2022-12-08 03:39:47 |
Ali Saidi |
bug |
|
|
added bug |
2022-12-08 03:39:47 |
Ali Saidi |
attachment added |
|
small reproducer https://bugs.launchpad.net/bugs/1999104/+attachment/5635122/+files/libunwind.tar.gz |
|
2022-12-08 16:09:57 |
William Ashley |
attachment added |
|
repro.tar.gz https://bugs.launchpad.net/ubuntu/+source/libunwind/+bug/1999104/+attachment/5635160/+files/repro.tar.gz |
|
2022-12-13 03:07:41 |
Matthew Ruffell |
nominated for series |
|
Ubuntu Focal |
|
2022-12-13 03:07:41 |
Matthew Ruffell |
bug task added |
|
libunwind (Ubuntu Focal) |
|
2022-12-13 03:07:41 |
Matthew Ruffell |
nominated for series |
|
Ubuntu Bionic |
|
2022-12-13 03:07:41 |
Matthew Ruffell |
bug task added |
|
libunwind (Ubuntu Bionic) |
|
2022-12-13 03:07:47 |
Matthew Ruffell |
libunwind (Ubuntu): status |
New |
Fix Released |
|
2022-12-13 03:07:52 |
Matthew Ruffell |
libunwind (Ubuntu Bionic): status |
New |
In Progress |
|
2022-12-13 03:07:54 |
Matthew Ruffell |
libunwind (Ubuntu Focal): status |
New |
In Progress |
|
2022-12-13 03:07:57 |
Matthew Ruffell |
libunwind (Ubuntu Bionic): importance |
Undecided |
Medium |
|
2022-12-13 03:08:00 |
Matthew Ruffell |
libunwind (Ubuntu Focal): importance |
Undecided |
Medium |
|
2022-12-13 03:08:02 |
Matthew Ruffell |
libunwind (Ubuntu Bionic): assignee |
|
Matthew Ruffell (mruffell) |
|
2022-12-13 03:08:05 |
Matthew Ruffell |
libunwind (Ubuntu Focal): assignee |
|
Matthew Ruffell (mruffell) |
|
2022-12-13 03:08:09 |
Matthew Ruffell |
bug |
|
|
added subscriber Matthew Ruffell |
2022-12-13 03:12:29 |
Matthew Ruffell |
attachment added |
|
Debdiff for libunwind on Bionic https://bugs.launchpad.net/ubuntu/+source/libunwind/+bug/1999104/+attachment/5635450/+files/lp1999104_bionic.debdiff |
|
2022-12-13 03:13:13 |
Matthew Ruffell |
attachment added |
|
Debdiff for libunwind on Focal https://bugs.launchpad.net/ubuntu/+source/libunwind/+bug/1999104/+attachment/5635451/+files/lp1999104_focal.debdiff |
|
2022-12-13 04:11:45 |
Matthew Ruffell |
summary |
libunwind causes crashes on arm64 |
arm64: broken c++ exception handler support leads to std::terminate() being called and program abort |
|
2022-12-13 04:12:20 |
Matthew Ruffell |
description |
There is a bug in libunwind in both 18.04 and 20.04 on arm64 where when linked with libunwind instead of catching an exception, the program crashes. This was first seen on mcrouter, but attached is a small reproducer where `main_unwind` will crash. The libunwind shipping with 22.04 doesn't appear to have this problem, nor do unmodified upstream versions (including the 1.2.1 which is the 18.04 and 20.04 version).
Attached is a small reproducer that demonstrates the problem.
Ubuntu 22.04:
```
$ ./main
int throws lib
int caught main
$ ./main_unwind
int throws lib
int caught main
```
Ubuntu 20.04:
```
$ ./main
int throws lib
int caught main
$ ./main_unwind
terminate called after throwing an instance of 'int'
terminate called recursively
Aborted (core dumped)
``` |
[Impact]
On architectures other than i386 and amd64, the C++ exception support in libunwind appears to be broken, always failing and calling std::terminate() which leads to the program aborting.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x0000fffff7c2daac in __GI_abort () at abort.c:79
#2 0x0000fffff7e21868 in __gnu_cxx::__verbose_terminate_handler() ()
from /lib/aarch64-linux-gnu/libstdc++.so.6
#3 0x0000fffff7e1f21c in ?? () from /lib/aarch64-linux-gnu/libstdc++.so.6
#4 0x0000fffff7e1f280 in std::terminate() ()
from /lib/aarch64-linux-gnu/libstdc++.so.6
#5 0x0000fffff7e1f5e0 in __cxa_rethrow ()
from /lib/aarch64-linux-gnu/libstdc++.so.6
#6 0x0000fffff7e21804 in __gnu_cxx::__verbose_terminate_handler() ()
from /lib/aarch64-linux-gnu/libstdc++.so.6
#7 0x0000fffff7e1f21c in ?? () from /lib/aarch64-linux-gnu/libstdc++.so.6
#8 0x0000fffff7e1f280 in std::terminate() ()
from /lib/aarch64-linux-gnu/libstdc++.so.6
#9 0x0000fffff7e1f574 in __cxa_throw ()
from /lib/aarch64-linux-gnu/libstdc++.so.6
#10 0x0000fffff7fb9f50 in function_throws_int () at lib.cpp:9
#11 0x0000aaaaaaaa0d54 in main (argc=1, argv=0xfffffffffab8) at main.cpp:9
Compiling libunwind with --enable-cxx-exceptions enabled leads to _Unwind_RaiseException being called during __cxa_throw(), which fails to find a handler, and the generic std::terminate() is called instead, aborting the program.
On i386 and amd64 this doesn't seem to be the case, and the libunwind handlers seem to be present.
