Skip to content
GitLab
Closed
Issue created by Administrator@rootContributor

CRASH from new glibc 2.35 rseq on any app (-disable_rseq solves)

Created by: derchr

Describe the bug Running DynamoRIO to instrument any application, a crash occurs. ./drrun -- grep (no client at all) results in:

<Starting application /usr/bin/grep (331303)>
<Initial options = -no_dynamic_options -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct >
<Paste into GDB to debug DynamoRIO clients:
set confirm off
add-symbol-file '/home/derek/Git/dynamorio/build/lib64/debug/libdynamorio.so' 0x00007f972794a000
>
<(1+x) Handling our fault in a TRY at 0x00007f9727bbd98c>
<spurious rep/repne prefix @0x00007f97278a9650 (f3 0f 1e fa): >
<Application /usr/bin/grep (331303).  DynamoRIO internal crash at PC 0x00007f9727c26fda.  Please report this at http://dynamorio.org/issues/.  Program aborted.
Received SIGSEGV at pc 0x00007f9727c26fda in thread 331303
Base: 0x00007f97278ff000
Registers:eax=0x00007f94e391c0a0 ebx=0x0000000000050e27 ecx=0x00007f9727c29258 edx=0x00000000000009a0
        esi=0x00007f94e392b948 edi=0x0000000000001003 esp=0x00007f94e392b9d0 ebp=0x00007f94e392b9f0
        r8 =0x0000000000000000 r9 =0x0000000000000000 r10=0x00007f94e392b948 r11=0x0000000000000246
        r12=0x00007f97238c66d0 r13=0x00007f97238c66c7 r14=0x00007f97238c66cf r15=0x00007f97238c66dd
        eflags=0x0000000000010206
version 9.0.19068, custom build
-no_dynamic_options -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct 
0x00007f94e392b9f0 0x00007f9727c27254
0x00007f94e392ba10 0x00007f972798076b
0x00007f94e392ba70 0x00007f9727981bad
0x00007f94e392bab0 0x00007f9727ab66f9
0x00007f94e392bb10 0x00007f9727ab6bee
0x00007f94e392bb60 0x00007f9727978977
0x00007f94e392bba0 0x00007f9727a986a2
0x00007f94e392bd10 0x00007f9727a9b147
0x00007f94e392bf10 0x00007f97279cff0b
0x00007f94e392bff0 0x00007f96e388bf05
0x00007ffe2cb9c140 0x00007f9727639e0c
0x00007f97238c64e0 0x00007f97238d0f54>

Note that running trivial applications like ls or a simple hello world program does not result in a crash. Small list of applications that also do not work: vim, vi (it crashes at the moment you type anything), less, more.

Small list of applications that do work: ls, uname, cat.

To Reproduce Steps to reproduce the behavior:

  1. Pointer to a minimized application (ideally the source code for it and instructions on which toolchain it was built with). grep that comes with every Linux distribution.
  2. Precise command line for running the application. ./drrun -- grep
  3. Exact output or incorrect behavior. See above

I can reproduce on a fresh Arch Linux environment.

  • What happens when you run without any client? Same result with or without client: crash
  • What happens when you run with debug build ("-debug" flag to drrun/drconfig/drinject)? Same result

Expected behavior No crash, correct instrumentation.

Versions

  • What version of DynamoRIO are you using? Tested the 9.0.1 release and also a fresh build on master.

  • Does the latest build from https://github.com/DynamoRIO/dynamorio/releases solve the problem? No

  • What operating system version are you running on? Manjaro Linux (derivative of Arch Linux)

  • Is your application 32-bit or 64-bit? 64 bit

Operating System: Manjaro Linux KDE Plasma Version: 5.24.3 KDE Frameworks Version: 5.91.0 Qt Version: 5.15.3 Kernel Version: 5.16.14-1-MANJARO (64-bit) Graphics Platform: X11 Processors: 8 × Intel® Core™ i5-8250U CPU @ 1.60GHz Memory: 7.6 GiB of RAM Graphics Processor: Mesa Intel® UHD Graphics 620

Additional context This is the same bug as described in https://groups.google.com/g/dynamorio-users/c/eq5zD824QwY The problem might be related to rseq.

Also, one observation I made is that could be related to the recent update of Arch Linux to glibc version 2.35. For a small test I downgraded to 2.33 and the crash did not occur. However, this is not a solution as it breaks almost all applications that need the new version to run.

Running drrun with -disable_rseq also fixes the problem. However, with this flag the instrumentation is dead slow to say the least.

Logs and backtrace of the crash: log.0.32805.txt grep.0.32805.txt 'bt' and 'bt full'.txt