SUMMARY vex amd64->IR: unhandled instruction bytes: 0xF0 0xC 0x0 0x0 0x0 0x0 0xC0 0x95 0xF0 0xC echo 'asm(".byte 0xF0, 0xC, 0x0, 0x0, 0x0, 0x0, 0xC0, 0x95, 0xF0, 0xC");' > i.c gcc -c i.c objdump -d i.o Disassembly of section .text: 0000000000000000 <.text>: 0: f0 0c 00 lock or $0x0,%al 3: 00 00 add %al,(%rax) 5: 00 c0 add %al,%al 7: 95 xchg %eax,%ebp 8: f0 lock 9: 0c .byte 0xc on running valgrind on self built umbrello (https://invent.kde.org/sdk/umbrello) STEPS TO REPRODUCE valgrind ./umbrello/umbrello5 OBSERVED RESULT ==24798== Memcheck, a memory error detector ==24798== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==24798== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==24798== Command: ./umbrello/umbrello5 ==24798== ==24798== Conditional jump or move depends on uninitialised value(s) ==24798== at 0x13DB3C6D: ??? (in /memfd:sljit (deleted)) ==24798== by 0x10E53477: ??? ==24798== ==24798== Conditional jump or move depends on uninitialised value(s) ==24798== at 0x13DB3C75: ??? (in /memfd:sljit (deleted)) ==24798== by 0x11267387: ??? ==24798== ==24798== Conditional jump or move depends on uninitialised value(s) ==24798== at 0x13DB3C75: ??? (in /memfd:sljit (deleted)) ==24798== by 0x11267387: ??? ==24798== by 0x11267387: ??? ==24798== by 0x11267397: ??? ==24798== by 0x11369B6F: ??? ==24798== by 0x11267387: ??? ==24798== ==24798== Use of uninitialised value of size 8 ==24798== at 0x13DB3E85: ??? (in /memfd:sljit (deleted)) ==24798== by 0x11267387: ??? ==24798== by 0x11267387: ??? ==24798== by 0x11267397: ??? ==24798== by 0x11369B6F: ??? ==24798== by 0x11267387: ??? ==24798== vex amd64->IR: unhandled instruction bytes: 0xF0 0xC 0x0 0x0 0x0 0x0 0xC0 0x95 0xF0 0xC vex amd64->IR: REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0 vex amd64->IR: VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=NONE vex amd64->IR: PFX.66=0 PFX.F2=0 PFX.F3=0 ==24798== valgrind: Unrecognised instruction at address 0x11369b72. ==24798== at 0x11369B72: ??? ==24798== by 0x11267387: ??? ==24798== by 0x11267387: ??? ==24798== by 0x11267397: ??? ==24798== by 0x11369B6F: ??? ==24798== by 0x11267387: ??? ==24798== Your program just tried to execute an instruction that Valgrind ==24798== did not recognise. There are two possible reasons for this. ==24798== 1. Your program has a bug and erroneously jumped to a non-code ==24798== location. If you are running Memcheck and you just saw a ==24798== warning about a bad jump, it's probably your program's fault. ==24798== 2. The instruction is legitimate but Valgrind doesn't handle it, ==24798== i.e. it's Valgrind's fault. If you think this is the case or ==24798== you are not sure, please let us know and we'll try to fix it. ==24798== Either way, Valgrind will now raise a SIGILL signal which will ==24798== probably kill your program. KCrash: Application 'umbrello5' crashing... EXPECTED RESULT No unhandled instruction bytes SOFTWARE/OS VERSIONS Linux/KDE Plasma: (available in About System) KDE Plasma Version: 5.20.2 KDE Frameworks Version: 5.75.0 Qt Version: 5.15.1 ADDITIONAL INFORMATION Tried this with SuSE provided valgrind-3.16.1 using gcc-7 and gcc-10 on: openSUSE Tumbleweed 20201110 and older Linux 5.9.1-2-default #1 SMP Mon Oct 26 07:02:23 UTC 2020 (435e92d) x86_64 x86_64 x86_64 GNU/Linux AMD Athlon II X2 250
