203357 – disInstr(ppc): unhandled instruction: 0x7D20009D

Bug 203357 - disInstr(ppc): unhandled instruction: 0x7D20009D

Summary: disInstr(ppc): unhandled instruction: 0x7D20009D

Status:	RESOLVED DUPLICATE of bug 180513

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	general (show other bugs)
Version:	3.3.1
Platform:	Unlisted Binaries Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-08-10 21:49 UTC by vrvazque
Modified:	2015-04-26 17:45 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
valgrind log for unhandled instruction (838.66 KB, application/octet-stream) 2009-08-10 22:06 UTC, vrvazque	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description vrvazque 2009-08-10 21:49:37 UTC

Output from uname -a :
# uname -a 
Linux 192 2.6.27.19-45-ebony #1 Mon Aug 3 07:52:06 UTC 2009 ppc ppc ppc GNU/Linux
---------------------------

Output from valgrind -v:
# valgrind -v ./shell
==2468== Memcheck, a memory error detector.
==2468== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==2468== Using LibVEX rev 1854, a library for dynamic binary translation.
==2468== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==2468== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==2468== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==2468==
--2468-- Command line
--2468--    ./shell
--2468-- Startup, with flags:
--2468--    -v
--2468-- Contents of /proc/version:
--2468--   Linux version 2.6.27.19-45-ebony (geeko@buildhost) (gcc version 4.3.2 [gcc-4_3-branch revision 141291] (GCC) ) #1 Mon Aug 3 07:52:06 UTC 2009
--2468-- Arch and hwcaps: PPC32, ppc32-int
--2468-- Page sizes: currently 4096, max supported 65536
--2468-- Valgrind library directory: /usr/lib/valgrind
--2468-- Reading syms from /lib/ld-2.9.so (0x4000000)
--2468-- Reading syms from /bin/bash (0x10000000)
--2468-- Reading syms from /usr/lib/valgrind/ppc32-linux/memcheck (0x38000000)
--2468-- Reading debug info from /usr/lib/debug/usr/lib/valgrind/ppc32-linux/memcheck.debug...
--2468--    object doesn't have a dynamic symbol table
--2468-- Reading suppressions file: /usr/lib/valgrind/default.supp
==2468== Conditional jump or move depends on uninitialised value(s)
==2468==    at 0x40025D0: _dl_start (do-rel.h:104)
==2468==    by 0x40160E0: _start (in /lib/ld-2.9.so)
==2468==
==2468== Conditional jump or move depends on uninitialised value(s)
==2468==    at 0x4002608: _dl_start (do-rel.h:117)
==2468==    by 0x40160E0: _start (in /lib/ld-2.9.so)
--2468-- REDIR: 0x4018128 (strlen) redirected to 0x38032338 (vgPlain_ppc32_linux_REDIR_FOR_strlen)
--2468-- REDIR: 0x4017f60 (strcmp) redirected to 0x38032360 (vgPlain_ppc32_linux_REDIR_FOR_strcmp)
--2468-- REDIR: 0x4017e84 (index) redirected to 0x380323d4 (vgPlain_ppc32_linux_REDIR_FOR_strchr)
--2468-- Reading syms from /usr/lib/valgrind/ppc32-linux/vgpreload_core.so (0xFFDE000)
--2468-- Reading debug info from /usr/lib/debug/usr/lib/valgrind/ppc32-linux/vgpreload_core.so.debug...
--2468-- Reading syms from /usr/lib/valgrind/ppc32-linux/vgpreload_memcheck.so (0xFFB5000)
--2468-- Reading debug info from /usr/lib/debug/usr/lib/valgrind/ppc32-linux/vgpreload_memcheck.so.debug...
--2468-- REDIR: 0x401858c (bcmp) redirected to 0xffbb2c0 (bcmp)
--2468-- REDIR: 0x4018fa8 (memcpy) redirected to 0xffbab4c (memcpy)
--2468-- REDIR: 0x4018dd0 (mempcpy) redirected to 0xffbb968 (mempcpy)
--2468-- Reading syms from /lib/libncurses.so.5.6 (0xFF50000)
--2468-- Reading syms from /lib/libdl-2.9.so (0xFF2C000)
--2468-- Reading syms from /lib/libc-2.9.so (0xFD82000)
--2468-- REDIR: 0xfe07a28 (rindex) redirected to 0xffb9cfc (rindex)
--2468-- REDIR: 0xfe06de0 (strcmp) redirected to 0xffba704 (strcmp)
--2468-- REDIR: 0xfe07560 (strlen) redirected to 0xffba2e8 (strlen)
--2468-- REDIR: 0xfe077f0 (strncmp) redirected to 0xffba658 (strncmp)
--2468-- REDIR: 0xfe06d08 (index) redirected to 0xffb9ebc (index)
--2468-- REDIR: 0xfe09410 (mempcpy) redirected to 0xffbb838 (mempcpy)
--2468-- REDIR: 0xfe04074 (malloc) redirected to 0xffb9820 (malloc)
--2468-- REDIR: 0xfe08aac (memchr) redirected to 0xffba8a8 (memchr)
--2468-- REDIR: 0xfe09ac0 (memcpy) redirected to 0xffba918 (memcpy)
--2468-- REDIR: 0xfe047cc (realloc) redirected to 0xffb9960 (realloc)
--2468-- REDIR: 0xfe00f70 (free) redirected to 0xffb8340 (free)
--2468-- REDIR: 0xfe07618 (strnlen) redirected to 0xffba28c (strnlen)
