From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id F3B8E3858D29; Fri, 31 May 2024 02:51:17 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F3B8E3858D29
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1717123878;
	bh=CiFepbvZxaB7k3GVGpTcdh4Ojiry5Tx91pUK6mBSpT0=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=kNJ4smMPG/arRUX+nE8rkF6uvuOOVVNEP4IKP0IasQz4aCqeqmh0LdQU6Cws0rv8W
	 v4jRZWPCvPXT2LsrjHh0YWtV6R8UPP/gbMR/K0cnj4tj6BZPlFV//+jrZ0/tNHdl5E
	 s+DXqGZnovnYhCbjNXu1JMc7ttxqxIryjQQ9bD9g=
From: "jonessyue at qnap dot com" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/31820] segfault when target_stack::push > t->stratum ()
Date: Fri, 31 May 2024 02:51:16 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: gdb
X-Bugzilla-Version: 14.1
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jonessyue at qnap dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-31820-4717-pZpJB7vrcN@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-31820-4717@http.sourceware.org/bugzilla/>
References: <bug-31820-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gdb-prs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D31820

--- Comment #2 from Jones Syue <jonessyue at qnap dot com> ---
(In reply to Tom Tromey from comment #1)

> Something is pretty wrong with your build.
Thank you Tom for kind feedback!
Yes it looks so, in my enviroment only aarch64 target machine has this=20
issue, perhaps i need to find a more up-to-date aarch64 toolchain and test
again, will get back here later.

Some findings so far:
cross compiling gdb-14.2 for three kinds of toolchain and run gdb
on these target machines, which are aarch64, x86_64, and arm 32bit:

  result |  target |             toolchain | cross prefix
---------+---------+-----------------------+-------------
segfault | aarch64 | gcc-5.3.1, glibc-2.23 | aarch64-linux-gnu-g++
    pass |  x86_64 | gcc-4.9.2, glibc-2.21 | x86_64-linux-gnu-g++
    pass |  arm_32 | gcc-4.8.2, glibc-2.17 | arm-linux-gnueabihf-g++

> the_dummy_target is just:
> static dummy_target the_dummy_target;
> The C++ compiler should ensure this is fully initialized
> before use.  The vptr should never be null.

Yes iiuc the static variable should be resident in the data section of=20
binary file after c++ compiled, so use 'readelf' to lookup the gdb binaries
(x86_64, aarch64, and arm_32), it can list both 'the_dummy_target' and=20
'vtable for dummy_target' address and size.=20

<x86_64>
# readelf -sW gdb|c++filt |grep -E "vtable for dumm|Num:|^Sym|the_dummy_tar=
get"
Symbol table '.dynsym' contains 492 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
Symbol table '.symtab' contains 90386 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
 15777: 0000000001333250    16 OBJECT  LOCAL  DEFAULT   28 the_dummy_target
 53793: 0000000000d6c500  1536 OBJECT  WEAK   DEFAULT   15 vtable for
dummy_target

<aarch64>
# readelf -sW gdb|c++filt |grep -E "vtable for dumm|Num:|^Sym|the_dummy_tar=
get"
Symbol table '.dynsym' contains 638 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
Symbol table '.symtab' contains 137653 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
 55908: 0000000001244148    16 OBJECT  LOCAL  DEFAULT   26 the_dummy_target
100396: 0000000000e446c0  1536 OBJECT  WEAK   DEFAULT   14 vtable for
dummy_target

<arm_32>
# readelf -sW gdb|c++filt |grep -E "vtable for dumm|Num:|^Sym|the_dummy_tar=
get"
Symbol table '.dynsym' contains 653 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
Symbol table '.symtab' contains 187343 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
 96845: 008d38e8     8 OBJECT  LOCAL  DEFAULT   26 the_dummy_target
150354: 007928b8   768 OBJECT  GLOBAL DEFAULT   15 vtable for dummy_target


Fortunately earlier gdb-7 or gdb-8 still works for my aarch64 target,
so it could run gdb-14.2 and set a breakpoint on 'target_stack::push',
then compare the result of these 3 targets: x86_64, aarch64, and arm_32.

<x86_64>
1. '_vptr.target_ops' is 0xd6c510 not 0x0, looks good.
2. 'info symbol 0xd6c510' vtable for dummy_target + 16 in section .rodata
   looks good, 0xd6c510 =3D 0xd6c500 + 16 is consistent with readelf.

