View previous topic :: View next topic |
Author |
Message |
tenspd1370 Tux's lil' helper
Joined: 14 Dec 2017 Posts: 119
|
Posted: Tue Feb 12, 2019 10:29 pm Post subject: Valgrind unhandled instructions [solved] |
|
|
Hi all -
I have a program I am trying to debug with valgrind. I have tried both 32 (-m32) and 64 bit compiles On the 32 bit, it gives me:
Code: |
==27774== Memcheck, a memory error detector
==27774== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==27774== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==27774== Command: ./tbmrc-classify
==27774==
vex x86->IR: unhandled instruction bytes: 0xC4 0xE2 0x7A 0xF7
==27774== valgrind: Unrecognised instruction at address 0x400b643.
==27774== at 0x400B643: _dl_new_object (dl-object.c:66)
==27774== by 0x4002C18: dl_main (rtld.c:1107)
==27774== by 0x4018569: _dl_sysdep_start (dl-sysdep.c:253)
==27774== by 0x4001F2A: _dl_start_final (rtld.c:415)
==27774== by 0x4001F2A: _dl_start (rtld.c:522)
==27774== by 0x40010BA: ??? (in /lib32/ld-2.28.so)
==27774== Your program just tried to execute an instruction that Valgrind
==27774== did not recognise. There are two possible reasons for this.
==27774== 1. Your program has a bug and erroneously jumped to a non-code
==27774== location. If you are running Memcheck and you just saw a
==27774== warning about a bad jump, it's probably your program's fault.
==27774== 2. The instruction is legitimate but Valgrind doesn't handle it,
==27774== i.e. it's Valgrind's fault. If you think this is the case or
==27774== you are not sure, please let us know and we'll try to fix it.
==27774== Either way, Valgrind will now raise a SIGILL signal which will
==27774== probably kill your program.
==27774==
==27774== Process terminating with default action of signal 4 (SIGILL)
==27774== Illegal opcode at address 0x400B643
==27774== at 0x400B643: _dl_new_object (dl-object.c:66)
==27774== by 0x4002C18: dl_main (rtld.c:1107)
==27774== by 0x4018569: _dl_sysdep_start (dl-sysdep.c:253)
==27774== by 0x4001F2A: _dl_start_final (rtld.c:415)
==27774== by 0x4001F2A: _dl_start (rtld.c:522)
==27774== by 0x40010BA: ??? (in /lib32/ld-2.28.so)
==27774==
==27774== HEAP SUMMARY:
==27774== in use at exit: 0 bytes in 0 blocks
==27774== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==27774==
==27774== All heap blocks were freed -- no leaks are possible
==27774==
==27774== For counts of detected and suppressed errors, rerun with: -v
==27774== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
|
and 64 bit
Code: |
==30645== Memcheck, a memory error detector
==30645== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30645== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==30645== Command: ./tbmrc-classify
==30645==
vex amd64->IR: unhandled instruction bytes: 0x62 0xD1 0xFE 0x8 0x6F 0x47 0x2C 0x48 0x8B 0x15
vex amd64->IR: REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
vex amd64->IR: VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=NONE
vex amd64->IR: PFX.66=0 PFX.F2=0 PFX.F3=0
==30645== valgrind: Unrecognised instruction at address 0x4004245.
==30645== at 0x4004245: dl_main (rtld.c:2103)
==30645== by 0x4018282: _dl_sysdep_start (dl-sysdep.c:253)
==30645== by 0x4002115: _dl_start_final (rtld.c:415)
==30645== by 0x4002115: _dl_start (rtld.c:522)
==30645== by 0x4001097: ??? (in /lib64/ld-2.28.so)
==30645== Your program just tried to execute an instruction that Valgrind
==30645== did not recognise. There are two possible reasons for this.
==30645== 1. Your program has a bug and erroneously jumped to a non-code
==30645== location. If you are running Memcheck and you just saw a
==30645== warning about a bad jump, it's probably your program's fault.
==30645== 2. The instruction is legitimate but Valgrind doesn't handle it,
==30645== i.e. it's Valgrind's fault. If you think this is the case or
==30645== you are not sure, please let us know and we'll try to fix it.
