DynamoRIO
SIGSEGV while trying to run memtrace & memval_simple from sample clients
I was trying to observe the Load and store of a simple cpp program. so get all the loads and store operation and their address where load and store happens and data in it. So came across dynamo rio. While i was trying to use the sample client memtrace_x86.c which is libmemtrace_x86_text.so. I Received SIGSEGV.
using LINUX x86_64
The command ->. drrun -root /home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613 -c /home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/libmemtrace_x86_text.so -debug -- ./myprogram_test1
The code in myprogram_test1 is int main() { // int curr_var=444; int *ptr =( int*) malloc(4); printf("Address of the pointer ptr : %p\n", ptr); *ptr = 444 ; printf("Addition Operation"); *ptr = *ptr + 1 ; printf("Division Operation"); *ptr = *ptr/ 2 ; // int* m4=&curr_var; // printf("Address of pointer ptr: %p\n", (int *)m4); // printf("Address of the pointer ptr : %p\n",ptr); printf("Value of the pointer ptr : %d\n",*ptr); return 0; }
So when i executed the command i got this segmentation error it apprently also gives segmentation fault when i simply have main(){}.
ERROR:: ~/dr_dynamorio/working_my_space$ drrun -root /home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613 -c /home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/libmemtrace_x86_text.so -debug -- ./myprogram_test1 Client memtrace is running Data file /home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/memtrace.myprogram_test1.1186561.0000.log created <Application /home/athbha01/dr_dynamorio/working_my_space/myprogram_test1 (1186561). DynamoRIO Sample Client 'memtrace' internal crash at PC 0x00007f906a0681d3. Please report this at http://dynamorio.org/issues. Program aborted. Received SIGSEGV at pc 0x00007f906a0681d3 in thread 1186561 Base: 0x00007f906a600000 Registers:eax=0x0000000000000000 ebx=0x00007f8e266e1d20 ecx=0x0000000000000000 edx=0x00000000fbad248c esi=0x00000000fbad0000 edi=0x00007ffc83095170 esp=0x00007ffc83095168 ebp=0x0000000000000000 r8 =0x00007f906a1ed0c0 r9 =0x00007f902660805e r10=0x00007f906a7de000 r11=0x0000000000000246 r12=0x00007ffc83095170 r13=0x00007f906a1f2a50 r14=0x0000000000000000 r15=0x00007f8e266e1d20 eflags=0x0000000000010246 version 10.0.19613, custom build -no_dynamic_options -client_lib '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/libmemtrace_x86_text.so;0;"-debug"' -client_lib64 '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/libmemtrace_x86_text.so;0;"-debug"' -code_api -stack_size 56K 0x00007f8e26692080 0x0000000000000000>
Please also answer these questions:
- What happens when you run without any client? -> it works , it works for all other clients besides which is related to mem. like memtrace, memval. for rest it works.
- What happens when you run with debug build ("-debug" flag to drrun/drconfig/drinject)? -> same error Versions
- What version of DynamoRIO are you using? drrun version 10.0.19613 -- build 0 About system: Description: Ubuntu 22.04.3 LTS Release: 22.04 Linux. #26~22.04.1-Ubuntu. x86_64
Can you try to run it from the build directory?
I copied the program above and ran it as follows:
dynamorio/build$ ./bin64/drrun -c ./api/bin/libmemtrace_x86_text.so -debug -- ./bin64/myprogram_test1 Client memtrace is running Data file /usr/local/google/home/kyluk/Memtrace/kernel-event/dynamorio/build/api/bin/memtrace.myprogram_test1.441468.0000.log created Address of the pointer ptr : 0x7f49a4c002a0 Addition OperationDivision OperationValue of the pointer ptr : 222 Instrumentation results: saw 36758 memory references
Or point -root to the build directory, i.e.
dynamorio/build/bin64$ ./drrun -root .. -c ../api/bin/libmemtrace_x86_text.so -debug -- ./myprogram_test1 Client memtrace is running Data file /usr/local/google/home/kyluk/Memtrace/kernel-event/dynamorio/build/bin64/../api/bin/memtrace.myprogram_test1.442294.0000.log created Address of the pointer ptr : 0x7f159c7fc2a0 Addition OperationDivision OperationValue of the pointer ptr : 222 Instrumentation results: saw 36758 memory references
still facing the same issue.
dynamorio/build$ ./bin64/drrun -c ./api/bin/libmemtrace_x86_text.so -debug -- ./bin64/myprogram_test Client memtrace is running Data file /home/athbha01/dr_dynamorio/drio/dynamorio/build/api/bin/memtrace.myprogram_test.1714961.0000.log created <Application /home/athbha01/dr_dynamorio/drio/dynamorio/build/bin64/myprogram_test (1714961). DynamoRIO Sample Client 'memtrace' internal crash at PC 0x00007fda570681d3. Please report this at http://dynamorio.org/issues. Program aborted. Received SIGSEGV at pc 0x00007fda570681d3 in thread 1714961 Base: 0x00007fda57600000 Registers:eax=0x0000000000000000 ebx=0x00007fd8136e1d20 ecx=0x0000000000000000 edx=0x00000000fbad248c esi=0x00000000fbad0000 edi=0x00007ffc14ff42d0 esp=0x00007ffc14ff42c8 ebp=0x0000000000000000 r8 =0x00007fda571ed0c0 r9 =0x00007ffc14ff34b4 r10=0x00007fda577e9000 r11=0x0000000000000246 r12=0x00007ffc14ff42d0 r13=0x00007fda571f2a50 r14=0x0000000000000000 r15=0x00007fd8136e1d20 eflags=0x0000000000010246 version 10.0.19647, custom build -no_dynamic_options -client_lib '/home/athbha01/dr_dynamorio/drio/dynamorio/build/api/bin/libmemtrace_x86_text.so;0;"-debug"' -client_lib64 '/home/athbha01/dr_dynamorio/drio/dynamorio/build/api/bin/libmemtrace_x86_text.so;0;"-debug"' -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -ear 0x00007fd813692080 0x0000000000000000>
Are there any changes to memtrace_x86.c or other files?
