public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug python/27315] New: Walking threads during frame display pretty-printer causes crashes
@ 2021-02-02 13:40 psmith at gnu dot org
2021-02-02 13:40 ` [Bug python/27315] " psmith at gnu dot org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: psmith at gnu dot org @ 2021-02-02 13:40 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27315
Bug ID: 27315
Summary: Walking threads during frame display pretty-printer
causes crashes
Product: gdb
Version: 10.1
Status: NEW
Severity: normal
Priority: P2
Component: python
Assignee: unassigned at sourceware dot org
Reporter: psmith at gnu dot org
Target Milestone: ---
Created attachment 13194
--> https://sourceware.org/bugzilla/attachment.cgi?id=13194&action=edit
Repro source file
I can consistently make GDB either loop continuously during backtrace, or crash
showing a frame, by adding a pretty-printer that queries the GDB threads()
method on the inferior.
Compile the attached foo.cpp file; MUST be compiled with -pthreads!
$ g++ -g -ggdb3 -pthread -o foo foo.cpp
Now run it to get a core:
$ ./foo hiya
hiya
Aborted (core dumped)
Now you can see the backtrace if you use GDB and it works fine:
$ gdb -q -batch -ex 'bt' -c core foo
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `./foo hiya'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f28af56a18b in raise () from /lib/x86_64-linux-gnu/libc.so.6
#0 0x00007f28af56a18b in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f28af549859 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x000055e3b4dc4203 in foo (f=...) at foo.cpp:13
#3 0x000055e3b4dc4256 in main (argc=2, argv=0x7ffe1045c1c8) at foo.cpp:20
Now try the same thing using the attached pretty-printer:
$ gdb -q -x foo.py -batch -ex 'bt' -c core foo
On my system this will recursively try to print the backtrace over and over for
a while, after which it will either "succeed", or GDB will dump core with:
gdb/frame.c:2467: internal-error: bool get_frame_pc_if_available(frame_info*,
CORE_ADDR*): Assertion `frame->next != NULL' failed.
If you change the pretty-printer implementation from:
gdb.selected_inferior().threads()
to just:
gdb.selected_inferior()
it works fine again.
Also if I edited gdb/ptyhon/py-inferior.c and removed the update_thread_list()
call changing:
try
{
update_thread_list ();
}
catch (const gdb_exception &except)
{
to:
try
{
// update_thread_list ();
}
catch (const gdb_exception &except)
{
it also works fine.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug python/27315] Walking threads during frame display pretty-printer causes crashes
2021-02-02 13:40 [Bug python/27315] New: Walking threads during frame display pretty-printer causes crashes psmith at gnu dot org
@ 2021-02-02 13:40 ` psmith at gnu dot org
2021-02-02 14:29 ` simark at simark dot ca
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: psmith at gnu dot org @ 2021-02-02 13:40 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27315
--- Comment #1 from psmith at gnu dot org ---
Created attachment 13195
--> https://sourceware.org/bugzilla/attachment.cgi?id=13195&action=edit
Python pretty-printer
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug python/27315] Walking threads during frame display pretty-printer causes crashes
2021-02-02 13:40 [Bug python/27315] New: Walking threads during frame display pretty-printer causes crashes psmith at gnu dot org
2021-02-02 13:40 ` [Bug python/27315] " psmith at gnu dot org
@ 2021-02-02 14:29 ` simark at simark dot ca
2021-02-02 14:37 ` simark at simark dot ca
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: simark at simark dot ca @ 2021-02-02 14:29 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27315
Simon Marchi <simark at simark dot ca> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simark at simark dot ca
--- Comment #2 from Simon Marchi <simark at simark dot ca> ---
I think I can reproduce, but since I build with AddressSanitizer I got this
error, that probably happens before hitting the assert:
==331355==ERROR: AddressSanitizer: heap-use-after-free on address
0x62100582b5a0 at pc 0x5618c1d7fc20 bp 0x7ffca9c449c0 sp 0x7ffca9c449b0
READ of size 8 at 0x62100582b5a0 thread T0
#0 0x5618c1d7fc1f in get_frame_pc_if_available(frame_info*, unsigned long*)
/home/simark/src/binutils-gdb/gdb/frame.c:2633
#1 0x5618c1d7f2a6 in get_prev_frame(frame_info*)
