Saving a binary after analysis freezes R2 #11098
Comments
|
Can you attach a debugger and show the backtrace qhere is hanging? Not eating cpu at all?
… On 15 Aug 2018, at 09:43, Abdullah Obaied ***@***.***> wrote:
Work environment
Questions Answers
OS/arch/bits (mandatory) ArchLinux / ARM 64
File format of the file you reverse (mandatory) ELF
Architecture/bits of the file (mandatory) x86/32.
r2 -v full output, not truncated (mandatory) radare2 2.9.0-git 19018 @ linux-x86-64 git.2.8.0-14-gb8de51270 commit: b8de512 build: 2018-08-09__10:12:00
Analyzing a binary in a saved project, quitting R2, and then reloading the project causes R2 to freeze. I don't really know the proper flow of handling a project, but I basically tried to follow what R2-explorations mentions: https://monosource.gitbooks.io/radare2-explorations/content/intro/projects.html
Am I doing something really funky wrong here?
Steps to reproduce the behavior
I've made a small R2R PR to reproduce the steps: https://github.com/Obaied/radare2-regressions/tree/bug_bin_debugging
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
There you go The sequence of command was as such: I kept hitting |
|
its not freezing, just taking a lot of time because the sdb-array api is abused from meta and that causes the slowdown. we probably need a better data structure to save all metadata
… On 17 Aug 2018, at 13:13, Abdullah Obaied ***@***.***> wrote:
There you go
>>> backtrace
#0 0x00007ffff3fbf1f3 in sdb_array_contains (s=0x5555557faef0, key=0x7fffffffc1a0 "range.0x2c", val=0x7fffffffc100 "0x2ce08", cas=0x0) at array.c:511
#1 0x00007ffff3fbe447 in sdb_array_add (s=0x5555557faef0, key=0x7fffffffc1a0 "range.0x2c", val=0x7fffffffc100 "0x2ce08", cas=0) at array.c:226
#2 0x00007ffff3fbe401 in sdb_array_add_num (s=0x5555557faef0, key=0x7fffffffc1a0 "range.0x2c", val=183816, cas=0) at array.c:221
#3 0x00007ffff6501d06 in meta_inrange_add (a=0x5555557ea850, addr=183816, size=4) at meta.c:62
#4 0x00007ffff65031bc in meta_add (a=0x5555557ea850, type=116, subtype=0, from=183816, to=183820, str=0x7fffffffcc50 "0x000100af") at meta.c:382
#5 0x00007ffff650321b in r_meta_add (a=0x5555557ea850, type=116, from=183816, to=183820, str=0x7fffffffcc50 "0x000100af") at meta.c:387
#6 0x00007ffff7c421c6 in cmd_meta_others (core=0x55555575e580 <r>, input=0x555555cf3e31 "t 4 0x000100af") at cmd_meta.c:774
#7 0x00007ffff7c42b56 in cmd_meta (data=0x55555575e580 <r>, input=0x555555cf3e31 "t 4 0x000100af") at cmd_meta.c:961
#8 0x00007ffff7cc8527 in r_cmd_call (cmd=0x55555585e860, input=0x555555cf3e30 "Ct 4 0x000100af") at cmd_api.c:237
#9 0x00007ffff7c7e78a in r_core_cmd_subst_i (core=0x55555575e580 <r>, cmd=0x555555cf3e30 "Ct 4 0x000100af", colon=0x0, tmpseek=0x7fffffffd266) at cmd.c:2899
#10 0x00007ffff7c7b2ea in r_core_cmd_subst (core=0x55555575e580 <r>, cmd=0x555555cf3e30 "Ct 4 0x000100af") at cmd.c:1928
#11 0x00007ffff7c80eef in r_core_cmd (core=0x55555575e580 <r>, cstr=0x55555dbbb172 "Ct 4 0x000100af # arg3", log=0) at cmd.c:3603
#12 0x00007ffff7c81114 in r_core_cmd_lines (core=0x55555575e580 <r>, lines=0x55555daf6690 "# r2 rdb project file\n# flags\nfs symbols\nf main 4237 0x000035c0 \nf entry0 43 0x00005000 \nf entry1.init 10 0x00005100 \nf entry2.fini 50 0x000050c0 \nfs sections\nf section. 0 0x00000000 \nf section_end. 0"...) at cmd.c:3657
#13 0x00007ffff7c81273 in r_core_cmd_file (core=0x55555575e580 <r>, file=0x55555901b9c0 "/home/cheese/.local/share/radare2/projects/aaa/rc") at cmd.c:3694
#14 0x00007ffff7cdc822 in r_core_project_load (core=0x55555575e580 <r>, prjName=0x55555d9c86b3 "aaa", rcpath=0x55555901b9c0 "/home/cheese/.local/share/radare2/projects/aaa/rc") at project.c:907
