public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one
@ 2021-05-20 19:57 vries at gcc dot gnu.org
2021-05-20 23:03 ` [Bug symtab/27893] " vries at gcc dot gnu.org
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-05-20 19:57 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
Bug ID: 27893
Summary: [fission] segfault in dw2_expand_symtabs_matching_one
Product: gdb
Version: HEAD
Status: NEW
Severity: normal
Priority: P2
Component: symtab
Assignee: unassigned at sourceware dot org
Reporter: vries at gcc dot gnu.org
Target Milestone: ---
When running test-case gdb.base/jit-elf-so.exp with target board fission, I run
into:
...
(gdb) PASS: gdb.base/jit-elf-so.exp: one_jit_test-1: continue to breakpoint:
break here after-dlopen
break
/home/vries/gdb_versions/devel/src/gdb/testsuite/gdb.base/jit-elf-main.c:76^M
ERROR: GDB process no longer exists
GDB process exited with wait status 8504 exp9 0 0 CHILDKILLED SIGABRT SIGABRT
UNRESOLVED: gdb.base/jit-elf-so.exp: one_jit_test-1: setting breakpoint at
/home/vries/gdb_versions/devel/src/gdb/testsuite/gdb.base/jit-elf-main.c:76
(eof)
...
In more detail:
...
$ gdb --args gdb -q -batch -x ./outputs/gdb.base/jit-elf-so/gdb.in.1
...
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x000000000066f46c in dw2_expand_symtabs_matching_one(dwarf2_per_cu_data *,
dwarf2_per_objfile *, gdb::function_view<bool(char const*, bool)>,
gdb::function_view<bool(compunit_symtab*)>)
(per_cu=0x29b67a0, per_objfile=0x2442110, file_matcher=...,
expansion_notify=...)
at /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:4119
4119 if (file_matcher == NULL || per_cu->v.quick->mark)
(gdb)
...
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
@ 2021-05-20 23:03 ` vries at gcc dot gnu.org
2021-05-20 23:06 ` vries at gcc dot gnu.org
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-05-20 23:03 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #0)
> When running test-case gdb.base/jit-elf-so.exp with target board fission, I
> run into:
> ...
> (gdb) PASS: gdb.base/jit-elf-so.exp: one_jit_test-1: continue to breakpoint:
> break here after-dlopen
> break
> /home/vries/gdb_versions/devel/src/gdb/testsuite/gdb.base/jit-elf-main.c:76^M
> ERROR: GDB process no longer exists
> GDB process exited with wait status 8504 exp9 0 0 CHILDKILLED SIGABRT SIGABRT
> UNRESOLVED: gdb.base/jit-elf-so.exp: one_jit_test-1: setting breakpoint at
> /home/vries/gdb_versions/devel/src/gdb/testsuite/gdb.base/jit-elf-main.c:76
> (eof)
> ...
>
>
> In more detail:
> ...
> $ gdb --args gdb -q -batch -x ./outputs/gdb.base/jit-elf-so/gdb.in.1
> ...
> Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
> 0x000000000066f46c in dw2_expand_symtabs_matching_one(dwarf2_per_cu_data *,
> dwarf2_per_objfile *, gdb::function_view<bool(char const*, bool)>,
> gdb::function_view<bool(compunit_symtab*)>)
> (per_cu=0x29b67a0, per_objfile=0x2442110, file_matcher=...,
> expansion_notify=...)
> at /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:4119
> 4119 if (file_matcher == NULL || per_cu->v.quick->mark)
> (gdb)
> ...
And the segfault happens because file_matcher != NULL and per_cu->v.quick ==
NULL.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
2021-05-20 23:03 ` [Bug symtab/27893] " vries at gcc dot gnu.org
@ 2021-05-20 23:06 ` vries at gcc dot gnu.org
2021-05-20 23:29 ` vries at gcc dot gnu.org
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-05-20 23:06 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tromey at sourceware dot org
--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
Bisects to:
...
0d305d5c67e38a65f227e6604c0812797471ace6 is the first bad commit
commit 0d305d5c67e38a65f227e6604c0812797471ace6
Author: Tom Tromey <tom@tromey.com>
Date: Fri Apr 30 14:07:58 2021 -0600
Allocate dwarf2_per_cu_data with 'new'
...
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
2021-05-20 23:03 ` [Bug symtab/27893] " vries at gcc dot gnu.org
2021-05-20 23:06 ` vries at gcc dot gnu.org
@ 2021-05-20 23:29 ` vries at gcc dot gnu.org
2021-05-21 0:14 ` vries at gcc dot gnu.org
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-05-20 23:29 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #2)
> Bisects to:
> ...
> 0d305d5c67e38a65f227e6604c0812797471ace6 is the first bad commit
> commit 0d305d5c67e38a65f227e6604c0812797471ace6
> Author: Tom Tromey <tom@tromey.com>
> Date: Fri Apr 30 14:07:58 2021 -0600
>
> Allocate dwarf2_per_cu_data with 'new'
> ...
Hmm, I'm not really sure what happened there. Git bisect seems to have got it
wrong, things actually start to fail at the next commit:
...
commit 91eea9cc48a17763dae5a4f10eaa111c512ee2d0
Author: Tom Tromey <tom@tromey.com>
Date: Fri Apr 30 14:07:58 2021 -0600
Remove dwarf2_per_bfd::all_type_units
...
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (2 preceding siblings ...)
2021-05-20 23:29 ` vries at gcc dot gnu.org
@ 2021-05-21 0:14 ` vries at gcc dot gnu.org
2021-05-21 0:45 ` vries at gcc dot gnu.org
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-05-21 0:14 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
With address sanitizer we get a heap-use-after-free:
...
=================================================================
==7743==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300024b930
at pc 0x000000f955a0 bp 0x7fffb3ba4c40 sp 0x7fffb3ba4c38
READ of size 8 at 0x60300024b930 thread T0
#0 0xf9559f in std::__uniq_ptr_impl<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>::_M_ptr() const
/usr/include/c++/7/bits/unique_ptr.h:147
#1 0xf920b7 in std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>::get() const
/usr/include/c++/7/bits/unique_ptr.h:332
#2 0xff36eb in dwarf2_gdb_index::expand_symtabs_matching(objfile*,
gdb::function_view<bool (char const*, bool)>, lookup_name_info const*,
gdb::function_view<bool (char const*)>, gdb::function_view<bool
(compunit_symtab*)>, enum_flags<block_search_flag_values>, domain_enum_tag,
search_domain) /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:4337
#3 0x18b82a1 in objfile::map_symtabs_matching_filename(char const*, char
const*, gdb::function_view<bool (symtab*)>)
/home/vries/gdb_versions/devel/src/gdb/symfile-debug.c:182
#4 0x18f891a in iterate_over_symtabs(char const*, gdb::function_view<bool
(symtab*)>) /home/vries/gdb_versions/devel/src/gdb/symtab.c:558
#5 0x135d1e2 in collect_symtabs_from_filename
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3809
#6 0x135d4b6 in symtabs_from_filename
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3829
#7 0x13549cf in parse_linespec
/home/vries/gdb_versions/devel/src/gdb/linespec.c:2637
#8 0x13585e0 in event_location_to_sals
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3174
#9 0x1358de6 in decode_line_full(event_location*, int, program_space*,
symtab*, int, linespec_result*, char const*, char const*)
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3254
#10 0xcc2745 in parse_breakpoint_sals
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9217
#11 0xce1a0f in create_sals_from_location_default
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:13940
#12 0xcda23a in bkpt_create_sals_from_location
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:12743
#13 0xcc49c1 in create_breakpoint(gdbarch*, event_location*, char const*,
int, char const*, bool, int, int, bptype, int, auto_boolean, breakpoint_ops
const*, int, int, int, unsigned int)
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9493
#14 0xcc5eda in break_command_1
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9673
#15 0xcc672d in break_command(char const*, int)
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9743
#16 0xded99c in do_const_cfunc
/home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:102
#17 0xdf8363 in cmd_func(cmd_list_element*, char const*, int)
/home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:2188
#18 0x19d6edd in execute_command(char const*, int)
/home/vries/gdb_versions/devel/src/gdb/top.c:674
#19 0x11093cf in command_handler(char const*)
/home/vries/gdb_versions/devel/src/gdb/event-top.c:588
#20 0x19d5b15 in read_command_file(_IO_FILE*)
/home/vries/gdb_versions/devel/src/gdb/top.c:443
#21 0xe21e91 in script_from_file(_IO_FILE*, char const*)
/home/vries/gdb_versions/devel/src/gdb/cli/cli-script.c:1642
#22 0xdd9b78 in source_script_from_stream
/home/vries/gdb_versions/devel/src/gdb/cli/cli-cmds.c:705
#23 0xdd9e8c in source_script_with_search
