The current chain walker tries to protect itself against loops, by only
works with loops of length 1: a chain that points to itself. If you have
a chain longer than that (3->4->3->4->...), readelf will still hang.
Since we know the max length of the chain, simply abort when we've walked
more times than that. The only way that could have happened is if there
was a loop.
* readelf.c (find_symbol_for_address): Use a binary search to
speed up symbol location. Skip check for function symbol type.
(*_unw_aux_info): Add funtab and nfuns fields contains a sorted
list of function symbols.
(dump_ia64_unwind): Initialise the funtab and nfuns fields and
pass them to find_symbol_for_address.
(dump_hppa_unwind): Likewise.
(arm_print_vma_and_name): Pass funtab to find_symbol_for_address.
(dump_arm_unwind): Initialise the funtab and nfuns fields.
ld * scripttempl/avr.sc: Add new user_signatures region. Define and Use
symbols for all region lengths.
* scripttempl/avrtiny.sc: Define and use symbols for all region lengths.
testsuite * ld-avr/region_overflow.d: New test.
* ld-avr/region_overflow.s: Likewise.
* msp430-sim.c (sim_open): Allocate memory regions matching those
declared in the libgloss/msp430 linker scripts.
Allow sim_load_file to fail.
(get_op): Test the correct address bit when checking for out of
range addresses.
Include the address in the error message when an illegal access to
the hardware multiplier is detected.
(put_op): Test the correct address bit when checking for out of
range addresses.
PR 18010
* powerpc.cc (Powerpc_relocate_functions::addr16_ds): Always
complain if value is not a multiple of four.
(Target_powerpc::Relocate::relocate): Correct handling of
R_POWERPC_GOT_TPREL16 and R_POWERPC_GOT_TPREL16_LO for ppc64.
I'm going to add an alternate mechanism of breakpoint trap
identification to 'check_stopped_by_breakpoint' that does not rely on
checking the instruction at PC. The mechanism currently used to tell
whether we're stepping over a permanent breakpoint doesn't fit in that
new method. This patch redoes the whole logic in a different way that
works with both old and new methods, in essence moving the "stepped
permanent breakpoint" detection "one level up". It makes lower level
check_stopped_by_breakpoint always the adjust the PC, and then has
linux_wait_1 advance the PC past the breakpoint if necessary. This
ends up being better also because this now handles
non-decr_pc_after_break targets too. Before, such targets would get
stuck forever reexecuting the breakpoint instruction.
Tested on x86_64 Fedora 20.
gdb/gdbserver/ChangeLog:
2015-02-23 Pedro Alves <palves@redhat.com>
* linux-low.c (check_stopped_by_breakpoint): Don't check if the
thread was doing a step-over; always adjust the PC if
we stepped over a permanent breakpoint.
(linux_wait_1): If we stepped over breakpoint that was on top of a
permanent breakpoint, manually advance the PC past it.
Because delete_breakpoints uses gdb_expect directly, an internal error
results in slow timeouts instead of quickly bailing out. This patch
rewrites the procedure to use gdb_test_multiple instead, while
preserving the existing general logic ("delete breakpoints" + "info
breakpoints").
gdb/testsuite/
2015-02-23 Pedro Alves <palves@redhat.com>
* lib/gdb.exp (delete_breakpoints): Rewrite using
gdb_test_multiple.
We need to be careful with parsing optional stop reasons that start
with an hex character ("awatch", "core"), as GDBs that aren't aware of
them parse them as real numbers. That's silly of course, given that
there should be a colon after those magic "numbers". So if strtol on
"abbz:" doesn't return "first invalid char" pointing to the colon, we
know that "abbz" isn't really a register number. It must be optional
stop info we don't know about. This adjusts GDB to work that way,
removing the need for the special casing done upfront:
/* If this packet is an awatch packet, don't parse the 'a'
as a register number. */
if (strncmp (p, "awatch", strlen("awatch")) != 0
&& strncmp (p, "core", strlen ("core") != 0))
For as long as we care about compatibility with GDB 7.9, we'll need to
continue to be careful about this, so I added a comment.
