Page MenuHomePhabricator
Paste P8111

aarch64 crash 2
ActivePublic

Authored by dmajor on Oct 15 2018, 10:13 AM.
0:000> u .-20 L0x20
00000372`b17105dc d100239c sub x28,x28,#8
00000372`b17105e0 9100039f mov sp,x28
00000372`b17105e4 cb30ef9c sub x28,x28,xip0 sxtx #3
00000372`b17105e8 9278df9c and x28,x28,#-0x100
00000372`b17105ec 9100039f mov sp,x28
00000372`b17105f0 aa1c03f1 mov xip1,x28
00000372`b17105f4 ea01003f tst x1,x1
00000372`b17105f8 540000a0 beq 00000372`b171060c
00000372`b17105fc f8408458 ldr x24,[x2],#8 <----- crash \
00000372`b1710600 f8008638 str x24,[xip1],#8 |
00000372`b1710604 f1000610 subs xip0,xip0,#1 | memcpy?
00000372`b1710608 54ffffaa bge 00000372`b17105fc /
00000372`b171060c b94000f0 ldr wip0,[x7]
00000372`b1710610 d100439f sub sp,x28,#0x10
00000372`b1710614 a9bf4384 stp x4,xip0,[x28,#-0x10]!
00000372`b1710618 cb1c0273 sub x19,x19,x28
00000372`b171061c d378de73 lsl x19,x19,#8
00000372`b1710620 d2800870 mov xip0,#0x43
00000372`b1710624 aa100273 orr x19,x19,xip0
00000372`b1710628 d100239f sub sp,x28,#8
00000372`b171062c f81f8f93 str x19,[x28,#-8]!
00000372`b1710630 ea03007f tst x3,x3
00000372`b1710634 54000740 beq 00000372`b171071c
00000372`b1710638 10000791 adr xip1,00000372`b1710728
00000372`b171063c d100439f sub sp,x28,#0x10
00000372`b1710640 a9bf4797 stp x23,xip1,[x28,#-0x10]!
00000372`b1710644 d100c39c sub x28,x28,#0x30
00000372`b1710648 9100039f mov sp,x28
00000372`b171064c aa1c03f7 mov x23,x28
00000372`b1710650 531d70d3 lsl w19,w6,#3
00000372`b1710654 cb13039c sub x28,x28,x19
00000372`b1710658 9100039f mov sp,x28
0:000> r x16
x16=0000000000000000
0:000> * ^ so this would have been the last iteration of the loop
0:000> r x2
x2=00000207b988a000
0:000> * ^ the source address fell off the end of a page
0:000> dq @x2-20 L6
00000207`b9889fe0 fffe0207`a6f07530 fff98000`00000000
00000207`b9889ff0 fff90000`00000001 fffb0207`ae666720
00000207`b988a000 ????????`???????? ????????`????????
0:000> dq @x17-20 L6
000000aa`ee0f1ef8 00000000`00000000 fff98000`00000000
000000aa`ee0f1f08 fff90000`00000001 fffb0207`ae666720
000000aa`ee0f1f18 fffb0207`b26fa7e0 00000001`00000010
0:000> * ^ so we copied 3 64-bit words before the crash (the value before that is mismatched, so it couldn't have been part of the copy)

Event Timeline

dmajor created this paste.Oct 15 2018, 10:13 AM
dmajor created this object with visibility "Public (No Login Required)".