FWIW, here is the GDB backtrace from the vgcore file: Program terminated with signal SIGILL, Illegal instruction. #0 __GI_raise (sig=4) at ../sysdeps/unix/sysv/linux/raise.c:45 #1 0x0000000008a34dcf in KCrash::defaultCrashHandler(int) () at /usr/lib64/libKF5Crash.so.5 #2 0x000000000a76cd20 in <signal handler called> () at /lib64/libc.so.6 #3 0x0000000011369b72 in () #4 0x0000000011369b70 in () #5 0x00000000112b7dc0 in () #6 0x00000000112b7da8 in () #7 0x0000000009f24127 in QThreadStorageData::get() const (this=0x1ffeff95d0) at thread/qthreadstorage.cpp:116 #8 0x0000000013db3b80 in () #9 0x0000000011369b70 in () #10 0x000000000cf4ce49 in pcre2_jit_match_16 () at /usr/lib64/libpcre2-16.so.0 #11 0x000000000cf4e61e in pcre2_match_16 () at /usr/lib64/libpcre2-16.so.0 #12 0x0000000009fbed7d in QRegularExpressionPrivate::doMatch(QString const&, int, int, int, QRegularExpression::MatchType, QFlags<QRegularExpression::MatchOption>, QRegularExpressionPrivate::CheckSubjectStringOption, QRegularExpressionMatchPrivate const*) const (this=0x117997c0, subject=..., subjectStart=0, subjectLength=8, offset=0, matchType=<optimized out>, matchOptions=..., checkSubjectStringOption=QRegularExpressionPrivate::CheckSubjectString, previous=0x0) at text/qregularexpression.cpp:1284 #13 0x0000000009fbf1bc in QRegularExpression::match(QString const&, int, QRegularExpression::MatchType, QFlags<QRegularExpression::MatchOption>) const (this=this@entry=0x1ffeffead8, subject="zoom-out", offset=offset@entry=0, matchType=matchType@entry=QRegularExpression::NormalMatch, matchOptions=matchOptions@entry=...) at ../../include/QtCore/../../src/corelib/text/qstring.h:1065 #14 0x000000000a1d3626 in QMimeGlobPattern::matchFileName(QString const&) const (this=0x1ffeffead8, this@entry=0x1ffeffeb70, inputFilename="zoom-out") at ../../include/QtCore/../../src/corelib/global/qflags.h:121 #15 0x000000000a1d5edd in QMimeBinaryProvider::matchGlobList(QMimeGlobMatchResult&, QMimeBinaryProvider::CacheFile*, int, QString const&) (this=<optimized out>, result=..., cacheFile=0x112bab50, off=<optimized out>, fileName="zoom-out") at mimetypes/qmimeprovider.cpp:271 #16 0x000000000a1d64fb in QMimeBinaryProvider::addFileNameMatches(QString const&, QMimeGlobMatchResult&) (this=0x112baa40, fileName="zoom-out", result=...) at ../../include/QtCore/../../src/corelib/global/qendian.h:115 #17 0x000000000a1c90d7 in QMimeDatabasePrivate::findByFileName(QString const&) (this=<optimized out>, fileName="zoom-out") at /usr/include/c++/10/bits/unique_ptr.h:421 #18 0x000000000a1cb2b5 in QMimeDatabasePrivate::mimeTypeForFileNameAndData(QString const&, QIODevice*, int*) (this=0xa3ef5c0 <(anonymous namespace)::Q_QGS_staticQMimeDatabase::innerFunction()::holder>, fileName="", device=0x1ffeffed80, accuracyPtr=0x1ffeffed6c) at mimetypes/qmimedatabase.cpp:359 #19 0x000000000a1cbd22 in QMimeDatabase::mimeTypeForFile(QFileInfo const&, QMimeDatabase::MatchMode) const (this=this@entry=0x1ffeffeeb0, fileInfo=..., mode=mode@entry=QMimeDatabase::MatchDefault) at mimetypes/qmimedatabase.cpp:567 #20 0x0000000009892208 in QIcon::addFile(QString const&, QSize const&, QIcon::Mode, QIcon::State) (state=QIcon::Off, mode=QIcon::Normal, size=..., fileName="zoom-out", this=0x1ffeffef90) at image/qicon.cpp:1096 #21 QIcon::addFile(QString const&, QSize const&, QIcon::Mode, QIcon::State) (this=0x1ffeffef90, fileName="zoom-out", size=..., mode=QIcon::Normal, state=QIcon::Off) at image/qicon.cpp:1085 #22 0x00000000098924c6 in QIcon::QIcon(QString const&) (this=<optimized out>, fileName=...) at ../../include/QtCore/../../src/corelib/tools/qsize.h:123 #23 0x00000000006ea5ab in UMLApp::initStatusBar() (this=0x130374e0) at /b/home/umbrello-master/umbrello/uml.cpp:867 #24 0x00000000006e23da in UMLApp::UMLApp(QWidget*) (this=0x130374e0, parent=0x0, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /b/home/umbrello-master/umbrello/uml.cpp:207 #25 0x000000000047714e in main(int, char**) (argc=1, argv=0x1ffefff5e8) at /b/home/umbrello-master/umbrello/main.cpp:194
This looks like an or instruction with a lock prefix. I don't know if that is valid or not. But I am not really sure this is the actual issue. There are several memcheck issues flagged before reaching this code. It would be good to have a replicator that didn't contain other warnings.
