On ARM32 (ALT Linux) any tool of valgrind (even `none`) reports SIGSEGV and crashes target binary (which is perfectly working otherwise): ``` # valgrind --tool=none ls ==2125518== Nulgrind, the minimal Valgrind tool ==2125518== Copyright (C) 2002-2017, and GNU GPL'd, by Nicholas Nethercote. ==2125518== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info ==2125518== Command: ls ==2125518== ==2125518== ==2125518== Process terminating with default action of signal 11 (SIGSEGV) ==2125518== Access not within mapped region at address 0xFEB7FFAC ==2125518== at 0x4012068: _dl_discover_osversion (in /lib/ld-linux-armhf.so.3) ==2125518== If you believe this happened as a result of a stack ==2125518== overflow in your program's main thread (unlikely but ==2125518== possible), you can try to increase the size of the ==2125518== main thread stack using the --main-stacksize= flag. ==2125518== The main thread stack size used in this run was 8388608. ==2125518== Segmentation fault ``` When run under another user reported function is different: ``` $ valgrind --tool=none ls ==2127882== Nulgrind, the minimal Valgrind tool ==2127882== Copyright (C) 2002-2017, and GNU GPL'd, by Nicholas Nethercote. ==2127882== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info ==2127882== Command: ls ==2127882== ==2127882== ==2127882== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==2127882== Access not within mapped region at address 0xFE8D325C ==2127882== at 0x40134B8: handle_preload_list (in /lib/ld-linux-armhf.so.3) ==2127882== If you believe this happened as a result of a stack ==2127882== overflow in your program's main thread (unlikely but ==2127882== possible), you can try to increase the size of the ==2127882== main thread stack using the --main-stacksize= flag. ==2127882== The main thread stack size used in this run was 8388608. ==2127882== Segmentation fault ``` ``` /# ls bin boot dev etc home lib media mnt opt proc root run sbin selinux srv sys tmp usr var ```
Stack traces with debuginfo installed: ``` ==2137208== Process terminating with default action of signal 11 (SIGSEGV) ==2137208== Access not within mapped region at address 0xFEAD6FAC ==2137208== at 0x4012068: _dl_discover_osversion (dl-sysdep.c:260) ==2137208== by 0x40144BB: dl_main (rtld.c:1768) ==2137208== by 0x4011E43: _dl_sysdep_start (dl-sysdep.c:142) ==2137208== by 0x4013271: _dl_start (rtld.c:507) ==2137208== by 0x401266F: ??? (in /lib/ld-linux-armhf.so.3) ``` ``` ==2137268== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==2137268== Access not within mapped region at address 0xFE90E25C ==2137268== at 0x40134B8: handle_preload_list (rtld.c:894) ==2137268== by 0x401579D: dl_main (rtld.c:1891) ==2137268== by 0x4011E43: _dl_sysdep_start (dl-sysdep.c:142) ==2137268== by 0x4013271: _dl_start (rtld.c:507) ==2137268== by 0x401266F: ??? (in /lib/ld-linux-armhf.so.3) ```
This is still true for valgrind-3.22.0: ``` builder@armv7l:~/RPM/BUILD/valgrind-3.22.0$ ./vg-in-place /bin/true ==228878== Memcheck, a memory error detector ==228878== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==228878== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info ==228878== Command: /bin/true ==228878== ==228878== Invalid write of size 4 ==228878== at 0x10568: ??? (in /bin/true) ==228878== by 0xFEC454E3: ??? ==228878== Address 0xfec454b4 is on thread 1's stack ==228878== 24 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x18D72: ??? (in /bin/true) ==228878== Address 0xfec453d4 is on thread 1's stack ==228878== 224 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x1876A: ??? (in /bin/true) ==228878== Address 0xfec45434 is on thread 1's stack ==228878== 104 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x107F0: ??? (in /bin/true) ==228878== Address 0xfec4545c is on thread 1's stack ==228878== 64 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x17FDE: ??? (in /bin/true) ==228878== Address 0xfec45458 is on thread 1's stack ==228878== 24 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x18D0E: ??? (in /bin/true) ==228878== Address 0xfec45460 is on thread 1's stack ==228878== 16 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x1854E: ??? (in /bin/true) ==228878== Address 0xfec45458 is on thread 1's stack ==228878== 24 bytes below stack pointer ==228878== ==228878== Syscall param set_robust_list(head) points to uninitialised byte(s) ==228878== at 0x10A16: ??? (in /bin/true) ==228878== by 0x185B1: ??? (in /bin/true) ==228878== Address 0x4000074 is in the brk data segment 0x4000000-0x4000873 ==228878== ==228878== Invalid write of size 4 ==228878== at 0x19652: ??? (in /bin/true) ==228878== Address 0xfec45490 is on thread 1's stack ==228878== 32 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x21ADE: ??? (in /bin/true) ==228878== Address 