2192169 – [abrt] gdb-headless: abort_with_message(): gdb killed by SIGABRT

Bug 2192169 - [abrt] gdb-headless: abort_with_message(): gdb killed by SIGABRT

Summary: [abrt] gdb-headless: abort_with_message(): gdb killed by SIGABRT

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gdb
Sub Component:
Version:	38
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kevin Buettner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://retrace.fedoraproject.org/faf...
Whiteboard:	abrt_hash:db5b70fe6ce08b7920ed1fa1aa1...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-04-30 04:41 UTC by alex
Modified:	2023-12-04 16:31 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-12-04 16:31:25 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: proc_pid_status (1.37 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: maps (3.97 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: limits (1.29 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: environ (2.66 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: open_fds (864 bytes, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: mountinfo (3.38 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: os_info (667 bytes, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: cpuinfo (2.63 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: core_backtrace (20.51 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: dso_list (2.05 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
File: backtrace (58.71 KB, text/plain) 2023-04-30 04:41 UTC, alex	no flags	Details
View All

Description alex 2023-04-30 04:41:16 UTC

Description of problem:
I'm running GDB using the pwntools Python library with a wrapper script that redirects the input and output to a tty. I can reliably reproduce this.

I have this script running in one terminal:

#!/bin/sh

set -e

tty > ~/.pwntools-tty
tail -f /dev/null

I have pwntools set to use this script as its "terminal":

#!/bin/sh

exec "$@" <>"$(cat ~/.pwntools-tty)" >&0 2>&1

And I'm running this Python script in another terminal:

#!/usr/bin/env python3

from pwn import *

p = process("cat")
gdb.attach(p)
p.sendline(b"hello")
p.recvuntil(b"hello")

The error occurs when I use the "c" command after GDB attaches.

Version-Release number of selected component:
gdb-headless-13.1-3.fc38

Additional info:
reporter:       libreport-2.17.9
type:           CCpp
reason:         gdb killed by SIGABRT
journald_cursor: s=f3635aede3f44a52b4801af25ca989d3;i=319e;b=ded6fc014ff64e22bd86c2f27c07ffec;m=fc93e0a;t=5fa861faa73d2;x=3147d795e4c664ce
executable:     /usr/libexec/gdb
cmdline:        /usr/bin/gdb -q /usr/bin/cat 1976
cgroup:         0::/user.slice/user-1000.slice/session-3.scope
rootdir:        /
uid:            1000
kernel:         6.2.13-300.fc38.x86_64
package:        gdb-headless-13.1-3.fc38
runlevel:       N 5
backtrace_rating: 4
crash_function: abort_with_message

Truncated backtrace:
Thread no. 1 (33 frames)
 #9 abort_with_message at ../../gdb/utils.c:183
 #10 internal_vproblem(internal_problem *, const char *, int, const char *, typedef __va_list_tag __va_list_tag *) at ../../gdb/utils.c:343
 #11 internal_verror at ../../gdb/utils.c:476
 #12 internal_error_loc at ../../gdbsupport/errors.cc:58
 #13 linux_nat_target::detach at ../../gdb/linux-nat.c:406
 #14 thread_db_target::detach at ../../gdb/linux-thread-db.c:1384
 #15 target_detach at ../../gdb/target.c:2535
 #16 kill_or_detach at ../../gdb/top.c:1735
 #17 quit_force at ../../gdb/top.c:1830
 #18 quit at ../../gdb/utils.c:676
 #19 maybe_quit at ../../gdb/utils.c:703
 #20 stdin_event_handler at ../../gdb/event-top.c:539
 #21 gdb_wait_for_event at ../../gdbsupport/event-loop.cc:716
 #22 gdb_do_one_event at ../../gdbsupport/event-loop.cc:264
 #23 gdb_readline_wrapper at ../../gdb/top.c:1171
 #24 defaulted_query(const char *, char, typedef __va_list_tag __va_list_tag *) at /usr/include/c++/13/bits/basic_string.h:233
 #25 query at ../../gdb/utils.c:1016
 #26 internal_vproblem(internal_problem *, const char *, int, const char *, typedef __va_list_tag __va_list_tag *) at ../../gdb/utils.c:407
 #27 internal_verror at ../../gdb/utils.c:476
 #28 internal_error_loc at ../../gdbsupport/errors.cc:58
 #29 x86_linux_update_debug_registers at ../../gdb/nat/x86-linux-dregs.c:146
 #30 detach_one_lwp at ../../gdb/linux-nat.c:1359
 #31 linux_nat_target::detach at ../../gdb/linux-nat.c:1426
 #32 thread_db_target::detach at ../../gdb/linux-thread-db.c:1384
 #33 target_detach at ../../gdb/target.c:2535
 #34 kill_or_detach at ../../gdb/top.c:1735
 #35 quit_force at ../../gdb/top.c:1830
 #36 invoke_async_signal_handlers at ../../gdb/async-event.c:233
 #37 gdb_do_one_event at ../../gdbsupport/event-loop.cc:199
 #38 start_event_loop at ../../gdb/main.c:411
 #39 captured_command_loop at ../../gdb/main.c:471
 #40 captured_main at ../../gdb/main.c:1330
 #41 gdb_main at ../../gdb/main.c:1345

