https://bugs.kde.org/show_bug.cgi?id=487111
Bug ID: 487111
Summary: Massif crash on Android API >= 30 due to tagged
pointers
Classification: Developer tools
Product: valgrind
Version: 3.23.0
Platform: Android
OS: Linux
Status: REPORTED
Severity: crash
Priority: NOR
Component: massif
Assignee: n...@valgrind.org
Reporter: maxime.cout...@protonmail.com
Target Milestone: ---
uname -a (TARGET) :
Linux localhost 5.10.66-android12-9-25281636-abS908BXXU2BVJA #2 SMP PREEMPT Thu
Oct 13 21:01:13 KST 2022 aarch64 Toybox
uname -a (HOST) :
Linux mcoutant-telecom 6.5.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC
Tue May 7 09:00:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
COMMAND:
$ valgrind -v --tool=massif echo "pouet"
FULL OUTPUT:
==24568== Massif, a heap profiler
==24568== Copyright (C) 2003-2024, and GNU GPL'd, by Nicholas Nethercote et al.
==24568== Using Valgrind-3.23.0-c54d316124-20240426 and LibVEX; rerun with -h
for copyright info
==24568== Command: echo pouet
==24568==
--24568-- Valgrind options:
--24568-- -v
--24568-- --tool=massif
--24568-- Contents of /proc/version:
--24568-- Linux version 5.10.66-android12-9-25281636-abS908BXXU2BVJA
(dpi@21DJ6B18) (Android (7211189, based on r416183) clang version 12.0.4
(https://android.googlesource.com/toolchain/llvm-project
c935d99d7cf2016289302412d708641d52d2f7ee), LLD 12.0.4
(/buildbot/src/android/llvm-toolchain/out/llvm-project/lld
c935d99d7cf2016289302412d708641d52d2f7ee)) #2 SMP PREEMPT Thu Oct 13 21:01:13
KST 2022
--24568--
--24568-- Arch and hwcaps: ARM64, LittleEndian,
v8-fhm-dpbcvadp-sm3-sm4-sha3-rdm-i8mm-atomics-bf16-fp16-vfp16
--24568-- Page sizes: currently 4096, max supported 65536
--24568-- Valgrind library directory: /data/local/tmp/valgrind/libexec/valgrind
--24568-- Massif: alloc-fns:
--24568-- Massif: malloc
--24568-- Massif: __builtin_new
--24568-- Massif: operator new(unsigned long)
--24568-- Massif: __builtin_vec_new
--24568-- Massif: operator new[](unsigned long)
--24568-- Massif: calloc
--24568-- Massif: aligned_alloc
--24568-- Massif: realloc
--24568-- Massif: memalign
--24568-- Massif: posix_memalign
--24568-- Massif: valloc
--24568-- Massif: operator new(unsigned long, std::nothrow_t const&)
--24568-- Massif: operator new[](unsigned long, std::nothrow_t const&)
--24568-- Massif: operator new(unsigned long, std::align_val_t)
--24568-- Massif: operator new[](unsigned long, std::align_val_t)
--24568-- Massif: operator new(unsigned long, std::align_val_t,
std::nothrow_t const&)
--24568-- Massif: operator new[](unsigned long, std::align_val_t,
std::nothrow_t const&)
--24568-- Massif: ignore-fns:
--24568-- Massif: <empty>
--24568-- Reading syms from /system/bin/toybox
--24568-- Reading syms from /apex/com.android.runtime/bin/linker64
--24568-- Reading syms from
/data/local/tmp/valgrind/libexec/valgrind/massif-arm64-linux
--24568-- object doesn't have a dynamic symbol table
--24568-- Scheduler: using generic scheduler lock implementation.
--24568-- Reading syms from /system/lib64/libprocessgroup.so
--24568-- Reading syms from /system/lib64/libcrypto.so
--24568-- Reading syms from /system/lib64/libz.so
--24568-- Reading syms from /system/lib64/libpackagelistparser.so
--24568-- warning: DiCfSI 0x5cd8000 .. 0x5cd800b outside mapped rx segments
(libpackagelistparser.so)
--24568-- warning: DiCfSI 0x5cd800c .. 0x5cd800f outside mapped rx segments
(libpackagelistparser.so)
--24568-- warning: DiCfSI 0x5cd8010 .. 0x5cd8013 outside mapped rx segments
(libpackagelistparser.so)
--24568-- warning: DiCfSI 0x5cd8014 .. 0x5cd8033 outside mapped rx segments
(libpackagelistparser.so)
--24568-- warning: DiCfSI 0x5cd8034 .. 0x5cd8367 outside mapped rx segments
(libpackagelistparser.so)
--24568-- warning: DiCfSI 0x5cd8368 .. 0x5cd8377 outside mapped rx segments
(libpackagelistparser.so)
--24568-- warning: DiCfSI 0x5cd8378 .. 0x5cd83b3 outside mapped rx segments
(libpackagelistparser.so)
--24568-- warning: DiCfSI 0x5cd83b4 .. 0x5cd83c7 outside mapped rx segments
(libpackagelistparser.so)
--24568-- Reading syms from /system/lib64/libcutils.so
--24568-- Reading syms from /apex/com.android.runtime/lib64/bionic/libc.so
--24568-- Reading syms from
/data/local/tmp/valgrind/libexec/valgrind/vgpreload_core-arm64-linux.so
--24568-- warning: DiCfSI 0x5ad9324 .. 0x5ad9327 outside mapped rx segments
(NONE)
--24568-- warning: DiCfSI 0x5ad9328 .. 0x5ad9383 outside mapped rx segments
(NONE)
--24568-- Reading syms from /system/lib64/libpcre2.so
--24568-- Reading syms from /apex/com.android.runtime/lib64/bionic/libm.so
--24568-- Reading syms from /system/lib64/libselinux.so
