ldv benchmarks, more invalid dereferences

EDIT: Updated to replace imprecise NULL detection with invalid offset accesses.

c/ldv-linux-3.7.3/main4_drivers-scsi-mpt2sas-mpt2sas-ko--32_7a--linux-3.7.3.i

c/ldv-linux-3.7.3/main4_drivers-scsi-mpt2sas-mpt2sas-ko--32_7a--linux-3.7.3.i:24722.12-19: error: Invalid memory access
  
  24722:   if ((int )ioc->id != ioc_number) {
                     ^^^^^^^                 
  accessing 1 byte at offset 24 of dynamically allocated block of size 16 bytes
  Callstack:
        from c/ldv-linux-3.7.3/main4_drivers-scsi-mpt2sas-mpt2sas-ko--32_7a--linux-3.7.3.i:26453.12-69: _ctl_verify_adapter
        from c/ldv-linux-3.7.3/main4_drivers-scsi-mpt2sas-mpt2sas-ko--32_7a--linux-3.7.3.i:26577.8-50: _ctl_ioctl_main
        from c/ldv-linux-3.7.3/main4_drivers-scsi-mpt2sas-mpt2sas-ko--32_7a--linux-3.7.3.i:27421.2-68: _ctl_ioctl
        from c/ldv-linux-3.7.3/main4_drivers-scsi-mpt2sas-mpt2sas-ko--32_7a--linux-3.7.3.i:27387.4-8: main

Allocation trace: ldv_malloc:27404 → main:27388

c/ldv-consumption/linux-3.8-rc1-32_7a-drivers--scsi--mpt3sas--mpt3sas.ko-ldv_main4.cil.out.i

c/ldv-consumption/linux-3.8-rc1-32_7a-drivers--scsi--mpt3sas--mpt3sas.ko-ldv_main4.cil.out.i:24528.12-19: error: Invalid memory access
  
  24528:   if ((int )ioc->id != ioc_number) {
                     ^^^^^^^                 
  accessing 1 byte at offset 24 of dynamically allocated block of size 16 bytes
  Callstack:
        from c/ldv-consumption/linux-3.8-rc1-32_7a-drivers--scsi--mpt3sas--mpt3sas.ko-ldv_main4.cil.out.i:26257.12-69: _ctl_verify_adapter
        from c/ldv-consumption/linux-3.8-rc1-32_7a-drivers--scsi--mpt3sas--mpt3sas.ko-ldv_main4.cil.out.i:26381.8-50: _ctl_ioctl_main
        from c/ldv-consumption/linux-3.8-rc1-32_7a-drivers--scsi--mpt3sas--mpt3sas.ko-ldv_main4.cil.out.i:27420.2-68: _ctl_ioctl
        from c/ldv-consumption/linux-3.8-rc1-32_7a-drivers--scsi--mpt3sas--mpt3sas.ko-ldv_main4.cil.out.i:27397.4-8: main

c/ldv-commit-tester/main3_drivers-staging-usbip-vhci-hcd-ko--132_1a--927c3fa.i

c/ldv-commit-tester/main3_drivers-staging-usbip-vhci-hcd-ko--132_1a--927c3fa.i:7028.22-50: error: Invalid memory access
  
  7028:   if ((unsigned long )the_controller->vdev[i].udev == (unsigned long )udev) {
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^                           
  accessing 8 bytes at offset 784 of dynamically allocated block of size 656 bytes
  accessing 8 bytes at offset 784 of dynamically allocated block of size 656 bytes
  Callstack:
        from c/ldv-commit-tester/main3_drivers-staging-usbip-vhci-hcd-ko--132_1a--927c3fa.i:7052.8-26: get_vdev
        from c/ldv-commit-tester/main3_drivers-staging-usbip-vhci-hcd-ko--132_1a--927c3fa.i:7206.2-18: vhci_tx_urb
        from c/ldv-commit-tester/main3_drivers-staging-usbip-vhci-hcd-ko--132_1a--927c3fa.i:8018.2-69: vhci_urb_enqueue
        from c/ldv-commit-tester/main3_drivers-staging-usbip-vhci-hcd-ko--132_1a--927c3fa.i:7972.4-8: main

c/ldv-validator-v0.8/linux-stable-063f96c-1-144_1a-drivers--mmc--host--vub300.ko.unsigned-entry_point_ldv-val-v0.8.cil.out.i

c/ldv-validator-v0.8/linux-stable-063f96c-1-144_1a-drivers--mmc--host--vub300.ko.unsigned-entry_point_ldv-val-v0.8.cil.out.i: In function 'vub300_mmc_request':
c/ldv-validator-v0.8/linux-stable-063f96c-1-144_1a-drivers--mmc--host--vub300.ko.unsigned-entry_point_ldv-val-v0.8.cil.out.i:6212.22-39: error: Invalid memory access
  
