Closed
Description
I have a reproducible stack overflow when trying to build versions of tinyvec as of this commit on illumos systems. The output is terse, reporting a SIGSEGV instead of an overflow, but I have verified by looking at the generated core file that it is indeed overflowing a (manually allocated) stack.
Meta
I am running 1.48.0 stable rustc, built by the official project CI/CD:
$ rustc --version --verbose
rustc 1.48.0 (7eac88abb 2020-11-16)
binary: rustc
commit-hash: 7eac88abb2e57e752f3302f02be5f3ce3d7adfb4
commit-date: 2020-11-16
host: x86_64-unknown-illumos
release: 1.48.0
LLVM version: 11.0
Notably, this appears to have been fixed in the current beta; i.e.,
$ rustc +beta --version --verbose
rustc 1.49.0-beta.2 (bd26e4e54 2020-11-24)
binary: rustc
commit-hash: bd26e4e544992e52f2080906f71b2f1e6dc1b14a
commit-date: 2020-11-24
host: x86_64-unknown-illumos
release: 1.49.0-beta.2
I tried setting RUST_BACKTRACE in the environment, but that did not appear to result in the printing of a backtrace; merely the same message as before:
$ cargo build
Compiling tinyvec v1.0.0-alpha.3 (/ws/safari/tinyvec)
error: could not compile `tinyvec`
Caused by:
process didn't exit successfully: `rustc --crate-name tinyvec --edition=2018
src/lib.rs --error-format=json --json=diagnostic-rendered-ansi --crate-type
lib --emit=dep-info,metadata,link -C embed-bitcode=no -C debuginfo=2 --cfg
'feature="default"' -C metadata=40a113bdeb46ccf1 -C
extra-filename=-40a113bdeb46ccf1 --out-dir
/ws/safari/tinyvec/target/debug/deps -C
incremental=/ws/safari/tinyvec/target/debug/incremental -L
dependency=/ws/safari/tinyvec/target/debug/deps`
(signal: 11, SIGSEGV: invalid memory reference)
Analysis
I ran the command that cargo reported as failed under the debugger so that I could extract some information:
$ mdb /ws/cache/rustup/toolchains/stable-x86_64-unknown-illumos/bin/rustc
> ::run --crate-name tinyvec --edition=2018 src/lib.rs --error-format=json --json=diagnostic-rendered-ansi --crate-type lib --emit=dep-info,metadata,link -C embed-bitcode=no -C debuginfo=2 --cfg 'feature="default"' -C metadata=40a113bdeb46ccf1 -C extra-filename=-40a113bdeb46ccf1 --out-dir /ws/safari/tinyvec/target/debug/deps -C incremental=/ws/safari/tinyvec/target/debug/incremental -L dependency=/ws/safari/tinyvec/target/debug/deps
mdb: stop on SIGSEGV
mdb: target stopped at:
librustc_driver-62310f2a8429cf4e.so`_ZN12rustc_middle3mir10terminator10Terminator10successors17h15d87a6a04130f8aE+9:
call -0x555ecee <0xfffffc7fdc31e050>
> $G
C++ symbol demangling enabled
> $C
fffffc7fe7730010 librustc_driver-62310f2a8429cf4e.so`rustc_middle::mir::terminator::Terminator::successors::h15d87a6a04130f8a+9()
fffffc7fe7730090 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::iterate::post_order_walk::h34870d682b9e7096 +0x6d()
fffffc7fe7730110 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::iterate::post_order_walk::h34870d682b9e7096 +0xf7()
fffffc7fe7730190 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::iterate::post_order_walk::h34870d682b9e7096 +0xf7()
... removed ~8000 identical call frames ...
