[Fix fuzzer error] Memory address points to zero page.#32894
Merged
nanahpang merged 13 commits intogrpc:masterfrom Apr 27, 2023
Merged
[Fix fuzzer error] Memory address points to zero page.#32894nanahpang merged 13 commits intogrpc:masterfrom
nanahpang merged 13 commits intogrpc:masterfrom
Conversation
nanahpang
changed the title
nanahpang
added
area/test
release notes: no
grpc-checks
bot
added
per-call-memory/neutral
per-channel-memory/neutral
bloat/none
labels
Member
|
I don't think this is the root cause. For the specific fuzzer failure this will stop the error, but the fuzzer will soon give us a 1-byte long frame and this will trip again. I wrote #32896 to demonstrate that incrementing a zero frame size always works. Here it looks like we're trying to access a null execctx because there's none on the stack. Probably just adding a |
…e memory access error. The root cause is ExecCtx:Get() not initialized before use.
Contributor
Author
|
Yes, it is due to the ExecCtx not initialized before use. I have updated the files and running the sanitizer script right now. Thanks! |
ctiller
approved these changes
Apr 19, 2023
Member
ctiller
left a comment
ctiller
left a comment
There was a problem hiding this comment.
Will need to appease the sanitizer, but this looks good - thankyou!
Mater branch changed after solving conflicts.
ctiller
approved these changes
Apr 27, 2023
ctiller
changed the title
copybara-service
bot
added
the
imported
XuanWang-Amos
pushed a commit
to XuanWang-Amos/grpc
that referenced
this pull request
May 1, 2023
Found memory access error in frame_fuzzer_test. Located the root cause in ExecCtx::Get(), where ExecCtx needs to be initialized before using HPackParser:ParseInput(). Error logs: MemorySanitizer:DEADLYSIGNAL ==2812845==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000030 (pc 0x55869275574e bp 0x7fffd7d9fb50 sp 0x7fffd7d9fb20 T2812845) ==2812845==The signal is caused by a READ memory access. ==2812845==Hint: address points to the zero page. #0 0x55869275574e in starting_cpu [third_party/grpc/src/core/lib/iomgr/exec_ctx.h:129](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/iomgr/exec_ctx.h?l=129&ws=ladynana/2900&snapshot=42):9 #1 0x55869275574e in grpc_core::PerCpu<grpc_core::GlobalStatsCollector::Data>::this_cpu() [third_party/grpc/src/core/lib/gprpp/per_cpu.h:38](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/gprpp/per_cpu.h?l=38&ws=ladynana/2900&snapshot=42):48 #2 0x558692753cda in IncrementHttp2MetadataSize [third_party/grpc/src/core/lib/debug/stats_data.h:265](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/debug/stats_data.h?l=265&ws=ladynana/2900&snapshot=42):11 #3 0x558692753cda in grpc_core::HPackParser::ParseInput(grpc_core::HPackParser::Input, bool) [third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc:933](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc?l=933&ws=ladynana/2900&snapshot=42):20 <!-- If you know who should review your pull request, please assign it to that person, otherwise the pull request would get assigned randomly. If your pull request is for a specific language, please add the appropriate lang label. -->
paulosjca
pushed a commit
to paulosjca/grpc
that referenced
this pull request
May 4, 2023
Found memory access error in frame_fuzzer_test. Located the root cause in ExecCtx::Get(), where ExecCtx needs to be initialized before using HPackParser:ParseInput(). Error logs: MemorySanitizer:DEADLYSIGNAL ==2812845==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000030 (pc 0x55869275574e bp 0x7fffd7d9fb50 sp 0x7fffd7d9fb20 T2812845) ==2812845==The signal is caused by a READ memory access. ==2812845==Hint: address points to the zero page. #0 0x55869275574e in starting_cpu [third_party/grpc/src/core/lib/iomgr/exec_ctx.h:129](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/iomgr/exec_ctx.h?l=129&ws=ladynana/2900&snapshot=42):9 #1 0x55869275574e in grpc_core::PerCpu<grpc_core::GlobalStatsCollector::Data>::this_cpu() [third_party/grpc/src/core/lib/gprpp/per_cpu.h:38](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/gprpp/per_cpu.h?l=38&ws=ladynana/2900&snapshot=42):48 #2 0x558692753cda in IncrementHttp2MetadataSize [third_party/grpc/src/core/lib/debug/stats_data.h:265](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/debug/stats_data.h?l=265&ws=ladynana/2900&snapshot=42):11 #3 0x558692753cda in grpc_core::HPackParser::ParseInput(grpc_core::HPackParser::Input, bool) [third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc:933](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc?l=933&ws=ladynana/2900&snapshot=42):20 <!-- If you know who should review your pull request, please assign it to that person, otherwise the pull request would get assigned randomly. If your pull request is for a specific language, please add the appropriate lang label. -->
wanlin31
pushed a commit
that referenced
this pull request
May 18, 2023
Found memory access error in frame_fuzzer_test. Located the root cause in ExecCtx::Get(), where ExecCtx needs to be initialized before using HPackParser:ParseInput(). Error logs: MemorySanitizer:DEADLYSIGNAL ==2812845==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000030 (pc 0x55869275574e bp 0x7fffd7d9fb50 sp 0x7fffd7d9fb20 T2812845) ==2812845==The signal is caused by a READ memory access. ==2812845==Hint: address points to the zero page. #0 0x55869275574e in starting_cpu [third_party/grpc/src/core/lib/iomgr/exec_ctx.h:129](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/iomgr/exec_ctx.h?l=129&ws=ladynana/2900&snapshot=42):9 #1 0x55869275574e in grpc_core::PerCpu<grpc_core::GlobalStatsCollector::Data>::this_cpu() [third_party/grpc/src/core/lib/gprpp/per_cpu.h:38](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/gprpp/per_cpu.h?l=38&ws=ladynana/2900&snapshot=42):48 #2 0x558692753cda in IncrementHttp2MetadataSize [third_party/grpc/src/core/lib/debug/stats_data.h:265](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/debug/stats_data.h?l=265&ws=ladynana/2900&snapshot=42):11 #3 0x558692753cda in grpc_core::HPackParser::ParseInput(grpc_core::HPackParser::Input, bool) [third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc:933](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc?l=933&ws=ladynana/2900&snapshot=42):20 <!-- If you know who should review your pull request, please assign it to that person, otherwise the pull request would get assigned randomly. If your pull request is for a specific language, please add the appropriate lang label. -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Found memory access error in frame_fuzzer_test. Located the root cause in ExecCtx::Get(), where ExecCtx needs to be initialized before using HPackParser:ParseInput().
Error logs:
MemorySanitizer:DEADLYSIGNAL
==2812845==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000030 (pc 0x55869275574e bp 0x7fffd7d9fb50 sp 0x7fffd7d9fb20 T2812845)
==2812845==The signal is caused by a READ memory access.
==2812845==Hint: address points to the zero page.
#0 0x55869275574e in starting_cpu third_party/grpc/src/core/lib/iomgr/exec_ctx.h:129:9
#1 0x55869275574e in grpc_core::PerCpu<grpc_core::GlobalStatsCollector::Data>::this_cpu() third_party/grpc/src/core/lib/gprpp/per_cpu.h:38:48
#2 0x558692753cda in IncrementHttp2MetadataSize third_party/grpc/src/core/lib/debug/stats_data.h:265:11
#3 0x558692753cda in grpc_core::HPackParser::ParseInput(grpc_core::HPackParser::Input, bool) third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc:933:20