Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crashes on Apple Silicon #2033

Open
sledgeh4w opened this issue Oct 17, 2024 · 29 comments
Open

Crashes on Apple Silicon #2033

sledgeh4w opened this issue Oct 17, 2024 · 29 comments
Milestone

Comments

@sledgeh4w
Copy link
Contributor

I use Unicorn to emulate iOS executable file. It works normally on Windows, Linux, and macOS x86, but crashes on Apple Silicon (Not all scenes will crash, but they can be stably reproduced).

The environment I am using is macOS 14.2 with M3 pro.

The error message is:

Process finished with exit code 138 (interrupted by signal 10:SIGBUS)

The crash log is:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Python [94418]
Path:                  /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
Identifier:            org.python.python
Version:               3.10.11 (3.10.11)
Code Type:             ARM-64 (Native)
Parent Process:        pycharm [704]
Responsible:           pycharm [704]
User ID:               502

Date/Time:             2024-10-11 10:52:49.8220 +0800
OS Version:            macOS 14.2 (23C64)
Report Version:        12
Anonymous UUID:        3C136E55-0B58-2F1D-FB15-5C5259FAED20

Sleep/Wake UUID:       224F1CAF-BC1B-4AA2-A424-7F3ACB9489AD

Time Awake Since Boot: 160000 seconds
Time Since Wake:       2470 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x000000028021e208
Exception Codes:       0x0000000000000002, 0x000000028021e208

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [94418]

VM Region Info: 0x28021e208 is in 0x280000000-0x2c0000000;  bytes after start: 2220552  bytes before end: 1071521271
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               27c1e0000-27c1e4000    [   16K] r--/r-- SM=COW  ...ed lib __TEXT
      GAP OF 0x3e1c000 BYTES
--->  VM_ALLOCATE                 280000000-2c0000000    [  1.0G] rwx/rwx SM=PRV  
      VM_ALLOCATE (reserved)      2c0000000-2c8000000    [128.0M] rw-/rwx SM=NUL  ...(unallocated)

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libunicorn.2.dylib            	       0x1086e0ddc tb_add_jump + 160 (cpu-exec.c:228)
1   libunicorn.2.dylib            	       0x1086e0400 tb_find + 828 (cpu-exec.c:291)
2   libunicorn.2.dylib            	       0x1086df8b8 cpu_exec_aarch64 + 296 (cpu-exec.c:602)
3   libunicorn.2.dylib            	       0x10867fa34 tcg_cpu_exec + 96 (cpus.c:96)
4   libunicorn.2.dylib            	       0x10867f94c resume_all_vcpus_aarch64 + 100 (cpus.c:215)
5   libunicorn.2.dylib            	       0x10867fc28 vm_start_aarch64 + 24 (cpus.c:234)
6   libunicorn.2.dylib            	       0x10841c5c4 uc_emu_start + 1176 (uc.c:1101)
7   libffi.dylib                  	       0x19b082050 ffi_call_SYSV + 80
8   libffi.dylib                  	       0x19b08aadc ffi_call_int + 1208
9   _ctypes.cpython-310-darwin.so 	       0x104c682a8 _ctypes_callproc + 1396
10  _ctypes.cpython-310-darwin.so 	       0x104c62338 PyCFuncPtr_call + 208
11  Python                        	       0x105434cf8 _PyObject_MakeTpCall + 136
12  Python                        	       0x10556b238 call_function + 380
13  Python                        	       0x105563470 _PyEval_EvalFrameDefault + 23772
14  Python                        	       0x10555bf28 _PyEval_Vector + 360
15  Python                        	       0x10556b140 call_function + 132
16  Python                        	       0x10556247c _PyEval_EvalFrameDefault + 19688
17  Python                        	       0x10555bf28 _PyEval_Vector + 360
18  Python                        	       0x105438c64 method_vectorcall + 288
19  Python                        	       0x10555dd54 _PyEval_EvalFrameDefault + 1472
20  Python                        	       0x10555bf28 _PyEval_Vector + 360
21  Python                        	       0x10556b140 call_function + 132
22  Python                        	       0x10556247c _PyEval_EvalFrameDefault + 19688
23  Python                        	       0x10555bf28 _PyEval_Vector + 360
24  Python                        	       0x10556b140 call_function + 132
25  Python                        	       0x10556247c _PyEval_EvalFrameDefault + 19688
26  Python                        	       0x10555bf28 _PyEval_Vector + 360
27  Python                        	       0x10556b140 call_function + 132
28  Python                        	       0x10556247c _PyEval_EvalFrameDefault + 19688
29  Python                        	       0x10555bf28 _PyEval_Vector + 360
30  Python                        	       0x10556b140 call_function + 132
31  Python                        	       0x105561b5c _PyEval_EvalFrameDefault + 17352
32  Python                        	       0x10555bf28 _PyEval_Vector + 360
33  Python                        	       0x10556b140 call_function + 132
34  Python                        	       0x105561b5c _PyEval_EvalFrameDefault + 17352
35  Python                        	       0x10555bf28 _PyEval_Vector + 360
36  Python                        	       0x10556b140 call_function + 132
37  Python                        	       0x105561b5c _PyEval_EvalFrameDefault + 17352
38  Python                        	       0x10555bf28 _PyEval_Vector + 360
39  Python                        	       0x10555dd54 _PyEval_EvalFrameDefault + 1472
40  Python                        	       0x10555bf28 _PyEval_Vector + 360
41  _ctypes.cpython-310-darwin.so 	       0x104c6680c _CallPythonObject + 564
42  libffi.dylib                  	       0x19b08af28 ffi_closure_SYSV_inner + 816
43  libffi.dylib                  	       0x19b0821e8 ffi_closure_SYSV + 56
44  libunicorn.2.dylib            	       0x10841eb60 helper_uc_tracecode + 752 (uc.c:2014)
45  ???                           	       0x28021d72c ???
46  libunicorn.2.dylib            	       0x1086e0ef4 cpu_tb_exec + 92 (cpu-exec.c:60)
47  libunicorn.2.dylib            	       0x1086e043c cpu_loop_exec_tb + 40 (cpu-exec.c:504)
48  libunicorn.2.dylib            	       0x1086df8fc cpu_exec_aarch64 + 364 (cpu-exec.c:606)
49  libunicorn.2.dylib            	       0x10867fa34 tcg_cpu_exec + 96 (cpus.c:96)
50  libunicorn.2.dylib            	       0x10867f94c resume_all_vcpus_aarch64 + 100 (cpus.c:215)
51  libunicorn.2.dylib            	       0x10867fc28 vm_start_aarch64 + 24 (cpus.c:234)
52  libunicorn.2.dylib            	       0x10841c5c4 uc_emu_start + 1176 (uc.c:1101)
53  libffi.dylib                  	       0x19b082050 ffi_call_SYSV + 80
54  libffi.dylib                  	       0x19b08aadc ffi_call_int + 1208
55  _ctypes.cpython-310-darwin.so 	       0x104c682a8 _ctypes_callproc + 1396
56  _ctypes.cpython-310-darwin.so 	       0x104c62338 PyCFuncPtr_call + 208
57  Python                        	       0x105434cf8 _PyObject_MakeTpCall + 136
58  Python                        	       0x10556b238 call_function + 380
59  Python                        	       0x105563470 _PyEval_EvalFrameDefault + 23772
60  Python                        	       0x10555bf28 _PyEval_Vector + 360
61  Python                        	       0x10556b140 call_function + 132
62  Python                        	       0x10556247c _PyEval_EvalFrameDefault + 19688
63  Python                        	       0x10555bf28 _PyEval_Vector + 360
64  Python                        	       0x105438c64 method_vectorcall + 288
65  Python                        	       0x10555dd54 _PyEval_EvalFrameDefault + 1472
66  Python                        	       0x10555bf28 _PyEval_Vector + 360
67  Python                        	       0x10556b140 call_function + 132
68  Python                        	       0x10556247c _PyEval_EvalFrameDefault + 19688
69  Python                        	       0x10555bf28 _PyEval_Vector + 360
70  Python                        	       0x10556b140 call_function + 132
71  Python                        	       0x10556247c _PyEval_EvalFrameDefault + 19688
72  Python                        	       0x10555bf28 _PyEval_Vector + 360
73  Python                        	       0x105438bc0 method_vectorcall + 124
74  Python                        	       0x10556b140 call_function + 132
75  Python                        	       0x105561be0 _PyEval_EvalFrameDefault + 17484
76  Python                        	       0x10555bf28 _PyEval_Vector + 360
77  Python                        	       0x10556b140 call_function + 132
78  Python                        	       0x105561b5c _PyEval_EvalFrameDefault + 17352
79  Python                        	       0x10555bf28 _PyEval_Vector + 360
80  Python                        	       0x1055c6c54 pyrun_file + 308
81  Python                        	       0x1055c6398 _PyRun_SimpleFileObject + 336
82  Python                        	       0x1055c59e4 _PyRun_AnyFileObject + 216
83  Python                        	       0x1055f1dd0 pymain_run_file_obj + 180
84  Python                        	       0x1055f1470 pymain_run_file + 72
85  Python                        	       0x1055f0a58 pymain_run_python + 300
86  Python                        	       0x1055f08ec Py_RunMain + 24
87  Python                        	       0x1055f1f78 pymain_main + 56
88  Python                        	       0x1055f223c Py_BytesMain + 40
89  dyld                          	       0x18a18d0e0 start + 2360