Tested on x86_64 Fedora 20, native gdbserver.
gdb/ChangeLog:
2015-02-23 Pedro Alves <palves@redhat.com>
* remote.c (skip_to_semicolon): New function.
(remote_parse_stop_reply) <T stop reply>: Use it. Don't
special case the stop reasons that look like hex numbers
upfront. Instead handle real register numbers after matching
all the known stop reasons.
PR 17940
* dwarf2dbg.c (out_header): When generating dwarf sections use
real symbols not temps for the start and end symbols.
* config/tc-msp430.h (TC_FORCE_RELOCATION_SUB_SAME): Also prevent
adjustments to relocations in debug sections.
(TC_LINKRELAX_FIXUP): Likewise.
* elf32-msp430.c (msp430_elf_relax_delete_bytes): Adjust debug
symbols at end of sections. Adjust function sizes.
Fixes:
> gdb compile failed, /gdb/testsuite/gdb.base/info-os.c: In function 'main':
> /gdb/testsuite/gdb.base/info-os.c:65:3: warning: implicit declaration of function 'atexit' [-Wimplicit-function-declaration]
> atexit (ipc_cleanup);
> ^
> FAIL: gdb.base/info-os.exp: cannot compile test program
with recent GCCs.
gdb/testsuite/ChangeLog:
2015-02-23 Pedro Alves <palves@redhat.com>
* gdb.base/info-os.c: Include stdlib.h.
$ make check RUNTESTFLAGS="--target_board=native-gdbserver/-m32 clone-thread_db.exp"
gdb.log shows:
Running target native-gdbserver/-m32
...
clone-thread_db: src/gdb/testsuite/gdb.threads/clone-thread_db.c:57: thread_fn: Assertion `res != -1' failed.
...
(gdb) FAIL: gdb.threads/clone-thread_db.exp: continue to end
That was waitpid returning -1 / EINTR. We don't see that when testing
with unix/-m32 (native debugging). Turns out to be that when
debugging a 32-bit inferior, a 64-bit GDBserver is reading/writing
$orig_eax from/to the wrong ptrace register buffer offset. When
gdbserver is 64-bit, the ptrace register buffer is in 64-bit layout,
so the register is found at "ORIG_EAX * 8", not at "ORIG_EAX * 4".
Fixes these with --target_board=native-gdbserver/-m32 on x86_64 Fedora 20:
-FAIL: gdb.threads/clone-thread_db.exp: continue to end
+PASS: gdb.threads/clone-thread_db.exp: continue to end
-FAIL: gdb.threads/hand-call-in-threads.exp: all dummies popped
+PASS: gdb.threads/hand-call-in-threads.exp: all dummies popped
PASS: gdb.threads/hand-call-in-threads.exp: breakpoint on all_threads_running
PASS: gdb.threads/hand-call-in-threads.exp: breakpoint on hand_call
PASS: gdb.threads/hand-call-in-threads.exp: disable scheduler locking
@@ -29339,15 +29331,15 @@ PASS: gdb.threads/hand-call-in-threads.e
PASS: gdb.threads/hand-call-in-threads.exp: discard hand call, thread 4
PASS: gdb.threads/hand-call-in-threads.exp: discard hand call, thread 5
PASS: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 1
-FAIL: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 2
-FAIL: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 3
-FAIL: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 4
+PASS: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 2
+PASS: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 3
+PASS: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 4
PASS: gdb.threads/hand-call-in-threads.exp: dummy stack frame number, thread 5
PASS: gdb.threads/hand-call-in-threads.exp: enable scheduler locking
PASS: gdb.threads/hand-call-in-threads.exp: hand call, thread 1
-FAIL: gdb.threads/hand-call-in-threads.exp: hand call, thread 2
-FAIL: gdb.threads/hand-call-in-threads.exp: hand call, thread 3
-FAIL: gdb.threads/hand-call-in-threads.exp: hand call, thread 4
+PASS: gdb.threads/hand-call-in-threads.exp: hand call, thread 2
+PASS: gdb.threads/hand-call-in-threads.exp: hand call, thread 3
+PASS: gdb.threads/hand-call-in-threads.exp: hand call, thread 4
PASS: gdb.threads/hand-call-in-threads.exp: hand call, thread 5
PASS: gdb.threads/hand-call-in-threads.exp: prepare to discard hand call, thread 1
PASS: gdb.threads/hand-call-in-threads.exp: prepare to discard hand call, thread 2
gdb/gdbserver/ChangeLog
2015-02-23 Pedro Alves <palves@redhat.com>
* linux-x86-low.c (REGSIZE): Define in both 32-bit and 64-bit
modes.