  6212:   if ((unsigned long )vub300->interface == (unsigned long )((struct usb_interface *)0)) {
                              ^^^^^^^^^^^^^^^^^                                                  
  accessing 8 bytes at offset 2632 of dynamically allocated block of size 2624 bytes
  Callstack:
        from c/ldv-validator-v0.8/linux-stable-063f96c-1-144_1a-drivers--mmc--host--vub300.ko.unsigned-entry_point_ldv-val-v0.8.cil.out.i:7675.6-56: vub300_mmc_request
        from c/ldv-validator-v0.8/linux-stable-063f96c-1-144_1a-drivers--mmc--host--vub300.ko.unsigned-entry_point_ldv-val-v0.8.cil.out.i:7529.4-8: main

c/ldv-validator-v0.8/linux-stable-5fdb450-1-144_1a-drivers--mmc--host--vub300.ko-entry_point_ldv-val-v0.8.cil.out.i

Same as previous (line 4401), backtrace:

	from c/ldv-validator-v0.8/linux-stable-5fdb450-1-144_1a-drivers--mmc--host--vub300.ko-entry_point_ldv-val-v0.8.cil.out.i:6383.8-21: mmc_priv
	from c/ldv-validator-v0.8/linux-stable-5fdb450-1-144_1a-drivers--mmc--host--vub300.ko-entry_point_ldv-val-v0.8.cil.out.i:7688.6-60: vub300_enable_sdio_irq
	from c/ldv-validator-v0.8/linux-stable-5fdb450-1-144_1a-drivers--mmc--host--vub300.ko-entry_point_ldv-val-v0.8.cil.out.i:7557.4-8: main

Allocation trace: ldv_init_zalloc:7195 → ldv_initialize_mmc_host_ops_8:7758 → main:7557

c/ldv-consumption/32_7a_cilled_linux-3.8-rc1-32_7a-drivers--mmc--host--vub300.ko-ldv_main0_sequence_infinite_withcheck_stateful.cil.out.i

Invalid memory access
  
  6235:   vub300->mmc = mmc;
          ^^^^^^^^^^^       
  accessing 8 bytes at offset 4416 of dynamically allocated block of size 2616 bytes
  Callstack:
        from c/ldv-consumption/32_7a_cilled_linux-3.8-rc1-32_7a-drivers--mmc--host--vub300.ko-ldv_main0_sequence_infinite_withcheck_stateful.cil.out.i:6664.26-74: vub300_probe
        from c/ldv-consumption/32_7a_cilled_linux-3.8-rc1-32_7a-drivers--mmc--host--vub300.ko-ldv_main0_sequence_infinite_withcheck_stateful.cil.out.i:6611.4-8: main

c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_point.cil.out.i

c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_p
oint.cil.out.i: In function 'ioread32':
c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_p
oint.cil.out.i:2324.17-31: error: Invalid memory access
  
  2324:   tmp = ioread32(dev->base_addr + reg);
                         ^^^^^^^^^^^^^^        
  accessing 8 bytes at offset 6328 of dynamically allocated block of size 1568 bytes
  Callstack:
        from c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_point.cil.out.i:2324.8-38: ioread32
        from c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_point.cil.out.i:2341.8-31: pch_udc_readl
        from c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_point.cil.out.i:2449.2-35: pch_udc_bit_set
        from c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_point.cil.out.i:3044.2-25: pch_udc_rmt_wakeup
        from c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_point.cil.out.i:5877.6-44: pch_udc_pcd_wakeup
        from c/ldv-linux-3.16-rc1/43_2a_bitvector_linux-3.16-rc1.tar.xz-43_2a-drivers--usb--gadget--pch_udc.ko-entry_point.cil.out.i:5569.4-8: main

c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--media--usb--dvb-usb--dvb-usb-dw2102.ko-entry_point.cil.out.i

c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--media--usb--dvb-usb--dvb-usb-dw2102.ko-entry_poin
t.cil.out.i: In function 'su3000_power_ctrl':
c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--media--usb--dvb-usb--dvb-usb-dw2102.ko-entry_point.cil.out.i:8532.33-40: error: Invalid memory access
  
  8532:   state = (struct dw2102_state *)d->priv;
                                         ^^^^^^^ 
  accessing 8 bytes at offset 13064 of dynamically allocated block of size 13064 bytes
  Callstack:
        from c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--media--usb--dvb-usb--dvb-usb-dw2102.ko-entry_point.cil.out.i:11186.6-63: su3000_power_ctrl
        from c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--media--usb--dvb-usb--dvb-usb-dw2102.ko-entry_point.cil.out.i:10844.4-8: main

Edited Nov 07, 2022 by Raphaël Monat

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information