[Bug cli/13728] New: GDB crashes on catch exec -> detach

public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed

* [Bug cli/13728] New: GDB crashes on catch exec -> detach
@ 2012-02-23 10:18 jan.kratochvil at redhat dot com
  2012-02-29 17:02 ` [Bug cli/13728] " tromey at redhat dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: jan.kratochvil at redhat dot com @ 2012-02-23 10:18 UTC (permalink / raw)
  To: gdb-prs

http://sourceware.org/bugzilla/show_bug.cgi?id=13728

             Bug #: 13728
           Summary: GDB crashes on catch exec -> detach
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: cli
        AssignedTo: unassigned@sourceware.org
        ReportedBy: jan.kratochvil@redhat.com
    Classification: Unclassified


#include <unistd.h>
#include <assert.h>
#include <stdio.h>
int
main (void)
{
  for (;;)
    {
      int i;
      sleep (5);
      puts ("fork");
      i = fork ();
      assert (i >= 0);
      if (i == 0)
    {
      sleep (1);
      execlp ("sh", "sh", "-c", "echo x;sleep 60", NULL);
      assert (0);
    }
    }
}

gdb ~/t/forkdetach -ex 'set detach-on-fork off' -ex 'set non-stop on' -ex 'set
target-async on'
(gdb) catch exec 
Catchpoint 1 (exec)
(gdb) commands 1
Type commands for breakpoint(s) 1, one per line.
End with a line saying just "end".
>detach
>end
(gdb) r &
[New process 12872]
process 12872 is executing new program: /bin/bash

Catchpoint 1 (exec'd /bin/bash), 0x00000032a76016e0 in _start () from
/lib64/ld-linux-x86-64.so.2
warning: x
Segmentation fault

gdb-7.3.50.20110722-10.fc16.x86_64

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug cli/13728] GDB crashes on catch exec -> detach
  2012-02-23 10:18 [Bug cli/13728] New: GDB crashes on catch exec -> detach jan.kratochvil at redhat dot com
@ 2012-02-29 17:02 ` tromey at redhat dot com
  2012-02-29 21:43 ` tromey at redhat dot com
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: tromey at redhat dot com @ 2012-02-29 17:02 UTC (permalink / raw)
  To: gdb-prs

http://sourceware.org/bugzilla/show_bug.cgi?id=13728

Tom Tromey <tromey at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at redhat dot com

--- Comment #1 from Tom Tromey <tromey at redhat dot com> 2012-02-29 17:01:50 UTC ---
The "detach" causes the bpstat to be freed;
but code higher up the stack is still using it.

==23681== Invalid read of size 8
==23681==    at 0x66ED20: bpstat_do_actions_1 (breakpoint.c:3832)
==23681==    by 0x66ED6B: bpstat_do_actions (breakpoint.c:3914)
==23681==    by 0x70098A: inferior_event_handler (inf-loop.c:117)
==23681==    by 0x6E038D: fetch_inferior_event (infrun.c:2817)
==23681==    by 0x700A25: fetch_inferior_event_wrapper (inf-loop.c:145)
==23681==    by 0x6F5BD7: catch_errors (exceptions.c:546)
==23681==    by 0x700793: inferior_event_handler (inf-loop.c:53)
==23681==    by 0x5D19C5: handle_target_event (linux-nat.c:4950)
==23681==    by 0x6FE461: handle_file_event (event-loop.c:827)
==23681==    by 0x6FD927: process_event (event-loop.c:401)
==23681==    by 0x6FD9C9: gdb_do_one_event (event-loop.c:453)
==23681==    by 0x6FDA3F: start_event_loop (event-loop.c:490)
==23681==  Address 0x4fd4270 is 0 bytes inside a block of size 48 free'd
==23681==    at 0x4A0662E: free (vg_replace_malloc.c:366)
==23681==    by 0x819DD4: xfree (common-utils.c:107)
==23681==    by 0x66E7E6: bpstat_free (breakpoint.c:3631)
==23681==    by 0x66E81F: bpstat_clear (breakpoint.c:3649)
==23681==    by 0x6F1BFE: clear_thread_inferior_resources (thread.c:116)
==23681==    by 0x6F2152: delete_thread_1 (thread.c:294)
==23681==    by 0x6F21E5: delete_thread_silent (thread.c:317)
==23681==    by 0x80C87F: delete_thread_of_inferior (inferior.c:173)
==23681==    by 0x6F22D8: iterate_over_threads (thread.c:368)
==23681==    by 0x80CAA8: exit_inferior_1 (inferior.c:272)
==23681==    by 0x80CBE9: detach_inferior (inferior.c:322)
==23681==    by 0x5C31E2: inf_ptrace_detach (inf-ptrace.c:303)
==23681==