#15 0x00007ffff7cdb335 in r_core_project_open (core=0x55555575e580 <r>, prjfile=0x55555d9c86b3 "aaa", thready=false) at project.c:467
#16 0x00007ffff7c159ac in cmd_project (data=0x55555575e580 <r>, input=0x55555d9c86b1 "o aaa") at cmd_project.c:78
#17 0x00007ffff7cc8527 in r_cmd_call (cmd=0x55555585e860, input=0x55555d9c86b0 "Po aaa") at cmd_api.c:237
#18 0x00007ffff7c7e78a in r_core_cmd_subst_i (core=0x55555575e580 <r>, cmd=0x55555d9c86b0 "Po aaa", colon=0x0, tmpseek=0x7fffffffd906) at cmd.c:2899
#19 0x00007ffff7c7b2ea in r_core_cmd_subst (core=0x55555575e580 <r>, cmd=0x55555d9c86b0 "Po aaa") at cmd.c:1928
#20 0x00007ffff7c80eef in r_core_cmd (core=0x55555575e580 <r>, cstr=0x55555da7e990 "Po aaa", log=1) at cmd.c:3603
#21 0x00007ffff7be8bcb in r_core_prompt_exec (r=0x55555575e580 <r>) at core.c:2465
#22 0x000055555555b682 in main (argc=2, argv=0x7fffffffddf8, envp=0x7fffffffde10) at radare2.c:1380
The sequence of command was as such:
$ gdb --args r2 /bin/ls
> aaa
> Ps hi
> Po hi
Freeze...
I kept hitting ctrl-c to get back to gdb and then back to the execution with continue. It looks like r_meta_add() in meta.c is the culprit here.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#11098 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-lkLJ0ILlO6-nipX2jkPQ96Ppni9yks5uRqVHgaJpZM4V9seS>.
|
|
I can reproduce this on Arch as well. Probably worth noting that I've waited for minutes on end without it loading, and radare uses 100% CPU on one core. |
|
Just show the backtrace with a debugger. R1 is single threaded. Wouldnt expect it to eat more than one cpu
… On 6 Oct 2018, at 22:21, Ian Huang ***@***.***> wrote:
I can reproduce this as well. Probably worth noting that I've waited for minutes on end without it loading, and radare uses 100% CPU on one core.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
This is my backtrace from running cutter in gdb and attempting to load a project: Fortunately the line number at the end isn't constant; if I wait a little while longer and then do another backtrace main() jumps back up to 49. |
|
seems like its doing things, but abusing sdb_array is a bad idea, so thats probably the reason why its taking that much time
… On 7 Oct 2018, at 20:11, Ian Huang ***@***.***> wrote:
This is my backtrace from running cutter in gdb and attempting to load a project:
(gdb) bt full
#0 0x00007ffff74bbef3 in ht_find_kv () at /usr/lib/libr_util.so
#1 0x00007ffff74bc286 in sdb_ht_find_kvp () at /usr/lib/libr_util.so
#2 0x00007ffff74c497d in sdb_const_get_len () at /usr/lib/libr_util.so
#3 0x00007ffff74c4b3e in sdb_const_get () at /usr/lib/libr_util.so
#4 0x00007ffff74c9cd1 in sdb_array_contains () at /usr/lib/libr_util.so
#5 0x00007ffff74c8f6c in sdb_array_add () at /usr/lib/libr_util.so
#6 0x00007ffff7b8b66f in () at /usr/lib/libr_anal.so
#7 0x00007ffff7e6b31b in () at /usr/lib/libr_core.so
#8 0x00007ffff7e6bde8 in () at /usr/lib/libr_core.so
#9 0x00007ffff7ee0ca5 in r_cmd_call () at /usr/lib/libr_core.so
#10 0x00007ffff7eabee3 in () at /usr/lib/libr_core.so
#11 0x00007ffff7e65cfd in () at /usr/lib/libr_core.so
#12 0x00007ffff7e66348 in r_core_cmd () at /usr/lib/libr_core.so
#13 0x00007ffff7e66641 in r_core_cmd_lines () at /usr/lib/libr_core.so
#14 0x00007ffff7e667d9 in r_core_cmd_file () at /usr/lib/libr_core.so
#15 0x00007ffff7eef617 in r_core_project_load () at /usr/lib/libr_core.so
#16 0x00007ffff7eefbe6 in r_core_project_open () at /usr/lib/libr_core.so
#17 0x00007ffff7e5e4ce in () at /usr/lib/libr_core.so
#18 0x00007ffff7ee0ca5 in r_cmd_call () at /usr/lib/libr_core.so