--2468-- REDIR: 0xfe09720 (stpcpy) redirected to 0xffbb32c (stpcpy)
--2468-- REDIR: 0xfe06f10 (strcpy) redirected to 0xffba3a8 (strcpy)
--2468-- REDIR: 0xfe0c068 (rawmemchr) redirected to 0xffbb800 (rawmemchr)
--2468-- REDIR: 0xfe0c124 (strchrnul) redirected to 0xffbb7b4 (strchrnul)
--2468-- REDIR: 0xfe09144 (memset) redirected to 0xffbb6b0 (memset)
disInstr(ppc): unhandled instruction: 0x7D20009D
                 primary 31(0x1F), secondary 157(0x9D)
==2468== valgrind: Unrecognised instruction at address 0x100186A4.
==2468== Your program just tried to execute an instruction that Valgrind
==2468== did not recognise.  There are two possible reasons for this.
==2468== 1. Your program has a bug and erroneously jumped to a non-code
==2468==    location.  If you are running Memcheck and you just saw a
==2468==    warning about a bad jump, it's probably your program's fault.
==2468== 2. The instruction is legitimate but Valgrind doesn't handle it,
==2468==    i.e. it's Valgrind's fault.  If you think this is the case or
==2468==    you are not sure, please let us know and we'll try to fix it.
==2468== Either way, Valgrind will now raise a SIGILL signal which will
==2468== probably kill your program.
==2468==
==2468== Process terminating with default action of signal 4 (SIGILL)
==2468==  Illegal opcode at address 0x100186A4
==2468==    at 0x100186A4: shell_initialize (shell.c:1654)
==2468==    by 0x10019878: main (shell.c:543)
==2468==
==2468== ERROR SUMMARY: 4 errors from 2 contexts (suppressed: 1 from 1)
==2468==
==2468== 2 errors in context 1 of 2:
==2468== Conditional jump or move depends on uninitialised value(s)
==2468==    at 0x4002608: _dl_start (do-rel.h:117)
==2468==    by 0x40160E0: _start (in /lib/ld-2.9.so)
==2468==
==2468== 2 errors in context 2 of 2:
==2468== Conditional jump or move depends on uninitialised value(s)
==2468==    at 0x40025D0: _dl_start (do-rel.h:104)
==2468==    by 0x40160E0: _start (in /lib/ld-2.9.so)
--2468--
--2468-- supp:      1 dl-hack3-cond-1
==2468==
==2468== IN SUMMARY: 4 errors from 2 contexts (suppressed: 1 from 1)
==2468==
==2468== malloc/free: in use at exit: 1,082 bytes in 36 blocks.
==2468== malloc/free: 50 allocs, 14 frees, 10,665 bytes allocated.
==2468==
==2468== searching for pointers to 36 not-freed blocks.
==2468== checked 109,628 bytes.
==2468==
==2468== LEAK SUMMARY:
==2468==    definitely lost: 0 bytes in 0 blocks.
==2468==      possibly lost: 0 bytes in 0 blocks.
==2468==    still reachable: 1,082 bytes in 36 blocks.
==2468==         suppressed: 0 bytes in 0 blocks.
==2468== Rerun with --leak-check=full to see details of leaked memory.
--2468--  memcheck: sanity checks: 1 cheap, 2 expensive
--2468--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--2468--  memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10
--2468--  memcheck: auxmaps_L2: 0 searches, 0 nodes
--2468--  memcheck: SMs: n_issued      = 14 (224k, 0M)
--2468--  memcheck: SMs: n_deissued    = 0 (0k, 0M)
--2468--  memcheck: SMs: max_noaccess  = 65535 (1048560k, 1023M)
--2468--  memcheck: SMs: max_undefined = 0 (0k, 0M)
--2468--  memcheck: SMs: max_defined   = 44 (704k, 0M)
--2468--  memcheck: SMs: max_non_DSM   = 14 (224k, 0M)
--2468--  memcheck: max sec V bit nodes:    1 (0k, 0M)
--2468--  memcheck: set_sec_vbits8 calls: 1 (new: 1, updates: 0)
--2468--  memcheck: max shadow mem size:   528k, 0M
--2468-- translate:            fast SP updates identified: 369 ( 62.4%)
--2468-- translate:   generic_known SP updates identified: 155 ( 26.2%)
--2468-- translate: generic_unknown SP updates identified: 67 ( 11.3%)
--2468--     tt/tc: 5,520 tt lookups requiring 5,641 probes
--2468--     tt/tc: 5,520 fast-cache updates, 5 flushes
--2468--  transtab: new        2,636 (76,292 -> 1,071,536; ratio 140:10) [0 scs]
--2468--  transtab: dumped     0 (0 -> ??)
--2468--  transtab: discarded  10 (740 -> ??)
--2468-- scheduler: 104,847 jumps (bb entries).
--2468-- scheduler: 1/3,045 major/minor sched events.
--2468--    sanity: 2 cheap, 2 expensive checks.
--2468--    exectx: 769 lists, 29 contexts (avg 0 per list)
--2468--    exectx: 69 searches, 40 full compares (579 per 1000)
--2468--    exectx: 0 cmp2, 7 cmp4, 0 cmpAll
--2468--  errormgr: 3 supplist searches, 126 comparisons during search
--2468--  errormgr: 5 errlist searches, 7 comparisons during search
Illegal instruction

