DPDK patches and discussions
 help / color / mirror / Atom feed
* [Bug 1184] [dpdk-23.03] [asan]asan_smoke/rxtx_with_ASan_enable : launch testpmd as global-buffer-overflow error.
@ 2023-03-15  6:54 bugzilla
  2023-03-21  2:05 ` bugzilla
  0 siblings, 1 reply; 2+ messages in thread
From: bugzilla @ 2023-03-15  6:54 UTC (permalink / raw)
  To: dev

[-- Attachment #1: Type: text/plain, Size: 6870 bytes --]

https://bugs.dpdk.org/show_bug.cgi?id=1184

            Bug ID: 1184
           Summary: [dpdk-23.03] [asan]asan_smoke/rxtx_with_ASan_enable :
                    launch testpmd as global-buffer-overflow error.
           Product: DPDK
           Version: 23.03
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: meson
          Assignee: dev@dpdk.org
          Reporter: dukaix.yuan@intel.com
  Target Milestone: ---

[Environment]
DPDK version: 
dpdk 23.03 baf13c3135d0c59
Other software versions: N/A.
OS: Ubuntu20.04.5/5.15.0-57-generic
Compiler: clang version 10.0.0-4ubuntu1
Hardware platform: Intel(R) Xeon(R) Platinum 8280M CPU @ 2.70GHz
NIC hardware: I40E_10G-10G_BASE_T_X722
NIC driver: i40e-2.22.8
NIC firmware: 6.20 0x80003d3e 1.2935.0

[Test Setup]
Steps to reproduce
1. Use the following command to bind 1 NIC port to DPDK driver:

dpdk-devbind.py -b vfio-pci 3d:00.0

2. Use the following command to build DPDK with clang compiler: 

rm -rf x86_64-native-linuxapp-clang 
CC=clang meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug
-Db_lundef=false -  Db_sanitize=address --default-library=static
x86_64-native-linuxapp-clang
ninja -C x86_64-native-linuxapp-clang

3. Execute the following command in the dpdk directory:

x86_64-native-linuxapp-clang/app/dpdk-testpmd -l 1-5 -n 4 -a 0000:3d:00.0 -- -i

[Show the output from the previous commands.]

=================================================================
==1284426==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000014e26808 at pc 0x000001734724 bp 0x7ffce1ebb6a0 sp 0x7ffce1ebb698
READ of size 8 at 0x000014e26808 thread T0
    #0 0x1734723 in rte_eth_trace_iterator_next
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:98:1
    #1 0x193b346 in __rte_trace_point_register
/root/dpdk/x86_64-native-linuxapp-clang/../lib/eal/common/eal_common_trace.c:477:2
    #2 0x1734660 in rte_eth_trace_iterator_next_init
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace_points.c:43:1
    #3 0x13e14e1c in __libc_csu_init
(/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-testpmd+0x13e14e1c)
    #4 0x7f801250100f in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:264:6
    #5 0x5be51d in _start
(/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-testpmd+0x5be51d)0x000014e26808
is located 56 bytes to the left of global variable
'__rte_eth_trace_iterator_cleanup' defined in
'../lib/ethdev/ethdev_trace_points.c:46:1' (0x14e26840) of size 8
0x000014e26808 is located 0 bytes to the right of global variable
'__rte_eth_trace_iterator_next' defined in
'../lib/ethdev/ethdev_trace_points.c:43:1' (0x14e26800) of size 8
SUMMARY: AddressSanitizer: global-buffer-overflow
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:98:1 in
rte_eth_trace_iterator_next
Shadow bytes around the buggy address:
  0x0000829bccb0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bccc0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bccd0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bcce0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bccf0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
=>0x0000829bcd00: 00[f9]f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bcd10: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bcd20: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bcd30: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bcd40: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0000829bcd50: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==1284426==ABORTING

[Expected Result]

Explain what is the expected result in text or as an example output:

EAL: Detected CPU lcores: 112
EAL: Detected NUMA nodes: 2
EAL: Detected static linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/dpdk_2883_20230315110521/mp_socket
EAL: Selected IOVA mode 'VA'
EAL: VFIO support initialized
EAL: Using IOMMU type 1 (Type 1)
EAL: Probe PCI driver: net_i40e (8086:1583) device: 0000:b1:00.0 (socket 1)
Interactive-mode selected
testpmd: create a new mbuf pool <mb_pool_0>: n=179456, size=2176, socket=0
testpmd: preferred mempool ops selected: ring_mp_mc
testpmd: create a new mbuf pool <mb_pool_1>: n=179456, size=2176, socket=1
testpmd: preferred mempool ops selected: ring_mp_mcWarning!
port-topology=paired and odd forward ports number, the last port will pair with
itself.Configuring Port 0 (socket 1)
Port 0: 3C:FD:FE:C8:19:28
Checking link statuses...
Done
testpmd>

[Regression]
Is this issue a regression: (Y/N) Y

Version the regression was introduced: Specify git id if known.

6679cf21d6083710bef2e5a4e4a7b42eee5be3aa is the first bad commit
commit 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa
Author: Ankur Dwivedi <adwivedi@marvell.com>
Date:   Wed Feb 8 22:42:11 2023 +0530

    ethdev: add trace points

    Adds trace points for ethdev functions.

    The rte_ethdev_trace.h is removed. The file ethdev_trace.h is added as
    an internal header. ethdev_trace.h contains internal slow path and
    fast path tracepoints. The public fast path tracepoints are present in
    rte_ethdev_trace_fp.h header.

    Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
    Acked-by: Sunil Kumar Kori <skori@marvell.com>
    Reviewed-by: Ferruh Yigit <ferruh.yigit@amd.com>

 lib/ethdev/ethdev_private.c      |    7 +
 lib/ethdev/ethdev_trace.h        | 1512 ++++++++++++++++++++++++++++++++++++++
 lib/ethdev/ethdev_trace_points.c |  447 ++++++++++-
 lib/ethdev/meson.build           |    2 +-
 lib/ethdev/rte_ethdev.c          |  872 ++++++++++++++++++----
 lib/ethdev/rte_ethdev_cman.c     |   29 +-
 lib/ethdev/rte_ethdev_trace.h    |   95 —
 lib/ethdev/rte_ethdev_trace_fp.h |   36 +
 8 files changed, 2761 insertions, 239 deletions
 create mode 100644 lib/ethdev/ethdev_trace.h
 delete mode 100644 lib/ethdev/rte_ethdev_trace.h

-- 
You are receiving this mail because:
You are the assignee for the bug.

[-- Attachment #2: Type: text/html, Size: 9021 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-03-21  2:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-15  6:54 [Bug 1184] [dpdk-23.03] [asan]asan_smoke/rxtx_with_ASan_enable : launch testpmd as global-buffer-overflow error bugzilla
2023-03-21  2:05 ` bugzilla

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).