From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-58572-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 25630 invoked by alias); 12 Sep 2008 22:17:10 -0000
Received: (qmail 25620 invoked by uid 22791); 12 Sep 2008 22:17:09 -0000
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (66.187.233.31)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Fri, 12 Sep 2008 22:16:35 +0000
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) 	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m8CMCV69017977; 	Fri, 12 Sep 2008 18:12:31 -0400
Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com [172.16.2.10]) 	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m8CMCUbr018978; 	Fri, 12 Sep 2008 18:12:31 -0400
Received: from host0.dyn.jankratochvil.net (sebastian-int.corp.redhat.com [172.16.52.221]) 	by pobox.stuttgart.redhat.com (8.13.1/8.13.1) with ESMTP id m8CMCStU014543; 	Fri, 12 Sep 2008 18:12:29 -0400
Received: from host0.dyn.jankratochvil.net (localhost [127.0.0.1]) 	by host0.dyn.jankratochvil.net (8.14.3/8.14.2) with ESMTP id m8CMCS07006020; 	Sat, 13 Sep 2008 00:12:28 +0200
Received: (from jkratoch@localhost) 	by host0.dyn.jankratochvil.net (8.14.3/8.14.2/Submit) id m8CMCRY0006016; 	Sat, 13 Sep 2008 00:12:27 +0200
Date: Fri, 12 Sep 2008 22:17:00 -0000
From: Jan Kratochvil <jan.kratochvil@redhat.com>
To: Pedro Alves <pedro@codesourcery.com>
Cc: gdb-patches@sourceware.org
Subject: [patch] Fix a crash on NULL event_thread
Message-ID: <20080912221227.GA5848@host0.dyn.jankratochvil.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2008-09/txt/msg00283.txt.bz2


--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-length: 5056

Hi Pedro,

various testcases - such as gdb.threads/bp_in_thread.exp - crash HEAD.  Tested
only on Fedora kernel-2.6.27-0.317.rc5.git10.fc10.x86_64 but I expect it can
happen anywhere.

LINUX_HANDLE_EXTENDED_WAIT calls ADD_LWP but not ADD_THREAD.

Found while investigating a bugreport from Shawn Starr.


Regards,
Jan


Program received signal SIGSEGV, Segmentation fault.
0x0000000000505915 in handle_inferior_event (ecs=0x7fff9c7fb2a0) at infrun.c:2136
2136          ecs->event_thread->stop_signal = ecs->ws.value.sig;
(gdb) bt
#0  0x0000000000505915 in handle_inferior_event (ecs=0x7fff9c7fb2a0) at infrun.c:2136
#1  0x00000000005047da in wait_for_inferior (treat_exec_as_sigtrap=0) at infrun.c:1581
#2  0x0000000000504415 in proceed (addr=18446744073709551615, siggnal=TARGET_SIGNAL_0, step=0) at infrun.c:1343
#3  0x00000000004ff721 in run_command_1 (args=0x0, from_tty=1, tbreak_at_main=0) at infcmd.c:538
#4  0x00000000004ff74a in run_command (args=0x0, from_tty=1) at infcmd.c:545
#5  0x000000000048ec64 in do_cfunc (c=0x2046050, args=0x0, from_tty=1) at .././gdb/cli/cli-decode.c:60
#6  0x000000000049185d in cmd_func (cmd=0x2046050, args=0x0, from_tty=1) at .././gdb/cli/cli-decode.c:1672
#7  0x000000000044dc6b in execute_command (p=0x20111c1 "", from_tty=1) at top.c:457
#8  0x0000000000519603 in command_handler (command=0x20111c0 "") at event-top.c:514
#9  0x0000000000519cc3 in command_line_handler (rl=0x2108ff0 "\020\220\020\002") at event-top.c:739
#10 0x00000000005feea5 in rl_callback_read_char () at callback.c:205
#11 0x0000000000518bb5 in rl_callback_read_char_wrapper (client_data=0x0) at event-top.c:178
#12 0x00000000005194c9 in stdin_event_handler (error=0, client_data=0x0) at event-top.c:433
#13 0x0000000000517ea4 in handle_file_event (event_file_desc=0) at event-loop.c:732
#14 0x000000000051753f in process_event () at event-loop.c:341
#15 0x000000000051758e in gdb_do_one_event (data=0x0) at event-loop.c:378
#16 0x0000000000513e25 in catch_errors (func=0x517554 <gdb_do_one_event>, func_args=0x0, errstring=0x711fea "", mask=6)
    at exceptions.c:516
#17 0x00000000004a38fb in tui_command_loop (data=0x0) at .././gdb/tui/tui-interp.c:153
#18 0x000000000051444f in current_interp_command_loop () at interps.c:289
#19 0x0000000000445f69 in captured_command_loop (data=0x0) at .././gdb/main.c:99
#20 0x0000000000513e25 in catch_errors (func=0x445f58 <captured_command_loop>, func_args=0x0, errstring=0x6f9641 "", mask=6)
    at exceptions.c:516
#21 0x0000000000446ffc in captured_main (data=0x7fff9c7fbbd0) at .././gdb/main.c:831
#22 0x0000000000513e25 in catch_errors (func=0x445f9b <captured_main>, func_args=0x7fff9c7fbbd0, errstring=0x6f9641 "",
    mask=6) at exceptions.c:516
#23 0x000000000044702f in gdb_main (args=0x7fff9c7fbbd0) at .././gdb/main.c:840
#24 0x0000000000445f54 in main (argc=5, argv=0x7fff9c7fbcc8) at gdb.c:33
(gdb) l
2131          return;
2132    
2133        case TARGET_WAITKIND_STOPPED:
2134          if (debug_infrun)
2135            fprintf_unfiltered (gdb_stdlog, "infrun: TARGET_WAITKIND_STOPPED\n");
2136          ecs->event_thread->stop_signal = ecs->ws.value.sig;
2137          break;
2138    
2139          /* We had an event in the inferior, but we are not interested
2140             in handling it at this level. The lower layers have already
(gdb) p ecs->event_thread
$1 = (struct thread_info *) 0x0


