262914 – lang/rust: Segfault in libunwind when cargo (from lang/rust) is ran with RUST_BACKTRACE=1 on powerpc

Bug 262914 - lang/rust: Segfault in libunwind when cargo (from lang/rust) is ran with RUST_BACKTRACE=1 on powerpc

Summary: lang/rust: Segfault in libunwind when cargo (from lang/rust) is ran with RUST...

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	13.1-RELEASE
Hardware:	powerpc Any

Importance:	--- Affects Many People
Assignee:	FreeBSD Rust Team

URL:	https://github.com/llvm/llvm-project/...
Keywords:	crash

Depends on:
Blocks:

Reported:	2022-03-30 00:15 UTC by Piotr Kubaj
Modified:	2024-10-27 14:40 UTC (History)
CC List:	4 users (show)

See Also:

Flags:	koobs: maintainer-feedback? (rust)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Piotr Kubaj freebsd_committer

2022-03-30 00:15:36 UTC

How to reproduce:
cargo new hello_cargo
cd hello_cargo
env RUST_BACKTRACE=1 cargo build

Backtrace:
Program terminated with signal SIGSEGV, Segmentation fault.
Address not mapped to object.
#0  libunwind::LocalAddressSpace::get32 (addr=431585656, this=<optimized out>) at /usr/src/contrib/llvm-project/libunwind/src/AddressSpace.hpp:164
164         memcpy(&val, (void *)addr, sizeof(val));
(gdb) bt
#0  libunwind::LocalAddressSpace::get32 (addr=431585656, this=<optimized out>) at /usr/src/contrib/llvm-project/libunwind/src/AddressSpace.hpp:164
#1  libunwind::CFI_Parser<libunwind::LocalAddressSpace>::parseCIE (addressSpace=..., cie=431585656, cieInfo=0xffff82e8)
    at /usr/src/contrib/llvm-project/libunwind/src/DwarfParser.hpp:319
#2  0x421bf76c in libunwind::CFI_Parser<libunwind::LocalAddressSpace>::findFDE (addressSpace=..., pc=18016363, ehSectionStart=28326632,
    sectionLength=<optimized out>, fdeHint=<optimized out>, fdeInfo=0xffff8308, cieInfo=0xffff82e8)
    at /usr/src/contrib/llvm-project/libunwind/src/DwarfParser.hpp:252
#3  0x421bf458 in libunwind::UnwindCursor<libunwind::LocalAddressSpace, libunwind::Registers_ppc>::getInfoFromDwarfSection (this=0xffff9848,
    pc=18016363, sects=..., fdeSectionOffsetHint=0) at /usr/src/contrib/llvm-project/libunwind/src/UnwindCursor.hpp:1566
#4  0x421bb658 in libunwind::UnwindCursor<libunwind::LocalAddressSpace, libunwind::Registers_ppc>::setInfoBasedOnIPRegister (this=0xffff9848,
    isReturnAddress=<optimized out>) at /usr/src/contrib/llvm-project/libunwind/src/UnwindCursor.hpp:1960
#5  0x421bb418 in libunwind::UnwindCursor<libunwind::LocalAddressSpace, libunwind::Registers_ppc>::step (this=0xffff9848)
    at /usr/src/contrib/llvm-project/libunwind/src/UnwindCursor.hpp:2105
#6  0x421ba108 in __unw_step (cursor=0xffff9848) at /usr/src/contrib/llvm-project/libunwind/src/libunwind.cpp:176
#7  0x421b8134 in _Unwind_Backtrace (callback=0x1977e74, ref=0xffff9c88) at /usr/src/contrib/llvm-project/libunwind/src/UnwindLevel1-gcc-ext.c:131

Comment 1 Piotr Kubaj freebsd_committer

2022-03-30 00:18:44 UTC

Happens only on powerpc. Doesn't affect powerpc64 or powerpc64le.

Comment 2 Piotr Kubaj freebsd_committer

2022-03-30 23:33:43 UTC

@dim
Reproducer:
#include <sys/types.h>
#include <string.h>
#include <stdio.h>

typedef uintptr_t pint_t;

uint32_t get32(pint_t addr) {
        uint32_t val;
        memcpy(&val, (void *)addr, sizeof(val));
        return val;
}

int main(int argc, char **argv)
{
        uint32_t a = get32(431585656);
        printf("%d\n", a);
        return 0;
}


Here it uses the value that was printed in the backtrace.
# cc test.c
# ./a.out
Segmentation fault (core dumped)

Comment 3 Dimitry Andric freebsd_committer

2022-03-31 08:10:34 UTC

(In reply to Piotr Kubaj from comment #2)
Hmm you can't just memcpy from some random address like 431585656? There is some other problem here, which causes libunwind to derive that bad address from CIE info, or something else.

Comment 4 Konrad Witaszczyk freebsd_committer

2022-06-07 13:56:04 UTC

On a FreeBSD/aarch64 host with a CheriBSD/aarch64 jail, I also encountered a similar issue for lang/rust 1.59.0:

Program received signal SIGSEGV, Segmentation fault.
Address not mapped to object.
0x0000000040e9a898 in ?? () from /lib/libgcc_s.so.1
(gdb) bt
#0  0x0000000040e9a898 in ?? () from /lib/libgcc_s.so.1
#1  0x0000000040e99004 in ?? () from /lib/libgcc_s.so.1
#2  0x0000000040e989ac in ?? () from /lib/libgcc_s.so.1
#3  0x0000000040e963d8 in _Unwind_Backtrace () from /lib/libgcc_s.so.1
#4  0x0000000000ca6e70 in std::backtrace::Backtrace::create ()
#5  0x00000000005308b0 in cargo::util::restricted_names::validate_package_name ()
#6  0x0000000000899bcc in <cargo::util::config::Config>::get_registry_index ()
#7  0x0000000000759b08 in <cargo::util::toml::TomlManifest>::patch ()
#8  0x000000000074d5e0 in cargo::util::toml::read_manifest ()
#9  0x000000000088dab8 in <cargo::core::workspace::Packages>::load ()
#10 0x0000000000889a78 in <cargo::core::workspace::Workspace>::find_root ()
#11 0x0000000000885cdc in <cargo::core::workspace::Workspace>::new ()
#12 0x00000000004d9d68 in <clap::args::arg_matches::ArgMatches as cargo::util::command_prelude::ArgMatchesExt>::workspace ()
#13 0x00000000004dfcc8 in cargo::commands::build::exec ()
#14 0x00000000004a8f08 in cargo::cli::main ()
#15 0x000000000048d1b4 in cargo::main ()
#16 0x00000000004c0a54 in std::sys_common::backtrace::__rust_begin_short_backtrace::<fn(), ()> ()
#17 0x00000000004de86c in _RNCINvNtCs9EQzpsGkFHW_3std2rt10lang_startuE0Cs8pXFdEvmJP8_5cargo.llvm.3052742989111023364 ()
#18 0x0000000000c99144 in std::rt::lang_start_internal ()
#19 0x000000000048ee18 in main ()
(gdb) 

The port was successfully built without RUST_BACKTRACE=1.

Comment 5 Alan Somers freebsd_committer

2024-10-27 14:40:58 UTC

pkubaj is this still an issue?  Also, how did you install Rust and Cargo?