From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2160 invoked by alias); 6 Mar 2013 15:31:15 -0000 Received: (qmail 2136 invoked by uid 22791); 6 Mar 2013 15:31:12 -0000 X-SWARE-Spam-Status: No, hits=-8.1 required=5.0 tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,KHOP_SPAMHAUS_DROP,KHOP_THREADED,RCVD_IN_DNSWL_HI,RCVD_IN_HOSTKARMA_W,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mga14.intel.com (HELO mga14.intel.com) (143.182.124.37) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 06 Mar 2013 15:31:01 +0000 Received: from azsmga002.ch.intel.com ([10.2.17.35]) by azsmga102.ch.intel.com with ESMTP; 06 Mar 2013 07:30:58 -0800 X-ExtLoop1: 1 Received: from irsmsx103.ger.corp.intel.com ([163.33.3.157]) by AZSMGA002.ch.intel.com with ESMTP; 06 Mar 2013 07:30:57 -0800 Received: from irsmsx102.ger.corp.intel.com ([169.254.2.244]) by IRSMSX103.ger.corp.intel.com ([169.254.3.198]) with mapi id 14.01.0355.002; Wed, 6 Mar 2013 15:30:14 +0000 From: "Metzger, Markus T" To: Jan Kratochvil CC: "gdb-patches@sourceware.org" , "markus.t.metzger@gmail.com" , "Himpel, Christian" Subject: RE: Crash of GDB with gdbserver btrace enabled [Re: [patch v9 00/23] branch tracing support for Atom] Date: Wed, 06 Mar 2013 15:31:00 -0000 Message-ID: References: <1362416770-19750-1-git-send-email-markus.t.metzger@intel.com> <20130306124334.GA29994@host2.jankratochvil.net> In-Reply-To: Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2013-03/txt/msg00217.txt.bz2 > -----Original Message----- > From: Metzger, Markus T > Sent: Wednesday, March 06, 2013 3:41 PM > > ./gdbserver :1234 true > > ./gdb true -ex 'target remote localhost:1234' -ex 'set debug remote 1' = -ex 'record btrace' -ex c > > > > will crash GDB. There were a similar thread on the list before, I have= not > > investigated it yet. > > > > But this is sure not a regression when btrace is not involved. >=20 > Thanks! >=20 > Here's the problem.. > When we close the record-btrace target in response to mourn_inferior (sho= uld be > the same for any reason), we iterate over all threads and disable branch = tracing for > each thread. > If we lose the connection to the remote target, we will pop all targets. > This has several effects: > - it will discard all inferiors > - this will also cause us to disable tracing twice > - thus we try to switch the remote thread twice > - here we crash due to an unchecked null pointer access > - even if we survived this it would free the thread_info we're using f= or our traversal > - it will remove all targets so we'll run into an internal error when for= warding > mourn_inferior to the target after unpushing the record target >=20 > We need to disable branch tracing when the thread goes away and when we s= top > recording. I therefore put the disabling into the to_close method. Even= if I moved > this somewhere else, I would still try to talk to the target when freeing= the resources > for a thread that goes away. If I used a thread_exit notifier instead of adding the call directly to clear_thread_inferior_resources, I would avoid trying to talk to the target= as part of deleting threads in the above example - since we're deleting threads silent= ly. I still disable threads in to_close which tries to talk to the target. We w= ould thus still pop all targets, but we wouldn't try to talk to the target during that, i.e= . we would survive this. We still die later on since popping all targets discards all threads and th= us disrupts the thread traversal in record-btrace's to_close. This might be avoided by moving the ALL_THREADS - btrace_disable into some = other function that is only called on "record stop". For all other stop reasons,= we would rely on the cleanup when GDB's threads are discarded. This might leak resources, though! I don't know when threads are deleted si= lently and when not. I also don't know what the thread notifier is meant for, i.e.= if I should have used it in the first place. This doesn't fix the real problem IMO, but it could avoid this deterministi= c case. > As far as I understand, we may lose the connection at any time and for al= l kinds > of reasons. It just happens deterministically in the above example. So = what we > would want is to be able to try to talk to the target after the connectio= n has been > lost without crashing GDB. >=20 > Do you know what others are doing to avoid this problem? >=20 > Regards, > Markus. Intel GmbH Dornacher Strasse 1 85622 Feldkirchen/Muenchen, Deutschland Sitz der Gesellschaft: Feldkirchen bei Muenchen Geschaeftsfuehrer: Christian Lamprechter, Hannes Schwaderer, Douglas Lusk Registergericht: Muenchen HRB 47456 Ust.-IdNr./VAT Registration No.: DE129385895 Citibank Frankfurt a.M. (BLZ 502 109 00) 600119052