ASSERT is_readable_without_exception in pcache-use test on Ubuntu 20
Split from #4953 (closed).
Can repro on laptop:
$ rm logs/dpc-124212/*; bin64/drrun -persist -no_use_persisted -no_coarse_disk_merge -no_coarse_lone_merge -c suite/tests/bin/libclient.pcache.dll.so -- suite/tests/bin/client.pcache
$ bin64/drrun -persist -no_coarse_disk_merge -no_coarse_lone_merge -c suite/tests/bin/libclient.pcache.dll.so -- suite/tests/bin/client.pcacheThe libc segments are all messed up with some pieces having privileges removed:
(gdb) bt
#0 report_dynamorio_problem (dcontext=0x0, dumpcore_flag=8, exception_addr=0x0, report_ebp=0x0,
fmt=0x7ffff7ec5810 "DynamoRIO debug check failure: %s:%d %s\n(Error occurred @%d frags in tid %d)") at /home/bruening/dr/git/src/core/utils.c:2107
#1 0x00007ffff7c5f457 in d_r_internal_error (file=0x7ffff7ee5780 "/home/bruening/dr/git/src/core/module_list.c", line=657,
expr=0x7ffff7ee5b70 "is_readable_without_exception(intersection_start, intersection_len)") at /home/bruening/dr/git/src/core/utils.c:179
#2 0x00007ffff7d3f7b3 in ensure_section_readable (module_base=0x7ffdf75f8000 "\177ELF\002\001\001\003", seg_start=0x7ffdf761d000 "\377\065\002\220\031",
seg_len=1355776, seg_chars=5, old_prot=0x7ffdf7be9ff4, view_start=0x7ffdf75f8000 "\177ELF\002\001\001\003", view_len=1855488)
at /home/bruening/dr/git/src/core/module_list.c:657
#3 0x00007ffff7d3fe0a in module_calculate_digest (digest=0x7ffdf7bea258, module_base=0x7ffdf75f8000 "\177ELF\002\001\001\003", module_size=1855488,
full_digest=false, short_digest=true, short_digest_size=4096, sec_char_include=4294967293, sec_char_exclude=2) at /home/bruening/dr/git/src/core/module_list.c:848
#4 0x00007ffff7d4ba1a in persist_calculate_module_digest (digest=0x7ffdf7bea258, modbase=0x7ffdf75f8000 "\177ELF\002\001\001\003", modsize=1855488,
code_start=0x7ffdf761d000 "\377\065\002\220\031", code_end=0x7ffdf7768000 "\030q\353\377tq\353\377tq\353\377tq\353\377\030q\353\377@r\353\377 r\353\377",
validation_option=5) at /home/bruening/dr/git/src/core/perscache.c:2436
#5 0x00007ffff7d530f6 in coarse_unit_load (dcontext=0x7ffdf7bc4080, start=0x7ffdf761d000 "\377\065\002\220\031",
end=0x7ffdf7768000 "\030q\353\377tq\353\377tq\353\377tq\353\377\030q\353\377@r\353\377 r\353\377", for_execution=true)
at /home/bruening/dr/git/src/core/perscache.c:3888
#6 0x00007ffff7d1934f in vm_area_load_coarse_unit (start=0x7ffdf7beaa78, end=0x7ffdf7beaa70, vm_flags=2, frag_flags=268435456, delayed=false,
comment=0x7ffff7edbdb1 "") at /home/bruening/dr/git/src/core/vmareas.c:2647
#7 0x00007ffff7d198f6 in add_executable_vm_area (start=0x7ffdf761d000 "\377\065\002\220\031",
end=0x7ffdf7768000 "\030q\353\377tq\353\377tq\353\377tq\353\377\030q\353\377@r\353\377 r\353\377", vm_flags=2, frag_flags=268435456, have_writelock=false,
comment=0x7ffff7edbdb1 "") at /home/bruening/dr/git/src/core/vmareas.c:2757
#8 0x00007ffff7d2035e in app_memory_protection_change_internal (dcontext=0x7ffdf7bc4080, update_areas=true, base=0x7ffdf761d000 "\377\065\002\220\031",
size=1355776, prot=5, new_memprot=0x7ffdf7beac0c, old_memprot=0x0, image=true) at /home/bruening/dr/git/src/core/vmareas.c:6946
