Discussion:
GDB Crashes with V8 & JIT debugging
(too old to reply)
Wilfried Goesgens
2014-10-22 09:08:42 UTC
Permalink
Hi everyone,
I'm trying to get javascript V8 function names displayed in gdb while
running arangodb as described here:

https://code.google.com/p/v8/wiki/GDBJITInterface

I'm doing this with the devel-branch of:
https://github.com/triAGENS/ArangoDB

which compiles its own V8.
I experienced GDB crashes with the 7.7 in debian jessie, I compiled 7.8
from experimental, the problem persists.

I'm configuring arangodb with:

export CFLAGS="-O0 -ggdb -DENABLE_GDB_JIT_INTERFACE";export
CXXFLAGS="-O0 -ggdb -DENABLE_GDB_JIT_INTERFACE"; ./configure
--enable-relative --enable-maintainer-mode --enable-all-in-one-icu
--with-backtrace

then compile using gcc (Debian 4.9.1-16) 4.9.1

Now try to run it in GDB with the JIT-Facility in V8 enabled:

mkdir /var/tmp/data
gdb
GNU gdb (Debian 7.8-1) 7.8
...
gdb> file bin/arangod
Reading symbols from bin/arangod...done.
gdb> run /var/tmp/data/ --console --no-server --javascript.gc-frequency
1000000 --javascript.gc-interval 65536 --server.threads=1
--scheduler.threads=1 --javascript.v8-options="--gdbjit"
Starting program: /local/home/willi/src/ArangoAql2/bin/arangod
/var/tmp/data/ --console --no-server --javascript.gc-frequency 1000000
--javascript.gc-interval 65536 --server.threads=1 --scheduler.threads=1
--javascript.v8-options="--gdbjit"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
2014-10-22T08:52:05Z [14749] INFO ArangoDB 2.3.0-devel 64bit maintainer
mode -- ICU 52.1, V8 3.16.14, OpenSSL 1.0.1i 6 Aug 2014
.....
2014-10-22T08:52:06Z [14749] INFO JavaScript using startup './js',
application './js/apps'
2014-10-22T08:52:06Z [14749] INFO using V8 options '--gdbjit'
[New Thread 0x7ffff7ff7700 (LWP 14761)]
Dwarf Error: Could not find abbrev number 118 [in module <in-memory>]
Dwarf Error: Could not find abbrev number 267968 [in module <in-memory>]
Dwarf Error: Could not find abbrev number 58 [in module <in-memory>]
Dwarf Error: Could not find abbrev number 112 [in module <in-memory>]
<many similar errors>
Segmentation fault (core dumped)