==30645== Either way, Valgrind will now raise a SIGILL signal which will
==30645== probably kill your program.
==30645==
==30645== Process terminating with default action of signal 4 (SIGILL)
==30645== Illegal opcode at address 0x4004245
==30645== at 0x4004245: dl_main (rtld.c:2103)
==30645== by 0x4018282: _dl_sysdep_start (dl-sysdep.c:253)
==30645== by 0x4002115: _dl_start_final (rtld.c:415)
==30645== by 0x4002115: _dl_start (rtld.c:522)
==30645== by 0x4001097: ??? (in /lib64/ld-2.28.so)
==30645== Jump to the invalid address stated on the next line
==30645== at 0x1036: ???
==30645== by 0x3436782C: ???
==30645== by 0x4018282: _dl_sysdep_start (dl-sysdep.c:253)
==30645== by 0x4002115: _dl_start_final (rtld.c:415)
==30645== by 0x4002115: _dl_start (rtld.c:522)
==30645== by 0x4001097: ??? (in /lib64/ld-2.28.so)
==30645== Address 0x1036 is not stack'd, malloc'd or (recently) free'd
==30645==
==30645==
==30645== Process terminating with default action of signal 11 (SIGSEGV)
==30645== Bad permissions for mapped region at address 0x1036
==30645== at 0x1036: ???
==30645== by 0x3436782C: ???
==30645== by 0x4018282: _dl_sysdep_start (dl-sysdep.c:253)
==30645== by 0x4002115: _dl_start_final (rtld.c:415)
==30645== by 0x4002115: _dl_start (rtld.c:522)
==30645== by 0x4001097: ??? (in /lib64/ld-2.28.so)
==30645==
==30645== HEAP SUMMARY:
==30645== in use at exit: 0 bytes in 0 blocks
==30645== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==30645==
==30645== All heap blocks were freed -- no leaks are possible
==30645==
==30645== For counts of detected and suppressed errors, rerun with: -v
==30645== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
|
I think I have everything compiled right - emerge --info
Code: |
Portage 2.3.59 (python 3.6.6-final-0, default/linux/amd64/17.0, gcc-8.2.0, glibc-2.28-r5, 4.19.7-gentoo x86_64)
=================================================================
System uname: Linux-4.19.7-gentoo-x86_64-Intel-R-_Xeon-R-_Silver_4108_CPU_@_1.80GHz-with-gentoo-2.6
KiB Mem: 16113016 total, 3095480 free
KiB Swap: 1048572 total, 105848 free
Timestamp of repository gentoo: Thu, 31 Jan 2019 16:00:01 +0000
Head commit of repository gentoo: c7025a2de55c10db0b7dc891b08a2be829cabdf3
sh bash 5.0_p2
ld GNU ld (Gentoo 2.31.1 p5) 2.31.1
app-shells/bash: 5.0_p2::gentoo
dev-java/java-config: 2.2.0-r4::gentoo
dev-lang/perl: 5.28.0::gentoo
dev-lang/python: 2.7.15::gentoo, 3.6.6::gentoo
dev-util/cmake: 3.13.3::gentoo
dev-util/pkgconfig: 0.29.2::gentoo
sys-apps/baselayout: 2.6-r1::gentoo
sys-apps/openrc: 0.40.3::gentoo
sys-apps/sandbox: 2.15::gentoo
sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r4::gentoo
sys-devel/automake: 1.13.4-r2::gentoo, 1.16.1-r1::gentoo
sys-devel/binutils: 2.31.1-r3::gentoo
sys-devel/gcc: 7.4.0::gentoo, 8.2.0-r6::gentoo
sys-devel/gcc-config: 2.0::gentoo
sys-devel/libtool: 2.4.6-r5::gentoo
sys-devel/make: 4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.20::gentoo (virtual/os-headers)
sys-libs/glibc: 2.28-r5::gentoo
Repositories:
gentoo
location: /usr/portage
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
sync-rsync-extra-opts:
sync-rsync-verify-metamanifest: yes
sync-rsync-verify-max-age: 24
sync-rsync-verify-jobs: 1
localrepo
location: /usr/local/portage
masters: gentoo
crossdev
location: /usr/local/portage-crossdev
masters: gentoo
priority: 10
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://gentoo.cs.uni.edu/ http://gentoo.cs.utah.edu/"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X \ aac acl alsa amd64 berkdb bzip2 cgroups cli crypt cxx dbus dri ffmpeg fontconfig fortran gdbm iconv ipv6 jpeg jpeg2k libtirpc mmx multilib ncurses nls nptl openmp pam pcre png pulseaudio qt3support readline seccomp sse sse2 ssl svg tcpd tiff truetype unicode webp xft zlib" ABI_X86="32 64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="ARM Hexagon MSP430 Mips PowerPC Sparc SystemZ XCore AMDGPU BPF NVPTX" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-1" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" QEMU_SOFTMMU_TARGETS="arm x86_64 aarch64 sh4 mips mips64" QEMU_USER_TARGETS="arm x86_64 aarch64 sh4 mips mips64" RUBY_TARGETS="ruby24" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
|
I can't even figure out how to determine what those bytes mean. My google searches have turned up not very much. Any ideas?
