stack trace code tries to access invalid memory

[andrewrk]

In master branch this is protected by MemoryAccessor, but I'm about to delete that.

Thread 1 received signal SIGSEGV, Segmentation fault.
0x00000000015c45f4 in debug.StackIterator.next_internal (it=0x7fbdd0825150) at debug.zig:949
warning: Source file is more recent than executable.
949             const new_fp = math.add(usize, @as(*usize, @ptrFromInt(fp)).*, fp_bias) catch
(gdb) p/x fp
$1 = 0x2caf0b8900000000
(gdb) bt
#0  0x00000000015c45f4 in debug.StackIterator.next_internal (it=0x7fbdd0825150) at debug.zig:949
#1  0x00000000015c06f8 in debug.StackIterator.next (it=0x7fbdd0825150) at debug.zig:876
#2  0x00000000016304e0 in debug.captureStackTrace (first_address=..., stack_trace=0x7fbdd0825480)
    at debug.zig:506
#3  0x0000000001633d44 in heap.debug_allocator.DebugAllocator(.{ .stack_trace_frames = 10, .enable_memory_limit = false, .safety = true, .thread_safe = true, .MutexType = null, .never_unmap = false, .retain_metadata = false, .verbose_log = false, .backing_allocator_zeroes = true, .resize_stack_traces = true, .canary = 2824291834806075834, .page_size = 262144 }).collectStackTrace (first_trace_addr=23064936, addresses=0x7fbdc2f77720)
    at /home/andy/src/zig/lib/std/heap/debug_allocator.zig:515
#4  0x000000000162ebb0 in heap.debug_allocator.DebugAllocator(.{ .stack_trace_frames = 10, .enable_memory_limit = false, .safety = true, .thread_safe = true, .MutexType = null, .never_unmap = false, .retain_metadata = false, .verbose_log = false, .backing_allocator_zeroes = true, .resize_stack_traces = true, .canary = 2824291834806075834, .page_size = 262144 }).BucketHeader.captureStackTrace (bucket=0x7fbdc2f771f0, ret_addr=23064936, 
    slot_count=220, slot_index=445, trace_kind=alloc)
    at /home/andy/src/zig/lib/std/heap/debug_allocator.zig:333
#5  0x0000000001629ecc in heap.debug_allocator.DebugAllocator(.{ .stack_trace_frames = 10, .enable_memory_limit = false, .safety = true, .thread_safe = true, .MutexType = null, .never_unmap = false, .retain_metadata = false, .verbose_log = false, .backing_allocator_zeroes = true, .resize_stack_traces = true, .canary = 2824291834806075834, .page_size = 262144 }).alloc (context=0x2bab6e8 <testing.allocator_instance>, len=516, 
    alignment=4, ret_addr=23064936) at /home/andy/src/zig/lib/std/heap/debug_allocator.zig:764
#6  0x00000000016105d0 in mem.Allocator.rawAlloc () at /home/andy/src/zig/lib/std/mem/Allocator.zig:129
#7  mem.Allocator.allocBytesWithAlignment__anon_17076 (self=..., byte_count=516, return_address=23064936)
    at /home/andy/src/zig/lib/std/mem/Allocator.zig:283
#8  0x000000000160d22c in mem.Allocator.allocWithSizeAndAlignment__anon_16965 (self=..., n=516, 
    return_address=23064936) at /home/andy/src/zig/lib/std/mem/Allocator.zig:269
#9  0x0000000001606710 in mem.Allocator.allocAdvancedWithRetAddr ()
    at /home/andy/src/zig/lib/std/mem/Allocator.zig:257
#10 mem.Allocator.alignedAlloc__anon_16749 (self=..., n=516)
    at /home/andy/src/zig/lib/std/mem/Allocator.zig:245
#11 0x00000000015ff168 in array_hash_map.IndexHeader.alloc (gpa=..., new_bit_index=8 '\b')
    at array_hash_map.zig:2150
#12 0x0000000001681354 in array_hash_map.ArrayHashMapUnmanaged(i32,i32,array_hash_map.AutoContext(i32),false).ensureTotalCapacityContext (self=0x7fbdd0826590, gpa=..., new_capacity=77) at array_hash_map.zig:897
#13 0x0000000001680a10 in array_hash_map.ArrayHashMapUnmanaged(i32,i32,array_hash_map.AutoContext(i32),false).getOrPutContextAdapted__anon_40359 (self=0x7fbdd0826590, gpa=..., key=76) at array_hash_map.zig:787
#14 0x000000000167e60c in array_hash_map.ArrayHashMapUnmanaged(i32,i32,array_hash_map.AutoContext(i32),false).getOrPutContext (self=0x7fbdd0826590, gpa=<error reading variable: value has been optimized out>, key=76)
    at array_hash_map.zig:775
#15 0x000000000167e1dc in array_hash_map.ArrayHashMapUnmanaged(i32,i32,array_hash_map.AutoContext(i32),false).fetchPutContext (self=0x7fbdd0826590, gpa=<error reading variable: value has been optimized out>, key=76, 
    value=760) at array_hash_map.zig:993
#16 0x000000000167e118 in array_hash_map.ArrayHashMapWithAllocator(i32,i32,array_hash_map.AutoContext(i32),false).fetchPut (self=0x7fbdd0826590, key=76, value=760) at array_hash_map.zig:286
#17 0x000000000169095c in array_hash_map.test.shrink () at array_hash_map.zig:2420
#18 0x000000000162c458 in test_runner.mainTerminal () at /home/andy/src/zig/lib/compiler/test_runner.zig:218
#19 0x00000000016260e8 in test_runner.main () at /home/andy/src/zig/lib/compiler/test_runner.zig:66
#20 0x00000000016254fc in start.callMain () at start.zig:618
#21 start.callMainWithArgs () at start.zig:587
#22 start.posixCallMainAndExit (argc_argv_ptr=0x7fbdd0826ea0) at start.zig:542
#23 0x0000000000000000 in ?? ()
(gdb) 

