From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 35373 invoked by alias); 7 Apr 2017 07:15:38 -0000 Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org Received: (qmail 35088 invoked by uid 89); 7 Apr 2017 07:15:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=Johannes, johannes, SYSRegs, Hx-languages-length:1654 X-HELO: smtprelay.synopsys.com Received: from smtprelay4.synopsys.com (HELO smtprelay.synopsys.com) (198.182.47.9) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 07 Apr 2017 07:15:23 +0000 Received: from mailhost.synopsys.com (mailhost2.synopsys.com [10.13.184.66]) by smtprelay.synopsys.com (Postfix) with ESMTP id 78CAF24E1FA7; Fri, 7 Apr 2017 00:15:23 -0700 (PDT) Received: from mailhost.synopsys.com (localhost [127.0.0.1]) by mailhost.synopsys.com (Postfix) with ESMTP id 6233CFA7; Fri, 7 Apr 2017 00:15:23 -0700 (PDT) Received: from US01WXQAHTC1.internal.synopsys.com (us01wxqahtc1.internal.synopsys.com [10.12.238.230]) by mailhost.synopsys.com (Postfix) with ESMTP id 2F52DFA6; Fri, 7 Apr 2017 00:15:23 -0700 (PDT) Received: from DE02WEHTCA.internal.synopsys.com (10.225.19.92) by US01WXQAHTC1.internal.synopsys.com (10.12.238.230) with Microsoft SMTP Server (TLS) id 14.3.266.1; Fri, 7 Apr 2017 00:15:23 -0700 Received: from DE02WEMBXB.internal.synopsys.com ([fe80::95ce:118a:8321:a099]) by DE02WEHTCA.internal.synopsys.com ([::1]) with mapi id 14.03.0266.001; Fri, 7 Apr 2017 09:15:21 +0200 From: Johannes Stoelp To: Yao Qi , Johannes Stoelp CC: "gdb@sourceware.org" , Andreas Ropers , Marc Mones , "Kai Schuetz" , Johannes Stoelp Subject: RE: Infinite Stack Unwinding ARM Date: Fri, 07 Apr 2017 07:15:00 -0000 Message-ID: <6ECCE8A0904A1643BE093611EF2098CE01475738@DE02WEMBXB.internal.synopsys.com> References: <6ECCE8A0904A1643BE093611EF2098CE0147553E@DE02WEMBXB.internal.synopsys.com> <86pogrp0vj.fsf@gmail.com> In-Reply-To: <86pogrp0vj.fsf@gmail.com> x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5LnR4dCIgcD0iYzpcdXNlcnNcanN0b2xwXGFwcGRhdGFccm9hbWluZ1wwOWQ4NDliNi0zMmQzLTRhNDAtODVlZS02Yjg0YmEyOWUzNWJcbXNnc1xtc2ctZjRhNWM2NjUtMWI2MS0xMWU3LTk0MzEtMzRlNmQ3NDYwMTRmXGFtZS10ZXN0XGY0YTVjNjY2LTFiNjEtMTFlNy05NDMxLTM0ZTZkNzQ2MDE0ZmJvZHkudHh0IiBzej0iMTcxMiIgdD0iMTMxMzYwMjI5MTk4ODQwNjIxIiBoPSJjZjBoRU5HQ2Y3TkJBVEJLeTlhZmJoSnVpaDA9IiBpZD0iIiBibD0iMCIgYm89IjEiLz48L21ldGE+ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-IsSubscribed: yes X-SW-Source: 2017-04/txt/msg00011.txt.bz2 WWFvIFFpIDxxaXlhb2x0Y0BnbWFpbC5jb20+IHdyaXRlczoNCg0KPiBJIGRv bid0IGV4cGVjdCBwcm9sb2d1ZSBhbmFseXplciBzdXBwb3J0aW5nIFNZU1Jl Z3MgYW5kIGluc3RydWN0aW9uIE1SUy4gIEFsbCB0aGUgcHJvbG9ndWUgYW5h bHl6ZXJzIGluIEdEQiBhcmUgd3JpdHRlbiBpbiBhIHdheSB0aGF0IHVuZGVy