All of lore.kernel.org
 help / color / mirror / Atom feed
From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [dpdk-dev] [Bug 868] [asan] thash: use after free in thash_autotest
Date: Fri, 29 Oct 2021 12:15:28 +0000	[thread overview]
Message-ID: <bug-868-3@http.bugs.dpdk.org/> (raw)

https://bugs.dpdk.org/show_bug.cgi?id=868

            Bug ID: 868
           Summary: [asan] thash: use after free in thash_autotest
           Product: DPDK
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: other
          Assignee: dev@dpdk.org
          Reporter: david.marchand@redhat.com
  Target Milestone: ---

Using series https://patchwork.dpdk.org/project/dpdk/list/?series=19821,
calling thash_autotest shows:

88/97 DPDK:fast-tests / thash_autotest        FAIL     0.87 s (exit status 1)

--- command ---
DPDK_TEST='thash_autotest' /home/runner/work/dpdk/dpdk/build/app/test/dpdk-test
--file-prefix=thash_autotest
--- stdout ---
RTE>>thash_autotest
--- stderr ---
EAL: Detected CPU lcores: 2
EAL: Detected NUMA nodes: 1
EAL: Detected shared linkage of DPDK
EAL: WARNING! Base virtual address hint (0x100005000 != 0x7f997d147000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: Multi-process socket /var/run/dpdk/thash_autotest/mp_socket
EAL: Selected IOVA mode 'PA'
EAL: No available 1048576 kB hugepages reported
EAL: VFIO support initialized
EAL: WARNING! Base virtual address hint (0x10000b000 != 0x7f996cf3a000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x100011000 != 0x7f996cd9f000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x100a12000 != 0x7f956b200000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x100c17000 != 0x7f996cd3e000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x101618000 != 0x7f916b000000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x10181d000 != 0x7f996cb9f000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x10221e000 != 0x7f8d6ae00000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x102423000 != 0x7f996cb3e000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
EAL: WARNING! Base virtual address hint (0x102e24000 != 0x7f896ac00000) not
respected!
EAL:    This may cause issues with mapping memory into secondary processes
APP: HPET is not enabled, using TSC as default timer
=================================================================
==27442==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f956b268000
at pc 0x00000044eabf bp 0x7fff53190980 sp 0x7fff53190108
READ of size 1 at 0x7f956b268000 thread T0
    #0 0x44eabe in printf_common(void*, char const*, __va_list_tag*)
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x44eabe)
    #1 0x7f997becc20b in rte_vlog
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/eal_common_log.c:503:8
    #2 0x7f997becc20b in rte_log
/home/runner/work/dpdk/dpdk/build/../lib/eal/common/eal_common_log.c:520:8
    #3 0x7f9978f1cdf0 in insert_after
/home/runner/work/dpdk/dpdk/build/../lib/hash/rte_thash.c:469:3
    #4 0x7f9978f1cdf0 in rte_thash_add_helper
/home/runner/work/dpdk/dpdk/build/../lib/hash/rte_thash.c:552:11
    #5 0xe3b238 in test_add_invalid_helper
/home/runner/work/dpdk/dpdk/build/../app/test/test_thash.c:253:8
    #6 0x517294 in unit_test_suite_runner
/home/runner/work/dpdk/dpdk/build/../app/test/test.c:345:20
    #7 0x4d7600 in cmd_autotest_parsed
/home/runner/work/dpdk/dpdk/build/../app/test/commands.c:71:10
    #8 0x7f9979bc05c8 in cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:290:3
    #9 0x7f9979bbd467 in cmdline_valid_buffer
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:26:8
    #10 0x7f9979bc57aa in rdline_char_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:446:5
    #11 0x7f9979bbd82c in cmdline_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:148:9
    #12 0x516ce1 in main
/home/runner/work/dpdk/dpdk/build/../app/test/test.c:214:8
    #13 0x7f99730edbf6 in __libc_start_main
/build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
    #14 0x42ff59 in _start
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x42ff59)

Address 0x7f956b268000 is a wild pointer.
SUMMARY: AddressSanitizer: heap-use-after-free
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x44eabe) in
printf_common(void*, char const*, __va_list_tag*)
Shadow bytes around the buggy address:
  0x0ff32d644fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32d644fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32d644fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32d644fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32d644ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff32d645000:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff32d645010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff32d645020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff32d645030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff32d645040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff32d645050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==27442==ABORTING
-------

-- 
You are receiving this mail because:
You are the assignee for the bug.

                 reply	other threads:[~2021-10-29 12:15 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-868-3@http.bugs.dpdk.org/ \
    --to=bugzilla@dpdk.org \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.