[Bug gdb/30693] New: Assertion `closure->pieces.size () == 1' failed

[Bug gdb/30693] New: Assertion `closure->pieces.size () == 1' failed

[sinan.lin at linux dot alibaba.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

            Bug ID: 30693
           Summary: Assertion `closure->pieces.size () == 1' failed
           Product: gdb
           Version: 11.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: sinan.lin at linux dot alibaba.com
  Target Milestone: ---

Encounter a gdb assertion error when printing variables.

application: mysql-community-server-8.0.34-1.el8.aarch64 (download from
https://dev.mysql.com/downloads)

reproduce approach:

./gdb -ex run  --args ./gdb -batch -ex "thread apply all bt full"  -p `pgrep
mysqld`


gdb:
```
#0  0x0000ffffadaaeb58 in pthread_cond_timedwait@@GLIBC_2.17 () from
/lib64/libpthread.so.0
No symbol table info available.
#1  0x0000000001f0b8c4 in os_event::timed_wait (this=this@entry=0xffffa60d8690,
abstime=abstime@entry=0xfffc52c36470) at
/usr/src/debug/mysql-community-8.0.34-1.el8.aarch64/mysql-8.0.34/storage/innobase/os/os0event.cc:315
        ret = <optimized out>
#2  0x0000000001f0c39c in os_event::wait_time_low
(this=this@entry=0xffffa60d8690, timeout=...,
reset_sig_count=reset_sig_count@entry=80) at
/usr/src/debug/mysql-community-8.0.34-1.el8.aarch64/mysql-8.0.34/storage/innobase/os/os0event.cc:488
        timed_out = false
        abstime = {tv_sec = 2607, tv_nsec = 544085320}
#3  0x0000000001f0c464 in os_event_wait_time_low
(event=event@entry=0xffffa60d8690, timeout=..., timeout@entry=...,
reset_sig_count=reset_sig_count@entry=80) at
/usr/src/debug/mysql-community-8.0.34-1.el8.aarch64/mysql-8.0.34/storage/innobase/os/os0event.cc:575
No locals.
#4  0x0000000001ef29e8 in
os_event_wait_for<log_write_notifier(log_t*)::<lambda(bool)> > (condition=...,
timeout=..., spins_limit=<optimized out>, event=<synthetic pointer>:
0xffffa60d8690) at
/usr/src/debug/mysql-community-8.0.34-1.el8.aarch64/mysql-8.0.34/storage/innobase/include/os0event.ic:135
        wait = <optimized out>
        sig_count = <optimized out>
        next_level = 3204
        waits = 3200
        MIN_TIMEOUT = <optimized out>
        MAX_TIMEOUT = <optimized out>
        next_level = <optimized out>
        waits = <optimized out>
        MIN_TIMEOUT = <optimized out>
        MAX_TIMEOUT = <optimized out>
        wait = <optimized out>
        sig_count = <optimized out>
#5  Log_thread_waiting::wait<log_write_notifier(log_t*)::<lambda(bool)> >
(stop_condition=..., this=<synthetic pointer>) at
/usr/src/debug/mysql-community-8.0.34-1.el8.aarch64/mysql-8.0.34/storage/innobase/log/log0write.cc:1256
        spin_delay = <optimized out>
        min_timeout = <optimized out>
        req_interval = <optimized out>
        wait_stats = <optimized out>
        spin_delay = <optimized out>
        min_timeout = <optimized out>
        req_interval = <optimized out>
        wait_stats = <optimized out>
#6  log_write_notifier (log_ptr=0xffffa60d7900) at
/usr/src/debug/mysql-community-8.0.34-1.el8.aarch64/mysql-8.0.34/storage/innobase/log/log0write.cc:2702
        stop_condition = {__log = @0xffffa60d7900, __lsn = 19418751, __released
= ../../gdb/dwarf2/loc.c:2213: internal-error: value* coerce_pieced_ref(const
value*): Assertion `closure->pieces.size () == 1' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
```


