From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by sourceware.org (Postfix) with ESMTPS id 8E1043858D35 for ; Tue, 7 Jul 2020 01:27:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 8E1043858D35 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=palves.net Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=alves.ped@gmail.com Received: by mail-wm1-f66.google.com with SMTP id f139so44138566wmf.5 for ; Mon, 06 Jul 2020 18:27:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=BOJvqr+Vf/c/AgqAnegk/jlqZx6cxWlKDrBAUFcZe+E=; b=Y5yWUaXMCv2dY4OF4Uc1X/g241K58UOrXsmUUPZ6za7rNZFF+c9jT5CiLQBSJxM7ag 6JjmSmDX2l+mKAr58HN93TfH63alYQrqpeVe58faBzeBluyyIFapvuqMXozAAL4EM/em SqMhwq9L+YAxOE56BS8/zNGAkt0pdrMs0JarkDnyakhnRVFLBSZenHkkjlPCMSu4Y8/6 Brpvds3vuwDwp/QVCnTPARjhT3ORbjwxN3jbHpc15hV76lnroRE5d5HHNNJLO3FAARdE xNrzrC0t14gTGS4sJbFrAmiDPdFNfAzAgb4vlaN7CQCSq+AW17/fZ05ZvsUDuH4800el q1Kg== X-Gm-Message-State: AOAM530n3Jck6fq4APctkJUxRkBDFLeJxB7pa3yFmaxSWKlqk+4pB97c yXYHhV1af/IbEKJi4FkbJ3yv5eKo43Y= X-Google-Smtp-Source: ABdhPJz3JP8rlr67GmYKtDA8DymSV7D50kJDVIa9z7gLqAgYR4hwiA4AH0uv/JvmspMm0FvXP1LQnA== X-Received: by 2002:a05:600c:2317:: with SMTP id 23mr1688219wmo.72.1594085270599; Mon, 06 Jul 2020 18:27:50 -0700 (PDT) Received: from ?IPv6:2001:8a0:f91a:c400:8728:8fef:5b85:5934? ([2001:8a0:f91a:c400:8728:8fef:5b85:5934]) by smtp.gmail.com with ESMTPSA id g144sm1612178wme.2.2020.07.06.18.27.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Jul 2020 18:27:49 -0700 (PDT) Subject: Re: [PATCH 0/7] GDB busy loop when interrupting non-stop program (PR 26199) From: Pedro Alves To: Simon Marchi , gdb-patches@sourceware.org References: <20200706190252.22552-1-pedro@palves.net> Message-ID: <8e6b5643-02a4-f371-1854-ef193fb0c202@palves.net> Date: Tue, 7 Jul 2020 02:27:48 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------57465A489619B3DD4524F59B" Content-Language: en-US X-Spam-Status: No, score=-9.8 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, GIT_PATCH_0, HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, KAM_LOTSOFHASH, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2020 01:27:54 -0000 This is a multi-part message in MIME format. --------------57465A489619B3DD4524F59B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 7/7/20 1:25 AM, Pedro Alves wrote: > However, with the fix, the testcase now runs into another Asan-reported issue: > > ================================================================= > ==9211==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000b1080 at pc 0x000000dd0344 bp 0x7ffe4bebca90 sp 0x7ffe4bebca80 > READ of size 4 at 0x6160000b1080 thread T0 > #0 0xdd0343 in refcounted_object::incref() /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/../gdbsupport/refcounted-object.h:34 > #1 0x150066f in scoped_restore_current_thread::scoped_restore_current_thread() /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/thread.c:1471 > #2 0xf83564 in fetch_inferior_event() /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/infrun.c:3952 > #3 0xf40736 in inferior_event_handler(inferior_event_type) /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/inf-loop.c:42 > #4 0x1321e75 in remote_async_serial_handler /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/remote.c:14160 > #5 0x1371849 in run_async_handler_and_reschedule /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/ser-base.c:137 > #6 0x1371ae2 in fd_event /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/ser-base.c:188 > #7 0x19fc1f7 in handle_file_event /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdbsupport/event-loop.cc:548 > #8 0x19fca14 in gdb_wait_for_event /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdbsupport/event-loop.cc:673 > #9 0x19fab94 in gdb_do_one_event() /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdbsupport/event-loop.cc:215 > #10 0x1087704 in start_event_loop /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/main.c:356 > #11 0x10879f5 in captured_command_loop /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/main.c:416 > #12 0x108aef1 in captured_main /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/main.c:1253 > #13 0x108af81 in gdb_main(captured_main_args*) /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/main.c:1268 > #14 0x8af9fa in main /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/gdb.c:32 > #15 0x7f07d5efbfe9 in __libc_start_main (/lib64/libc.so.6+0x20fe9) > #16 0x8af809 in _start (/home/pedro/brno/pedro/gdb/binutils-gdb-2/build-asan/gdb/gdb+0x8af809) > > 0x6160000b1080 is located 0 bytes inside of 592-byte region [0x6160000b1080,0x6160000b12d0) > freed by thread T0 here: > #0 0x7f07d97966d8 in operator delete(void*, unsigned long) (/lib64/libasan.so.4+0xe16d8) > #1 0x14f7147 in delete_thread_1 /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/thread.c:452 > #2 0x14f7171 in delete_thread(thread_info*) /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/thread.c:460 > #3 0xf6278d in exit_inferior_1 /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/inferior.c:204 > #4 0xf62b5b in exit_inferior(inferior*) /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/inferior.c:236 > #5 0x14c32a6 in generic_mourn_inferior() /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/target.c:3119 > #6 0x12f388a in remote_unpush_target /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/remote.c:5523 > #7 0x1309835 in remote_target::readchar(int) /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/remote.c:9137 > > > Odd, kind of looks like we're mishandling the thread_info refcounts. > This fixes it. multi-target.exp now passes Asan-clean with this one on top of "part 1" patch. I still haven't run the full testsuite. The issue is that the remote target is unpushed while within scoped_restore_current_thread' dtor's get_frame_id call, which results in threads being deleted. However, back in scoped_restore_current_thread's ctor, we only increment the refcount after get_frame_id returns. Incrementing the refcounts earlier fixes it. However, we should probably also propagate the TARGET_CLOSE_ERROR in this case. That alone would fix it, though it seems cleaner to do both tweaks. --------------57465A489619B3DD4524F59B Content-Type: text/x-patch; name="0001-Fix-crash-part-2.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-Fix-crash-part-2.patch" >From 10203ffc8c57d92568b8e84b75389df25f3c4a58 Mon Sep 17 00:00:00 2001 From: Pedro Alves Date: Tue, 7 Jul 2020 01:50:10 +0100 Subject: [PATCH] Fix crash, part 2 --- gdb/thread.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/gdb/thread.c b/gdb/thread.c index f0722d3588..1ec047e35b 100644 --- a/gdb/thread.c +++ b/gdb/thread.c @@ -1433,15 +1433,17 @@ scoped_restore_current_thread::~scoped_restore_current_thread () scoped_restore_current_thread::scoped_restore_current_thread () { - m_thread = NULL; m_inf = current_inferior (); + m_inf->incref (); if (inferior_ptid != null_ptid) { - thread_info *tp = inferior_thread (); + m_thread = inferior_thread (); + m_thread->incref (); + struct frame_info *frame; - m_was_stopped = tp->state == THREAD_STOPPED; + m_was_stopped = m_thread->state == THREAD_STOPPED; if (m_was_stopped && target_has_registers && target_has_stack @@ -1466,13 +1468,14 @@ scoped_restore_current_thread::scoped_restore_current_thread () { m_selected_frame_id = null_frame_id; m_selected_frame_level = -1; - } - tp->incref (); - m_thread = tp; + /* Better let this propagate. */ + if (ex.error == TARGET_CLOSE_ERROR) + throw; + } } - - m_inf->incref (); + else + m_thread = NULL; } /* See gdbthread.h. */ base-commit: ad8464f799a4c96c7ab8bdfec3f95846cf54f9b0 prerequisite-patch-id: 32ffdda7d7d774bc4df88bf848bcb796559b53ce prerequisite-patch-id: 02021b74355b70debd344a6e445285c67dfef7d6 prerequisite-patch-id: c87fcf5a54f6805967cbf8ab107606c57d9ecf52 prerequisite-patch-id: ac7dee583d0ffa519c9d1cd89d27664bca68d8c1 prerequisite-patch-id: eac59ae2ea85d2d51e5be1b03e88a5641cc12c22 prerequisite-patch-id: 13da42ad04dc8e2e3bd6a556a0be0e17cf23669b prerequisite-patch-id: fd3f09fdb58ddc1c595ea014716851f4c8fca48c prerequisite-patch-id: 55b398673bd7edefb85d383c82785b668588e9c2 -- 2.14.5 --------------57465A489619B3DD4524F59B--