/home/simark/src/binutils-gdb/gdb/frame.c:2521
#2 0x5618c2f37466 in backtrace_command_1
/home/simark/src/binutils-gdb/gdb/stack.c:2075
#3 0x5618c2f381a8 in backtrace_command
/home/simark/src/binutils-gdb/gdb/stack.c:2203
#4 0x5618c14989a7 in do_const_cfunc
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:101
#5 0x5618c14a9848 in
cmd_func(cmd_list_element*, char const*, int)
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:2181
#6 0x5618c32a7bbe in execute_command(char const*, int)
/home/simark/src/binutils-gdb/gdb/top.c:662
#7 0x5618c23a8c95 in catch_command_errors
/home/simark/src/binutils-gdb/gdb/main.c:450
#8 0x5618c23a9526 in execute_cmdargs
/home/simark/src/binutils-gdb/gdb/main.c:539
#9 0x5618c23ad17d in captured_main_1
/home/simark/src/binutils-gdb/gdb/main.c:1211
#10 0x5618c23ad710 in captured_main
/home/simark/src/binutils-gdb/gdb/main.c:1232
#11 0x5618c23ad7ec in
gdb_main(captured_main_args*) /home/simark/src/binutils-gdb/gdb/main.c:1257
#12 0x5618c0c913e8 in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
#13 0x7f012162b151 in __libc_start_main (/usr/lib/libc.so.6+0x28151)
#14 0x5618c0c911bd in _start
(/home/simark/build/binutils-gdb/gdb/gdb+0x69981bd)
0x62100582b5a0 is located 160 bytes inside of 4064-byte region
[0x62100582b500,0x62100582c4e0)
freed by thread T0 here:
#0 0x7f01231ef0e9 in __interceptor_free
/build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:123
#1 0x5618c1d8389b in xfree<void>
/home/simark/src/binutils-gdb/gdb/../gdbsupport/common-utils.h:62
#2 0x5618c49f240f in call_freefun
/home/simark/src/binutils-gdb/libiberty/obstack.c:103
#3 0x5618c49f2e4e in _obstack_free
/home/simark/src/binutils-gdb/libiberty/obstack.c:280
#4 0x5618c1d7b5d9 in reinit_frame_cache()
/home/simark/src/binutils-gdb/gdb/frame.c:2054
#5 0x5618c324cb37 in switch_to_no_thread()
/home/simark/src/binutils-gdb/gdb/thread.c:1334
#6 0x5618c2063c60 in switch_to_inferior_no_thread(inferior*)
/home/simark/src/binutils-gdb/gdb/inferior.c:628
#7 0x5618c3242588 in prune_threads()
/home/simark/src/binutils-gdb/gdb/thread.c:728
#8 0x5618c22c0bcf in thread_db_target::update_thread_list()
/home/simark/src/binutils-gdb/gdb/linux-thread-db.c:1606
#9 0x5618c31f6a92 in target_update_thread_list()
/home/simark/src/binutils-gdb/gdb/target.c:3141
#10 0x5618c3255f84 in update_thread_list()
/home/simark/src/binutils-gdb/gdb/thread.c:2038
#11 0x5618c28f38d1 in infpy_threads
/home/simark/src/binutils-gdb/gdb/python/py-inferior.c:397
#12 0x7f0122c44e0d (/usr/lib/libpython3.9.so.1.0+0x141e0d)
previously allocated by thread T0 here:
#0 0x7f01231ef459 in __interceptor_malloc
/build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x5618c0e3bb7d in xmalloc /home/simark/src/binutils-gdb/gdb/alloc.c:60
#2 0x5618c49f2319 in call_chunkfun
/home/simark/src/binutils-gdb/libiberty/obstack.c:94
#3 0x5618c49f2a1a in _obstack_newchunk
/home/simark/src/binutils-gdb/libiberty/obstack.c:206
#4 0x5618c1d78681 in frame_obstack_zalloc(unsigned long)
/home/simark/src/binutils-gdb/gdb/frame.c:1644
#5 0x5618c1d7e36d in get_prev_frame_raw
/home/simark/src/binutils-gdb/gdb/frame.c:2392
#6 0x5618c1d7ba81 in get_prev_frame_if_no_cycle
/home/simark/src/binutils-gdb/gdb/frame.c:2109
#7 0x5618c1d7ddb3 in get_prev_frame_always_1
/home/simark/src/binutils-gdb/gdb/frame.c:2328
#8 0x5618c1d7deaa in get_prev_frame_always(frame_info*)
/home/simark/src/binutils-gdb/gdb/frame.c:2344
#9 0x5618c1d7f6e3 in get_prev_frame(frame_info*)
/home/simark/src/binutils-gdb/gdb/frame.c:2603
#10 0x5618c2f37466 in backtrace_command_1
/home/simark/src/binutils-gdb/gdb/stack.c:2075
#11 0x5618c2f381a8 in backtrace_command
/home/simark/src/binutils-gdb/gdb/stack.c:2203
#12 0x5618c14989a7 in do_const_cfunc
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:101
#13 0x5618c14a9848 in cmd_func(cmd_list_element*, char const*, int)
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:2181
#14 0x5618c32a7bbe in execute_command(char const*, int)
/home/simark/src/binutils-gdb/gdb/top.c:662
#15 0x5618c23a8c95 in catch_command_errors
/home/simark/src/binutils-gdb/gdb/main.c:450
#16 0x5618c23a9526 in execute_cmdargs
/home/simark/src/binutils-gdb/gdb/main.c:539
#17 0x5618c23ad17d in captured_main_1
/home/simark/src/binutils-gdb/gdb/main.c:1211
#18 0x5618c23ad710 in captured_main
/home/simark/src/binutils-gdb/gdb/main.c:1232
#19 0x5618c23ad7ec in gdb_main(captured_main_args*)
