From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 67564 invoked by alias); 27 Apr 2017 06:13:08 -0000 Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org Received: (qmail 67426 invoked by uid 89); 27 Apr 2017 06:13:02 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=ham version=3.3.2 spammy=3696, UD:2, 8203 X-HELO: mail-pf0-f194.google.com Received: from mail-pf0-f194.google.com (HELO mail-pf0-f194.google.com) (209.85.192.194) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 27 Apr 2017 06:12:59 +0000 Received: by mail-pf0-f194.google.com with SMTP id c198so6565195pfc.0 for ; Wed, 26 Apr 2017 23:13:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+tNQ6UFCFwi6R5e31L97wQA7ELk/x6GI4IgnomgLvrI=; b=QXyF+0iTzOSRZW6tvCjBFP4jTr5O982rqlsxRxUlgR77UcDdZB+s2CoMMAlw4iVLao 4A9CCFlYBE/dnTQlGKV2dkBkQOjUpz5FC6cUu3P+20WSugmeRf9dE9zT1ud94p7Ujt1l gMd1KCtauZ1V1O9sRSi3uCc4BK3MYiczGm6cSHSpwlxta+GST6HNciWkmeQJAKK2JClU H262cj2UvDGi3ocPZZFvghWmFDnLf+z5/inZ3Qxu0QQBpq+GNx4rh1FcZCTPeSPkFzu4 ZXilEejeEwN73BvwbMZXrjmhZi1fwzLt2031kVx5hn1LL072/7kW4KwDGXR+dOEp5Wk9 ztMQ== X-Gm-Message-State: AN3rC/6QS5B8Q1szf3OVJTLmlvlUsb8N20eIVdzjpvpGxr0idJkyS1Rb JaG4o9Rmx9ky3kBJhpwUXRtiwneodMN3Q8E= X-Received: by 10.84.218.79 with SMTP id f15mr4907314plm.146.1493273580239; Wed, 26 Apr 2017 23:13:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.155.97 with HTTP; Wed, 26 Apr 2017 23:12:59 -0700 (PDT) In-Reply-To: References: <728178DD-B9FD-4695-A7FF-F13B829DFD2E@gmail.com> <864lyfp0b7.fsf@gmail.com> From: RAJESH DASARI Date: Thu, 27 Apr 2017 06:13:00 -0000 Message-ID: Subject: Re: Reg : gdb crash is seen while attaching a process to gdb. To: Yao Qi Cc: GDB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SW-Source: 2017-04/txt/msg00034.txt.bz2 Hi , I have raised a bug for the issue discussed in this mail chain, https://sourceware.org/bugzilla/show_bug.cgi?id=3D21395 and i was able to resolve the issue with minor code changes. Could someone please provide comments. diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c index 9d22773..68641f8 100644 --- a/gdb/mips-linux-nat.c +++ b/gdb/mips-linux-nat.c @@ -634,9 +634,20 @@ mips_linux_new_thread (struct lwp_info *lp) &watch_readback_valid, 0)) return; + long r; + r=3D ptrace (PTRACE_SET_WATCH_REGS, tid, &watch_mirror, NULL); tid =3D ptid_get_lwp (lp->ptid); - if (ptrace (PTRACE_SET_WATCH_REGS, tid, &watch_mirror, NULL) =3D=3D -1) - perror_with_name (_("Couldn't write debug register")); + if ( r =3D=3D -1L && errno =3D=3D ESRCH ) + { + /* sleep for a while to eliminate race condition on update to kernel + * task structure with the process state (STOP state of thread). + */ + usleep(10000); + if ( ptrace (PTRACE_SET_WATCH_REGS, tid, &watch_mirror, NULL) =3D=3D = -1 ) + { + perror_with_name (_("Couldn't write debug register")); + } + } } /* Target to_insert_watchpoint implementation. Try to insert a new --=20 2.4.11 Thanks, Rajesh Dasari. On Fri, Apr 7, 2017 at 2:09 PM, RAJESH DASARI wro= te: > Hi, > > > I have recompiled the gdb with the given patch but still i see the issue , > > These are my observation when i see the gdb crash. > > 1. strace -e ptrace gdb -p 7978 enabled, attaching , dettaching and all the debugging operations were > successful>. > > 2. when i attach process with only gdb command like below > gdb -p 7878 , > [New LWP 7879] > Couldn't write debug register: No such