From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 1166] [dpdk-23.03][asan]suite/name: AddressSanitizer: stack-buffer-overflow error when quit testpmd
Date: Fri, 24 Feb 2023 05:35:00 +0000 [thread overview]
Message-ID: <bug-1166-3@http.bugs.dpdk.org/> (raw)
[-- Attachment #1: Type: text/plain, Size: 6832 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1166
Bug ID: 1166
Summary: [dpdk-23.03][asan]suite/name: AddressSanitizer:
stack-buffer-overflow error when quit testpmd
Product: DPDK
Version: 23.03
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: testpmd
Assignee: dev@dpdk.org
Reporter: weiyuanx.li@intel.com
Target Milestone: ---
[Environment]
Fill in all the following as completely as possible. Use "Unknown" or "N/A" if
required. Use {{braces}} to create fixed width text like this: braces.
DPDK version: Use make showversion or for a non-released version: git remote -v
&& git show-ref --heads
dpdk-23.03 7710b5d15a014872a3aaf646668dafa928ca8473
Other software versions: name/version for QEMU, OVS, etc. Repeat as required.
OS: Ubuntu 22.04.1 LTS/5.15.0-57-generic
Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b
NIC firmware: driver: i40e
version: 5.15.0-57-generic
firmware-version: 9.20 0x8000d89c 1.3353.0
[Test Setup]
Steps to reproduce
List the steps to reproduce the issue.
1. CC=gcc meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug
-Db_lundef=false -Db_sanitize=address --default-library=static
x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc -j 70
2. echo 2 > /sys/bus/pci/devices/0000\:05\:00.0/sriov_numvfs
3. x86_64-native-linuxapp-gcc/app/dpdk-testpmd -l 1-4 -n 4 -a 0000:05:02.0
--file-prefix=dpdk_831_20230224110213 -- -i --rxq=4 --txq=4
4. quit
[Show the output from the previous commands.]
==725284==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffff2dfb480 at pc 0x7ffff7618fc7 bp 0x7ffff2dfb450 sp 0x7ffff2dfabf8
WRITE of size 24 at 0x7ffff2dfb480 thread T16777215
dut.10.239.252.247: kill_all: called by dut and prefix list has
value.
dts:
TEST SUITE ENDED: TestVfSmoke
dut.10.239.252.247: kill_all: called by dut and has no prefix list.
dut.10.239.252.247: ls
dut.10.239.252.247: Buffered info: 0 0x7ffff7618fc6 in
__interceptor_sigaltstack
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9986
#1 0x7ffff7697867 in __sanitizer::UnsetAlternateSignalStack()
../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:195
#2 0x7ffff768760c in __asan::AsanThread::Destroy()
../../../../src/libsanitizer/asan/asan_thread.cpp:104
#3 0x7ffff6e68710 in __GI___nptl_deallocate_tsd
nptl/nptl_deallocate_tsd.c:73
#4 0x7ffff6e68710 in __GI___nptl_deallocate_tsd
nptl/nptl_deallocate_tsd.c:22
#5 0x7ffff6e6b9c9 in start_thread nptl/pthread_create.c:453
#6 0x7ffff6efd9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)Address
0x7ffff2dfb480 is located in stack of thread T2 at offset 576 in frame
#0 0x55555701afbc in mp_handle ../lib/eal/common/eal_common_proc.c:390
This frame has 2 object(s):
[32, 142) 'sa' (line 392)
[176, 540) 'msg' (line 391) <== Memory access at offset 576 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Thread T2 created by T0 here:
#0 0x7ffff761d685 in __interceptor_pthread_create
../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x555556ffd26c in rte_ctrl_thread_create
../lib/eal/common/eal_common_thread.c:308
#2 0x55555701c559 in rte_mp_channel_init
../lib/eal/common/eal_common_proc.c:638
#3 0x555557037738 in rte_eal_init ../lib/eal/linux/eal.c:1057
#4 0x5555564cabc9 in main ../app/test-pmd/testpmd.c:4383
#5 0x7ffff6e00d8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58SUMMARY: AddressSanitizer:
stack-buffer-overflow
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9986
in __interceptor_sigaltstack
Shadow bytes around the buggy address:
0x10007e5b7640: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
0x10007e5b7650: 00 00 00 00 00 00 00 00 00 06 f2 f2 f2 f2 00 00
0x10007e5b7660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b7670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b7680: 00 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3
=>0x10007e5b7690:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==725284==ABORTING
[PEXPECT]#
[Expected Result]
Explain what is the expected result in text or as an example output:
Test ok.
[Regression]
Is this issue a regression: (Y/N) Y
78b7468eacb7bde8c71e5c9f8f1449d148a36fb is the first bad commit
commit 878b7468eacb7bde8c71e5c9f8f1449d148a36fb
Author: Tyler Retzlaff <roretzla@linux.microsoft.com>
Date: Wed Feb 8 13:26:33 2023 -0800
eal: add platform agnostic control thread API
Add rte_thread_create_control API as a replacement for
rte_ctrl_thread_create to allow deprecation of the use of platform
specific types in DPDK public API.
Signed-off-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Mattias Rönnblom <mattias.ronnblom@ericsson.com>
app/test/test_threads.c | 26 ++++++++++++
lib/eal/common/eal_common_thread.c | 85 ++++++++++++++++++++++++++++++++++----
lib/eal/include/rte_thread.h | 33 +++++++++++++++
lib/eal/version.map | 1 +
4 files changed, 137 insertions, 8 deletions
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 9026 bytes --]
next reply other threads:[~2023-02-24 5:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-24 5:35 bugzilla [this message]
2023-03-01 7:49 ` [Bug 1166] [dpdk-23.03][asan]vf_smoke/vf_tx_rx_queue: AddressSanitizer: stack-buffer-overflow error when quit testpmd bugzilla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-1166-3@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.