https://bugs.kde.org/show_bug.cgi?id=487111
Bug ID: 487111 Summary: Massif crash on Android API >= 30 due to tagged pointers Classification: Developer tools Product: valgrind Version: 3.23.0 Platform: Android OS: Linux Status: REPORTED Severity: crash Priority: NOR Component: massif Assignee: n...@valgrind.org Reporter: maxime.cout...@protonmail.com Target Milestone: --- uname -a (TARGET) : Linux localhost 5.10.66-android12-9-25281636-abS908BXXU2BVJA #2 SMP PREEMPT Thu Oct 13 21:01:13 KST 2022 aarch64 Toybox uname -a (HOST) : Linux mcoutant-telecom 6.5.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue May 7 09:00:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux COMMAND: $ valgrind -v --tool=massif echo "pouet" FULL OUTPUT: ==24568== Massif, a heap profiler ==24568== Copyright (C) 2003-2024, and GNU GPL'd, by Nicholas Nethercote et al. ==24568== Using Valgrind-3.23.0-c54d316124-20240426 and LibVEX; rerun with -h for copyright info ==24568== Command: echo pouet ==24568== --24568-- Valgrind options: --24568-- -v --24568-- --tool=massif --24568-- Contents of /proc/version: --24568-- Linux version 5.10.66-android12-9-25281636-abS908BXXU2BVJA (dpi@21DJ6B18) (Android (7211189, based on r416183) clang version 12.0.4 (https://android.googlesource.com/toolchain/llvm-project c935d99d7cf2016289302412d708641d52d2f7ee), LLD 12.0.4 (/buildbot/src/android/llvm-toolchain/out/llvm-project/lld c935d99d7cf2016289302412d708641d52d2f7ee)) #2 SMP PREEMPT Thu Oct 13 21:01:13 KST 2022 --24568-- --24568-- Arch and hwcaps: ARM64, LittleEndian, v8-fhm-dpbcvadp-sm3-sm4-sha3-rdm-i8mm-atomics-bf16-fp16-vfp16 --24568-- Page sizes: currently 4096, max supported 65536 --24568-- Valgrind library directory: /data/local/tmp/valgrind/libexec/valgrind --24568-- Massif: alloc-fns: --24568-- Massif: malloc --24568-- Massif: __builtin_new --24568-- Massif: operator new(unsigned long) --24568-- Massif: __builtin_vec_new --24568-- Massif: operator new[](unsigned long) --24568-- Massif: calloc --24568-- Massif: aligned_alloc --24568-- Massif: realloc --24568-- Massif: memalign --24568-- Massif: posix_memalign --24568-- Massif: valloc --24568-- Massif: operator new(unsigned long, std::nothrow_t const&) --24568-- Massif: operator new[](unsigned long, std::nothrow_t const&) --24568-- Massif: operator new(unsigned long, std::align_val_t) --24568-- Massif: operator new[](unsigned long, std::align_val_t) --24568-- Massif: operator new(unsigned long, std::align_val_t, std::nothrow_t const&) --24568-- Massif: operator new[](unsigned long, std::align_val_t, std::nothrow_t const&) --24568-- Massif: ignore-fns: --24568-- Massif: <empty> --24568-- Reading syms from /system/bin/toybox --24568-- Reading syms from /apex/com.android.runtime/bin/linker64 --24568-- Reading syms from /data/local/tmp/valgrind/libexec/valgrind/massif-arm64-linux --24568-- object doesn't have a dynamic symbol table --24568-- Scheduler: using generic scheduler lock implementation. --24568-- Reading syms from /system/lib64/libprocessgroup.so --24568-- Reading syms from /system/lib64/libcrypto.so --24568-- Reading syms from /system/lib64/libz.so --24568-- Reading syms from /system/lib64/libpackagelistparser.so --24568-- warning: DiCfSI 0x5cd8000 .. 0x5cd800b outside mapped rx segments (libpackagelistparser.so) --24568-- warning: DiCfSI 0x5cd800c .. 0x5cd800f outside mapped rx segments (libpackagelistparser.so) --24568-- warning: DiCfSI 0x5cd8010 .. 0x5cd8013 outside mapped rx segments (libpackagelistparser.so) --24568-- warning: DiCfSI 0x5cd8014 .. 0x5cd8033 outside mapped rx segments (libpackagelistparser.so) --24568-- warning: DiCfSI 0x5cd8034 .. 0x5cd8367 outside mapped rx segments (libpackagelistparser.so) --24568-- warning: DiCfSI 0x5cd8368 .. 0x5cd8377 outside mapped rx segments (libpackagelistparser.so) --24568-- warning: DiCfSI 0x5cd8378 .. 0x5cd83b3 outside mapped rx segments (libpackagelistparser.so) --24568-- warning: DiCfSI 0x5cd83b4 .. 0x5cd83c7 outside mapped rx segments (libpackagelistparser.so) --24568-- Reading syms from /system/lib64/libcutils.so --24568-- Reading syms from /apex/com.android.runtime/lib64/bionic/libc.so --24568-- Reading syms from /data/local/tmp/valgrind/libexec/valgrind/vgpreload_core-arm64-linux.so --24568-- warning: DiCfSI 0x5ad9324 .. 0x5ad9327 outside mapped rx segments (NONE) --24568-- warning: DiCfSI 0x5ad9328 .. 