Thanks!
Last edited by tenspd1370 on Thu Feb 14, 2019 11:10 pm; edited 1 time in total |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21595
|
Posted: Wed Feb 13, 2019 3:03 am Post subject: |
|
|
Determining their meaning is easy. Stick them in a text segment, then disassemble them. -m32: | 8: c4 e2 7a f7 90 90 90 90 90 sarxl %eax,-0x6f6f6f70(%eax),%edx |
-m64: | 14: 62 d1 fe 08 6f 47 2c vmovdqu64 0x2c0(%r15),%xmm0
1b: 48 8b 15 90 90 90 90 movq -0x6f6f6f70(%rip),%rdx # 0xffffffff909090b2 | Interpreting the disassembled code is not as easy. Ignore the displacement shown (-0x6f6f6f70). I had to flood the area with padding bytes because the Valgrind output didn't show the actual displacement size. sar is usually Shift Arithmetic Right. I'm not familiar with sarxl, but Google leads me to Arithmetic Shift Right Without Affecting Flags. The -m64 instructions look reasonable. You probably need to rebuild the affected library with a more limited -march so that your compiler does not use advanced instructions that this version of Valgrind does not accept. |
|
Back to top |
|
|
tenspd1370 Tux's lil' helper
Joined: 14 Dec 2017 Posts: 119
|
Posted: Wed Feb 13, 2019 6:03 pm Post subject: |
|
|
Thanks! Before I read this - I came to the same conclusion last night. Just for fun, I tried valgrind on my home computer, same problem - different instructions. I added some -mno-<instruction set> there, recompiled glibc, gcc, and the test "hello" program and it worked. Working on similar fix on original computer.
If you don't mind my asking - how did you disassemble them? Not sure what you mean by just sticking them in a text segment and decompiling, although I am not familiar with executables and the various formats (elf, etc.) at that level, just that text segments exist. I used objdump -d <program> | grep "c4 e2 7a" for example and figured out what the instructions were that way.
Thanks so much for looking at it! |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21595
|
Posted: Thu Feb 14, 2019 2:15 am Post subject: |
|
|
Code: | $ cat i.c
asm(".byte 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xc4, 0xe2, 0x7a, 0xf7");
asm(".byte 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x62 ,0xD1 ,0xFE ,0x8 ,0x6F ,0x47 ,0x2C ,0x48 ,0x8B ,0x15 ");
asm(".byte 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90");
asm(".byte 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90");
$ gcc -c i.c
$ objdump -d i.o
<output omitted>
| In short, what you did, except that I guaranteed availability of a copy of the offending bytes by compiling a C file with an asm directive that emitted them. You had to find a file that had the relevant bytes and locate them within a much larger program. I created a file with just the target content and some padding, so that they could be found easily. |
|
Back to top |
|
|
tenspd1370 Tux's lil' helper
Joined: 14 Dec 2017 Posts: 119
|
Posted: Thu Feb 14, 2019 11:09 pm Post subject: |
|
|
Cool trick - thanks! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|