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x000000028021e180   x1: 0x0000000000000000   x2: 0x0000000280041800   x3: 0x000000016b7e6008
    x4: 0x000000008cb07ee3   x5: 0x0000000067800000   x6: 0x000000016b7e5f8f   x7: 0x0000000000000001
    x8: 0x0000000000000000   x9: 0x0000000000000000  x10: 0x0000000280041800  x11: 0x000000028021e208
   x12: 0x0000000000000001  x13: 0x00000000ffffffa0  x14: 0x00000000000007fb  x15: 0x00000000e762fffb
   x16: 0x000000018a50edb4  x17: 0x00000001e9d5fd38  x18: 0x0000000000000000  x19: 0x000000000000001e
   x20: 0x000000016b7e6440  x21: 0x0000000000000008  x22: 0x000000016b7e6438  x23: 0x000000016b7e6510
   x24: 0x0000000000000000  x25: 0x0000000000000000  x26: 0x0000000000000005  x27: 0x0000000000000005
   x28: 0x000000016b7e64c0   fp: 0x000000016b7e60d0   lr: 0x00000001086e0400
    sp: 0x000000016b7e6070   pc: 0x00000001086e0ddc cpsr: 0x40001000
   far: 0x000000028021e208  esr: 0x9200004f (Data Abort) byte write Permission fault

Binary Images:
       0x104c34000 -        0x104c3bfff libffi-trampolines.dylib (*) <8adf6d3b-1308-39d8-912c-bd55ed01fa49> /usr/lib/libffi-trampolines.dylib
       0x105f8c000 -        0x105f8ffff _uuid.cpython-310-darwin.so (*) <5406893a-16a9-3917-a57c-a18c30673b38> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_uuid.cpython-310-darwin.so
       0x10539c000 -        0x10539ffff _queue.cpython-310-darwin.so (*) <421c1fa3-f6da-33d4-a43e-3e744dbe86d8> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_queue.cpython-310-darwin.so
       0x104f0c000 -        0x104f0ffff _heapq.cpython-310-darwin.so (*) <46bf4b96-5b44-3371-92d8-bdaf78687925> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_heapq.cpython-310-darwin.so
       0x10536c000 -        0x105383fff _pickle.cpython-310-darwin.so (*) <a9a32f5b-90ee-322a-95ef-0e49ca3071bc> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_pickle.cpython-310-darwin.so
       0x104ef8000 -        0x104efbfff resource.cpython-310-darwin.so (*) <db02e1a1-4927-3447-aad4-fa49616d354d> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/resource.cpython-310-darwin.so
       0x10686c000 -        0x106ceffff _lief.so (*) <4c4c4441-5555-3144-a1f8-7f67f50e3728> /Users/USER/*/_lief.so
       0x108418000 -        0x1095ebfff libunicorn.2.dylib (*) <3f664aa8-7f38-339a-bdd2-4faae3533d84> /Users/USER/*/libunicorn.2.dylib
       0x10617c000 -        0x1066effff libcapstone.dylib (*) <21a25ccd-589f-36eb-b38c-b159f4a70161> /Users/USER/*/libcapstone.dylib
       0x104ee4000 -        0x104ee7fff _opcode.cpython-310-darwin.so (*) <6aabe736-53ef-3a3d-9492-e0edaf02007b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_opcode.cpython-310-darwin.so
       0x104c5c000 -        0x104c6ffff _ctypes.cpython-310-darwin.so (*) <8710ee5e-53a1-3c8e-a6be-35fba5383f42> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ctypes.cpython-310-darwin.so
       0x104ea8000 -        0x104eabfff _posixsubprocess.cpython-310-darwin.so (*) <d28f8d29-7210-37d1-964f-a77a83f76c3f> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_posixsubprocess.cpython-310-darwin.so
       0x104e94000 -        0x104e97fff fcntl.cpython-310-darwin.so (*) <f8cce0d7-6b5e-3da9-a207-fb714939b81c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/fcntl.cpython-310-darwin.so
       0x104cb0000 -        0x104cb3fff _scproxy.cpython-310-darwin.so (*) <90df22dd-8cfb-365d-a85b-8d0d6745c42f> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_scproxy.cpython-310-darwin.so
       0x104f24000 -        0x104f53fff _lzma.cpython-310-darwin.so (*) <13cfe756-b593-353d-bfcf-a74de53f6135> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_lzma.cpython-310-darwin.so
       0x1049d4000 -        0x1049d7fff _bz2.cpython-310-darwin.so (*) <3d88ed77-d0ef-329d-9f57-4c94ae0b28e4> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bz2.cpython-310-darwin.so
       0x104c94000 -        0x104c9bfff zlib.cpython-310-darwin.so (*) <2ef52731-249d-3f3d-ade2-f68b45332f10> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/zlib.cpython-310-darwin.so
       0x104ccc000 -        0x104ce3fff _ssl.cpython-310-darwin.so (*) <759becaa-d660-3255-a17a-87b137de5bb1> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ssl.cpython-310-darwin.so
       0x104c14000 -        0x104c1ffff array.cpython-310-darwin.so (*) <502fda2b-73c2-3caa-a980-e4f282becc61> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/array.cpython-310-darwin.so
       0x104c44000 -        0x104c4bfff select.cpython-310-darwin.so (*) <06443efd-a639-3015-833c-f473f172608c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/select.cpython-310-darwin.so
       0x1049b0000 -        0x1049bffff _socket.cpython-310-darwin.so (*) <7422f970-d83c-3060-8807-dd28ffe7fb58> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_socket.cpython-310-darwin.so
       0x104c00000 -        0x104c03fff _sha512.cpython-310-darwin.so (*) <b8911246-bb80-3ad9-8ecb-d17357ac6122> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_sha512.cpython-310-darwin.so
       0x104bec000 -        0x104beffff _random.cpython-310-darwin.so (*) <b0e2bf49-f1db-3ea8-b7b9-99823e9c84ec> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_random.cpython-310-darwin.so
       0x104a04000 -        0x104a0bfff _blake2.cpython-310-darwin.so (*) <c041ce87-55d9-38fa-93ef-5ab054d494c8> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_blake2.cpython-310-darwin.so
       0x1049e8000 -        0x1049effff _hashlib.cpython-310-darwin.so (*) <466a8544-4477-363e-aedd-9743d1c608d0> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_hashlib.cpython-310-darwin.so
       0x104d0c000 -        0x104d5ffff libssl.1.1.dylib (*) <c76ba228-631b-3dd6-9bbc-434903544d36> /Library/Frameworks/Python.framework/Versions/3.10/lib/libssl.1.1.dylib
       0x105854000 -        0x1059effff libcrypto.1.1.dylib (*) <469ec5bb-4083-363a-abee-47602ddc717f> /Library/Frameworks/Python.framework/Versions/3.10/lib/libcrypto.1.1.dylib
       0x10494c000 -        0x10494ffff _bisect.cpython-310-darwin.so (*) <a37eb635-fe7a-3d44-b1ba-3bb7dc7b0e14> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bisect.cpython-310-darwin.so
       0x104ac0000 -        0x104ad3fff _datetime.cpython-310-darwin.so (*) <2f82bafe-ae6c-3ba1-b5eb-6e28f8c0dd9a> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_datetime.cpython-310-darwin.so
       0x10492c000 -        0x104937fff math.cpython-310-darwin.so (*) <44e05e35-d5f1-37c1-bd86-cc43e0de1bbf> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/math.cpython-310-darwin.so
       0x104998000 -        0x10499ffff _json.cpython-310-darwin.so (*) <14a6b043-a013-37b0-80b0-80710318d95b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_json.cpython-310-darwin.so
       0x104980000 -        0x104987fff binascii.cpython-310-darwin.so (*) <f619bcc2-4d06-34f7-ae65-8001170d28a7> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/binascii.cpython-310-darwin.so
       0x104964000 -        0x10496bfff _struct.cpython-310-darwin.so (*) <133bfe87-3bd9-3bd6-9afe-c0b504af5b78> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_struct.cpython-310-darwin.so
       0x1053b8000 -        0x105717fff org.python.python (3.10.11, (c) 2001-2023 Python Software Foundation.) <3fe90b0d-d091-3b4e-ac7c-15d5cf743818> /Library/Frameworks/Python.framework/Versions/3.10/Python
       0x104614000 -        0x104617fff org.python.python (3.10.11) <ef677878-e7fb-329d-bb8b-0f651210d52b> /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
       0x19b07a000 -        0x19b08b64f libffi.dylib (*) <3d2c1bb7-e1c9-3831-976a-c1acd53e7ab7> /usr/lib/libffi.dylib
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
       0x18a187000 -        0x18a21b347 dyld (*) <324e4ad9-e01f-3183-b09f-3e20b326643a> /usr/lib/dyld
       0x18a507000 -        0x18a513ff3 libsystem_pthread.dylib (*) <a7d94c96-7b1f-3229-9bea-048d037c3292> /usr/lib/system/libsystem_pthread.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)
Writable regions: Total=6.8G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=6.8G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Kernel Alloc Once                   32K        1 
MALLOC                             1.4G       31 
MALLOC guard page                   96K        6 
STACK GUARD                         16K        1 
Stack                             16.0M        1 
VM_ALLOCATE                        1.4G      533 
VM_ALLOCATE (reserved)             4.0G        3         reserved VM address space (unallocated)
__AUTH                             339K       65 
__AUTH_CONST                      4056K      147 
__DATA                            3503K      176 
__DATA_CONST                      7201K      182 
__DATA_DIRTY                       365K       59 
__LINKEDIT                       902.9M       36 
__OBJC_RO                         71.1M        1 
__OBJC_RW                         2168K        1 
__TEXT                           154.1M      190 
dyld private memory                272K        2 
mapped file                         32K        1 
shared memory                       32K        2 
===========                     =======  ======= 
TOTAL                              7.9G     1438 
TOTAL, minus reserved VM space     3.9G     1438 