(x86_fill_gregset, x86_store_gregset): Use it when handling
$orig_eax.
gdb/testsuite/ChangeLog:
PR symtab/17855
* gdb.ada/exec_changed.exp: Add second test where symbol lookup cache
is read after symbols have been re-read.
* gdb.ada/exec_changed/first.adb (First): New procedure Break_Me.
* gdb.ada/exec_changed/second.adb (Second): Ditto.
This patch addresses two issues.
The basic problem is that "(anonymous namespace)" doesn't get entered
into the symbol table because when dwarf2read.c:new_symbol_full is called
the DIE has no name (dwarf2_name returns NULL).
PR 17976: ptype '(anonymous namespace)' should work like any namespace
PR 17821: perf issue looking up (anonymous namespace)
bash$ gdb monster-program
(gdb) mt set per on
(gdb) mt set symbol-cache-size 0
(gdb) break (anonymous namespace)::foo
Before:
Command execution time: 3.266289 (cpu), 6.169030 (wall)
Space used: 811429888 (+12910592 for this command)
After:
Command execution time: 1.264076 (cpu), 4.057408 (wall)
Space used: 798781440 (+0 for this command)
gdb/ChangeLog:
PR c++/17976, symtab/17821
* cp-namespace.c (cp_search_static_and_baseclasses): New parameter
is_in_anonymous. All callers updated.
(find_symbol_in_baseclass): Ditto.
(cp_lookup_nested_symbol_1): Ditto. Don't search all static blocks
for symbols in an anonymous namespace.
* dwarf2read.c (namespace_name): Don't call dwarf2_name, fetch
DW_AT_name directly.
(dwarf2_name): Convert missing namespace name to
CP_ANONYMOUS_NAMESPACE_STR.
gdeb/testsuite/ChangeLog:
* gdb.cp/anon-ns.exp: Add test for ptype '(anonymous namespace)'.
Binaries produced by most erc32 tool-chains do not include
system initialization. sis will detect this and initialize
necessary registers for memory and timer control.
gdb/testsuite/ChangeLog
2015-02-21 Jan Kratochvil <jan.kratochvil@redhat.com>
PR corefiles/17808
* gdb.arch/i386-biarch-core.core.bz2: New file.
* gdb.arch/i386-biarch-core.exp: New file.
The buildbot shows that the new
gdb.threads/multi-create-ns-info-thr.exp test is timing out when
tested with --target=native-extended-remote. The reason is:
No breakpoints or watchpoints.
(gdb) break main
Breakpoint 1 at 0x10000b00: file ../../../binutils-gdb/gdb/testsuite/gdb.threads/multi-create.c, line 72.