c3RhbmRpbmcgaW5zdHJ1Y3Rpb25zIGFjY29yZGluZyB0byB0aGUgQUJJL2Nh bGxpbmcgY29udmVudGlvbiBvZiBlYWNoIGFyY2hpdGVjdHVyZSBhbmQgIGNv bXBpbGVyJ3MgYmVoYXZpb3IsIHNvIGl0IHNob3VsZCBiZSBhYmxlIHRvIHBh cnNlIHRoZSBpbnN0cnVjdGlvbiBpbiBwcm9sb2d1ZXMgY29tcGx5aW5nIHRv IHRoZSBBQkkuICBHREIgcHJvbG9ndWUgYW5hbHl6ZXIgbWF5IG5vdCB1bmRl cnN0YW5kIHdoYXQgZG9lcyBoYW5kd3JpdHRlbiBhc3NlbWJseSBkby4NCg0K DQpIaSBZYW8sDQoNCkkgc2VlIHdoYXQgeW91IGFyZSBzYXlpbmcgYWJvdXQg dGhlIHByb2xvZ3VlIGFuYWx5emVyIGFuZCB0aGUgQUJJL2NhbGxpbmcgY29u dmVudGlvbnMuIA0KDQpJIHVuZGVyc3RhbmQgdGhhdCBnZGIgZG9lcyBub3Qg aGF2ZSB0byB1bmRlcnN0YW5kIGV2ZXJ5IGhhbmQgd3JpdHRlbiBhc3NlbWJs ZXIgcm91dGluZSwgYnV0IEkgd291bGQgbGlrZSB0byBlbXBoYXNpemUgdGhh dCBnZGIgaW4gdGhpcyBwYXJ0aWN1bGFyIGNhc2UgZW5kcyBpbiBhbiAiaW5m aW5pdGUiIGxvb3AgcHJpbnRpbmcgdGhlIGJhY2t0cmFjZSBsaW5lIGJ5IGxp bmUgKEkgcHV0IGluZmluaXRlIGluIHF1b3RlcyBiZWNhdXNlIHRoZSBsb29w IGlzIGxpbWl0ZWQgYnkgdGhlIGxvd2VyIGJvdW5kYXJ5IG9mIGFuIGludGVn ZXIpLiANCkkgd291bGQgZXhwZWN0IGdkYiB0byBiZSBtb3JlIGRlZmVuc2l2 ZSBpbiB0aGlzIGNhc2UgYW5kIGVpdGhlciB0cnkgb3RoZXIgdW53aW5kaW5n IHRlY2huaXF1ZXMgbGlrZSBiYWNrd2FyZCB1bndpbmRpbmcgKGZyb20gYm90 dG9tIHVwKSBvciBqdXN0IHN0b3AgdW53aW5kaW5nIGJlY2F1c2Ugb2YgdG8g bGVzcyBpbmZvcm1hdGlvbi4NCkluIG15IHVuZGVyc3RhbmRpbmcgc2l0dWF0 aW9ucyBsaWtlIHRoaXMgY2FuIGFsc28gb2NjdXIgd2hlbiB0aGUgc3RhY2sg Z2V0cyBjb3JydXB0ZWQuIFRoZXJlIEkgd291bGQgYWxzbyBleHBlY3QgZ2Ri IHRvIG5vdCBlbmQgaW4gYW4gaW5maW5pdGUgbG9vcCBzaW5jZSBnZGIgaXMg aW50ZW5kZWQgdG8gYW5hbHl6ZSB0aGUgbm9uLWV4cGVjdGVkIHNpdHVhdGlv bi4NCg0KT25lIG90aGVyIHF1ZXN0aW9uIHRoYXQgY2FtZSB1cCBieSBjb21w YXJpbmcgdGhlIGFybSBhbmQgdGhlIGFhcmNoNjQgYW5hbHl6ZXI6DQogICAg KiBJcyB0aGVyZSBhIHNwZWNpYWwgcmVhc29uL3RyaWNrIHdoeSB0aGUgYXJt IGFuYWx5emVyIChnZGIvYXJtLXRkZXAuYzphcm1fYW5hbHl6ZV9wcm9sb2d1 ZSguLi4pKSBza2lwcyBpbnN0cnVjdGlvbnMgdGhhdCBpdCBkb2Vzbid0IHJl Y29nbml6ZSB3aGlsZSB0aGUgYWFyY2g2NCBhbmFseXplciAoZ2RiL2FhcmNo NjQtdGRlcC5jOmFhcmNoNjRfcHJvbG9ndWVfYW5hbHl6ZXIoLi4uKSkgc3Rv cHMgd2hlbiB0aGUgZmlyc3QgdW5yZWNvZ25pemVkIGluc3RydWN0aW9uIGlz IGhpdD8NCg0KQmVzdCwNCkpvaGFubmVzIA0KIA0K >From gdb-return-45709-listarch-gdb=sources.redhat.com@sourceware.org Fri Apr 07 08:39:58 2017 Return-Path: Delivered-To: listarch-gdb@sources.redhat.com Received: (qmail 127811 invoked by alias); 7 Apr 2017 08:39:57 -0000 Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org Delivered-To: mailing list gdb@sourceware.org Received: (qmail 127255 invoked by uid 89); 7 Apr 2017 08:39:56 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-23.