[Bug dap/31306] [gdb/dap] segfault in new_threadstate during gdb.dap/eof.exp

["vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=31306

--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
Created attachment 15339
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15339&action=edit
Tentative patch

(In reply to Tom de Vries from comment #2)
> Could be a dup or PR31172.  The tentative patch posted there makes this PR
> less likely to occur, but it still does.  Which almost looks like a runnable
> was posted while quitting.

This is a more elaborate version of the patch, which seems to fix all the
runnables-related problems I ran into.

However, now I run into:
...
(gdb) bt
#0  0x0000ffff61d02280 in __pthread_kill_implementation () from
/lib64/libc.so.6
#1  0x0000ffff61cb5800 [PAC] in raise () from /lib64/libc.so.6
#2  0x00000000007aeeb0 [PAC] in handle_fatal_signal (sig=11)
    at /home/vries/gdb/src/gdb/event-top.c:926
#3  0x00000000007aef38 in handle_sigsegv (sig=11)
    at /home/vries/gdb/src/gdb/event-top.c:976
#4  <signal handler called>
#5  0x0000000000604a84 in cli_ui_out::do_message (this=0xffff4ee9d728,
style=..., 
    format=0xffff2c0029f1 "%s", args=...) at
/home/vries/gdb/src/gdb/cli-out.c:232
#6  0x0000000000ce4268 in ui_out::call_do_message (this=0xffff4ee9d728,
style=..., 
    format=0xffff2c0029f1 "%s") at /home/vries/gdb/src/gdb/ui-out.c:584
#7  0x0000000000ce4520 in ui_out::vmessage (this=0xffff4ee9d728, in_style=..., 
    format=0x16f8e62 "", args=...) at /home/vries/gdb/src/gdb/ui-out.c:621
#8  0x0000000000ce19ac in ui_file::vprintf (this=0xffffcc6aa958,
format=0x16f8e60 "%s", 
    args=...) at /home/vries/gdb/src/gdb/ui-file.c:74
#9  0x0000000000d29024 in gdb_vprintf (stream=0xffffcc6aa958, format=0x16f8e60
"%s", 
    args=...) at /home/vries/gdb/src/gdb/utils.c:1879
#10 0x0000000000d29118 in gdb_printf (stream=0xffffcc6aa958, format=0x16f8e60
"%s")
--Type <RET> for more, q to quit, c to continue without paging--
    at /home/vries/gdb/src/gdb/utils.c:1894
#11 0x0000000000ab2fc4 in gdbpy_write (self=0x67db720, args=0x6b1c5a0,
kw=0x6d8df40)
    at /home/vries/gdb/src/gdb/python/python.c:1464
#12 0x0000ffff625fcedc in cfunction_call () from /lib64/libpython3.12.so.1.0
#13 0x0000ffff625cc500 [PAC] in _PyObject_MakeTpCall () from
/lib64/libpython3.12.so.1.0
#14 0x0000ffff625d8b64 [PAC] in _PyEval_EvalFrameDefault ()
   from /lib64/libpython3.12.so.1.0
#15 0x0000ffff62628cd0 [PAC] in method_vectorcall () from
/lib64/libpython3.12.so.1.0
#16 0x0000ffff62609824 [PAC] in PyObject_CallOneArg () from
/lib64/libpython3.12.so.1.0
#17 0x0000ffff626a7674 [PAC] in PyFile_WriteObject () from
/lib64/libpython3.12.so.1.0
#18 0x0000ffff626a77a0 [PAC] in PyFile_WriteString () from
/lib64/libpython3.12.so.1.0
#19 0x0000ffff625b5354 [PAC] in thread_excepthook () from
/lib64/libpython3.12.so.1.0
#20 0x0000ffff625fc6e0 [PAC] in cfunction_vectorcall_O ()
   from /lib64/libpython3.12.so.1.0
#21 0x0000ffff625f32d8 [PAC] in PyObject_Vectorcall () from
/lib64/libpython3.12.so.1.0
#22 0x0000ffff625d8b64 [PAC] in _PyEval_EvalFrameDefault ()
   from /lib64/libpython3.12.so.1.0
#23 0x0000ffff62628d88 [PAC] in method_vectorcall () from
/lib64/libpython3.12.so.1.0
--Type <RET> for more, q to quit, c to continue without paging--
#24 0x0000ffff62730ef4 [PAC] in thread_run () from /lib64/libpython3.12.so.1.0
#25 0x0000ffff626e1ec0 [PAC] in pythread_wrapper () from
/lib64/libpython3.12.so.1.0
#26 0x0000ffff61d00584 [PAC] in start_thread () from /lib64/libc.so.6
#27 0x0000ffff61d6fc4c [PAC] in thread_start () from /lib64/libc.so.6
(gdb) 
...
with:
...
(gdb) down
#11 0x0000000000ab2fc4 in gdbpy_write (self=0x67db720, args=0x6b1c5a0,
kw=0x6d8df40)
    at /home/vries/gdb/src/gdb/python/python.c:1464
1464                gdb_printf (gdb_stderr, "%s", arg);
(gdb) p arg
$5 = 0xffff2c002948 "Exception in thread "
(gdb) 
...

At this point, with:
...
(gdb) p *(&current_ui->m_gdb_stderr)
$23 = (ui_file *) 0x63e2ed0
...
I get what looks to me like a valid ui_file *:
...
gdb) p **(&current_ui->m_gdb_stderr)
$25 = {_vptr.ui_file = 0x175c908 <vtable for stderr_file+16>, m_applied_style =
{
    m_foreground = {m_simple = true, {m_value = -1, {m_red = 255 '\377', 
          m_green = 255 '\377', m_blue = 255 '\377'}}}, m_background = {
      m_simple = true, {m_value = -1, {m_red = 255 '\377', m_green = 255
'\377', 
          m_blue = 255 '\377'}}}, m_intensity = ui_file_style::NORMAL, 
    m_reverse = false}}
...

But if we go one frame down:
...
(gdb) down
#10 0x0000000000d29118 in gdb_printf (stream=0xffffcc6aa958, format=0x16f8e60
"%s")
    at /home/vries/gdb/src/gdb/utils.c:1894
1894      gdb_vprintf (stream, format, args);
...
we have an invalid ui_file:
...
(gdb) p stream
$27 = (ui_file *) 0xffffcc6aa958
(gdb) p *stream
$28 = {_vptr.ui_file = 0x0, m_applied_style = {m_foreground = {m_simple = true,
{
        m_value = 0, {m_red = 0 '\000', m_green = 0 '\000', m_blue = 0
'\000'}}}, 
    m_background = {m_simple = 32, {m_value = 65535, {m_red = 255 '\377', 
          m_green = 255 '\377', m_blue = 0 '\000'}}}, 
    m_intensity = (unknown: 0x62a4e710), m_reverse = 255}}
...
and AFAICT that ultimately causes the segfault.

-- 
You are receiving this mail because:
You are on the CC list for the bug.