From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9180 invoked by alias); 25 Apr 2017 18:16:50 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 9170 invoked by uid 89); 25 Apr 2017 18:16:49 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=780, Gilmore, gilmore, doug X-HELO: mailapp01.imgtec.com Received: from mailapp01.imgtec.com (HELO mailapp01.imgtec.com) (195.59.15.196) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 25 Apr 2017 18:16:47 +0000 Received: from hhmail02.hh.imgtec.org (unknown [10.100.10.20]) by Forcepoint Email with ESMTPS id CDEEFC1C3105B; Tue, 25 Apr 2017 19:16:40 +0100 (IST) Received: from HHMAIL-X.hh.imgtec.org (10.100.10.113) by hhmail02.hh.imgtec.org (10.100.10.20) with Microsoft SMTP Server (TLS) id 14.3.294.0; Tue, 25 Apr 2017 19:16:45 +0100 Received: from BAMAIL02.ba.imgtec.org (10.20.40.28) by HHMAIL-X.hh.imgtec.org (10.100.10.113) with Microsoft SMTP Server (TLS) id 14.3.294.0; Tue, 25 Apr 2017 19:16:44 +0100 Received: from [10.20.2.42] (10.20.2.42) by bamail02.ba.imgtec.org (10.20.40.28) with Microsoft SMTP Server id 14.3.266.1; Tue, 25 Apr 2017 11:16:42 -0700 From: Doug Gilmore Subject: Re: [PATCH] Fix PR 21337 v2: segfault when re-reading symbols with remote debugging. To: Simon Marchi References: <20511c76-c816-d31d-5144-749eac9fc470@imgtec.com> <3c5ce0a0-72e5-4460-5555-ad2214866260@imgtec.com> <5c494cc147f71dd8246572aa0b815c9f@polymtl.ca> CC: Luis Machado , Message-ID: Date: Tue, 25 Apr 2017 18:16:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <5c494cc147f71dd8246572aa0b815c9f@polymtl.ca> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-SW-Source: 2017-04/txt/msg00669.txt.bz2 On 04/21/2017 07:15 PM, Simon Marchi wrote: > On 2017-04-13 14:56, Doug Gilmore wrote: >> I updated and rebased the patch per Luis's comments in: >> >> https://www.sourceware.org/ml/gdb-patches/2017-04/msg00361.html >> >> which I attached. Could a global maintainer review it when they have >> the chance? The problem is only exposed on MIPS, however the patch >> involves changing code that is not MIPS specific. >> >> Thanks, >> >> Doug >> >> gdb/ >> >> 2017-??-?? Doug Gilmore >> >> * symfile.c (reread_symbols): Fix PR 21337. >> --- >> gdb/symfile.c | 9 ++++++--- >> 1 file changed, 6 insertions(+), 3 deletions(-) >> >> diff --git a/gdb/symfile.c b/gdb/symfile.c >> index 846aabe..d57563d 100644 >> --- a/gdb/symfile.c >> +++ b/gdb/symfile.c >> @@ -2576,6 +2576,12 @@ reread_symbols (void) >> /* Free the obstacks for non-reusable objfiles. */ >> psymbol_bcache_free (objfile->psymbol_cache); >> objfile->psymbol_cache = psymbol_bcache_init (); >> + >> + /* Notify objfiles that we've modified objfile sections, which now >> + needs to be done early to ensure that, for the MIPS target, >> + find_pc_section won't access stale data. */ >> + objfiles_changed (); >> + >> obstack_free (&objfile->objfile_obstack, 0); >> objfile->sections = NULL; >> objfile->compunit_symtabs = NULL; >> @@ -2660,9 +2666,6 @@ reread_symbols (void) >> >> if (!new_objfiles.empty ()) >> { >> - /* Notify objfiles that we've modified objfile sections. */ >> - objfiles_changed (); >> - >> clear_symtab_users (0); >> >> /* clear_objfile_data for each objfile was called before freeing it and > > I don't have the required knowledge to review this properly, but I have a question. From the attachment in Bugzilla, the backtrace where the crash happens is: > > ==19949== at 0x64D827: bsearch_cmp(void const*, void const*) (objfiles.c:1415) > ==19949== by 0x559D247: bsearch (stdlib-bsearch.h:33) > ==19949== by 0x64D9E3: find_pc_section(unsigned long) (objfiles.c:1462) > ==19949== by 0x643BDE: lookup_minimal_symbol_by_pc(unsigned long) (minsyms.c:785) > ==19949== by 0x40852B: mips_pc_is_mips(unsigned