Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in kernel test: hello.c #171

Open
jbush001 opened this issue Dec 9, 2018 · 4 comments
Open

Crash in kernel test: hello.c #171

jbush001 opened this issue Dec 9, 2018 · 4 comments
Labels
bug

Comments

@jbush001
Copy link
Owner

jbush001 commented Dec 9, 2018
edited

Seen once on TravisCI, running tests/kernel/hello.c (in the emulator). Not consistently reproducible.

hello.c
Process returned error: 
Loading segment 1 offset 00000000 vaddr 00001000 file size 00000c90 mem size 00000c90 flags 4
Loading segment 2 offset 00001000 vaddr 00002000 file size 00006b40 mem size 00006b40 flags 5
Loading segment 3 offset 00008000 vaddr 00009000 file size 00001010 mem size 00002348 flags 6
entry point for program is 000086e0
Load Invalid device access ffffffff, pc c00022c8
Thread 0 registers
 s0 ffffffff  s1 fffffcc4  s2 ffffffff  s3 c0000000  s4 00000007  s5 00000004  s6 c0000000  s7 bfffffff 
 s8 00000000  s9 00000000 s10 00000003 s11 00000000 s12 00000000 s13 000000ff s14 00000000 s15 00000000 
s16 00000000 s17 00000000 s18 00000000 s19 00000000 s20 00000000 s21 00000000 s22 00000000 s23 00000000 
s24 fffffdc0 s25 00000000 s26 00000005 s27 ffffffff s28 c000b000 s29 00000000 s30 fffffbc0 s31 c0002298 
pc c00022c8 flags: MS
...
2235817 total instructions
@jbush001
Copy link
Owner Author

jbush001 commented Dec 9, 2018

Crash occurred in vprintf:

vprintf:
c00022a8:	de 03 fd 05 	add_i sp, sp, -192
c00022ac:	1e f3 02 88 	store_32 s24, 188(sp)
c00022b0:	3e e3 02 88 	store_32 s25, 184(sp)
c00022b4:	5e d3 02 88 	store_32 s26, 180(sp)
c00022b8:	7e c3 02 88 	store_32 s27, 176(sp)
c00022bc:	fe b3 02 88 	store_32 ra, 172(sp)
c00022c0:	60 03 f0 c0 	move s27, s0
c00022c4:	3e a0 02 88 	store_32 s1, 168(sp)
c00022c8:	3b 00 00 a0 	load_u8 s1, (s27)   <----------- Here
c00022cc:	c1 33 00 f2 	bz s1, 1656 <vprintf+0x69c>

@jbush001
Copy link
Owner Author

jbush001 commented Dec 9, 2018

The passed format string to vprintf was invalid (0xffffffff).

@jbush001
Copy link
Owner Author

I saw a similar crash in the user_copy_fault test.

@jbush001 jbush001 added the bug label Feb 11, 2019
@jbush001
Copy link
Owner Author

vprintfs is a vararg function, so the format string was be passed on the stack. This suggests stack corruption may be the cause.

@John14lee John14lee mentioned this issue Mar 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jbush001