Bug 1373239

Summary: dyninst: Process::attachProcess segfaults
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: dyninstAssignee: Josh Stone <jistone>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: fche, jistone, lberk, orion, wcohen
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: dyninst-9.2.0-4.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-14 19:50:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
dyninst-reattach-loop.cpp none

Description Florian Weimer 2016-09-05 15:01:39 UTC 
Created attachment 1197970 [details]
dyninst-reattach-loop.cpp

Description of problem:

Process::processAttach() crashes for a valid PID.  It does not seem to matter whether the target process has debugging information available or not.

Version-Release number of selected component (if applicable):

dyninst-9.2.0-3.fc26.x86_64

How reproducible:

Always.

Steps to Reproduce:
1. Run the program with $$ (current bash PID) as an argument.

Actual results:

Program crashes in the attachProcess call.

Expected results:

Program keeps running after the attachProcess call.

Additional info:

More information from GDB:

#0  linux_process::computeAddrWidth (this=this@entry=0x632510)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/linux.C:908
#1  0x00007ffff7b34eb1 in linux_x86_process::getTargetArch (this=0x632510)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/linux.C:1205
#2  0x00007ffff7a927fd in int_process::getAddressWidth (this=<optimized out>)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:1927
#3  0x00007ffff7a928af in int_process::readMem (this=this@entry=0x6327a8, remote=140301313389456, result=..., 
    thr=thr@entry=0x0) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:1465
#4  0x00007ffff7a95d9c in sw_breakpoint::saveBreakpointData (this=this@entry=0x933240, proc=proc@entry=0x6327a8, 
    read_response=...) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:5062
#5  0x00007ffff7a96149 in sw_breakpoint::prepBreakpoint (this=0x933240, proc=proc@entry=0x6327a8, mem_resp=...)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:5178
#6  0x00007ffff7abe781 in int_process::addBreakpoint_phase1 (this=this@entry=0x6327a8, is=is@entry=0x7fffffffdfb0)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:1974
#7  0x00007ffff7abea44 in sw_breakpoint::create (proc=proc@entry=0x6327a8, bp=<optimized out>, 
    addr=addr@entry=140301313389456) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:5005
#8  0x00007ffff7abed7c in int_process::addBreakpoint (this=0x6327a8, addr=addr@entry=140301313389456, 
    bp=<optimized out>) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:2038
#9  0x00007ffff7b21c74 in sysv_process::initLibraryMechanism (this=0x632510)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/sysv.C:229
#10 0x00007ffff7b223a2 in sysv_process::refresh_libraries (this=0x632510, added_libs=std::set with 0 elements, 
    rmd_libs=std::set with 0 elements, waiting_for_async=@0x7fffffffe1ff: false, 
    async_responses=std::set with 0 elements) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/sysv.C:244
#11 0x00007ffff7aa9378 in int_process::initializeAddressSpace (this=0x6327a8, 
    async_responses=std::set with 0 elements)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:666
#12 0x00007ffff7aa9573 in int_process::post_attach (this=<optimized out>, async_responses=std::set with 0 elements)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:683
#13 0x00007ffff7b2aa95 in thread_db_process::post_attach (this=0x632560, wasDetached=<optimized out>, 
    aresps=std::set with 0 elements)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/int_thread_db.C:1069
#14 0x00007ffff7ac4200 in int_process::attach (ps=ps@entry=0x7fffffffe550, reattach=reattach@entry=false)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:482
#15 0x00007ffff7ac5234 in Dyninst::ProcControlAPI::Process::attachProcess (pid=20913, executable="")
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:6245
#16 0x000000000040081e in main (argc=<optimized out>, argv=0x7fffffffe718) at t.cpp:21
(gdb) l
903        int word_size = 8;
904