process. > (gdb) bt > #0 0xf5655ea0 in ?? () > Backtrace stopped: previous frame identical to this frame (corrupt stack?) > > Any idea why i am seeing couldn't write debug registers error and > Backtrace stopped: previous frame identical to this frame (corrupt > stack?) errors. > > when i dettach the process in this state , i am getting the core dump > which i had reported in my previous mail . > > Is this bug in gdb ,Could you someone please help me on how to proceed > further on this issue. > > Regards, > Rajesh. > > Thanks, > Rajesh Dasari. > > > On Mon, Mar 27, 2017 at 2:24 PM, Yao Qi wrote: >> RAJESH DASARI writes: >> >>> Thanks for your quick response . Could you please share those patches >>> , I will recompile the gdb with the patches and test the changes. >> >> Could you try the patch below on 7.12? If the patch doesn't work, >> please provide the GDB's stack backtrace on internal error. >> >> -- >> Yao (=E9=BD=90=E5=B0=A7) >> From 0621d3b4c0c665defc2166ee6240dc85f909275a Mon Sep 17 00:00:00 2001 >> From: Yao Qi >> Date: Mon, 27 Mar 2017 09:42:38 +0100 >> Subject: [PATCH] Fix refcount of thread_info >> >> I build GDB with asan, and run test case hook-stop.exp, and threadapply.= exp, >> I got the following asan error, >> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D^M >> ^[[1m^[[31m=3D=3D2291=3D=3DERROR: AddressSanitizer: heap-use-after-free = on address 0x6160000999c4 at pc 0x000000826022 bp 0x7ffd28a8ff70 sp 0x7ffd2= 8a8ff60^M >> ^[[1m^[[0m^[[1m^[[34mREAD of size 4 at 0x6160000999c4 thread T0^[[1m^[[0= m^M >> #0 0x826021 in release_stop_context_cleanup ../../binutils-gdb/gdb/i= nfrun.c:8203^M >> #1 0x72798a in do_my_cleanups ../../binutils-gdb/gdb/common/cleanups= .c:154^M >> #2 0x727a32 in do_cleanups(cleanup*) ../../binutils-gdb/gdb/common/c= leanups.c:176^M >> #3 0x826895 in normal_stop() ../../binutils-gdb/gdb/infrun.c:8381^M >> #4 0x815208 in fetch_inferior_event(void*) ../../binutils-gdb/gdb/in= frun.c:4011^M >> #5 0x868aca in inferior_event_handler(inferior_event_type, void*) ..= /../binutils-gdb/gdb/inf-loop.c:44^M >> .... >> ^[[1m^[[32m0x6160000999c4 is located 68 bytes inside of 568-byte region = [0x616000099980,0x616000099bb8)^M >> ^[[1m^[[0m^[[1m^[[35mfreed by thread T0 here:^[[1m^[[0m^M >> #0 0x7fb0bc1312ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/l= ibasan.so.2+0x982ca)^M >> #1 0xb8c62f in xfree(void*) ../../binutils-gdb/gdb/common/common-uti= ls.c:100^M >> #2 0x83df67 in free_thread ../../binutils-gdb/gdb/thread.c:207^M >> #3 0x83dfd2 in init_thread_list() ../../binutils-gdb/gdb/thread.c:22= 3^M >> #4 0x805494 in kill_command ../../binutils-gdb/gdb/infcmd.c:2595^M >> .... >> >> Detaching from program: /home/yao.qi/SourceCode/gnu/build-with-asan/gdb/= testsuite/outputs/gdb.threads/threadapply/threadapply, process 2399^M >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D^M >> ^[[1m^[[31m=3D=3D2387=3D=3DERROR: AddressSanitizer: heap-use-after-free = on address 0x6160000a98c0 at pc 0x00000083fd28 bp 0x7ffd401c3110 sp 0x7ffd4= 01c3100^M >> ^[[1m^[[0m^[[1m^[[34mREAD of size 4 at 0x6160000a98c0 thread T0^[[1m^[[0= m^M >> #0 0x83fd27 in thread_alive ../../binutils-gdb/gdb/thread.c:741^M >> #1 0x844277 in thread_apply_all_command ../../binutils-gdb/gdb/threa= d.c:1804^M >> .... >> ^M >> ^[[1m^[[32m0x6160000a98c0 is located 64 bytes inside of 568-byte region = [0x6160000a9880,0x6160000a9ab8)^M >> ^[[1m^[[0m^[[1m^[[35mfreed by thread T0 here:^[[1m^[[0m^M >> #0 0x7f59a7e322ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/l= ibasan.so.2+0x982ca)^M >> #1 0xb8c62f in xfree(void*) ../../binutils-gdb/gdb/common/common-uti= ls.c:100^M >> #2 0x83df67 in free_thread ../../binutils-gdb/gdb/thread.c:207^M >> #3 0x83dfd2 in init_thread_list() ../../binutils-gdb/gdb/thread.c:22= 3^M >> >> This patch fixes the issue by always checking refcount before decreasing= it. >> If it is zero already, free the thread_info. >> >> gdb: >> >> 2017-03-27 Yao Qi >> >> PR gdb/19942 >> * gdbthread.h (free_thread): Declare. >> * infrun.c (release_stop_context_cleanup): If refcount is zero >> call free_thread. >> * thread.c (free_thread): Remove "static". >> (init_thread_list): If refcount is zero, call free_thread. >> (restore_current_thread_cleanup_dtor): Likewise. >> (set_thread_refcount): Likewise. >> --- >> gdb/gdbthread.h | 3 +++ >> gdb/infrun.c | 7 ++++++- >> gdb/thread.c | 21 +++++++++++++++++---- >> 3 files changed, 26 insertions(+), 5 deletions(-) >> >> diff --git a/gdb/gdbthread.h b/gdb/gdbthread.h >> index 455cfd8..f89c6e1 100644 >> --- a/gdb/gdbthread.h >> +++ b/gdb/gdbthread.h >> @@ -369,6 +369,9 @@ extern void delete_thread (ptid_t); >> exited, for example. */ >> extern void delete_thread_silent (ptid_t); >> >> +/* Free TP. */ >> +extern void free_thread (struct thread_info *tp); >> + >> /* Delete a step_resume_breakpoint from the thread database. */ >> extern void delete_step_resume_breakpoint (struct thread_info *); >> >> diff --git a/gdb/infrun.c b/gdb/infrun.c >> index 5125ede..13b74bd 100644 >> --- a/gdb/infrun.c >> +++ b/gdb/infrun.c >> @@ -8200,7 +8200,12 @@ release_stop_context_cleanup (void *arg) >> struct stop_context *sc =3D (struct stop_context *) arg; >> >> if (sc->thread !=3D NULL) >> - sc->thread->refcount--; >> + { >> + if (sc->thread->refcount =3D=3D 0) >> + free_thread (sc->thread); >> + else >> + sc->thread->refcount--; >> + } >> xfree (sc); >> } >> >> diff --git a/gdb/thread.c b/gdb/thread.c >> index 1e39ac4..36dc40f 100644 >> --- a/gdb/thread.c >> +++ b/gdb/thread.c >> @@ -192,7 +192,7 @@ clear_thread_inferior_resources (struct thread_info = *tp) >> thread_cancel_execution_command (tp); >> } >> >> -static void >> +void >> free_thread (struct thread_info *tp) >> { >> if (tp->priv) >> @@ -220,7 +220,10 @@ init_thread_list (void) >> for (tp =3D thread_list; tp; tp =3D tpnext) >> { >> tpnext =3D tp->next; >> - free_thread (tp); >> + if (tp->refcount =3D=3D 0) >> + free_thread (tp); >> + else >> + tp->refcount--; >> } >> >> thread_list =3D NULL; >> @@ -1612,7 +1615,12 @@ restore_current_thread_cleanup_dtor (void *arg) >> >> tp =3D find_thread_ptid (old->inferior_ptid); >> if (tp) >> - tp->refcount--; >> + { >> + if (tp->refcount =3D=3D 0) >> + free_thread (tp); >> + else >> + tp->refcount--; >> + } >> inf =3D find_inferior_id (old->inf_id); >> if (inf !=3D NULL) >> inf->removable =3D old->was_removable; >> @@ -1629,7 +1637,12 @@ set_thread_refcount (void *data) >> =3D (struct thread_array_cleanup *) data; >> >> for (k =3D 0; k !=3D ta_cleanup->count; k++) >> - ta_cleanup->tp_array[k]->refcount--; >> + { >> + if (ta_cleanup->tp_array[k]->refcount =3D=3D 0) >> + free_thread (ta_cleanup->tp_array[k]); >> + else >> + ta_cleanup->tp_array[k]->refcount--; >> + } >> } >> >> struct cleanup * >> -- >> 1.9.1