Segmentation fault when reading attribute
Another segmentation fault we found while upgrading to TANGO 9:
If a device reads an attribute from a device in the same server (i.e. the same process) and from within a thread, the server segfaults. It does not happen for devices in other servers, nor if the read is not done from a thread.
The problem is easy to reproduce and has been observed in both a python device and a C++ device (included), so the issue should lie in libtango.
We are using TANGO 9.2.2. We have not yet tried to reproduce with older v9 versions but this behavior was not present in v8.
Thread 10 "ThreadReadSegfa" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffeb7fe700 (LWP 4848)]
0x00007ffff6b33c22 in omni_thread::get_value(unsigned int) () from /usr/lib/libomnithread.so.3
(gdb) bt
#0 0x00007ffff6b33c22 in omni_thread::get_value(unsigned int) () from /usr/lib/libomnithread.so.3
#1 0x00007ffff78b3138 in Tango::BlackBox::insert_attr (this=0x69b490, names=..., cl_id=..., vers=vers@entry=5,
sour=sour@entry=Tango::CACHE_DEV) at blackbox.cpp:643
#2 0x00007ffff7916447 in Tango::Device_5Impl::read_attributes_5 (this=0x69db60, names=..., source=Tango::CACHE_DEV,
cl_id=...) at device_5.cpp:114
#3 0x00007ffff7aadcfb in _0RL_lcfn_6fe2f94a21a10053_84000000 (cd=0x7fffeb7fd080, svnt=<optimized out>)
at tangoSK.cpp:6272
#4 0x00007ffff6e1a94f in omni::omniOrbPOA::dispatch(omniCallDescriptor&, omniLocalIdentity*) ()
from /usr/lib/libomniORB4.so.1
#5 0x00007ffff6dff939 in omniLocalIdentity::dispatch(omniCallDescriptor&) () from /usr/lib/libomniORB4.so.1
#6 0x00007ffff6e0da65 in omniObjRef::_invoke(omniCallDescriptor&, bool) () from /usr/lib/libomniORB4.so.1
#7 0x00007ffff7aadfbf in Tango::_objref_Device_5::read_attributes_5 (this=this@entry=0x7fffd8000d10, names=...,
source=<optimized out>, cl_ident=...) at tangoSK.cpp:6298
#8 0x00007ffff779a6d0 in Tango::DeviceProxy::read_attribute (this=0x7fffeb7fda40, attr_string="something")
at devapi_base.cpp:5592
#9 0x000000000040dbf4 in Tango::DeviceProxy::read_attribute (this=0x7fffeb7fda40, att_name=0x41bc08 "something")
at /usr/local/include/tango/DeviceProxy.h:665
#10 0x000000000040d21d in ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest::_read_attribute (this=0x69db60)
at ThreadReadSegfaultTest.cpp:387
#11 0x00000000004129f5 in std::_Mem_fn_base<void (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest::*)(), true>::operator()<, void>(ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest*) const (this=0x7fffd4005418, __object=0x69db60)
at /usr/include/c++/5/functional:600
#12 0x0000000000412949 in std::_Bind<std::_Mem_fn<void (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest::*)()> (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (
this=0x7fffd4005418,
__args=<unknown type in /home/johfor/DeviceServers/ThreadReadSegfaultTest, CU 0x0, DIE 0x3d8b0>)
at /usr/include/c++/5/functional:1074
#13 0x0000000000412899 in std::_Bind<std::_Mem_fn<void (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest::*)()> (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest*)>::operator()<, void>() (this=0x7fffd4005418)
at /usr/include/c++/5/functional:1133
#14 0x000000000041285e in std::_Bind_simple<std::_Bind<std::_Mem_fn<void (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest::*)()> (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest*)> ()>::_M_invoke<>(std::_Index_tuple<>) (
this=0x7fffd4005418) at /usr/include/c++/5/functional:1531
#15 0x00000000004127b4 in std::_Bind_simple<std::_Bind<std::_Mem_fn<void (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest::*)()> (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest*)> ()>::operator()() (this=0x7fffd4005418)
at /usr/include/c++/5/functional:1520
#16 0x0000000000412744 in std::thread::_Impl<std::_Bind_simple<std::_Bind<std::_Mem_fn<void (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest::*)()> (ThreadReadSegfaultTest_ns::ThreadReadSegfaultTest*)> ()> >::_M_run() (
this=0x7fffd4005400) at /usr/include/c++/5/thread:115
#17 0x00007ffff6430c80 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#18 0x00007ffff67016fa in start_thread (arg=0x7fffeb7fe700) at pthread_create.c:333
#19 0x00007ffff5e9fb5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb)
Reported by: johfor
Original Ticket: tango-cs/bugs/814