#9 0x00007ffff7d2041b in app_memory_protection_change (dcontext=0x7ffdf7bc4080, base=0x7ffdf761d000 "\377\065\002\220\031", size=1355776, prot=5,
new_memprot=0x7ffdf7beac0c, old_memprot=0x0, image=true) at /home/bruening/dr/git/src/core/vmareas.c:7118
#10 0x00007ffff7e7f27f in memcache_handle_mmap (dcontext=0x7ffdf7bc4080, base=0x7ffdf761d000 "\377\065\002\220\031", size=1355776, memprot=5, image=true)
at /home/bruening/dr/git/src/core/unix/memcache.c:521
#11 0x00007ffff7e54410 in process_mmap (dcontext=0x7ffdf7bc4080, base=0x7ffdf761d000 "\377\065\002\220\031", size=1355776, prot=5, flags=2066,
map_type=0x7ffff7f20faf "ELF SO") at /home/bruening/dr/git/src/core/unix/os.c:8075
#12 0x00007ffff7e54f36 in post_system_call (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/unix/os.c:8301
#13 0x00007ffff7c5523e in handle_post_system_call (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/dispatch.c:2187
#14 0x00007ffff7c4b848 in dispatch_enter_dynamorio (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/dispatch.c:892
#15 0x00007ffff7c46f8e in d_r_dispatch (dcontext=0x7ffdf7bc4080) at /home/bruening/dr/git/src/core/dispatch.c:160
#16 0x0000000041b3cf0d in ?? ()
#17 0x0000000000000000 in ?? ()
(gdb) up 5
(gdb) info local
pers = 0x41bf5000
footer = 0x41c0c860
info = 0x0
option_buf = "-indirect_stubs -early_inject -coarse_units -coarse_split_calls -coarse_split_riprel -persist -no_indcall2direct \000\276\367\375\177\000\000\311\017\326\367\026\000\000\000\177\245\276\367\375\177\000\000B\177\362\367\377\377\377\377\220\246\276\367\375\177\000\000\311\017\326\367\377\177\000\000\300\246\276\367\375\177\000\000B\177\362\367\377\177\000\000\030\000\000\000\000\000\000\000ҧ\276\367\375\177\000\000\066\066\071\071\066\064\000\000\377"...
filename = "/home/bruening/dr/git/build_x64_dbg_tests/bin64/../logs/dpc-124212/libc.so.6-dbg-0x7b0ae65a.dpc\000`\021\362\367\377\177\000\000\257\244\276\367\241\377\001\000post syscall: sysnum=0x", '0' <repeats 15 times>, "9, result=0x00007ffdf761d000 (-144584704)\n\000\243\276\367\375\177\000\000"...
option_string = 0x7ffdf7bea4a0 "-indirect_stubs -early_inject -coarse_units -coarse_split_calls -coarse_split_riprel -persist -no_indcall2direct "
option_level = OP_PCACHE_GLOBAL
fd = 6
map = 0x41bf5000 "RIO$\n"
map2 = 0x0
map_size = 96388
map2_size = 0
file_size = 96388
stubs_and_prefixes_len = 140737352313529
pc = 0x742d0f7bea9d0 <error: Cannot access memory at address 0x742d0f7bea9d0>
rx_pc = 0x7ffdf7bea900 "`\310\300A"
rwx_pc = 0x7ffff7e42ab9 <is_thread_tls_initialized+108> "=RIO$\017\224\300\351", <incomplete sequence \346>
modinfo = {
base = 0x7ffdf75f8000 "\177ELF\002\001\001\003",
checksum = 757303080,
timestamp = 0,
image_size = 1855488,
code_size = 1355776,
file_version = 0,
module_md5 = {
full_MD5 = '\000' <repeats 15 times>,
short_MD5 = '\000' <repeats 15 times>
}
}
modbase = 0x7ffdf75f8000 "\177ELF\002\001\001\003"
success = false
ok = false
(gdb) memquery 0x7ffdf75f8000
7ffdf75f8000-7ffdf761d000 r--p 00000000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
(gdb) memquery 0x7ffdf761d000
7ffdf761d000-7ffdf7768000 r-xp 00025000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
(gdb) memquery 0x7ffdf7768000
7ffdf7768000-7ffdf77b3000 ---p 00170000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
(gdb) frame 2
#2 0x00007ffff7d3f7b3 in ensure_section_readable (module_base=0x7ffdf75f8000 "\177ELF\002\001\001\003", seg_start=0x7ffdf761d000 "\377\065\002\220\031",
seg_len=1355776, seg_chars=5, old_prot=0x7ffdf7be9ff4, view_start=0x7ffdf75f8000 "\177ELF\002\001\001\003", view_len=1855488)
at /home/bruening/dr/git/src/core/module_list.c:657
657 ASSERT(is_readable_without_exception(intersection_start, intersection_len));
(gdb) info local
ok = 32765
intersection_start = 0x7ffdf761d000 "\377\065\002\220\031"
intersection_len = 1355776
(gdb) p/x intersection_start + intersection_len
$1 = 0x7ffdf7768000
(gdb) p dynamo_options.use_all_memory_areas
$2 = true
(gdb) p all_memory_areas->buf[24]
$12 = {
start = 0x7ffdf75f8000 "\177ELF\002\001\001\003",
end = 0x7ffdf761d000 "\377\065\002\220\031",
vm_flags = 0,
frag_flags = 0,
comment = 0x7ffdf7b8ac00 "",
custom = {
frags = 0x7ffdf7b8abe8,
client = 0x7ffdf7b8abe8
}
}
(gdb) p all_memory_areas->buf[25]
$8 = {
start = 0x7ffdf761d000 "\377\065\002\220\031",
end = 0x7ffdf77b3000 "@\237\030",
vm_flags = 0,
frag_flags = 0,
comment = 0x7ffdf7b8ac40 "",
custom = {
frags = 0x7ffdf7b8ac28,
client = 0x7ffdf7b8ac28
}
}
(gdb) p *(allmem_info_t*) all_memory_areas->buf[24].custom.client
$14 = {
prot = 1,
type = DR_MEMTYPE_IMAGE,
shareable = true,
vdso = false,
dr_vmm = false
}
(gdb) p *(allmem_info_t*) all_memory_areas->buf[25].custom.client
$15 = {
prot = 0,
type = DR_MEMTYPE_IMAGE,
shareable = false,
vdso = false,
dr_vmm = false
}
7ffdf75f8000-7ffdf761d000 r--p 00000000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf761d000-7ffdf7768000 r-xp 00025000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf7768000-7ffdf77b3000 ---p 00170000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf77b3000-7ffdf77bd000 r--p 001bb000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf77bd000-7ffdf77e2000 r--p 00000000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf77e2000-7ffdf792d000 r-xp 00025000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf792d000-7ffdf7977000 r--p 00170000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf7977000-7ffdf7978000 ---p 00000000 00:00 0
7ffdf7978000-7ffdf797e000 rw-p 001ba000 fe:01 10486447 /lib/x86_64-linux-gnu/libc-2.31.so
7ffdf797e000-7ffdf7982000 rw-p 00000000 00:00 0 $ readelf -l /lib/x86_64-linux-gnu/libc-2.31.so
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040
0x00000000000002a0 0x00000000000002a0 R 0x8
INTERP 0x0000000000193f20 0x0000000000193f20 0x0000000000193f20
0x000000000000001c 0x000000000000001c R 0x10
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000024980 0x0000000000024980 R 0x1000
LOAD 0x0000000000025000 0x0000000000025000 0x0000000000025000
0x000000000014a50c 0x000000000014a50c R E 0x1000
LOAD 0x0000000000170000 0x0000000000170000 0x0000000000170000
0x0000000000049fcb 0x0000000000049fcb R 0x1000
LOAD 0x00000000001ba5e0 0x00000000001bb5e0 0x00000000001bb5e0
0x0000000000005030 0x0000000000008f28 RW 0x1000