)]}'
{
  "commit": "57e6a098ae51df8162ad5c5689d1a1e09c6f9a66",
  "tree": "5357cc9e4c8e7aa61ed4b44c2c4bad3c0ad72f25",
  "parents": [
    "b0732c2010940d6b7cd704cdcb1527f28705c2e2"
  ],
  "author": {
    "name": "Kevin Buettner",
    "email": "kevinb@redhat.com",
    "time": "Sat Dec 02 20:25:31 2023 -0700"
  },
  "committer": {
    "name": "Kevin Buettner",
    "email": "kevinb@redhat.com",
    "time": "Sat Dec 02 20:27:05 2023 -0700"
  },
  "message": "Fix detach bug when lwp has exited/terminated\n\nWhen using GDB on native linux, it can happen that, while attempting\nto detach an inferior, the inferior may have been exited or have been\nkilled, yet still be in the list of lwps.  Should that happen, the\nassert in x86_linux_update_debug_registers in\ngdb/nat/x86-linux-dregs.c will trigger.  The line in question looks\nlike this:\n\n  gdb_assert (lwp_is_stopped (lwp));\n\nFor this case, the lwp isn\u0027t stopped - it\u0027s dead.\n\nThe bug which brought this problem to my attention is one in which the\npwntools library uses GDB to to debug a process; as the script is\nshutting things down, it kills the process that GDB is debugging and\nalso sends GDB a SIGTERM signal, which causes GDB to detach all\ninferiors prior to exiting.  Here\u0027s a link to the bug:\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d2192169\n\nThe following shell command mimics part of what the pwntools\nreproducer script does (with regard to shutting things down), but\nreproduces the bug much less reliably.  I have found it necessary to\nrun the command a bunch of times before seeing the bug.  (I usually\nsee it within 5-10 repetitions.)  If you choose to try this command,\nmake sure that you have no running \"cat\" or \"gdb\" processes first!\n\n  cat \u003c/dev/zero \u003e/dev/null \u0026 \\\n  (sleep 5; (kill -KILL `pgrep cat` \u0026 kill -TERM `pgrep gdb`)) \u0026 \\\n  sleep 1 ; \\\n  gdb -q -iex \u0027set debuginfod enabled off\u0027 -ex \u0027set height 0\u0027 \\\n      -ex c /usr/bin/cat `pgrep cat`\n\nSo, basically, the idea here is to kill both gdb and cat at roughly\nthe same time.  If we happen to attempt the detach before the process\nlwp has been deleted from GDB\u0027s (linux native) LWP data structures,\nthen the assert will trigger.  The relevant part of the backtrace\nlooks like this:\n\n  #8  0x00000000008a83ae in x86_linux_update_debug_registers (lwp\u003d0x1873280)\n      at gdb/nat/x86-linux-dregs.c:146\n  #9  0x00000000008a862f in x86_linux_prepare_to_resume (lwp\u003d0x1873280)\n      at gdb/nat/x86-linux.c:81\n  #10 0x000000000048ea42 in x86_linux_nat_target::low_prepare_to_resume (\n      this\u003d0x121eee0 \u003cthe_amd64_linux_nat_target\u003e, lwp\u003d0x1873280)\n      at gdb/x86-linux-nat.h:70\n  #11 0x000000000081a452 in detach_one_lwp (lp\u003d0x1873280, signo_p\u003d0x7fff8ca3441c)\n      at gdb/linux-nat.c:1374\n  #12 0x000000000081a85f in linux_nat_target::detach (\n      this\u003d0x121eee0 \u003cthe_amd64_linux_nat_target\u003e, inf\u003d0x16e8f70, from_tty\u003d0)\n      at gdb/linux-nat.c:1450\n  #13 0x000000000083a23b in thread_db_target::detach (\n      this\u003d0x1206ae0 \u003cthe_thread_db_target\u003e, inf\u003d0x16e8f70, from_tty\u003d0)\n      at gdb/linux-thread-db.c:1385\n  #14 0x0000000000a66722 in target_detach (inf\u003d0x16e8f70, from_tty\u003d0)\n      at gdb/target.c:2526\n  #15 0x0000000000a8f0ad in kill_or_detach (inf\u003d0x16e8f70, from_tty\u003d0)\n      at gdb/top.c:1659\n  #16 0x0000000000a8f4fa in quit_force (exit_arg\u003d0x0, from_tty\u003d0)\n      at gdb/top.c:1762\n  #17 0x000000000070829c in async_sigterm_handler (arg\u003d0x0)\n      at gdb/event-top.c:1141\n\nMy colleague, Andrew Burgess, has done some recent work on other\nproblems with detach.  