6.5-rc4$ grep UBSAN .config
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_TRAP is not set
CONFIG_CC_HAS_UBSAN_BOUNDS_STRICT=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_BOUNDS_STRICT=y
CONFIG_UBSAN_SHIFT=y
# CONFIG_UBSAN_DIV_ZERO is not set
CONFIG_UBSAN_BOOL=y
CONFIG_UBSAN_ENUM=y
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_TEST_UBSAN is not set

Linux Kernel config 6.5.0-rc4 .config used:
config.txt

[ckane]

This won't be the final rev, but can you try applying the below patches and let me know if it quiets the UBSAN stuff?

I'm not 100% on the efi_parts change but the wording of the variable name suggests it should be variable-length, too.

diff --git a/include/sys/efi_partition.h b/include/sys/efi_partition.h
index c4d7fd508..9fae68ea1 100644
--- a/include/sys/efi_partition.h
+++ b/include/sys/efi_partition.h
@@ -324,7 +324,7 @@ typedef struct dk_gpt {
        uint_t          efi_reserved1;  /* future use - set to zero */
        diskaddr_t      efi_altern_lba; /* lba of alternate GPT header */
        uint_t          efi_reserved[12]; /* future use - set to zero */
-       struct dk_part  efi_parts[1];   /* array of partitions */
+       struct dk_part  efi_parts[];    /* array of partitions */
 } dk_gpt_t;
 
 /* possible values for "efi_flags" */
diff --git a/include/sys/sa_impl.h b/include/sys/sa_impl.h
index 744c8dcb7..fab7cd9e7 100644
--- a/include/sys/sa_impl.h
+++ b/include/sys/sa_impl.h
@@ -177,7 +177,7 @@ typedef struct sa_hdr_phys {
         *
         */
        uint16_t sa_layout_info;
-       uint16_t sa_lengths[1]; /* optional sizes for variable length attrs */
+       uint16_t sa_lengths[];  /* optional sizes for variable length attrs */
        /* ... Data follows the lengths.  */
 } sa_hdr_phys_t;
 
diff --git a/include/sys/zap_impl.h b/include/sys/zap_impl.h
index 74853f5fa..bbc105596 100644
--- a/include/sys/zap_impl.h
+++ b/include/sys/zap_impl.h
@@ -61,7 +61,7 @@ typedef struct mzap_phys {
        uint64_t mz_salt;
        uint64_t mz_normflags;
        uint64_t mz_pad[5];
-       mzap_ent_phys_t mz_chunk[1];
+       mzap_ent_phys_t mz_chunk[];
        /* actually variable size depending on block size */
 } mzap_phys_t;
 
diff --git a/include/sys/zap_leaf.h b/include/sys/zap_leaf.h
index ebc67c2bf..4f35832d6 100644
--- a/include/sys/zap_leaf.h
+++ b/include/sys/zap_leaf.h
@@ -132,7 +132,7 @@ typedef struct zap_leaf_phys {
         * with the ZAP_LEAF_CHUNK() macro.
         */
 
-       uint16_t l_hash[1];
+       uint16_t l_hash[];
 } zap_leaf_phys_t;
 
 typedef union zap_leaf_chunk {

[satmandu]

I will try this today... once my machines aren't tied up being used as buildbots...

[satmandu]

Sigh. Reworked the patch because of tabs. :(

ubsan.patch

[satmandu]

Looks like this does eliminate the ubsan errors in dmesg!

[ckane]

Looks like this does eliminate the ubsan errors in dmesg!

Ok cool - I'll see if I can whip up an autoconf test for "struct ending with var-length array supported" and then use #ifdef to conditionally compile these. The code affected above seems to be used across OS's, so I suspect that the present type definitions (var[1]) need to be preserved for some build cases where the variable-length arrays aren't supported by the compilers/kernel/etc...

@behlendorf do you have any thoughts? Seems to me the current behavior was made to overcome some older compiler limitation that used to not allow variable-length arrays in struct definitions? (probably because it complicates things like sizeof(type))?

[EriksRemess]

Sigh. Reworked the patch because of tabs. :(

ubsan.patch

looks like this patch or fix for this issue was not included in 2.1.13 release

[satmandu]

I was hoping this could get into 2.2.0 :)

I haven't checked though to see if it has entered the debian patches for their zfs 2.2 release for the Ubuntu 23.10 kernels...

[EriksRemess]

Bit updated patch:
https://gist.github.com/EriksRemess/caf7d7441b1af7b94b34edab62a93697

changes module/icp/include/sys/modhash_impl.h:75 mh_entries[1] to mh_entries[]

Looks like module/icp/include/sys/modhash_impl.h is not present anymore in master but for 2.1.13 to not to throw any errors in syslog, it needs to be patched.

[ckane]

There were some worries mentioned above by @behlendorf about the potential of these changes creating a situation where it could cause data corruption on existing pools, or potentially result in pools that aren't backward compatible, due to that the change needed to silence the UBSAN warning also results in changing the sizeof() calculation for these data structures. I don't have a very good setup to stress test this, but if either of you all do, and wouldn't mind stress-testing both modes (old zpool on new zfs) + (new zpool on old zfs) and describe the testing methodology briefly, and the findings, I think that would be helpful in making everyone feel safer about this change.

[ckane]

The core issue is that the syntax that the UBSAN warnings want us to change is actually compliant C code, and designed to function in that manner (overflowing the array at the end of a struct is supposed to be acceptable), so the UBSAN warning is getting over-zealous in these cases. I think the fix should make both things happy, but I don't have an adequate setup to stress test it in the ways it needs stress testing to allay concerns.

[EriksRemess]

Ended up disabling UBSAN in kernel config. Started to complain in syslog about Nvidia drivers too.

[behlendorf]

Resolved by #15510 which suppresses the warnings and preserves known correct code.