public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug gdb/10886] New: Crash of gdb 7.0 as shipped with Unbuntu 9.10, probably due to a double free.
@ 2009-11-02 12:03 andre dot poenitz at nokia dot com
2009-11-02 16:13 ` [Bug gdb/10886] " andre dot poenitz at nokia dot com
2009-11-09 17:43 ` ppluzhnikov at google dot com
0 siblings, 2 replies; 3+ messages in thread
From: andre dot poenitz at nokia dot com @ 2009-11-02 12:03 UTC (permalink / raw)
To: gdb-prs
"GNU gdb (GDB) 7.0-ubuntu\n"
"Copyright (C) 2009 Free Software Foundation, Inc.\n"
The crash is not 100% reproducible, but as at the same time there are "double
free" messages sometimes too, I think this is to be expected.
Program received signal SIGSEGV, Segmentation fault.
free_command_lines (lptr=0x9a6b708) at /tmp/gdb-7.0/gdb/cli/cli-script.c:1227
1227 if (l->body_count > 0)
(gdb) p l
$1 = (struct command_line *) 0x6168732f
(gdb) p *l
Cannot access memory at address 0x6168732f
(gdb) bt full
#0 free_command_lines (lptr=0x9a6b708) at /tmp/gdb-7.0/gdb/cli/cli-script.c:1227
l = 0x6168732f
next = 0x9a6b6e0
blist = 0x97dc858
i = <value optimized out>
#1 0x0811bafd in delete_breakpoint (bpt=0x9a6b6e0)
at /tmp/gdb-7.0/gdb/breakpoint.c:8005
b = 0x0
__PRETTY_FUNCTION__ = "delete_breakpoint"
#2 0x08093855 in do_my_cleanups (pmy_chain=0x8382850, old_chain=0x0)
at /tmp/gdb-7.0/gdb/utils.c:391
ptr = 0x97dc858
#3 0x08140db0 in print_command_1 (
exp=0xbfe77505 "(void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)",
inspect=0,
voidprint=<value optimized out>) at /tmp/gdb-7.0/gdb/printcmd.c:940
expr = 0xa27dd78
old_chain = 0x0
format = <value optimized out>
val = 0xa27df68
cleanup = 1
#4 0x080928f2 in execute_command (p=0xbfe7757a ")", from_tty=1)
at /tmp/gdb-7.0/gdb/top.c:453
arg = 0xbfe77505 "(void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)"
c = 0x9037610
flang = <value optimized out>
warned = 0
line = 0xbfe77500 "call (void*)dlopen(\"/home/berlin/[[some]].so\",
0x00002)"
#5 0x0816abb2 in catch_exception (uiout=0x904d958,
func=0x80ea980 <do_captured_execute_command>, func_args=0xbfe775b4, mask=6)
at /tmp/gdb-7.0/gdb/exceptions.c:462
exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
#6 0x080ea90e in safe_execute_command (data=0x0,
command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\",
0x00002)")
at /tmp/gdb-7.0/gdb/cli/cli-interp.c:130
e = {reason = -1075350056, error = 134821996,
message = 0x90c1980 "8\374\n\t\260,\t\b"}
args = {
command = 0xbfe77500 "call (void*)dlopen(\"/home/berlin/[[some]].so\",
0x00002)",
from_tty = 1}
#7 cli_interpreter_exec (data=0x0,
command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\",
0x00002)")
at /tmp/gdb-7.0/gdb/cli/cli-interp.c:110
old_stream = <value optimized out>
#8 0x0816ad1a in interp_exec (interp=0x904d9c0,
d1a in interp_exec (interp=0x904d9c0,
command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\",
0x00002)")
at /tmp/gdb-7.0/gdb/interps.c:326
No locals.