Thread 1 "gdb" hit Breakpoint 1, target_stack::push (this=3D0x1363180,
t=3D0x1333250 <the_dummy_target>) at target.c:1204
1204      auto ref =3D target_ops_ref::new_reference (t);
(gdb) bt
#0  target_stack::push (this=3D0x1363180, t=3D0x1333250 <the_dummy_target>)=
 at
target.c:1204
#1  0x000000000079356d in inferior::inferior (this=3D0x1362fe0, pid_=3D0) at
inferior.c:90
#2  0x0000000000793b29 in add_inferior_silent (pid=3D0) at inferior.c:205
#3  0x00000000007966d6 in initialize_inferiors () at inferior.c:1089
#4  0x00000000009e887d in gdb_init () at top.c:2327
#5  0x000000000081e959 in captured_main_1 (context=3D0x7fffffffe3c0) at
main.c:1036
#6  0x000000000081f651 in captured_main (data=3D0x7fffffffe3c0) at main.c:1=
314
#7  0x000000000081f6f3 in gdb_main (args=3D0x7fffffffe3c0) at main.c:1343
#8  0x0000000000414982 in main (argc=3D1, argv=3D0x7fffffffe4c8) at gdb.c:39
(gdb) l
1199      /* We must create a new reference first.  It is possible that T is
1200         already pushed on this target stack, in which case we will fir=
st
1201         unpush it below, before re-pushing it.  If we don't increment =
the
1202         reference count now, then when we unpush it, we might end up
deleting
1203         T, which is not good.  */
1204      auto ref =3D target_ops_ref::new_reference (t);
1205
1206      strata stratum =3D t->stratum ();
1207
1208      /* If there's already a target at this stratum, remove it.  */
(gdb) p t
$1 =3D (target_ops *) 0x1333250 <the_dummy_target>
(gdb) p *t
$2 =3D {<refcounted_object> =3D {m_refcount =3D 0}, _vptr.target_ops =3D 0x=
d6c510
<vtable for dummy_target+16>}
(gdb) p the_dummy_target
$3 =3D {<target_ops> =3D {<refcounted_object> =3D {m_refcount =3D 0}, _vptr=
.target_ops
=3D 0xd6c510 <vtable for dummy_target+16>}, <No data fields>}
(gdb)
(gdb) info symbol 0x1333250
the_dummy_target in section .data of
/share/CACHEDEV1_DATA/Public/gdb-14.2-O0/gdb
(gdb) info symbol 0xd6c510
vtable for dummy_target + 16 in section .rodata of
/share/CACHEDEV1_DATA/Public/gdb-14.2-O0/gdb
(gdb)
(gdb) info address the_dummy_target
Symbol "the_dummy_target" is static storage at address 0x1333250.
(gdb) info address vtable for dummy_target
Symbol "vtable for dummy_target" is at 0xd6c500 in a file compiled without
debugging.
(gdb)

<aarch64>=20
1. '_vptr.target_ops' is 0x0, looks bad.
2. 'info address 0x0' looks bad, it is not consistent with readelf output
   adress '0xe446c0'.

Thread 1 "gdb" hit Breakpoint 1, target_stack::push (this=3D0x12bcb80,
t=3D0x1244148 <the_dummy_target>) at target.c:1204
1204      auto ref =3D target_ops_ref::new_reference (t);
(gdb) bt
#0  target_stack::push (this=3D0x12bcb80, t=3D0x1244148 <the_dummy_target>)=
 at
target.c:1204
#1  0x00000000007bf708 in inferior::inferior (this=3D0x12bc9e0, pid_=3D0) at
inferior.c:90
#2  0x00000000007bfc84 in add_inferior_silent (pid=3D0) at inferior.c:205
#3  0x00000000007c23ac in initialize_inferiors () at inferior.c:1089
#4  0x0000000000a243a0 in gdb_init () at top.c:2327
#5  0x000000000084d2c0 in captured_main_1 (context=3D0x3fffffff638) at
main.c:1036
#6  0x000000000084e008 in captured_main (data=3D0x3fffffff638) at main.c:13=
14
#7  0x000000000084e0a4 in gdb_main (args=3D0x3fffffff638) at main.c:1343
#8  0x000000000040d868 in main (argc=3D1, argv=3D0x3fffffff798) at gdb.c:39
(gdb) l
1199      /* We must create a new reference first.  It is possible that T is
1200         already pushed on this target stack, in which case we will fir=
st
1201         unpush it below, before re-pushing it.  If we don't increment =
the
1202         reference count now, then when we unpush it, we might end up
deleting
1203         T, which is not good.  */
1204      auto ref =3D target_ops_ref::new_reference (t);
1205
1206      strata stratum =3D t->stratum ();
1207
1208      /* If there's already a target at this stratum, remove it.  */
(gdb)
(gdb) p t
$1 =3D (target_ops *) 0x1244148 <the_dummy_target>
(gdb) p *t
$2 =3D {<refcounted_object> =3D {m_refcount =3D 0}, _vptr.target_ops =3D 0x=
0}
(gdb) p the_dummy_target
$3 =3D {<target_ops> =3D {<refcounted_object> =3D {m_refcount =3D 0}, _vptr=
.target_ops
=3D 0x0}, <No data fields>}
(gdb)
(gdb) info symbol 0x1244148
the_dummy_target in section .data of
/share/CACHEDEV1_DATA/Public/gdb-14.2-O0/gdb
(gdb) info symbol 0x0
No symbol matches 0x0.
(gdb)
(gdb) info address the_dummy_target
Symbol "the_dummy_target" is static storage at address 0x1244148.
(gdb) info address vtable for dummy_target
Symbol "vtable for dummy_target" is at 0xe446c0 in a file compiled without
debugging.
(gdb)