--24568-- Reading syms from /system/lib64/libc++.so
--24568-- Reading syms from
/data/local/tmp/valgrind/libexec/valgrind/vgpreload_massif-arm64-linux.so
--24568-- Reading syms from /system/lib64/libbase.so
--24568-- Reading syms from /system/lib64/liblog.so
--24568-- Reading syms from /system/lib64/libcgrouprc.so
WARNING: linker: Warning:
"/data/local/tmp/valgrind/libexec/valgrind/vgpreload_core-arm64-linux.so" has
unsupported flags DT_FLAGS_1=0x421 (ignoring unsupported flags)
WARNING: linker: Warning:
"/data/local/tmp/valgrind/libexec/valgrind/vgpreload_massif-arm64-linux.so" has
unsupported flags DT_FLAGS_1=0x421 (ignoring unsupported flags)
--24568-- REDIR: 0x84b400c (libc.so:malloc) redirected to 0x8386460 (malloc)
--24568-- Discarding syms at 0x821e000-0x82278d0 in /system/lib64/libcutils.so
(have_dinfo 1)
--24568-- Discarding syms at 0x8386154-0x838ef2c in
/data/local/tmp/valgrind/libexec/valgrind/vgpreload_massif-arm64-linux.so
(have_dinfo 1)
--24568-- Reading syms from /system/lib64/libnetd_client.so
Pointer tag for 0xc400190 was truncated, see
'https://source.android.com/devices/tech/debug/tagged-pointers'.
==24568==
==24568== Process terminating with default action of signal 6 (SIGABRT)
==24568== at 0x8519188: __rt_sigprocmask (in
/apex/com.android.runtime/lib64/bionic/libc.so)
==24568== by 0x84D6EFB: sigprocmask64 (in
/apex/com.android.runtime/lib64/bionic/libc.so)
==24568== by 0x84C7D13: abort (in
/apex/com.android.runtime/lib64/bionic/libc.so)
==24568== by 0x84B3F23: free (in
/apex/com.android.runtime/lib64/bionic/libc.so)
==24568== by 0x5F33E43: HMAC_CTX_cleanup (in /system/lib64/libcrypto.so)
==24568== by 0x5F33897: HMAC (in /system/lib64/libcrypto.so)
==24568== by 0x5F4298F: BORINGSSL_integrity_test (in
/system/lib64/libcrypto.so)
==24568== by 0x5F42707: ??? (in /system/lib64/libcrypto.so)
==24568== by 0x40522E3: __dl__ZN6soinfo17call_constructorsEv (in
/apex/com.android.runtime/bin/linker64)
==24568== by 0x405208B: __dl__ZN6soinfo17call_constructorsEv (in
/apex/com.android.runtime/bin/linker64)
==24568== by 0x40B7BBB:
__dl__ZL29__linker_init_post_relocationR19KernelArgumentBlockR6soinfo (in
/apex/com.android.runtime/bin/linker64)
==24568== by 0x40B6AFF: __dl___linker_init (in
/apex/com.android.runtime/bin/linker64)
==24568== by 0x4054AD7: __dl__start (in
/apex/com.android.runtime/bin/linker64)
==24568==
Aborted
STEPS TO REPRODUCE
valgrind 3.23.0 was cross-compiled with the Android NDK 25.2.9519653 on an
Ubuntu 22.04 machine.
The following flags were set (relative to my Android NDK installation path) :
export TRIPLE="aarch64-none-linux-android30"
export
CC=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/clang"
export
CXX=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/clang++"
export CFLAGS="-O3 --target=${TRIPLE}
--gcc-toolchain=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64
--sysroot=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/sysroot
-mno-outline-atomics"
export CPPFLAGS="-O3 --target=${TRIPLE}
--gcc-toolchain=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64
--sysroot=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/sysroot
-mno-outline-atomics"
export CXXFLAGS="-O3 --target=${TRIPLE}
--gcc-toolchain=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64
--sysroot=.../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/sysroot
-mno-outline-atomics"
export
LD=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ld"
export
AR=".../Android/Sdk/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ar"
./configure --host="aarch64-unknown-linux" --target="aarch64-unknown-linux"
--enable-only64bit
Once built you can push the binary on your android platform using `adb push`
command.
OBSERVED RESULT
The massif tool aborted. The following message can be seen in the output :
Pointer tag for 0xc400190 was truncated, see
'https://source.android.com/devices/tech/debug/tagged-pointers'.
Quoting the page :
"Starting in Android 11, for 64-bit processes, all heap allocations have an
implementation defined tag set in the top byte of the pointer on devices with
kernel support for ARM Top-byte Ignore (TBI). Any application that modifies
this tag is terminated when the tag is checked during deallocation. This is
necessary for future hardware with ARM Memory Tagging Extension (MTE) support."
They do mention ways to disable this behavior for apps, but it didn't worked
for binaries I was profiling
EXPECTED RESULT
Either to run or Android API >= 30 to be mentionned as not supported anymore
--
You are receiving this mail because:
You are watching all bug changes.
