Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • D dynamorio
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,467
    • Issues 1,467
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 44
    • Merge requests 44
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • DynamoRIO
  • dynamorio
  • Issues
  • #5101
Closed
Open
Issue created Sep 16, 2021 by Derek Bruening@derekbrueningContributor

ASSERT is_readable_without_exception in pcache-use test on Ubuntu 20

Split from #4953 (closed).

Can repro on laptop:

$ rm logs/dpc-124212/*; bin64/drrun -persist -no_use_persisted -no_coarse_disk_merge -no_coarse_lone_merge -c suite/tests/bin/libclient.pcache.dll.so -- suite/tests/bin/client.pcache
$ bin64/drrun -persist -no_coarse_disk_merge -no_coarse_lone_merge -c suite/tests/bin/libclient.pcache.dll.so -- suite/tests/bin/client.pcache

The libc segments are all messed up with some pieces having privileges removed:

(gdb) bt
#0  report_dynamorio_problem (dcontext=0x0, dumpcore_flag=8, exception_addr=0x0, report_ebp=0x0, 
    fmt=0x7ffff7ec5810 "DynamoRIO debug check failure: %s:%d %s\n(Error occurred @%d frags in tid %d)") at /home/bruening/dr/git/src/core/utils.c:2107
#1  0x00007ffff7c5f457 in d_r_internal_error (file=0x7ffff7ee5780 "/home/bruening/dr/git/src/core/module_list.c", line=657, 
    expr=0x7ffff7ee5b70 "is_readable_without_exception(intersection_start, intersection_len)") at /home/bruening/dr/git/src/core/utils.c:179
#2  0x00007ffff7d3f7b3 in ensure_section_readable (module_base=0x7ffdf75f8000 "\177ELF\002\001\001\003", seg_start=0x7ffdf761d000 "\377\065\002\220\031", 
    seg_len=1355776, seg_chars=5, old_prot=0x7ffdf7be9ff4, view_start=0x7ffdf75f8000 "\177ELF\002\001\001\003", view_len=1855488)
    at /home/bruening/dr/git/src/core/module_list.c:657
#3  0x00007ffff7d3fe0a in module_calculate_digest (digest=0x7ffdf7bea258, module_base=0x7ffdf75f8000 "\177ELF\002\001\001\003", module_size=1855488, 
    full_digest=false, short_digest=true, short_digest_size=4096, sec_char_include=4294967293, sec_char_exclude=2) at /home/bruening/dr/git/src/core/module_list.c:848
#4  0x00007ffff7d4ba1a in persist_calculate_module_digest (digest=0x7ffdf7bea258, modbase=0x7ffdf75f8000 "\177ELF\002\001\001\003", modsize=1855488, 
    code_start=0x7ffdf761d000 "\377\065\002\220\031", code_end=0x7ffdf7768000 "\030q\353\377tq\353\377tq\353\377tq\353\377\030q\353\377@r\353\377 r\353\377", 
    validation_option=5) at /home/bruening/dr/git/src/core/perscache.c:2436
#5  0x00007ffff7d530f6 in coarse_unit_load (dcontext=0x7ffdf7bc4080, start=0x7ffdf761d000 "\377\065\002\220\031", 
    end=0x7ffdf7768000 "\030q\353\377tq\353\377tq\353\377tq\353\377\030q\353\377@r\353\377 r\353\377", for_execution=true)
    at /home/bruening/dr/git/src/core/perscache.c:3888
#6  0x00007ffff7d1934f in vm_area_load_coarse_unit (start=0x7ffdf7beaa78, end=0x7ffdf7beaa70, vm_flags=2, frag_flags=268435456, delayed=false, 
    comment=0x7ffff7edbdb1 "") at /home/bruening/dr/git/src/core/vmareas.c:2647
#7  0x00007ffff7d198f6 in add_executable_vm_area (start=0x7ffdf761d000 "\377\065\002\220\031", 
    end=0x7ffdf7768000 "\030q\353\377tq\353\377tq\353\377tq\353\377\030q\353\377@r\353\377 r\353\377", vm_flags=2, frag_flags=268435456, have_writelock=false, 
    comment=0x7ffff7edbdb1 "") at /home/bruening/dr/git/src/core/vmareas.c:2757
#8  0x00007ffff7d2035e in app_memory_protection_change_internal (dcontext=0x7ffdf7bc4080, update_areas=true, base=0x7ffdf761d000 "\377\065\002\220\031", 
    size=1355776, prot=5, new_memprot=0x7ffdf7beac0c, old_memprot=0x0, image=true) at /home/bruening/dr/git/src/core/vmareas.c:6946
#9  0x00007ffff7d2041b in app_memory_protection_change (dcontext=0x7ffdf7bc4080, base=0x7ffdf761d000 "\377\065\002\220\031", size=1355776, prot=5, 
    new_memprot=0x7ffdf7beac0c, old_memprot=0x0, image=true) at /home/bruening/dr/git/src/core/vmareas.c:7118
#10 0x00007ffff7e7f27f in memcache_handle_mmap (dcontext=0x7ffdf7bc4080, base=0x7ffdf761d000 "\377\065\002\220\031", size=1355776, memprot=5, image=true)
    at /home/bruening/dr/git/src/core/unix/memcache.c:521
#11 0x00007ffff7e54410 in process_mmap (dcontext=0x7ffdf7bc4080, base=0x7ffdf761d000 "\377\065\002\220\031", size=1355776, prot=5, flags=2066, 