I tried again with valgrind-3.17.0 on Tumbleweed 20211012 and the messages are different: > valgrind ./umbrello/umbrello5 == Memcheck, a memory error detector == Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. == Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info == Command: ./umbrello/umbrello5 == -- WARNING: unhandled amd64-linux syscall: 435 -- You may be able to write your own handler. -- Read the file README_MISSING_SYSCALL_OR_IOCTL. -- Nevertheless we consider this a bug. Please report -- it at http://valgrind.org/support/bug_reports.html. -- WARNING: unhandled amd64-linux syscall: 435 -- You may be able to write your own handler. -- Read the file README_MISSING_SYSCALL_OR_IOCTL. -- Nevertheless we consider this a bug. Please report -- it at http://valgrind.org/support/bug_reports.html. KCrash: Application 'umbrello5' crashing... KCrash: Attempting to start /usr/lib64/libexec/drkonqi [1]+ Stopped valgrind ./umbrello/umbrello5 okellogg@hyrix:~/tools/umbrello/build> QSocketNotifier: Invalid socket 8 and type 'Read', disabling... Unable to start Dr. Konqi Re-raising signal for core dump handling. == == Process terminating with default action of signal 11 (SIGSEGV): dumping core == at 0xAB5487C: __pthread_kill_implementation (pthread_kill.c:44) == by 0xAB076F5: raise (raise.c:26) == by 0x5AE8D65: KCrash::defaultCrashHandler(int) (kcrash.cpp:620) == by 0xAB0779F: ??? (in /usr/lib64/libc.so.6) == by 0x14664C40: ??? (in /memfd:sljit (deleted)) == by 0xDF02F87: ??? == == Process terminating with default action of signal 11 (SIGSEGV) == General Protection Fault == at 0xAB57D12: __pthread_once_slow (pthread_once.c:115) == by 0xAC13D92: __rpc_thread_variables (rpc_thread.c:59) == by 0xAC662EC: free_mem (in /usr/lib64/libc.so.6) == by 0xAC65E21: __libc_freeres (in /usr/lib64/libc.so.6) == by 0x483713E: _vgnU_freeres (vg_preloaded.c:74) == by 0x3D719799812DEA10: ??? == == HEAP SUMMARY: == in use at exit: 3,425,246 bytes in 59,116 blocks == total heap usage: 249,860 allocs, 190,744 frees, 105,118,313 bytes allocated == == LEAK SUMMARY: == definitely lost: 4,920 bytes in 21 blocks == indirectly lost: 1,053 bytes in 38 blocks == possibly lost: 2,368 bytes in 12 blocks == still reachable: 3,414,889 bytes in 59,024 blocks == of which reachable via heuristic: == newarray : 216 bytes in 7 blocks == suppressed: 0 bytes in 0 blocks == Rerun with --leak-check=full to see details of leaked memory == == For lists of detected and suppressed errors, rerun with: -s == ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) [1]+ Segmentation fault (core dumped) valgrind ./umbrello/umbrello5 I have not yet been able to create a stripped down reproducer.
