[lldb-dev] [Bug 36450] New: SIGSEGV on 'thread until' for an exited thread
via lldb-dev
lldb-dev at lists.llvm.org
Tue Feb 20 01:12:27 PST 2018
https://bugs.llvm.org/show_bug.cgi?id=36450
Bug ID: 36450
Summary: SIGSEGV on 'thread until' for an exited thread
Product: lldb
Version: 6.0
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: lldb-dev at lists.llvm.org
Reporter: dantipov at nvidia.com
CC: llvm-bugs at lists.llvm.org
Created attachment 19911
--> https://bugs.llvm.org/attachment.cgi?id=19911&action=edit
Sample program
If all thread's stack frames are forced to return from with
'thread return', next 'thread until' causes LLDB to crash:
$ /home/dantipov/.local/llvm-6.0.0/bin/lldb t-thread3
(lldb) target create "t-thread3"
Current executable set to 't-thread3' (x86_64).
(lldb) b t-thread3.cc:6
Breakpoint 1: where = t-thread3`f() + 4 at t-thread3.cc:7, address =
0x0000000000400a3b
(lldb) run
Process 29546 launched: '/home/dantipov/tmp/t-thread3' (x86_64)
Process 29546 stopped
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x0000000000400a3b t-thread3`f() at t-thread3.cc:7
4 f (void)
5 {
6 (void) f;
-> 7 }
8
9 int
10 main (int argc, char *argv[])
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x0000000000400d2a t-thread3`void std::__invoke_impl<void, void
(*)()>((null)=__invoke_other @ 0x00007ffff6edee10, __f=0x0000000000416e78)())
at invoke.h:60
57 template<typename _Res, typename _Fn, typename... _Args>
58 constexpr _Res
59 __invoke_impl(__invoke_other, _Fn&& __f, _Args&&... __args)
-> 60 { return std::forward<_Fn>(__f)(std::forward<_Args>(__args)...); }
61
62 template<typename _Res, typename _MemFun, typename _Tp, typename...
_Args>
63 constexpr _Res
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x0000000000400b68 t-thread3`std::__invoke_result<void
(*)()>::type std::__invoke<void (__fn=0x0000000000416e78)()>(void (*&&)()) at
invoke.h:95
92 using __result = __invoke_result<_Callable, _Args...>;
93 using __type = typename __result::type;
94 using __tag = typename __result::__invoke_type;
-> 95 return std::__invoke_impl<__type>(__tag{},
std::forward<_Callable>(__fn),
96
std::forward<_Args>(__args)...);
97 }
98
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x00000000004011d6 t-thread3`decltype(this=0x0000000000416e78,
(null)=_Index_tuple<0> @ 0x00007ffff6edee80)))
std::thread::_Invoker<std::tuple<void (*)()>
>::_M_invoke<0ul>(std::_Index_tuple<0ul>) at thread:234
231 _M_invoke(_Index_tuple<_Ind...>)
232 noexcept(noexcept(std::__invoke(_S_declval<_Ind>()...)))
233 -> decltype(std::__invoke(_S_declval<_Ind>()...))
-> 234 { return std::__invoke(std::get<_Ind>(std::move(_M_t))...); }
235
236 using _Indices
237 = typename
_Build_index_tuple<tuple_size<_Tuple>::value>::__type;
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x00000000004011a7
t-thread3`std::thread::_Invoker<std::tuple<void (*)()>
>::operator(this=0x0000000000416e78)() at thread:243
240 operator()()
241
noexcept(noexcept(std::declval<_Invoker&>()._M_invoke(_Indices())))
242 -> decltype(std::declval<_Invoker&>()._M_invoke(_Indices()))
-> 243 { return _M_invoke(_Indices()); }
244 };
245
246 // Alias for _Invoker<tuple<DECAY_COPY(_Tp)...>>
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x0000000000401186
t-thread3`std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)()>
> >::_M_run(this=0x0000000000416e70) at thread:186
183 { }
184
185 void
-> 186 _M_run() { _M_func(); }
187 };
188
189 void
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x00007ffff7b0a14f libstdc++.so.6`execute_native_thread_routine +
15
libstdc++.so.6`execute_native_thread_routine:
-> 0x7ffff7b0a14f <+15>: movq (%rbx), %rax
0x7ffff7b0a152 <+18>: movq %rbx, %rdi
0x7ffff7b0a155 <+21>: callq *0x8(%rax)
0x7ffff7b0a158 <+24>: addq $0x8, %rsp
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x00007ffff72ca61b
libpthread.so.0`start_thread(arg=0x00007ffff6edf700) at pthread_create.c:465
462 LIBC_PROBE (pthread_start, 3, (pthread_t) pd, pd->start_routine,
pd->arg);
463
464 /* Run the code the user provided. */
-> 465 THREAD_SETMEM (pd, result, pd->start_routine (pd->arg));
466 }
467
468 /* Call destructors for the thread_local TLS variables. */
(lldb) thread return
* thread #2, name = 't-thread3', stop reason = breakpoint 1.1
frame #0: 0x00007ffff6ff798f libc.so.6`clone at clone.S:97
94 popq %rdi /* Argument. */
95 call *%rax
96 /* Call exit with return value from function call. */
-> 97 movq %rax, %rdi
98 movl $SYS_ify(exit), %eax
99 syscall
100 cfi_endproc;
(lldb) thread return
error: Error returning from frame 0 of thread 2: No older frame to return to..
