From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 1123] [dpdk-22.11][ASan Test] the stack-buffer-overflow was found when quit testpmd in Redhat9
Date: Wed, 09 Nov 2022 10:41:38 +0000 [thread overview]
Message-ID: <bug-1123-3@http.bugs.dpdk.org/> (raw)
https://bugs.dpdk.org/show_bug.cgi?id=1123
Bug ID: 1123
Summary: [dpdk-22.11][ASan Test] the stack-buffer-overflow was
found when quit testpmd in Redhat9
Product: DPDK
Version: 22.11
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: testpmd
Assignee: dev@dpdk.org
Reporter: zhiminx.huang@intel.com
Target Milestone: ---
Environment:
DPDK:DPDK22.11
HW:Intel(R) Xeon(R) Gold 6139 CPU @ 2.30GHz
OS:Red Hat Enterprise Linux release 9.0/5.14.0-70.13.1.el9_0.x86_64
gcc:gcc version 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
NIC:Intel Corporation Ethernet Controller E810-C for QSFP [8086:1592]
driver: ice
version: 1.10.1
firmware-version: 4.10 0x80014596 1.3295.0
TestStep:
1.
rm x86_64-native-linuxapp-gcc/ -rf
CC=gcc meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug
-Db_lundef=false -Db_sanitize=address --default-library=static
x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc -j 70
2.
./usertools/dpdk-devbind.py -b vfio-pci 0000:0b:00.0
3.
./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -- -i
4.
quit
Actual Result(Show the output from the previous commands)
=================================================================
==3933==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7f75435fb480 at pc 0x7f7547b88117 bp 0x7f75435fb450 sp 0x7f75435fabf8
WRITE of size 24 at 0x7f75435fb480 thread T16777215
#0 0x7f7547b88116 in __interceptor_sigaltstack.part.0
(/lib64/libasan.so.6+0x54116)
#1 0x7f7547c069e7 in __sanitizer::UnsetAlternateSignalStack()
(/lib64/libasan.so.6+0xd29e7)
#2 0x7f7547bf678c in __asan::AsanThread::Destroy()
(/lib64/libasan.so.6+0xc278c)
#3 0x7f754748f820 in __GI___nptl_deallocate_tsd (/lib64/libc.so.6+0xa1820)
#4 0x7f7547492595 in start_thread (/lib64/libc.so.6+0xa4595)
#5 0x7f75474323ef in clone3 (/lib64/libc.so.6+0x443ef)Address
0x7f75435fb480 is located in stack of thread T2 at offset 576 in frame
#0 0x129e3ba in mp_handle ../lib/eal/common/eal_common_proc.c:390 This
frame has 2 object(s):
[32, 142) 'sa' (line 392)
[176, 540) 'msg' (line 391) <== Memory access at offset 576 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Thread T2 created by T0 here:
#0 0x7f7547b8c7d5 in pthread_create (/lib64/libasan.so.6+0x587d5)
#1 0x128126e in rte_ctrl_thread_create
../lib/eal/common/eal_common_thread.c:288
#2 0x129f844 in rte_mp_channel_init ../lib/eal/common/eal_common_proc.c:638
#3 0x12b99e6 in rte_eal_init ../lib/eal/linux/eal.c:1051
#4 0x7abde1 in main ../app/test-pmd/testpmd.c:4284
#5 0x7f7547432e4f in __libc_start_call_main
(/lib64/libc.so.6+0x44e4f)SUMMARY: AddressSanitizer: stack-buffer-overflow
(/lib64/libasan.so.6+0x54116) in __interceptor_sigaltstack.part.0
Shadow bytes around the buggy address:
0x0fef286b7640: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
0x0fef286b7650: 00 00 00 00 00 00 00 00 00 06 f2 f2 f2 f2 00 00
0x0fef286b7660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b7670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b7680: 00 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3
=>0x0fef286b7690:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fef286b76e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3933==ABORTING
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 45 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 16
On-line CPU(s) list: 0-15
Vendor ID: GenuineIntel
BIOS Vendor ID: GenuineIntel
Model name: Intel(R) Xeon(R) Gold 6140M CPU @ 2.30GHz
BIOS Model name: Intel(R) Xeon(R) Gold 6140M CPU @ 2.30GHz
CPU family: 6
Model: 85
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 16
Stepping: 4
BogoMIPS: 4589.21
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1g
b rdtscp lm constant_tsc arch_perfmon nopl xtopology
tsc_reliable nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3
fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt
tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3
dnowprefetch cpuid_fault invpcid_single pti ssbd ibrs
ibpb stibp fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid avx51
2f avx512dq rdseed adx smap clflushopt clwb avx512cd
avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves arat pku ospke m
d_clear flush_l1d arch_capabilities
Virtualization features:
Hypervisor vendor: VMware
Virtualization type: full
Caches (sum of all):
L1d: 512 KiB (16 instances)
L1i: 512 KiB (16 instances)
L2: 16 MiB (16 instances)
L3: 396 MiB (16 instances)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-15
Vulnerabilities:
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Meltdown: Mitigation; PTI
Spec store bypass: Mitigation; Speculative Store Bypass disabled via
prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user
pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, IBRS_FW,
STIBP disabled, RSB filling
Srbds: Not affected
Tsx async abort: Not affected
Expected Result
Explain what is the expected result in text or as an example output:
no ASan error
--
You are receiving this mail because:
You are the assignee for the bug.
reply other threads:[~2022-11-09 10:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-1123-3@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).