I noticed this crash log is similar to stackoverflow, so I guess it may also be due to the same reason.

Reproduce this issue:

git clone https://github.com/sledgeh4w/chomper.git
cd chomper

pip3 install capstone lief pyelftools unicorn
pip3 install .

# Replace libunicorn.2.dylib with a locally compiled version, otherwise it will crash directly (This is another issue).

# example_ios_ali_vmp_sign.py and example_ios_bangbang.py will crash, but example_ios_ijm.py don't crash.
python3 examples/example_ios_ali_vmp_sign.py

# Now you can see some output logs, but after running for a while, it will finally crash.
@wtdcode
Copy link
Member

wtdcode commented Oct 17, 2024

Yes, exactly. You are nesting uc_emu_start, which could potentially leads to this crash. Temporary workaround is not calling uc_emu_start in any callbacks.

@sledgeh4w
Copy link
Contributor Author

Thanks, I understand. Do you have any plans to solve this problem in the future?

Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Python [34106]
Path:                  /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
Identifier:            org.python.python
Version:               3.10.11 (3.10.11)
Code Type:             ARM-64 (Native)
Parent Process:        zsh [27245]
Responsible:           Terminal [661]
User ID:               502

Date/Time:             2024-10-17 13:04:44.7661 +0800
OS Version:            macOS 14.2 (23C64)
Report Version:        12
Anonymous UUID:        3C136E55-0B58-2F1D-FB15-5C5259FAED20

Sleep/Wake UUID:       BCA95C49-7928-4E46-AB51-4FD28416BD82

Time Awake Since Boot: 84000 seconds
Time Since Wake:       495 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000000280000000
Exception Codes:       0x0000000000000002, 0x0000000280000000

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [34106]

VM Region Info: 0x280000000 is in 0x280000000-0x2c0000000;  bytes after start: 0  bytes before end: 1073741823
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               27b6a4000-27b6a8000    [   16K] r--/r-- SM=COW  ...ed lib __TEXT
      GAP OF 0x4958000 BYTES
--->  VM_ALLOCATE                 280000000-2c0000000    [  1.0G] rwx/rwx SM=PRV  
      GAP OF 0xd00000000 BYTES
      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---/--- SM=NUL  ...(unallocated)

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libunicorn.2.dylib            	       0x105d9c654 tcg_prologue_init_aarch64 + 88
1   libunicorn.2.dylib            	       0x105dcc6a0 tcg_exec_init_aarch64 + 324
2   libunicorn.2.dylib            	       0x105c1d6ec machine_initialize + 88
3   libunicorn.2.dylib            	       0x105c19354 uc_init_engine + 164
4   libunicorn.2.dylib            	       0x105c1a95c uc_mem_map + 548
5   libffi.dylib                  	       0x19a546050 ffi_call_SYSV + 80
6   libffi.dylib                  	       0x19a54eadc ffi_call_int + 1208
7   _ctypes.cpython-310-darwin.so 	       0x1031bc2a8 _ctypes_callproc + 1396
8   _ctypes.cpython-310-darwin.so 	       0x1031b6338 PyCFuncPtr_call + 208
9   Python                        	       0x103ad4cf8 _PyObject_MakeTpCall + 136
10  Python                        	       0x103c0b238 call_function + 380
11  Python                        	       0x103c03470 _PyEval_EvalFrameDefault + 23772
12  Python                        	       0x103bfbf28 _PyEval_Vector + 360
13  Python                        	       0x103c0b140 call_function + 132
14  Python                        	       0x103c0247c _PyEval_EvalFrameDefault + 19688
15  Python                        	       0x103bfbf28 _PyEval_Vector + 360
16  Python                        	       0x103c0b140 call_function + 132
17  Python                        	       0x103c0247c _PyEval_EvalFrameDefault + 19688
18  Python                        	       0x103bfbf28 _PyEval_Vector + 360
19  Python                        	       0x103c0b140 call_function + 132
20  Python                        	       0x103c0247c _PyEval_EvalFrameDefault + 19688
21  Python                        	       0x103bfbf28 _PyEval_Vector + 360
22  Python                        	       0x103ad5020 _PyObject_FastCallDictTstate + 208
23  Python                        	       0x103b696e0 slot_tp_init + 196
24  Python                        	       0x103b604e0 type_call + 312
25  Python                        	       0x103ad4cf8 _PyObject_MakeTpCall + 136
26  Python                        	       0x103c0b238 call_function + 380
27  Python                        	       0x103c01be0 _PyEval_EvalFrameDefault + 17484
28  Python                        	       0x103bfbf28 _PyEval_Vector + 360
29  Python                        	       0x103ad5020 _PyObject_FastCallDictTstate + 208
30  Python                        	       0x103b696e0 slot_tp_init + 196
31  Python                        	       0x103b604e0 type_call + 312
32  Python                        	       0x103ad4cf8 _PyObject_MakeTpCall + 136
33  Python                        	       0x103c0b238 call_function + 380
34  Python                        	       0x103c01be0 _PyEval_EvalFrameDefault + 17484
35  Python                        	       0x103bfbf28 _PyEval_Vector + 360
36  Python                        	       0x103c0b140 call_function + 132
37  Python                        	       0x103c01b5c _PyEval_EvalFrameDefault + 17352
38  Python                        	       0x103bfbf28 _PyEval_Vector + 360
39  Python                        	       0x103c66c54 pyrun_file + 308
40  Python                        	       0x103c66398 _PyRun_SimpleFileObject + 336
41  Python                        	       0x103c659e4 _PyRun_AnyFileObject + 216
42  Python                        	       0x103c91dd0 pymain_run_file_obj + 180
43  Python                        	       0x103c91470 pymain_run_file + 72
44  Python                        	       0x103c90a58 pymain_run_python + 300
45  Python                        	       0x103c908ec Py_RunMain + 24
46  Python                        	       0x103c91f78 pymain_main + 56
47  Python                        	       0x103c9223c Py_BytesMain + 40
48  dyld                          	       0x1896510e0 start + 2360


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x00000001080c0000   x1: 0x0000000040000000   x2: 0x00000000ffffffff   x3: 0x0000000000041802
    x4: 0x00000000ffffffff   x5: 0x0000000000000000   x6: 0x0000000000000021   x7: 0x0000000000000002
    x8: 0x000000010670f000   x9: 0x00000002c0000000  x10: 0x0000000000002026  x11: 0x0000000005ffa000
   x12: 0x000000000000d49d  x13: 0x0000000000000009  x14: 0x00000000000007fb  x15: 0x000000009dc88ffb
   x16: 0x0000000189992254  x17: 0x000000000000d187  x18: 0x0000000000000000  x19: 0x00000001080c0000
   x20: 0x0000000280000000  x21: 0x0000000280000000  x22: 0x0000000040000000  x23: 0x000000016d149050
   x24: 0x0000000000000000  x25: 0x0000000000000000  x26: 0x0000000000000004  x27: 0x0000000000000004
   x28: 0x000000016d149008   fp: 0x000000016d148da0   lr: 0x0000000105dcc6a0
    sp: 0x000000016d148d80   pc: 0x0000000105d9c654 cpsr: 0x20001000
   far: 0x0000000280000000  esr: 0x9200004f (Data Abort) byte write Permission fault