0x5ad9383 outside mapped rx segments (NONE) --24568-- Reading syms from /system/lib64/libpcre2.so --24568-- Reading syms from /apex/com.android.runtime/lib64/bionic/libm.so --24568-- Reading syms from /system/lib64/libselinux.so --24568-- Reading syms from /system/lib64/libc++.so --24568-- Reading syms from /data/local/tmp/valgrind/libexec/valgrind/vgpreload_massif-arm64-linux.so --24568-- Reading syms from /system/lib64/libbase.so --24568-- Reading syms from /system/lib64/liblog.so --24568-- Reading syms from /system/lib64/libcgrouprc.so WARNING: linker: Warning: "/data/local/tmp/valgrind/libexec/valgrind/vgpreload_core-arm64-linux.so" has unsupported flags DT_FLAGS_1=0x421 (ignoring unsupported flags) WARNING: linker: Warning: "/data/local/tmp/valgrind/libexec/valgrind/vgpreload_massif-arm64-linux.so" has unsupported flags DT_FLAGS_1=0x421 (ignoring unsupported flags) --24568-- REDIR: 0x84b400c (libc.so:malloc) redirected to 0x8386460 (malloc) --24568-- Discarding syms at 0x821e000-0x82278d0 in /system/lib64/libcutils.so (have_dinfo 1) --24568-- Discarding syms at 0x8386154-0x838ef2c in /data/local/tmp/valgrind/libexec/valgrind/vgpreload_massif-arm64-linux.so (have_dinfo 1) --24568-- Reading syms from /system/lib64/libnetd_client.so Pointer tag for 0xc400190 was truncated, see 'https://source.android.com/devices/tech/debug/tagged-pointers'. ==24568== ==24568== Process terminating with default action of signal 6 (SIGABRT) ==24568== at 0x8519188: __rt_sigprocmask (in /apex/com.android.runtime/lib64/bionic/libc.so) ==24568== by 0x84D6EFB: sigprocmask64 (in /apex/com.android.runtime/lib64/bionic/libc.so) ==24568== by 0x84C7D13: abort (in /apex/com.android.runtime/lib64/bionic/libc.so) ==24568== by 0x84B3F23: free (in /apex/com.android.runtime/lib64/bionic/libc.so) ==24568== by 0x5F33E43: HMAC_CTX_cleanup (in /system/lib64/libcrypto.so) ==24568== by 0x5F33897: HMAC (in /system/lib64/libcrypto.so) ==24568== by 0x5F4298F: BORINGSSL_integrity_test (in /system/lib64/libcrypto.so) ==24568== by 0x5F42707: ??? (in /system/lib64/libcrypto.so) ==24568== by 0x40522E3: __dl__ZN6soinfo17call_constructorsEv (in /apex/com.android.runtime/bin/linker64) ==24568== by 0x405208B: __dl__ZN6soinfo17call_constructorsEv (in /apex/com.android.runtime/bin/linker64) ==24568== by 0x40B7BBB: __dl__ZL29__linker_init_post_relocationR19KernelArgumentBlockR6soinfo (in /apex/com.android.runtime/bin/linker64) ==24568== by 0x40B6AFF: __dl___linker_init (in /apex/com.android.runtime/bin/linker64) ==24568== by 0x4054AD7: __dl__start (in /apex/com.android.runtime/bin/linker64) ==24568== Aborted STEPS TO REPRODUCE valgrind 3.23.0 was cross-compiled with the Android NDK 25.2.9519653 on an Ubuntu 22.04 machine. The following flags were set (relative to my Android NDK installation path) : export TRIPLE="aarch64-none-linux-android30" export CC=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/clang" export CXX=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/clang++" export CFLAGS="-O3 --target=${TRIPLE} --gcc-toolchain=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64 --sysroot=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/sysroot -mno-outline-atomics" export CPPFLAGS="-O3 --target=${TRIPLE} --gcc-toolchain=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64 --sysroot=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/sysroot -mno-outline-atomics" export CXXFLAGS="-O3 --target=${TRIPLE} --gcc-toolchain=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64 --sysroot=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/sysroot -mno-outline-atomics" export LD=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ld" export AR=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ar" ./configure --host="aarch64-unknown-linux" --target="aarch64-unknown-linux" --enable-only64bit Once built you can push the binary on your android platform using `adb push` command. OBSERVED RESULT The massif tool aborted. The following message can be seen in the output : Pointer tag for 0xc400190 was truncated, see 'https://source.android.com/devices/tech/debug/tagged-pointers'. Quoting the page : "Starting in Android 11, for 64-bit processes, all heap allocations have an implementation defined tag set in the top byte of the pointer on devices with kernel support for ARM Top-byte Ignore (TBI). Any application that modifies this tag is terminated when the tag is checked during deallocation. This is necessary for future hardware with ARM Memory Tagging Extension (MTE) support." They do mention ways to disable this behavior for apps, but it didn't worked for binaries I was profiling EXPECTED RESULT Either to run or Android API >= 30 to be mentionned as not supported anymore -- You are receiving this mail because: You are watching all bug changes.