Created attachment 7754 [details] Test program Steps: 1- Build test.c (attached to this post) $ gcc -O0 -g3 test.c 2- Start gdbserver (in terminal #1) $ gdbserver --multi :1234 3- Start the process (in terminal #2) $ ./a.out pid = 4397 ... 4- Start gdb (in terminal #3) $ gdb -nx a.out 5- Connect to gdbserver (gdb) tar ext :1234 6- Attach the process (gdb) attach 4397 7- Call a function (gdb) call another_function() 8- Detach the process (gdb) detach The process segfaults when trying to continue its execution.
Note: this only happens if the function call is the last thing you do before detaching. It seems to leave something wrong in the state of the inferior. If you do a "next" just before detaching, for example, the process will continue executing fine.
I found that during the manual call to a function by gdbserver, a segmentation fault/SIGSEGV is generated. When detaching, gdbserver delivers the pending SIGSEGV, causing the crash of the detached process. When preparing the inferior call, gdb starts by expanding a stack a bit. It then places a breakpoint instruction (0xCC) somewhere in that area. It then prepares the dummy frame, including writing the return address, which is the address where the 0xCC is. So when the function ends, execution should go where the breakpoint and it should stop. However, since stack is generally not executable, when the processor tries to "execute" the breakpoint instruction, a segmentation fault/SIGSEGV is generated instead of the normal SIGTRAP. When making the stack executable, the problem disappears, so I am quite confident that this is the reason. In order to make the stack executable, I use execstack (it modifies a flag in the binary): $ execstack -s binary I have no idea why this only happens in gdbserver, and not in gdb.
Ah, this is what gdb is doing when executing natively: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob;f=gdb/infrun.c;h=c18267f779dcbf523d3a01a422d154faae55183b;hb=HEAD#l3321 It considers the segfault as a sigtrap, exactly for this reason.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via fc1269757f5614cd893c36120f61a5014a45fe37 (commit) from 0a46d518c7565be02e544ab508f8b5a99b1b5192 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fc1269757f5614cd893c36120f61a5014a45fe37 commit fc1269757f5614cd893c36120f61a5014a45fe37 Author: Simon Marchi <simon.marchi@ericsson.com> Date: Wed Dec 10 16:10:05 2014 -0500 Only leave dprintf inserted if it is marked as persistent (PR breakpoints/17012) On Linux native, if dprintfs are inserted when detaching, they are left in the inferior which causes it to crash from a SIGTRAP. It also happens with dprintfs on remote targets, when set disconnected-dprintf is off. The rationale of the line modified by the patch was to leave dprintfs inserted in order to support disconnected dprintfs. However, not all dprintfs are persistent. Also, there's no reason other kinds of breakpoints can't be persistent either. So this replaces the bp_dprintf check with a check on whether the location is persistent. bl->target_info.persist will be 1 only if disconnected-dprintf is on and we are debugging a remote target. On native, it will always be 0, regardless of the value of disconnected-dprintf. This makes sense, since disconnected dprintfs are not supported by the native target. One issue about the test is that it does not pass when using --target_board=native-extended-gdbserver, partly due to bug 17302 [1]. One quick hack I tried for this was to add a useless "next" between the call to getpid() and detach, which avoids the bug. There is still one case where the test fails, and that is with: - breakpoint always-inserted on - dprintf-style agent - disconnected-dprintf on What happens is that my detach does not actually detach the process, because some persistent commands (the disconnected dprintf) is present. However since gdbserver is ran with --once, when gdb disconnects, gdbserver goes down and takes with it all the processes it spawned and that are still under its control (which includes my test process). When the test checks if the test process is still alive, it obvisouly fails. Investigating about that led me to ask a question on the ML [2] about the behavior of detach. Until the remote case is sorted out, the problematic test is marked as KFAIL. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=17302 [2] https://sourceware.org/ml/gdb/2014-08/msg00115.html gdb/Changelog: PR breakpoints/17012 * breakpoint.c (remove_breakpoints_pid): Skip removing breakpoint if it is marked as persistent. gdb/testsuite/ChangeLog: PR breakpoints/17012 * gdb.base/dprintf-detach.c: New file. * gdb.base/dprintf-detach.exp: New file. ----------------------------------------------------------------------- Summary of changes: gdb/ChangeLog | 6 ++ gdb/breakpoint.c | 5 +- gdb/testsuite/ChangeLog | 6 ++ gdb/testsuite/gdb.base/dprintf-detach.c | 33 ++++++++++ gdb/testsuite/gdb.base/dprintf-detach.exp | 95 +++++++++++++++++++++++++++++ 5 files changed, 141 insertions(+), 4 deletions(-) create mode 100644 gdb/testsuite/gdb.base/dprintf-detach.c create mode 100644 gdb/testsuite/gdb.base/dprintf-detach.exp