(gdb) run
Starting program: /home/gdb-buildbot/fedora-21-ppc64be-1/fedora-ppc64be-native-extended-gdbserver/build/gdb/testsuite/outputs/gdb.threads/multi-create-ns-info-thr/multi-cre
ate-ns-info-thr
Process /home/gdb-buildbot/fedora-21-ppc64be-1/fedora-ppc64be-native-extended-gdbserver/build/gdb/testsuite/outputs/gdb.threads/multi-create-ns-info-thr/multi-create-ns-inf
o-thr created; pid = 16266
Unexpected vCont reply in non-stop mode: T0501:00003fffffffd190;40:00000080560fe290;thread:p3f8a.3f8a;core:0;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(gdb) break multi-create.c:45
Breakpoint 2 at 0x10000994: file ../../../binutils-gdb/gdb/testsuite/gdb.threads/multi-create.c, line 45.
(gdb) commands
Type commands for breakpoint(s) 2, one per line.
Non-stop tests don't really work with the
--target_board=native-extended-remote board, because tests toggle
non-stop on after GDB is already connected to gdbserver, while
Currently, non-stop must be enabled before connecting.
This adjusts the test to bail if running to main fails, like all other
non-stop tests.
Note non-stop tests do work with --target_board=native-gdbserver.
gdb/testsuite/ChangeLog:
2015-02-21 Pedro Alves <palves@redhat.com>
* gdb.threads/multi-create-ns-info-thr.exp: Return early if
runto_main fails.
Commit 6f9b8491 (Adapt `info probes' to support printing probes of
different types.) added a new type column to "info probes". That
caused a solib-corrupted.exp regression:
~~~~~~~~~~~~~~~~~~~~~
Running /home/pedro/gdb/mygit/src/gdb/testsuite/gdb.base/solib-corrupted.exp ...
FAIL: gdb.base/solib-corrupted.exp: corrupted list
=== gdb Summary ===
# of expected passes 2
# of unexpected failures 1
~~~~~~~~~~~~~~~~~~~~~
Tested on x86_64 Fedora 20.
gdb/testsuite/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
* gdb.base/solib-corrupted.exp: Expect "stap" as first column of
info probes.
TL;DR - GDB can hang if something refreshes the thread list out of the
target while the target is running. GDB hangs inside td_ta_thr_iter.
The fix is to not use that libthread_db function anymore.
Long version:
Running the testsuite against my all-stop-on-top-of-non-stop series is
still exposing latent non-stop bugs.
I was originally seeing this with the multi-create.exp test, back when
we were still using libthread_db thread event breakpoints. The
all-stop-on-top-of-non-stop series forces a thread list refresh each
time GDB needs to start stepping over a breakpoint (to pause all
threads). That test hits the thread event breakpoint often, resulting
in a bunch of step-over operations, thus a bunch of thread list
refreshes while some threads in the target are running.
The commit adds a real non-stop mode test that triggers the issue,
based on multi-create.exp, that does an explicit "info threads" when a
breakpoint is hit. IOW, it does the same things the as-ns series was
doing when testing multi-create.exp.
The bug is a race, so it unfortunately takes several runs for the test
to trigger it. In fact, even when setting the test running in a loop,
it sometimes takes several minutes for it to trigger for me.
The race is related to libthread_db's td_ta_thr_iter. This is
libthread_db's entry point for walking the thread list of the
inferior.
Sometimes, when GDB refreshes the thread list from the target,
libthread_db's td_ta_thr_iter can somehow see glibc's thread list as a
cycle, and get stuck in an infinite loop.
The issue is that when a thread exits, its thread control structure in
glibc is moved from a "used" list to a "cache" list. These lists are
simply circular linked lists where the "next/prev" pointers are
embedded in the thread control structure itself. The "next" pointer
of the last element of the list points back to the list's sentinel
"head". There's only one set of "next/prev" pointers for both lists;
thus a thread can only be in one of the lists at a time, not in both
simultaneously.
So when thread C exits, simplifying, the following happens. A-C are
threads. stack_used and stack_cache are the list's heads.
