public inbox for gdb-prs@sourceware.org help / color / mirror / Atom feed
From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org> To: gdb-prs@sourceware.org Subject: [Bug gdb/31259] New: [gdb] ThreadSanitizer: heap-use-after-free linux-nat.c:2809 in select_event_lwp Date: Thu, 18 Jan 2024 09:12:03 +0000 [thread overview] Message-ID: <bug-31259-4717@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=31259 Bug ID: 31259 Summary: [gdb] ThreadSanitizer: heap-use-after-free linux-nat.c:2809 in select_event_lwp Product: gdb Version: HEAD Status: NEW Severity: normal Priority: P2 Component: gdb Assignee: unassigned at sourceware dot org Reporter: vries at gcc dot gnu.org Target Milestone: --- When building gdb with -O0 -fsanitize=thread, and run test-case gdb.base/vfork-follow-parent.exp, I get: ... (gdb) PASS: gdb.base/vfork-follow-parent.exp: exec_file=vfork-follow-parent-exec: target-non-stop=off: non-stop=off: resolution_method=schedule-multiple: set schedule-multiple on continue Continuing. [New inferior 2 (process 600810)] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". process 600810 is executing new program: /home/vries/gdb/build/gdb/testsuite/outputs/gdb.base/vfork-follow-parent/vforked-prog [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [Thread 0xfffff7fb4020 (LWP 600810) exited] ================== [1m[31mWARNING: ThreadSanitizer: heap-use-after-free (pid=600786) [1m[0m[1m[34m Write of size 4 at 0xffffeea1acfc by main thread: [1m[0m #0 select_event_lwp /home/vries/gdb/src/gdb/linux-nat.c:2809 (gdb+0xb07b14) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #1 linux_nat_wait_1 /home/vries/gdb/src/gdb/linux-nat.c:3389 (gdb+0xb09928) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #2 linux_nat_target::wait(ptid_t, target_waitstatus*, enum_flags<target_wait_flag>) /home/vries/gdb/src/gdb/linux-nat.c:3560 (gdb+0xb0a480) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #3 thread_db_target::wait(ptid_t, target_waitstatus*, enum_flags<target_wait_flag>) /home/vries/gdb/src/gdb/linux-thread-db.c:1402 (gdb+0xb32e10) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #4 target_wait(ptid_t, target_waitstatus*, enum_flags<target_wait_flag>) /home/vries/gdb/src/gdb/target.c:2571 (gdb+0xfb3d38) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #5 do_target_wait_1 /home/vries/gdb/src/gdb/infrun.c:4120 (gdb+0xa99430) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #6 operator() /home/vries/gdb/src/gdb/infrun.c:4179 (gdb+0xa995dc) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #7 do_target_wait /home/vries/gdb/src/gdb/infrun.c:4198 (gdb+0xa99928) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #8 fetch_inferior_event() /home/vries/gdb/src/gdb/infrun.c:4629 (gdb+0xa9acc4) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #9 inferior_event_handler(inferior_event_type) /home/vries/gdb/src/gdb/inf-loop.c:42 (gdb+0xa6a734) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #10 handle_target_event /home/vries/gdb/src/gdb/linux-nat.c:4357 (gdb+0xb0cb4c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #11 handle_file_event /home/vries/gdb/src/gdbsupport/event-loop.cc:573 (gdb+0x1cf5678) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #12 gdb_wait_for_event /home/vries/gdb/src/gdbsupport/event-loop.cc:694 (gdb+0x1cf5d3c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #13 gdb_do_one_event(int) /home/vries/gdb/src/gdbsupport/event-loop.cc:217 (gdb+0x1cf3ee8) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #14 start_event_loop /home/vries/gdb/src/gdb/main.c:408 (gdb+0xb79354) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #15 captured_command_loop /home/vries/gdb/src/gdb/main.c:472 (gdb+0xb79584) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #16 captured_main /home/vries/gdb/src/gdb/main.c:1342 (gdb+0xb7b99c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #17 gdb_main(captured_main_args*) /home/vries/gdb/src/gdb/main.c:1361 (gdb+0xb7ba4c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #18 main /home/vries/gdb/src/gdb/gdb.c:39 (gdb+0x423ce8) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) [1m[34m Previous write of size 8 at 0xffffeea1acf8 by main thread: [1m[0m #0 operator delete(void*, unsigned long) <null> (libtsan.so.2+0x8fb14) (BuildId: fe872cc4563474b7ad67d63a019aa94e1e0df888) #1 delete_lwp /home/vries/gdb/src/gdb/linux-nat.c:849 (gdb+0xb00d04) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #2 exit_lwp /home/vries/gdb/src/gdb/linux-nat.c:924 (gdb+0xb01104) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #3 wait_lwp /home/vries/gdb/src/gdb/linux-nat.c:2224 (gdb+0xb058bc) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #4 stop_wait_callback /home/vries/gdb/src/gdb/linux-nat.c:2458 (gdb+0xb06760) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #5 gdb::function_view<int (lwp_info*)>::bind<int, lwp_info*>(int (*)(lwp_info*))::{lambda(gdb::fv_detail::erased_callable, lwp_info*)#1}::operator()(gdb::fv_detail::erased_callable, lwp_info*) const /home/vries/gdb/src/gdb/../gdbsupport/function-view.h:326 (gdb+0xb12f68) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #6 gdb::function_view<int (lwp_info*)>::bind<int, lwp_info*>(int (*)(lwp_info*))::{lambda(gdb::fv_detail::erased_callable, lwp_info*)#1}::_FUN(gdb::fv_detail::erased_callable, lwp_info*) /home/vries/gdb/src/gdb/../gdbsupport/function-view.h:320 (gdb+0xb12fd0) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #7 gdb::function_view<int (lwp_info*)>::operator()(lwp_info*) const /home/vries/gdb/src/gdb/../gdbsupport/function-view.h:289 (gdb+0xb11348) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #8 iterate_over_lwps(ptid_t, gdb::function_view<int (lwp_info*)>) /home/vries/gdb/src/gdb/linux-nat.c:879 (gdb+0xb00ed0) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #9 linux_nat_wait_1 /home/vries/gdb/src/gdb/linux-nat.c:3382 (gdb+0xb098b0) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #10 linux_nat_target::wait(ptid_t, target_waitstatus*, enum_flags<target_wait_flag>) /home/vries/gdb/src/gdb/linux-nat.c:3560 (gdb+0xb0a480) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #11 thread_db_target::wait(ptid_t, target_waitstatus*, enum_flags<target_wait_flag>) /home/vries/gdb/src/gdb/linux-thread-db.c:1402 (gdb+0xb32e10) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #12 target_wait(ptid_t, target_waitstatus*, enum_flags<target_wait_flag>) /home/vries/gdb/src/gdb/target.c:2571 (gdb+0xfb3d38) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #13 do_target_wait_1 /home/vries/gdb/src/gdb/infrun.c:4120 (gdb+0xa99430) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #14 operator() /home/vries/gdb/src/gdb/infrun.c:4179 (gdb+0xa995dc) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #15 do_target_wait /home/vries/gdb/src/gdb/infrun.c:4198 (gdb+0xa99928) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #16 fetch_inferior_event() /home/vries/gdb/src/gdb/infrun.c:4629 (gdb+0xa9acc4) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #17 inferior_event_handler(inferior_event_type) /home/vries/gdb/src/gdb/inf-loop.c:42 (gdb+0xa6a734) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #18 handle_target_event /home/vries/gdb/src/gdb/linux-nat.c:4357 (gdb+0xb0cb4c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #19 handle_file_event /home/vries/gdb/src/gdbsupport/event-loop.cc:573 (gdb+0x1cf5678) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #20 gdb_wait_for_event /home/vries/gdb/src/gdbsupport/event-loop.cc:694 (gdb+0x1cf5d3c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #21 gdb_do_one_event(int) /home/vries/gdb/src/gdbsupport/event-loop.cc:217 (gdb+0x1cf3ee8) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #22 start_event_loop /home/vries/gdb/src/gdb/main.c:408 (gdb+0xb79354) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #23 captured_command_loop /home/vries/gdb/src/gdb/main.c:472 (gdb+0xb79584) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #24 captured_main /home/vries/gdb/src/gdb/main.c:1342 (gdb+0xb7b99c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #25 gdb_main(captured_main_args*) /home/vries/gdb/src/gdb/main.c:1361 (gdb+0xb7ba4c) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) #26 main /home/vries/gdb/src/gdb/gdb.c:39 (gdb+0x423ce8) (BuildId: 6dc308d9bc2da51d7adf979315fabd66fb46e8a3) SUMMARY: ThreadSanitizer: heap-use-after-free /home/vries/gdb/src/gdb/linux-nat.c:2809 in select_event_lwp ================== FAIL: gdb.base/vfork-follow-parent.exp: exec_file=vfork-follow-parent-exec: target-non-stop=off: non-stop=off: resolution_method=schedule-multiple: continue to end of inferior 2 (timeout) ... -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2024-01-18 9:12 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-01-18 9:12 vries at gcc dot gnu.org [this message] 2024-01-22 13:34 ` [Bug gdb/31259] " vries at gcc dot gnu.org 2024-02-26 15:28 ` cvs-commit at gcc dot gnu.org 2024-02-27 0:00 ` tromey at sourceware dot org 2024-02-27 8:20 ` vries at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-31259-4717@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=gdb-prs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).