gdb call frame
```
#0  0x0000fffff71e7d58 in raise () from /lib64/libc.so.6
#1  0x0000fffff71d454c in abort () from /lib64/libc.so.6
#2  0x0000aaaaab0515d4 in dump_core () at ../../gdb/utils.c:204
#3  0x0000aaaaab0574a4 in internal_vproblem
(problem=problem@entry=0xaaaaab5a1a98 <internal_error_problem>, file=<optimized
out>, line=<optimized out>, fmt=<optimized out>, ap=<error reading variable:
Cannot access memory at address 0x0>) at ../../gdb/utils.c:414
#4  0x0000aaaaab057680 in internal_verror (file=<optimized out>,
line=<optimized out>, fmt=<optimized out>, ap=...) at ../../gdb/utils.c:439
#5  0x0000aaaaab171344 in internal_error (file=<optimized out>, line=<optimized
out>, fmt=<optimized out>) at ../../gdbsupport/errors.cc:55
#6  0x0000aaaaaad2d828 in coerce_pieced_ref (value=<optimized out>) at
../../gdb/dwarf2/loc.c:2213
#7  0x0000aaaaab065d98 in valprint_check_validity
(stream=stream@entry=0xffffffffddb8, type=type@entry=0xaaaad1296080,
embedded_offset=embedded_offset@entry=0, val=val@entry=0xaaaab3744c30) at
../../gdb/valprint.c:363
#8  0x0000aaaaab065e58 in do_val_print (value=0xaaaab3744c30,
stream=0xffffffffddb8, recurse=5, options=0xffffffffd5a0,
language=0xaaaaab5a5fd8 <cplus_language_defn>) at ../../gdb/valprint.c:1022
#9  0x0000aaaaaacfbfe4 in cp_print_value_fields (val=0xaaaaba3fb020,
stream=0xffffffffddb8, recurse=4, options=0xffffffffd6a8, dont_print_vb=0x0,
dont_print_statmem=0) at ../../gdb/cp-valprint.c:337
#10 0x0000aaaaab065ee8 in do_val_print (value=0xaaaaba3fb020,
stream=0xffffffffddb8, recurse=4, options=0xffffffffd748,
language=0xaaaaab5a5fd8 <cplus_language_defn>) at ../../gdb/valprint.c:1048
#11 0x0000aaaaaaebb108 in print_variable_and_value (name=0xfffd7a2688fd
"stop_condition", var=<optimized out>, frame=0xaaaab0aea930,
stream=0xffffffffddb8, indent=4) at ../../gdb/printcmd.c:2416
#12 0x0000aaaaaafa04a8 in do_print_variable_and_value
(print_name=0xfffd7a2688fd "stop_condition", sym=0xaaaaf7644b20,
cb_data=0xffffffffd930) at ../../gdb/stack.c:2338
#13 0x0000aaaaaafa0e30 in iterate_over_block_locals (b=b@entry=0xaaaad1577210,
cb=cb@entry=0xaaaaaafa0444 <do_print_variable_and_value(char const*, symbol*,
void*)>, cb_data=cb_data@entry=0xffffffffd930) at ../../gdb/stack.c:2270
#14 0x0000aaaaaafa3bf0 in iterate_over_block_local_vars (cb_data=<optimized
out>, cb=<optimized out>, block=0xaaaad1577210) at ../../gdb/stack.c:2290
#15 print_frame_local_vars (frame=frame@entry=0xaaaab0aea930,
quiet=quiet@entry=false, regexp=regexp@entry=0x0, t_regexp=t_regexp@entry=0x0,
num_tabs=num_tabs@entry=1, stream=0xffffffffddb8) at ../../gdb/stack.c:2412
#16 0x0000aaaaaafa76b0 in backtrace_command_1 (from_tty=0, count_exp=<optimized
out>, bt_opts=..., fp_opts=...) at ../../gdb/stack.c:2089
#17 backtrace_command (arg=<optimized out>, from_tty=0) at
../../gdb/stack.c:2203
#18 0x0000aaaaaacb2e54 in cmd_func (cmd=<optimized out>, args=<optimized out>,
from_tty=<optimized out>) at ../../gdb/cli/cli-decode.c:2160
#19 0x0000aaaaab00bb44 in execute_command (p=<optimized out>,
from_tty=from_tty@entry=0) at ../../gdb/top.c:674
#20 0x0000aaaaab00bdf8 in execute_command_to_ui_file
(file=file@entry=0xffffffffddb8, p=<optimized out>, from_tty=from_tty@entry=0)
at ../../gdb/top.c:727
#21 0x0000aaaaab00bf34 in execute_command_to_string[abi:cxx11](char const*,
int, bool) (p=<optimized out>, from_tty=0, term_out=true) at
../../gdb/top.c:739
#22 0x0000aaaaab004ae4 in thr_try_catch_cmd (thr=<optimized out>,
cmd=0xffffffffea31 "bt full", from_tty=from_tty@entry=0, flags=...) at
../../gdb/thread.c:1493
#23 0x0000aaaaab0068e4 in thread_apply_all_command (cmd=<optimized out>,
from_tty=0) at ../../gdb/../gdbsupport/gdb_ref_ptr.h:130
#24 0x0000aaaaaacb2e54 in cmd_func (cmd=<optimized out>, args=<optimized out>,
from_tty=<optimized out>) at ../../gdb/cli/cli-decode.c:2160
#25 0x0000aaaaab00bb44 in execute_command (p=<optimized out>, from_tty=0) at
../../gdb/top.c:674
#26 0x0000aaaaaae4227c in catch_command_errors
(command=command@entry=0xaaaaab00b430 <execute_command(char const*, int)>,
arg=<optimized out>, from_tty=<optimized out>,
do_bp_actions=do_bp_actions@entry=true) at ../../gdb/main.c:523
#27 0x0000aaaaaae423c8 in execute_cmdargs
(cmdarg_vec=cmdarg_vec@entry=0xffffffffe368,
file_type=file_type@entry=CMDARG_FILE, cmd_type=cmd_type@entry=CMDARG_COMMAND,
ret=ret@entry=0xffffffffe364) at ../../gdb/main.c:618
#28 0x0000aaaaaae43b58 in captured_main_1 (context=<optimized out>) at
../../gdb/main.c:1322
#29 0x0000aaaaaae44570 in captured_main (data=<optimized out>) at
../../gdb/main.c:1343
#30 gdb_main (args=<optimized out>) at ../../gdb/main.c:1368
#31 0x0000aaaaaabd0ccc in main (argc=<optimized out>, argv=<optimized out>) at
../../gdb/gdb.c:40
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

Tom Tromey <tromey at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at sourceware dot org

--- Comment #1 from Tom Tromey <tromey at sourceware dot org> ---
I wonder if this was fixed as a side effect of
commit 245f9db1.
Could you try a more recent gdb?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[sinan.lin at linux dot alibaba.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

--- Comment #2 from sinan <sinan.lin at linux dot alibaba.com> ---
I just tried the trunk (at commit a89e364b45a), but unfortunately, gdb still
crashed with the same assertion and call stack.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

--- Comment #3 from Tom Tromey <tromey at sourceware dot org> ---
Maybe check_pieced_synthetic_pointer is doing the wrong thing.

What I'd really like to see is the DWARF location expression
for the variable causing the crash, which seems to be "stop_condition"
in "log_write_notifier".

Do you think you could find that?  What I would do is:

readelf -wi /path/to/mysqld | less

then search for "log_write_notifier" (and hopefully there's only
one definition).  Then you have to know how to read the DWARF...
I guess one way would be if you found the compilation unit that
this function is defined in, you could attach the DWARF of that
CU to this bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[simark at simark dot ca]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

Simon Marchi <simark at simark dot ca> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |simark at simark dot ca

--- Comment #4 from Simon Marchi <simark at simark dot ca> ---
Since this seems to come from a public rpm package, maybe sinan could provide
the link to the package?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[sinan.lin at linux dot alibaba.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

--- Comment #5 from sinan <sinan.lin at linux dot alibaba.com> ---
Created attachment 15028
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15028&action=edit
dwarf info of log_write_notifier

Thanks for the guide! The attachment is the dwarf info of the problematic
function, and the binary is generated through g++12.2
```
DW_AT_producer    ("GNU C++17 12.2.1 20221121 (Red Hat 12.2.1-7)
-moutline-atomics -march=armv8-a+crc -mlittle-endian -mabi=lp64 -g -g -O2 -O2
-std=c++17 -fno-omit-frame-pointer -ffp-contract=off -ftls-model=initial-exec
-fexceptions -fstack-protector-strong -fasynchronous-unwind-tables
-fstack-clash-protection -ffunction-sections -fdata-sections -fPIC
-fplugin=annobin")
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[sinan.lin at linux dot alibaba.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