#19 0x00007ffff7eabee3 in () at /usr/lib/libr_core.so
#20 0x00007ffff7e65cfd in () at /usr/lib/libr_core.so
#21 0x00007ffff7e66348 in r_core_cmd () at /usr/lib/libr_core.so
#22 0x00007ffff7e858f0 in r_core_cmd_str () at /usr/lib/libr_core.so
#23 0x0000555555611abf in CutterCore::cmd(QString const&) ()
#24 0x000055555561780d in CutterCore::openProject(QString const&) ()
#25 0x0000555555652b77 in MainWindow::openProject(QString const&) ()
#26 0x000055555566a8af in NewFileDialog::loadProject(QString const&) ()
#27 0x000055555566a9f4 in NewFileDialog::on_loadProjectButton_clicked() ()
#28 0x0000555555716301 in NewFileDialog::qt_metacall(QMetaObject::Call, int, void**) ()
#29 0x00007ffff61d3b4d in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/libQt5Core.so.5
#30 0x00007ffff6c0e803 in QAbstractButton::clicked(bool) () at /usr/lib/libQt5Widgets.so.5
#31 0x00007ffff6c0ea1c in () at /usr/lib/libQt5Widgets.so.5
#32 0x00007ffff6c0fe12 in () at /usr/lib/libQt5Widgets.so.5
#33 0x00007ffff6c0ffe6 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () at /usr/lib/libQt5Widgets.so.5
#34 0x00007ffff6b63658 in QWidget::event(QEvent*) () at /usr/lib/libQt5Widgets.so.5
#35 0x00007ffff6b23e14 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#36 0x00007ffff6b2b92a in QApplication::notify(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#37 0x00007ffff61a9c39 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#38 0x00007ffff6b2ac11 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) ()
at /usr/lib/libQt5Widgets.so.5
#39 0x00007ffff6b7e98c in () at /usr/lib/libQt5Widgets.so.5
#40 0x00007ffff6b815d5 in () at /usr/lib/libQt5Widgets.so.5
#41 0x00007ffff6b23e14 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#42 0x00007ffff6b2b6e1 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#43 0x00007ffff61a9c39 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#44 0x00007ffff65520dc in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () at /usr/lib/libQt5Gui.so.5
#45 0x00007ffff6554066 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () at /usr/lib/libQt5Gui.so.5
#46 0x00007ffff652da3c in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Gui.so.5
#47 0x00007fffe0102e1d in () at /usr/lib/libQt5XcbQpa.so.5
#48 0x00007ffff61a88cc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#49 0x00007ffff61b0bc6 in QCoreApplication::exec() () at /usr/lib/libQt5Core.so.5
#50 0x000055555560c875 in main ()
Fortunately the line number at the end isn't constant; if I wait a little while longer and then do another backtrace main() jumps back up to 49.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#11098 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-lmxzQCtUTS6mMQMtTRF-hLa_bARoks5uikPKgaJpZM4V9seS>.
|
|
This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of radare2. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically closed because marked as stale and it has not been updated since then. If the issue is still relevant, feel free to re-open it or open a new one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Work environment
Analyzing a binary in a saved project, quitting R2, and then reloading the project causes R2 to freeze. I don't really know the proper flow of handling a project, but I basically tried to follow what R2-explorations mentions: https://monosource.gitbooks.io/radare2-explorations/content/intro/projects.html
Am I doing something really funky wrong here?
Steps to reproduce the behavior
I've made a small R2R PR to reproduce the steps: https://github.com/radare/radare2-regressions/pull/1435
The text was updated successfully, but these errors were encountered: