public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state
@ 2022-11-14 17:17 avieira at gcc dot gnu.org
2022-11-14 17:41 ` [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code pinskia at gcc dot gnu.org
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: avieira at gcc dot gnu.org @ 2022-11-14 17:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
Bug ID: 107678
Summary: [13 Regression] Segfault in
aarch64_fallback_frame_state
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libgcc
Assignee: unassigned at gcc dot gnu.org
Reporter: avieira at gcc dot gnu.org
Target Milestone: ---
Hi,
We ran into a segfault when running SPEC 2017 Parest for aarch64-none-linux-gnu
on a Neoverse V1 target after g:146e45914032
These are the relevant frames of the segfault:
#0 0x0000ffff8bd2dd04 in aarch64_fallback_frame_state (context=0xffffe11f6e10,
fs=0xffffe11f71d0)
at ./md-unwind-support.h:74
#1 uw_frame_state_for (context=context@entry=0xffffe11f6e10,
fs=fs@entry=0xffffe11f71d0)
at .../libgcc/unwind-dw2.c:1275
#2 0x0000ffff8bd2f0ec in _Unwind_RaiseException (exc=0x36b105d0)
at .../libgcc/unwind.inc:104
#3 0x0000ffff8be8d6b4 in __cxxabiv1::__cxa_throw (obj=<optimized out>,
tinfo=0x56bf58 <typeinfo for dealii::SolverControl::NoConvergence>,
dest=0x468c00 <dealii::SolverControl::NoConvergence::~NoConvergence()
[clone .lto_priv.0]>)
at .../libstdc++-v3/libsupc++/eh_throw.cc:93
We do not see the same failure for a NEON only run, so the size of the vectors
could be a hint? But I haven't confirmed this.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
@ 2022-11-14 17:41 ` pinskia at gcc dot gnu.org
2022-11-14 17:42 ` jakub at gcc dot gnu.org
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-11-14 17:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Hmm, maybe the outputted dwarf2 from the compiler is broken. Because this is a
call to throw itself.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
2022-11-14 17:41 ` [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code pinskia at gcc dot gnu.org
@ 2022-11-14 17:42 ` jakub at gcc dot gnu.org
2022-11-14 17:43 ` jakub at gcc dot gnu.org
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-11-14 17:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Perhaps some previously latent buffer overflow?
I'm aware of e.g. __builtin_init_dwarf_reg_size_table theoretical problem with
SVE, the builtin computes register sizes in 8-bit unsigned integers, but SVE
can have 256-byte values.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
2022-11-14 17:41 ` [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code pinskia at gcc dot gnu.org
2022-11-14 17:42 ` jakub at gcc dot gnu.org
@ 2022-11-14 17:43 ` jakub at gcc dot gnu.org
2022-11-14 17:45 ` pinskia at gcc dot gnu.org
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-11-14 17:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I mean register sizes. So bet those compute as 0.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (2 preceding siblings ...)
2022-11-14 17:43 ` jakub at gcc dot gnu.org
@ 2022-11-14 17:45 ` pinskia at gcc dot gnu.org
2022-11-16 12:42 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-11-14 17:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note aarch64_fallback_frame_state segfault is
if (pc[0] != MOVZ_X8_8B || pc[1] != SVC_0)
pc comes from:
unsigned *pc = context->ra;
>so the size of the vectors could be a hint?
It is not in this case.
But it might be a hint on maybe the dwarf2 stack unwinding output is not fully
correct for non-constant offsets ...
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (3 preceding siblings ...)
2022-11-14 17:45 ` pinskia at gcc dot gnu.org
@ 2022-11-16 12:42 ` rguenth at gcc dot gnu.org
2022-11-21 10:06 ` marxin at gcc dot gnu.org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-11-16 12:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.0
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (4 preceding siblings ...)
2022-11-16 12:42 ` rguenth at gcc dot gnu.org
@ 2022-11-21 10:06 ` marxin at gcc dot gnu.org
2022-12-01 14:46 ` wilco at gcc dot gnu.org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-11-21 10:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marxin at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Last reconfirmed| |2022-11-21
Ever confirmed|0 |1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (5 preceding siblings ...)
2022-11-21 10:06 ` marxin at gcc dot gnu.org
@ 2022-12-01 14:46 ` wilco at gcc dot gnu.org
2022-12-01 16:52 ` wilco at gcc dot gnu.org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: wilco at gcc dot gnu.org @ 2022-12-01 14:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
Wilco <wilco at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wilco at gcc dot gnu.org
--- Comment #5 from Wilco <wilco at gcc dot gnu.org> ---
It's not related to SVE unwinding since adding +nosve still fails. The crash
happens after reading the correct return address from the stack. However the
top bits of this value get corrupted, resulting in an illegal access in
aarch64_fallback_frame_state (it seems doing an unconditional read is a bad
idea since at this point the RA may be corrupted).
