[dpdk-dev] [Bug 867] [asan] mbuf: use-after-free in mbuf_autotest
bugzilla at dpdk.org
bugzilla at dpdk.org
Fri Oct 29 13:51:29 CEST 2021
https://bugs.dpdk.org/show_bug.cgi?id=867
Bug ID: 867
Summary: [asan] mbuf: use-after-free in mbuf_autotest
Product: DPDK
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: core
Assignee: dev at dpdk.org
Reporter: david.marchand at redhat.com
Target Milestone: ---
Using series https://patchwork.dpdk.org/project/dpdk/list/?series=19821,
calling mbuf_autotest shows:
41/97 DPDK:fast-tests / mbuf_autotest FAIL 1.07 s (exit status 1)
--- command ---
DPDK_TEST='mbuf_autotest' /home/runner/work/dpdk/dpdk/build/app/test/dpdk-test
--file-prefix=mbuf_autotest
--- stdout ---
RTE>>mbuf_autotest
Test mbuf dynamic fields and flags
Reserved fields:
Reserved flags:
Free space in mbuf (0 = occupied, value = free zone alignment):
0000: 00 00 00 00 00 00 00 00
0008: 00 00 00 00 00 00 00 00
0010: 00 00 00 00 00 00 00 00
...
PANIC in rte_mbuf_sanity_check():
bad ref cnt
15: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x42ff5a]]
14: [/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7f94e0223bf7]]
13: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x516ce2]]
12:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(cmdline_in+0x9d)
[0x7f94e6cf382d]]
11:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(rdline_char_in+0xf2b)
[0x7f94e6cfb7ab]]
10:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(+0x5468)
[0x7f94e6cf3468]]
9:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(cmdline_parse+0x3c9)
[0x7f94e6cf65c9]]
8: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x4d7601]]
7: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x9b2841]]
6: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x9bfe72]]
5: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x9c7432]]
4:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_mbuf.so.22(rte_mbuf_sanity_check+0x269)
[0x7f94e7b84089]]
3:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_eal.so.22(__rte_panic+0x13d)
[0x7f94e8fefd0d]]
2:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_eal.so.22(rte_dump_stack+0xcd)
[0x7f94e9059b7d]]
1: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test(backtrace+0x5b)
[0x46728b]]
PANIC in rte_mbuf_sanity_check():
bad ref cnt
15: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x42ff5a]]
14: [/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7f94e0223bf7]]
13: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x516ce2]]
12:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(cmdline_in+0x9d)
[0x7f94e6cf382d]]
11:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(rdline_char_in+0xf2b)
[0x7f94e6cfb7ab]]
10:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(+0x5468)
[0x7f94e6cf3468]]
9:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_cmdline.so.22(cmdline_parse+0x3c9)
[0x7f94e6cf65c9]]
8: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x4d7601]]
7: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x9b2841]]
6: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x9bff47]]
5: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test() [0x9c7432]]
4:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_mbuf.so.22(rte_mbuf_sanity_check+0x269)
[0x7f94e7b84089]]
3:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_eal.so.22(__rte_panic+0x13d)
[0x7f94e8fefd0d]]
2:
[/home/runner/work/dpdk/dpdk/build/app/test/../../lib/librte_eal.so.22(rte_dump_stack+0xcd)
[0x7f94e9059b7d]]
1: [/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test(backtrace+0x5b)
[0x46728b]]
=================================================================
==26477==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f90d842a9d0
at pc 0x0000009b89a8 bp 0x7ffc2cfe8b50 sp 0x7ffc2cfe8b48
READ of size 2 at 0x7f90d842a9d0 thread T0
#0 0x9b89a7 in rte_mbuf_ext_refcnt_read
/home/runner/work/dpdk/dpdk/build/../lib/mbuf/rte_mbuf.h:431:9
#1 0x9b89a7 in test_pktmbuf_ext_shinfo_init_helper
/home/runner/work/dpdk/dpdk/build/../app/test/test_mbuf.c:2409:6
#2 0x9b89a7 in test_mbuf
/home/runner/work/dpdk/dpdk/build/../app/test/test_mbuf.c:2950:6
#3 0x4d7600 in cmd_autotest_parsed
/home/runner/work/dpdk/dpdk/build/../app/test/commands.c:71:10
#4 0x7f94e6cf65c8 in cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:290:3
#5 0x7f94e6cf3467 in cmdline_valid_buffer
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:26:8
#6 0x7f94e6cfb7aa in rdline_char_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:446:5
#7 0x7f94e6cf382c in cmdline_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:148:9
#8 0x516ce1 in main
/home/runner/work/dpdk/dpdk/build/../app/test/test.c:214:8
#9 0x7f94e0223bf6 in __libc_start_main
/build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
#10 0x42ff59 in _start
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x42ff59)
Address 0x7f90d842a9d0 is a wild pointer.
SUMMARY: AddressSanitizer: heap-use-after-free
/home/runner/work/dpdk/dpdk/build/../lib/mbuf/rte_mbuf.h:431:9 in
rte_mbuf_ext_refcnt_read
Shadow bytes around the buggy address:
0x0ff29b07d4e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff29b07d4f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff29b07d500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff29b07d510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff29b07d520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0ff29b07d530: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0ff29b07d540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff29b07d550: 00 00 00 00 00 00 fa fa 00 00 00 00 00 00 00 fa
0x0ff29b07d560: fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff29b07d570: 00 00 00 00 00 00 fa fa 00 00 00 00 00 00 00 00
0x0ff29b07d580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==26477==ABORTING
-------
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the dev
mailing list