<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [libunwind] FrameHeaderCache broken/segfaulting in multithreaded environments (e.g. lld)"

   href="https://bugs.llvm.org/show_bug.cgi?id=47181">47181</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[libunwind] FrameHeaderCache broken/segfaulting in multithreaded environments (e.g. lld)

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>dimitry@andric.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Linking binaries with lld 11 which uses libunwind as its unwinder segfaults

semi-randomly, as it exits and unwinds lots of threads in quick succession.

This is apparently caused by the static global FrameHeaderCache introduced in

<a href="https://reviews.llvm.org/rGc53c2058ffb8">https://reviews.llvm.org/rGc53c2058ffb8</a>, which has no locking whatsoever.

When multiple threads call into FrameHeaderCache::add(), the situation can

occur that FrameHeaderCache::MostRecentlyUsed and FrameHeaderCache::Unused are

both nullptr, and when it then enters the loop at line 131:

   122    void add(const UnwindInfoSections *UIS) {

   123      CacheEntry *Current = nullptr;

   124

   125      if (Unused != nullptr) {

   126        Current = Unused;

   127        Unused = Unused->Next;

   128      } else {

   129        Current = MostRecentlyUsed;

   130        CacheEntry *Previous = nullptr;

   131        while (Current->Next != nullptr) {

   132          Previous = Current;

   133          Current = Current->Next;

   134        }

   135        Previous->Next = nullptr;

   136        _LIBUNWIND_FRAMEHEADERCACHE_TRACE("FrameHeaderCache evict [%lx -

%lx)",

   137                                          Current->LowPC(),

Current->HighPC());

   138      }

the value of Current will be nullptr, leading to a segfault.

This code should be made thread-proof, by adding some locking, or by some other

mechanism, like a per-thread cache (to avoid locking).</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>