long) (mips-tdep.c:1183) > ==19949== by 0x4086EA: mips_adjust_dwarf2_addr(unsigned long) (mips-tdep.c:1271) > ==19949== by 0x5E0F98: gdbarch_adjust_dwarf2_addr(gdbarch*, unsigned long) (gdbarch.c:3369) > ==19949== by 0x5A24E5: read_attribute_value(die_reader_specs const*, attribute*, unsigned int, long, unsigned char const*) (dwarf2read.c:16570) > ==19949== by 0x5A2E2E: read_attribute(die_reader_specs const*, attribute*, attr_abbrev*, unsigned char const*) (dwarf2read.c:16796) > ==19949== by 0x59FA76: read_full_die_1(die_reader_specs const*, die_info**, unsigned char const*, int*, int) (dwarf2read.c:15537) > ==19949== by 0x59FAEB: read_full_die(die_reader_specs const*, die_info**, unsigned char const*, int*) (dwarf2read.c:15556) > ==19949== by 0x587B9A: init_cutu_and_read_dies(dwarf2_per_cu_data*, abbrev_table*, int, int, void (*)(die_reader_specs const*, unsigned char const*, die_info*, int, void*), void*) (dwarf2read.c:5710) > > > I'd be curious to see the rest of that backtrace to understand better when/why it blows up. It looks like you can use --num-callers with valgrind, or simply use GDB :). > > Simon > Sorry for the delay, here is the trace under "valgrind --num-callers=111". Note that I marked the critical call points in reread_symbols. In reread_symbols at symfile.c:2631 read_symbols is called. Via the call to read_symbols, bsearch_cmp is eventually called, which "reads" memory that was free'd memory via the call to _obstack_free that was called just above in reread_symbols at symfile.c:2579. The patch moves the call to objfiles_changed to the point obstack_free is called, so that free'd memory will not be referenced. Trace attached. Thanks, Doug (gdb) qrun `/home/dgilmore/tmp/h' has changed; re-reading symbols. ==8380== Invalid read of size 8 ==8380== at 0x653949: bsearch_cmp(void const*, void const*) (objfiles.c:1415) ==8380== by 0x559D247: bsearch (stdlib-bsearch.h:33) ==8380== by 0x653B05: find_pc_section(unsigned long) (objfiles.c:1462) ==8380== by 0x649D00: lookup_minimal_symbol_by_pc(unsigned long) (minsyms.c:785) ==8380== by 0x40852B: mips_pc_is_mips(unsigned long) (mips-tdep.c:1183) ==8380== by 0x4086EA: mips_adjust_dwarf2_addr(unsigned long) (mips-tdep.c:1271) ==8380== by 0x5E55C2: gdbarch_adjust_dwarf2_addr(gdbarch*, unsigned long) (gdbarch.c:3417) ==8380== by 0x5A3EB1: read_attribute_value(die_reader_specs const*, attribute*, unsigned int, long, unsigned char const*) (dwarf2read.c:16620) ==8380== by 0x5A4823: read_attribute(die_reader_specs const*, attribute*, attr_abbrev*, unsigned char const*) (dwarf2read.c:16846) ==8380== by 0x5A13BC: read_full_die_1(die_reader_specs const*, die_info**, unsigned char const*, int*, int) (dwarf2read.c:15585) ==8380== by 0x5A1431: read_full_die(die_reader_specs const*, die_info**, unsigned char const*, int*) (dwarf2read.c:15604) ==8380== by 0x5890B5: init_cutu_and_read_dies(dwarf2_per_cu_data*, abbrev_table*, int, int, void (*)(die_reader_specs const*, unsigned char const*, die_info*, int, void*), void*) (dwarf2read.c:5753) ==8380== by 0x58A48F: process_psymtab_comp_unit(dwarf2_per_cu_data*, int, language) (dwarf2read.c:6265) ==8380== by 0x58B0D0: dwarf2_build_psymtabs_hard(objfile*) (dwarf2read.c:6658) ==8380== by 0x5859F8: dwarf2_build_psymtabs(objfile*) (dwarf2read.c:4407) ==8380== by 0x498C32: read_psyms(objfile*) (elfread.c:1290) ==8380== by 0x6703D8: require_partial_symbols(objfile*, int) (psymtab.c:87) ==8380== by 0x6ADB21: read_symbols(objfile*, enum_flags) (symfile.c:883) ==8380== by 0x6B1706: reread_symbols() (symfile.c:2631) <<< note _obstack_free called at reread_symbols() (symfile.c:2579) ==8380== by 0x4389A5: remote_open_1(char const*, int, target_ops*, int) (remote.c:5021) ==8380== by 0x437AD8: remote_open(char const*, int) (remote.c:4370) ==8380== by 0x6D546E: open_target(char*, int, cmd_list_element*) (target.c:359) ==8380== by 0x4662CC: do_sfunc(cmd_list_element*, char*, int) (cli-decode.c:122) ==8380== by 0x4692F1: cmd_func(cmd_list_element*, char*, int) (cli-decode.c:1887) ==8380== by 0x6E76BF: execute_command(char*, int) (top.c:674) ==8380== by 0x46DF03: execute_control_command(command_line*) (cli-script.c:494) ==8380== by 0x46DD74: execute_user_command(cmd_list_element*, char*) (cli-script.c:423) ==8380== by 0x6E7606: execute_command(char*, int) (top.c:664) ==8380== by 0x5C392C: command_handler(char*) (event-top.c:590) ==8380== by 0x5C3CF1: command_line_handler(char*) (event-top.c:780) ==8380== by 0x5C32D2: gdb_rl_callback_handler(char*) (event-top.c:213) ==8380== by 0x76C1DF: rl_callback_read_char (callback.c:220) ==8380== by 0x5C31EB: gdb_rl_callback_read_char_wrapper_noexcept() (event-top.c:175) ==8380== by 0x5C3261: gdb_rl_callback_read_char_wrapper(void*) (event-top.c:192) ==8380== by 0x5C37DB: stdin_event_handler(int, void*) (event-top.c:518) ==8380== by 0x5C1E60: handle_file_event(file_handler*, int) (event-loop.c:733) ==8380== by 0x5C23EC: gdb_wait_for_event(int) (event-loop.c:859) ==8380== by 0x5C1231: gdb_do_one_event() (event-loop.c:322) ==8380== by 0x5C12E2: start_event_loop() (event-loop.c:371) ==8380== by 0x6352DC: captured_command_loop(void*) (main.c:325) ==8380== by 0x5C4CA6: catch_errors(int (*)(void*), void*, char const*, return_mask) (exceptions.c:236) ==8380== by 0x6366C4: captured_main(void*) (main.c:1150) ==8380== by 0x6366ED: gdb_main(captured_main_args*) (main.c:1160) ==8380== by 0x4066C3: main (gdb.c:32) ==8380== Address 0x5aaca00 is 288 bytes inside a block of size 4,064 free'd ==8380== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8380== by 0x545CD3: xfree(void*) (common-utils.c:100) ==8380== by 0x81C903: _obstack_free (obstack.c:280) ==8380== by 0x6B1143: reread_symbols() (symfile.c:2579) <<< ==8380== by 0x4389A5: remote_open_1(char const*, int, target_ops*, int) (remote.c:5021) ==8380== by 0x437AD8: remote_open(char const*, int) (remote.c:4370) ==8380== by 0x6D546E: open_target(char*, int, cmd_list_element*) (target.c:359) ==8380== by 0x4662CC: do_sfunc(cmd_list_element*, char*, int) (cli-decode.c:122) ==8380== by 0x4692F1: cmd_func(cmd_list_element*, char*, int) (cli-decode.c:1887) ==8380== by 0x6E76BF: execute_command(char*, int) (top.c:674) ==8380== by 0x46DF03: execute_control_command(command_line*) (cli-script.c:494) ==8380== by 0x46DD74: execute_user_command(cmd_list_element*, char*) (cli-script.c:423) ==8380== by 0x6E7606: execute_command(char*, int) (top.c:664) ==8380== by 0x5C392C: command_handler(char*) (event-top.c:590) ==8380== by 0x5C3CF1: command_line_handler(char*) (event-top.c:780) ==8380== by 0x5C32D2: gdb_rl_callback_handler(char*) (event-top.c:213) ==8380== by 0x76C1DF: rl_callback_read_char (callback.c:220) ==8380== by 0x5C31EB: gdb_rl_callback_read_char_wrapper_noexcept() (event-top.c:175) ==8380== by 0x5C3261: gdb_rl_callback_read_char_wrapper(void*) (event-top.c:192) ==8380== by 0x5C37DB: stdin_event_handler(int, void*) (event-top.c:518) ==8380== by 0x5C1E60: handle_file_event(file_handler*, int) (event-loop.c:733) ==8380== by 0x5C23EC: gdb_wait_for_event(int) (event-loop.c:859) ==8380== by 0x5C1231: gdb_do_one_event() (event-loop.c:322) ==8380== by 0x5C12E2: start_event_loop() (event-loop.c:371) ==8380== by 0x6352DC: captured_command_loop(void*) (main.c:325) ==8380== by 0x5C4CA6: catch_errors(int (*)(void*), void*, char const*, return_mask) (exceptions.c:236) ==8380== by 0x6366C4: captured_main(void*) (main.c:1150) ==8380== by 0x6366ED: gdb_main(captured_main_args*) (main.c:1160) ==8380== by 0x4066C3: main (gdb.c:32) ==8380==