424034 – amd64->IR: unhandled instruction bytes: 0x8F 0xE9 0xF8 0x9B 0x5 0x5B 0x61 0xC 0x0 0xB8

Bug 424034 - amd64->IR: unhandled instruction bytes: 0x8F 0xE9 0xF8 0x9B 0x5 0x5B 0x61 0xC 0x0 0xB8

Summary: amd64->IR: unhandled instruction bytes: 0x8F 0xE9 0xF8 0x9B 0x5 0x5B 0x61 0xC...

Status:	RESOLVED DUPLICATE of bug 339596

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	memcheck (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-07-09 19:17 UTC by Joseph
Modified:	2021-02-20 21:09 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Joseph 2020-07-09 19:17:14 UTC

SUMMARY
valgrind causes some commands run under it to fail with SIGILL that normally succeed.

STEPS TO REPRODUCE
1. Compile python3.10 from the git repo (heads/master:48289b6096)
2. Run `valgrind python3.10 -m json.tool` with an input JSON file provided from stdin and output to `/dev/null`
3. Run the same command without valgrind and observe that it does not fail

OBSERVED RESULT

usera@kali ~ % valgrind python3.10 -m json.tool < Documents/dump.json > /dev/null
==712008== Memcheck, a memory error detector
==712008== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==712008== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==712008== Command: python3.10 -m json.tool
==712008== 
vex amd64->IR: unhandled instruction bytes: 0x8F 0xE9 0xF8 0x9B 0x5 0x5B 0x61 0xC 0x0 0xB8
vex amd64->IR:   REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=NONE
vex amd64->IR:   PFX.66=0 PFX.F2=0 PFX.F3=0
==712008== valgrind: Unrecognised instruction at address 0x6316ac.
==712008==    at 0x6316AC: UnknownInlinedFun (getpath.c:0)
==712008==    by 0x6316AC: UnknownInlinedFun (getpath.c:1522)
==712008==    by 0x6316AC: UnknownInlinedFun (getpath.c:1605)
==712008==    by 0x6316AC: UnknownInlinedFun (pathconfig.c:318)
==712008==    by 0x6316AC: UnknownInlinedFun (pathconfig.c:336)
==712008==    by 0x6316AC: UnknownInlinedFun (pathconfig.c:403)
==712008==    by 0x6316AC: config_read (initconfig.c:1752)
==712008==    by 0x6316AC: PyConfig_Read (initconfig.c:2536)
==712008==    by 0x63FE7E: pyinit_core (pylifecycle.c:928)
==712008==    by 0x63FE7E: Py_InitializeFromConfig (pylifecycle.c:1144)
==712008==    by 0x420F6D: pymain_init (main.c:66)
==712008==    by 0x420D20: pymain_main (main.c:694)
==712008==    by 0x41F5FB: UnknownInlinedFun (main.c:727)
==712008==    by 0x41F5FB: main (python.c:15)
==712008== Your program just tried to execute an instruction that Valgrind
==712008== did not recognise.  There are two possible reasons for this.
==712008== 1. Your program has a bug and erroneously jumped to a non-code
==712008==    location.  If you are running Memcheck and you just saw a
==712008==    warning about a bad jump, it's probably your program's fault.
==712008== 2. The instruction is legitimate but Valgrind doesn't handle it,
==712008==    i.e. it's Valgrind's fault.  If you think this is the case or
==712008==    you are not sure, please let us know and we'll try to fix it.
==712008== Either way, Valgrind will now raise a SIGILL signal which will
==712008== probably kill your program.
==712008== 
==712008== Process terminating with default action of signal 4 (SIGILL)
==712008==  Illegal opcode at address 0x6316AC
==712008==    at 0x6316AC: UnknownInlinedFun (getpath.c:0)
==712008==    by 0x6316AC: UnknownInlinedFun (getpath.c:1522)
==712008==    by 0x6316AC: UnknownInlinedFun (getpath.c:1605)
==712008==    by 0x6316AC: UnknownInlinedFun (pathconfig.c:318)
==712008==    by 0x6316AC: UnknownInlinedFun (pathconfig.c:336)
==712008==    by 0x6316AC: UnknownInlinedFun (pathconfig.c:403)
==712008==    by 0x6316AC: config_read (initconfig.c:1752)
==712008==    by 0x6316AC: PyConfig_Read (initconfig.c:2536)
==712008==    by 0x63FE7E: pyinit_core (pylifecycle.c:928)
==712008==    by 0x63FE7E: Py_InitializeFromConfig (pylifecycle.c:1144)
==712008==    by 0x420F6D: pymain_init (main.c:66)
==712008==    by 0x420D20: pymain_main (main.c:694)
==712008==    by 0x41F5FB: UnknownInlinedFun (main.c:727)
==712008==    by 0x41F5FB: main (python.c:15)
==712008== 
==712008== HEAP SUMMARY:
==712008==     in use at exit: 1,548 bytes in 31 blocks
==712008==   total heap usage: 109 allocs, 78 frees, 16,207 bytes allocated
==712008== 
==712008== LEAK SUMMARY:
==712008==    definitely lost: 188 bytes in 2 blocks
==712008==    indirectly lost: 0 bytes in 0 blocks
==712008==      possibly lost: 0 bytes in 0 blocks
==712008==    still reachable: 1,360 bytes in 29 blocks
==712008==         suppressed: 0 bytes in 0 blocks
==712008== Rerun with --leak-check=full to see details of leaked memory
==712008== 
==712008== For lists of detected and suppressed errors, rerun with: -s
==712008== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
[1]    712008 illegal hardware instruction  valgrind python3.10 -m json.tool < Documents/dump.json > /dev/null
132 usera@kali ~ % python3.10 -m json.tool < Documents/dump.json > /dev/null
usera@kali ~ %


