From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9A4A7A0C47; Tue, 5 Oct 2021 10:14:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 21A9D412A9; Tue, 5 Oct 2021 10:14:21 +0200 (CEST) Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178]) by mails.dpdk.org (Postfix) with ESMTP id 0371D4129A for ; Tue, 5 Oct 2021 10:14:19 +0200 (CEST) Received: by inbox.dpdk.org (Postfix, from userid 33) id CE6A5A0C4B; Tue, 5 Oct 2021 10:14:19 +0200 (CEST) From: bugzilla@dpdk.org To: dev@dpdk.org Date: Tue, 05 Oct 2021 08:14:19 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: core X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: david.marchand@redhat.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: anatoly.burakov@intel.com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 Subject: [dpdk-dev] [Bug 823] [asan] ipc: buffer overflow when running test-null.sh X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" https://bugs.dpdk.org/show_bug.cgi?id=3D823 Bug ID: 823 Summary: [asan] ipc: buffer overflow when running test-null.sh Product: DPDK Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: Normal Component: core Assignee: anatoly.burakov@intel.com Reporter: david.marchand@redhat.com CC: dev@dpdk.org Target Milestone: --- This issue was caught by ASAN. Reproduced on a fc34 (ignoring the build warning on lib/pipeline that alrea= dy has a fix): $ gcc --version gcc (GCC) 11.2.1 20210728 (Red Hat 11.2.1-1) $ rpm -q libasan libasan-11.2.1-1.fc34.x86_64 $ meson setup build-asan -Dbuildtype=3Ddebug -Db_sanitize=3Daddress $ ninja-build -C build-asan -j4 ninja: Entering directory `build-asan' [528/2988] Compiling C object lib/librte_pipeline.a.p/pipeline_rte_swx_pipeline.c.o ../lib/pipeline/rte_swx_pipeline.c: In function =E2=80=98instr_meter_transl= ate=E2=80=99: ../lib/pipeline/rte_swx_pipeline.c:4646:1: warning: control reaches end of non-void function [-Wreturn-type] 4646 | } | ^ ../lib/pipeline/rte_swx_pipeline.c: In function =E2=80=98instr_translate=E2= =80=99: ../lib/pipeline/rte_swx_pipeline.c:5941:1: warning: control reaches end of non-void function [-Wreturn-type] 5941 | } | ^ [2988/2988] Linking target app/test/dpdk-test $ ./devtools/test-null.sh ./build-asan ... =3D=3D2780092=3D=3DERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f83daafb480 at pc 0x7f83dff364fe bp 0x7f83daafb450 sp 0x7f83daafac00 WRITE of size 24 at 0x7f83daafb480 thread T16777215 #0 0x7f83dff364fd in __interceptor_sigaltstack.part.0 (/usr/lib64/libasan.so.6+0x524fd) #1 0x7f83dffae74d in __sanitizer::UnsetAlternateSignalStack() (/usr/lib64/libasan.so.6+0xca74d) #2 0x7f83dff9ef2c in __asan::AsanThread::Destroy() (/usr/lib64/libasan.so.6+0xbaf2c) #3 0x7f83df610450 in __nptl_deallocate_tsd.part.0 (/usr/lib64/libpthread.so.0+0x8450) #4 0x7f83df6112b9 in start_thread (/usr/lib64/libpthread.so.0+0x92b9) #5 0x7f83df539352 in clone (/usr/lib64/libc.so.6+0x100352) Address 0x7f83daafb480 is located in stack of thread T2 at offset 576 in fr= ame #0 0x10d9261 in mp_handle ../lib/eal/common/eal_common_proc.c:383 This frame has 2 object(s): [32, 142) 'sa' (line 385) [176, 540) 'msg' (line 384) <=3D=3D Memory access at offset 576 overflo= ws this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) Thread T2 created by T0 here: #0 0x7f83dff3a8d6 in pthread_create (/usr/lib64/libasan.so.6+0x568d6) #1 0x10bdba9 in rte_ctrl_thread_create ../lib/eal/common/eal_common_thread.c:228 #2 0x10da6cd in rte_mp_channel_init ../lib/eal/common/eal_common_proc.c= :625 #3 0x10f18e5 in rte_eal_init ../lib/eal/linux/eal.c:1058 #4 0x754792 in main ../app/test-pmd/testpmd.c:3880 #5 0x7f83df460b74 in __libc_start_main (/usr/lib64/libc.so.6+0x27b74) SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib64/libasan.so.6+0x524fd) in __interceptor_sigaltstack.part.0 Shadow bytes around the buggy address: 0x0ff0fb557640: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 0x0ff0fb557650: 00 00 00 00 00 00 00 00 00 06 f2 f2 f2 f2 00 00 0x0ff0fb557660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff0fb557670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff0fb557680: 00 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3 =3D>0x0ff0fb557690:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff0fb5576a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff0fb5576b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff0fb5576c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff0fb5576d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff0fb5576e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc =3D=3D2780092=3D=3DABORTING --=20 You are receiving this mail because: You are on the CC list for the bug.=