Writing regs to corefile

Writing regs to corefile

[Jon Ringle]

Hello,

I have a core file that was generated due to a buggy signal handler. What
happened as far as I can tell, is that my signal handler got called due to a
SIGPIPE signal, however, my signal handler itself also caused a SIGPIPE
signal. I therefore have a recursive signal handler :( Eventually, the process
got a SIGSEGV causing a core dump to be generated. I get the following bt on
the core file:

(gdb) bt
#0  0x401672d8 in _IO_vfprintf (s=0x1d, format=0x20c3afc "\n*** PID %d returning from signal %d @ pc %08x lr %08x\n", ap=Cannot access memory at address 0xbee01f44
) at vfprintf.c:209
#1  0x40175d5c in _IO_vsprintf (string=0x20f7aa8 "\n*** PID 79 returning from signal 13 @ pc 401b9304 lr 401039d8\n",
    format=0x20c3afc "\n*** PID %d returning from signal %d @ pc %08x lr %08x\n", args=0xbee0252c) at iovsprintf.c:47
#2  0x020ba51c in dbgPrintf (fmt=0x20c3afc "\n*** PID %d returning from signal %d @ pc %08x lr %08x\n") at dbgprint.c:184
#3  0x0200b278 in client_sigaction (sig=13, psi=0xbee02624, arg=0xbee026a4) at signals.c:103
#4  0x40101fc8 in pthread_sighandler_rt (signo=13, si=0xbee02624, uc=0xbee026a4) at signals.c:119
#5  <signal handler called>
Previous frame inner to this frame (corrupt stack?)
(gdb) frame 3
#3  0x0200b278 in client_sigaction (sig=13, psi=0xbee02624, arg=0xbee026a4) at signals.c:103
103             dbgPrintf("\n*** PID %d returning from signal %d @ pc %08x lr %08x\n", getpid(), sig, (unsigned int)sc->arm_pc, (unsigned int)sc->arm_lr);
(gdb) p/x *sc
$1 = {trap_no = 0x0, error_code = 0x0, oldmask = 0x80000000, arm_r0 = 0xffffffe0, arm_r1 = 0x20f7aa8, arm_r2 = 0x3f, arm_r3 = 0x0, arm_r4 = 0x3f, arm_r5 = 0x20f7aa8, arm_r6 = 0x1f,
  arm_r7 = 0xbee02848, arm_r8 = 0xbee028c8, arm_r9 = 0x1d, arm_r10 = 0x40113ac4, arm_fp = 0xbee02730, arm_ip = 0x40113adc, arm_sp = 0xbee02714, arm_lr = 0x401039d8, arm_pc = 0x401b9304,
  arm_cpsr = 0x60000010}


I'd like to be able to get to a backtrace of the original SIGPIPE signal. I
then hand edited the core file with the register information from the *sc
above, and got to the previous signal backtrace:

(gdb) bt
#0  0x401b9304 in write () from /home/ringlej/mp1000/trunk-fixes/Soundpipe/install/lib/libc.so.6
#1  0x401039d8 in write (fd=31, buf=0x20f7aa8, n=63) at wrapsyscall.c:139
#2  0x020ba54c in dbgPrintf (fmt=0x20c3afc "\n*** PID %d returning from signal %d @ pc %08x lr %08x\n") at dbgprint.c:188
#3  0x0200b278 in client_sigaction (sig=13, psi=0xbee02848, arg=0xbee028c8) at signals.c:103
#4  0x40101fc8 in pthread_sighandler_rt (signo=13, si=0xbee02848, uc=0xbee028c8) at signals.c:119
#5  <signal handler called>
Previous frame inner to this frame (corrupt stack?)
(gdb) info registers
r0             0xffffffe0       -32
r1             0x20f7aa8        34568872
r2             0x3f     63
r3             0x0      0
r4             0x3f     63
r5             0x20f7aa8        34568872
r6             0x1f     31
r7             0xbee02848       -1092605880
r8             0xbee028c8       -1092605752
r9             0x1d     29
r10            0x40113ac4       1074870980
r11            0xbee02730       -1092606160
r12            0x40113adc       1074871004
sp             0xbee02714       -1092606188
lr             0x401039d8       1074805208
pc             0x401b9304       1075548932
fps            0x0      0
cpsr           0x60000010       1610612752
(gdb) frame 3
#3  0x0200b278 in client_sigaction (sig=13, psi=0xbee02848, arg=0xbee028c8) at signals.c:103
103             dbgPrintf("\n*** PID %d returning from signal %d @ pc %08x lr %08x\n", getpid(), sig, (unsigned int)sc->arm_pc, (unsigned int)sc->arm_lr);
(gdb) p/x *sc
$5 = {trap_no = 0x0, error_code = 0x0, oldmask = 0x80000000, arm_r0 = 0xffffffe0, arm_r1 = 0x20f7aa8, arm_r2 = 0x3f, arm_r3 = 0x0, arm_r4 = 0x3f, arm_r5 = 0x20f7aa8, arm_r6 = 0x1f,
  arm_r7 = 0xbee02a6c, arm_r8 = 0xbee02aec, arm_r9 = 0x1d, arm_r10 = 0x40113ac4, arm_fp = 0xbee02954, arm_ip = 0x40113adc, arm_sp = 0xbee02938, arm_lr = 0x401039d8, arm_pc = 0x401b9304,
  arm_cpsr = 0x60000010}

I could then hand edit the core file with the *sc register information yet
again to get to the previous signal backtrace. However, this process is
tedious.