<arm_32>
1. '_vptr.target_ops' is 0x7928c0, looks good.
2. 'info address 0x7928c0' table for dummy_target + 8 in section .rodata
   looks good, 0x7928c0 =3D 0x7928b8 + 16 is consistent with readelf.

   Thread 1 "gdb" hit Breakpoint 1, target_stack::push (this=3D0x9073f4,
t=3D0x8d38e8 <the_dummy_target>) at target.c:1204
1204      auto ref =3D target_ops_ref::new_reference (t);
(gdb) bt
#0  target_stack::push (this=3D0x9073f4, t=3D0x8d38e8 <the_dummy_target>) at
target.c:1204
#1  0x002cb0c0 in inferior::inferior (this=3D0x907310, pid_=3D0) at inferio=
r.c:90
#2  0x002cb4dc in add_inferior_silent (pid=3D0) at inferior.c:205
#3  0x002cd57c in initialize_inferiors () at inferior.c:1089
#4  0x0049ae88 in gdb_init () at top.c:2327
#5  0x00337fc2 in captured_main_1 (context=3D0x7dfff7c4) at main.c:1036
#6  0x00338ac6 in captured_main (data=3D0x7dfff7c4) at main.c:1314
#7  0x00338b2e in gdb_main (args=3D0x7dfff7c4) at main.c:1343
#8  0x00011ad4 in main (argc=3D1, argv=3D0x7dfff924) at gdb.c:39
(gdb) l
1199      /* We must create a new reference first.  It is possible that T is
1200         already pushed on this target stack, in which case we will fir=
st
1201         unpush it below, before re-pushing it.  If we don't increment =
the
1202         reference count now, then when we unpush it, we might end up
deleting
1203         T, which is not good.  */
1204      auto ref =3D target_ops_ref::new_reference (t);
1205
1206      strata stratum =3D t->stratum ();
1207
1208      /* If there's already a target at this stratum, remove it.  */
(gdb)
(gdb) (gdb) p t
$1 =3D (target_ops *) 0x8d38e8 <the_dummy_target>
(gdb) p *t
$2 =3D {<refcounted_object> =3D {m_refcount =3D 0}, _vptr.target_ops =3D 0x=
7928c0
<vtable for dummy_target+8>}
(gdb) p the_dummy_target
$3 =3D {<target_ops> =3D {<refcounted_object> =3D {m_refcount =3D 0}, _vptr=
.target_ops
=3D 0x7928c0 <vtable for dummy_target+8>}, <No data fields>}
(gdb)
(gdb) info symbol 0x8d38e8
the_dummy_target in section .data of
/share/CACHEDEV1_DATA/Public/gdb-14.2-O0/gdb
(gdb) info symbol 0x7928c0
vtable for dummy_target + 8 in section .rodata of
/share/CACHEDEV1_DATA/Public/gdb-14.2-O0/gdb
(gdb)
(gdb) info address the_dummy_target
Symbol "the_dummy_target" is static storage at address 0x8d38e8.
(gdb) info address vtable for dummy_target
Symbol "vtable for dummy_target" is at 0x7928b8 in a file compiled without
debugging.
(gdb)

--=20
You are receiving this mail because:
You are on the CC list for the bug.=