Before:
stack_used -> A -> B -> C -> (&stack_used)
stack_cache -> (&stack_cache)
After:
stack_used -> A -> B -> (&stack_used)
stack_cache -> C -> (&stack_cache)
td_ta_thr_iter starts by iterating at the list's head's next, and
iterates until it sees a thread whose next pointer points to the
list's head again. Thus in the before case above, C's next points to
stack_used, indicating end of list. In the same case, the stack_cache
list is empty.
For each thread being iterated, td_ta_thr_iter reads the whole thread
object out of the inferior. This includes the thread's "next"
pointer.
In the scenario above, it may happen that td_ta_thr_iter is iterating
thread B and has already read B's thread structure just before thread
C exits and its control structure moves to the cached list.
Now, recall that td_ta_thr_iter is running in the context of GDB, and
there's no locking between GDB and the inferior. From it's local copy
of B, td_ta_thr_iter believes that the next thread after B is thread
C, so it happilly continues iterating to C, a thread that has already
exited, and is now in the stack cache list.
After iterating C, td_ta_thr_iter finds the stack_cache head, which
because it is not stack_used, td_ta_thr_iter assumes it's just another
thread. After this, unless the reverse race triggers, GDB gets stuck
in td_ta_thr_iter forever walking the stack_cache list, as no thread
in thatlist has a next pointer that points back to stack_used (the
terminating condition).
Before fully understanding the issue, I tried adding cycle detection
to GDB's td_ta_thr_iter callback. However, td_ta_thr_iter skips
calling the callback in some cases, which means that it's possible
that the callback isn't called at all, making it impossible for GDB to
break the loop. I did manage to get GDB stuck in that state more than
once.
Fortunately, we can avoid the issue altogether. We don't really need
td_ta_thr_iter for live debugging nowadays, given PTRACE_EVENT_CLONE.
We already know how to map and lwp id to a thread id without iterating
(thread_from_lwp), so use that more.
gdb/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
* linux-nat.c (linux_handle_extended_wait): Call
thread_db_notice_clone whenever a new clone LWP is detected.
(linux_stop_and_wait_all_lwps, linux_unstop_all_lwps): New
functions.
* linux-nat.h (thread_db_attach_lwp): Delete declaration.
(thread_db_notice_clone, linux_stop_and_wait_all_lwps)
(linux_unstop_all_lwps): Declare.
* linux-thread-db.c (struct thread_get_info_inout): Delete.
(thread_get_info_callback): Delete.
(thread_from_lwp): Use td_thr_get_info and record_thread.
(thread_db_attach_lwp): Delete.
(thread_db_notice_clone): New function.
(try_thread_db_load_1): If /proc is mounted and shows the
process'es task list, walk over all LWPs and call thread_from_lwp
instead of relying on td_ta_thr_iter.
(attach_thread): Don't call check_thread_signals here. Split the
tail part of the function (which adds the thread to the core GDB
thread list) to ...
(record_thread): ... this function. Call check_thread_signals
here.
(thread_db_wait): Don't call thread_db_find_new_threads_1. Always
call thread_from_lwp.
(thread_db_update_thread_list): Rename to ...
(thread_db_update_thread_list_org): ... this.
(thread_db_update_thread_list): New function.
(thread_db_find_thread_from_tid): Delete.
(thread_db_get_ada_task_ptid): Simplify.
* nat/linux-procfs.c: Include <sys/stat.h>.
(linux_proc_task_list_dir_exists): New function.
* nat/linux-procfs.h (linux_proc_task_list_dir_exists): Declare.
gdb/gdbserver/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
* thread-db.c: Include "nat/linux-procfs.h".
(thread_db_init): Skip listing new threads if the kernel supports
PTRACE_EVENT_CLONE and /proc/PID/task/ is accessible.
gdb/testsuite/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
* gdb.threads/multi-create-ns-info-thr.exp: New file.
This function has a few latent bugs that are triggered by a non-stop
mode test that will be added in a subsequent patch.
First, as described in the function's intro comment, the function is
supposed to return 1 if we're already auto attached to the thread, but
haven't processed the PTRACE_EVENT_CLONE event of its parent thread
yet.
Then, we may find that we're trying to attach to a clone child that
hasn't yet stopped for its initial stop, and therefore 'waitpid(...,
WNOHANG)' returns 0. In that case, we're currently adding the LWP to
the stopped_pids list, which results in linux_handle_extended_wait
skipping the waitpid call on the child, and thus confusing things
later on when the child eventually reports the stop.
Then, the tail end of lin_lwp_attach_lwp always sets the
last_resume_kind of the LWP to resume_stop, which is wrong given that
the user may be doing "info threads" while some threads are running.
And then, the else branch of lin_lwp_attach_lwp always sets the
stopped flag of the LWP. This branch is reached if the LWP is the
main LWP, which may well be running at this point (to it's wrong to
set its 'stopped' flag).
AFAICS, there's no reason anymore for special-casing the main/leader
LWP here:
- For the "attach" case, linux_nat_attach already adds the main LWP to
the lwp list, and sets its 'stopped' flag.
- For the "run" case, after linux_nat_create_inferior, end up in
linux_nat_wait_1 here:
/* The first time we get here after starting a new inferior, we may
not have added it to the LWP list yet - this is the earliest
moment at which we know its PID. */
if (ptid_is_pid (inferior_ptid))
{
/* Upgrade the main thread's ptid. */
thread_change_ptid (inferior_ptid,
ptid_build (ptid_get_pid (inferior_ptid),
ptid_get_pid (inferior_ptid), 0));
lp = add_initial_lwp (inferior_ptid);
lp->resumed = 1;
}
... which adds the LWP to the LWP list already, before
lin_lwp_attach_lwp can ever be reached.
gdb/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
* linux-nat.c (lin_lwp_attach_lwp): No longer special case the
main LWP. Handle the case of waitpid returning 0 if we're already
attached to the LWP. Don't set the LWP's last_resume_kind to
resume_stop if we already knew about the LWP.
(linux_nat_filter_event): Add debug logs.
The definition was removed a year ago, but the declaration managed to
stay behind.
gdb/ChangeLog
2015-02-20 Pedro Alves <palves@redhat.com>
* target.h (forward_target_decr_pc_after_break): Delete
declaration.
Another fix I'm working made schedlock.exp fail with gdbserver
frequently. Looking deeper, it turns out to be a pre-existing bug.
status_pending_p_callback is filtering out LWPs incorrectly. The
result is that that sometimes status_pending_p_callback returns a
pending event for an LWP that isn't expected, and then GDBserver gets
very confused.
E.g,. when doing a step-over, linux_wait_for_event is called with a
particular LWP's ptid, meaning events for all other LWPs should be
left pending, but here we see it retuning an event for some other LWP:
linux_wait_1: [<all threads>]
step_over_bkpt set [LWP 29577.29577], doing a blocking wait <--------
my_waitpid (-1, 0x40000001)
my_waitpid (-1, 0x80000001): status(57f), 0
LWFE: waitpid(-1, ...) returned 0, ERRNO-OK
pc is 0x4007a0
src/gdb/gdbserver/linux-low.c:2587: A problem internal to GDBserver has been detected.
linux_wait_1: got event for 29581 <--------
Remote connection closed
(gdb) FAIL: gdb.threads/schedlock.exp: continue to breakpoint: return to loop (initial)
delete breakpoints
Tested on x86_64 Fedora 20.
gdb/gdbserver/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
* linux-low.c (status_pending_p_callback): Use ptid_match.
$ make check RUNTESTFLAGS="--target_board=native-gdbserver no-attach-trace.exp"
...
(gdb) trace main
Tracepoint 1 at 0x400594: file /home/pedro/gdb/mygit/src/gdb/testsuite/gdb.trace/no-attach-trace.c, line 25.