Is there another way I could traverse the recursive chain of signal handlers
that is a bit more automatic?

I can't seem to write directly to the core file register set from within gdb
(which is why I was hand editing the core file):
(gdb) set $r0 = 0xffffffe4
You can't do that without a process to debug.

Regards,

Jon

Re: Writing regs to corefile

[Daniel Jacobowitz]

On Mon, Apr 25, 2005 at 04:36:13PM -0400, Jon Ringle wrote:
> (gdb) bt
> #0  0x401672d8 in _IO_vfprintf (s=0x1d, format=0x20c3afc "\n*** PID %d returning from signal %d @ pc %08x lr %08x\n", ap=Cannot access memory at address 0xbee01f44
> ) at vfprintf.c:209
> #1  0x40175d5c in _IO_vsprintf (string=0x20f7aa8 "\n*** PID 79 returning from signal 13 @ pc 401b9304 lr 401039d8\n",
>     format=0x20c3afc "\n*** PID %d returning from signal %d @ pc %08x lr %08x\n", args=0xbee0252c) at iovsprintf.c:47
> #2  0x020ba51c in dbgPrintf (fmt=0x20c3afc "\n*** PID %d returning from signal %d @ pc %08x lr %08x\n") at dbgprint.c:184
> #3  0x0200b278 in client_sigaction (sig=13, psi=0xbee02624, arg=0xbee026a4) at signals.c:103
> #4  0x40101fc8 in pthread_sighandler_rt (signo=13, si=0xbee02624, uc=0xbee026a4) at signals.c:119
> #5  <signal handler called>
> Previous frame inner to this frame (corrupt stack?)

Well, that's not supposed to happen.  You want to figure out why it
did...


> I can't seem to write directly to the core file register set from within gdb
> (which is why I was hand editing the core file):
> (gdb) set $r0 = 0xffffffe4
> You can't do that without a process to debug.

Yeah.  This is a bit unfortunate.  Maybe we should allow the loaded
copy of the registers to be changed.

-- 
Daniel Jacobowitz
CodeSourcery, LLC

Re: Writing regs to corefile

[Jon Ringle]

On Monday 25 April 2005 16:44, Daniel Jacobowitz wrote:
> On Mon, Apr 25, 2005 at 04:36:13PM -0400, Jon Ringle wrote:
> > (gdb) bt
> > #0  0x401672d8 in _IO_vfprintf (s=0x1d, format=0x20c3afc "\n*** PID %d
> > returning from signal %d @ pc %08x lr %08x\n", ap=Cannot access memory at
> > address 0xbee01f44 ) at vfprintf.c:209
> > #1  0x40175d5c in _IO_vsprintf (string=0x20f7aa8 "\n*** PID 79 returning
> > from signal 13 @ pc 401b9304 lr 401039d8\n", format=0x20c3afc "\n*** PID
> > %d returning from signal %d @ pc %08x lr %08x\n", args=0xbee0252c) at
> > iovsprintf.c:47 #2  0x020ba51c in dbgPrintf (fmt=0x20c3afc "\n*** PID %d
> > returning from signal %d @ pc %08x lr %08x\n") at dbgprint.c:184 #3 
> > 0x0200b278 in client_sigaction (sig=13, psi=0xbee02624, arg=0xbee026a4)
> > at signals.c:103 #4  0x40101fc8 in pthread_sighandler_rt (signo=13,
> > si=0xbee02624, uc=0xbee026a4) at signals.c:119 #5  <signal handler
> > called>
> > Previous frame inner to this frame (corrupt stack?)
>
> Well, that's not supposed to happen.  You want to figure out why it
> did...

This is my final goal with this task, yes :)

>
> > I can't seem to write directly to the core file register set from within
> > gdb (which is why I was hand editing the core file):
> > (gdb) set $r0 = 0xffffffe4
> > You can't do that without a process to debug.
>
> Yeah.  This is a bit unfortunate.  Maybe we should allow the loaded
> copy of the registers to be changed.

I was looking at corelow.c to see if I could add a core_ops.to_store_registers 
function to do just that. However, the first problem I encountered is that 
the to_store_registers definition seems to only have a regno parameter. How 
do I get access to the value of regno to be stored?

Jon

Re: Writing regs to corefile

[Daniel Jacobowitz]

On Mon, Apr 25, 2005 at 04:51:09PM -0400, Jon Ringle wrote:
> > > I can't seem to write directly to the core file register set from within
> > > gdb (which is why I was hand editing the core file):
> > > (gdb) set $r0 = 0xffffffe4
> > > You can't do that without a process to debug.
> >
> > Yeah.  This is a bit unfortunate.  Maybe we should allow the loaded
> > copy of the registers to be changed.
> 
> I was looking at corelow.c to see if I could add a core_ops.to_store_registers 
> function to do just that. However, the first problem I encountered is that 
> the to_store_registers definition seems to only have a regno parameter. How 
> do I get access to the value of regno to be stored?