(lldb) thread until 123
Stack dump:
0. HandleCommand(command = "thread until 123")
Segmentation fault (core dumped)
...
(gdb) bt
#0 0x00007fe38cafe436 in std::__weak_ptr<lldb_private::Section,
(__gnu_cxx::_Lock_policy)2>::__weak_ptr (this=0x7ffcc0639b30) at
/usr/include/c++/7/bits/shared_ptr_base.h:1607
#1 0x00007fe38cafe481 in std::weak_ptr<lldb_private::Section>::weak_ptr
(this=0x7ffcc0639b30) at /usr/include/c++/7/bits/shared_ptr.h:540
#2 0x00007fe38cafe4a7 in lldb_private::Address::Address (this=0x7ffcc0639b30,
rhs=...) at
/home/dantipov/llvm/6.0.0/source/tools/lldb/include/lldb/Core/Address.h:152
#3 0x00007fe38cb1a08b in lldb_private::AddressRange::AddressRange
(this=0x7ffcc0639b30) at
/home/dantipov/llvm/6.0.0/source/tools/lldb/include/lldb/Core/AddressRange.h:35
#4 0x00007fe38e1b287c in CommandObjectThreadUntil::DoExecute (this=0x22a2ff0,
command=..., result=...)
at
/home/dantipov/llvm/6.0.0/source/tools/lldb/source/Commands/CommandObjectThread.cpp:1216
#5 0x00007fe38ce00252 in lldb_private::CommandObjectParsed::Execute
(this=0x22a2ff0, args_string=0x7ffcc063a100 "123", result=...)
at
/home/dantipov/llvm/6.0.0/source/tools/lldb/source/Interpreter/CommandObject.cpp:991
#6 0x00007fe38cdedc15 in lldb_private::CommandInterpreter::HandleCommand
(this=0x2276c90, command_line=0x245a9d0 "thread until 123",
lazy_add_to_history=lldb_private::eLazyBoolCalculate, result=...,
override_context=0x0, repeat_on_empty_command=true, no_context_switching=false)
at
/home/dantipov/llvm/6.0.0/source/tools/lldb/source/Interpreter/CommandInterpreter.cpp:1683
#7 0x00007fe38cdf2863 in
lldb_private::CommandInterpreter::IOHandlerInputComplete (this=0x2276c90,
io_handler=..., line="thread until 123")
at
/home/dantipov/llvm/6.0.0/source/tools/lldb/source/Interpreter/CommandInterpreter.cpp:2771
#8 0x00007fe38ccb8c3b in lldb_private::IOHandlerEditline::Run (this=0x239db60)
at /home/dantipov/llvm/6.0.0/source/tools/lldb/source/Core/IOHandler.cpp:573
#9 0x00007fe38cc7bbef in lldb_private::Debugger::ExecuteIOHandlers
(this=0x2275480) at
/home/dantipov/llvm/6.0.0/source/tools/lldb/source/Core/Debugger.cpp:961
#10 0x00007fe38cdf343f in
lldb_private::CommandInterpreter::RunCommandInterpreter (this=0x2276c90,
auto_handle_events=true, spawn_thread=false, options=...)
at
/home/dantipov/llvm/6.0.0/source/tools/lldb/source/Interpreter/CommandInterpreter.cpp:2971
#11 0x00007fe38cac7098 in lldb::SBDebugger::RunCommandInterpreter
(this=0x7ffcc063aa70, auto_handle_events=true, spawn_thread=false)
at
/home/dantipov/llvm/6.0.0/source/tools/lldb/source/API/SBDebugger.cpp:891
#12 0x0000000000406d86 in Driver::MainLoop (this=0x7ffcc063aa50) at
/home/dantipov/llvm/6.0.0/source/tools/lldb/tools/driver/Driver.cpp:1156
#13 0x0000000000407110 in main (argc=2, argv=0x7ffcc063acb8) at
/home/dantipov/llvm/6.0.0/source/tools/lldb/tools/driver/Driver.cpp:1253
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20180220/f920959d/attachment.html>
More information about the lldb-dev
mailing list