#9 0x080ef756 in mi_cmd_interpreter_exec (command=0x82bc96a "-interpreter-exec",
argv=0xbfe77684, argc=2) at /tmp/gdb-7.0/gdb/mi/mi-interp.c:206
e = {reason = 0, error = 3219617352,
message = 0x809666f
"\311\303\353\r\220\220\220\220\220\220\220\220\220\220\220\220\220U\211\345WVS\203\354\034\213u\f\213]\b\213}\020\200>\n\017\204\365\001"}
interp_to_use = 0x904d9c0
i = 1
old_chain = 0x90afc38
#10 0x080f02b1 in captured_mi_execute_command (uiout=0x904e0b8, data=0x90c19b8)
at /tmp/gdb-7.0/gdb/mi/mi-main.c:1232
argv = {0x82a3148 "console",
0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)"}
cleanup = 0x0
#11 0x0816abb2 in catch_exception (uiout=0x904e0b8,
func=0x80f0070 <captured_mi_execute_command>, func_args=0x90c19b8, mask=6)
at /tmp/gdb-7.0/gdb/exceptions.c:462
exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
#12 0x080efd38 in mi_execute_command (
cmd=0xa223b88 "41call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)",
from_tty=1)
at /tmp/gdb-7.0/gdb/mi/mi-main.c:1288
result = {reason = 4961420, error = 5882912,
message = 0x7e <Address 0x7e out of bounds>}
previous_ptid = {pid = 27808, lwp = 27808, tid = 0}
command = <value optimized out>
#13 0x080eecb6 in mi_execute_command_wrapper (
cmd=0xa223b88 "41call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)")
at /tmp/gdb-7.0/gdb/mi/mi-interp.c:251
No locals.
#14 0x0816ff89 in handle_file_event (data=...) at /tmp/gdb-7.0/gdb/event-loop.c:812
file_ptr = 0x909e928
mask = <value optimized out>
error_mask_returned = 0
#15 0x0816f7cb in process_event () at /tmp/gdb-7.0/gdb/event-loop.c:394
event_ptr = <value optimized out>
proc = 0x816ff10 <handle_file_event>
data = {ptr = 0x0, integer = 0}
#16 0x081704c6 in gdb_do_one_event (data=0x0) at /tmp/gdb-7.0/gdb/event-loop.c:447
event_source_head = 0
current = 3
#17 0x0816a993 in catch_errors (func=0x81703e0 <gdb_do_one_event>, func_args=0x0,
errstring=0x82b3b14 "", mask=6) at /tmp/gdb-7.0/gdb/exceptions.c:510
val = 0
exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0}
#18 0x0816fecc in start_event_loop () at /tmp/gdb-7.0/gdb/event-loop.c:483
gdb_result = 161920776
d1a in interp_exec (interp=0x904d9c0,
command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\",
0x00002)")
at /tmp/gdb-7.0/gdb/interps.c:326
No locals.
/home/berlin/[[some]].so is a real name, pointing do a valid, loadable shared
object
--
Summary: Crash of gdb 7.0 as shipped with Unbuntu 9.10, probably
due to a double free.
Product: gdb
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gdb
AssignedTo: unassigned at sourceware dot org
ReportedBy: andre dot poenitz at nokia dot com
CC: gdb-prs at sourceware dot org
GCC build triplet: i486-linux-gnu
GCC host triplet: i486-linux-gnu
GCC target triplet: i486-linux-gnu
http://sourceware.org/bugzilla/show_bug.cgi?id=10886
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug gdb/10886] Crash of gdb 7.0 as shipped with Unbuntu 9.10, probably due to a double free.
2009-11-02 12:03 [Bug gdb/10886] New: Crash of gdb 7.0 as shipped with Unbuntu 9.10, probably due to a double free andre dot poenitz at nokia dot com
@ 2009-11-02 16:13 ` andre dot poenitz at nokia dot com
2009-11-09 17:43 ` ppluzhnikov at google dot com
1 sibling, 0 replies; 3+ messages in thread
From: andre dot poenitz at nokia dot com @ 2009-11-02 16:13 UTC (permalink / raw)
To: gdb-prs
------- Additional Comments From andre dot poenitz at nokia dot com 2009-11-02 16:13 -------
I am raising Severity to "critical". Injection of code into the inferior is
badly affected.
After reading some of our own bugreports I have the impression that the bug
might already have been present in 6.8 but far less prominent.
--
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |critical
http://sourceware.org/bugzilla/show_bug.cgi?id=10886
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug gdb/10886] Crash of gdb 7.0 as shipped with Unbuntu 9.10, probably due to a double free.