[mlugg]

I'm reproducing this locally attempting to run the standard library tests targeting native w/ libc on an x86_64-linux host:

* thread #18, name = 'std-test-mini', stop reason = signal SIGSEGV: address not mapped to object (fault address=0xffffffffffffff20)
  * frame #0: 0x0000000001088f54 std-test-mini`debug.StackIterator.next_internal(it=0x00007fffe7c6ed20) at debug.zig:953:52
    frame #1: 0x0000000001054cc7 std-test-mini`debug.StackIterator.next(it=0x00007fffe7c6ed20) at debug.zig:876:39
    frame #2: 0x0000000001161253 std-test-mini`debug.captureStackTrace(first_address=(first_address.? = 18618882), stack_trace=0x00007fffe7c6f0d8) at debug.zig:510:29
    frame #3: 0x0000000001166a45 std-test-mini`heap.debug_allocator.DebugAllocator(first_trace_addr=18618882, addresses=0x00007fffe6c45d90).collectStackTrace at debug_allocator.zig:521:40
    frame #4: 0x000000000115e0f1 std-test-mini`heap.debug_allocator.DebugAllocator(bucket=0x00007fffe6c454e8, ret_addr=18618882, slot_count=670, slot_index=0, trace_kind=.free).BucketHeader.captureStackTrace at debug_allocator.zig:333:34
    frame #5: 0x0000000001157c75 std-test-mini`heap.debug_allocator.DebugAllocator(context=0x000000000122bfd0, old_memory=len=32, alignment=.@"8", return_address=18618882).free at debug_allocator.zig:940:41
    frame #6: 0x00000000011c31c6 std-test-mini`rawFree(a=mem.Allocator @ 0x00007fffe7c6f9e8, memory=len=32, alignment=.@"8", ret_addr=18618882) at Allocator.zig:147:25
    frame #7: 0x00000000011c30f7 std-test-mini`mem.Allocator.destroy__anon_85043(self=mem.Allocator @ 0x00007fffe7c6f960, ptr=0x00007fffe6c40000) at Allocator.zig:169:17
    frame #8: 0x00000000011c1a02 std-test-mini`Thread.Pool.spawn__anon_84912.Closure.runFn(runnable=0x00007fffe6c40010, (null)=?usize @ 0x00007fffe7c6faa8) at Pool.zig:237:43
    frame #9: 0x00000000011c7aae std-test-mini`Thread.Pool.worker(pool=0x00007fffffffdb80) at Pool.zig:293:27
    frame #10: 0x00000000011c4551 std-test-mini`Thread.callFn__anon_85092(f=<unavailable>, args=struct { *Thread.Pool } @ 0x00007fffe7c6fce0) at Thread.zig:510:13
    frame #11: 0x00000000011c2b6a std-test-mini`Thread.PosixThreadImpl.spawn__anon_85017.Instance.entryFn(raw_arg=?*anyopaque @ 0x00007fffe7c6fd40) at Thread.zig:782:30
    frame #12: 0x00007ffff7d4a579 libc.so.6`start_thread(arg=<unavailable>) at pthread_create.c:448:8
    frame #13: 0x00007ffff7dc4858 libc.so.6`__clone3 at clone3.S:78

Labeling "regression" because while the invalid access was always there, the old MemoryAccessor thing did stop it from causing bugs previously.

[mlugg]

I've realised that my case is actually just #25025 -- it happens because my system libc omits frame pointers so the fp-based unwinder hits garbage. The solution is to implement an in-memory path for .eh_frame-based unwinding and use that where available -- it's necessary in the presence of any external code which may be omitting frame pointers (libc is probably a common example).