Segfault on a simple program.
45 views
Skip to first unread message
Longfei Qiu
Jun 29, 2025, 11:21:05 PMJun 29
to DynamoRIO Users
Hello,
For a research project, I attempted using DynamoRIO to instrument an executable written in assembly, but I always run into a segfault. After some experiments, here's a minimal example that crashes. The architecture is aarch64. Version of DynamoRIO is 11.3.0.
First I write a program that does nothing but exits:
_start:
mov x0, #0x0
mov x8, #0x5d
svc #0x0
For a research project, I attempted using DynamoRIO to instrument an executable written in assembly, but I always run into a segfault. After some experiments, here's a minimal example that crashes. The architecture is aarch64. Version of DynamoRIO is 11.3.0.
First I write a program that does nothing but exits:
_start:
mov x0, #0x0
mov x8, #0x5d
svc #0x0
.global _start
I compile the above file with as prog.S -o prog.o
Then I link the program with ld -T myscript.lds -e _start -o prog prog.o
The content of myscript.lds is
PHDRS {
headers PT_PHDR PHDRS ;
text PT_LOAD FILEHDR PHDRS ;
data PT_LOAD ;
}
SECTIONS {
. = 0x10000 ;
. += SIZEOF_HEADERS ;
.text : { *(.text*) } :text
.rodata : { *(.rodata*) } :text
. = ALIGN(0x1000) ;
.data : { *(.data*) } :data
.bss : { *(.bss) } :data
}
headers PT_PHDR PHDRS ;
text PT_LOAD FILEHDR PHDRS ;
data PT_LOAD ;
}
SECTIONS {
. = 0x10000 ;
. += SIZEOF_HEADERS ;
.text : { *(.text*) } :text
.rodata : { *(.rodata*) } :text
. = ALIGN(0x1000) ;
.data : { *(.data*) } :data
.bss : { *(.bss) } :data
}
Finally I run the program with ~/DynamoRIO/bin64/drrun -t drmemtrace -offline -- ./prog
And I observe a segfault immediately. GDB says the segfault occurs at core/unix/loader.c line 1744. If I replace myscript.lds with a standard linker script from binutils the issue seems to disappear. So I guess the problem is related to my linker script. Any ideas of what is going on?
Longfei Qiu
Jul 1, 2025, 12:37:01 AMJul 1
to DynamoRIO Users
After some experiments I figured out that if I modify myscript.lds to
PHDRS {
headers PT_PHDR PHDRS ;
text PT_LOAD FILEHDR PHDRS ;
}
headers PT_PHDR PHDRS ;
text PT_LOAD FILEHDR PHDRS ;
}
SECTIONS {
. = 0x10000 ;
. += SIZEOF_HEADERS ;
.text : { *(.text*) } :text
.rodata : { *(.rodata*) } :text
. = ALIGN(0x1000) ;
.data : { *(.data*) } :data
.bss : { *(.bss) } :data
}
. = 0x10000 ;
. += SIZEOF_HEADERS ;
.text : { *(.text*) } :text
.rodata : { *(.rodata*) } :text
. = ALIGN(0x1000) ;
.data : { *(.data*) } :data
.bss : { *(.bss) } :data
}
Then DynamoRIO no longer segfaults. Also, stripping the binary eliminates the segfault. It seems to be an issue with handling empty ELF segments (the data segment in this case).
Enrico Deiana
Jul 2, 2025, 5:54:58 AMJul 2
to DynamoRIO Users
Thank you for posting how you solved this issue.
- Enrico
Derek Bruening
Jul 2, 2025, 10:49:59 AMJul 2
to longf...@yale.edu, DynamoRIO Users
Ideally, DR would support any arbitrary ELF file. Could you file an issue on this corner case of an empty segment? And if you are able to fix it with tweaks to the DR loader and can submit a pull request with the fix that would be appreciated.
--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dynamorio-users/28ad17f1-0c5d-4055-961f-bc67427e7a87n%40googlegroups.com.
Longfei Qiu
Jul 2, 2025, 11:22:29 AMJul 2
to DynamoRIO Users
Thanks. I just opened a github issue (https://github.com/DynamoRIO/dynamorio/issues/7522). I can do some debugging during the weekend.
Reply all
Reply to author
Forward
0 new messages