/home/vries/gdb_versions/devel/src/gdb/cli/cli-cmds.c:750
#24 0xdd9fb4 in source_script(char const*, int)
/home/vries/gdb_versions/devel/src/gdb/cli/cli-cmds.c:759
#25 0x14032f5 in catch_command_errors
/home/vries/gdb_versions/devel/src/gdb/main.c:523
#26 0x1403808 in execute_cmdargs
/home/vries/gdb_versions/devel/src/gdb/main.c:615
#27 0x14069e6 in captured_main_1
/home/vries/gdb_versions/devel/src/gdb/main.c:1322
#28 0x1406f6e in captured_main
/home/vries/gdb_versions/devel/src/gdb/main.c:1343
#29 0x1407003 in gdb_main(captured_main_args*)
/home/vries/gdb_versions/devel/src/gdb/main.c:1368
#30 0xa9d13a in main /home/vries/gdb_versions/devel/src/gdb/gdb.c:32
#31 0x7fba4bd85349 in __libc_start_main (/lib64/libc.so.6+0x24349)
#32 0xa9cf49 in _start
(/home/vries/gdb_versions/devel/build/gdb/gdb+0xa9cf49)
0x60300024b930 is located 16 bytes inside of 32-byte region
[0x60300024b920,0x60300024b940)
freed by thread T0 here:
#0 0x7fba4ee28920 in operator delete(void*)
(/usr/lib64/libasan.so.4+0xde920)
#1 0x10c3b0d in
__gnu_cxx::new_allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >::deallocate(std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>*, unsigned long)
(/home/vries/gdb_versions/devel/build/gdb/gdb+0x10c3b0d)
#2 0x10b4a30 in
std::allocator_traits<std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >
>::deallocate(std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >&, std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>*, unsigned long)
(/home/vries/gdb_versions/devel/build/gdb/gdb+0x10b4a30)
#3 0x10a2a35 in std::_Vector_base<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>, std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >
>::_M_deallocate(std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>*, unsigned long)
/usr/include/c++/7/bits/stl_vector.h:180
#4 0x10a2ed1 in void std::vector<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>, std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >
>::_M_realloc_insert<signatured_type*>(__gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>, std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> > > >, signatured_type*&&)
/usr/include/c++/7/bits/vector.tcc:448
#5 0x10961d8 in void std::vector<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>, std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >
>::emplace_back<signatured_type*>(signatured_type*&&)
/usr/include/c++/7/bits/vector.tcc:105
#6 0xffd15c in add_type_unit
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:5899
#7 0xffe0da in lookup_dwo_signatured_type
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:6020
#8 0x102ac08 in queue_and_load_dwo_tu
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:12723
#9 0x22c6ee1 in htab_traverse_noresize
/home/vries/gdb_versions/devel/src/libiberty/hashtab.c:775
#10 0x102af68 in queue_and_load_all_dwo_tus
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:12759
#11 0xfe4611 in dw2_do_instantiate_symtab
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2252
#12 0xfe48a8 in dw2_instantiate_symtab
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2279
#13 0xff20e1 in dw2_expand_symtabs_matching_one
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:4124
#14 0xff371b in dwarf2_gdb_index::expand_symtabs_matching(objfile*,
gdb::function_view<bool (char const*, bool)>, lookup_name_info const*,
gdb::function_view<bool (char const*)>, gdb::function_view<bool
(compunit_symtab*)>, enum_flags<block_search_flag_values>, domain_enum_tag,
search_domain) /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:4337
#15 0x18b82a1 in objfile::map_symtabs_matching_filename(char const*, char
const*, gdb::function_view<bool (symtab*)>)
/home/vries/gdb_versions/devel/src/gdb/symfile-debug.c:182
#16 0x18f891a in iterate_over_symtabs(char const*, gdb::function_view<bool
(symtab*)>) /home/vries/gdb_versions/devel/src/gdb/symtab.c:558
#17 0x135d1e2 in collect_symtabs_from_filename
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3809
#18 0x135d4b6 in symtabs_from_filename
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3829
#19 0x13549cf in parse_linespec
/home/vries/gdb_versions/devel/src/gdb/linespec.c:2637
#20 0x13585e0 in event_location_to_sals
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3174
#21 0x1358de6 in decode_line_full(event_location*, int, program_space*,
symtab*, int, linespec_result*, char const*, char const*)
/home/vries/gdb_versions/devel/src/gdb/linespec.c:3254
#22 0xcc2745 in parse_breakpoint_sals
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9217
#23 0xce1a0f in create_sals_from_location_default