    map_type=0x7ffff7f20faf "ELF SO") at /home/bruening/dr/git/src/core/unix/os.c:8075
#12 0x00007ffff7e54f36 in post_system_call (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/unix/os.c:8301
#13 0x00007ffff7c5523e in handle_post_system_call (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/dispatch.c:2187
#14 0x00007ffff7c4b848 in dispatch_enter_dynamorio (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/dispatch.c:892
#15 0x00007ffff7c46f8e in d_r_dispatch (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/dispatch.c:160
#16 0x0000000041b3cf0d in ?? ()
#17 0x0000000000000000 in ?? ()
(gdb) up 5
(gdb) info local
pers = 0x41bf5000
footer = 0x41c0c860
info = 0x0
option_buf = "-indirect_stubs -early_inject -coarse_units -coarse_split_calls -coarse_split_riprel -persist -no_indcall2direct \000\276\367\375\177\000\000\311\017\326\367\026\000\000\000\177\245\276\367\375\177\000\000B\177\362\367\377\377\377\377\220\246\276\367\375\177\000\000\311\017\326\367\377\177\000\000\300\246\276\367\375\177\000\000B\177\362\367\377\177\000\000\030\000\000\000\000\000\000\000ҧ\276\367\375\177\000\000\066\066\071\071\066\064\000\000\377"...
filename = "/home/bruening/dr/git/build_x64_dbg_tests/bin64/../logs/dpc-124212/libc.so.6-dbg-0x7b0ae65a.dpc\000`\021\362\367\377\177\000\000\257\244\276\367\241\377\001\000post syscall: sysnum=0x", '0' <repeats 15 times>, "9, result=0x00007ffdf761d000 (-144584704)\n\000\243\276\367\375\177\000\000"...
option_string = 0x7ffdf7bea4a0 "-indirect_stubs -early_inject -coarse_units -coarse_split_calls -coarse_split_riprel -persist -no_indcall2direct "
option_level = OP_PCACHE_GLOBAL
fd = 6
map = 0x41bf5000 "RIO$\n"
map2 = 0x0
map_size = 96388
map2_size = 0
file_size = 96388
stubs_and_prefixes_len = 140737352313529
pc = 0x742d0f7bea9d0 <error: Cannot access memory at address 0x742d0f7bea9d0>
rx_pc = 0x7ffdf7bea900 "`\310\300A"
rwx_pc = 0x7ffff7e42ab9 <is_thread_tls_initialized+108> "=RIO$\017\224\300\351", <incomplete sequence \346>
modinfo = {
  base = 0x7ffdf75f8000 "\177ELF\002\001\001\003",
  checksum = 757303080,
  timestamp = 0,
  image_size = 1855488,
  code_size = 1355776,
  file_version = 0,
  module_md5 = {
    full_MD5 = '\000' <repeats 15 times>,
    short_MD5 = '\000' <repeats 15 times>
  }
}
modbase = 0x7ffdf75f8000 "\177ELF\002\001\001\003"
success = false
ok = false
(gdb) memquery 0x7ffdf75f8000
7ffdf75f8000-7ffdf761d000 r--p 00000000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
(gdb) memquery 0x7ffdf761d000 
7ffdf761d000-7ffdf7768000 r-xp 00025000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
(gdb) memquery 0x7ffdf7768000
7ffdf7768000-7ffdf77b3000 ---p 00170000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
(gdb) frame 2
#2  0x00007ffff7d3f7b3 in ensure_section_readable (module_base=0x7ffdf75f8000 "\177ELF\002\001\001\003", seg_start=0x7ffdf761d000 "\377\065\002\220\031", 
    seg_len=1355776, seg_chars=5, old_prot=0x7ffdf7be9ff4, view_start=0x7ffdf75f8000 "\177ELF\002\001\001\003", view_len=1855488)
    at /home/bruening/dr/git/src/core/module_list.c:657
657	        ASSERT(is_readable_without_exception(intersection_start, intersection_len));
(gdb) info local
ok = 32765
intersection_start = 0x7ffdf761d000 "\377\065\002\220\031"
intersection_len = 1355776
(gdb) p/x intersection_start + intersection_len
$1 = 0x7ffdf7768000
(gdb) p dynamo_options.use_all_memory_areas
$2 = true
(gdb) p all_memory_areas->buf[24]
$12 = {
  start = 0x7ffdf75f8000 "\177ELF\002\001\001\003",
  end = 0x7ffdf761d000 "\377\065\002\220\031",
  vm_flags = 0,
  frag_flags = 0,
  comment = 0x7ffdf7b8ac00 "",
  custom = {
    frags = 0x7ffdf7b8abe8,
    client = 0x7ffdf7b8abe8
  }
}
(gdb) p all_memory_areas->buf[25]
$8 = {
  start = 0x7ffdf761d000 "\377\065\002\220\031",
  end = 0x7ffdf77b3000 "@\237\030",
  vm_flags = 0,
  frag_flags = 0,
  comment = 0x7ffdf7b8ac40 "",
  custom = {
    frags = 0x7ffdf7b8ac28,
    client = 0x7ffdf7b8ac28
  }
}
(gdb) p *(allmem_info_t*) all_memory_areas->buf[24].custom.client
$14 = {
  prot = 1,
  type = DR_MEMTYPE_IMAGE,
  shareable = true,
  vdso = false,
  dr_vmm = false
}
(gdb) p *(allmem_info_t*) all_memory_areas->buf[25].custom.client
$15 = {
  prot = 0,
  type = DR_MEMTYPE_IMAGE,
  shareable = false,
  vdso = false,
  dr_vmm = false
}

