arm64: broken c++ exception handler support leads to std::terminate() being called and program abort
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libunwind (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Matthew Ruffell | ||
Focal |
Fix Released
|
Medium
|
Matthew Ruffell |
Bug Description
[Impact]
On architectures other than i386 and amd64, the C++ exception support in libunwind appears to be broken, always failing and calling std::terminate() which leads to the program aborting.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/
#1 0x0000fffff7c2daac in __GI_abort () at abort.c:79
#2 0x0000fffff7e21868 in __gnu_cxx:
from /lib/aarch64-
#3 0x0000fffff7e1f21c in ?? () from /lib/aarch64-
#4 0x0000fffff7e1f280 in std::terminate() ()
from /lib/aarch64-
#5 0x0000fffff7e1f5e0 in __cxa_rethrow ()
from /lib/aarch64-
#6 0x0000fffff7e21804 in __gnu_cxx:
from /lib/aarch64-
#7 0x0000fffff7e1f21c in ?? () from /lib/aarch64-
#8 0x0000fffff7e1f280 in std::terminate() ()
from /lib/aarch64-
#9 0x0000fffff7e1f574 in __cxa_throw ()
from /lib/aarch64-
#10 0x0000fffff7fb9f50 in function_throws_int () at lib.cpp:9
#11 0x0000aaaaaaaa0d54 in main (argc=1, argv=0xffffffff
Compiling libunwind with --enable-
On i386 and amd64 this doesn't seem to be the case, and the libunwind handlers seem to be present.
To fix, we only enable the configure option --enable-
[Testcase]
Ali Sadi has provided a reproducer program.
Start an arm64 instance, for example, a c6g.medium instance on AWS, with either Bionic or Focal.
$ wget https:/
$ sudo apt install -y build-essential libunwind-dev
$ tar xvf libunwind.tar.gz && cd test
$ make all
There are two executable, main and main_unwind. main is not linked to libunwind, and main_unwind is linked to libunwind.
$ ./main
int throws lib
int caught main
$ ./main_unwind
terminate called after throwing an instance of 'int'
terminate called recursively
Aborted (core dumped)
If you install the test package available in the following ppa:
https:/
$ make clean
$ sudo apt install -y libunwind-dev
$ make all
$ ./main
int throws lib
int caught main
$ ./main_unwind
int throws lib
int caught main
The exception is caught as expected the program does not abort.
[Where problems could occur]
For architectures other than i386 and amd64, we are changing from libunwind provided exception handlers for __cxa_throw(), and using those provided by libgcc_s instead.
There are a few reverse dependencies for libunwind-dev and libunwind8, which need to be considered:
$ apt rdepends libunwind-dev
libunwind-dev
Reverse Depends:
Depends: libunwind-
Depends: libefl-all-dev
t$ apt rdepends libunwind-dev 8
libunwind8
Reverse Depends:
Depends: libunwind-dev (= 1.2.1-9build1)
Depends: xvfb
Depends: xnest
Depends: xdmx
Depends: xwayland
Depends: xserver-xorg-core
Depends: xserver-xephyr
Depends: linux-tools-5.4.0-*
Depends: linux-raspi-tools-*
Depends: linux-raspi2-
Depends: linux-raspi2-
Depends: linux-oracle-
Depends: linux-lowlatenc
Depends: linux-hwe-
Depends: linux-hwe-
Depends: linux-gke-
Depends: linux-gke-
Depends: linux-gcp-
Depends: linux-gcp-
Depends: linux-azure-
Depends: linux-azure-
Depends: linux-aws-
Depends: linux-aws-
Depends: linux-aws-
Depends: xvfb
Depends: xnest
Depends: xdmx
Depends: trafficserver
Depends: tilix
Depends: tigervnc-
Depends: tarantool
Depends: sysprof
Depends: rspamd
Depends: libwine-development
Depends: libwine
Depends: libjulia1
Depends: libheaptrack
Depends: libevas-loaders
Depends: libephysics1
Depends: libeina1a
Depends: libecore-imf1
Depends: julia
Depends: geary
Depends: gdnsd
Depends: xwayland
Depends: xserver-xorg-core
Depends: xserver-xephyr
Depends: libunwind-setjmp0
The reporter seems to be hitting the issue with mcrouter, built themselves, so we can likely skip no-change rebuilds of rdepends until we get actual complaints that a bug exists in those packages, to keep regression risk down.
This does of course, leave the risk of regression to the future, especially during critical times, e.g. CVE fix.
[Other info]
This was resolved in Debian bug 923962 by the maintainer, by setting the configure option --enable-
https:/
The debdiff between Focal and Groovy is available here:
summary: |
- libunwind causes crashes on arm64 + arm64: broken c++ exception handler support leads to std::terminate() + being called and program abort |
description: | updated |
tags: | added: bionic focal sts |
tags: | added: sts-sponsor |
tags: |
added: sts-sponsor-halves removed: sts-sponsor |
tags: | removed: sts-sponsor-halves |
I've slimmed down the reproducer to a single main function and removed any additional compiler arguments.