Upon hearing of this problem, he came up a test\ncase which reliably reproduces the problem and tests for a few other\nproblems as well.  In addition to testing detach when the inferior has\nterminated due to a signal, it also tests detach when the inferior has\nexited normally.  Andrew observed that the linux-native-only\n\"checkpoint\" command would be affected too, so the test also tests\nthose cases when there\u0027s an active checkpoint.\n\nFor the LWP exit / termination case with no checkpoint, that\u0027s handled\nvia newly added checks of the waitstatus in detach_one_lwp in\nlinux-nat.c.\n\nFor the checkpoint detach problem, I chose to pass the lwp_info\nto linux_fork_detach in linux-fork.c.  With that in place, suitable\ntests were added before attempting a PTRACE_DETACH operation.\n\nI added a few asserts at the beginning of linux_fork_detach and\nmodified the caller code so that the newly added asserts shouldn\u0027t\ntrigger.  (That\u0027s what the \u0027pid \u003d\u003d inferior_ptid.pid\u0027 check is about\nin gdb/linux-nat.c.)\n\nLastly, I\u0027ll note that the checkpoint code needs some work with regard\nto background execution.  This patch doesn\u0027t attempt to fix that\nproblem, but it doesn\u0027t make it any worse.  It does slightly improve\nthe situation with detach because, due to the check noted above,\nlinux_fork_detach() won\u0027t be called for the wrong inferior when there\nare multiple inferiors.  (There are at least two other problems with\nthe checkpoint code when there are multiple inferiors.  See:\nhttps://sourceware.org/bugzilla/show_bug.cgi?id\u003d31065)\n\nThis commit also adds a new test,\ngdb.base/process-dies-while-detaching.exp.  Andrew Burgess is the\nprimary author of this test case.  Its design is similar to that of\ngdb.threads/main-thread-exit-during-detach.exp, which was also written\nby Andrew.\n\nThis test checks that GDB correctly handles several cases that can\noccur when GDB attempts to detach an inferior process.  The process\ncan exit or be terminated (e.g.  via SIGKILL) prior to GDB\u0027s event\nloop getting a chance to remove it from GDB\u0027s internal data\nstructures.  To complicate things even more, detach works differently\nwhen a checkpoint (created via GDB\u0027s \"checkpoint\" command) exists for\nthe inferior.  This test checks all four possibilities: process exit\nwith no checkpoint, process termination with no checkpoint, process\nexit with a checkpoint, and process termination with a checkpoint.\n\nCo-Authored-By: Andrew Burgess \u003caburgess@redhat.com\u003e\nApproved-By: Andrew Burgess \u003caburgess@redhat.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "39c3a6b34489b0eabb9388190e1744d7ed2b9cd8",
      "old_mode": 33188,
      "old_path": "gdb/linux-fork.c",
      "new_id": "1430ff89fa73e5e90f1b3ae897a94e745e2e03c2",
      "new_mode": 33188,
      "new_path": "gdb/linux-fork.c"
    },
    {
      "type": "modify",
      "old_id": "5a593fca91e147cf83b62e8ac05cf69437c62e1a",
      "old_mode": 33188,
      "old_path": "gdb/linux-fork.h",
      "new_id": "e335fb2437864a343684e9b0400875b1360a552f",
      "new_mode": 33188,
      "new_path": "gdb/linux-fork.h"
    },
    {
      "type": "modify",
      "old_id": "1c469064cb0d2343d800735b6ff6d721d7f8826d",
      "old_mode": 33188,
      "old_path": "gdb/linux-nat.c",
      "new_id": "4eaad13c75a214eaa0f2cbc1fc815f3405caa056",
      "new_mode": 33188,
      "new_path": "gdb/linux-nat.c"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "2d9cca91e2f7033c6694ee095d47bcaa9f914130",
      "new_mode": 33188,
      "new_path": "gdb/testsuite/gdb.base/kill-during-detach.c"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "26028d5fc34448cb34793577e8ed166102092cc4",
      "new_mode": 33188,
      "new_path": "gdb/testsuite/gdb.base/kill-during-detach.exp"
    }
  ]
}