0xfec45488 is on thread 1's stack ==228878== 16 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x19722: ??? (in /bin/true) ==228878== Address 0xfec454a0 is on thread 1's stack ==228878== 16 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x18EA0: ??? (in /bin/true) ==228878== Address 0xfec4543c is on thread 1's stack ==228878== 80 bytes below stack pointer ==228878== ==228878== Invalid write of size 4 ==228878== at 0x2991A: ??? (in /bin/true) ==228878== Address 0xfec44450 is not stack'd, malloc'd or (recently) free'd ==228878== ==228878== ==228878== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==228878== Access not within mapped region at address 0xFEC44450 ==228878== at 0x2991A: ??? (in /bin/true) ==228878== If you believe this happened as a result of a stack ==228878== overflow in your program's main thread (unlikely but ==228878== possible), you can try to increase the size of the ==228878== main thread stack using the --main-stacksize= flag. ==228878== The main thread stack size used in this run was 8388608. ==228878== ==228878== HEAP SUMMARY: ==228878== in use at exit: 0 bytes in 0 blocks ==228878== total heap usage: 0 allocs, 0 frees, 0 bytes allocated ==228878== ==228878== All heap blocks were freed -- no leaks are possible ==228878== ==228878== Use --track-origins=yes to see where uninitialised values come from ==228878== For lists of detected and suppressed errors, rerun with: -s ==228878== ERROR SUMMARY: 13 errors from 13 contexts (suppressed: 0 from 0) Segmentation fault ```
You need to diagnose those invalid writes first.
It's still crashes with tool none: ``` builder@armv7l:~/RPM/BUILD/valgrind-3.22.0$ ./vg-in-place --tool=none /bin/true ==1347567== Nulgrind, the minimal Valgrind tool ==1347567== Copyright (C) 2002-2017, and GNU GPL'd, by Nicholas Nethercote. ==1347567== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info ==1347567== Command: /bin/true ==1347567== ==1347567== ==1347567== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==1347567== Access not within mapped region at address 0xFEF1C4A0 ==1347567== at 0x2991A: ??? (in /bin/true) ==1347567== If you believe this happened as a result of a stack ==1347567== overflow in your program's main thread (unlikely but ==1347567== possible), you can try to increase the size of the ==1347567== main thread stack using the --main-stacksize= flag. ==1347567== The main thread stack size used in this run was 8388608. ==1347567== Segmentation fault ``` With suppressor from Debian: ``` builder@armv7l:~/RPM/BUILD/valgrind-3.22.0$ ./vg-in-place --suppressions=armhf-stackclash.supp /bin/true ==1355694== Memcheck, a memory error detector ==1355694== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==1355694== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info ==1355694== Command: /bin/true ==1355694== ==1355694== Syscall param set_robust_list(head) points to uninitialised byte(s) ==1355694== at 0x10A16: ??? (in /bin/true) ==1355694== by 0x185B1: ??? (in /bin/true) ==1355694== Address 0x4000074 is in the brk data segment 0x4000000-0x4000873 ==1355694== ==1355694== ==1355694== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==1355694== Access not within mapped region at address 0xFEF00450 ==1355694== at 0x2991A: ??? (in /bin/true) ==1355694== If you believe this happened as a result of a stack ==1355694== overflow in your program's main thread (unlikely but ==1355694== possible), you can try to increase the size of the ==1355694== main thread stack using the --main-stacksize= flag. ==1355694== The main thread stack size used in this run was 8388608. ==1355694== ==1355694== HEAP SUMMARY: ==1355694== in use at exit: 0 bytes in 0 blocks ==1355694== total heap usage: 0 allocs, 0 frees, 0 bytes allocated ==1355694== ==1355694== All heap blocks were freed -- no leaks are possible ==1355694== ==1355694== Use --track-origins=yes to see where uninitialised values come from ==1355694== For lists of detected and suppressed errors, rerun with: -s ==1355694== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 12 from 12) Segmentation fault builder@armv7l:~/RPM/BUILD/valgrind-3.22.0$ cat armhf-stackclash.supp # On armhf, stack-clash-protector is implemented by writing out of stack # bounds. https://bugzilla.redhat.com/show_bug.cgi?id=1522678 { stack-clash-protection-armhf Memcheck:Addr4 obj:* } ```
I don't have a very high opinion of Debian. Suppressing the error doesn't make it go away. And that suppression will hide ALL Addr4 errors. Don't do that. I would also expect 'none' to behave much like 'memcheck', with the difference that 'none' doesn't intercept memory related functions. The main use of none is to make sure that the Valgrind core machinery is correct. If the problem is in the guest executable 'none' won't change anything.