CRASH,APP CRASH,ASSERT: common.nzcv crashes natively on Android and causes a DR assert/crash
f03b62f1 ported common.nzcv to ARM and enabled it for Linux and Android, but it crashes natively on Android and DR doesn't handle that fault very well it seems:
Debug asserts:
http://dynamorio.org/CDash/testDetails.php?test=201133&build=18521
OK 1 N
OK 0 N
<Application /data/local/tmp/build_android-debug-internal-32/suite/tests/bin/common.nzcv (28959). Internal Error: DynamoRIO debug check failure: /work/dr/nightly/src/core/unix/signal.c:5530 sig > 0 && sig <= MAX_SIGNUM && IS_RT_FOR_APP(info, sig)
(Error occurred @3730 frags)
version 6.2.17200, custom build
-no_dynamic_options -code_api -stderr_mask 12 -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct
0xb6d9e98d 0x78af04b0>Release crashes:
http://dynamorio.org/CDash/testDetails.php?test=201162&build=18522
OK 1 N
OK 0 N
<Application /data/local/tmp/build_android-release-external-32/suite/tests/bin/common.nzcv (29521). DynamoRIO internal crash at PC 0xb6ee2de8. Please report this at http://dynamorio.org/issues/. Program aborted.
Received SIGSEGV at unknown pc 0xb6ee2de8 in thread 29521
Base: 0xb6ef5000
Registers: r0 =0x00000000 r1 =0x00000000 r2 =0x00004001 r3 =0x00000064
r4 =0x0000001f r5 =0xb6ee2df9 r6 =0x00000001 r7 =0xbef9d9f8
r8 =0x00000000 r9 =0x00000000 r10=0x00000000 r11=0xbef9da3c
r12=0x00007351 r13=0xbef9d9f8 r14=0xb6ee2df9 r15=0xb6ee2de8
eflags=0x80070030
version 6.2.17200, custom build
-no_dynamic_options -code_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct
0xbef9da3c 0x00000001
0xb6ec468f 0xbd46bd77>Getting on the device, natively common.nzcv crashes:
/data/local/tmp/build_android-debug-internal-32 # suite/tests/bin/common.nzcv
OK 1 N
OK 0 N
Segmentation faultAll I have time for is a quick run under DR debug -loglevel 4:
bb ilist after mangling:
TAG 0xb6c84de6
+0 m4 @0x5057fa7c <label>
+0 m4 @0x5057f900 f84a 0c00 str %r0 -> (%r10)[4byte]
+4 m4 @0x5058071c f644 50e8 movw $0x00004de8 -> %r0
+8 m4 @0x5057f3d4 f2cb 60c8 movt $0x0000b6c8 -> %r0
+12 L4 @0x50580780 6b83 ldr +0x38(%r0)[4byte] -> %r3
+14 m4 @0x505808b0 f8da 0000 ldr (%r10)[4byte] -> %r0
+18 L3 58e3 ldr (%r4,%r3)[4byte] -> %r3
+20 L3 461a mov %r3 -> %r2
+22 L3 687b ldr +0x04(%r7)[4byte] -> %r3
+24 L3 f852 3023 ldr (%r2,%r3,lsl 2)[4byte] -> %r3
+28 L3 4618 mov %r3 -> %r0
+30 m4 @0x5057f068 <label>
+30 m4 @0x5057f01c f644 5ef9 movw $0x00004df9 -> %lr
+34 m4 @0x5057fb14 f2cb 6ec8 movt $0x0000b6c8 -> %lr
+38 m4 @0x50580adc f8ca 2008 str %r2 -> +0x08(%r10)[4byte]
+42 m4 @0x5057e73c f644 6224 movw $0x00004e24 -> %r2
+46 m4 @0x50580ec4 f2cb 62c8 movt $0x0000b6c8 -> %r2
+50 L4 @0x5057ff3c f7d7 baa4 b $0x505521a0 <shared_bb_ibl_indcall>
END 0xb6c84de6
<...>
Fragment 3379, tag 0xb6c84de6, flags 0x1400030, shared, size 74:
-------- prefix entry: --------
0x50626148 f8da 0000 ldr (%r10)[4byte] -> %r0
-------- normal entry: --------
0x5062614c f84a 0c00 str %r0 -> (%r10)[4byte]
0x50626150 f644 50e8 movw $0x00004de8 -> %r0
0x50626154 f2cb 60c8 movt $0xb6c8 -> %r0[2byte]
0x50626158 6b83 ldr +0x38(%r0)[4byte] -> %r3
0x5062615a f8da 0000 ldr (%r10)[4byte] -> %r0
0x5062615e 58e3 ldr (%r4,%r3)[4byte] -> %r3
0x50626160 461a mov %r3 -> %r2
0x50626162 687b ldr +0x04(%r7)[4byte] -> %r3
0x50626164 f852 3023 ldr (%r2,%r3,lsl 2)[4byte] -> %r3
0x50626168 4618 mov %r3 -> %r0
0x5062616a f644 5ef9 movw $0x00004df9 -> %lr
0x5062616e f2cb 6ec8 movt $0xb6c8 -> %lr[2byte]
0x50626172 f8ca 2008 str %r2 -> +0x08(%r10)[4byte]
0x50626176 f644 6224 movw $0x00004e24 -> %r2
0x5062617a f2cb 62c8 movt $0xb6c8 -> %r2[2byte]
0x5062617e f000 b800 b $0x50626182 <exit stub 0>
-------- exit stub 0: -------- <target: 0x505521a0> type: indcall
0x50626182 f8ca 1004 str %r1 -> +0x04(%r10)[4byte]
0x50626186 f64b 3124 movw $0x0000bb24 -> %r1
0x5062618a f2c5 0162 movt $0x5062 -> %r1[2byte]
0x5062618e f8da f03c ldr +0x3c(%r10)[4byte] -> %pc
<...>
master_signal_handler: sig=11, retaddr=0x0000000b
siginfo: sig = 11, pid = 131, status = -1414812757, errno = 0, si_code = 1
r0 =0x00000000
r1 =0x00000000
r2 =0x00004001
r3 =0x00000064
r4 =0x0000001f
r5 =0xb6c84df9
r6 =0x00000001
r7 =0xbec99968
r8 =0x00000000
r9 =0x00000000
r10 =0x50569000
r11 =0xbec999ac
r12 =0x00001214
sp =0xbec99968
r14 =0xb6c84df9
pc =0x5062615e
cpsr=0x80070030
computing memory target for 0x5062615e causing SIGSEGV, kernel claims it is 0x00000083
<...>
system call 173
rt_sigreturn()
xsp is 0xb6c5fc90
SYSLOG_ERROR: Application /data/local/tmp/build_android-debug-internal-32/suite/tests/bin/common.nzcv (4628). Internal Error: DynamoRIO debug check failure: /work/dr/nightly/src/core/unix/signal.c:5530 sig > 0 && sig <= MAX_SIGNUM && IS_RT_FOR_APP(info, sig)
(Error occurred @3729 frags)Unfortunately it looks like the ARM-Linux CDash machine hasn't run since Dec 31. Does this work at all on ARM or is this problem limited to Android? If the former, please revert; if the latter, please disable this test on Android until it is made to work both natively and under DR.