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug cli/13728] GDB crashes on catch exec -> detach
  2012-02-23 10:18 [Bug cli/13728] New: GDB crashes on catch exec -> detach jan.kratochvil at redhat dot com
  2012-02-29 17:02 ` [Bug cli/13728] " tromey at redhat dot com
@ 2012-02-29 21:43 ` tromey at redhat dot com
  2012-03-14 15:20 ` palves at redhat dot com
  2024-01-09 19:53 ` ssbssa at sourceware dot org
  3 siblings, 0 replies; 5+ messages in thread
From: tromey at redhat dot com @ 2012-02-29 21:43 UTC (permalink / raw)
  To: gdb-prs

http://sourceware.org/bugzilla/show_bug.cgi?id=13728

--- Comment #2 from Tom Tromey <tromey at redhat dot com> 2012-02-29 21:43:34 UTC ---
Created attachment 6258
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6258
sample patch

This patch makes it work, but I don't know whether or not it
is correct.
Another approach, that I think might be safer, would be to
refcount bpstats.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug cli/13728] GDB crashes on catch exec -> detach
  2012-02-23 10:18 [Bug cli/13728] New: GDB crashes on catch exec -> detach jan.kratochvil at redhat dot com
  2012-02-29 17:02 ` [Bug cli/13728] " tromey at redhat dot com
  2012-02-29 21:43 ` tromey at redhat dot com
@ 2012-03-14 15:20 ` palves at redhat dot com
  2024-01-09 19:53 ` ssbssa at sourceware dot org
  3 siblings, 0 replies; 5+ messages in thread
From: palves at redhat dot com @ 2012-03-14 15:20 UTC (permalink / raw)
  To: gdb-prs

http://sourceware.org/bugzilla/show_bug.cgi?id=13728

Pedro Alves <palves at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |palves at redhat dot com

--- Comment #3 from Pedro Alves <palves at redhat dot com> 2012-03-14 15:20:17 UTC ---
Yeah.

This made me question whether we really want to continue processing the
commands if the thread that hit the breakpoint is gone
(detach/disconnect/kill/etc.).  We similarly stop processing if the target is
proceeded, which made me wonder about doing the same here, but in proceed case,
we have extra complications, for example, related to ending up with more than
one bpstat active for the same thread.  So if we can make this work, it seems
like we should try.

Does that patch even run "valgrind free" ?  It seems like you'd restore the
bpstat into:

 inferior_thread ()->control.stop_bpstat

But that thread has been deleted/free'd, along with its stop_bpstat.

If we remove the bpstat temporarily out of the thread, as in:

   /* This pointer will iterate over the list of bpstat's.  */
   bs = *bsp;
+  *bsp = NULL;

Then if something in the command list deletes a breakpoint that was in the
bpstat, bpstat_remove_breakpoint_callback will not be able to find the bpstat,
and we will end up a stale breakpoint pointer in the bpstat.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug cli/13728] GDB crashes on catch exec -> detach
  2012-02-23 10:18 [Bug cli/13728] New: GDB crashes on catch exec -> detach jan.kratochvil at redhat dot com
                   ` (2 preceding siblings ...)
  2012-03-14 15:20 ` palves at redhat dot com
@ 2024-01-09 19:53 ` ssbssa at sourceware dot org
  3 siblings, 0 replies; 5+ messages in thread
From: ssbssa at sourceware dot org @ 2024-01-09 19:53 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=13728

Hannes Domani <ssbssa at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |keiths at redhat dot com

--- Comment #4 from Hannes Domani <ssbssa at sourceware dot org> ---
*** Bug 14354 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-01-09 19:53 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-02-23 10:18 [Bug cli/13728] New: GDB crashes on catch exec -> detach jan.kratochvil at redhat dot com
2012-02-29 17:02 ` [Bug cli/13728] " tromey at redhat dot com
2012-02-29 21:43 ` tromey at redhat dot com
2012-03-14 15:20 ` palves at redhat dot com
2024-01-09 19:53 ` ssbssa at sourceware dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).