Binary Images:
       0x1039f0000 -        0x1039f3fff _uuid.cpython-310-darwin.so (*) <5406893a-16a9-3917-a57c-a18c30673b38> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_uuid.cpython-310-darwin.so
       0x103a1c000 -        0x103a2ffff _datetime.cpython-310-darwin.so (*) <2f82bafe-ae6c-3ba1-b5eb-6e28f8c0dd9a> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_datetime.cpython-310-darwin.so
       0x103310000 -        0x103313fff _queue.cpython-310-darwin.so (*) <421c1fa3-f6da-33d4-a43e-3e744dbe86d8> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_queue.cpython-310-darwin.so
       0x103234000 -        0x103237fff _heapq.cpython-310-darwin.so (*) <46bf4b96-5b44-3371-92d8-bdaf78687925> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_heapq.cpython-310-darwin.so
       0x10396c000 -        0x103983fff _pickle.cpython-310-darwin.so (*) <a9a32f5b-90ee-322a-95ef-0e49ca3071bc> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_pickle.cpython-310-darwin.so
       0x1039a8000 -        0x1039b3fff array.cpython-310-darwin.so (*) <502fda2b-73c2-3caa-a980-e4f282becc61> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/array.cpython-310-darwin.so
       0x103210000 -        0x10321ffff _socket.cpython-310-darwin.so (*) <7422f970-d83c-3060-8807-dd28ffe7fb58> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_socket.cpython-310-darwin.so
       0x1032fc000 -        0x1032fffff resource.cpython-310-darwin.so (*) <db02e1a1-4927-3447-aad4-fa49616d354d> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/resource.cpython-310-darwin.so
       0x104cd4000 -        0x105157fff _lief.so (*) <4c4c4441-5555-3144-a1f8-7f67f50e3728> /Users/USER/*/_lief.so
       0x105c14000 -        0x106773fff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /Users/USER/*/libunicorn.2.dylib
       0x1045e4000 -        0x104b57fff libcapstone.dylib (*) <21a25ccd-589f-36eb-b38c-b159f4a70161> /Users/USER/*/libcapstone.dylib
       0x1032e4000 -        0x1032ebfff binascii.cpython-310-darwin.so (*) <f619bcc2-4d06-34f7-ae65-8001170d28a7> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/binascii.cpython-310-darwin.so
       0x1032d0000 -        0x1032d3fff _sha512.cpython-310-darwin.so (*) <b8911246-bb80-3ad9-8ecb-d17357ac6122> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_sha512.cpython-310-darwin.so
       0x1032bc000 -        0x1032bffff _random.cpython-310-darwin.so (*) <b0e2bf49-f1db-3ea8-b7b9-99823e9c84ec> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_random.cpython-310-darwin.so
       0x1032a8000 -        0x1032abfff _bisect.cpython-310-darwin.so (*) <a37eb635-fe7a-3d44-b1ba-3bb7dc7b0e14> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bisect.cpython-310-darwin.so
       0x103294000 -        0x103297fff _opcode.cpython-310-darwin.so (*) <6aabe736-53ef-3a3d-9492-e0edaf02007b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_opcode.cpython-310-darwin.so
       0x103324000 -        0x103353fff _lzma.cpython-310-darwin.so (*) <13cfe756-b593-353d-bfcf-a74de53f6135> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_lzma.cpython-310-darwin.so
       0x103280000 -        0x103283fff _bz2.cpython-310-darwin.so (*) <3d88ed77-d0ef-329d-9f57-4c94ae0b28e4> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bz2.cpython-310-darwin.so
       0x103264000 -        0x10326bfff zlib.cpython-310-darwin.so (*) <2ef52731-249d-3f3d-ade2-f68b45332f10> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/zlib.cpython-310-darwin.so
       0x103248000 -        0x10324ffff _struct.cpython-310-darwin.so (*) <133bfe87-3bd9-3bd6-9afe-c0b504af5b78> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_struct.cpython-310-darwin.so
       0x1031b0000 -        0x1031c3fff _ctypes.cpython-310-darwin.so (*) <8710ee5e-53a1-3c8e-a6be-35fba5383f42> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ctypes.cpython-310-darwin.so
       0x1031f0000 -        0x1031fbfff math.cpython-310-darwin.so (*) <44e05e35-d5f1-37c1-bd86-cc43e0de1bbf> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/math.cpython-310-darwin.so
       0x103160000 -        0x103167fff select.cpython-310-darwin.so (*) <06443efd-a639-3015-833c-f473f172608c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/select.cpython-310-darwin.so
       0x10319c000 -        0x10319ffff _posixsubprocess.cpython-310-darwin.so (*) <d28f8d29-7210-37d1-964f-a77a83f76c3f> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_posixsubprocess.cpython-310-darwin.so
       0x103188000 -        0x10318bfff fcntl.cpython-310-darwin.so (*) <f8cce0d7-6b5e-3da9-a207-fb714939b81c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/fcntl.cpython-310-darwin.so
       0x103a58000 -        0x103db7fff org.python.python (3.10.11, (c) 2001-2023 Python Software Foundation.) <3fe90b0d-d091-3b4e-ac7c-15d5cf743818> /Library/Frameworks/Python.framework/Versions/3.10/Python
       0x102cb4000 -        0x102cb7fff org.python.python (3.10.11) <ef677878-e7fb-329d-bb8b-0f651210d52b> /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
       0x19a53e000 -        0x19a54f64f libffi.dylib (*) <3d2c1bb7-e1c9-3831-976a-c1acd53e7ab7> /usr/lib/libffi.dylib
       0x18964b000 -        0x1896df347 dyld (*) <324e4ad9-e01f-3183-b09f-3e20b326643a> /usr/lib/dyld
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
       0x189990000 -        0x1899cafff libsystem_kernel.dylib (*) <ca94fc21-bc40-3b43-b65d-b87ece9e1d48> /usr/lib/system/libsystem_kernel.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)
Writable regions: Total=2.1G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.1G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Kernel Alloc Once                   32K        1 
MALLOC                             1.1G       25 
MALLOC guard page                   96K        6 
STACK GUARD                         16K        1 
Stack                             16.0M        1 
VM_ALLOCATE                        1.0G       14 
__AUTH                             339K       65 
__AUTH_CONST                      4056K      147 
__DATA                            3343K      168 
__DATA_CONST                      6929K      175 
__DATA_DIRTY                       365K       59 
__LINKEDIT                       896.2M       28 
__OBJC_RO                         71.1M        1 
__OBJC_RW                         2168K        1 
__TEXT                           145.5M      182 
dyld private memory                272K        2 
shared memory                       32K        2 
===========                     =======  ======= 
TOTAL                              3.2G      878 

@wtdcode
Copy link
Member

wtdcode commented Oct 17, 2024

Thanks, I understand. Do you have any plans to solve this problem in the future?

This is easy to solve if you could provide a smaller reproduction. Usually just we forget to save/restore JIT status before entering JIT regions.

Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.

I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.

But we will soon test the shipped wheel before distribution in #2026

@sledgeh4w
Copy link
Contributor Author

I will find a way to simply reproduce it.

@sledgeh4w
Copy link
Contributor Author

I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.

The second issue will occur to mu.mem_map(ADDRESS, 2 * 1024 * 1024) in sample_arm64.

@wtdcode
Copy link
Member

wtdcode commented Oct 17, 2024

I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.

The second issue will occur to mu.mem_map(ADDRESS, 2 * 1024 * 1024) in sample_arm64.

Full script?

@sledgeh4w
Copy link
Contributor Author

I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.

The second issue will occur to mu.mem_map(ADDRESS, 2 * 1024 * 1024) in sample_arm64.

Full script?

This

@wtdcode
Copy link
Member

wtdcode commented Oct 17, 2024

That works on my mbp. Are you on dev branch and what error do you get?

@sledgeh4w
Copy link
Contributor Author

I just installed unicorn using pip in a project that only has sample_arm64.