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (6 preceding siblings ...)
2022-12-01 14:46 ` wilco at gcc dot gnu.org
@ 2022-12-01 16:52 ` wilco at gcc dot gnu.org
2022-12-03 21:24 ` laurent.alfonsi at linaro dot org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: wilco at gcc dot gnu.org @ 2022-12-01 16:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
Wilco <wilco at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at gcc dot gnu.org |wilco at gcc dot gnu.org
--- Comment #6 from Wilco <wilco at gcc dot gnu.org> ---
So the issue is that AArch64 return address signing was using the loc.offset
field which is now uninitialized. The fix is to check for REG_UNSAVED first and
use that to initialize the offset. I'm testing a patch.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (7 preceding siblings ...)
2022-12-01 16:52 ` wilco at gcc dot gnu.org
@ 2022-12-03 21:24 ` laurent.alfonsi at linaro dot org
2022-12-20 15:40 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: laurent.alfonsi at linaro dot org @ 2022-12-03 21:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
laurent.alfonsi at linaro dot org <laurent.alfonsi at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |laurent.alfonsi at linaro dot org
--- Comment #7 from laurent.alfonsi at linaro dot org <laurent.alfonsi at linaro dot org> ---
*** Bug 107940 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (8 preceding siblings ...)
2022-12-03 21:24 ` laurent.alfonsi at linaro dot org
@ 2022-12-20 15:40 ` rguenth at gcc dot gnu.org
2023-01-18 12:36 ` cvs-commit at gcc dot gnu.org
2023-01-23 16:46 ` wilco at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-12-20 15:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (9 preceding siblings ...)
2022-12-20 15:40 ` rguenth at gcc dot gnu.org
@ 2023-01-18 12:36 ` cvs-commit at gcc dot gnu.org
2023-01-23 16:46 ` wilco at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-01-18 12:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Wilco Dijkstra <wilco@gcc.gnu.org>:
https://gcc.gnu.org/g:c98cd1df22fbe0829149e346a1ba9bf1f0be8a40
commit r13-5240-gc98cd1df22fbe0829149e346a1ba9bf1f0be8a40
Author: Wilco Dijkstra <wilco.dijkstra@arm.com>
Date: Tue Jan 3 15:57:46 2023 +0000
libgcc: Fix uninitialized RA signing on AArch64 [PR107678]
A recent change only initializes the regs.how[] during Dwarf unwinding
which resulted in an uninitialized offset used in return address signing
and random failures during unwinding. The fix is to encode the return
address signing state in REG_UNSAVED and a new state REG_UNSAVED_ARCHEXT.
libgcc/
PR target/107678
* unwind-dw2.h (REG_UNSAVED_ARCHEXT): Add new enum.
* unwind-dw2.c (uw_update_context_1): Add REG_UNSAVED_ARCHEXT case.
* unwind-dw2-execute_cfa.h: Use REG_UNSAVED_ARCHEXT/REG_UNSAVED to
encode the return address signing state.
* config/aarch64/aarch64-unwind.h (aarch64_demangle_return_addr)
Check current return address signing state.
(aarch64_frob_update_contex): Remove.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
` (10 preceding siblings ...)
2023-01-18 12:36 ` cvs-commit at gcc dot gnu.org
@ 2023-01-23 16:46 ` wilco at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: wilco at gcc dot gnu.org @ 2023-01-23 16:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107678
Wilco <wilco at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Wilco <wilco at gcc dot gnu.org> ---
Fixed
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2023-01-23 16:46 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-14 17:17 [Bug libgcc/107678] New: [13 Regression] Segfault in aarch64_fallback_frame_state avieira at gcc dot gnu.org
2022-11-14 17:41 ` [Bug target/107678] [13 Regression] Segfault in aarch64_fallback_frame_state when running SVE code pinskia at gcc dot gnu.org
2022-11-14 17:42 ` jakub at gcc dot gnu.org
2022-11-14 17:43 ` jakub at gcc dot gnu.org
2022-11-14 17:45 ` pinskia at gcc dot gnu.org
2022-11-16 12:42 ` rguenth at gcc dot gnu.org
2022-11-21 10:06 ` marxin at gcc dot gnu.org
2022-12-01 14:46 ` wilco at gcc dot gnu.org
2022-12-01 16:52 ` wilco at gcc dot gnu.org
2022-12-03 21:24 ` laurent.alfonsi at linaro dot org
2022-12-20 15:40 ` rguenth at gcc dot gnu.org
2023-01-18 12:36 ` cvs-commit at gcc dot gnu.org
2023-01-23 16:46 ` wilco at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).