From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 40815A00C4;
	Wed,  9 Nov 2022 11:41:40 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 31E8640143;
	Wed,  9 Nov 2022 11:41:40 +0100 (CET)
Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178])
 by mails.dpdk.org (Postfix) with ESMTP id 731B4400EF
 for <dev@dpdk.org>; Wed,  9 Nov 2022 11:41:38 +0100 (CET)
Received: by inbox.dpdk.org (Postfix, from userid 33)
 id 67F2CA034C; Wed,  9 Nov 2022 11:41:38 +0100 (CET)
From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 1123] [dpdk-22.11][ASan Test] the stack-buffer-overflow was
 found when quit testpmd in Redhat9
Date: Wed, 09 Nov 2022 10:41:38 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: DPDK
X-Bugzilla-Component: testpmd
X-Bugzilla-Version: 22.11
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: zhiminx.huang@intel.com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: dev@dpdk.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 target_milestone
Message-ID: <bug-1123-3@http.bugs.dpdk.org/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

https://bugs.dpdk.org/show_bug.cgi?id=3D1123

            Bug ID: 1123
           Summary: [dpdk-22.11][ASan Test] the stack-buffer-overflow was
                    found when quit testpmd in Redhat9
           Product: DPDK
           Version: 22.11
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: testpmd
          Assignee: dev@dpdk.org
          Reporter: zhiminx.huang@intel.com
  Target Milestone: ---

Environment=EF=BC=9A
DPDK:DPDK22.11
HW:Intel(R) Xeon(R) Gold 6139 CPU @ 2.30GHz
OS:Red Hat Enterprise Linux release 9.0/5.14.0-70.13.1.el9_0.x86_64
gcc:gcc version 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
NIC:Intel Corporation Ethernet Controller E810-C for QSFP [8086:1592]
driver: ice
version: 1.10.1
firmware-version: 4.10 0x80014596 1.3295.0


TestStep:
1.
rm x86_64-native-linuxapp-gcc/ -rf
CC=3Dgcc meson -Denable_kmods=3DTrue -Dlibdir=3Dlib=C2=A0 -Dbuildtype=3Ddeb=
ug
-Db_lundef=3Dfalse -Db_sanitize=3Daddress --default-library=3Dstatic
x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc -j 70