From the register cache.  You probably don't need to do anything in
your dummy to_store_registers routine.

-- 
Daniel Jacobowitz
CodeSourcery, LLC

Re: Writing regs to corefile

[Jon Ringle]

On Monday 25 April 2005 17:45, Daniel Jacobowitz wrote:
> On Mon, Apr 25, 2005 at 04:51:09PM -0400, Jon Ringle wrote:
> > > > I can't seem to write directly to the core file register set from
> > > > within gdb (which is why I was hand editing the core file):
> > > > (gdb) set $r0 = 0xffffffe4
> > > > You can't do that without a process to debug.
> > >
> > > Yeah.  This is a bit unfortunate.  Maybe we should allow the loaded
> > > copy of the registers to be changed.
> >
> > I was looking at corelow.c to see if I could add a
> > core_ops.to_store_registers function to do just that. However, the first
> > problem I encountered is that the to_store_registers definition seems to
> > only have a regno parameter. How do I get access to the value of regno to
> > be stored?
>
> From the register cache.  You probably don't need to do anything in
> your dummy to_store_registers routine.

Ok, I created a dummy to_store_registers and a dummy to_prepare_to_store in 
corelow.c. Now I don't get the error message, but setting a register doesn't 
seem to reflect a change:

(gdb) p/x $r0
$1 = 0xbee0244c
(gdb) set $r0=0x1234
(gdb) p/x $r0
$2 = 0xbee0244c

Re: Writing regs to corefile

[Daniel Jacobowitz]

On Mon, Apr 25, 2005 at 08:02:33PM -0400, Jon Ringle wrote:
> On Monday 25 April 2005 17:45, Daniel Jacobowitz wrote:
> > On Mon, Apr 25, 2005 at 04:51:09PM -0400, Jon Ringle wrote:
> > > > > I can't seem to write directly to the core file register set from
> > > > > within gdb (which is why I was hand editing the core file):
> > > > > (gdb) set $r0 = 0xffffffe4
> > > > > You can't do that without a process to debug.
> > > >
> > > > Yeah.  This is a bit unfortunate.  Maybe we should allow the loaded
> > > > copy of the registers to be changed.
> > >
> > > I was looking at corelow.c to see if I could add a
> > > core_ops.to_store_registers function to do just that. However, the first
> > > problem I encountered is that the to_store_registers definition seems to
> > > only have a regno parameter. How do I get access to the value of regno to
> > > be stored?
> >
> > From the register cache.  You probably don't need to do anything in
> > your dummy to_store_registers routine.
> 
> Ok, I created a dummy to_store_registers and a dummy to_prepare_to_store in 
> corelow.c. Now I don't get the error message, but setting a register doesn't 
> seem to reflect a change:
> 
> (gdb) p/x $r0
> $1 = 0xbee0244c
> (gdb) set $r0=0x1234
> (gdb) p/x $r0
> $2 = 0xbee0244c

Dunno; probably you need to change the way to_fetch_registers works.

-- 
Daniel Jacobowitz
CodeSourcery, LLC

Re: Writing regs to corefile

[Jon Ringle]

On Monday 25 April 2005 20:31, Daniel Jacobowitz wrote:
> On Mon, Apr 25, 2005 at 08:02:33PM -0400, Jon Ringle wrote:
> > On Monday 25 April 2005 17:45, Daniel Jacobowitz wrote:
> > > On Mon, Apr 25, 2005 at 04:51:09PM -0400, Jon Ringle wrote:
> > > > > > I can't seem to write directly to the core file register set from
> > > > > > within gdb (which is why I was hand editing the core file):
> > > > > > (gdb) set $r0 = 0xffffffe4
> > > > > > You can't do that without a process to debug.
> > > > >
> > > > > Yeah.  This is a bit unfortunate.  Maybe we should allow the loaded
> > > > > copy of the registers to be changed.
> > > >
> > > > I was looking at corelow.c to see if I could add a
> > > > core_ops.to_store_registers function to do just that. However, the
> > > > first problem I encountered is that the to_store_registers definition
> > > > seems to only have a regno parameter. How do I get access to the
> > > > value of regno to be stored?
> > >
> > > From the register cache.  You probably don't need to do anything in
> > > your dummy to_store_registers routine.
> >
> > Ok, I created a dummy to_store_registers and a dummy to_prepare_to_store
> > in corelow.c. Now I don't get the error message, but setting a register
> > doesn't seem to reflect a change:
> >
> > (gdb) p/x $r0
> > $1 = 0xbee0244c
> > (gdb) set $r0=0x1234
> > (gdb) p/x $r0
> > $2 = 0xbee0244c
>
> Dunno; probably you need to change the way to_fetch_registers works.

Yup, that was it. Got it working now. I put a test if (regno==-1) {} around 
the code contained in get_core_registers(), so that the code doesn't get run 
when a specific register gets changed.

Jon