7ffdf75f8000-7ffdf761d000 r--p 00000000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf761d000-7ffdf7768000 r-xp 00025000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf7768000-7ffdf77b3000 ---p 00170000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf77b3000-7ffdf77bd000 r--p 001bb000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so

7ffdf77bd000-7ffdf77e2000 r--p 00000000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf77e2000-7ffdf792d000 r-xp 00025000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf792d000-7ffdf7977000 r--p 00170000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf7977000-7ffdf7978000 ---p 00000000 00:00 0 
7ffdf7978000-7ffdf797e000 rw-p 001ba000 fe:01 10486447                   /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf797e000-7ffdf7982000 rw-p 00000000 00:00 0 
$ readelf -l /lib/x86_64-linux-gnu/libc-2.31.so
Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
                 0x00000000000002a0 0x00000000000002a0  R      0x8
  INTERP         0x0000000000193f20 0x0000000000193f20 0x0000000000193f20
                 0x000000000000001c 0x000000000000001c  R      0x10
      [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000024980 0x0000000000024980  R      0x1000
  LOAD           0x0000000000025000 0x0000000000025000 0x0000000000025000
                 0x000000000014a50c 0x000000000014a50c  R E    0x1000
  LOAD           0x0000000000170000 0x0000000000170000 0x0000000000170000
                 0x0000000000049fcb 0x0000000000049fcb  R      0x1000
  LOAD           0x00000000001ba5e0 0x00000000001bb5e0 0x00000000001bb5e0
                 0x0000000000005030 0x0000000000008f28  RW     0x1000
Assignee
Assign to
Time tracking