From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
by inbox.dpdk.org (Postfix) with ESMTP id 1B797A050C;
Wed, 13 Apr 2022 17:23:51 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
by mails.dpdk.org (Postfix) with ESMTP id 0ABB8410E7;
Wed, 13 Apr 2022 17:23:51 +0200 (CEST)
Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178])
by mails.dpdk.org (Postfix) with ESMTP id 55A44410DD
for <dev@dpdk.org>; Wed, 13 Apr 2022 17:23:49 +0200 (CEST)
Received: by inbox.dpdk.org (Postfix, from userid 33)
id 41CC3A050D; Wed, 13 Apr 2022 17:23:49 +0200 (CEST)
From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 994] [asan] mem: cannot reuse released memory segment
Date: Wed, 13 Apr 2022 15:23:49 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: DPDK
X-Bugzilla-Component: core
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords:
X-Bugzilla-Severity: major
X-Bugzilla-Who: david.marchand@redhat.com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution:
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: dev@dpdk.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
op_sys bug_status bug_severity priority component assigned_to reporter
target_milestone
Message-ID: <bug-994-3@http.bugs.dpdk.org/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
https://bugs.dpdk.org/show_bug.cgi?id=3D994
Bug ID: 994
Summary: [asan] mem: cannot reuse released memory segment
Product: DPDK
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: major
Priority: Normal
Component: core
Assignee: dev@dpdk.org
Reporter: david.marchand@redhat.com
Target Milestone: ---
This is something I have seen in GHA, where 2M hugepages are used.
acl_autotest fails with:
ACL: allocation of 25166736 bytes on socket 33 for ACL_acl_ctx failed
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D318=3D=3DERROR: AddressSanitizer: heap-use-after-free on address 0x7f=
910f800000
at pc 0x7f95216ed407 bp 0x7ffd5e917f50 sp 0x7ffd5e917f48
READ of size 4 at 0x7f910f800000 thread T0
#0 0x7f95216ed406 in alloc_seg
/home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:644:26
#1 0x7f95216e9a99 in alloc_seg_walk
/home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:897:7
#2 0x7f952168b3ff in rte_memseg_list_walk_thread_unsafe
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/eal_common_memory.c:769=
:9
#3 0x7f95216e9476 in eal_memalloc_alloc_seg_bulk
/home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:1062:8
#4 0x7f95216a3776 in alloc_pages_on_heap
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:315:17
#5 0x7f95216a915c in try_expand_heap_primary
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:415:9
#6 0x7f95216a915c in try_expand_heap
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:506:9
#7 0x7f95216a545f in alloc_more_mem_on_socket
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:634:8
#8 0x7f95216a545f in malloc_heap_alloc_on_heap_id
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:690:7
#9 0x7f95216a406e in malloc_heap_alloc
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:748:8
#10 0x7f95216a9936 in malloc_socket
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/rte_malloc.c:72:8
#11 0x7f95216a9de3 in rte_malloc_socket
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/rte_malloc.c:87:9
#12 0x7f95216a9de3 in rte_zmalloc_socket
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/rte_malloc.c:111:14
#13 0x7f951f92821d in rte_acl_create
/home/runner/work/dpdk/dpdk/build/../lib/acl/rte_acl.c:407:9
#14 0x5191cb in test_invalid_parameters
/home/runner/work/dpdk/dpdk/build/../app/test/test_acl.c:1499:8
#15 0x5191cb in test_acl
/home/runner/work/dpdk/dpdk/build/../app/test/test_acl.c:1732:6
#16 0x4d7a10 in cmd_autotest_parsed
/home/runner/work/dpdk/dpdk/build/../app/test/commands.c:68:10
#17 0x7f952019c5c8 in cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:287:3
#18 0x7f9520199467 in cmdline_valid_buffer
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:24:8
#19 0x7f95201a17aa in rdline_char_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:444:5
#20 0x7f952019982c in cmdline_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:146:9
#21 0x5170f1 in main
/home/runner/work/dpdk/dpdk/build/../app/test/test.c:217:8
#22 0x7f95173ddc86 in __libc_start_main
/build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310
#23 0x430369 in _start
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x430369)
Address 0x7f910f800000 is a wild pointer.
SUMMARY: AddressSanitizer: heap-use-after-free
/home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:644:26 in
alloc_seg
Shadow bytes around the buggy address:
0x0ff2a1ef7fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef7fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef7fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef7fe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef7ff0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=3D>0x0ff2a1ef8000:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef8010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef8020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef8030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef8040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff2a1ef8050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07=20
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
=3D=3D318=3D=3DABORTING
I think this is because a memory segment (used for heap) address range is
poisoned in ASan shadow after heap is shrunk.
The problem goes away with:
diff --git a/lib/eal/linux/eal_memalloc.c b/lib/eal/linux/eal_memalloc.c
index f8b1588cae..c387ef1d4e 100644
--- a/lib/eal/linux/eal_memalloc.c
+++ b/lib/eal/linux/eal_memalloc.c
@@ -37,6 +37,7 @@
#include "eal_memalloc.h"
#include "eal_memcfg.h"
#include "eal_private.h"
+#include "malloc_elem.h"
const int anonymous_hugepages_supported =3D
#ifdef MAP_HUGE_SHIFT
@@ -641,6 +642,7 @@ alloc_seg(struct rte_memseg *ms, void *addr, int socket=
_id,
* that is already there, so read the old value, and write itback.
* kernel populates the page with zeroes initially.
*/
+ asan_set_zone(addr, sizeof(int), 0x0);
*(volatile int *)addr =3D *(volatile int *)addr;
iova =3D rte_mem_virt2iova(addr);
--=20
You are receiving this mail because:
You are the assignee for the bug.=