So I had a look at the coredump... gdb'ing gdb:
gdb `which gdb` /var/tmp/core-gdb-14747-1413967926
Reading symbols from /usr/bin/gdb...Reading symbols from
/usr/lib/debug/.build-id/c0/bff72b24569dcc4faa261e4a4993b911eb2d5e.debug...done.
done.
[New LWP 14747]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `gdb'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 read_unsigned_leb128 (abfd=<optimized out>,
bytes_read_ptr=<optimized out>, buf=<optimized out>) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:16449
16449 byte = bfd_get_8 (abfd, buf);
gdb> bt full
#0 read_unsigned_leb128 (abfd=<optimized out>,
bytes_read_ptr=<optimized out>, buf=<optimized out>) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:16449
byte = <optimized out>
result = <optimized out>
num_read = <optimized out>
shift = <optimized out>
#1 peek_die_abbrev (info_ptr=***@entry=0x7f06d19 <error: Cannot
access memory at address 0x7f06d19>,
bytes_read=***@entry=0x7fffaf10a6d4, cu=0x7ea0f00, cu=0x7ea0f00)
at /local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:7118
abfd = <optimized out>
abbrev_number = <optimized out>
#2 0x00000000005f97ab in skip_children
(reader=***@entry=0x7fffaf10a900, info_ptr=0x7f06d19 <error: Cannot
access memory at address 0x7f06d19>, ***@entry=0x7eb8219
"\004__myenv__") at /local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:7146
cu = 0x7ea0f00
abbrev = <optimized out>
bytes_read = 1
#3 0x00000000006052c5 in locate_pdi_sibling (info_ptr=<optimized out>,
orig_pdi=0x7ee1c90, reader=0x7fffaf10a900) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:7307
info_ptr = 0x7eb8219 "\004__myenv__"
orig_pdi = 0x7ee1c90
reader = 0x7fffaf10a900
#4 load_partial_dies (reader=0x7fffaf10a900, info_ptr=<optimized out>,
building_psymtab=<optimized out>) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:15461
cu = <optimized out>
objfile = <optimized out>
part_die = 0x7ee1d00
parent_die = <optimized out>
last_die = 0x7ee1c90
first_die = 0x7fff00000001
abbrev = <optimized out>
bytes_read = 1
load_all = <optimized out>
nesting_level = <optimized out>
__PRETTY_FUNCTION__ = "load_partial_dies"
#5 0x0000000000607cb9 in process_psymtab_comp_unit_reader
(reader=0x7fffaf10a900, info_ptr=0x7fffaf10a6d4 "\001",
comp_unit_die=0x7ee1960, has_children=132779856, data=0x2,
***@entry=0x7fffaf10a980) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:5911
first_die = 0x7f06d19
lowpc = 18446744073709551615
highpc = 0
cu = 0x7ea0f00
objfile = 0x7ea12a0
baseaddr = 0
best_lowpc = 49377499982304
best_highpc = 49377499982976
pst = 0x7ed3d90
has_pc_info = 2
filename = 0x7fffaf10a6d4 "\001"
__PRETTY_FUNCTION__ = "process_psymtab_comp_unit_reader"
#6 0x0000000000600349 in init_cutu_and_read_dies
(this_cu=***@entry=0x7ed3d40, abbrev_table=***@entry=0x0,
use_existing_cu=***@entry=0, keep=***@entry=0,
die_reader_func=***@entry=0x607900
<process_psymtab_comp_unit_reader>, data=***@entry=0x7fffaf10a980) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:5529
objfile = <optimized out>
section = <optimized out>
abfd = <optimized out>
cu = 0x7ea0f00
begin_info_ptr = <optimized out>
info_ptr = 0x7eb81f8 "\003\bv8value"
reader = {abfd = 0x7ea1560, cu = 0x7ea0f00, dwo_file = 0x0,
die_section = 0x7ed3ab0, buffer = 0x7eb8190 "7\002", buffer_end =
0x7eb83cb "\004", comp_dir = 0x0}
comp_unit_die = 0x7ee1960
has_children = 1
attr = <optimized out>
cleanups = 0x4acf010
free_cu_cleanup = <optimized out>
sig_type = <optimized out>
__PRETTY_FUNCTION__ = "init_cutu_and_read_dies"
#7 0x0000000000603091 in process_psymtab_comp_unit (this_cu=0x7ed3d40,
want_partial_unit=0, pretend_language=language_minimal) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:5998
info = {want_partial_unit = 0, pretend_language = language_minimal}
#8 0x0000000000612349 in dwarf2_build_psymtabs_hard (objfile=0x7ea12a0)
at /local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:6397
per_cu = <optimized out>
