Open jbush001 opened 5 years ago
Crash occurred in vprintf:
vprintf:
c00022a8: de 03 fd 05 add_i sp, sp, -192
c00022ac: 1e f3 02 88 store_32 s24, 188(sp)
c00022b0: 3e e3 02 88 store_32 s25, 184(sp)
c00022b4: 5e d3 02 88 store_32 s26, 180(sp)
c00022b8: 7e c3 02 88 store_32 s27, 176(sp)
c00022bc: fe b3 02 88 store_32 ra, 172(sp)
c00022c0: 60 03 f0 c0 move s27, s0
c00022c4: 3e a0 02 88 store_32 s1, 168(sp)
c00022c8: 3b 00 00 a0 load_u8 s1, (s27) <----------- Here
c00022cc: c1 33 00 f2 bz s1, 1656 <vprintf+0x69c>
The passed format string to vprintf was invalid (0xffffffff).
I saw a similar crash in the user_copy_fault test.
vprintfs is a vararg function, so the format string was be passed on the stack. This suggests stack corruption may be the cause.
Seen once on TravisCI, running tests/kernel/hello.c (in the emulator). Not consistently reproducible.