https://bugs.dpdk.org/show_bug.cgi?id=1166 Bug ID: 1166 Summary: [dpdk-23.03][asan]suite/name: AddressSanitizer: stack-buffer-overflow error when quit testpmd Product: DPDK Version: 23.03 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: Normal Component: testpmd Assignee: dev@dpdk.org Reporter: weiyuanx.li@intel.com Target Milestone: --- [Environment] Fill in all the following as completely as possible. Use "Unknown" or "N/A" if required. Use {{braces}} to create fixed width text like this: braces. DPDK version: Use make showversion or for a non-released version: git remote -v && git show-ref --heads dpdk-23.03 7710b5d15a014872a3aaf646668dafa928ca8473 Other software versions: name/version for QEMU, OVS, etc. Repeat as required. OS: Ubuntu 22.04.1 LTS/5.15.0-57-generic Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0 Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b NIC firmware: driver: i40e version: 5.15.0-57-generic firmware-version: 9.20 0x8000d89c 1.3353.0 [Test Setup] Steps to reproduce List the steps to reproduce the issue. 1. CC=gcc meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address --default-library=static x86_64-native-linuxapp-gcc ninja -C x86_64-native-linuxapp-gcc -j 70 2. echo 2 > /sys/bus/pci/devices/0000\:05\:00.0/sriov_numvfs 3. x86_64-native-linuxapp-gcc/app/dpdk-testpmd -l 1-4 -n 4 -a 0000:05:02.0 --file-prefix=dpdk_831_20230224110213 -- -i --rxq=4 --txq=4 4. quit [Show the output from the previous commands.] ==725284==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffff2dfb480 at pc 0x7ffff7618fc7 bp 0x7ffff2dfb450 sp 0x7ffff2dfabf8 WRITE of size 24 at 0x7ffff2dfb480 thread T16777215 dut.10.239.252.247: kill_all: called by dut and prefix list has value. dts: TEST SUITE ENDED: TestVfSmoke dut.10.239.252.247: kill_all: called by dut and has no prefix list. dut.10.239.252.247: ls dut.10.239.252.247: Buffered info: 0 0x7ffff7618fc6 in __interceptor_sigaltstack ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9986 #1 0x7ffff7697867 in __sanitizer::UnsetAlternateSignalStack() ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:195 #2 0x7ffff768760c in __asan::AsanThread::Destroy() ../../../../src/libsanitizer/asan/asan_thread.cpp:104 #3 0x7ffff6e68710 in __GI___nptl_deallocate_tsd nptl/nptl_deallocate_tsd.c:73 #4 0x7ffff6e68710 in __GI___nptl_deallocate_tsd nptl/nptl_deallocate_tsd.c:22 #5 0x7ffff6e6b9c9 in start_thread nptl/pthread_create.c:453 #6 0x7ffff6efd9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)Address 0x7ffff2dfb480 is located in stack of thread T2 at offset 576 in frame #0 0x55555701afbc in mp_handle ../lib/eal/common/eal_common_proc.c:390 This frame has 2 object(s): [32, 142) 'sa' (line 392) [176, 540) 'msg' (line 391) <== Memory access at offset 576 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) Thread T2 created by T0 here: #0 0x7ffff761d685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x555556ffd26c in rte_ctrl_thread_create ../lib/eal/common/eal_common_thread.c:308 #2 0x55555701c559 in rte_mp_channel_init ../lib/eal/common/eal_common_proc.c:638 #3 0x555557037738 in rte_eal_init ../lib/eal/linux/eal.c:1057 #4 0x5555564cabc9 in main ../app/test-pmd/testpmd.c:4383 #5 0x7ffff6e00d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9986 in __interceptor_sigaltstack Shadow bytes around the buggy address: 0x10007e5b7640: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 0x10007e5b7650: 00 00 00 00 00 00 00 00 00 06 f2 f2 f2 f2 00 00 0x10007e5b7660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e5b7670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e5b7680: 00 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3 =>0x10007e5b7690:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e5b76a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e5b76b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e5b76c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e5b76d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e5b76e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==725284==ABORTING [PEXPECT]# [Expected Result] Explain what is the expected result in text or as an example output: Test ok. [Regression] Is this issue a regression: (Y/N) Y 78b7468eacb7bde8c71e5c9f8f1449d148a36fb is the first bad commit commit 878b7468eacb7bde8c71e5c9f8f1449d148a36fb Author: Tyler Retzlaff Date: Wed Feb 8 13:26:33 2023 -0800 eal: add platform agnostic control thread API Add rte_thread_create_control API as a replacement for rte_ctrl_thread_create to allow deprecation of the use of platform specific types in DPDK public API. Signed-off-by: Tyler Retzlaff Acked-by: Morten Brørup Reviewed-by: Mattias Rönnblom app/test/test_threads.c | 26 ++++++++++++ lib/eal/common/eal_common_thread.c | 85 ++++++++++++++++++++++++++++++++++---- lib/eal/include/rte_thread.h | 33 +++++++++++++++ lib/eal/version.map | 1 + 4 files changed, 137 insertions, 8 deletions -- You are receiving this mail because: You are the assignee for the bug.