If you build from source, i.e. https://dynamorio.org/page_building.html, from scratch, do you still see the same problem?
I can't reproduce the problem using myprogram_test1 which was posted above.
Can you share the log, i.e. /home/athbha01/dr_dynamorio/drio/dynamorio/build/api/bin/memtrace.myprogram_test.1714961.0000.log ?
Also, can you try "$ ./bin64/drrun echo hello world" from build? ("https://dynamorio.org/page_building.html")
./bin64/drrun -c ./api/bin/libmemtrace_x86_text.so -debug -- ./bin64/myprogram_test
You are not passing -debug to drrun: you are passing it to the memtrace client, who is ignoring it. Pass -debug before the -c option.
Use gdb and the symbol load commands printed in debug build to get a symbolized callstack of the crash point.
What is the glibc version: is this a private loader issue.
thanks , indeed -debug worked here as you said. with -debug <Paste into GDB to debug DynamoRIO clients: set confirm off add-symbol-file '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/libmemtrace_x86_text.so' 0x00007efc7ee05b80 add-symbol-file '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/lib64/debug/libdynamorio.so' 0x00007efcc2e4c000 add-symbol-file '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/ext/lib64/debug/libdrutil.so' 0x00007efc7ee4b6b0 add-symbol-file '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/ext/lib64/debug/libdrmgr.so' 0x00007efc7ee55cb0 add-symbol-file '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/ext/lib64/debug/libdrx.so' 0x00007efc7ee6a4d0 add-symbol-file '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/ext/lib64/debug/libdrreg.so' 0x00007efc7ee7fdf0 add-symbol-file '/lib/x86_64-linux-gnu/libc.so.6' 0x00007efcc27ff700 add-symbol-file '/usr/lib64/ld-linux-x86-64.so.2' 0x00007efcc329c090
<(1+x) Handling our fault in a TRY at 0x00007efcc30b62f9> <spurious rep/repne prefix @0x00007efc7ee06850 (f3 0f 1e fa): > Client memtrace is running Data file /home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/memtrace.myprogram_test.2090589.0000.log created <Application /home/athbha01/dr_dynamorio/working_my_space/myprogram_test (2090589). DynamoRIO Sample Client 'memtrace' internal crash at PC 0x00007efcc28681d3. Please report this at http://dynamorio.org/issues. Program aborted. Received SIGSEGV at pc 0x00007efcc28681d3 in thread 2090589 Base: 0x00007efcc2e00000 Registers:eax=0x0000000000000000 ebx=0x00007efa7eee6b60 ecx=0x0000000000000000 edx=0x00000000fbad248c esi=0x00000000fbad0000 edi=0x00007ffe358b81e0 esp=0x00007ffe358b81d8 ebp=0x0000000000000000 r8 =0x00007efcc29ed0c0 r9 =0x00007ffe358b7a20 r10=0x00007efcc3122b4d r11=0x0000000000000246 r12=0x00007ffe358b81e0 r13=0x00007efcc29f2a50 r14=0x0000000000000000 r15=0x00007efa7eee6b60 eflags=0x0000000000010246 version 10.0.19613, custom build -no_dynamic_options -client_lib '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/libmemtrace_x86_text.so;0;' -client_lib64 '/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/samples/build_ath_track/bin/libmemtrace_x86_text.so;0;' -code_api -stack_size 56K -signal_stack_si 0x00007efa7eec96f0 0x00007efcc30f5261 0x00007efa7eec98a0 0x00007efcc30f5310 0x00007efa7eec9900 0x00007efcc30fb5b0 0x00007efa7eec99b0 0x00007efcc30b5e1a>
My version (Ubuntu GLIBC 2.35-0ubuntu3.4) 2.35
File "/home/athbha01/dr_dynamorio/drio/DynamoRIO-Linux-10.0.19613/lib64/release/libdynamorio.so-gdb.py", line 150, in init super(PrivloadBP, self).init("dr_gdb_add_symbol_file", gdb.error: Warning: Cannot insert breakpoint -13. Cannot access memory at address 0x71130070
(gdb) bt
#0 0x00007ffff7d3bb99 in syscall_ready ()
#1 0x00007ffff7dde000 in ?? ()
#2 0x00007ffff7d19370 in thread_signal (pid=
Please read https://dynamorio.org/page_debugging.html#autotoc_md139. You are not showing the callstack of your crash; that looks like the expected SIGILL at init (you seem to have deleted the message from gdb saying what signal type it is; please include such information in general).