search

yanqi27 / core_analyzer

A power tool to debug memory-related issues
376 stars 72 forks source link

App crash when calling ref in GDB 12.1 #90

Closed juxeii closed 1 year ago

juxeii commented 1 year ago

Hi,

I have compiled GDB 12.1 and tried to work with a coredump.

(gdb) heap /tu 8
----------------------------------------------------------------------------------
[1] [heap block] 0x7f18cae75010--0x7f18cb7ff000 size=10002416
    |--> 9MB (1 blocks)
[2] [stack] thread 9 frame 19 rsp+8400 @0x7f1902668010: 0x7f1902668090
    |--> 3MB (1 blocks)
[3] [stack] thread 9 frame 19 rsp+8480 @0x7f1902668060: 0x7f1902668095
    |--> 3MB (1 blocks)
[4] [stack] thread 9 frame 19 rsp+8808 @0x7f19026681a8: 0x7f1902668228
    |--> 3MB (1 blocks)
[5] [stack] thread 9 frame 19 rsp+8888 @0x7f19026681f8: 0x7f190266822d
    |--> 3MB (1 blocks)
[6] [stack] thread 9 frame 19 rsp+9216 @0x7f1902668340: 0x7f19026683c0
    |--> 3MB (1 blocks)
[7] [stack] thread 9 frame 19 rsp+9296 @0x7f1902668390: 0x7f19026683c5
    |--> 3MB (1 blocks)
[8] [stack] thread 9 frame 19 rsp+9624 @0x7f19026684d8: 0x7f1902668558
    |--> 3MB (1 blocks)
(gdb) ref 0x7f18cae75010
Search for object type associated with 0x7f18cae75010
Address 0x7f18cae75010 belongs to heap block [0x7f18cae75010, 0x7f18cb7ff000] size=10002416

Fatal signal: Segmentation fault
----- Backtrace -----
0x4fb1b3 gdb_internal_backtrace_1
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/bt-utils.c:122
0x4fb1b3 _Z22gdb_internal_backtracev
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/bt-utils.c:168
0x5f0321 handle_fatal_signal
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:904
0x5f0464 handle_sigsegv
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:977
0x7fafcd9ce62f ???
        /usr/src/debug/glibc-2.17-c758a686/nptl/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0x7fafcc904876 ???
0x7afd45 _Z19read_memory_wrapperP10ca_segmentmPvm
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/segment.c:546
0x641712 fill_heap_block
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/heap_ptmalloc_2_35.c:1823
0x7ab33e search_value_internal
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/search.c:308
0x7ad2e0 _Z16find_object_typem
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/search.c:875
0x632237 _Z16ref_command_implPc
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/heap.c:362
0x6479ba ref_command
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/heapcmd.c:46
0x52d1e4 _Z8cmd_funcP16cmd_list_elementPKci
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/cli/cli-decode.c:2514
0x830661 _Z15execute_commandPKci
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/top.c:702
0x5f128c _Z15command_handlerPKc
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:597
0x5f15aa _Z20command_line_handlerOSt10unique_ptrIcN3gdb13xfree_deleterIcEEE
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:800
0x5f1c1f gdb_rl_callback_handler
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:229
0x88e257 rl_callback_read_char
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../readline/readline/callback.c:281
0x5f04bd gdb_rl_callback_read_char_wrapper_noexcept
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:187
0x5f1b0d gdb_rl_callback_read_char_wrapper
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:204
0x5f016f _Z19stdin_event_handleriPv
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/event-top.c:524
0x9bdec5 gdb_wait_for_event
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdbsupport/event-loop.cc:700
0x9be14e gdb_wait_for_event
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdbsupport/event-loop.cc:596
0x9be14e _Z16gdb_do_one_eventv
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdbsupport/event-loop.cc:237
0x6c96e4 start_event_loop
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/main.c:421
0x6c96e4 captured_command_loop
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/main.c:481
0x6cb044 captured_main
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/main.c:1351
0x6cb044 _Z8gdb_mainP18captured_main_args
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/main.c:1366
0x433474 main
        /myspace/projects/core_analyzer/build/gdb-12.1/build/../gdb/gdb.c:32
---------------------
A fatal error internal to GDB has been detected, further
debugging is not possible.  GDB will now terminate.

This is a bug, please report it.  For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.

Architecture is The target architecture is set to "auto" (currently "i386:x86-64"). Any hints on where to start the investigation?

yanqi27 commented 1 year ago

The crash happened in function read_memory_wrapper, which copies data from the mmap-ed core file to the input buffer. I would guess the disk IO or the core file has an issue. Could you repeat the crash in your environment?

juxeii commented 1 year ago

Hi,

no, it is a cross debug session. At startup there are a lot of these warnings:

warning: Can't open file /dev/shm/CCS-AACONFIG_RAD_TAG_FILE-0-NO_ENV_NAME during file-backed mapping note processing

warning: Can't open file /dev/shm/CCS-AAFILE_STDIO_SHMEM_ROM_PATH-0-NO_ENV_NAME during file-backed mapping note processing

warning: Can't open file /dev/shm/CCS-AAFILE_STDIO_SHMEM_RAM_PATH-0-NO_ENV_NAME during file-backed mapping note processing

So, I guess, if I am not on the real target, these mappings won't work, and so the tool fails?

yanqi27 commented 1 year ago

I see. It is an interesting usage. My guess is that mapping doesn't support the memory device well because its content changes.

juxeii commented 1 year ago

Too bad :( Thx for your help and this nice tool!