(.venv) yanglizhi@U-143GQMLJ-2215 pythonProject1 % pip install unicorn
Looking in indexes: https://mirrors.aliyun.com/pypi/simple
Collecting unicorn
  Using cached https://mirrors.aliyun.com/pypi/packages/08/a7/c109d5d76ed42ea8c620e4de91e8f1003424d10fd3c908649d19af2b9a3f/unicorn-2.1.1-py2.py3-none-macosx_11_0_arm64.whl (12.0 MB)
Installing collected packages: unicorn
Successfully installed unicorn-2.1.1

[notice] A new release of pip is available: 23.2.1 -> 24.2
[notice] To update, run: pip install --upgrade pip
(.venv) yanglizhi@U-143GQMLJ-2215 pythonProject1 % python3 sample_arm64.py 
Emulate ARM64 code
zsh: bus error  python3 sample_arm64.py
(.venv) yanglizhi@U-143GQMLJ-2215 pythonProject1 % 

The crash log is:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Python [56382]
Path:                  /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
Identifier:            org.python.python
Version:               3.10.11 (3.10.11)
Code Type:             ARM-64 (Native)
Parent Process:        zsh [55787]
Responsible:           pycharm [678]
User ID:               502

Date/Time:             2024-10-17 17:02:36.2347 +0800
OS Version:            macOS 14.2 (23C64)
Report Version:        12
Anonymous UUID:        3C136E55-0B58-2F1D-FB15-5C5259FAED20

Sleep/Wake UUID:       966CA212-6777-475D-B076-3B60FE5E45ED

Time Awake Since Boot: 97000 seconds
Time Since Wake:       8673 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000000280000000
Exception Codes:       0x0000000000000002, 0x0000000280000000

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [56382]

VM Region Info: 0x280000000 is in 0x280000000-0x2c0000000;  bytes after start: 0  bytes before end: 1073741823
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               27b6a4000-27b6a8000    [   16K] r--/r-- SM=COW  ...ed lib __TEXT
      GAP OF 0x4958000 BYTES
--->  VM_ALLOCATE                 280000000-2c0000000    [  1.0G] rwx/rwx SM=PRV  
      GAP OF 0xd00000000 BYTES
      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---/--- SM=NUL  ...(unallocated)

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libunicorn.2.dylib            	       0x11a8c8654 tcg_prologue_init_aarch64 + 88
1   libunicorn.2.dylib            	       0x11a8f86a0 tcg_exec_init_aarch64 + 324
2   libunicorn.2.dylib            	       0x11a7496ec machine_initialize + 88
3   libunicorn.2.dylib            	       0x11a745354 uc_init_engine + 164
4   libunicorn.2.dylib            	       0x11a74695c uc_mem_map + 548
5   libffi.dylib                  	       0x19a546050 ffi_call_SYSV + 80
6   libffi.dylib                  	       0x19a54eadc ffi_call_int + 1208
7   _ctypes.cpython-310-darwin.so 	       0x104e002a8 _ctypes_callproc + 1396
8   _ctypes.cpython-310-darwin.so 	       0x104dfa338 PyCFuncPtr_call + 208
9   Python                        	       0x105708cf8 _PyObject_MakeTpCall + 136
10  Python                        	       0x10583f238 call_function + 380
11  Python                        	       0x105837470 _PyEval_EvalFrameDefault + 23772
12  Python                        	       0x10582ff28 _PyEval_Vector + 360
13  Python                        	       0x10583f140 call_function + 132
14  Python                        	       0x10583647c _PyEval_EvalFrameDefault + 19688
15  Python                        	       0x10582ff28 _PyEval_Vector + 360
16  Python                        	       0x10583f140 call_function + 132
17  Python                        	       0x105835b5c _PyEval_EvalFrameDefault + 17352
18  Python                        	       0x10582ff28 _PyEval_Vector + 360
19  Python                        	       0x10589ac54 pyrun_file + 308
20  Python                        	       0x10589a398 _PyRun_SimpleFileObject + 336
21  Python                        	       0x1058999e4 _PyRun_AnyFileObject + 216
22  Python                        	       0x1058c5dd0 pymain_run_file_obj + 180
23  Python                        	       0x1058c5470 pymain_run_file + 72
24  Python                        	       0x1058c4a58 pymain_run_python + 300
25  Python                        	       0x1058c48ec Py_RunMain + 24
26  Python                        	       0x1058c5f78 pymain_main + 56
27  Python                        	       0x1058c623c Py_BytesMain + 40
28  dyld                          	       0x1896510e0 start + 2360


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x0000000108018000   x1: 0x0000000040000000   x2: 0x00000000ffffffff   x3: 0x0000000000041802
    x4: 0x00000000ffffffff   x5: 0x0000000000000000   x6: 0x000000000000000a   x7: 0x0000000000000000
    x8: 0x000000011b23b000   x9: 0x00000002c0000000  x10: 0x0000000000002026  x11: 0x0000000005ffa000
   x12: 0x00000000000009fc  x13: 0x0000000000000009  x14: 0x00000000000007fb  x15: 0x0000000080eff7fb
   x16: 0x0000000189992254  x17: 0x000000000000d187  x18: 0x0000000000000000  x19: 0x0000000108018000
   x20: 0x0000000280000000  x21: 0x0000000280000000  x22: 0x0000000040000000  x23: 0x000000016b516340
   x24: 0x0000000000000000  x25: 0x0000000000000000  x26: 0x0000000000000004  x27: 0x0000000000000004
   x28: 0x000000016b5162f8   fp: 0x000000016b516090   lr: 0x000000011a8f86a0
    sp: 0x000000016b516070   pc: 0x000000011a8c8654 cpsr: 0x20001000
   far: 0x0000000280000000  esr: 0x9200004f (Data Abort) byte write Permission fault

Binary Images:
       0x11a740000 -        0x11b29ffff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /Users/USER/*/libunicorn.2.dylib
       0x1050d4000 -        0x1050dbfff binascii.cpython-310-darwin.so (*) <f619bcc2-4d06-34f7-ae65-8001170d28a7> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/binascii.cpython-310-darwin.so
       0x105068000 -        0x10506bfff _sha512.cpython-310-darwin.so (*) <b8911246-bb80-3ad9-8ecb-d17357ac6122> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_sha512.cpython-310-darwin.so
       0x105090000 -        0x105093fff _random.cpython-310-darwin.so (*) <b0e2bf49-f1db-3ea8-b7b9-99823e9c84ec> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_random.cpython-310-darwin.so
       0x104db4000 -        0x104db7fff _bisect.cpython-310-darwin.so (*) <a37eb635-fe7a-3d44-b1ba-3bb7dc7b0e14> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bisect.cpython-310-darwin.so
       0x104d94000 -        0x104d9ffff math.cpython-310-darwin.so (*) <44e05e35-d5f1-37c1-bd86-cc43e0de1bbf> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/math.cpython-310-darwin.so
       0x105200000 -        0x10522ffff _lzma.cpython-310-darwin.so (*) <13cfe756-b593-353d-bfcf-a74de53f6135> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_lzma.cpython-310-darwin.so
       0x105054000 -        0x105057fff _bz2.cpython-310-darwin.so (*) <3d88ed77-d0ef-329d-9f57-4c94ae0b28e4> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bz2.cpython-310-darwin.so
       0x105038000 -        0x10503ffff zlib.cpython-310-darwin.so (*) <2ef52731-249d-3f3d-ade2-f68b45332f10> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/zlib.cpython-310-darwin.so
       0x104f24000 -        0x104f27fff _opcode.cpython-310-darwin.so (*) <6aabe736-53ef-3a3d-9492-e0edaf02007b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_opcode.cpython-310-darwin.so
       0x104dcc000 -        0x104dd3fff _struct.cpython-310-darwin.so (*) <133bfe87-3bd9-3bd6-9afe-c0b504af5b78> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_struct.cpython-310-darwin.so
       0x104df4000 -        0x104e07fff _ctypes.cpython-310-darwin.so (*) <8710ee5e-53a1-3c8e-a6be-35fba5383f42> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ctypes.cpython-310-darwin.so
       0x10568c000 -        0x1059ebfff org.python.python (3.10.11, (c) 2001-2023 Python Software Foundation.) <3fe90b0d-d091-3b4e-ac7c-15d5cf743818> /Library/Frameworks/Python.framework/Versions/3.10/Python
       0x1048e8000 -        0x1048ebfff org.python.python (3.10.11) <ef677878-e7fb-329d-bb8b-0f651210d52b> /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
       0x19a53e000 -        0x19a54f64f libffi.dylib (*) <3d2c1bb7-e1c9-3831-976a-c1acd53e7ab7> /usr/lib/libffi.dylib
       0x18964b000 -        0x1896df347 dyld (*) <324e4ad9-e01f-3183-b09f-3e20b326643a> /usr/lib/dyld
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
       0x189990000 -        0x1899cafff libsystem_kernel.dylib (*) <ca94fc21-bc40-3b43-b65d-b87ece9e1d48> /usr/lib/system/libsystem_kernel.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)
Writable regions: Total=2.1G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.1G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Kernel Alloc Once                   32K        1 
MALLOC                             1.1G       29 
MALLOC guard page                   96K        6 
STACK GUARD                         16K        1 
Stack                             16.0M        1 
VM_ALLOCATE                        1.0G        6 
__AUTH                             339K       65 
__AUTH_CONST                      4056K      147 
__DATA                            3135K      155 
__DATA_CONST                      5201K      162 
__DATA_DIRTY                       365K       59 
__LINKEDIT                       895.4M       15 
__OBJC_RO                         71.1M        1 
__OBJC_RW                         2168K        1 
__TEXT                           135.1M      169 
dyld private memory                272K        2 
shared memory                       32K        2 
===========                     =======  ======= 
TOTAL                              3.2G      822 

@sledgeh4w
Copy link
Contributor Author

If I use locally compiled dylib, this problem would not occur.

@wtdcode
Copy link
Member

wtdcode commented Oct 17, 2024

If I use locally compiled dylib, this problem would not occur.