/home/simark/src/binutils-gdb/gdb/main.c:1257
#20 0x5618c0c913e8 in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
#21 0x7f012162b151 in __libc_start_main (/usr/lib/libc.so.6+0x28151)
SUMMARY: AddressSanitizer: heap-use-after-free
/home/simark/src/binutils-gdb/gdb/frame.c:2633 in
get_frame_pc_if_available(frame_info*, unsigned long*)
The line where the issue triggers is:
bool
get_frame_pc_if_available (frame_info *frame, CORE_ADDR *pc)
{
gdb_assert (frame->next != NULL); <--- HERE
So, it looks like the same line as you, but we probably didn't build the same
version.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug python/27315] Walking threads during frame display pretty-printer causes crashes
2021-02-02 13:40 [Bug python/27315] New: Walking threads during frame display pretty-printer causes crashes psmith at gnu dot org
2021-02-02 13:40 ` [Bug python/27315] " psmith at gnu dot org
2021-02-02 14:29 ` simark at simark dot ca
@ 2021-02-02 14:37 ` simark at simark dot ca
2022-02-21 1:34 ` psmith at gnu dot org
2023-08-01 18:18 ` tromey at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: simark at simark dot ca @ 2021-02-02 14:37 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27315
--- Comment #3 from Simon Marchi <simark at simark dot ca> ---
What I get from this is that we are iterating on the frames, updating the
thread list throws the frame cache away, here:
#0 reinit_frame_cache () at /home/simark/src/binutils-gdb/gdb/frame.c:2042
#1 0x000055555e4a7b38 in switch_to_no_thread () at
/home/simark/src/binutils-gdb/gdb/thread.c:1334
#2 0x000055555d2bec61 in switch_to_inferior_no_thread (inf=0x615000020100) at
/home/simark/src/binutils-gdb/gdb/inferior.c:628
#3 0x000055555e49d589 in prune_threads () at
/home/simark/src/binutils-gdb/gdb/thread.c:728
#4 0x000055555d51bbd0 in thread_db_target::update_thread_list
(this=0x555565a0f940 <the_thread_db_target>) at
/home/simark/src/binutils-gdb/gdb/linux-thread-db.c:1606
#5 0x000055555e451a93 in target_update_thread_list () at
/home/simark/src/binutils-gdb/gdb/target.c:3141
#6 0x000055555e4b0f85 in update_thread_list () at
/home/simark/src/binutils-gdb/gdb/thread.c:2038
#7 0x000055555db4e8d2 in infpy_threads (self=0x7fffeea55ae0, args=0x0) at
/home/simark/src/binutils-gdb/gdb/python/py-inferior.c:397
So we end up using a frame object that has been freed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug python/27315] Walking threads during frame display pretty-printer causes crashes
2021-02-02 13:40 [Bug python/27315] New: Walking threads during frame display pretty-printer causes crashes psmith at gnu dot org
` (2 preceding siblings ...)
2021-02-02 14:37 ` simark at simark dot ca
@ 2022-02-21 1:34 ` psmith at gnu dot org
2023-08-01 18:18 ` tromey at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: psmith at gnu dot org @ 2022-02-21 1:34 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27315
--- Comment #4 from psmith at gnu dot org ---
Has anyone found any time to look into this memory corruption issue with the
python integration? Cheers!
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug python/27315] Walking threads during frame display pretty-printer causes crashes
2021-02-02 13:40 [Bug python/27315] New: Walking threads during frame display pretty-printer causes crashes psmith at gnu dot org
` (3 preceding siblings ...)
2022-02-21 1:34 ` psmith at gnu dot org
@ 2023-08-01 18:18 ` tromey at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: tromey at sourceware dot org @ 2023-08-01 18:18 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27315
Tom Tromey <tromey at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.1
Status|NEW |RESOLVED
Resolution|--- |FIXED
CC| |tromey at sourceware dot org
--- Comment #5 from Tom Tromey <tromey at sourceware dot org> ---
I believe this was fixed in gdb 13 by the frame_info_ptr work.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-01 18:18 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-02 13:40 [Bug python/27315] New: Walking threads during frame display pretty-printer causes crashes psmith at gnu dot org
2021-02-02 13:40 ` [Bug python/27315] " psmith at gnu dot org
2021-02-02 14:29 ` simark at simark dot ca
2021-02-02 14:37 ` simark at simark dot ca
2022-02-21 1:34 ` psmith at gnu dot org
2023-08-01 18:18 ` tromey at sourceware dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).