--- Comment #6 from sinan <sinan.lin at linux dot alibaba.com> ---
> Since this seems to come from a public rpm package, maybe sinan could provide the link to the package?

Sure! The link is https://dev.mysql.com/downloads/mysql (you might need to
register an account), and I only test it on AArch64 Mysql 8.0.34 with centos 8
(my selection on the download page, Version: 8.0.34, OS: Red Hat enterprise
linux/Oracle Linux, OS version: Red Hat Enterprise linux 8)

And you can find the corresponding source code here
https://github.com/mysql/mysql-server/blob/trunk/storage/innobase/log/log0write.cc#L2669

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[sinan.lin at linux dot alibaba.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

sinan <sinan.lin at linux dot alibaba.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sinan.lin at linux dot alibaba.com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

--- Comment #7 from Tom Tromey <tromey at sourceware dot org> ---
The dump just says:

    <103171d5>   DW_AT_location    : 0xc88dfb7 (location list)
    <103171d9>   DW_AT_GNU_locviews: 0xc88dfa9

so we'd have to look into the loclists to find this.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/30693] Assertion `closure->pieces.size () == 1' failed

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=30693

--- Comment #8 from Tom Tromey <tromey at sourceware dot org> ---
(In reply to sinan from comment #6)

> Sure! The link is https://dev.mysql.com/downloads/mysql (you might need to
> register an account)

I looked at this but it is kind of a pain to unpack everything.
Could you do:

$ readelf --debug-dump=loc ...mysqld | less

then search for the loclist 0xc88dfb7 and paste its entire
"paragraph"?  That might help.

-- 
You are receiving this mail because:
You are on the CC list for the bug.