I have no idea why the built dynamic libraries by Github Action is failed but #2026 will surely address this by testing the wheels before uploading to pypi. This will be shipped along with 2.1.2, probably before the end of this month.

Locally testing shows that probably the JIT state is not switched but no idea why.

@sledgeh4w
Copy link
Contributor Author

I have found a solution to the first problem, remove a judgment condition in cpu_tb_exec.

if (cpu->uc->nested_level == 1) {
    // Only unlock (allow writing to JIT area) if we are the outmost uc_emu_start
    tb_exec_unlock(cpu->uc);
}

=>

tb_exec_unlock(cpu->uc);

After this, my program can work normally.

Meanwhile, I noticed that this judgment condition was specifically added by you in the commit.

@wtdcode
Copy link
Member

wtdcode commented Oct 18, 2024

This would fail other cases. I remember I added corresponding cases and you can run ctest to check.

Generally, the root cause is that we allow users to re-entry the JIT area and the area is shared all together. It’s hard to determine the correct state given current design.

@sledgeh4w
Copy link
Contributor Author

ctest all passed.

yanglizhi@U-143GQMLJ-2215 build % ctest
Test project /Users/yanglizhi/Projects/unicorn/build
      Start  1: test_x86
 1/12 Test  #1: test_x86 .........................   Passed    1.95 sec
      Start  2: test_arm
 2/12 Test  #2: test_arm .........................   Passed    0.32 sec
      Start  3: test_arm64
 3/12 Test  #3: test_arm64 .......................   Passed    0.29 sec
      Start  4: test_m68k
 4/12 Test  #4: test_m68k ........................   Passed    0.28 sec
      Start  5: test_mips
 5/12 Test  #5: test_mips ........................   Passed    0.27 sec
      Start  6: test_sparc
 6/12 Test  #6: test_sparc .......................   Passed    0.27 sec
      Start  7: test_ppc
 7/12 Test  #7: test_ppc .........................   Passed    0.27 sec
      Start  8: test_riscv
 8/12 Test  #8: test_riscv .......................   Passed    0.29 sec
      Start  9: test_s390x
 9/12 Test  #9: test_s390x .......................   Passed    0.27 sec
      Start 10: test_tricore
10/12 Test #10: test_tricore .....................   Passed    0.26 sec
      Start 11: test_mem
11/12 Test #11: test_mem .........................   Passed    0.27 sec
      Start 12: test_ctl
12/12 Test #12: test_ctl .........................   Passed    0.29 sec

100% tests passed, 0 tests failed out of 12

Total Test time (real) =   5.05 sec

There are two judgment conditions in your commit, removing the condition in cpu_exec_common.c will cause the test to fail, but removing the condition in cpu_exec.c will not.

@wtdcode
Copy link
Member

wtdcode commented Oct 18, 2024

I can't remember the exact context of this commit and I will have a check.

By the way, could have a try with the wheel from here: https://github.com/unicorn-engine/unicorn/actions/runs/11385747394 (note artifacts below)

@sledgeh4w
Copy link
Contributor Author

By the way, could have a try with the wheel from here: https://github.com/unicorn-engine/unicorn/actions/runs/11385747394 (note artifacts below)

Still crashing. Is my system version or CPU is too new (14.2 + M3 Pro) ?

@wtdcode
Copy link
Member

wtdcode commented Oct 22, 2024

By the way, could have a try with the wheel from here: https://github.com/unicorn-engine/unicorn/actions/runs/11385747394 (note artifacts below)

Still crashing. Is my system version or CPU is too new (14.2 + M3 Pro) ?

That's weird, these wheels pass all simple tests (including the sample you mentioned)

@sledgeh4w
Copy link
Contributor Author

sledgeh4w commented Nov 12, 2024

Thanks, I understand. Do you have any plans to solve this problem in the future?

This is easy to solve if you could provide a smaller reproduction. Usually just we forget to save/restore JIT status before entering JIT regions.

Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.

I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.

But we will soon test the shipped wheel before distribution in #2026

Sorry, it's been a while. I extracted the reproduction code.

test.zip

@ylca0
Copy link

ylca0 commented Nov 18, 2024

I have another similar issue (simulating x86 programs on m3pro)

terminal output:
[1] 15538 bus error sudo python3.13 ./fibonacci.py

report:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Python [15356]
Path:                  /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python
Identifier:            org.python.python
Version:               3.13.0 (3.13.0)
Code Type:             ARM-64 (Native)
Parent Process:        Exited process [15355]
Responsible:           Electron [7991]
User ID:               0

Date/Time:             2024-11-19 01:03:24.4021 +0800
OS Version:            macOS 15.1 (24B83)
Report Version:        12
Anonymous UUID:        AD2ABAFE-AE0C-5363-06FB-0418F9FF654F

Sleep/Wake UUID:       7B864683-D5AD-418D-94A0-6876656ACBE2

Time Awake Since Boot: 7400 seconds
Time Since Wake:       4090 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000000300000000
Exception Codes:       0x0000000000000002, 0x0000000300000000

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [15356]

VM Region Info: 0x300000000 is in 0x300000000-0x340000000;  bytes after start: 0  bytes before end: 1073741823
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               2ae248000-2ae24c000    [   16K] r--/r-- SM=COW  unused  unknown system shared lib __TEXT
      GAP OF 0x51db4000 BYTES
--->  VM_ALLOCATE                 300000000-340000000    [  1.0G] rwx/rwx SM=PRV  
      GAP OF 0xc80000000 BYTES
      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---/--- SM=NUL  reserved VM address space (unallocated)

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libunicorn.2.dylib            	       0x1048fc02c tcg_prologue_init_x86_64 + 88
1   libunicorn.2.dylib            	       0x10492abd4 tcg_exec_init_x86_64 + 236
2   libunicorn.2.dylib            	       0x1048d16ec machine_initialize + 88
3   libunicorn.2.dylib            	       0x1048cd354 uc_init_engine + 164
4   libunicorn.2.dylib            	       0x1048ce95c uc_mem_map + 548
5   libffi.dylib                  	       0x1a4da3050 ffi_call_SYSV + 80
6   libffi.dylib                  	       0x1a4dabb04 ffi_call_int + 1208
7   _ctypes.cpython-313-darwin.so 	       0x10310f3a0 _ctypes_callproc + 780
8   _ctypes.cpython-313-darwin.so 	       0x10310ca1c PyCFuncPtr_call + 260
9   Python                        	       0x1031abc60 _PyObject_MakeTpCall + 124
10  Python                        	       0x1032d3714 _PyEval_EvalFrameDefault + 9020
11  Python                        	       0x1032d1180 PyEval_EvalCode + 200
12  Python                        	       0x1033411a4 run_eval_code_obj + 104
13  Python                        	       0x103340be4 run_mod + 168
14  Python                        	       0x10333f518 pyrun_file + 164
15  Python                        	       0x10333e854 _PyRun_SimpleFileObject + 256
16  Python                        	       0x10333e4e8 _PyRun_AnyFileObject + 80
17  Python                        	       0x103366028 pymain_run_file_obj + 164
18  Python                        	       0x103365ce4 pymain_run_file + 72
19  Python                        	       0x103364f74 Py_RunMain + 988
20  Python                        	       0x103365564 pymain_main + 304
21  Python                        	       0x103365604 Py_BytesMain + 40
22  dyld                          	       0x192d90274 start + 2840


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x00000001280e8000   x1: 0x0000000040000000   x2: 0x00000000ffffffff   x3: 0x0000000000041802
    x4: 0x00000000ffffffff   x5: 0x0000000000000000   x6: 0x0000600001b7f660   x7: 0x0000000000000002
    x8: 0x00000001053c3000   x9: 0x0000000340000000  x10: 0x0000000000002026  x11: 0x0000000005ffa000
   x12: 0x0000000000002155  x13: 0x0000000102cbec28  x14: 0x0000000000000000  x15: 0x00000000000007fb
   x16: 0x00000001930d27d0  x17: 0x000000000000d187  x18: 0x0000000000000000  x19: 0x00000001280e8000
   x20: 0x0000000300000000  x21: 0x0000000300000000  x22: 0x0000000040000000  x23: 0x000000016d19aa18
   x24: 0x0000000000000000  x25: 0x0000000000000000  x26: 0x0000000000000004  x27: 0x0000000000000004
   x28: 0x000000016d19a9d8   fp: 0x000000016d19a770   lr: 0x000000010492abd4
    sp: 0x000000016d19a750   pc: 0x00000001048fc02c cpsr: 0x20001000
   far: 0x0000000300000000  esr: 0x9200004f (Data Abort) byte write Permission fault