905        // We want to check the highest 4 bytes of each integer
906        // On big-endian systems, these come first in memory
907        SymReader *objSymReader = getSymReader()->openSymbolReader(getExecutable());
908        int start_index = objSymReader->isBigEndianDataEncoding() ? 0 : 1;
909
910        for (long int i=start_index; i<words_read; i+= 4)
911        {
912           if (buffer[i] != 0) {
#0  linux_process::computeAddrWidth (this=this@entry=0x632510)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/linux.C:908
#1  0x00007ffff7b34eb1 in linux_x86_process::getTargetArch (this=0x632510)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/linux.C:1205
#2  0x00007ffff7a927fd in int_process::getAddressWidth (this=<optimized out>)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:1927
#3  0x00007ffff7a928af in int_process::readMem (this=this@entry=0x6327a8, remote=140301313389456, result=..., 
    thr=thr@entry=0x0) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:1465
#4  0x00007ffff7a95d9c in sw_breakpoint::saveBreakpointData (this=this@entry=0x933240, proc=proc@entry=0x6327a8, 
    read_response=...) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:5062
#5  0x00007ffff7a96149 in sw_breakpoint::prepBreakpoint (this=0x933240, proc=proc@entry=0x6327a8, mem_resp=...)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:5178
#6  0x00007ffff7abe781 in int_process::addBreakpoint_phase1 (this=this@entry=0x6327a8, is=is@entry=0x7fffffffdfb0)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:1974
#7  0x00007ffff7abea44 in sw_breakpoint::create (proc=proc@entry=0x6327a8, bp=<optimized out>, 
    addr=addr@entry=140301313389456) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:5005
#8  0x00007ffff7abed7c in int_process::addBreakpoint (this=0x6327a8, addr=addr@entry=140301313389456, 
    bp=<optimized out>) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:2038
#9  0x00007ffff7b21c74 in sysv_process::initLibraryMechanism (this=0x632510)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/sysv.C:229
#10 0x00007ffff7b223a2 in sysv_process::refresh_libraries (this=0x632510, added_libs=std::set with 0 elements, 
    rmd_libs=std::set with 0 elements, waiting_for_async=@0x7fffffffe1ff: false, 
    async_responses=std::set with 0 elements) at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/sysv.C:244
#11 0x00007ffff7aa9378 in int_process::initializeAddressSpace (this=0x6327a8, 
    async_responses=std::set with 0 elements)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:666
#12 0x00007ffff7aa9573 in int_process::post_attach (this=<optimized out>, async_responses=std::set with 0 elements)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:683
#13 0x00007ffff7b2aa95 in thread_db_process::post_attach (this=0x632560, wasDetached=<optimized out>, 
    aresps=std::set with 0 elements)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/int_thread_db.C:1069
#14 0x00007ffff7ac4200 in int_process::attach (ps=ps@entry=0x7fffffffe550, reattach=reattach@entry=false)
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:482
#15 0x00007ffff7ac5234 in Dyninst::ProcControlAPI::Process::attachProcess (pid=20913, executable="")
    at /usr/src/debug/dyninst-9.2.0/dyninst-9.2.0/proccontrol/src/process.C:6245
#16 0x000000000040081e in main (argc=<optimized out>, argv=0x7fffffffe718) at t.cpp:21
(gdb) l
903        int word_size = 8;
904
905        // We want to check the highest 4 bytes of each integer
906        // On big-endian systems, these come first in memory
907        SymReader *objSymReader = getSymReader()->openSymbolReader(getExecutable());
908        int start_index = objSymReader->isBigEndianDataEncoding() ? 0 : 1;
909
910        for (long int i=start_index; i<words_read; i+= 4)
911        {
912           if (buffer[i] != 0) {
Comment 1 Josh Stone 2016-09-14 18:12:48 UTC 
This is https://github.com/dyninst/dyninst/pull/147

I was hoping 9.2.1 wouldn't be long, but I'll go pull this fix to rawhide now.
Comment 2 Josh Stone 2016-09-14 19:50:26 UTC 
Rawhide is done, and I confirmed this doesn't crash anymore.  I'll do f25 too.