2009-11-02 12:03 [Bug gdb/10886] New: Crash of gdb 7.0 as shipped with Unbuntu 9.10, probably due to a double free andre dot poenitz at nokia dot com
2009-11-02 16:13 ` [Bug gdb/10886] " andre dot poenitz at nokia dot com
@ 2009-11-09 17:43 ` ppluzhnikov at google dot com
1 sibling, 0 replies; 3+ messages in thread
From: ppluzhnikov at google dot com @ 2009-11-09 17:43 UTC (permalink / raw)
To: gdb-prs
------- Additional Comments From ppluzhnikov at google dot com 2009-11-09 17:43 -------
I can not reproduce this problem on a trivial test case.
Andre, could you perhaps provide more detailed instructions?
Note: if you link with -lmcheck, or set MALLOC_CHECK_=2, the intermittent crash
should become deterministic (if it is due to double free).
I can however make gdb-cvs crash on a trivial related example by executing:
cat t.c
int main() { return 0; }
cat foo.c
int foo() { return 42; }
gcc -g t.c -ldl && gcc -g -fPIC -shared -o foo.so foo.c
gdb64-cvs -nx ./a.out
GNU gdb (GDB) 7.0.50.20091109-cvs
...
Reading symbols from /tmp/gdb-pr10886/a.out...done.
(gdb) b main
Breakpoint 1 at 0x40048c: file t.c, line 1.
(gdb) r
Starting program: /tmp/gdb-pr10886/a.out
Breakpoint 1, main () at t.c:1
1 int main() { return 0; }
(gdb) print dlopen("./foo.so", 2)
$1 = 6295632
(gdb) b foo
Breakpoint 2 at 0x7ffff76794f0: file foo.c, line 1.
(gdb) c
Continuing.
Program exited normally.
(gdb) r
Starting program: /tmp/gdb-pr10886/a.out
Breakpoint 1, main () at t.c:1
1 int main() { return 0; }
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y 0x000000000040048c in main at t.c:1
breakpoint already hit 1 time
Segmentation fault (core dumped)
The crash is here:
(gdb) bt
#0 lookup_minimal_symbol_by_pc_section_1 (pc=140737344148720, section=0xd21390,
want_trampoline=<value optimized out>)
at ../../src/gdb/minsyms.c:488
#1 0x00000000004ff3e9 in find_pc_sect_symtab (pc=140737344148720,
section=0xd21390) at ../../src/gdb/symtab.c:2071
#2 0x00000000004fd117 in blockvector_for_pc_sect (pc=140737344148720,
section=0xd21390, pblock=0x7fff5d7d9df0, symtab=0x0)
at ../../src/gdb/block.c:106
#3 0x00000000004fd140 in block_for_pc_sect (pc=140737344148720,
section=0xd21390) at ../../src/gdb/block.c:182
#4 0x00000000004cd9f9 in find_pc_sect_function (pc=140737344148720,
section=0xd21390) at ../../src/gdb/blockframe.c:139
#5 0x00000000004d428d in print_breakpoint_location (b=0xcdf2d0, loc=0xcb6300,
loc_number=<value optimized out>,
last_loc=0x7fff5d7da038, print_address_bits=<value optimized out>,
allflag=0) at ../../src/gdb/breakpoint.c:3836
#6 print_one_breakpoint_location (b=0xcdf2d0, loc=0xcb6300, loc_number=<value
optimized out>, last_loc=0x7fff5d7da038,
print_address_bits=<value optimized out>, allflag=0) at
../../src/gdb/breakpoint.c:4053
#7 0x00000000004d4910 in print_one_breakpoint (b=0x7ffff76794f0, last_loc=0x0,
print_address_bits=64, allflag=0)
at ../../src/gdb/breakpoint.c:4225
#8 0x00000000004d4bf4 in breakpoint_1 (bnum=-1, allflag=0) at
../../src/gdb/breakpoint.c:4403
#9 0x000000000045cb3a in execute_command (p=0xa62a06 "", from_tty=1) at
../../src/gdb/top.c:453
...
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
http://sourceware.org/bugzilla/show_bug.cgi?id=10886
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-11-09 17:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-11-02 12:03 [Bug gdb/10886] New: Crash of gdb 7.0 as shipped with Unbuntu 9.10, probably due to a double free andre dot poenitz at nokia dot com
2009-11-02 16:13 ` [Bug gdb/10886] " andre dot poenitz at nokia dot com
2009-11-09 17:43 ` ppluzhnikov at google dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).