Binary Images:
       0x102c64000 -        0x102c67fff org.python.python (3.13.0) <d44e5971-f800-323d-b00a-66b9d5d8577a> /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python
       0x10314c000 -        0x1034d3fff org.python.python (3.13.0, (c) 2001-2024 Python Software Foundation.) <64c2b76a-e1e2-3282-8114-2bcf48c271ec> /opt/homebrew/*/Python.framework/Versions/3.13/Python
       0x103104000 -        0x103117fff _ctypes.cpython-313-darwin.so (*) <92eca15c-b83c-36c5-97ed-34c54eab141d> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_ctypes.cpython-313-darwin.so
       0x10312c000 -        0x103133fff _struct.cpython-313-darwin.so (*) <ec98f0eb-a849-3423-b7fa-69372f65e4ef> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_struct.cpython-313-darwin.so
       0x1030f0000 -        0x1030f3fff grp.cpython-313-darwin.so (*) <9137a95b-ba27-3a27-b8d8-d21fcb1733df> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/grp.cpython-313-darwin.so
       0x103798000 -        0x10379bfff _opcode.cpython-313-darwin.so (*) <fd1345aa-8c2f-3eae-a1e6-fb9f6a689529> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_opcode.cpython-313-darwin.so
       0x1037c4000 -        0x1037cbfff zlib.cpython-313-darwin.so (*) <1f25a98e-3fe1-31c9-9d2a-bc929dbba8dd> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/zlib.cpython-313-darwin.so
       0x1037ac000 -        0x1037affff _bz2.cpython-313-darwin.so (*) <2c11af0f-a61d-3e45-8555-46bf89e5092a> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bz2.cpython-313-darwin.so
       0x1037f4000 -        0x1037fbfff _lzma.cpython-313-darwin.so (*) <2aee7417-4b2e-34ab-bdad-315b1e9b074c> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_lzma.cpython-313-darwin.so
       0x10383c000 -        0x10385bfff liblzma.5.dylib (*) <dc958b6f-5b2e-39cb-ab02-bdad84357e36> /opt/homebrew/*/liblzma.5.dylib
       0x10386c000 -        0x103877fff math.cpython-313-darwin.so (*) <ae1eb5a2-25e6-3780-ad4f-2ba5448cf462> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/math.cpython-313-darwin.so
       0x1037dc000 -        0x1037dffff _bisect.cpython-313-darwin.so (*) <e8bf6f94-2ce8-34dd-a039-fc5236c28365> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bisect.cpython-313-darwin.so
       0x10380c000 -        0x10380ffff _random.cpython-313-darwin.so (*) <9669cd01-aa3d-36fc-a140-99db643d5a52> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_random.cpython-313-darwin.so
       0x103820000 -        0x103823fff binascii.cpython-313-darwin.so (*) <f1ea4182-b110-3f43-8ae1-049bf07f2ee6> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/binascii.cpython-313-darwin.so
       0x1048c8000 -        0x105427fff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /opt/homebrew/*/libunicorn.2.dylib
       0x1a4d9b000 -        0x1a4dac687 libffi.dylib (*) <64a07b10-8c91-3b60-8f03-a8803e112a85> /usr/lib/libffi.dylib
       0x192d8a000 -        0x192e0c7b3 dyld (*) <6beafde4-b011-3e47-8aae-4d7b6e4bb7e8> /usr/lib/dyld
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
       0x1930d1000 -        0x19310bff7 libsystem_kernel.dylib (*) <9fea25a4-e8ca-3f3d-901c-a53ff2bc7217> /usr/lib/system/libsystem_kernel.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=818.2M resident=0K(0%) swapped_out_or_unallocated=818.2M(100%)
Writable regions: Total=1.7G written=289K(0%) resident=289K(0%) swapped_out=0K(0%) unallocated=1.7G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Kernel Alloc Once                   32K        1 
MALLOC                           650.2M       13 
MALLOC guard page                   96K        6 
STACK GUARD                         16K        1 
Stack                             16.0M        1 
VM_ALLOCATE                        1.0G        8 
__AUTH                             747K      155 
__AUTH_CONST                      12.4M      290 
__DATA                            5203K      284 
__DATA_CONST                      11.0M      305 
__DATA_DIRTY                       456K       93 
__FONT_DATA                        2352        1 
__LINKEDIT                       587.8M       16 
__OBJC_RW                         2354K        1 
__TEXT                           230.4M      314 
__TPRO_CONST                       272K        2 
page table in kernel               289K        1 
shared memory                       48K        2 
===========                     =======  ======= 
TOTAL                              2.5G     1494 

@sledgeh4w
Copy link
Contributor Author

I have another similar issue (simulating x86 programs on m3pro)

terminal output: [1] 15538 bus error sudo python3.13 ./fibonacci.py

report:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Python [15356]
Path:                  /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python
Identifier:            org.python.python
Version:               3.13.0 (3.13.0)
Code Type:             ARM-64 (Native)
Parent Process:        Exited process [15355]
Responsible:           Electron [7991]
User ID:               0

Date/Time:             2024-11-19 01:03:24.4021 +0800
OS Version:            macOS 15.1 (24B83)
Report Version:        12
Anonymous UUID:        AD2ABAFE-AE0C-5363-06FB-0418F9FF654F

Sleep/Wake UUID:       7B864683-D5AD-418D-94A0-6876656ACBE2

Time Awake Since Boot: 7400 seconds
Time Since Wake:       4090 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000000300000000
Exception Codes:       0x0000000000000002, 0x0000000300000000

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [15356]

VM Region Info: 0x300000000 is in 0x300000000-0x340000000;  bytes after start: 0  bytes before end: 1073741823
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               2ae248000-2ae24c000    [   16K] r--/r-- SM=COW  unused  unknown system shared lib __TEXT
      GAP OF 0x51db4000 BYTES
--->  VM_ALLOCATE                 300000000-340000000    [  1.0G] rwx/rwx SM=PRV  
      GAP OF 0xc80000000 BYTES
      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---/--- SM=NUL  reserved VM address space (unallocated)

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libunicorn.2.dylib            	       0x1048fc02c tcg_prologue_init_x86_64 + 88
1   libunicorn.2.dylib            	       0x10492abd4 tcg_exec_init_x86_64 + 236
2   libunicorn.2.dylib            	       0x1048d16ec machine_initialize + 88
3   libunicorn.2.dylib            	       0x1048cd354 uc_init_engine + 164
4   libunicorn.2.dylib            	       0x1048ce95c uc_mem_map + 548
5   libffi.dylib                  	       0x1a4da3050 ffi_call_SYSV + 80
6   libffi.dylib                  	       0x1a4dabb04 ffi_call_int + 1208
7   _ctypes.cpython-313-darwin.so 	       0x10310f3a0 _ctypes_callproc + 780
8   _ctypes.cpython-313-darwin.so 	       0x10310ca1c PyCFuncPtr_call + 260
9   Python                        	       0x1031abc60 _PyObject_MakeTpCall + 124
10  Python                        	       0x1032d3714 _PyEval_EvalFrameDefault + 9020
11  Python                        	       0x1032d1180 PyEval_EvalCode + 200
12  Python                        	       0x1033411a4 run_eval_code_obj + 104
13  Python                        	       0x103340be4 run_mod + 168
14  Python                        	       0x10333f518 pyrun_file + 164
15  Python                        	       0x10333e854 _PyRun_SimpleFileObject + 256
16  Python                        	       0x10333e4e8 _PyRun_AnyFileObject + 80
17  Python                        	       0x103366028 pymain_run_file_obj + 164
18  Python                        	       0x103365ce4 pymain_run_file + 72
19  Python                        	       0x103364f74 Py_RunMain + 988
20  Python                        	       0x103365564 pymain_main + 304
21  Python                        	       0x103365604 Py_BytesMain + 40
22  dyld                          	       0x192d90274 start + 2840


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x00000001280e8000   x1: 0x0000000040000000   x2: 0x00000000ffffffff   x3: 0x0000000000041802
    x4: 0x00000000ffffffff   x5: 0x0000000000000000   x6: 0x0000600001b7f660   x7: 0x0000000000000002
    x8: 0x00000001053c3000   x9: 0x0000000340000000  x10: 0x0000000000002026  x11: 0x0000000005ffa000
   x12: 0x0000000000002155  x13: 0x0000000102cbec28  x14: 0x0000000000000000  x15: 0x00000000000007fb
   x16: 0x00000001930d27d0  x17: 0x000000000000d187  x18: 0x0000000000000000  x19: 0x00000001280e8000
   x20: 0x0000000300000000  x21: 0x0000000300000000  x22: 0x0000000040000000  x23: 0x000000016d19aa18
   x24: 0x0000000000000000  x25: 0x0000000000000000  x26: 0x0000000000000004  x27: 0x0000000000000004
   x28: 0x000000016d19a9d8   fp: 0x000000016d19a770   lr: 0x000000010492abd4
    sp: 0x000000016d19a750   pc: 0x00000001048fc02c cpsr: 0x20001000
   far: 0x0000000300000000  esr: 0x9200004f (Data Abort) byte write Permission fault

