* [Bug 1166] [dpdk-23.03][asan]suite/name: AddressSanitizer: stack-buffer-overflow error when quit testpmd
@ 2023-02-24 5:35 bugzilla
2023-03-01 7:49 ` [Bug 1166] [dpdk-23.03][asan]vf_smoke/vf_tx_rx_queue: " bugzilla
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla @ 2023-02-24 5:35 UTC (permalink / raw)
To: dev
[-- Attachment #1: Type: text/plain, Size: 6832 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1166
Bug ID: 1166
Summary: [dpdk-23.03][asan]suite/name: AddressSanitizer:
stack-buffer-overflow error when quit testpmd
Product: DPDK
Version: 23.03
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: testpmd
Assignee: dev@dpdk.org
Reporter: weiyuanx.li@intel.com
Target Milestone: ---
[Environment]
Fill in all the following as completely as possible. Use "Unknown" or "N/A" if
required. Use {{braces}} to create fixed width text like this: braces.
DPDK version: Use make showversion or for a non-released version: git remote -v
&& git show-ref --heads
dpdk-23.03 7710b5d15a014872a3aaf646668dafa928ca8473
Other software versions: name/version for QEMU, OVS, etc. Repeat as required.
OS: Ubuntu 22.04.1 LTS/5.15.0-57-generic
Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b
NIC firmware: driver: i40e
version: 5.15.0-57-generic
firmware-version: 9.20 0x8000d89c 1.3353.0
[Test Setup]
Steps to reproduce
List the steps to reproduce the issue.
1. CC=gcc meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug
-Db_lundef=false -Db_sanitize=address --default-library=static
x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc -j 70
2. echo 2 > /sys/bus/pci/devices/0000\:05\:00.0/sriov_numvfs
3. x86_64-native-linuxapp-gcc/app/dpdk-testpmd -l 1-4 -n 4 -a 0000:05:02.0
--file-prefix=dpdk_831_20230224110213 -- -i --rxq=4 --txq=4
4. quit
[Show the output from the previous commands.]
==725284==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffff2dfb480 at pc 0x7ffff7618fc7 bp 0x7ffff2dfb450 sp 0x7ffff2dfabf8
WRITE of size 24 at 0x7ffff2dfb480 thread T16777215
dut.10.239.252.247: kill_all: called by dut and prefix list has
value.
dts:
TEST SUITE ENDED: TestVfSmoke
dut.10.239.252.247: kill_all: called by dut and has no prefix list.
dut.10.239.252.247: ls
dut.10.239.252.247: Buffered info: 0 0x7ffff7618fc6 in
__interceptor_sigaltstack
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9986
#1 0x7ffff7697867 in __sanitizer::UnsetAlternateSignalStack()
../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:195
#2 0x7ffff768760c in __asan::AsanThread::Destroy()
../../../../src/libsanitizer/asan/asan_thread.cpp:104
#3 0x7ffff6e68710 in __GI___nptl_deallocate_tsd
nptl/nptl_deallocate_tsd.c:73
#4 0x7ffff6e68710 in __GI___nptl_deallocate_tsd
nptl/nptl_deallocate_tsd.c:22
#5 0x7ffff6e6b9c9 in start_thread nptl/pthread_create.c:453
#6 0x7ffff6efd9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)Address
0x7ffff2dfb480 is located in stack of thread T2 at offset 576 in frame
#0 0x55555701afbc in mp_handle ../lib/eal/common/eal_common_proc.c:390
This frame has 2 object(s):
[32, 142) 'sa' (line 392)
[176, 540) 'msg' (line 391) <== Memory access at offset 576 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Thread T2 created by T0 here:
#0 0x7ffff761d685 in __interceptor_pthread_create
../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x555556ffd26c in rte_ctrl_thread_create
../lib/eal/common/eal_common_thread.c:308
#2 0x55555701c559 in rte_mp_channel_init
../lib/eal/common/eal_common_proc.c:638
#3 0x555557037738 in rte_eal_init ../lib/eal/linux/eal.c:1057
#4 0x5555564cabc9 in main ../app/test-pmd/testpmd.c:4383
#5 0x7ffff6e00d8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58SUMMARY: AddressSanitizer:
stack-buffer-overflow
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9986
in __interceptor_sigaltstack
Shadow bytes around the buggy address:
0x10007e5b7640: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
0x10007e5b7650: 00 00 00 00 00 00 00 00 00 06 f2 f2 f2 f2 00 00
0x10007e5b7660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b7670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b7680: 00 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3
=>0x10007e5b7690:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e5b76e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==725284==ABORTING
[PEXPECT]#
[Expected Result]
Explain what is the expected result in text or as an example output:
Test ok.
[Regression]
Is this issue a regression: (Y/N) Y
78b7468eacb7bde8c71e5c9f8f1449d148a36fb is the first bad commit
commit 878b7468eacb7bde8c71e5c9f8f1449d148a36fb
Author: Tyler Retzlaff <roretzla@linux.microsoft.com>
Date: Wed Feb 8 13:26:33 2023 -0800
eal: add platform agnostic control thread API
Add rte_thread_create_control API as a replacement for
rte_ctrl_thread_create to allow deprecation of the use of platform
specific types in DPDK public API.
Signed-off-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Mattias Rönnblom <mattias.ronnblom@ericsson.com>
app/test/test_threads.c | 26 ++++++++++++
lib/eal/common/eal_common_thread.c | 85 ++++++++++++++++++++++++++++++++++----
lib/eal/include/rte_thread.h | 33 +++++++++++++++
lib/eal/version.map | 1 +
4 files changed, 137 insertions, 8 deletions
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 9026 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug 1166] [dpdk-23.03][asan]vf_smoke/vf_tx_rx_queue: AddressSanitizer: stack-buffer-overflow error when quit testpmd
2023-02-24 5:35 [Bug 1166] [dpdk-23.03][asan]suite/name: AddressSanitizer: stack-buffer-overflow error when quit testpmd bugzilla
@ 2023-03-01 7:49 ` bugzilla
0 siblings, 0 replies; 2+ messages in thread
From: bugzilla @ 2023-03-01 7:49 UTC (permalink / raw)
To: dev
[-- Attachment #1: Type: text/plain, Size: 737 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1166
David Marchand (david.marchand@redhat.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |david.marchand@redhat.com
Resolution|--- |DUPLICATE
--- Comment #2 from David Marchand (david.marchand@redhat.com) ---
This is a duplicate of bz 1123.
Tyler patch is unrelated, please double check your bisection.
*** This bug has been marked as a duplicate of bug 1123 ***
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 3264 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-01 7:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-24 5:35 [Bug 1166] [dpdk-23.03][asan]suite/name: AddressSanitizer: stack-buffer-overflow error when quit testpmd bugzilla
2023-03-01 7:49 ` [Bug 1166] [dpdk-23.03][asan]vf_smoke/vf_tx_rx_queue: " bugzilla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).