native-lib mode segfaults when calling Rust function pointer from C #4639
Description
With #4625 closed (thanks again for the fast turn around ❤️) I gave it another try to run some diesel tests using miri. This time I do not hit an unsupported operation anymore, but a segfault.
Steps to reproduce:
git clone https://github.com/diesel-rs/diesel
cd diesel
git checkout 4200a2c # should be main as of today
cd diesel_tests
# likely needs to adjust the libsqlite.so path to your system
MIRIFLAGS=-Zmiri-native-lib=/usr/lib64/libsqlite3.so.0.8.6 DATABASE_URL=":memory:" cargo +nightly miri test --features sqlite types::i32_to_sql
This results in the following output in the end (after some warnings that this test calls into FFI code):
process didn't exit successfully: `/home/weiznich/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin/cargo-miri runner /home/weiznich/Documents/rust/diesel/target/miri/x86_64-unknown-linux-gnu/debug/deps/integration_tests-dc79c07a95be5a22 'types::i32_to_sql'` (signal: 11, SIGSEGV: invalid memory reference)
Running the code under gdb results in the following backtrace:
#0 0x00007fffe5817408 in ?? ()
#1 0x00007fffd6553be9 in sqlite3LeaveMutexAndCloseZombie.lto_priv.0 () from /usr/lib64/libsqlite3.so.0.8.6
#2 0x00007fffd655421c in sqlite3Close () from /usr/lib64/libsqlite3.so.0.8.6
#3 0x000055555603f052 in ffi_call_unix64 ()
#4 0x000055555603deff in ffi_call_int ()
#5 0x000055555603dbda in ffi_call ()
#6 0x0000555555d50192 in <rustc_const_eval::interpret::eval_context::InterpCx<miri::machine::MiriMachine> as miri::shims::native_lib::EvalContextExtPriv>::call_native_with_args::{closure#0} ()
#7 0x0000555555e7fae6 in <rustc_const_eval::interpret::eval_context::InterpCx<miri::machine::MiriMachine> as miri::shims::foreign_items::EvalContextExtPriv>::emulate_foreign_item_inner ()
#8 0x0000555555e77b4b in <rustc_const_eval::interpret::eval_context::InterpCx<miri::machine::MiriMachine> as miri::shims::foreign_items::EvalContextExt>::emulate_foreign_item ()
#9 0x0000555555dc165b in <rustc_const_eval::interpret::eval_context::InterpCx<miri::machine::MiriMachine>>::init_fn_call ()
#10 0x0000555555e6c18c in <rustc_const_eval::interpret::eval_context::InterpCx<miri::machine::MiriMachine> as miri::concurrency::thread::EvalContextExt>::run_threads ()
#11 0x0000555555de98ea in miri::eval::eval_entry ()
#12 0x0000555555f28cba in <miri::MiriCompilerCalls as rustc_driver_impl::Callbacks>::after_analysis ()
#13 0x00007ffff68b52ad in <rustc_interface::passes::create_and_enter_global_ctxt<core::option::Option<rustc_interface::queries::Linker>, rustc_driver_impl::run_compiler::{closure#0}::{closure#2}>::{closure#2} as core::ops::function::FnOnce<(&rustc_session::session::Session, rustc_middle::ty::context::CurrentGcx, alloc::sync::Arc<rustc_data_structures::jobserver::Proxy>, &std::sync::once_lock::OnceLock<rustc_middle::ty::context::GlobalCtxt>, &rustc_data_structures::sync::worker_local::WorkerLocal<rustc_middle::arena::Arena>, &rustc_data_structures::sync::worker_local::WorkerLocal<rustc_hir::Arena>, rustc_driver_impl::run_compiler::{closure#0}::{closure#2})>>::call_once::{shim:vtable#0} ()
from /home/weiznich/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/librustc_driver-460558958063b79c.so
#14 0x00007ffff66da2d5 in rustc_interface::interface::run_compiler::<(), rustc_driver_impl::run_compiler::{closure#0}>::{closure#1} ()
from /home/weiznich/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/librustc_driver-460558958063b79c.so
#15 0x00007ffff6706d07 in std::sys::backtrace::__rust_begin_short_backtrace::<rustc_interface::util::run_in_thread_with_globals<rustc_interface::util::run_in_thread_pool_with_globals<rustc_interface::interface::run_compiler<(), rustc_driver_impl::run_compiler::{closure#0}>::{closure#1}, ()>::{closure#0}, ()>::{closure#0}::{closure#0}, ()> ()
from /home/weiznich/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/librustc_driver-460558958063b79c.so
#16 0x00007ffff67069e8 in <<std::thread::Builder>::spawn_unchecked_<rustc_interface::util::run_in_thread_with_globals<rustc_interface::util::run_in_thread_pool_with_globals<rustc_interface::interface::run_compiler<(), rustc_driver_impl::run_compiler::{closure#0}>::{closure#1}, ()>::{closure#0}, ()>::{closure#0}::{closure#0}, ()>::{closure#1} as core::ops::function::FnOnce<()>>::call_once::{shim:vtable#0} ()
from /home/weiznich/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/librustc_driver-460558958063b79c.so
#17 0x00007ffff670ceef in std::sys::thread::unix::Thread::new::thread_start ()
from /home/weiznich/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/librustc_driver-460558958063b79c.so
#18 0x00007ffff0191f54 in start_thread (arg=<optimized out>) at pthread_create.c:448
#19 0x00007ffff021532c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
so this seems to be happening while closing the database, which is one of the last things this test is doing internally as part of running destructors.
The relevant tests runs without segfault if not run with miri. It also does not report any problem if run with ASAN enabled.
Metadata:
miri 0.1.0 (4068bafedd 2025-10-20)