fffffc7fe782d490 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::iterate::post_order_walk::h34870d682b9e7096 +0xf7()
fffffc7fe782d510 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::iterate::post_order_walk::h34870d682b9e7096 +0xf7()
fffffc7fe782d590 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::iterate::post_order_walk::h34870d682b9e7096 +0xf7()
fffffc7fe782d5f0 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::iterate::reverse_post_order::h5fce7dd4b7fe12da+0xb2()
fffffc7fe782d730 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::graph::dominators::dominators::h70f1ad1b6cee1f19+0x33()
fffffc7fe782e8f0 librustc_driver-62310f2a8429cf4e.so`rustc_mir::borrow_check::do_mir_borrowck::h35d428c91e81ce64+0x3ff5()
fffffc7fe782efb0 librustc_driver-62310f2a8429cf4e.so`rustc_infer::infer::InferCtxtBuilder::enter::h0f8b6d85dda7446d+0x35a()
fffffc7fe782f2b0 librustc_driver-62310f2a8429cf4e.so`rustc_mir::borrow_check::mir_borrowck::h45ffca0342ef78c2+0xb0()
fffffc7fe782f310 librustc_driver-62310f2a8429cf4e.so`core::ops::function::FnOnce::call_once::hd939c4446c14a2b1 +0xba()
fffffc7fe782f370 librustc_driver-62310f2a8429cf4e.so`rustc_middle::ty::query::_$LT$impl$u20$rustc_query_system..query..config..QueryAccessors$LT$rustc_middle..ty..context..TyCtxt$GT$$u20$for$u20$rustc_middle..ty..query..queries..mir_borrowck$GT$::compute::hec014b565b71c90a +0x5d()
fffffc7fe782f3e0 librustc_driver-62310f2a8429cf4e.so`rustc_middle::dep_graph::<impl rustc_query_system::dep_graph::DepKind for rustc_middle::dep_graph::dep_node::DepKind>::with_deps::hfb0b3153a1302131+0xb1()
fffffc7fe782f680 librustc_driver-62310f2a8429cf4e.so`rustc_query_system::dep_graph::graph::DepGraph$LT$K$GT$::with_task_impl::he17c6a42e208f92c +0x155()
fffffc7fe782f730 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::stack::ensure_sufficient_stack::h0feb4a6c79708354+0x13a()
fffffc7fe782f950 librustc_driver-62310f2a8429cf4e.so`rustc_query_system::query::plumbing::get_query_impl::h2371bfafc3cbb116+0x15f7()
fffffc7fe782f9e0 librustc_driver-62310f2a8429cf4e.so`rustc_query_system::query::plumbing::ensure_query_impl::h84084328873d8e5e+0x81()
fffffc7fe782faf0 librustc_driver-62310f2a8429cf4e.so`rustc_session::utils::<impl rustc_session::session::Session>::time::h23f9ce0ea49c0e69+0xec()
fffffc7fe782fb80 librustc_driver-62310f2a8429cf4e.so`rustc_interface::passes::analysis::hf97778f8ad9faa62+0xa4()
fffffc7fe782fbf0 librustc_driver-62310f2a8429cf4e.so`rustc_middle::ty::query::_$LT$impl$u20$rustc_query_system..query..config..QueryAccessors$LT$rustc_middle..ty..context..TyCtxt$GT$$u20$for$u20$rustc_middle..ty..query..queries..analysis$GT$::compute::h8ae15860df5ab22d +0x62()
fffffc7fe782fc60 librustc_driver-62310f2a8429cf4e.so`rustc_middle::dep_graph::<impl rustc_query_system::dep_graph::DepKind for rustc_middle::dep_graph::dep_node::DepKind>::with_deps::h2bbe4b4470c14592+0xb4()
fffffc7fe782ff00 librustc_driver-62310f2a8429cf4e.so`rustc_query_system::dep_graph::graph::DepGraph$LT$K$GT$::with_task_impl::h72aeec2c7c783475 +0x152()