back_to = 0x7e9f620
addrmap_cleanup = 0x4b2fdc0
temp_obstack = {chunk_size = 4064, chunk = 0x7ee0960,
object_base = 0x7ee0a30 "", next_free = 0x7ee0a30 "", chunk_limit =
0x7ee1940 "", temp = 2921728485028692480, alignment_mask = 15, chunkfun
= 0x69c690 <xmalloc>, freefun = 0x69c760 <xfree>, extra_arg =
0x288c1093c0468200, use_extra_arg = 0, maybe_empty_object = 0,
alloc_failed = 0}
i = 0
#9 dwarf2_build_psymtabs (objfile=0x7ea12a0) at
/local/home/willi/src/deb/gdb-7.8/gdb/dwarf2read.c:4173
cleanups = 0x7a3400 <sentinel_cleanup>
except = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
#10 0x000000000057d37e in require_partial_symbols
(objfile=***@entry=0x7ea12a0, verbose=***@entry=0) at
/local/home/willi/src/deb/gdb-7.8/gdb/psymtab.c:92
No locals.
#11 0x00000000005825d4 in read_symbols (objfile=***@entry=0x7ea12a0,
add_flags=***@entry=0) at
/local/home/willi/src/deb/gdb-7.8/gdb/symfile.c:902
No locals.
#12 0x0000000000582158 in syms_from_objfile_1 (add_flags=0,
addrs=0x48891d0, objfile=0x7ea12a0) at
/local/home/willi/src/deb/gdb-7.8/gdb/symfile.c:1080
local_addr = 0x0
old_chain = 0x7d3fae0
mainline = 0
#13 syms_from_objfile (add_flags=0, addrs=0x48891d0, objfile=0x7ea12a0)
at /local/home/willi/src/deb/gdb-7.8/gdb/symfile.c:1096
No locals.
#14 symbol_file_add_with_addrs (abfd=***@entry=0x7ea1560,
name=<optimized out>, add_flags=***@entry=0,
addrs=***@entry=0x48891d0, flags=***@entry=66,
parent=***@entry=0x0) at
/local/home/willi/src/deb/gdb-7.8/gdb/symfile.c:1193
objfile = 0x7ea12a0
from_tty = 0
mainline = 0
should_print = <optimized out>
#15 0x0000000000582625 in symbol_file_add_from_bfd
(abfd=***@entry=0x7ea1560, name=<optimized out>,
add_flags=***@entry=0, addrs=***@entry=0x48891d0,
flags=***@entry=66, parent=***@entry=0x0) at
/local/home/willi/src/deb/gdb-7.8/gdb/symfile.c:1282
No locals.
#16 0x0000000000699302 in jit_bfd_try_read_symtab (code_entry=<optimized
out>, code_entry=<optimized out>, gdbarch=<optimized out>,
entry_addr=50657840) at /local/home/willi/src/deb/gdb-7.8/gdb/jit.c:931
sai = 0x48891d0
sec = 0x0
objfile = <optimized out>
i = <optimized out>
old_cleanups = 0x0
b = <optimized out>
#17 jit_register_code (gdbarch=<optimized out>, entry_addr=50657840,
code_entry=<optimized out>) at
/local/home/willi/src/deb/gdb-7.8/gdb/jit.c:959
success = <optimized out>
#18 0x0000000000699850 in jit_event_handler (gdbarch=0x3b0af30) at
/local/home/willi/src/deb/gdb-7.8/gdb/jit.c:1412
descriptor = {version = 1, action_flag = 1, relevant_entry =
50657840, first_entry = 50657840}
code_entry = {next_entry = 51697840, prev_entry = 0,
symfile_addr = 50657872, symfile_size = 1896}
entry_addr = 50657840
objf = <optimized out>
#19 0x000000000053c85a in handle_jit_event () at
/local/home/willi/src/deb/gdb-7.8/gdb/breakpoint.c:5615
frame = <optimized out>
gdbarch = <optimized out>
#20 bpstat_what (bs_head=0x7e3e1e0) at
/local/home/willi/src/deb/gdb-7.8/gdb/breakpoint.c:5796
retval = {main_action = BPSTAT_WHAT_SINGLE, call_dummy =
STOP_NONE, is_longjmp = 0}
jit_event = <optimized out>
bs = <optimized out>
#21 0x0000000000598e64 in process_event_stop_test
(ecs=***@entry=0x7fffaf10b210) at
/local/home/willi/src/deb/gdb-7.8/gdb/infrun.c:4349
stop_pc_sal = <optimized out>
frame = <optimized out>
gdbarch = <optimized out>
jmp_buf_pc = 0
what = <optimized out>
__PRETTY_FUNCTION__ = "process_event_stop_test"
#22 0x000000000059b0b8 in handle_inferior_event (ecs=0x7fffaf10b210) at
/local/home/willi/src/deb/gdb-7.8/gdb/infrun.c:3446
regcache = <optimized out>
#23 0x000000000059d4c2 in fetch_inferior_event
(client_data=***@entry=0x0) at
/local/home/willi/src/deb/gdb-7.8/gdb/infrun.c:2921
ecss = {ptid = {pid = 14749, lwp = 14749, tid = 0},
event_thread = 0x2615e60, ws = {kind = TARGET_WAITKIND_STOPPED, value =
{integer = 5, sig = GDB_SIGNAL_TRAP, related_pid = {pid = 5, lwp = 0,
tid = 0}, execd_pathname = 0x5 <error: Cannot access memory at address
