search

DynamoRIO / dynamorio

Dynamic Instrumentation Tool Platform
Other
2.63k stars 557 forks source link

CRASH native_exec combined with early_inject #1651

Open derekbruening opened 9 years ago

derekbruening commented 9 years ago

I have not diagnosed the exact cause, but it doesn't seem to be -emulate_brk (which assumes we're in control the whole execution). Given that -native_exec is not high priority, for now I'm just going to change the tests to use late injection.

# bin32/drrun -debug -msgbox_mask 12 -loglevel 2 -native_exec_list libcommon.nativeexec.appdll.so -- suite/tests/bin/common.nativeexec
<log dir=/work/dr/git/build_x86_dbg_tests/bin32/../logs/common.nativeexec.30556.00000000>
<Starting application /work/dr/git/build_x86_dbg_tests/suite/tests/bin/common.nativeexec (30556)>
<Initial options = -no_dynamic_options -loglevel 2 -code_api -msgbox_mask 12 -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -native_exec_list 'libcommon.nativeexec.appdll.so' -no_native_exec_managed_code -no_indcall2direct >
<module libcommon.nativeexec.appdll.so set up for native execution>
<entered at least one module natively>
calling via IAT-style call
nativeexec.dll:import_me1(57)
calling via PLT-style call
nativeexec.dll:import_me2(37)
calling via funky ind call
nativeexec.dll:import_me3(17)
calling nested native
nativeexec.exe:print_int(42)
calling cross-module unwinder
before longjmp, 1
after longjmp
calling indirect ret_imm
 -> 40
calling loop_test
all done
<Application /work/dr/git/build_x86_dbg_tests/suite/tests/bin/common.nativeexec (30556).  Internal Error: DynamoRIO debug check failure: /work/dr/git/src/core/unix/signal.c:4208 syscall_signal || safe_is_in_fcache(dcontext, pc, (byte *)sc->SC_XSP)
(Error occurred @1840 frags)
version 5.0.16523, custom build
-no_dynamic_options -loglevel 2 -code_api -msgbox_mask 12 -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -native_exec_list 'libcommon.nativeexec.appdll.so' -no_native_exec_managed_code -no_indcall2direct 
0x54a8e93c 0xf70f3750
0x54a8ea70 0xf72a96d3
0x54a8eaf0 0xf7274032>
<press enter to continue>

Program received signal SIGSEGV, Segmentation fault.
0x49303fbc in ___tls_get_addr_internal () from /lib/ld-linux.so.2
(gdb) bt
#0  0x49303fbc in ___tls_get_addr_internal () from /lib/ld-linux.so.2
#1  0x493473d3 in ?? ()
hgreving2304 commented 5 years ago

On Ubuntu 18 AND glinux (w/o -late)::

hgreving@hendrik-desktop:~/dynamorio/build$ /usr/local/google/home/hgreving/dynamorio/build/bin64/drrun -debug -native_exec_list common.nativeexec -native_exec_retakeover -code_api -- /usr/local/google/home/hgreving/dynamorio/build/suite/tests/bin/common.nativeexec <Starting application /usr/local/google/home/hgreving/dynamorio/build/suite/tests/bin/common.nativeexec (100279)> <Initial options = -no_dynamic_options -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -native_exec_list 'common.nativeexec' -no_native_exec_managed_code -native_exec_retakeover -no_indcall2direct > <Paste into GDB to debug DynamoRIO clients: set confirm off add-symbol-file '/usr/local/google/home/hgreving/dynamorio/build/lib64/debug/libdynamorio.so' 0x00007f31c0226688

<rank order violation shared_vm_areas(readwrite)@/usr/local/google/home/hgreving/dynamorio/src/core/vmareas.c:1568 acquired after module_data_lock(readwrite)@/usr/local/google/home/hgreving/dynamorio/src/core/module_list.c:60 in tid:187b7> <Application /usr/local/google/home/hgreving/dynamorio/build/suite/tests/bin/common.nativeexec (100279). Internal Error: DynamoRIO debug check failure: /usr/local/google/home/hgreving/dynamorio/src/core/utils.c:623 (dcontext->thread_owned_locks->last_lock->rank < lock->rank IF_CLIENT_INTERFACE( || first_client || both_client)) && "rank order violation" (Error occurred @0 frags) version 7.0.17821, custom build -no_dynamic_options -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -native_exec_list 'common.nativeexec' -no_native_exec_managed_code -native_exec_retakeover -no_indcall2direct

hgreving2304 commented 5 years ago

Only on Ubuntu 18 (w/o -late):

hgreving@xps-laptop:~/dynamorio/build$ /home/hgreving/dynamorio/build/bin64/drrun -debug -native_exec_list common.nativeexec.appdll -native_exec_retakeover -code_api -- /home/hgreving/dynamorio/build/suite/tests/bin/common.nativeexec <Starting application /home/hgreving/dynamorio/build/suite/tests/bin/common.nativeexec (13785)> <Initial options = -no_dynamic_options -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -native_exec_list 'common.nativeexec.appdll' -no_native_exec_managed_code -native_exec_retakeover -no_indcall2direct > <Paste into GDB to debug DynamoRIO clients: set confirm off add-symbol-file '/home/hgreving/dynamorio/build/lib64/debug/libdynamorio.so' 0x00007f638970f688

<(1+x) Handling our fault in a TRY at 0x00007f6389956e13> /home/hgreving/dynamorio/build/suite/tests/bin/common.nativeexec: error while loading shared libraries: libdynamorio.so: cannot open shared object file: No such file or directory <Stopping application /home/hgreving/dynamorio/build/suite/tests/bin/common.nativeexec (13785)>