Bug 17808 - 7.9 regression: internal-error: i386_supply_gregset: Assertion `len == tdep->sizeof_gregset' failed.
Summary: 7.9 regression: internal-error: i386_supply_gregset: Assertion `len == tdep->...
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: corefiles (show other bugs)
Version: 7.9
: P2 normal
Target Milestone: ---
Assignee: Andreas Arnez
URL:
Keywords:
Depends on:
Blocks: 18964
  Show dependency treegraph
 
Reported: 2015-01-06 19:39 UTC by Jan Kratochvil
Modified: 2015-09-15 14:57 UTC (History)
2 users (show)

See Also:
Host:
Target: x86_64-linux-gnu
Build:
Last reconfirmed:


Attachments
Full *.exp testcase from Fedora (2.02 KB, text/plain)
2015-01-06 19:41 UTC, Jan Kratochvil
Details
.gz of just the core file itself (extracted from the testcase) (501 bytes, application/octet-stream)
2015-01-06 19:44 UTC, Jan Kratochvil
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Kratochvil 2015-01-06 19:39:45 UTC
./gdb -q -c ./i386-biarch-core.core 
i386-tdep.c:3730: internal-error: i386_supply_gregset: Assertion `len == tdep->sizeof_gregset' failed.

8f0435f75e3c9676d2e177ce055fed3155fd9476 is the first bad commit
commit 8f0435f75e3c9676d2e177ce055fed3155fd9476
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Fri Sep 12 08:42:48 2014 +0000
    Add 'regset' parameter to 'iterate_over_regset_sections_cb'
Message-Id: <1410538439-29791-1-git-send-email-arnez@linux.vnet.ibm.com>

#0  internal_error (file=0x20931c0 "i386-tdep.c", line=3730, fmt=0x20936a0 "%s: Assertion `%s' failed.") at ./common/errors.c:51
#1  in i386_supply_gregset (regset=0x2094800 <i386_gregset>, regcache=0x6060000bdfe0, regnum=-1, gregs=0x7fffffffcce0, len=216) at i386-tdep.c:3730
#2  in get_core_register_section (regcache=0x6060000bdfe0, regset=0x2094800 <i386_gregset>, name=0x208dd40 ".reg", min_size=68, which=-1, human_name=0x2223fa0 "general-purpose", required=1) at corelow.c:538
#3  in get_core_registers_cb (sect_name=0x208dd40 ".reg", size=68, regset=0x2094800 <i386_gregset>, human_name=0x2223fa0 "general-purpose", cb_data=0x6060000bdfe0) at corelow.c:573
#4  in i386_linux_iterate_over_regset_sections (gdbarch=0x62100011e510, cb=0x9921db <get_core_registers_cb>, cb_data=0x6060000bdfe0, regcache=0x0) at i386-linux-tdep.c:690
#5  in gdbarch_iterate_over_regset_sections (gdbarch=0x62100011e510, cb=0x9921db <get_core_registers_cb>, cb_data=0x6060000bdfe0, regcache=0x0) at gdbarch.c:3350
#6  in get_core_registers (ops=0x3e5b700 <core_ops>, regcache=0x6060000bdfe0, regno=8) at corelow.c:601
#7  in delegate_fetch_registers (self=0x3e5b700 <core_ops>, arg1=0x6060000bdfe0, arg2=8) at target-delegates.c:149
#8  in target_fetch_registers (regcache=0x6060000bdfe0, regno=8) at target.c:3279
#9  in regcache_raw_read (regcache=0x6060000bdfe0, regnum=8, buf=0x7fffffffd060 "\240\320\377\377\377\177") at regcache.c:643
#10 in regcache_cooked_read (regcache=0x6060000bdfe0, regnum=8, buf=0x7fffffffd060 "\240\320\377\377\377\177") at regcache.c:734
#11 in regcache_cooked_read_unsigned (regcache=0x6060000bdfe0, regnum=8, val=0x7fffffffd120) at regcache.c:838
#12 in regcache_read_pc (regcache=0x6060000bdfe0) at regcache.c:1179 
#13 in post_create_inferior (target=0x3e5b700 <core_ops>, from_tty=1) at infcmd.c:431
#14 in core_open (arg=0x7fffffffdd24 "./i386-biarch-core.core", from_tty=1) at corelow.c:408
#15 in core_file_command (filename=0x7fffffffdd24 "./i386-biarch-core.core", from_tty=1) at corefile.c:77
Comment 1 Jan Kratochvil 2015-01-06 19:41:06 UTC
Created attachment 8050 [details]
Full *.exp testcase from Fedora
Comment 2 Jan Kratochvil 2015-01-06 19:44:17 UTC
Created attachment 8051 [details]
.gz of just the core file itself (extracted from the testcase)
Comment 3 Andreas Arnez 2015-01-07 17:57:08 UTC
It seems that the core file is supposed to look as if from an i386
program, but its PRSTATUS looks like from amd64.  Consequently even an
old GDB complains that the general-purpose registers are not
recognized:

(gdb) core-file i386-biarch-core.core 
[New Thread 6901]
warning: Couldn't recognize general-purpose registers in core file.
Core was generated by `./bad'.
Program terminated with signal 11, Segmentation fault.
warning: Couldn't recognize general-purpose registers in core file.
#0  0x00000000 in ?? ()
(gdb) 

After commit 8f0435f75e the warning is skipped and we directly run
into the assertion in i386_supply_gregset instead.

An easy "fix" would be to replace the assertion by something like
this:

  if (len != tdep->sizeof_gregset)
    return;

With that change, the test case succeeds.  However, the registers are
then all <unavailable> without a user-visible explanation why.

I'm not sure how GDB should really behave in this case:

(a) Warn about the section size mismatch?

(b) Interpret the section as a usual i386 PRSTATUS and ignore all
    excess bytes?

(c) Recognize the section as an amd64 PRSTATUS and fill the register
    cache appropriately?

Also, is there a particular reason for using such a "corrupted" core
file?  Or am I misunderstanding something?  And could the test case be
brought upstream as well?
Comment 4 Jan Kratochvil 2015-01-07 18:37:43 UTC
You are right the provided core file is weird, it is not from real world, it was artifically hacked.  It tries to mimic kdump kernel core file from 32-bit PAE kernel - which is elf64-i386.

What is clear that GDB should not assert on arbitrarily wrong external file.

(a) possibly

(b) no

(c) no

But I would be fine just if it PASSes the testcase - that is it ignores PRSTATUS and it still can read the data segments.
Comment 5 Jan Kratochvil 2015-01-08 16:45:21 UTC
[PATCH] [PR corefiles/17808] i386: Fix internal error when prstatus in core file is too big
https://sourceware.org/ml/gdb-patches/2015-01/msg00198.html
Message-ID: <874ms18cyz.fsf@br87z6lw.de.ibm.com>
Comment 6 cvs-commit@gcc.gnu.org 2015-02-04 13:16:18 UTC
The master branch has been updated by Ulrich Weigand <uweigand@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1528345d6c4a407e0b36b3474eb458cbd04146f7

commit 1528345d6c4a407e0b36b3474eb458cbd04146f7
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Wed Jan 14 12:01:38 2015 +0000

    Fix internal error when core file section is too big
    
    As reported in PR 17808, a test case with a forged (invalid) core file
    can crash GDB with an assertion failure.  In that particular case the
    prstatus of an i386 core file looks like that from an AMD64 core file.
    Consequently the respective regset supply function i386_supply_gregset
    is invoked with a larger buffer than usual.  But i386_supply_gregset
    asserts a specific buffer size, and this assertion fails.
    
    The patch relaxes all buffer size assertions in regset supply
    functions such that they merely check for a sufficiently large buffer.
    For consistency the regset collect functions are adjusted as well.
    
    gdb/ChangeLog:
    
