CRASH on detach at -loglevel 4 in dump_unmasked #5618

derekbruening · 2022-08-17T16:19:38Z

I hit this crash while running the tool.drcacheoff.gencode test for #2062.
The info->sighand has been freed and set to NULL, but afterward some diagnostic code tries to read it.

<Detaching from application /dr/git/build_x64_dbg_tests/suite/tests/bin/tool.drcacheoff.gencode (1413152)>
<Detaching from process, entering final cleanup>
drmemtrace exiting process 1413152; traced 16429 references in 5 writeouts.
flush_instr_encodings: Wrote 92/92 bytes to encoding file
Wrote 92 bytes to encoding file

Program received signal SIGSEGV, Segmentation fault.
0x00005555558879fb in dump_unmasked (dcontext=0x7ffdf7a70080, where=0x555555a13cd0 <__FUNCTION__.24> "signal_swap_mask")
    at /dr/git/src/core/unix/signal.c:338
338             LOG(THREAD, LOG_ASYNCH, 3, "[%d]=%d ", i, info->sighand->threads_unmasked[i]);
(gdb) bt
#0  0x00005555558879fb in dump_unmasked (dcontext=0x7ffdf7a70080, where=0x555555a13cd0 <__FUNCTION__.24> "signal_swap_mask")
    at /dr/git/src/core/unix/signal.c:338
#1  0x000055555588dec0 in signal_swap_mask (dcontext=0x7ffdf7a70080, to_app=true) at /dr/git/src/core/unix/signal.c:2415
#2  0x000055555588b038 in signal_thread_exit (dcontext=0x7ffdf7a70080, other_thread=false) at /dr/git/src/core/unix/signal.c:1548
#3  0x00005555558708be in os_thread_exit (dcontext=0x7ffdf7a70080, other_thread=false) at /dr/git/src/core/unix/os.c:2495
#4  0x00005555555f495c in dynamo_thread_exit_common (dcontext=0x7ffdf7a70080, id=1413152, other_thread=false)
    at /dr/git/src/core/dynamo.c:2621
#5  0x00005555555f4b40 in dynamo_thread_exit () at /dr/git/src/core/dynamo.c:2693
#6  0x00005555555f24b0 in dynamo_shared_exit (toexit=0x7ffdf7a1bda0) at /dr/git/src/core/dynamo.c:1116
#7  0x00005555557820ad in detach_on_permanent_stack (internal=true, do_cleanup=true, drstats=0x0) at /dr/git/src/core/synch.c:2267
#8  0x00005555555f54ef in dr_app_stop_and_cleanup_with_stats (drstats=0x0) at /dr/git/src/core/dynamo.c:2833
#9  0x00005555555f54a0 in dr_app_stop_and_cleanup () at /dr/git/src/core/dynamo.c:2816
#10 0x00005555555dda46 in gather_trace () at /dr/git/src/clients/drcachesim/tests/burst_gencode.cpp:206
#11 0x00005555555dddf9 in main (argc=1, argv=0x7fffffffd998) at /dr/git/src/clients/drcachesim/tests/burst_gencode.cpp:250
(gdb) p info
$1 = (thread_sig_info_t *) 0x7ffdf7a89148
(gdb) p info->sighand
$2 = (sighand_info_t *) 0x0
(gdb) q

The text was updated successfully, but these errors were encountered:

Adds raw2trace parsing of the encoding file used by the tracer to store instruction encodings for generated code. This involves the following changes: + Adds encoding file parsing to module_mapper_t. + Changes module map queries to use new module_mapper_t interfaces instead, which handle generated code. + Changes block lookup to use the modidx,modoffs pair as the key rather than the absolute pc. The changes are compatibility-breaking for raw2trace_t which now takes an encoding file parameter in the middle of existing parameters. Updates existing uses. For module_mapper_t the encoding file is added last with a default value to preserve compatibility for existing analysis tools like opcode_mix and view. It is assumed that encodings for generated code will be added to the final trace file and thus these tools will not need a module_mapper_t interface for generated code. Augments the tool.drcacheoff.gencode test to post-process the trace and ensure the generated code PC is observed. Fixes a -loglevel 4 signal dump_unmaksed() crash on detach i#5618 hit in the gencode test; confirmed the test is crash-free at loglevel 4 with the fix. Issue: #2062 Fixes #5618

) Adds raw2trace parsing of the encoding file used by the tracer to store instruction encodings for generated code. This involves the following changes: + Adds encoding file parsing to module_mapper_t. + Changes module map queries to use new module_mapper_t interfaces instead, which handle generated code. + Changes block lookup to use the modidx,modoffs pair as the key rather than the absolute pc. This runs into problems on 32-bit where the hashtable_t key is limited to pointer-sized. To solve this, on 32-bit we use unordered_map, via a wrapper class block_hashtable_t to abstract away the differences. The changes are compatibility-breaking for raw2trace_t which now takes an encoding file parameter in the middle of existing parameters. Updates existing uses. For module_mapper_t the encoding file is added last with a default value to preserve compatibility for existing analysis tools like opcode_mix and view. It is assumed that encodings for generated code will be added to the final trace file and thus these tools will not need a module_mapper_t interface for generated code. Augments the tool.drcacheoff.gencode test to post-process the trace and ensure the generated code PC is observed. Fixes a -loglevel 4 signal dump_unmaksed() crash on detach i#5618 hit in the gencode test; confirmed the test is crash-free at loglevel 4 with the fix. Issue: #2062 Fixes #5618

derekbruening mentioned this issue Aug 18, 2022

i#2062 memtrace nonmod part 2: Raw2trace parsing of encoding file #5619

Merged

derekbruening closed this as completed in #5619 Aug 19, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CRASH on detach at -loglevel 4 in dump_unmasked #5618

CRASH on detach at -loglevel 4 in dump_unmasked #5618

derekbruening commented Aug 17, 2022

CRASH on detach at -loglevel 4 in dump_unmasked #5618

CRASH on detach at -loglevel 4 in dump_unmasked #5618

Comments

derekbruening commented Aug 17, 2022