Skip to content
GitLab
Closed
Issue created by Derek Bruening@derekbrueningContributor

CRASH sigplain111 test on Android nondet

Non-deterministic: I've seen it just once, in a pre-commit suite. Running manually by itself in a loop it passes 25x in a row. It's possible it's a regression from the #1984 (closed) changes.

37/72 Testing: code_api|linux.sigplain111
37/72 Test: code_api|linux.sigplain111
Command: "/extsw/android/android-sdk-linux/platform-tools/adb" "shell" "/data/local/tmp/build_android-debug-internal-3
2/bin32/drrun" "-s" "90" "-quiet" "-debug" "-killpg" "-stderr_mask" "0xC" "-dumpcore_mask" "0" "-code_api" "--" "/data
/local/tmp/build_android-debug-internal-32/suite/tests/bin/linux.sigplain111"
Directory: /work/dr/build_suite/build_android-debug-internal-32/suite/tests
"code_api|linux.sigplain111" start time: Dec 11 15:31 EST
Output:
----------------------------------------------------------
Sending SIGUSR2
Sending SIGUSR1
in signal handler
<Application /data/local/tmp/build_android-debug-internal-32/suite/tests/bin/linux.sigplain111 (19872).  DynamoRIO internal crash at PC 0xb6e8c258.  Please report this at http://dynamorio.org/issues/.  Program aborted.
Received SIGSEGV at pc 0xb6e8c258 in thread 19872
Base: 0xb6c76000
Registers:  r0 =0x54aed01c r1 =0x00004da0 r2 =0x00000370 r3 =0x00000000
        r4 =0xb6f94000 r5 =0x54adab88 r6 =0xb5e3f0f4 r7 =0x54b02ae8
        r8 =0xb5e82800 r9 =0x00000000 r10=0x54ac9000 r11=0xb6d4c86d
        r12=0x54aed01c r13=0x54b02ae8 r14=0xb6ea3097 r15=0xb6e8c258
        eflags=0x20070010
version 6.2.17146, custom build
-no_dynamic_options -code_api -stderr_mask 12 -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct 
0xb6d4c86d 0x78af04b0>
<end of output>
Test time =  15.04 sec
----------------------------------------------------------
Test Fail Reason:
Required regular expression not found.Regex=[^Sending SIGUSR2
Sending SIGUSR1
in signal handler
1750007\.722714
Got some timer hits!
$
]
"code_api|linux.sigplain111" end time: Dec 11 15:32 EST
"code_api|linux.sigplain111" time elapsed: 00:00:15
----------------------------------------------------------

It looks like the PC is in memcpy:

# /work/toolchain/android-ndk-21/bin/arm-linux-androideabi-objdump -dS lib32/debug/libdynamorio.so | less

        DECLARE_FUNC(memcpy)
GLOBAL_LABEL(memcpy:)
        cmp      ARG3, #0
        mov      REG_R12/*scratch reg*/, ARG1
1:      beq      2f
        ldrb     REG_R3, [ARG2]
  21624c:       e3520000        cmp     r2, #0
        strb     REG_R3, [ARG1]
  216250:       e1a0c000        mov     ip, r0
        subs     ARG3, ARG3, #1
  216254:       0a000005        beq     216270 <dynamorio_app_take_over+0x1d0>
        add      ARG2, ARG2, #1
  216258:       e5d13000        ldrb    r3, [r1]