    	PR corefiles/17808:
    	* gdbarch.sh (iterate_over_regset_sections_cb): Document this
    	function type, particularly its SIZE parameter.
    	* gdbarch.h: Regenerate.
    	* amd64-tdep.c (amd64_supply_fpregset): In gdb_assert, compare
    	actual against required size using ">=" instead of "==".
    	(amd64_collect_fpregset): Likewise.
    	* i386-tdep.c (i386_supply_gregset): Likewise.
    	(i386_collect_gregset): Likewise.
    	(i386_supply_fpregset): Likewise.
    	(i386_collect_fpregset): Likewise.
    	* mips-linux-tdep.c (mips_supply_gregset_wrapper): Likewise.
    	(mips_fill_gregset_wrapper): Likewise.
    	(mips_supply_fpregset_wrapper): Likewise.
    	(mips_fill_fpregset_wrapper): Likewise.
    	(mips64_supply_gregset_wrapper): Likewise.
    	(mips64_fill_gregset_wrapper): Likewise.
    	(mips64_supply_fpregset_wrapper): Likewise.
    	(mips64_fill_fpregset_wrapper): Likewise.
    	* mn10300-linux-tdep.c (am33_supply_gregset_method): Likewise.
    	(am33_supply_fpregset_method): Likewise.
    	(am33_collect_gregset_method): Likewise.
    	(am33_collect_fpregset_method): Likewise.
Comment 7 Andreas Arnez 2015-02-04 15:28:50 UTC
(In reply to cvs-commit@gcc.gnu.org from comment #6)

> commit 1528345d6c4a407e0b36b3474eb458cbd04146f7

This should fix the internal GDB error.
Comment 8 cvs-commit@gcc.gnu.org 2015-02-20 03:01:24 UTC
The gdb-7.9-branch branch has been updated by Joel Brobecker <brobecke@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3b7a39661610038aad32563069b10fb2cfc55fab

commit 3b7a39661610038aad32563069b10fb2cfc55fab
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Wed Jan 14 12:01:38 2015 +0000

    Fix internal error when core file section is too big
    
    As reported in PR 17808, a test case with a forged (invalid) core file
    can crash GDB with an assertion failure.  In that particular case the
    prstatus of an i386 core file looks like that from an AMD64 core file.
    Consequently the respective regset supply function i386_supply_gregset
    is invoked with a larger buffer than usual.  But i386_supply_gregset
    asserts a specific buffer size, and this assertion fails.
    
    The patch relaxes all buffer size assertions in regset supply
    functions such that they merely check for a sufficiently large buffer.
    For consistency the regset collect functions are adjusted as well.
    
    gdb/ChangeLog:
    
    	PR corefiles/17808:
    	* gdbarch.sh (iterate_over_regset_sections_cb): Document this
    	function type, particularly its SIZE parameter.
    	* gdbarch.h: Regenerate.
    	* amd64-tdep.c (amd64_supply_fpregset): In gdb_assert, compare
    	actual against required size using ">=" instead of "==".
    	(amd64_collect_fpregset): Likewise.
    	* i386-tdep.c (i386_supply_gregset): Likewise.
    	(i386_collect_gregset): Likewise.
    	(i386_supply_fpregset): Likewise.
    	(i386_collect_fpregset): Likewise.
    	* mips-linux-tdep.c (mips_supply_gregset_wrapper): Likewise.
    	(mips_fill_gregset_wrapper): Likewise.
    	(mips_supply_fpregset_wrapper): Likewise.
    	(mips_fill_fpregset_wrapper): Likewise.
    	(mips64_supply_gregset_wrapper): Likewise.
    	(mips64_fill_gregset_wrapper): Likewise.
    	(mips64_supply_fpregset_wrapper): Likewise.
    	(mips64_fill_fpregset_wrapper): Likewise.
    	* mn10300-linux-tdep.c (am33_supply_gregset_method): Likewise.
    	(am33_supply_fpregset_method): Likewise.
    	(am33_collect_gregset_method): Likewise.
    	(am33_collect_fpregset_method): Likewise.
Comment 9 cvs-commit@gcc.gnu.org 2015-02-21 14:27:39 UTC
The master branch has been updated by Jan Kratochvil <jkratoch@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=97a0c6972eb9eb730df3817a95f351545a8f7cac

commit 97a0c6972eb9eb730df3817a95f351545a8f7cac
Author: Jan Kratochvil <jan.kratochvil@redhat.com>
Date:   Sat Feb 21 15:24:20 2015 +0100

    Testsuite patch for: i386: Fix internal error when prstatus in core file is too big
    
    gdb/testsuite/ChangeLog
    2015-02-21  Jan Kratochvil  <jan.kratochvil@redhat.com>
    
    	PR corefiles/17808
    	* gdb.arch/i386-biarch-core.core.bz2: New file.
    	* gdb.arch/i386-biarch-core.exp: New file.