Comment 1 alex 2023-04-30 04:41:19 UTC

Created attachment 1961107 [details]
File: proc_pid_status

Comment 2 alex 2023-04-30 04:41:21 UTC

Created attachment 1961108 [details]
File: maps

Comment 3 alex 2023-04-30 04:41:23 UTC

Created attachment 1961109 [details]
File: limits

Comment 4 alex 2023-04-30 04:41:24 UTC

Created attachment 1961110 [details]
File: environ

Comment 5 alex 2023-04-30 04:41:26 UTC

Created attachment 1961111 [details]
File: open_fds

Comment 6 alex 2023-04-30 04:41:28 UTC

Created attachment 1961112 [details]
File: mountinfo

Comment 7 alex 2023-04-30 04:41:29 UTC

Created attachment 1961113 [details]
File: os_info

Comment 8 alex 2023-04-30 04:41:31 UTC

Created attachment 1961114 [details]
File: cpuinfo

Comment 9 alex 2023-04-30 04:41:32 UTC

Created attachment 1961115 [details]
File: core_backtrace

Comment 10 alex 2023-04-30 04:41:34 UTC

Created attachment 1961116 [details]
File: dso_list

Comment 11 alex 2023-04-30 04:41:35 UTC

Created attachment 1961117 [details]
File: backtrace

Comment 12 Kevin Buettner 2023-05-09 22:33:32 UTC

(In reply to alex from comment #0)

> I have pwntools set to use this script as its "terminal":
> 
> #!/bin/sh
> 
> exec "$@" <>"$(cat ~/.pwntools-tty)" >&0 2>&1
> 

I'm unfamiliar with pwntools. Can you explain what I need to do to make pwntools use the above script as its "terminal"?

(I would like to try to reproduce this problem on one of my machines...)

Kevin

Comment 13 alex 2023-05-09 23:45:08 UTC

You can do `context.terminal = ["/path/to/script"]` in the Python script. I'm able to reproduce it with these steps:

1. Run `tty` in one terminal to get the tty and then run `tail -f /dev/null`.
2. Make a script like this to attach a program to that tty:

#!/bin/sh
exec "$@" <>/dev/pts/0 >&0 2>&1

3. Run this Python script in another terminal:

from pwn import *
context.terminal = ["./term-wrapper"]
p = process("cat")
gdb.attach(p)
p.sendline(b"")
p.recvline()

GDB should open in the first terminal and the error occurs after running the `c` command. When typing the Python code in an interactive interpreter I noticed that the error occurs only when the interpreter exits. I've tried reproducing this without pwntools but haven't been successful so far.

Comment 14 Kevin Buettner 2023-05-09 23:55:00 UTC

Thanks! I'm now able to reproduce this bug.

Comment 15 Kevin Buettner 2023-12-04 16:31:25 UTC

The bug was that the LWP for the recently killed inferior was still in GDB's list of LWPs.  While shutting down (due to the SIGTERM sent to GDB), GDB was attempting to detach this LWP, but since it had been killed, it caused an assert, resulting in an internal error.

This bug has been fixed by upstream commit 57e6a098ae5.

Closing this bug...

Note You need to log in before you can comment on or make changes to this bug.