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mail-wr0-f193.google.com Received: from mail-wr0-f193.google.com (HELO mail-wr0-f193.google.com) (209.85.128.193) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 07 Apr 2017 08:39:54 +0000 Received: by mail-wr0-f193.google.com with SMTP id u18so9937056wrc.1 for ; Fri, 07 Apr 2017 01:39:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=7/7T4K+NN5r9U8vEQM7nWi0klQ/383YMyfaV8Sx2cXw=; b=jn/HWuYk6QaqlS00EwRhe+rV7LVfrbG55Z+wDrQD0SwEgB0NjUlowgKsvEwafKZYO1 WBLzd4jekp64DoAoqo2hoxz1pUS+ePgoswuejSq62ii9rG0lWi4tc2sCYZzLovQ6aX6G aKaNQQr1Gcko5w9KE3zYcVomfRxl3DLBaYGrg/GvdkUeG+T4TLJEtXNy9oGLynzRC3wv 49Bz375a6J3BI/nuD405XEnderlvWhbUlAH4CL16o8QGLk8Fm+N9QHqEi/Lm0cp4DGKl ONzCbDiz/gbKgevXQKPW7/32++OPg/LzYO5SjoHTYxmt4RbeNHaJVQiGopwz1W3D2YOH NndA== X-Gm-Message-State: AFeK/H1+RRBzUhSETDUjgnt131M63SZwW1gzu2pLG1WthqZJbZfps2Cs bYLBgkEgtOc/l3/qNwfCRc3ZS+YkoA== X-Received: by 10.28.74.18 with SMTP id x18mr21927538wma.64.1491554393824; Fri, 07 Apr 2017 01:39:53 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.142.90 with HTTP; Fri, 7 Apr 2017 01:39:53 -0700 (PDT) In-Reply-To: <864lyfp0b7.fsf@gmail.com> References: <728178DD-B9FD-4695-A7FF-F13B829DFD2E@gmail.com> <864lyfp0b7.fsf@gmail.com> From: RAJESH DASARI Date: Fri, 07 Apr 2017 08:39:00 -0000 Message-ID: Subject: Re: Reg : gdb crash is seen while attaching a process to gdb. To: Yao Qi Cc: GDB , mukuntha.rajaa@nokia.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SW-Source: 2017-04/txt/msg00012.txt.bz2 Content-length: 7710 Hi, I have recompiled the gdb with the given patch but still i see the issue , These are my observation when i see the gdb crash. 1. strace -e ptrace gdb -p 7978 . 2. when i attach process with only gdb command like below gdb -p 7878 , [New LWP 7879] Couldn't write debug register: No such process. (gdb) bt #0 0xf5655ea0 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Any idea why i am seeing couldn't write debug registers error and Backtrace stopped: previous frame identical to this frame (corrupt stack?) errors. when i dettach the process in this state , i am getting the core dump which i had reported in my previous mail . Is this bug in gdb ,Could you someone please help me on how to proceed further on this issue. Regards, Rajesh. Thanks, Rajesh Dasari. On Mon, Mar 27, 2017 at 2:24 PM, Yao Qi wrote: > RAJESH DASARI writes: > >> Thanks for your quick response . Could you please share those patches >> , I will recompile the gdb with the patches and test the changes. > > Could you try the patch below on 7.12? If the patch doesn't work, > please provide the GDB's stack backtrace on internal error. > > -- > Yao (=E9=BD=90=E5=B0=A7) > From 0621d3b4c0c665defc2166ee6240dc85f909275a Mon Sep 17 00:00:00 2001 > From: Yao Qi > Date: Mon, 27 Mar 2017 09:42:38 +0100 > Subject: [PATCH] Fix refcount of thread_info > > I build GDB with asan, and run test case hook-stop.exp, and threadapply.e= xp, > I got the following