fffffc7fe782ffd0 librustc_driver-62310f2a8429cf4e.so`stacker::grow::{{closure}}::h65d554ddf01eba3b+0x10c()
fffffc7fe782fff0 librustc_driver-62310f2a8429cf4e.so`psm::on_stack::with_on_stack::h81c3cae1e30d3bf1 +0x16()
fffffc7fecff5790 librustc_driver-62310f2a8429cf4e.so`rust_psm_on_stack+9()
fffffc7fecff5830 librustc_driver-62310f2a8429cf4e.so`stacker::_grow::h18eb622876b9878c+0x151()
fffffc7fecff58c0 librustc_driver-62310f2a8429cf4e.so`rustc_data_structures::stack::ensure_sufficient_stack::h9698eb2fb5d0ecee+0xdb()
fffffc7fecff5a70 librustc_driver-62310f2a8429cf4e.so`rustc_query_system::query::plumbing::get_query_impl::h32766f8721ee67f8+0x135e()
fffffc7fecff5af0 librustc_driver-62310f2a8429cf4e.so`rustc_interface::passes::QueryContext::enter::hc7db4b569261a65f+0x6d()
fffffc7fecffc200 librustc_driver-62310f2a8429cf4e.so`rustc_interface::queries::<impl rustc_interface::interface::Compiler>::enter::h2f967153f9e55894+0x640()
fffffc7fecffc5d0 librustc_driver-62310f2a8429cf4e.so`rustc_span::with_source_map::h23a899951826437f+0x161()
fffffc7fecffe1e0 librustc_driver-62310f2a8429cf4e.so`scoped_tls::ScopedKey<T>::set::h7e5adfeb9680b50e+0x4a2()
fffffc7fecffff10 librustc_driver-62310f2a8429cf4e.so`std::sys_common::backtrace::__rust_begin_short_backtrace::h1651eb0501994140+0x208()
fffffc7fecffff60 librustc_driver-62310f2a8429cf4e.so`core::ops::function::FnOnce::call_once{{vtable.shim}}::h09a817ac54a70804+0x4c()
fffffc7fecffffb0 libstd-5e60dcc3938c5a75.so`std::sys::unix::thread::Thread::new::thread_start::hb7bf59c563d203d3+0x2d()
fffffc7fecffffe0 libc.so.1`_thrp_setup+0x6c(fffffc7fed700280)
fffffc7fecfffff0 libc.so.1`_lwp_start()
This is thread 2, which has an official thread stack starting at 0xfffffc7fed000000 and extending down to 0xfffffc7fec800000:
> $l
2
> _uberdata::print all_lwps->ul_forw->ul_lwpid
all_lwps->ul_forw->ul_lwpid = 0x2
> _uberdata::print all_lwps->ul_forw[] ! grep stk
all_lwps->ul_forw->ul_stk = 0xfffffc7fec800000
all_lwps->ul_forw->ul_stktop = 0xfffffc7fed000000
all_lwps->ul_forw->ul_stksiz = 0x800000
Note that ensure_sufficient_stack() allocates its own stack and arranges via stacker to begin executing new calls on that stack, so after the rust_psm_on_stack() frame we are on the bonus stack, which appears to have a size of ~1MB:
> fffffc7fe782fff0::whatis
fffffc7fe782fff0 is in [ anon ] [fffffc7fe7730000,fffffc7fe7831000)
> fffffc7fe7831000 - fffffc7fe7730000 = D
1052672
And, indeed, the top frame as we SIGSEGV is quite close to the top of the bonus stack:
> $C ! head -1
fffffc7fe7730010 librustc_driver-62310f2a8429cf4e.so`rustc_middle::mir::terminator::Terminator::successors::h15d87a6a04130f8a+9()
> fffffc7fe7730010 - fffffc7fe7730000 = D
16
Request
Because this appears to be fixed in the beta release, I had a look to see if I could find a relevant commit. Indeed, this one seems to fit the bill: af72a70 (PR #78607).
Is there a process to get this backported to the stable branch, 1.48? This failure appears to make it difficult or impossible to build things that use tinyvec (such as, transitively, anything that uses reqwest) with the current stable toolchain for us.