| Bug ID | 1175 |
|---|---|
| Summary | [dpdk-23.03][meson test][asan] rawdev_autotest show AddressSanitizer: stack-buffer-overflow error |
| Product | DPDK |
| Version | 23.03 |
| Hardware | All |
| OS | All |
| Status | UNCONFIRMED |
| Severity | normal |
| Priority | Normal |
| Component | ethdev |
| Assignee | dev@dpdk.org |
| Reporter | yux.jiang@intel.com |
| Target Milestone | --- |
DPDK23.03 Reproduced Steps: 1, Build rm -rf x86_64-native-linuxapp-gcc CC=gcc meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address --default-library=static x86_64-native-linuxapp-gcc ninja -C x86_64-native-linuxapp-gcc 2, launch test DPDK_TEST='rawdev_autotest' /root/dpdk/x86_64-native-linuxapp-gcc/app/test/dpdk-test 3, Failed Logs: RTE>>rawdev_autotest ### Test rawdev infrastructure using skeleton driver skeleton_rawdev_probe(): Init rawdev_skeleton on NUMA node 0 rte_rawdev_socket_id(): Invalid dev_id=64 ================================================================= ==2269565==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd7e110550 at pc 0x55a7216ed808 bp 0x7ffd7e110480 sp 0x7ffd7e110470 READ of size 4 at 0x7ffd7e110550 thread T0 #0 0x55a7216ed807 in skeleton_rawdev_enqueue_bufs ../drivers/raw/skeleton/skeleton_rawdev.c:431 #1 0x55a71af3eaab in rte_rawdev_enqueue_buffers ../lib/rawdev/rte_rawdev.c:230 #2 0x55a7216f0cc8 in test_rawdev_enqdeq ../drivers/raw/skeleton/skeleton_rawdev_test.c:384 #3 0x55a7216f0f5d in skeldev_test_run ../drivers/raw/skeleton/skeleton_rawdev_test.c:425 #4 0x55a7216f11ec in test_rawdev_skeldev ../drivers/raw/skeleton/skeleton_rawdev_test.c:460 #5 0x55a71af3fc0d in rte_rawdev_selftest ../lib/rawdev/rte_rawdev.c:397 #6 0x55a71a2b9bdb in test_rawdev_selftest_impl ../app/test/test_rawdev.c:32 #7 0x55a71a2b9c0a in test_rawdev_selftest_skeleton ../app/test/test_rawdev.c:40 #8 0x55a71a2b9c2f in test_rawdev_selftests ../app/test/test_rawdev.c:51 #9 0x55a719c6af02 in cmd_autotest_parsed ../app/test/commands.c:68 #10 0x55a71b221ce0 in __cmdline_parse ../lib/cmdline/cmdline_parse.c:294 #11 0x55a71b221dc8 in cmdline_parse ../lib/cmdline/cmdline_parse.c:302 #12 0x55a71b21d1a0 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:24 #13 0x55a71b22906a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:444 #14 0x55a71b21da25 in cmdline_in ../lib/cmdline/cmdline.c:146 #15 0x55a719c8ce0f in main ../app/test/test.c:208 #16 0x7f85126a6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #17 0x55a719c6ac3d in _start (/root/dpdk/x86_64-native-linuxapp-gcc/app/test/dpdk-test+0xce6c3d) Address 0x7ffd7e110550 is located in stack of thread T0 at offset 48 in frame #0 0x55a7216f0b11 in test_rawdev_enqdeq ../drivers/raw/skeleton/skeleton_rawdev_test.c:371 This frame has 3 object(s): [48, 50) 'queue_id' (line 374) <== Memory access at offset 48 partially overflows this variable [64, 72) 'deq_buffers' (line 376) [96, 104) 'buffers' (line 375) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ../drivers/raw/skeleton/skeleton_rawdev.c:431 in skeleton_rawdev_enqueue_bufs Shadow bytes around the buggy address: 0x10002fc1a050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10002fc1a0a0: 00 00 00 00 f1 f1 f1 f1 f1 f1[02]f2 00 f2 f2 f2 0x10002fc1a0b0: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002fc1a0f0: 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2269565==ABORTING