Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 592031 - gdb gets stuck on multi-threaded program which calls setuid() frequently
gdb gets stuck on multi-threaded program which calls setuid() frequently
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: gdb (Show other bugs)
5.5
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: Jan Kratochvil
qe-baseos-tools
: Reopened
Depends On: 628351
Blocks: 639647
  Show dependency treegraph
 
Reported: 2010-05-13 13:56 EDT by Martin Osvald
Modified: 2018-11-14 15:35 EST (History)
3 users (show)

See Also:
Fixed In Version: gdb-7.0.1-31.el5
Doc Type: Bug Fix
Doc Text:
GDB could have lost important debugging information provided by the siginfo_t part of a POSIX signal during the debugging process. This update ensures that GDB preserves the associated siginfo_t information, and that debugging is transparent to the application, even in multithreaded programs with the setuid() function.
Story Points: ---
Clone Of:
: 639647 (view as bug list)
Environment:
Last Closed: 2011-01-13 18:54:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
reproducer (632 bytes, text/x-csrc)
2010-05-13 13:56 EDT, Martin Osvald
no flags Details
Proof of concept FSF GDB HEAD fix. (159.12 KB, patch)
2010-07-08 20:09 EDT, Jan Kratochvil
no flags Details | Diff
Updated fix on top of FSF GDB HEAD. (200.07 KB, patch)
2010-08-29 11:58 EDT, Jan Kratochvil
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0099 normal SHIPPED_LIVE gdb bug fix update 2011-01-12 12:21:16 EST

  None (edit)
Description Martin Osvald 2010-05-13 13:56:46 EDT
Created attachment 413842 [details]
reproducer

Description of problem:

When running a multi-threaded application which calls setuid() frequently, gdb gets stuck. This happens only on machines with 2 or more cpu cores and only under gdb.


Version-Release number of selected component (if applicable):

latest gdb RHEL5.5 (7.x branch) and prior (also 6.x branch)
can be reproduced also on Fedora 12


How reproducible:

always


Steps to Reproduce:

1. Compile attached reproducer:

$ gcc -lpthread -g -o reproducer reproducer.c

2. and run it under gdb and wait a while:

$ gdb ./reproducer
(gdb) r


Actual results:

...
j[Thread 0x41401940 (LWP 4090) exited]
c[New Thread 0x41401940 (LWP 4091)]
juc[Thread 0x41401940 (LWP 4091) exited]
[New Thread 0x41401940 (LWP 4092)]
j[Thread 0x41401940 (LWP 4092) exited]
c[New Thread 0x41401940 (LWP 4093)]
juc[Thread 0x41401940 (LWP 4093) exited]
[New Thread 0x41401940 (LWP 4094)]
jc[Thread 0x41401940 (LWP 4094) exited]
u[New Thread 0x41401940 (LWP 4095)]
j[Thread 0x41401940 (LWP 4095) exited]
c[New Thread 0x41401940 (LWP 4096)]
juc[Thread 0x41401940 (LWP 4096) exited]
[New Thread 0x41401940 (LWP 4097)]
ju[Thread 0x41401940 (LWP 4097) exited]

<stuck>
     
Program received signal SIGINT, Interrupt.
0x00000037dfc0613e in __nptl_setxid () from /lib64/libpthread.so.0
(gdb) thread apply all bt

Thread 2 (Thread 0x40a00940 (LWP 3933)):
#0  0x00000037dfc0d2ae in __lll_lock_wait_private () from /lib64/libpthread.so.0
#1  0x00000037dfc0757e in _L_lock_2370 () from /lib64/libpthread.so.0
#2  0x00000037dfc063ab in __deallocate_stack () from /lib64/libpthread.so.0
#3  0x00000037dfc0791a in pthread_join () from /lib64/libpthread.so.0
#4  0x00000000004007a2 in spawner (arg=0x0) at reproducer.c:18
#5  0x00000037dfc06617 in start_thread () from /lib64/libpthread.so.0
#6  0x00000037df0d3c2d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x2aaaaaac18a0 (LWP 3930)):
#0  0x00000037dfc0613e in __nptl_setxid () from /lib64/libpthread.so.0
#1  0x00000037df09aefd in setuid () from /lib64/libc.so.6
#2  0x00000000004007e1 in main () at reproducer.c:28
(gdb)


Expected results:

gdb shouldn't get stuck


Additional info:

This could be related to race condition with setuid() in glibc which was fixed recently, see the following BZ:

https://bugzilla.redhat.com/show_bug.cgi?id=491995
Comment 1 Jan Kratochvil 2010-07-02 08:20:30 EDT
I cannot reproduce it on x86-64-5s-3-m1.ss.eng.bos.redhat.com where I could reproduce the glibc Bug 491995.

Also from the dump above I do not see GDB to be stuck, just the inferior got stuck and GDB was able to interrupt it.

Please reopen this Bug if you do not find this problem fixed by the glibc fix.
Comment 2 Jan Kratochvil 2010-07-02 08:27:10 EDT
While not reproducible on RHEL-5 I got it reproducile on F-13.
Comment 4 Jan Kratochvil 2010-07-08 20:09:38 EDT
Created attachment 430504 [details]
Proof of concept FSF GDB HEAD fix.

Confirming it is fixable just in GDB.  RHEL will need some different form of fix.
Comment 5 Jan Kratochvil 2010-08-29 11:58:48 EDT
Created attachment 441807 [details]
Updated fix on top of FSF GDB HEAD.

This functionality requires kernel backport of rt_tgsigqueueinfo, filing it.
Comment 8 Eva Kopalova 2010-11-16 12:03:24 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
GDB could have lost important debugging information provided by the siginfo_t part of a POSIX signal during the debugging process. This update ensures that GDB preserves the associated siginfo_t information, and that debugging is transparent to the application, even in multithreaded programs with the setuid() function.
Comment 11 errata-xmlrpc 2011-01-13 18:54:12 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0099.html

Note You need to log in before you can comment on or make changes to this bug.