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:13940
#24 0xcda23a in bkpt_create_sals_from_location
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:12743
#25 0xcc49c1 in create_breakpoint(gdbarch*, event_location*, char const*,
int, char const*, bool, int, int, bptype, int, auto_boolean, breakpoint_ops
const*, int, int, int, unsigned int)
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9493
#26 0xcc5eda in break_command_1
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9673
#27 0xcc672d in break_command(char const*, int)
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:9743
#28 0xded99c in do_const_cfunc
/home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:102
#29 0xdf8363 in cmd_func(cmd_list_element*, char const*, int)
/home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:2188
previously allocated by thread T0 here:
#0 0x7fba4ee27c20 in operator new(unsigned long)
(/usr/lib64/libasan.so.4+0xddc20)
#1 0x10cf036 in
__gnu_cxx::new_allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >::allocate(unsigned long, void const*)
(/home/vries/gdb_versions/devel/build/gdb/gdb+0x10cf036)
#2 0x10c3ab9 in
std::allocator_traits<std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >
>::allocate(std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >&, unsigned long)
(/home/vries/gdb_versions/devel/build/gdb/gdb+0x10c3ab9)
#3 0x10b49cb in std::_Vector_base<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>, std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> > >::_M_allocate(unsigned long)
(/home/vries/gdb_versions/devel/build/gdb/gdb+0x10b49cb)
#4 0x10a2991 in std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>* std::vector<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>, std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> >
>::_M_allocate_and_copy<std::move_iterator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>*> >(unsigned long,
std::move_iterator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>*>,
std::move_iterator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>*>) /usr/include/c++/7/bits/stl_vector.h:1260
#5 0x1095e2f in std::vector<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter>, std::allocator<std::unique_ptr<dwarf2_per_cu_data,
dwarf2_per_cu_data_deleter> > >::reserve(unsigned long)
/usr/include/c++/7/bits/vector.tcc:73
#6 0xfe50cc in create_cus_from_index
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2362
#7 0xfe89fc in dwarf2_read_gdb_index
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2869
#8 0xffaf98 in dwarf2_initialize_objfile(objfile*)
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:5479
#9 0x10eec6c in elf_symfile_read
/home/vries/gdb_versions/devel/src/gdb/elfread.c:1258
#10 0x18c4c84 in read_symbols
/home/vries/gdb_versions/devel/src/gdb/symfile.c:771
#11 0x18c5ce9 in syms_from_objfile_1
/home/vries/gdb_versions/devel/src/gdb/symfile.c:967
#12 0x18c5eca in syms_from_objfile
/home/vries/gdb_versions/devel/src/gdb/symfile.c:984
#13 0x18c6dac in symbol_file_add_with_addrs
/home/vries/gdb_versions/devel/src/gdb/symfile.c:1087
#14 0x18c7991 in symbol_file_add_from_bfd(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/vries/gdb_versions/devel/src/gdb/symfile.c:1168
#15 0x184c978 in solib_read_symbols(so_list*, enum_flags<symfile_add_flag>)
/home/vries/gdb_versions/devel/src/gdb/solib.c:681
#16 0x184e2bd in solib_add(char const*, int, int)
/home/vries/gdb_versions/devel/src/gdb/solib.c:987
#17 0x1850580 in handle_solib_event()
/home/vries/gdb_versions/devel/src/gdb/solib.c:1261
#18 0xca976f in bpstat_stop_status(address_space const*, unsigned long,
thread_info*, target_waitstatus const*, bpstats*)
/home/vries/gdb_versions/devel/src/gdb/breakpoint.c:5546
#19 0x12fce24 in handle_signal_stop
/home/vries/gdb_versions/devel/src/gdb/infrun.c:6243
#20 0x12f950c in handle_inferior_event
/home/vries/gdb_versions/devel/src/gdb/infrun.c:5729
#21 0x12ee33f in fetch_inferior_event()
/home/vries/gdb_versions/devel/src/gdb/infrun.c:4108
#22 0x12a6536 in inferior_event_handler(inferior_event_type)
/home/vries/gdb_versions/devel/src/gdb/inf-loop.c:41
#23 0x1396c85 in handle_target_event
/home/vries/gdb_versions/devel/src/gdb/linux-nat.c:4056
#24 0x224c460 in handle_file_event
/home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:575
#25 0x224cc7d in gdb_wait_for_event
/home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:701
#26 0x224ab6d in gdb_do_one_event()
/home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:212
#27 0x19d5e9a in wait_sync_command_done()
/home/vries/gdb_versions/devel/src/gdb/top.c:528