Binary Images:
       0x102c64000 -        0x102c67fff org.python.python (3.13.0) <d44e5971-f800-323d-b00a-66b9d5d8577a> /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python
       0x10314c000 -        0x1034d3fff org.python.python (3.13.0, (c) 2001-2024 Python Software Foundation.) <64c2b76a-e1e2-3282-8114-2bcf48c271ec> /opt/homebrew/*/Python.framework/Versions/3.13/Python
       0x103104000 -        0x103117fff _ctypes.cpython-313-darwin.so (*) <92eca15c-b83c-36c5-97ed-34c54eab141d> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_ctypes.cpython-313-darwin.so
       0x10312c000 -        0x103133fff _struct.cpython-313-darwin.so (*) <ec98f0eb-a849-3423-b7fa-69372f65e4ef> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_struct.cpython-313-darwin.so
       0x1030f0000 -        0x1030f3fff grp.cpython-313-darwin.so (*) <9137a95b-ba27-3a27-b8d8-d21fcb1733df> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/grp.cpython-313-darwin.so
       0x103798000 -        0x10379bfff _opcode.cpython-313-darwin.so (*) <fd1345aa-8c2f-3eae-a1e6-fb9f6a689529> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_opcode.cpython-313-darwin.so
       0x1037c4000 -        0x1037cbfff zlib.cpython-313-darwin.so (*) <1f25a98e-3fe1-31c9-9d2a-bc929dbba8dd> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/zlib.cpython-313-darwin.so
       0x1037ac000 -        0x1037affff _bz2.cpython-313-darwin.so (*) <2c11af0f-a61d-3e45-8555-46bf89e5092a> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bz2.cpython-313-darwin.so
       0x1037f4000 -        0x1037fbfff _lzma.cpython-313-darwin.so (*) <2aee7417-4b2e-34ab-bdad-315b1e9b074c> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_lzma.cpython-313-darwin.so
       0x10383c000 -        0x10385bfff liblzma.5.dylib (*) <dc958b6f-5b2e-39cb-ab02-bdad84357e36> /opt/homebrew/*/liblzma.5.dylib
       0x10386c000 -        0x103877fff math.cpython-313-darwin.so (*) <ae1eb5a2-25e6-3780-ad4f-2ba5448cf462> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/math.cpython-313-darwin.so
       0x1037dc000 -        0x1037dffff _bisect.cpython-313-darwin.so (*) <e8bf6f94-2ce8-34dd-a039-fc5236c28365> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bisect.cpython-313-darwin.so
       0x10380c000 -        0x10380ffff _random.cpython-313-darwin.so (*) <9669cd01-aa3d-36fc-a140-99db643d5a52> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_random.cpython-313-darwin.so
       0x103820000 -        0x103823fff binascii.cpython-313-darwin.so (*) <f1ea4182-b110-3f43-8ae1-049bf07f2ee6> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/binascii.cpython-313-darwin.so
       0x1048c8000 -        0x105427fff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /opt/homebrew/*/libunicorn.2.dylib
       0x1a4d9b000 -        0x1a4dac687 libffi.dylib (*) <64a07b10-8c91-3b60-8f03-a8803e112a85> /usr/lib/libffi.dylib
       0x192d8a000 -        0x192e0c7b3 dyld (*) <6beafde4-b011-3e47-8aae-4d7b6e4bb7e8> /usr/lib/dyld
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
       0x1930d1000 -        0x19310bff7 libsystem_kernel.dylib (*) <9fea25a4-e8ca-3f3d-901c-a53ff2bc7217> /usr/lib/system/libsystem_kernel.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=818.2M resident=0K(0%) swapped_out_or_unallocated=818.2M(100%)
Writable regions: Total=1.7G written=289K(0%) resident=289K(0%) swapped_out=0K(0%) unallocated=1.7G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Kernel Alloc Once                   32K        1 
MALLOC                           650.2M       13 
MALLOC guard page                   96K        6 
STACK GUARD                         16K        1 
Stack                             16.0M        1 
VM_ALLOCATE                        1.0G        8 
__AUTH                             747K      155 
__AUTH_CONST                      12.4M      290 
__DATA                            5203K      284 
__DATA_CONST                      11.0M      305 
__DATA_DIRTY                       456K       93 
__FONT_DATA                        2352        1 
__LINKEDIT                       587.8M       16 
__OBJC_RW                         2354K        1 
__TEXT                           230.4M      314 
__TPRO_CONST                       272K        2 
page table in kernel               289K        1 
shared memory                       48K        2 
===========                     =======  ======= 
TOTAL                              2.5G     1494 

Your case might be the same as the second problem I mentioned above. The wheel on PyPI is not available, and building the wheel locally should resolve this problem.

@sledgeh4w
Copy link
Contributor Author

Thanks, I understand. Do you have any plans to solve this problem in the future?

This is easy to solve if you could provide a smaller reproduction. Usually just we forget to save/restore JIT status before entering JIT regions.

Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.

I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.
But we will soon test the shipped wheel before distribution in #2026

Sorry, it's been a while. I extracted the reproduction code.

test.zip

Could you possibly take a look at this? @wtdcode

@wtdcode
Copy link
Member

wtdcode commented Dec 7, 2024

I found a way to reproduce this. It crashes pretty early when initializing the Unicorn instance. Unfortunately, there is no debug symbols for the released binary so I need a bit more time to investigate.

@wtdcode
Copy link
Member

wtdcode commented Dec 7, 2024

@sledgeh4w Could you test the artifact from a more recent building: https://github.com/unicorn-engine/unicorn/actions/runs/12211818265 ?

I tested the cibw-wheels-macos-latest-7-py38 downloaded from this run. It works well while the artifact from older runs doesn't work indeed. I believe that we should blame Github Action for the crash or @Antelox work fixes this. Either way, please have a try!

By further inspecting the artifact that doesn't work, the JIT state is not properly saved and restored. The relevant functions are compiled as no-ops as x64 macOS.

@sledgeh4w
Copy link
Contributor Author

@sledgeh4w Could you test the artifact from a more recent building: https://github.com/unicorn-engine/unicorn/actions/runs/12211818265 ?

I tested the cibw-wheels-macos-latest-7-py38 downloaded from this run. It works well while the artifact from older runs doesn't work indeed. I believe that we should blame Github Action for the crash or @Antelox work fixes this. Either way, please have a try!

By further inspecting the artifact that doesn't work, the JIT state is not properly saved and restored. The relevant functions are compiled as no-ops as x64 macOS.

Unfortunately, it has not been resolved.

@sledgeh4w
Copy link
Contributor Author

I found a way to reproduce this. It crashes pretty early when initializing the Unicorn instance. Unfortunately, there is no debug symbols for the released binary so I need a bit more time to investigate.

This code is used to reproduce crashes during nesting call uc_emu_start, perhaps you could test it again.

test.zip

@wtdcode
Copy link
Member

wtdcode commented Dec 8, 2024

The root cause is the Github Action not allowing access to SPRR registers. I submitted an issue: actions/runner-images#11127

I will disable the distribution of pre-built wheels for arm64 in the next release.

At this moment, users need to build unicorn locally.

@wtdcode wtdcode pinned this issue Dec 22, 2024
@wtdcode wtdcode added this to the Unicorn 2.1.2 milestone Dec 29, 2024
@LicketySpliket
Copy link

Actually, I'm still getting this issue after building locally. Is there anything special I need to do in the build?

Seems the uc_mem_write function is still culprit.

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000000300000000
Exception Codes:       0x0000000000000002, 0x0000000300000000

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [82948]

VM Region Info: 0x300000000 is in 0x300000000-0x340000000;  bytes after start: 0  bytes before end: 1073741823
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               284c34000-284c38000    [   16K] r--/r-- SM=COW  unused  unknown system shared lib __TEXT
      GAP OF 0x7b3c8000 BYTES
--->  VM_ALLOCATE                 300000000-340000000    [  1.0G] rwx/rwx SM=PRV  
      GAP OF 0xc80000000 BYTES
      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---/--- SM=NUL  reserved VM address space (unallocated)

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libunicorn.2.dylib            	       0x103777dec tcg_prologue_init_x86_64 + 88
1   libunicorn.2.dylib            	       0x1037a6994 tcg_exec_init_x86_64 + 236
2   libunicorn.2.dylib            	       0x10374d4ac machine_initialize + 88
3   libunicorn.2.dylib            	       0x103749114 uc_init_engine + 164
4   libunicorn.2.dylib            	       0x103749ad4 uc_mem_write + 512
5   libffi.dylib                  	       0x19ad30050 ffi_call_SYSV + 80
6   libffi.dylib                  	       0x19ad38ae0 ffi_call_int + 1212

@wtdcode
Copy link
Member

wtdcode commented Jan 3, 2025

Do you really load the built libunicorn.2.dylib?

@LicketySpliket
Copy link

Ah, I fixed it. My cmake was x86_64, but my Python was arm64. So the compiled library would refuse to load and it would instead load the older one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants