crashes running on itself

Question

crashes running on itself

matthiaskrgr opened this issue 6 years ago · comments

rustc 1.30.0-nightly (73c78734b 2018-08-05)
binary: rustc
commit-hash: 73c78734bae8f2947a4bfdeabebeeb84ccf0b0e1
commit-date: 2018-08-05
host: x86_64-unknown-linux-gnu
release: 1.30.0-nightly
LLVM version: 7.0

repo is at 41a73a8

cargo build
RUST_BACKTRACE=1 ./target/debug/bingrep target/debug/bingrep

crashes:

[...]
                                                                     0x0                                0x0
            781870    GLOBAL     FUNC        _ZN4core3fmt3num52_$LT$impl$u20$core..fmt..LowerHex$u20$for$u20$i8$GT$3fmt17h4c27396496188f2dE
                                                                     0x91       .text(16)               0x0
            781910    GLOBAL     FUNC        _ZN4core3fmt3num52_$LT$impl$u20$core..fmt..UpperHex$u20$for$u20$i8$GT$3fmt17h62566deaeb3faf4cE
                                                                     0x91       .text(16)               0x0
            7819b0    GLOBAL     FUNC        _ZN4core3fmt3num53_$LT$impl$u20$core..fmt..LowerHex$u20$for$u20$i16$GT$3fmt17hf381e43bda4c6951E
                                                                     0x92       .text(16)               0x0
            781a50    GLOBAL     FUNC        _ZN4core3fmt3num53_$LT$impl$u20$core..fmt..UpperHex$u20$for$u20$i16$GT$3fmt17h93eac570e2e7c86eE
                                                                     0x92       .text(16)               0x0
            785bc0    GLOBAL     FUNC        _ZN4core3fmt9Formatter12pad_integral17h0a1e2b34e19c7ddcE
                                                                     0x3d7      .text(16)               0x0
            782cc0    GLOBAL     FUNC        _ZN49_$LT$i8$u20$as$u20$core..slice..SliceContains$GT$14slice_contains17h417b7695ed3578c1E
                                                                     0x12       .text(16)               0x0
             853b0    GLOBAL     OBJECT      _ZN4core3str15UTF8_CHAR_WIDTH17h727782c8fa92515fE
                                                                     0x100      .rodata(5)              0x0
            785290    GLOBAL     FUNC        _ZN4core3num21_$LT$impl$u20$u64$GT$25checked_next_power_of_two17h9ebcca98f19e8d85E
                                                                     0x29       .text(16)               0x0
            787d30    GLOBAL     FUNC        _ZN82_$LT$core..fmt..builders..PadAdapter$LT$$u27$a$GT$$u20$as$u20$core..fmt..Write$GT$9write_str17h2ae040e1ef527b3cE
                                                                     0x24e      .text(16)               0x0
            7884f0    GLOBAL     FUNC        _ZN4core3fmt8builders8DebugSet5entry17h69411f4b5bb034afE
                                                                     0xe        .text(16)               0x0
            7897e0    GLOBAL     FUNC        _ZN62_$LT$core..num..bignum..Big32x40$u20$as$u20$core..cmp..Ord$GT$3cmp17hfee4d6134a187f3dE
                                                                     0x55       .text(16)               0x0
                 0    GLOBAL     FUNC        __register_atfork
                                                                     0x0                                0x0
                 0    GLOBAL     FUNC        __cxa_atexit
                                                                     0x0                                0x0
                 0    GLOBAL     FUNC        __xstat64
                                                                     0x0                                0x0
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: BadOffset(131072)', libcore/result.rs:983:5
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
             at libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1: std::sys_common::backtrace::print
             at libstd/sys_common/backtrace.rs:71
             at libstd/sys_common/backtrace.rs:59
   2: std::panicking::default_hook::{{closure}}
             at libstd/panicking.rs:211
   3: std::panicking::default_hook
             at libstd/panicking.rs:227
   4: std::panicking::rust_panic_with_hook
             at libstd/panicking.rs:475
   5: std::panicking::continue_panic_fmt
             at libstd/panicking.rs:390
   6: rust_begin_unwind
             at libstd/panicking.rs:325
   7: core::panicking::panic_fmt
             at libcore/panicking.rs:77
   8: core::result::unwrap_failed
             at /checkout/src/libcore/macros.rs:26
   9: <core::result::Result<T, E>>::unwrap
             at /checkout/src/libcore/result.rs:782
  10: bingrep::format_elf::Elf::print::{{closure}}
             at /home/matthias/.cargo/registry/src/github.com-1ecc6299db9ec823/goblin-0.0.14/src/strtab.rs:99
             at src/format_elf.rs:284
  11: bingrep::format_elf::Elf::print
             at src/format_elf.rs:300
  12: bingrep::run
             at src/main.rs:103
  13: bingrep::main
             at src/main.rs:166
  14: std::rt::lang_start::{{closure}}
             at /checkout/src/libstd/rt.rs:74
  15: std::panicking::try::do_call
             at libstd/rt.rs:59
             at libstd/panicking.rs:310
  16: __rust_maybe_catch_panic
             at libpanic_unwind/lib.rs:105
  17: std::rt::lang_start_internal
             at libstd/panicking.rs:289
             at libstd/panic.rs:392
             at libstd/rt.rs:58
  18: std::rt::lang_start
             at /checkout/src/libstd/rt.rs:74
  19: main
  20: __libc_start_main
  21: _start