wait4(-1, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGSTOP}], WNOHANG|__WCLONE, NULL) = 30755
wait4(-1, 0x7fff85ec98d8, WNOHANG|__WCLONE, NULL) = 0
wait4(-1, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGTRAP} | 0x30000], WNOHANG, NULL) = 30752
ptrace(0x4202 /* PTRACE_??? */, 30752, 0, 0x1c30f30) = -1 EINVAL (Invalid argument)
ptrace(0x4201 /* PTRACE_??? */, 30752, 0, 0x7fff85ec9558) = 0
ptrace(PTRACE_POKEUSER, 30755, offsetof(struct user, u_debugreg), 0) = 0
ptrace(PTRACE_POKEUSER, 30755, offsetof(struct user, u_debugreg) + 8, 0) = 0
ptrace(PTRACE_POKEUSER, 30755, offsetof(struct user, u_debugreg) + 16, 0) = 0
ptrace(PTRACE_POKEUSER, 30755, offsetof(struct user, u_debugreg) + 24, 0) = 0
ptrace(PTRACE_POKEUSER, 30755, offsetof(struct user, u_debugreg) + 56, 0) = 0
ptrace(PTRACE_CONT, 30755, 0, SIG_0)    = 0
ptrace(PTRACE_CONT, 30752, 0, SIG_0)    = 0
wait4(-1, 0x7fff85ec98d8, WNOHANG, NULL) = 0
rt_sigsuspend([])                       = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
rt_sigreturn(0x11)                      = -1 EINTR (Interrupted system call)
wait4(-1, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGTRAP}], WNOHANG|__WCLONE, NULL) = 30755
ptrace(0x4202 /* PTRACE_??? */, 30755, 0, 0x1c45ee0) = 0
tkill(30755, SIG_0)                     = 0
tkill(30752, SIGSTOP)                   = 0
wait4(30752, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGSTOP}], 0, NULL) = 30752
ptrace(PTRACE_GETREGS, 30755, 0, 0x7fff85ec9340) = 0
ptrace(PTRACE_GETREGS, 30755, 0, 0x7fff85ec9300) = 0
ptrace(PTRACE_SETREGS, 30755, 0, 0x7fff85ec9300) = 0
write(1, "[New LWP 30755]\n"..., 16)    = 16
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++

--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline; filename="ecs2.patch"
Content-length: 1745

2008-09-13  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Fix a crash on uninitialized ECS->EVENT_THREAD for a newly found thread.
	* infrun.c (wait_for_inferior): Move this ECS->EVENT_THREAD
	initialization ...
	(fetch_inferior_event): ... and this ECS->EVENT_THREAD initialization
	...
	(handle_inferior_event): ... here after ADD_THREAD together with the
	local ADJUST_PC_AFTER_BREAK call.

--- ./gdb/infrun.c	11 Sep 2008 14:21:49 -0000	1.318
+++ ./gdb/infrun.c	12 Sep 2008 22:02:19 -0000
@@ -1568,8 +1568,6 @@ wait_for_inferior (int treat_exec_as_sig
       else
 	ecs->ptid = target_wait (waiton_ptid, &ecs->ws);
 
-      ecs->event_thread = find_thread_pid (ecs->ptid);
-
       if (treat_exec_as_sigtrap && ecs->ws.kind == TARGET_WAITKIND_EXECD)
         {
           xfree (ecs->ws.value.execd_pathname);
@@ -1645,8 +1643,6 @@ fetch_inferior_event (void *client_data)
        thread.  */
     context_switch (ecs->ptid);
 
-  ecs->event_thread = find_thread_pid (ecs->ptid);
-
   /* Now figure out what to do with the result of the result.  */
   handle_inferior_event (ecs);
 
@@ -1854,8 +1850,6 @@ handle_inferior_event (struct execution_
   /* Always clear state belonging to the previous time we stopped.  */
   stop_stack_dummy = 0;
 
-  adjust_pc_after_break (ecs);
-
   reinit_frame_cache ();
 
   /* If it's a new process, add it to the thread database */
@@ -1868,6 +1862,10 @@ handle_inferior_event (struct execution_
       && ecs->ws.kind != TARGET_WAITKIND_SIGNALLED && ecs->new_thread_event)
     add_thread (ecs->ptid);
 
+  ecs->event_thread = find_thread_pid (ecs->ptid);
+
+  adjust_pc_after_break (ecs);
+
   if (ecs->ws.kind != TARGET_WAITKIND_IGNORE)
     {
       /* Mark the non-executing threads accordingly.  */

--VS++wcV0S1rZb1Fb--