From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 1123] [dpdk-22.11][ASan Test] the stack-buffer-overflow was found when quit testpmd in Redhat9
Date: Wed, 09 Nov 2022 10:41:38 +0000 [thread overview]
Message-ID: <bug-1123-3@http.bugs.dpdk.org/> (raw)
https://bugs.dpdk.org/show_bug.cgi?id=1123
Bug ID: 1123
Summary: [dpdk-22.11][ASan Test] the stack-buffer-overflow was
found when quit testpmd in Redhat9
Product: DPDK
Version: 22.11
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: testpmd
Assignee: dev@dpdk.org
Reporter: zhiminx.huang@intel.com
Target Milestone: ---
Environment:
DPDK:DPDK22.11
HW:Intel(R) Xeon(R) Gold 6139 CPU @ 2.30GHz
OS:Red Hat Enterprise Linux release 9.0/5.14.0-70.13.1.el9_0.x86_64
gcc:gcc version 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
NIC:Intel Corporation Ethernet Controller E810-C for QSFP [8086:1592]
driver: ice
version: 1.10.1
firmware-version: 4.10 0x80014596 1.3295.0
TestStep:
1.
rm x86_64-native-linuxapp-gcc/ -rf
CC=gcc meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug
-Db_lundef=false -Db_sanitize=address --default-library=static
x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc -j 70
2.
./usertools/dpdk-devbind.py -b vfio-pci 0000:0b:00.0
3.
./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -- -i
4.
quit
Actual Result(Show the output from the previous commands)
=================================================================
==3933==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7f75435fb480 at pc 0x7f7547b88117 bp 0x7f75435fb450 sp 0x7f75435fabf8
WRITE of size 24 at 0x7f75435fb480 thread T16777215
#0 0x7f7547b88116 in __interceptor_sigaltstack.part.0
(/lib64/libasan.so.6+0x54116)
#1 0x7f7547c069e7 in __sanitizer::UnsetAlternateSignalStack()
(/lib64/libasan.so.6+0xd29e7)
#2 0x7f7547bf678c in __asan::AsanThread::Destroy()
(/lib64/libasan.so.6+0xc278c)
#3 0x7f754748f820 in __GI___nptl_deallocate_tsd (/lib64/libc.so.6+0xa1820)
#4 0x7f7547492595 in start_thread (/lib64/libc.so.6+0xa4595)
#5 0x7f75474323ef in clone3 (/lib64/libc.so.6+0x443ef)Address
0x7f75435fb480 is located in stack of thread T2 at offset 576 in frame
#0 0x129e3ba in mp_handle ../lib/eal/common/eal_common_proc.c:390 This
frame has 2 object(s):
[32, 142) 'sa' (line 392)
[176, 540) 'msg' (line 391) <== Memory access at offset 576 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Thread T2 created by T0 here:
#0 0x7f7547b8c7d5 in pthread_create (/lib64/libasan.so.6+0x587d5)
#1 0x128126e in rte_ctrl_thread_create
../lib/eal/common/eal_common_thread.c:288
#2 0x129f844 in rte_mp_channel_init ../lib/eal/common/eal_common_proc.c:638
#3 0x12b99e6 in rte_eal_init ../lib/eal/linux/eal.c:1051
#4 0x7abde1 in main ../app/test-pmd/testpmd.c:4284
#5 0x7f7547432e4f in __libc_start_call_main
(/lib64/libc.so.6+0x44e4f)SUMMARY: AddressSanitizer: stack-buffer-overflow
(/lib64/libasan.so.6+0x54116) in __interceptor_sigaltstack.part.0
Shadow bytes around the buggy address:
0x0fef286b7640: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
0x0fef286b7650: 00 00 00 00 00 00 00 00 00 06 f2 f2 f2 f2 00 00
0x0fef286b7660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b7670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b7680: 00 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3
=>0x0fef286b7690:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3933==ABORTING
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 45 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 16
On-line CPU(s) list: 0-15
Vendor ID: GenuineIntel
BIOS Vendor ID: GenuineIntel
Model name: Intel(R) Xeon(R) Gold 6140M CPU @ 2.30GHz
BIOS Model name: Intel(R) Xeon(R) Gold 6140M CPU @ 2.30GHz
CPU family: 6
Model: 85
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 16
Stepping: 4
BogoMIPS: 4589.21
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1g
b rdtscp lm constant_tsc arch_perfmon nopl xtopology
tsc_reliable nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3
fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt
tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3
dnowprefetch cpuid_fault invpcid_single pti ssbd ibrs
ibpb stibp fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid avx51
2f avx512dq rdseed adx smap clflushopt clwb avx512cd
avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves arat pku ospke m
d_clear flush_l1d arch_capabilities
Virtualization features:
Hypervisor vendor: VMware
Virtualization type: full
Caches (sum of all):
L1d: 512 KiB (16 instances)
L1i: 512 KiB (16 instances)
L2: 16 MiB (16 instances)
L3: 396 MiB (16 instances)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-15
Vulnerabilities:
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Meltdown: Mitigation; PTI
Spec store bypass: Mitigation; Speculative Store Bypass disabled via
prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user
pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, IBRS_FW,
STIBP disabled, RSB filling
Srbds: Not affected
Tsx async abort: Not affected
Expected Result
Explain what is the expected result in text or as an example output:
no ASan error
--
You are receiving this mail because:
You are the assignee for the bug.
reply other threads:[~2022-11-09 10:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-1123-3@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.