From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1B797A050C; Wed, 13 Apr 2022 17:23:51 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0ABB8410E7; Wed, 13 Apr 2022 17:23:51 +0200 (CEST) Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178]) by mails.dpdk.org (Postfix) with ESMTP id 55A44410DD for ; Wed, 13 Apr 2022 17:23:49 +0200 (CEST) Received: by inbox.dpdk.org (Postfix, from userid 33) id 41CC3A050D; Wed, 13 Apr 2022 17:23:49 +0200 (CEST) From: bugzilla@dpdk.org To: dev@dpdk.org Subject: [Bug 994] [asan] mem: cannot reuse released memory segment Date: Wed, 13 Apr 2022 15:23:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: core X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: david.marchand@redhat.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org https://bugs.dpdk.org/show_bug.cgi?id=3D994 Bug ID: 994 Summary: [asan] mem: cannot reuse released memory segment Product: DPDK Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: major Priority: Normal Component: core Assignee: dev@dpdk.org Reporter: david.marchand@redhat.com Target Milestone: --- This is something I have seen in GHA, where 2M hugepages are used. acl_autotest fails with: ACL: allocation of 25166736 bytes on socket 33 for ACL_acl_ctx failed =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D318=3D=3DERROR: AddressSanitizer: heap-use-after-free on address 0x7f= 910f800000 at pc 0x7f95216ed407 bp 0x7ffd5e917f50 sp 0x7ffd5e917f48 READ of size 4 at 0x7f910f800000 thread T0 #0 0x7f95216ed406 in alloc_seg /home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:644:26 #1 0x7f95216e9a99 in alloc_seg_walk /home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:897:7 #2 0x7f952168b3ff in rte_memseg_list_walk_thread_unsafe /home/runner/work/dpdk/dpdk/build/../lib/eal/common/eal_common_memory.c:769= :9 #3 0x7f95216e9476 in eal_memalloc_alloc_seg_bulk /home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:1062:8 #4 0x7f95216a3776 in alloc_pages_on_heap /home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:315:17 #5 0x7f95216a915c in try_expand_heap_primary /home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:415:9 #6 0x7f95216a915c in try_expand_heap /home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:506:9 #7 0x7f95216a545f in alloc_more_mem_on_socket /home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:634:8 #8 0x7f95216a545f in malloc_heap_alloc_on_heap_id /home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:690:7 #9 0x7f95216a406e in malloc_heap_alloc /home/runner/work/dpdk/dpdk/build/../lib/eal/common/malloc_heap.c:748:8 #10 0x7f95216a9936 in malloc_socket /home/runner/work/dpdk/dpdk/build/../lib/eal/common/rte_malloc.c:72:8 #11 0x7f95216a9de3 in rte_malloc_socket /home/runner/work/dpdk/dpdk/build/../lib/eal/common/rte_malloc.c:87:9 #12 0x7f95216a9de3 in rte_zmalloc_socket /home/runner/work/dpdk/dpdk/build/../lib/eal/common/rte_malloc.c:111:14 #13 0x7f951f92821d in rte_acl_create /home/runner/work/dpdk/dpdk/build/../lib/acl/rte_acl.c:407:9 #14 0x5191cb in test_invalid_parameters /home/runner/work/dpdk/dpdk/build/../app/test/test_acl.c:1499:8 #15 0x5191cb in test_acl /home/runner/work/dpdk/dpdk/build/../app/test/test_acl.c:1732:6 #16 0x4d7a10 in cmd_autotest_parsed /home/runner/work/dpdk/dpdk/build/../app/test/commands.c:68:10 #17 0x7f952019c5c8 in cmdline_parse /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:287:3 #18 0x7f9520199467 in cmdline_valid_buffer /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:24:8 #19 0x7f95201a17aa in rdline_char_in /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:444:5 #20 0x7f952019982c in cmdline_in /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:146:9 #21 0x5170f1 in main /home/runner/work/dpdk/dpdk/build/../app/test/test.c:217:8 #22 0x7f95173ddc86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310 #23 0x430369 in _start (/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x430369) Address 0x7f910f800000 is a wild pointer. SUMMARY: AddressSanitizer: heap-use-after-free /home/runner/work/dpdk/dpdk/build/../lib/eal/linux/eal_memalloc.c:644:26 in alloc_seg Shadow bytes around the buggy address: 0x0ff2a1ef7fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef7fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef7fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef7fe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef7ff0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =3D>0x0ff2a1ef8000:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef8010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef8020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef8030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef8040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0ff2a1ef8050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc =3D=3D318=3D=3DABORTING I think this is because a memory segment (used for heap) address range is poisoned in ASan shadow after heap is shrunk. The problem goes away with: diff --git a/lib/eal/linux/eal_memalloc.c b/lib/eal/linux/eal_memalloc.c index f8b1588cae..c387ef1d4e 100644 --- a/lib/eal/linux/eal_memalloc.c +++ b/lib/eal/linux/eal_memalloc.c @@ -37,6 +37,7 @@ #include "eal_memalloc.h" #include "eal_memcfg.h" #include "eal_private.h" +#include "malloc_elem.h" const int anonymous_hugepages_supported =3D #ifdef MAP_HUGE_SHIFT @@ -641,6 +642,7 @@ alloc_seg(struct rte_memseg *ms, void *addr, int socket= _id, * that is already there, so read the old value, and write itback. * kernel populates the page with zeroes initially. */ + asan_set_zone(addr, sizeof(int), 0x0); *(volatile int *)addr =3D *(volatile int *)addr; iova =3D rte_mem_virt2iova(addr); --=20 You are receiving this mail because: You are the assignee for the bug.=