Comment 1 vrvazque 2009-08-10 22:06:27 UTC

Created attachment 36056 [details]
valgrind log for unhandled instruction

Below are parts of the valgrind log when run with -v --trace-flags=10000001 --trace-notbelow=0

Also, at the end is the dissasembly of bash at 0x100186A4

===================================================================

valgrind -v --trace-flags=10000001 --trace-notbelow=0 --log-file=val.log ./shell

...

==== BB 2679 shell_initialize+340(0x1001869c) BBs exec'd 91770 ====

------------------------ Front end ------------------------

        0x1001869C:  lwz r9,0(r3)

              ------ IMark(0x1001869C, 4) ------
              t0 = Add32(GET:I32(12),0x0:I32)
              PUT(36) = LDbe:I32(t0)

        0x100186A0:  lwz r0,4(r3)

              ------ IMark(0x100186A0, 4) ------
              PUT(896) = 0x100186A0:I32
              t1 = Add32(GET:I32(12),0x4:I32)
              PUT(0) = LDbe:I32(t1)

        0x100186A4:  disInstr(ppc): unhandled instruction: 0x7D20009D
                 primary 31(0x1F), secondary 157(0x9D)
              ------ IMark(0x100186A4, 0) ------
              PUT(896) = 0x100186A4:I32
              PUT(896) = 0x100186A4:I32
              goto {NoDecode} 0x100186A4:I32

. 0 1001869C 8
. 81 23 00 00 80 03 00 04


------------------------ Assembly ------------------------

mflr %r4
7C 88 02 A6

lwz %r5,12(%r31)
80 BF 00 0C

lwz %r6,0(%r5)
80 C5 00 00

stw %r6,36(%r31)
90 DF 00 24

li_word %r6,0x100186A0
3C C0 10 01 60 C6 86 A0

stw %r6,896(%r31)
90 DF 03 80

lwz %r6,4(%r5)
80 C5 00 04

stw %r6,0(%r31)
90 DF 00 00

li_word %r5,0x100186A4
3C A0 10 01 60 A5 86 A4

stw %r5,896(%r31)
90 BF 03 80

mtlr %r4
7C 88 03 A6

goto: { li %r31,$NoDecode ; li_word %r3,0x100186A4 ; blr }
3B E0 00 45 3C 60 10 01 60 63 86 A4 4E 80 00 20

==2014== valgrind: Unrecognised instruction at address 0x100186A4.


goto: { li %r31,$NoDecode ; li_word %r3,0x100186A4 ; blr }
3B E0 00 45 3C 60 10 01 60 63 86 A4 4E 80 00 20

==2014== valgrind: Unrecognised instruction at address 0x100186A4.


===================================================================

gdb /bin/bash
GNU gdb (GDB) 6.8.50.20081120-cvs
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "ppc-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
(gdb) disassemble 0x100186A4
Dump of assembler code for function shell_initialize:

...

0x10018680 <shell_initialize+312>:      addi    r30,r1,8
0x10018684 <shell_initialize+316>:      mr      r3,r30
0x10018688 <shell_initialize+320>:      li      r4,255
0x1001868c <shell_initialize+324>:      bl      0x100a7720 <gethostname@plt>
0x10018690 <shell_initialize+328>:      cmpwi   cr7,r3,0
0x10018694 <shell_initialize+332>:      mr      r3,r30
0x10018698 <shell_initialize+336>:      blt-    cr7,0x100186dc
<shell_initialize+404>
0x1001869c <shell_initialize+340>:      lwz     r9,0(r3)
0x100186a0 <shell_initialize+344>:      lwz     r0,4(r3)
0x100186a4 <shell_initialize+348>:      dlmzb.  r0,r9,r0
0x100186a8 <shell_initialize+352>:      bne-    0x100186c0
<shell_initialize+376>
0x100186ac <shell_initialize+356>:      addi    r3,r3,8
0x100186b0 <shell_initialize+360>:      lwz     r9,0(r3)
0x100186b4 <shell_initialize+364>:      lwz     r0,4(r3)
0x100186b8 <shell_initialize+368>:      dlmzb.  r0,r9,r0
0x100186bc <shell_initialize+372>:      beq-    0x100186ac
<shell_initialize+356>

Comment 2 Florian Krohm 2015-04-26 17:45:13 UTC

This has been reported before in bug #180513.

*** This bug has been marked as a duplicate of bug 180513 ***