[llvm-bugs] [Bug 50972] New: libunwind: After 23bef7ee9923/22b615a96593, backtrace segfault on aarch64 with clang-11 compiled executable
via llvm-bugs
llvm-bugs at lists.llvm.org
Sat Jul 3 13:02:52 PDT 2021
https://bugs.llvm.org/show_bug.cgi?id=50972
Bug ID: 50972
Summary: libunwind: After 23bef7ee9923/22b615a96593, backtrace
segfault on aarch64 with clang-11 compiled executable
Product: new-bugs
Version: trunk
Hardware: Other
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: dimitry at andric.com
CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org
As reported in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256864#c13,
after the recent upgrade to LLVM 12.0.1 (including libunwind) in FreeBSD
14.0-CURRENT, some programs using backtrace() on aarch64 started segfaulting,
in particular rust's cargo tool. However, this only occurred for programs built
using the previous version of LLVM, 11.0.1.
E.g., compiling a very small program like:
#include <execinfo.h>
int main() {
void *addrlist[100];
backtrace(addrlist, 100);
}
with clang 11.0.1 on aarch64, then running it on FreeBSD 14.0-CURRENT with
libunwind 12.0.1, will result in a segfault during backtrace(). However, if the
same program is compiled with clang 12.0.1, however, there is no segfault.
The segfault stack trace looks like this:
Program received signal SIGSEGV, Segmentation fault.
libunwind::DwarfInstructions<libunwind::LocalAddressSpace,
libunwind::Registers_arm64>::getSavedRegister (addressSpace=..., registers=...,
cfa=cfa at entry=64, savedReg=...) at
/usr/src/contrib/llvm-project/libunwind/src/DwarfInstructions.hpp:84
84 return (pint_t)addressSpace.getRegister(cfa +
(pint_t)savedReg.value);
(gdb) bt
#0 libunwind::DwarfInstructions<libunwind::LocalAddressSpace,
libunwind::Registers_arm64>::getSavedRegister (addressSpace=..., registers=...,
cfa=cfa at entry=64, savedReg=...) at
/usr/src/contrib/llvm-project/libunwind/src/DwarfInstructions.hpp:84
#1 0x000000004076358c in
libunwind::DwarfInstructions<libunwind::LocalAddressSpace,
libunwind::Registers_arm64>::stepWithDwarf (addressSpace=..., pc=<optimized
out>, fdeStart=<optimized out>, registers=..., isSignalFrame=@0xffffffffe739:
false) at /usr/src/contrib/llvm-project/libunwind/src/DwarfInstructions.hpp:192
#2 0x00000000407630f8 in libunwind::UnwindCursor<libunwind::LocalAddressSpace,
libunwind::Registers_arm64>::stepWithDwarfFDE (this=0xffffffffe4d0) at
/usr/src/contrib/llvm-project/libunwind/src/UnwindCursor.hpp:954
#3 libunwind::UnwindCursor<libunwind::LocalAddressSpace,
libunwind::Registers_arm64>::step (this=0xffffffffe4d0) at
/usr/src/contrib/llvm-project/libunwind/src/UnwindCursor.hpp:2090
#4 0x0000000040760b64 in _Unwind_Backtrace (callback=0x402aecdc <tracer>,
ref=<optimized out>) at
/usr/src/contrib/llvm-project/libunwind/src/UnwindLevel1-gcc-ext.c:131
#5 0x00000000402aec90 in backtrace (arr=<optimized out>, len=<optimized out>)
at /usr/src/contrib/libexecinfo/unwind.c:69
#6 0x00000000002108c0 in main () at bt.c:6
(gdb) print cfa
$1 = 64
(gdb) print savedReg.value
$2 = -8
E.g. getRegister effectively tries to do a get64() on the address 64-8 = 56,
which causes a segfault.
After some bisection, the segfault turned out to be caused by
https://github.com/llvm/llvm-project/commit/22b615a96593 ("[libunwind] Support
for leaf function unwinding"), which was a re-land of
https://github.com/llvm/llvm-project/commit/23bef7ee9923.
I'm unsure on how to debug this further, as the difference between the
executables's .eh_frame sections is signifcant. The clang 11.0.1 compiled
executable's .eh_frame section decodes to:
The section .eh_frame contains:
0000001c 00000014 00000000 CIE "zR" cf=1 df=-4 ra=30
LOC CFA
0021063c r31+0
00000018 0000001c 0000001c FDE cie=00000000 pc=0021063c..002106d8
LOC CFA r19 r20 r21 r29 ra
0021063c r31+0 u u u u u
0021064c r29+48 c-8 c-16 c-32 c-48 c-40
00000038 00000024 0000003c FDE cie=00000000 pc=002106d8..002107f8
LOC CFA r19 r20 r21 r22 r23 r24 r29 ra
002106d8 r31+0 u u u u u u u u
002106ec r29+64 c-8 c-16 c-24 c-32 c-40 c-48 c-64 c-56
00000060 00000024 00000064 FDE cie=00000000 pc=002107f8..00210858
LOC CFA r19 r20 r29 ra
002107f8 r31+0 u u u u
00210804 r29+32 c-8 c-16 c-32 c-24
00000088 0000001c 0000008c FDE cie=00000000 pc=00210898..002108d8
LOC CFA r28 r29 ra
00210898 r31+0 u u u
002108a8 r29+32 c-16 c-32 c-24
while the clang 12.0.1 compiled executable's .eh_frame section decodes to:
The section .eh_frame contains:
0000001c 00000014 00000000 CIE "zR" cf=1 df=-4 ra=30
LOC CFA
002107dc r31+0
00000018 00000014 0000001c FDE cie=00000000 pc=002107dc..002107f4
LOC CFA
002107dc r31+0
00000030 0000001c 00000034 FDE cie=00000000 pc=00210828..00210864
LOC CFA r28 r29 ra
00210828 r31+0 u u u
00210838 r29+32 c-16 c-32 c-24
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210703/39baad15/attachment.html>
More information about the llvm-bugs
mailing list