0x5>, syscall_number = 5}}, stop_func_filled_in = 0, stop_func_start =
0, stop_func_end = 0, stop_func_name = 0x0, wait_some_more = 0,
stepped_after_stopped_by_watchpoint = 0, hit_singlestep_breakpoint = 0}
ecs = 0x7fffaf10b210
old_chain = 0x7a3400 <sentinel_cleanup>
ts_old_chain = 0x21f0f00
was_sync = 1
cmd_done = 0
#24 0x00000000005b40b2 in inferior_event_handler
(event_type=INF_REG_EVENT, client_data=0x0) at
/local/home/willi/src/deb/gdb-7.8/gdb/inf-loop.c:58
ex = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
cleanup_if_error = 0x7a3400 <sentinel_cleanup>
#25 0x00000000005b2181 in process_event () at
/local/home/willi/src/deb/gdb-7.8/gdb/event-loop.c:343
event_ptr = <optimized out>
proc = 0x5b1680 <handle_file_event>
data = {ptr = 0x7, integer = 7}
#26 0x00000000005b257a in gdb_do_one_event () at
/local/home/willi/src/deb/gdb-7.8/gdb/event-loop.c:395
event_source_head = 0
current = 3
#27 0x00000000005b27ee in start_event_loop () at
/local/home/willi/src/deb/gdb-7.8/gdb/event-loop.c:432
ex = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
result = 0
#28 0x00000000005abb13 in captured_command_loop (data=***@entry=0x0) at
/local/home/willi/src/deb/gdb-7.8/gdb/main.c:302
No locals.
#29 0x00000000005a8c1a in catch_errors (func=***@entry=0x5abb00
<captured_command_loop>, func_args=***@entry=0x0,
errstring=***@entry=0x762bc9 "", mask=***@entry=RETURN_MASK_ALL)
at /local/home/willi/src/deb/gdb-7.8/gdb/exceptions.c:506
val = 0
exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
saved_uiout = 0x23b40c0
#30 0x00000000005acb86 in captured_main (data=***@entry=0x7fffaf10b580)
at /local/home/willi/src/deb/gdb-7.8/gdb/main.c:1155
argc = <optimized out>
argv = <optimized out>
quiet = 0
set_args = 0
inhibit_home_gdbinit = 0
symarg = 0x0
execarg = 0x0
pidarg = 0x0
corearg = 0x0
pid_or_core_arg = 0x0
cdarg = 0x0
ttyarg = 0x0
print_help = 0
print_version = 0
print_configuration = 0
cmdarg_vec = 0x0
cmdarg_p = 0x0
dirarg = 0x21d6e80
dirsize = <optimized out>
ndir = <optimized out>
system_gdbinit = 0x23366a0 "/etc/gdb/gdbinit"
home_gdbinit = 0x2336260 "/local/home/willi/.gdbinit"
local_gdbinit = 0x0
i = <optimized out>
save_auto_load = <optimized out>
objfile = <optimized out>
pre_stat_chain = 0x7a3400 <sentinel_cleanup>
#31 0x00000000005a8c1a in catch_errors (func=***@entry=0x5ac120
<captured_main>, func_args=***@entry=0x7fffaf10b580,
errstring=***@entry=0x762bc9 "", mask=***@entry=RETURN_MASK_ALL)
at /local/home/willi/src/deb/gdb-7.8/gdb/exceptions.c:506
val = 0
exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
saved_uiout = 0xbac840 <def_uiout>
#32 0x00000000005ad05b in gdb_main (args=***@entry=0x7fffaf10b580) at
/local/home/willi/src/deb/gdb-7.8/gdb/main.c:1163
No locals.
#33 0x0000000000457345 in main (argc=<optimized out>, argv=<optimized
out>) at /local/home/willi/src/deb/gdb-7.8/gdb/gdb.c:33
args = {argc = 1, argv = 0x7fffaf10b688, interpreter_p =
0x756144 "console"}

Any hints what else I should do to resolve this are welcome.

After over a decade of using GDB on a daily basis my first serious issue ;-)

Cheers

Willi
Jan Kratochvil
2014-10-22 19:08:23 UTC
Permalink
Post by Wilfried Goesgens
https://code.google.com/p/v8/wiki/GDBJITInterface
[...]
Post by Wilfried Goesgens
Dwarf Error: Could not find abbrev number 118 [in module <in-memory>]
Dwarf Error: Could not find abbrev number 267968 [in module <in-memory>]
Dwarf Error: Could not find abbrev number 58 [in module <in-memory>]
Dwarf Error: Could not find abbrev number 112 [in module <in-memory>]
<many similar errors>
Segmentation fault (core dumped)
GDB dwarf2read.c is not safe against invalid DWARF, it can easily overrun the
input buffers and crash - a sort of DoS. The JIT DWARF generator is probably
buggy (which suggest also the "Could not find abbrev" messages above), for GDB
it is (*) sort-of not a bug.

(*) probably; GDB could have some DWARF reading bug but I find it improbable
for this case.


Jan

Loading...