2.
./usertools/dpdk-devbind.py -b vfio-pci 0000:0b:00.0

3.
 ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -- -i

4.
quit


Actual Result(Show the output from the previous commands)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D3933=3D=3DERROR: AddressSanitizer: stack-buffer-overflow on address
0x7f75435fb480 at pc 0x7f7547b88117 bp 0x7f75435fb450 sp 0x7f75435fabf8
WRITE of size 24 at 0x7f75435fb480 thread T16777215
=C2=A0 =C2=A0 #0 0x7f7547b88116 in __interceptor_sigaltstack.part.0
(/lib64/libasan.so.6+0x54116)
=C2=A0 =C2=A0 #1 0x7f7547c069e7 in __sanitizer::UnsetAlternateSignalStack()
(/lib64/libasan.so.6+0xd29e7)
=C2=A0 =C2=A0 #2 0x7f7547bf678c in __asan::AsanThread::Destroy()
(/lib64/libasan.so.6+0xc278c)
=C2=A0 =C2=A0 #3 0x7f754748f820 in __GI___nptl_deallocate_tsd (/lib64/libc.=
so.6+0xa1820)
=C2=A0 =C2=A0 #4 0x7f7547492595 in start_thread (/lib64/libc.so.6+0xa4595)
=C2=A0 =C2=A0 #5 0x7f75474323ef in clone3 (/lib64/libc.so.6+0x443ef)Address
0x7f75435fb480 is located in stack of thread T2 at offset 576 in frame
=C2=A0 =C2=A0 #0 0x129e3ba in mp_handle ../lib/eal/common/eal_common_proc.c=
:390=C2=A0 This
frame has 2 object(s):
=C2=A0 =C2=A0 [32, 142) 'sa' (line 392)
=C2=A0 =C2=A0 [176, 540) 'msg' (line 391) <=3D=3D Memory access at offset 5=
76 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
=C2=A0 =C2=A0 =C2=A0 (longjmp and C++ exceptions *are* supported)
Thread T2 created by T0 here:
=C2=A0 =C2=A0 #0 0x7f7547b8c7d5 in pthread_create (/lib64/libasan.so.6+0x58=
7d5)
=C2=A0 =C2=A0 #1 0x128126e in rte_ctrl_thread_create
../lib/eal/common/eal_common_thread.c:288
=C2=A0 =C2=A0 #2 0x129f844 in rte_mp_channel_init ../lib/eal/common/eal_com=
mon_proc.c:638
=C2=A0 =C2=A0 #3 0x12b99e6 in rte_eal_init ../lib/eal/linux/eal.c:1051
=C2=A0 =C2=A0 #4 0x7abde1 in main ../app/test-pmd/testpmd.c:4284
=C2=A0 =C2=A0 #5 0x7f7547432e4f in __libc_start_call_main
(/lib64/libc.so.6+0x44e4f)SUMMARY: AddressSanitizer: stack-buffer-overflow
(/lib64/libasan.so.6+0x54116) in __interceptor_sigaltstack.part.0
Shadow bytes around the buggy address:
=C2=A0 0x0fef286b7640: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
=C2=A0 0x0fef286b7650: 00 00 00 00 00 00 00 00 00 06 f2 f2 f2 f2 00 00
=C2=A0 0x0fef286b7660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=C2=A0 0x0fef286b7670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=C2=A0 0x0fef286b7680: 00 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3
=3D>0x0fef286b7690:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
=C2=A0 0x0fef286b76a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=C2=A0 0x0fef286b76b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=C2=A0 0x0fef286b76c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=C2=A0 0x0fef286b76d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=C2=A0 0x0fef286b76e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
=C2=A0 Addressable: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 00
=C2=A0 Partially addressable: 01 02 03 04 05 06 07
=C2=A0 Heap left redzone: =C2=A0 =C2=A0 =C2=A0 fa
=C2=A0 Freed heap region: =C2=A0 =C2=A0 =C2=A0 fd
=C2=A0 Stack left redzone: =C2=A0 =C2=A0 =C2=A0f1
=C2=A0 Stack mid redzone: =C2=A0 =C2=A0 =C2=A0 f2
=C2=A0 Stack right redzone: =C2=A0 =C2=A0 f3
=C2=A0 Stack after return: =C2=A0 =C2=A0 =C2=A0f5
=C2=A0 Stack use after scope: =C2=A0 f8
=C2=A0 Global redzone: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0f9
=C2=A0 Global init order: =C2=A0 =C2=A0 =C2=A0 f6
=C2=A0 Poisoned by user: =C2=A0 =C2=A0 =C2=A0 =C2=A0f7
=C2=A0 Container overflow: =C2=A0 =C2=A0 =C2=A0fc
=C2=A0 Array cookie: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ac
=C2=A0 Intra object redzone: =C2=A0 =C2=A0bb
=C2=A0 ASan internal: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 fe
=C2=A0 Left alloca redzone: =C2=A0 =C2=A0 ca
=C2=A0 Right alloca redzone: =C2=A0 =C2=A0cb
=C2=A0 Shadow gap: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0cc
=3D=3D3933=3D=3DABORTING
Architecture: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0x86_64
=C2=A0 CPU op-mode(s): =C2=A0 =C2=A0 =C2=A0 =C2=A032-bit, 64-bit
=C2=A0 Address sizes: =C2=A0 =C2=A0 =C2=A0 =C2=A0 45 bits physical, 48 bits=
 virtual
=C2=A0 Byte Order: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Little Endian
CPU(s): =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A016
=C2=A0 On-line CPU(s) list: =C2=A0 0-15
Vendor ID: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 GenuineIntel
=C2=A0 BIOS Vendor ID: =C2=A0 =C2=A0 =C2=A0 =C2=A0GenuineIntel
=C2=A0 Model name: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Intel(R) Xeon(R=
) Gold 6140M CPU @ 2.30GHz
=C2=A0 =C2=A0 BIOS Model name: =C2=A0 =C2=A0 Intel(R) Xeon(R) Gold 6140M CP=
U @ 2.30GHz
=C2=A0 =C2=A0 CPU family: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A06
=C2=A0 =C2=A0 Model: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 85
=C2=A0 =C2=A0 Thread(s) per core: =C2=A01
=C2=A0 =C2=A0 Core(s) per socket: =C2=A01
=C2=A0 =C2=A0 Socket(s): =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 16
=C2=A0 =C2=A0 Stepping: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A04
=C2=A0 =C2=A0 BogoMIPS: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A04589.21
=C2=A0 =C2=A0 Flags: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 fpu v=
me de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1g
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0b rdtscp lm constant_tsc arch_perfmon nopl xtopology
tsc_reliable nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt
tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0dnowprefetch cpuid_fault invpcid_single pti ssbd ibrs
ibpb stibp fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid avx51
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A02f avx512dq rdseed adx smap clflushopt clwb avx512cd
avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves arat pku ospke m
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0d_clear flush_l1d arch_capabilities
Virtualization features:
=C2=A0 Hypervisor vendor: =C2=A0 =C2=A0 VMware
=C2=A0 Virtualization type: =C2=A0 full
Caches (sum of all):
=C2=A0 L1d: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
512 KiB (16 instances)
=C2=A0 L1i: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
512 KiB (16 instances)
=C2=A0 L2: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A016 MiB (16 instances)
=C2=A0 L3: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0396 MiB (16 instances)
NUMA:
=C2=A0 NUMA node(s): =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01
=C2=A0 NUMA node0 CPU(s): =C2=A0 =C2=A0 0-15
Vulnerabilities:
=C2=A0 Itlb multihit: =C2=A0 =C2=A0 =C2=A0 =C2=A0 KVM: Mitigation: VMX unsu=
pported
=C2=A0 L1tf: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
Mitigation; PTE Inversion
=C2=A0 Mds: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
Mitigation; Clear CPU buffers; SMT Host state unknown
=C2=A0 Meltdown: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Mitigation=
; PTI
=C2=A0 Spec store bypass: =C2=A0 =C2=A0 Mitigation; Speculative Store Bypas=
s disabled via
prctl
=C2=A0 Spectre v1: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Mitigation; use=
rcopy/swapgs barriers and __user
pointer sanitization
=C2=A0 Spectre v2: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Mitigation; Ret=
polines, IBPB conditional, IBRS_FW,
STIBP disabled, RSB filling
=C2=A0 Srbds: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Not a=
ffected
=C2=A0 Tsx async abort: =C2=A0 =C2=A0 =C2=A0 Not affected



Expected Result

Explain what is the expected result in text or as an example output:
no ASan error

--=20
You are receiving this mail because:
You are the assignee for the bug.=