From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 1175] [dpdk-23.03][meson test][asan] rawdev_autotest show AddressSanitizer: stack-buffer-overflow error
Date: Fri, 10 Mar 2023 02:46:42 +0000 [thread overview]
Message-ID: <bug-1175-3@http.bugs.dpdk.org/> (raw)
[-- Attachment #1: Type: text/plain, Size: 5089 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1175
Bug ID: 1175
Summary: [dpdk-23.03][meson test][asan] rawdev_autotest show
AddressSanitizer: stack-buffer-overflow error
Product: DPDK
Version: 23.03
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: yux.jiang@intel.com
Target Milestone: ---
DPDK23.03
Reproduced Steps:
1, Build
rm -rf x86_64-native-linuxapp-gcc
CC=gcc meson -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug
-Db_lundef=false -Db_sanitize=address --default-library=static
x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc
2, launch test
DPDK_TEST='rawdev_autotest'
/root/dpdk/x86_64-native-linuxapp-gcc/app/test/dpdk-test
3, Failed Logs:
RTE>>rawdev_autotest
### Test rawdev infrastructure using skeleton driver
skeleton_rawdev_probe(): Init rawdev_skeleton on NUMA node 0
rte_rawdev_socket_id(): Invalid dev_id=64
=================================================================
==2269565==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffd7e110550 at pc 0x55a7216ed808 bp 0x7ffd7e110480 sp 0x7ffd7e110470
READ of size 4 at 0x7ffd7e110550 thread T0
#0 0x55a7216ed807 in skeleton_rawdev_enqueue_bufs
../drivers/raw/skeleton/skeleton_rawdev.c:431
#1 0x55a71af3eaab in rte_rawdev_enqueue_buffers
../lib/rawdev/rte_rawdev.c:230
#2 0x55a7216f0cc8 in test_rawdev_enqdeq
../drivers/raw/skeleton/skeleton_rawdev_test.c:384
#3 0x55a7216f0f5d in skeldev_test_run
../drivers/raw/skeleton/skeleton_rawdev_test.c:425
#4 0x55a7216f11ec in test_rawdev_skeldev
../drivers/raw/skeleton/skeleton_rawdev_test.c:460
#5 0x55a71af3fc0d in rte_rawdev_selftest ../lib/rawdev/rte_rawdev.c:397
#6 0x55a71a2b9bdb in test_rawdev_selftest_impl ../app/test/test_rawdev.c:32
#7 0x55a71a2b9c0a in test_rawdev_selftest_skeleton
../app/test/test_rawdev.c:40
#8 0x55a71a2b9c2f in test_rawdev_selftests ../app/test/test_rawdev.c:51
#9 0x55a719c6af02 in cmd_autotest_parsed ../app/test/commands.c:68
#10 0x55a71b221ce0 in __cmdline_parse ../lib/cmdline/cmdline_parse.c:294
#11 0x55a71b221dc8 in cmdline_parse ../lib/cmdline/cmdline_parse.c:302
#12 0x55a71b21d1a0 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:24
#13 0x55a71b22906a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:444
#14 0x55a71b21da25 in cmdline_in ../lib/cmdline/cmdline.c:146
#15 0x55a719c8ce0f in main ../app/test/test.c:208
#16 0x7f85126a6082 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#17 0x55a719c6ac3d in _start
(/root/dpdk/x86_64-native-linuxapp-gcc/app/test/dpdk-test+0xce6c3d)
Address 0x7ffd7e110550 is located in stack of thread T0 at offset 48 in frame
#0 0x55a7216f0b11 in test_rawdev_enqdeq
../drivers/raw/skeleton/skeleton_rawdev_test.c:371
This frame has 3 object(s):
[48, 50) 'queue_id' (line 374) <== Memory access at offset 48 partially
overflows this variable
[64, 72) 'deq_buffers' (line 376)
[96, 104) 'buffers' (line 375)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
../drivers/raw/skeleton/skeleton_rawdev.c:431 in skeleton_rawdev_enqueue_bufs
Shadow bytes around the buggy address:
0x10002fc1a050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10002fc1a0a0: 00 00 00 00 f1 f1 f1 f1 f1 f1[02]f2 00 f2 f2 f2
0x10002fc1a0b0: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002fc1a0f0: 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2269565==ABORTING
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 7005 bytes --]
reply other threads:[~2023-03-10 2:46 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-1175-3@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.