#28 0x19d6055 in maybe_wait_sync_command_done(int)
/home/vries/gdb_versions/devel/src/gdb/top.c:545
#29 0x19d6eea in execute_command(char const*, int)
/home/vries/gdb_versions/devel/src/gdb/top.c:676
SUMMARY: AddressSanitizer: heap-use-after-free
/usr/include/c++/7/bits/unique_ptr.h:147 in
std::__uniq_ptr_impl<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>::_M_ptr()
const
Shadow bytes around the buggy address:
0x0c06800416d0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
0x0c06800416e0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x0c06800416f0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x0c0680041700: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
0x0c0680041710: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
=>0x0c0680041720: fd fd fa fa fd fd[fd]fd fa fa fd fd fd fd fa fa
0x0c0680041730: 00 00 00 fa fa fa fd fd fd fd fa fa fd fd fd fd
0x0c0680041740: fa fa fd fd fd fd fa fa fd fd fd fa fa fa fd fd
0x0c0680041750: fd fa fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x0c0680041760: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
0x0c0680041770: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==7743==ABORTING
...
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (3 preceding siblings ...)
2021-05-21 0:14 ` vries at gcc dot gnu.org
@ 2021-05-21 0:45 ` vries at gcc dot gnu.org
2021-05-21 1:10 ` vries at gcc dot gnu.org
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-05-21 0:45 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #5 from Tom de Vries <vries at gcc dot gnu.org> ---
Not fixed by patch submitted for PR27817.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (4 preceding siblings ...)
2021-05-21 0:45 ` vries at gcc dot gnu.org
@ 2021-05-21 1:10 ` vries at gcc dot gnu.org
2021-07-30 20:10 ` tromey at sourceware dot org
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-05-21 1:10 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #6 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #5)
> Not fixed by patch submitted for PR27817.
Hmm, that one was already superseded by a committed patch, so I guess this was
not very useful.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (5 preceding siblings ...)
2021-05-21 1:10 ` vries at gcc dot gnu.org
@ 2021-07-30 20:10 ` tromey at sourceware dot org
2021-08-03 23:20 ` tromey at sourceware dot org
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: tromey at sourceware dot org @ 2021-07-30 20:10 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #7 from Tom Tromey <tromey at sourceware dot org> ---
queue_and_load_all_dwo_tus can seemingly create new type units
even though it is called by dw2_do_instantiate_symtab - i.e.,
after the initial scan is done.
So probably this code should either reallocate the symtab
vector when doing this (may be expensive unless we can count
how many additions there will be); or maybe the assert
removed.
This is pretty surprising to me, though I guess I don't really
understand the DWO code.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (6 preceding siblings ...)
2021-07-30 20:10 ` tromey at sourceware dot org
@ 2021-08-03 23:20 ` tromey at sourceware dot org
2021-08-15 19:38 ` tromey at sourceware dot org
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: tromey at sourceware dot org @ 2021-08-03 23:20 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #8 from Tom Tromey <tromey at sourceware dot org> ---
I have a patch for this one.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (7 preceding siblings ...)
2021-08-03 23:20 ` tromey at sourceware dot org
@ 2021-08-15 19:38 ` tromey at sourceware dot org
2021-08-24 12:13 ` vries at gcc dot gnu.org
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: tromey at sourceware dot org @ 2021-08-15 19:38 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
Tom Tromey <tromey at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |tromey at sourceware dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (8 preceding siblings ...)
2021-08-15 19:38 ` tromey at sourceware dot org
@ 2021-08-24 12:13 ` vries at gcc dot gnu.org
2021-08-24 14:03 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: vries at gcc dot gnu.org @ 2021-08-24 12:13 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #9 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom Tromey from comment #8)
> I have a patch for this one.
The failure still reproduces for me, and the patch (
https://sourceware.org/pipermail/gdb-patches/2021-August/181479.html ) fixes
it.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (9 preceding siblings ...)
2021-08-24 12:13 ` vries at gcc dot gnu.org
@ 2021-08-24 14:03 ` cvs-commit at gcc dot gnu.org
2021-08-24 14:34 ` tromey at sourceware dot org
2021-09-08 21:04 ` cvs-commit at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-08-24 14:03 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #10 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tom Tromey <tromey@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d58e54bd277b90d847be09ae4b18bfdbc0dc2066
commit d58e54bd277b90d847be09ae4b18bfdbc0dc2066
Author: Tom Tromey <tom@tromey.com>
Date: Wed Aug 4 12:44:10 2021 -0600
Fix two regressions caused by CU / TU merging
PR symtab/28160 and PR symtab/27893 concern GDB crashes in the test
suite when using the "fission" target board. They are both caused by
the patches that merge the list of CUs with the list of TUs (and to a
lesser degree by the patches to share DWARF data across objfiles), and
the underlying issue is the same: it turns out that reading a DWO can
cause new type units to be created. This means that the list of
dwarf2_per_cu_data objects depends on precisely which CUs have been
expanded. However, because the type units can be created while
expanding a CU means that the vector of CUs can expand while it is
being iterated over -- a classic mistake. Also, because a TU can be
added later, it means the resize_symtabs approach is incorrect.
This patch fixes resize_symtabs by removing it, and having set_symtab
resize the vector on demand. It fixes the iteration problem by
introducing a safe (index-based) iterator and changing the relevant
spots to use it.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28160
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (10 preceding siblings ...)
2021-08-24 14:03 ` cvs-commit at gcc dot gnu.org
@ 2021-08-24 14:34 ` tromey at sourceware dot org
2021-09-08 21:04 ` cvs-commit at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: tromey at sourceware dot org @ 2021-08-24 14:34 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
Tom Tromey <tromey at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |12.1
--- Comment #11 from Tom Tromey <tromey at sourceware dot org> ---
Fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug symtab/27893] [fission] segfault in dw2_expand_symtabs_matching_one
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
` (11 preceding siblings ...)
2021-08-24 14:34 ` tromey at sourceware dot org
@ 2021-09-08 21:04 ` cvs-commit at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-09-08 21:04 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=27893
--- Comment #12 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The gdb-11-branch branch has been updated by Tom Tromey
<tromey@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=de2143d60b9928fa19af00fe3dbb0c8b79b1237b
commit de2143d60b9928fa19af00fe3dbb0c8b79b1237b
Author: Tom Tromey <tom@tromey.com>
Date: Wed Aug 4 12:44:10 2021 -0600
Fix two regressions caused by CU / TU merging
PR symtab/28160 and PR symtab/27893 concern GDB crashes in the test
suite when using the "fission" target board. They are both caused by
the patches that merge the list of CUs with the list of TUs (and to a
lesser degree by the patches to share DWARF data across objfiles), and
the underlying issue is the same: it turns out that reading a DWO can
cause new type units to be created. This means that the list of
dwarf2_per_cu_data objects depends on precisely which CUs have been
expanded. However, because the type units can be created while
expanding a CU means that the vector of CUs can expand while it is
being iterated over -- a classic mistake. Also, because a TU can be
added later, it means the resize_symtabs approach is incorrect.
This patch fixes resize_symtabs by removing it, and having set_symtab
resize the vector on demand. It fixes the iteration problem by
introducing a safe (index-based) iterator and changing the relevant
spots to use it.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28160
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=27893
(cherry picked from commit d58e54bd277b90d847be09ae4b18bfdbc0dc2066)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2021-09-08 21:04 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-20 19:57 [Bug symtab/27893] New: [fission] segfault in dw2_expand_symtabs_matching_one vries at gcc dot gnu.org
2021-05-20 23:03 ` [Bug symtab/27893] " vries at gcc dot gnu.org
2021-05-20 23:06 ` vries at gcc dot gnu.org
2021-05-20 23:29 ` vries at gcc dot gnu.org
2021-05-21 0:14 ` vries at gcc dot gnu.org
2021-05-21 0:45 ` vries at gcc dot gnu.org
2021-05-21 1:10 ` vries at gcc dot gnu.org
2021-07-30 20:10 ` tromey at sourceware dot org
2021-08-03 23:20 ` tromey at sourceware dot org
2021-08-15 19:38 ` tromey at sourceware dot org
2021-08-24 12:13 ` vries at gcc dot gnu.org
2021-08-24 14:03 ` cvs-commit at gcc dot gnu.org
2021-08-24 14:34 ` tromey at sourceware dot org
2021-09-08 21:04 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).