(In reply to Oliver Kellogg from comment #3) > I tried again with valgrind-3.17.0 on Tumbleweed 20211012 and the messages > are different: > > > valgrind ./umbrello/umbrello5 > == Memcheck, a memory error detector > == Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. > == Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info > == Command: ./umbrello/umbrello5 > == > -- WARNING: unhandled amd64-linux syscall: 435 > -- You may be able to write your own handler. > -- Read the file README_MISSING_SYSCALL_OR_IOCTL. > -- Nevertheless we consider this a bug. Please report > -- it at http://valgrind.org/support/bug_reports.html. > -- WARNING: unhandled amd64-linux syscall: 435 > -- You may be able to write your own handler. > -- Read the file README_MISSING_SYSCALL_OR_IOCTL. > -- Nevertheless we consider this a bug. Please report > -- it at http://valgrind.org/support/bug_reports.html. Try with valgrind 3.18.1. This is clone3. See https://bugs.kde.org/show_bug.cgi?id=439590
Thanks. I updated Tumbleweed to 20220102 with valgrind-3.18.1 and that gets rid of the unhandled amd64-linux syscall 435. Since the vex amd64->IR: unhandled instruction bytes no longer appear, I close this PR. As a side note, unfortunately I can still not use valgrind with umbrello (also tried kmail, gave similar trace with "??? (in /memfd:sljit (deleted))", see below) but that's another issue. > valgrind /usr/bin/umbrello5 == Memcheck, a memory error detector == Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. == Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info == Command: /usr/bin/umbrello5 == == Syscall param ioctl(generic) points to uninitialised byte(s) == at 0x82FE88B: ioctl (syscall-template.S:120) == by 0x188E66F7: drmIoctl (in /usr/lib64/libdrm.so.2.4.0) == by 0x188E96AB: drmCommandWriteRead (in /usr/lib64/libdrm.so.2.4.0) == by 0x260E8ABB: ??? (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x260E9BDA: nouveau_device_new (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x1EF62D06: nouveau_drm_screen_create (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753708: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1ED1A633: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753126: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1EC07264: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E4F4389: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D7E03: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == Address 0x1cf3f562 is 2 bytes inside a block of size 72 alloc'd == at 0x48437B5: malloc (vg_replace_malloc.c:381) == by 0x260E8A67: ??? (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x260E9BDA: nouveau_device_new (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x1EF62D06: nouveau_drm_screen_create (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753708: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1ED1A633: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753126: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1EC07264: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E4F4389: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D7E03: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D8CE1: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D8DC3: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == == Syscall param ioctl(generic) points to uninitialised byte(s) == at 0x82FE88B: ioctl (syscall-template.S:120) == by 0x188E66F7: drmIoctl (in /usr/lib64/libdrm.so.2.4.0) == by 0x188E96AB: drmCommandWriteRead (in /usr/lib64/libdrm.so.2.4.0) == by 0x260E92DD: nouveau_object_mthd (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x260E9BF9: nouveau_device_new (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x1EF62D06: nouveau_drm_screen_create (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753708: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1ED1A633: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753126: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1EC07264: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E4F4389: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D7E03: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == Address 0x1cf3f5f2 is 2 bytes inside a block of size 136 alloc'd == at 0x48437B5: malloc (vg_replace_malloc.c:381) == by 0x260E929E: nouveau_object_mthd (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x260E9BF9: nouveau_device_new (in /usr/lib64/libdrm_nouveau.so.2.0.0) == by 0x1EF62D06: nouveau_drm_screen_create (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753708: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1ED1A633: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E753126: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1EC07264: ??? (in /usr/lib64/dri/nouveau_dri.so) == by 0x1E4F4389: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D7E03: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D8CE1: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == by 0x1E4D8DC3: ??? (in /usr/lib64/libGLX_mesa.so.0.0.0) == == == Process terminating with default action of signal 11 (SIGSEGV): dumping core == General Protection Fault == at 0x296D5C41: ??? (in /memfd:sljit (deleted)) == by 0x1A32A4B7: ??? == == HEAP SUMMARY: == in use at exit: 4,353,848 bytes in 55,471 blocks == total heap usage: 233,415 allocs, 177,944 frees, 106,393,337 bytes allocated == == LEAK SUMMARY: == definitely lost: 4,920 bytes in 21 blocks == indirectly lost: 1,053 bytes in 38 blocks == possibly lost: 46,656 bytes in 559 blocks == still reachable: 4,301,219 bytes in 54,853 blocks == of which reachable via heuristic: == newarray : 192 bytes in 6 blocks == suppressed: 0 bytes in 0 blocks == Rerun with --leak-check=full to see details of leaked memory == == Use --track-origins=yes to see where uninitialised values come from == For lists of detected and suppressed errors, rerun with: -s == ERROR SUMMARY: 8 errors from 2 contexts (suppressed: 0 from 0) Segmentation fault (core dumped)