search

DynamoRIO / dynamorio

Dynamic Instrumentation Tool Platform
Other
2.61k stars 554 forks source link

CRASH ASSERT running shell script on ARM #5416

Open algrant-arm opened 2 years ago

algrant-arm commented 2 years ago

Using latest trunk. Running on Ubuntu 18.04 on Arm (32-bit on a Neoverse N1 platform). Trying to run Firefox. /usr/bin/firefox is a shell script so /bin/dash is invoked. DR can normally run /bin/dash but not in this case. It crashes with a backtrace. There's also a "Not tested" message printed (with the debug build) from emit_special_ibl_xfer.

../dynamorio/build.dbg/bin32/drrun -- /bin/dash -c /usr/bin/firefox

output:

<Starting application /bin/dash (15703)>
<Not tested @/home/agrant/dynamorio/core/arch/emit_utils_shared.c:5574>
<Initial options = -no_dynamic_options -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct >
<Paste into GDB to debug DynamoRIO clients:
set confirm off
add-symbol-file '/home/agrant/dynamorio/build.dbg/lib32/debug/libdynamorio.so' 0x710245e8
>
<(1+x) Handling our fault in a TRY at 0x711edfe4>
<-- parent 15703 forked child 15704 -->
<-- execve /bin/sh -->
<Starting application /bin/dash (15704)>
<Not tested @/home/agrant/dynamorio/core/arch/emit_utils_shared.c:5574>
<Initial options = -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct >
<Paste into GDB to debug DynamoRIO clients:
set confirm off
add-symbol-file '/home/agrant/dynamorio/build.dbg/lib32/debug/libdynamorio.so' 0x710245e8
>
<(1+x) Handling our fault in a TRY at 0x711edfe4>
<-- parent 15704 forked child 15705 -->
<-- execve /bin/sh -->
<Starting application /bin/dash (15705)>
<Not tested @/home/agrant/dynamorio/core/arch/emit_utils_shared.c:5574>
<Initial options = -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct >
<Paste into GDB to debug DynamoRIO clients:
set confirm off
add-symbol-file '/home/agrant/dynamorio/build.dbg/lib32/debug/libdynamorio.so' 0x710245e8
>
<(1+x) Handling our fault in a TRY at 0x711edfe4>
<Stopping application /bin/dash (15705)>
<Application /bin/dash (15704).  DynamoRIO internal crash at PC 0x44832ee0.  Please report this at http://dynamorio.org/issues/.  Program aborted.
Received SIGSEGV at generated pc 0x44832ee0 in thread 15704
Base: 0x71000000
Registers:  r0 =0x00000000 r1 =0xffde18bc r2 =0x00000080 r3 =0xf396a1b0
        r4 =0xf396c5c6 r5 =0x00000044 r6 =0xffde18bc r7 =0x00000011
        r8 =0xf396a4c0 r9 =0x00000044 r10=0x44863000 r11=0xf3969d0c
        r12=0x00000003 r13=0xffde1878 r14=0xf7902b53 r15=0x44832ee0
        eflags=0x000f0030
version 9.0.19061, custom build
-code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct
0xf3969d0c 0x00000000>
<Stopping application /bin/dash (15703)>
algrant-arm commented 2 years ago

This is 32-bit ARM, not AArch64.