m4b · Answer 1 · Sun Aug 12 2018 12:09:08 GMT+0800 (China Standard Time)

Hi @matthiaskrgr thanks for the bug report ! I’ll investigate this. Looks like something wrong with strtab in elf format. The backtrack helps tremendously, thanks for posting it!

Val Packett · Answer 2 · Sun Oct 14 2018 22:35:30 GMT+0800 (China Standard Time)

I'm seeing the same error with various binaries e.g. ones produced by GHC on FreeBSD

m4b · Answer 3 · Mon Oct 15 2018 03:22:22 GMT+0800 (China Standard Time)

I have a patch updating bingrep to latest goblin (among other things); will try to repro this. @myfreeweb can you attach a binary if you have spare time?

m4b · Answer 4 · Mon Oct 15 2018 03:24:59 GMT+0800 (China Standard Time)

Are either of you using LLD by any chance? I think some bsd's have switched entirely to lld, wondering if freebsd is one of them? I ask because lld will emit some elf files that are slightly unorthodox (but still valid), and this can cause issues in the bias computation, see here: m4b/goblin#106

and this PR which hopefully makes the dynsym length calculation more robust: m4b/goblin#109

Val Packett · Answer 5 · Mon Oct 15 2018 03:37:12 GMT+0800 (China Standard Time)

Yes, I'm indeed on FreeBSD -CURRENT which uses lld as the default linker :)

m4b · Answer 6 · Mon Oct 15 2018 03:43:06 GMT+0800 (China Standard Time)

@myfreeweb if you don't mind, would you mind testing this branch? https://github.com/m4b/bingrep/tree/update_goblin

it should compile out of box, then try cargo run -- <path to ghc binary> or cargo run -- target/debug/bingrep

m4b · Answer 7 · Mon Oct 15 2018 03:43:42 GMT+0800 (China Standard Time)

If it still breaks, I'll need a binary exhibiting the behavior that crashes bingrep

Val Packett · Answer 8 · Mon Oct 15 2018 04:06:49 GMT+0800 (China Standard Time)

That branch works great, thanks!

m4b · Answer 9 · Mon Oct 15 2018 04:09:13 GMT+0800 (China Standard Time)

Awesome! I'll work on a new release (though I am still seeing infintie loops on note parsing, which is annoying and I don't feel like dealing with it, heh)

m4b · Answer 10 · Mon Oct 15 2018 05:05:18 GMT+0800 (China Standard Time)

mokay, version 0.6 is published; please reopen if any other related issues :)