To fix, we only enable the configure option --enable-cxx-exceptions on i386 and amd64 only, in debian/rules. This lets other architectures fall back to the symbols provided by libgcc_s, which implementation works correctly.
[Testcase]
Ali Sadi has provided a reproducer program.
Start an arm64 instance, for example, a c6g.medium instance on AWS, with either Bionic or Focal.
$ wget https://bugs.launchpad.net/ubuntu/+source/libunwind/+bug/1999104/+attachment/5635122/+files/libunwind.tar.gz
$ sudo apt install -y build-essential libunwind-dev
$ tar xvf libunwind.tar.gz && cd test
$ make all
There are two executable, main and main_unwind. main is not linked to libunwind, and main_unwind is linked to libunwind.
$ ./main
int throws lib
int caught main
$ ./main_unwind
terminate called after throwing an instance of 'int'
terminate called recursively
Aborted (core dumped)
If you install the test package available in the following ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf350246-test
$ make clean
$ sudo apt install -y libunwind-dev
$ make all
$ ./main
int throws lib
int caught main
$ ./main_unwind
int throws lib
int caught main
The exception is caught as expected the program does not abort.
[Where problems could occur]
For architectures other than i386 and amd64, we are changing from libunwind provided exception handlers for __cxa_throw(), and using those provided by libgcc_s instead.
There are a few reverse dependencies for libunwind-dev and libunwind8, which need to be considered:
$ apt rdepends libunwind-dev
libunwind-dev
Reverse Depends:
Depends: libunwind-setjmp0-dev (= 1.2.1-9build1)
Depends: libefl-all-dev
t$ apt rdepends libunwind-dev 8
libunwind8
Reverse Depends:
Depends: libunwind-dev (= 1.2.1-9build1)
Depends: xvfb
Depends: xnest
Depends: xdmx
Depends: xwayland
Depends: xserver-xorg-core
Depends: xserver-xephyr
Depends: linux-tools-5.4.0-*
Depends: linux-raspi-tools-*
Depends: linux-raspi2-tools-5.4.0-*
Depends: linux-raspi2-5.4-tools-5.4.0-*
Depends: linux-oracle-5.15-tools-5.15.0-*
Depends: linux-lowlatency-hwe-5.15-tools-5.15.0-*
Depends: linux-hwe-5.8-tools-5.8.0-*
Depends: linux-hwe-5.15-tools-5.15.0-*
Depends: linux-gke-tools-5.4.0-*
Depends: linux-gke-5.15-tools-5.15.0-*
Depends: linux-gcp-tools-5.4.0-*
Depends: linux-gcp-5.15-tools-5.15.0-*
Depends: linux-azure-tools-5.4.0-*
Depends: linux-azure-5.15-tools-5.15.0-*
Depends: linux-aws-tools-5.4.0-*
Depends: linux-aws-5.8-tools-5.8.0-*
Depends: linux-aws-5.15-tools-5.15.0-*
Depends: xvfb
Depends: xnest
Depends: xdmx
Depends: trafficserver
Depends: tilix
Depends: tigervnc-standalone-server
Depends: tarantool
Depends: sysprof
Depends: rspamd
Depends: libwine-development
Depends: libwine
Depends: libjulia1
Depends: libheaptrack
Depends: libevas-loaders
Depends: libephysics1
Depends: libeina1a
Depends: libecore-imf1
Depends: julia
Depends: geary
Depends: gdnsd
Depends: xwayland
Depends: xserver-xorg-core
Depends: xserver-xephyr
Depends: libunwind-setjmp0
The reporter seems to be hitting the issue with mcrouter, built themselves, so we can likely skip no-change rebuilds of rdepends until we get actual complaints that a bug exists in those packages, to keep regression risk down.
This does of course, leave the risk of regression to the future, especially during critical times, e.g. CVE fix.
[Other info]
This was resolved in Debian bug 923962 by the maintainer, by setting the configure option --enable-cxx-exceptions only on i386 and amd64.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923962
The debdiff between Focal and Groovy is available here:
https://paste.ubuntu.com/p/8xv6FNPs8g/ |
|
2022-12-13 04:12:42 |
Matthew Ruffell |
tags |
|
bionic focal sts |
|
2022-12-13 09:01:15 |
Matthew Ruffell |
tags |
bionic focal sts |
bionic focal sts sts-sponsor |
|
2022-12-13 12:33:01 |
Heitor Alves de Siqueira |
tags |
bionic focal sts sts-sponsor |
bionic focal sts sts-sponsor-halves |
|
2022-12-15 13:08:19 |
Heitor Alves de Siqueira |
tags |
bionic focal sts sts-sponsor-halves |
bionic focal sts |
|
2022-12-16 08:52:34 |
Timo Aaltonen |
libunwind (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2022-12-16 08:52:36 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-12-16 08:52:37 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2022-12-16 08:52:40 |
Timo Aaltonen |
tags |
bionic focal sts |
bionic focal sts verification-needed verification-needed-bionic |
|
2022-12-16 08:53:57 |
Timo Aaltonen |
libunwind (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2022-12-16 08:54:01 |
Timo Aaltonen |
tags |
bionic focal sts verification-needed verification-needed-bionic |
bionic focal sts verification-needed verification-needed-bionic verification-needed-focal |
|
2022-12-16 17:17:47 |
Ali Saidi |
tags |
bionic focal sts verification-needed verification-needed-bionic verification-needed-focal |
bionic focal sts verification-done-bionic verification-done-focal verification-needed |
|
2023-03-21 23:13:35 |
Launchpad Janitor |
libunwind (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2023-03-21 23:13:41 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2023-03-21 23:15:10 |
Launchpad Janitor |
libunwind (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|