asan error, > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D^M > ^[[1m^[[31m=3D=3D2291=3D=3DERROR: AddressSanitizer: heap-use-after-free o= n address 0x6160000999c4 at pc 0x000000826022 bp 0x7ffd28a8ff70 sp 0x7ffd28= a8ff60^M > ^[[1m^[[0m^[[1m^[[34mREAD of size 4 at 0x6160000999c4 thread T0^[[1m^[[0m= ^M > #0 0x826021 in release_stop_context_cleanup ../../binutils-gdb/gdb/in= frun.c:8203^M > #1 0x72798a in do_my_cleanups ../../binutils-gdb/gdb/common/cleanups.= c:154^M > #2 0x727a32 in do_cleanups(cleanup*) ../../binutils-gdb/gdb/common/cl= eanups.c:176^M > #3 0x826895 in normal_stop() ../../binutils-gdb/gdb/infrun.c:8381^M > #4 0x815208 in fetch_inferior_event(void*) ../../binutils-gdb/gdb/inf= run.c:4011^M > #5 0x868aca in inferior_event_handler(inferior_event_type, void*) ../= ../binutils-gdb/gdb/inf-loop.c:44^M > .... > ^[[1m^[[32m0x6160000999c4 is located 68 bytes inside of 568-byte region [= 0x616000099980,0x616000099bb8)^M > ^[[1m^[[0m^[[1m^[[35mfreed by thread T0 here:^[[1m^[[0m^M > #0 0x7fb0bc1312ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/li= basan.so.2+0x982ca)^M > #1 0xb8c62f in xfree(void*) ../../binutils-gdb/gdb/common/common-util= s.c:100^M > #2 0x83df67 in free_thread ../../binutils-gdb/gdb/thread.c:207^M > #3 0x83dfd2 in init_thread_list() ../../binutils-gdb/gdb/thread.c:223= ^M > #4 0x805494 in kill_command ../../binutils-gdb/gdb/infcmd.c:2595^M > .... > > Detaching from program: /home/yao.qi/SourceCode/gnu/build-with-asan/gdb/t= estsuite/outputs/gdb.threads/threadapply/threadapply, process 2399^M > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D^M > ^[[1m^[[31m=3D=3D2387=3D=3DERROR: AddressSanitizer: heap-use-after-free o= n address 0x6160000a98c0 at pc 0x00000083fd28 bp 0x7ffd401c3110 sp 0x7ffd40= 1c3100^M > ^[[1m^[[0m^[[1m^[[34mREAD of size 4 at 0x6160000a98c0 thread T0^[[1m^[[0m= ^M > #0 0x83fd27 in thread_alive ../../binutils-gdb/gdb/thread.c:741^M > #1 0x844277 in thread_apply_all_command ../../binutils-gdb/gdb/thread= .c:1804^M > .... > ^M > ^[[1m^[[32m0x6160000a98c0 is located 64 bytes inside of 568-byte region [= 0x6160000a9880,0x6160000a9ab8)^M > ^[[1m^[[0m^[[1m^[[35mfreed by thread T0 here:^[[1m^[[0m^M > #0 0x7f59a7e322ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/li= basan.so.2+0x982ca)^M > #1 0xb8c62f in xfree(void*) ../../binutils-gdb/gdb/common/common-util= s.c:100^M > #2 0x83df67 in free_thread ../../binutils-gdb/gdb/thread.c:207^M > #3 0x83dfd2 in init_thread_list() ../../binutils-gdb/gdb/thread.c:223= ^M > > This patch fixes the issue by always checking refcount before decreasing = it. > If it is zero already, free the thread_info. > > gdb: > > 2017-03-27 Yao Qi > > PR gdb/19942 > * gdbthread.h (free_thread): Declare. > * infrun.c (release_stop_context_cleanup): If refcount is zero > call free_thread. > * thread.c (free_thread): Remove "static". > (init_thread_list): If refcount is zero, call free_thread. > (restore_current_thread_cleanup_dtor): Likewise. > (set_thread_refcount): Likewise. > --- > gdb/gdbthread.h | 3 +++ > gdb/infrun.c | 7 ++++++- > gdb/thread.c | 21 +++++++++++++++++---- > 3 files changed, 26 insertions(+), 5 deletions(-) > > diff --git a/gdb/gdbthread.h b/gdb/gdbthread.h > index 455cfd8..f89c6e1 100644 > --- a/gdb/gdbthread.h > +++ b/gdb/gdbthread.h > @@ -369,6 +369,9 @@ extern void delete_thread (ptid_t); > exited, for example. */ > extern void delete_thread_silent (ptid_t); > > +/* Free TP. */ > +extern void free_thread (struct thread_info *tp); > + > /* Delete a step_resume_breakpoint from the thread database. */ > extern void delete_step_resume_breakpoint (struct thread_info *); > > diff --git a/gdb/infrun.c b/gdb/infrun.c > index 5125ede..13b74bd 100644 > --- a/gdb/infrun.c > +++ b/gdb/infrun.c > @@ -8200,7 +8200,12 @@ release_stop_context_cleanup (void *arg) > struct stop_context *sc =3D (struct stop_context *) arg; > > if (sc->thread !=3D NULL) > - sc->thread->refcount--; > + { > + if (sc->thread->refcount =3D=3D 0) > + free_thread (sc->thread); > + else > + sc->thread->refcount--; > + } > xfree (sc); > } > > diff --git a/gdb/thread.c b/gdb/thread.c > index 1e39ac4..36dc40f 100644 > --- a/gdb/thread.c > +++ b/gdb/thread.c > @@ -192,7 +192,7 @@ clear_thread_inferior_resources (struct thread_info *= tp) > thread_cancel_execution_command (tp); > } > > -static void > +void > free_thread (struct thread_info *tp) > { > if (tp->priv) > @@ -220,7 +220,10 @@ init_thread_list (void) > for (tp =3D thread_list; tp; tp =3D tpnext) > { > tpnext =3D tp->next; > - free_thread (tp); > + if (tp->refcount =3D=3D 0) > + free_thread (tp); > + else > + tp->refcount--; > } > > thread_list =3D NULL; > @@ -1612,7 +1615,12 @@ restore_current_thread_cleanup_dtor (void *arg) > > tp =3D find_thread_ptid (old->inferior_ptid); > if (tp) > - tp->refcount--; > + { > + if (tp->refcount =3D=3D 0) > + free_thread (tp); > + else > + tp->refcount--; > + } > inf =3D find_inferior_id (old->inf_id); > if (inf !=3D NULL) > inf->removable =3D old->was_removable; > @@ -1629,7 +1637,12 @@ set_thread_refcount (void *data) > =3D (struct thread_array_cleanup *) data; > > for (k =3D 0; k !=3D ta_cleanup->count; k++) > - ta_cleanup->tp_array[k]->refcount--; > + { > + if (ta_cleanup->tp_array[k]->refcount =3D=3D 0) > + free_thread (ta_cleanup->tp_array[k]); > + else > + ta_cleanup->tp_array[k]->refcount--; > + } > } > > struct cleanup * > -- > 1.9.1