Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null pointer deference due to KCOV #163

Open
shenki opened this issue Sep 15, 2018 · 0 comments
Open

Null pointer deference due to KCOV #163

shenki opened this issue Sep 15, 2018 · 0 comments

Comments

@shenki
Copy link
Member

shenki commented Sep 15, 2018

4.18.8-00344-gbb5e0c8 with KCOV and GCC_PLUGIN_STRUCTLEAK turned on.

[   28.871525] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   28.879929] pgd = b9f4bf0b
[   28.882744] [00000000] *pgd=00000000
[   28.886463] Internal error: Oops: 5 [#1] ARM
[   28.890891] CPU: 0 PID: 1 Comm: init Tainted: G                T 4.18.8-00344-gbb5e0c8 #20
[   28.899237] Hardware name: Generic DT based system
[   28.904189] PC is at v4wb_copy_user_page+0x14/0x50
[   28.909123] LR is at v4wb_copy_user_page+0xc/0x50
[   28.913935] pc : [<80114720>]    lr : [<80114718>]    psr: 80000013
[   28.920295] sp : 9d477af0  ip : 9d477af8  fp : 9d477b2c
[   28.925615] r10: 9db9b200  r9 : 9d7df1c0  r8 : 0037b200
[   28.930950] r7 : 9d403f80  r6 : 46af1000  r5 : 9bd90000  r4 : 80bfe000
[   28.937577] r3 : 9d474da0  r2 : 00000040  r1 : 00000000  r0 : 80bfe000
[   28.944205] Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   28.951453] Control: 0005317f  Table: 5d7fc000  DAC: 00000051
[   28.957303] Process init (pid: 1, stack limit = 0x6344fd84)
[   28.962979] Stack: (0x9d477af0 to 0x9d478000)
[   28.967495] 7ae0:                                     80bfe000 80114718 46af1830 9d403f80
[   28.975876] 7b00: 9d477b2c 80c03008 8090b880 00000200 9d403f80 9d7fd1a8 46af1830 9d403f80
[   28.984256] 7b20: 9d477bb4 9d477b30 80287950 8011476c 9d477b94 9d477b40 802d4c70 801a8980
[   28.992630] 7b40: 21f98280 00000000 00000001 9d403f80 00000015 006200c2 00000021 46af1000
[   29.001000] 7b60: 9d7fd1a8 9d7fd1a8 00000000 9d837fc0 00000000 9db9b200 00000000 00000000
[   29.009375] 7b80: 00000000 cb5707e3 9d477bb4 9d477d10 9d474da0 00000000 9d7df1c0 00000805
[   29.017750] 7ba0: 46af1830 9d403f80 9d477c0c 9d477bb8 8010d478 80287198 00000000 00000000
[   29.026122] 7bc0: 00000000 00000000 00000000 00000002 00000800 9d7df2e8 00000002 00000015
[   29.034504] 7be0: 9d477c4c 46af1830 9d477d10 80c03008 00000805 46af1830 9d477d10 7f3f5494
[   29.042885] 7c00: 9d477c44 9d477c10 8010d710 8010d0f0 00100877 80a37b34 9d477c4c 00000005
[   29.051267] 7c20: 00000805 80c03008 80c0abc0 46af1830 9d477d10 7f3f5494 9d477d0c 9d477c48
[   29.059643] 7c40: 8010d7a4 8010d638 8028fcb8 801a8980 9d403d84 00000000 9d521700 00000000
[   29.068012] 7c60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   29.076376] 7c80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   29.084741] 7ca0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   29.093105] 7cc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 cb5707e3
[   29.101488] 7ce0: fffff000 8043dbb0 00000013 ffffffff 9d477d44 7f000000 9d476000 00000000
[   29.109867] 7d00: 9d477d9c 9d477d10 80101958 8010d738 00000000 00000001 00000055 00000055
[   29.118249] 7d20: 9d476000 46af1830 000007d0 80c03008 7f000000 00000000 00000000 9d477d9c
[   29.126632] 7d40: 9d477d60 9d477d60 8043db9c 8043dbb0 00000013 ffffffff 00000055 7f000000
[   29.135006] 7d60: 9d521700 00000003 9d477da4 cb5707e3 80271314 000007d0 46af1830 00000051
[   29.143384] 7d80: 00000000 9d477de0 80c03008 9d452400 9d477dbc 9d477da0 8043dd4c 8043daec
[   29.151762] 7da0: 000007d0 46af1830 00000051 00000000 9d477ddc 9d477dc0 80323690 8043dd24
[   29.160144] 7dc0: 9bad1a80 46af1908 9d778e40 00000000 9d477e84 9d477de0 80323000 80323620
[   29.168520] 7de0: 00100802 00000000 00000000 000af6b0 000adf08 0009deec 00010000 9d452400
[   29.176889] 7e00: 9d477de0 00000000 00000003 00000006 46af1908 00000001 00000000 00010000
[   29.185267] 7e20: 46af1830 9d778d80 00000000 9d521700 9d775c00 9d77ea00 00000034 00000000
[   29.193650] 7e40: 9d477e84 9d477e50 8031fdcc 801a8980 80c03008 cb5707e3 9d452440 9d452400
[   29.202032] 7e60: 80c5094c 80c48f2c fffffff8 9d452440 00000000 9d452400 9d477ea4 9d477e88
[   29.210412] 7e80: 802b9128 80321cec 9d521a20 00000000 9d452400 80c03008 9d477edc 9d477ea8
[   29.218791] 7ea0: 8031fee0 802b90dc 9d477ed4 00000000 9d452442 cb5707e3 9bc00040 9d452400
[   29.227175] 7ec0: 80c508e4 80c48f2c 80c07ee0 80c07fc8 9d477efc 9d477ee0 802b9128 8031fbfc
[   29.235556] 7ee0: 9d5b0000 80c03008 9d474da0 80c07ee0 9d477f4c 9d477f00 802b97c8 802b90dc
[   29.243928] 7f00: 9d477f74 00000001 9d7df2e8 80c07fc8 00000001 00000001 00000000 cb5707e3
[   29.252300] 7f20: 00000000 9d5b0000 80c07ee0 80c07fc8 00000000 00000000 00000000 00000000
[   29.260674] 7f40: 9d477f74 9d477f50 802b9b74 802b91d8 00000000 00000000 00000000 80c07ecc
[   29.269058] 7f60: 809c6848 00000000 9d477f8c 9d477f78 80102748 802b9b3c 809c6848 80cf6c60
[   29.277438] 7f80: 9d477fac 9d477f90 808a9ac8 80102720 00000000 808a9a44 00000000 808a9a44
[   29.285811] 7fa0: 00000000 9d477fb0 801010e8 808a9a54 00000000 00000000 00000000 00000000
[   29.294178] 7fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   29.302543] 7fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[   29.310966] [<80114720>] (v4wb_copy_user_page) from [<80114718>] (v4wb_copy_user_page+0xc/0x50)
[   29.319856] Code: e1a05001 eb025095 e92d4010 e3a02040 (e8b15018) 
[   29.326329] ---[ end trace 36711fbbd96cdb73 ]---

arch/arm/mm/copypage-v4wb.c has a call to __sanitizer_cov_trace_pc inserted into it. That looked like it was clearing r1, and then copypage was trying to save a bunch of registers into the address of r1.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shenki