(gdb) PASS: gdb.trace/no-attach-trace.exp: set tracepoint on main
tstart
You can't do that when your target is `exec'
(gdb) FAIL: gdb.trace/no-attach-trace.exp: tstart
Even though this target supports tracing, the test restarts GDB and
doesn't do gdb_run_cmd so does not reconnect to the remote target. So
at that point, GDB only has the "exec" target, which obviously doesn't
do tracing.
The test is about doing "tstart" before running a program, so the fix
is to do gdb_target_supports_trace with whatever target GDB ends up
connected after clean_restart.
Tested on x86_64 Fedora 20, native, native-gdbserver and
native-extended-gdbserver boards. The test passes with the latter,
and is skipped with the first two.
gdb/testsuite/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
* gdb.trace/no-attach-trace.exp: Don't run to main. Do
clean_restart before gdb_target_supports_trace.
On GNU/Linux, if a pthreaded program has a thread call clone(CLONE_VM)
directly, and then that clone LWP hits a debug event (breakpoint,
etc.) GDB internal errors. Threaded programs shouldn't really be
calling clone directly, but GDB shouldn't crash either.
The crash looks like this:
(gdb) break clone_fn
Breakpoint 2 at 0x4007d8: file clone-thread_db.c, line 35.
(gdb) r
...
[Thread debugging using libthread_db enabled]
...
src/gdb/linux-nat.c:1030: internal-error: lin_lwp_attach_lwp: Assertion `lwpid > 0' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
The problem is that 'clone' ends up clearing the parent thread's tid
field in glibc's thread data structure. For x86_64, the glibc code in
question is here:
sysdeps/unix/sysv/linux/x86_64/clone.S:
...
testq $CLONE_THREAD, %rdi
jne 1f
testq $CLONE_VM, %rdi
movl $-1, %eax <----
jne 2f
movl $SYS_ify(getpid), %eax
syscall
2: movl %eax, %fs:PID
movl %eax, %fs:TID <----
1:
When GDB refreshes the thread list out of libthread_db, it finds a
thread with LWP with pid -1 (the clone's parent), which naturally
isn't yet on the thread list. GDB then tries to attach to that bogus
LWP id, which is caught by that assertion.
The fix is to detect the bad PID early.
Tested on x86-64 Fedora 20. GDBserver doesn't need any fix.
gdb/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
PR threads/18006
* linux-thread-db.c (thread_get_info_callback): Return early if
the thread's lwp id is -1.
gdb/testsuite/ChangeLog:
2015-02-20 Pedro Alves <palves@redhat.com>
PR threads/18006
* gdb.threads/clone-thread_db.c: New file.
* gdb.threads/clone-thread_db.exp: New file.
The IBM z13 has new 128-bit wide vector registers v0-v31, where v0-v15
include the existing 64-bit wide floating point registers. The Linux
kernel presents the vector registers as two additional register sets,
one for the right halves of v0-v15 and another one for the full
registers v16-v31. Thus a new core file may contain two new register
note sections, and this patch adds support to binutils for them.
bfd/
* elf-bfd.h (elfcore_write_s390_vxrs_low): Add prototype.
(elfcore_write_s390_vxrs_high): Likewise.
* elf.c (elfcore_grok_s390_vxrs_low): New function.
(elfcore_grok_s390_vxrs_high): New function.
(elfcore_grok_note): Call them.
(elfcore_write_s390_vxrs_low): New function.
(elfcore_write_s390_vxrs_high): New function.
(elfcore_write_register_note): Call them.
binutils/
* readelf.c (get_note_type): Add NT_S390_VXRS_LOW and
NT_S390_VXRS_HIGH.
include/elf/
* common.h (NT_S390_VXRS_LOW): New macro.
(NT_S390_VXRS_HIGH): Likewise.
These look like left over hacks from the days where we had to protect
ourselves from the compiler and C library. None of these checks are
relevant, and we have common configure logic to do header tests. Punt
them all now.