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 5.6.0
(available in About System)
KDE Plasma Version: 5.17.5
KDE Frameworks Version: 5.70.0
Qt Version: 5.12.5
ADDITIONAL INFORMATION
valgrind version 3.16.1
Python version info:
Python 3.10.0a0 (heads/master:48289b6096, Jun 28 2020, 18:17:13) 
[Clang 9.0.1 ] on linux

Comment 1 Paul Floyd 2020-07-10 15:35:59 UTC

Can you say what model of CPU this is with? (model name and flags from /proc/cpuinfo)

Comment 2 Joseph 2020-07-10 18:52:09 UTC

(In reply to Paul Floyd from comment #1)
> Can you say what model of CPU this is with? (model name and flags from
> /proc/cpuinfo)

model name      : AMD A9-9425
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good acc_power nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm perfctr_core perfctr_nb bpext ptsc mwaitx cpb hw_pstate ssbd ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 xsaveopt arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov

Comment 3 Tom Hughes 2020-07-10 19:21:26 UTC

I'm pretty sure that's one of the AMD specific instructions that we don't support.

As a rule don't use -march=native on code you want to valgrind, especially if you're on a very recent CPU or an AMD CPU.

Comment 4 Joseph 2020-07-10 19:25:55 UTC

(In reply to Tom Hughes from comment #3)
> I'm pretty sure that's one of the AMD specific instructions that we don't
> support.

Is there a list of those instructions in the docs somewhere?

Comment 5 Tom Hughes 2020-07-10 21:50:16 UTC

As list of instructions we don't support? No, because it's not some intentional decision, it's just things nobody has done yet.

In this case it's an AMD XOP instruction (https://en.wikipedia.org/wiki/XOP_instruction_set) given the 8F prefix and I don't believe any of those have been implemented.

Comment 6 Mark Wielaard 2021-02-20 21:09:32 UTC

Indeed, this is the XOP VPSHAQ 	Packed Shift Arithmetic Quadwords instruction.

*** This bug has been marked as a duplicate of bug 339596 ***