Bug 574889
Summary: | valgrind aborts with "vex x86->IR: unhandled instruction bytes" | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Stefan Becker <chemobejk> | ||||||
Component: | valgrind | Assignee: | Jakub Jelinek <jakub> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 13 | CC: | dodji, emaldona, fedora, jakub, kdudka, kengert, rrelyea | ||||||
Target Milestone: | --- | Keywords: | Regression | ||||||
Target Release: | --- | ||||||||
Hardware: | i686 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | valgrind-3.5.0-16.fc13 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | |||||||||
: | 580078 (view as bug list) | Environment: | |||||||
Last Closed: | 2010-04-27 02:20:14 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 507684, 580078 | ||||||||
Attachments: |
|
Description
Stefan Becker
2010-03-18 19:07:05 UTC
*** Bug 575083 has been marked as a duplicate of this bug. *** Looking into bz, I can see only two exactly same backtraces, starting from nss_Init(). This may be also a bug of nss/nspr. See the bug 575083 for details, i.e. the backtrace with debuginfo. Proposing as F13Target. The bug is regression and breaks curl's test-suite.
minimal example available - see attachment #401229 [details]
*** Bug 577590 has been marked as a duplicate of this bug. *** Using the minimal example, I stopped my debugger at prinit.c:807, displayed the called function and got the following sequence: (PRCallOnceFN) 0x73f9c50 <InitializeArenas> (PRCallOnceFN) 0x755e3b0 <softoken_LoadDSO> (PRCallOnceFN) 0x38f8e0 <freebl_LoadDSO> (PRCallOnceFN) 0x2dd650 <rng_init> (PRCallOnceFN) 0x2ea460 <init_blinding_params_list> (PRCallOnceFN) 0x75a1960 <error_once_function> > (PRCallOnceFN) 0x2dd650 <rng_init>
The crash happens here ^^^.
410 memset(bytes, 0, numBytes); (gdb) frame #0 rng_init () at drbg.c:410 (gdb) print &bytes $1 = (PRUint8 (*)[110]) 0xbffff06e (gdb) print numBytes $2 = 110 Created attachment 404788 [details]
patch for nss-softokn
The attached patch prevents NSS from crash. If I build nss-softokn with the patch applied, I am able to run NSS based applications through valgrind and the curl test-suite finally works!
Hmmm...The code looks correct. Bytes is 110 byte array and numBytes is 110 bytes long. The only thing I can think of is that we are larger than the stack that valgrind gives us. bob (In reply to comment #8) > Created an attachment (id=404788) [details] > patch for nss-softokn > > The attached patch prevents NSS from crash. If I build nss-softokn with the > patch applied, I am able to run NSS based applications through valgrind and the > curl test-suite finally works! I can confirm that this patch stops valgrind from crashing. --Ben (In reply to comment #9) > Hmmm...The code looks correct. Bytes is 110 byte array and numBytes is 110 > bytes long. The only thing I can think of is that we are larger than the stack > that valgrind gives us. Are you sure? 110 *bytes* of memory does not sound enough for stack overflow to me. The crash occurs always on the same line, no matter how huge is the stack leading to that point. I suspect binary incompatiblity among NSS libraries. Where can I get the latest tarballs from upstream? The URL should be IMO part of the specfile. Did I miss it somehow? Since nobody has been able to reproduce the crash out of NSS, I am reassigning the bug to nss-softokn for now. This is really a valgrind bug, it doesn't handle: 12cbd5: 66 66 2e 0f 1f 84 00 nopw %cs:0x0(%eax,%eax,1) 12cbdc: 00 00 00 00 instruction (it handles the 10 byte 0x66 0x2e 0x0f 0x1f 0x84 0 0 0 0 0 10 byte nop, but not the 11 byte one. Thank you for looking into this! I don't see such instruction at memset-sse2.S:258. Does it mean that the crash occurs elsewhere and the bt is misleading? I was trying to reproduce the crash with memset() on its own - various pieces of memory, various alignments ... but no hit at all. Created attachment 404845 [details]
nops.c
Testcase which covers hopefully all possible instructions used for alignments by gas when optimizing for various CPUs in 32-bit and 64-bit x86/x86_64 code (except for jmp insns that are used together with lots of nops after it).
valgrind for x86_64 accepts all instructions, but 32-bit i?86 valgrind doesn't grok nopw %cs:0(%eax,%eax,1) with more than one data16 prefix.
Should be fixed in valgrind-3.5.0-15.{fc12,fc13,fc14}. (In reply to comment #15) > Should be fixed in valgrind-3.5.0-15.{fc12,fc13,fc14}. I can confirm that this works against unpatched nss on F13 i686. (In reply to comment #15) > Should be fixed in valgrind-3.5.0-15.{fc12,fc13,fc14}. Thanks! I can confirm the crash is gone on fc12. But I can't see any build for rawhide. Is there any schedule to build it? Confirmed. valgrind works again on FC13/i686. Thanks valgrind-3.5.0-15.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/valgrind-3.5.0-15.fc13 valgrind-3.5.0-15.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update valgrind'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/valgrind-3.5.0-15.fc13 valgrind-3.5.0-16.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update valgrind'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/valgrind-3.5.0-16.fc13 valgrind-3.5.0-16.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |