Bug 14100 - internal-error: frame_cleanup_after_sniffer: Assertion `frame->prologue_cache == NULL' failed.
Summary: internal-error: frame_cleanup_after_sniffer: Assertion `frame->prologue_cache...
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: HEAD
: P2 normal
Target Milestone: 7.5
Assignee: Not yet assigned to anyone
URL:
Keywords:
: 14391 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-05-12 17:46 UTC by Paul Pluzhnikov
Modified: 2017-08-11 08:35 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Pluzhnikov 2012-05-12 17:46:09 UTC 
Using current HEAD, interrupting a long backtrace results in:

...
#25217 0x0000000000400574 in foo (i=9711) at t.c:1
#25218 0x0000000000400574 in foo (i=9710) at t.c:1
^C../../src/gdb/frame.c:2396: internal-error: frame_cleanup_after_sniffer: Assertion `frame->prologue_cache == NULL' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Aborted (core dumped)


Google ref: b/6486017

Repro steps:

cat t.c
int foo(int i) { char buf[200];  return foo(i + 1) + buf[199]; }
main() { return foo(0); }

gcc -g t.c && gdb ./a.out
GNU gdb (GDB) 7.4.50.20120512-cvs
...

(gdb) run
Starting program: /tmp/a.out 

Program received signal SIGSEGV, Segmentation fault.
0x000000000040054f in foo (i=<error reading variable: Cannot access memory at address 0x7fffff7fefcc>) at t.c:1
1	int foo(int i) { char buf[200];  return foo(i + 1) + buf[199]; }

(gdb) bt    # Hit ^C after a while
...
#25218 0x0000000000400574 in foo (i=9710) at t.c:1
^C../../src/gdb/frame.c:2396: internal-error: frame_cleanup_after_sniffer: Assertion `frame->prologue_cache == NULL' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Aborted (core dumped)


Core was generated by `gdb64-cvs ./a.out'.
Program terminated with signal 6, Aborted.
#0  0x00007f06e115fa75 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007f06e115fa75 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f06e11635c0 in *__GI_abort () at abort.c:92
#2  0x0000000000655126 in dump_core () at ../../src/gdb/utils.c:687
#3  0x0000000000656b7a in internal_vproblem (problem=0xc55350, file=<optimized out>, line=<optimized out>, fmt=<optimized out>, ap=<optimized out>) at ../../src/gdb/utils.c:855
#4  0x0000000000656d49 in internal_verror (file=<optimized out>, line=<optimized out>, fmt=<optimized out>, ap=0x7fff8b32b138) at ../../src/gdb/utils.c:870
#5  0x0000000000656de1 in internal_error (file=0x6896 <Address 0x6896 out of bounds>, line=26774, string=0x6 <Address 0x6 out of bounds>) at ../../src/gdb/utils.c:880
#6  0x00000000006595ce in frame_cleanup_after_sniffer (arg=<optimized out>) at ../../src/gdb/frame.c:2396
#7  0x0000000000542966 in do_my_cleanups (pmy_chain=0xc50888, old_chain=0x8841e0) at ../../src/gdb/cleanups.c:155
#8  0x000000000059bd21 in throw_exception (exception=...) at ../../src/gdb/exceptions.c:227
#9  0x000000000059bced in exceptions_state_mc (action=<optimized out>) at ../../src/gdb/exceptions.c:197
#10 0x000000000065d855 in frame_unwind_find_by_frame (this_frame=<optimized out>, this_cache=<optimized out>) at ../../src/gdb/frame-unwind.c:110
#11 0x00000000006597c1 in get_frame_type (frame=0x92761b0) at ../../src/gdb/frame.c:2226
#12 0x0000000000597498 in print_frame_info (frame=0x92761b0, print_level=1, print_what=LOCATION, print_args=1) at ../../src/gdb/stack.c:767
#13 0x0000000000597b56 in backtrace_command_1 (count_exp=<optimized out>, show_locals=0, from_tty=1) at ../../src/gdb/stack.c:1728
#14 0x0000000000597e83 in backtrace_command (arg=0x0, from_tty=<optimized out>) at ../../src/gdb/stack.c:1804
#15 0x0000000000652a33 in execute_command (p=0x250e9a2 "", from_tty=1) at ../../src/gdb/top.c:484
#16 0x00000000005a4438 in command_handler (command=0x250e9a0 "bt") at ../../src/gdb/event-top.c:435
#17 0x00000000005a4eec in command_line_handler (rl=<optimized out>) at ../../src/gdb/event-top.c:636
#18 0x0000000000694d7b in rl_callback_read_char () at ../../src/readline/callback.c:220
#19 0x00000000005a44a9 in rl_callback_read_char_wrapper (client_data=0x6896) at ../../src/gdb/event-top.c:169
#20 0x00000000005a2dd8 in process_event () at ../../src/gdb/event-loop.c:401
#21 0x00000000005a417a in gdb_do_one_event () at ../../src/gdb/event-loop.c:465
#22 0x00000000005a41e5 in start_event_loop () at ../../src/gdb/event-loop.c:490
#23 0x000000000059d583 in captured_command_loop (data=0x6896) at ../../src/gdb/main.c:226
#24 0x000000000059c0eb in catch_errors (func=<optimized out>, func_args=<optimized out>, errstring=<optimized out>, mask=<optimized out>) at ../../src/gdb/exceptions.c:546
#25 0x000000000059e296 in captured_main (data=<optimized out>) at ../../src/gdb/main.c:1001
#26 0x000000000059c0eb in catch_errors (func=<optimized out>, func_args=<optimized out>, errstring=<optimized out>, mask=<optimized out>) at ../../src/gdb/exceptions.c:546
#27 0x000000000059d544 in gdb_main (args=0x6896) at ../../src/gdb/main.c:1010
#28 0x000000000046fd3e in main (argc=<optimized out>, argv=0x6896) at ../../src/gdb/gdb.c:34
Comment 1 Tom Tromey 2012-08-02 13:37:49 UTC 
*** Bug 14391 has been marked as a duplicate of this bug. ***
Comment 2 Tom Tromey 2012-08-02 15:02:14 UTC 
It was surprisingly hard to find out where the exception
is originally thrown.  I had to resort to some crazy hacks.

There are two possible problems.

One is that maybe this is just a bad assert.
Perhaps instead this cleanup should just clear the prologue_cache field.
This would make sense because it is hard to predict what code paths
might call QUIT.

Another is that dwarf2_frame_cache could assign to *this_cache
at the end of its processing, rather than at the beginning.

What is happening is that dwarf2_frame_cache sets *this_cache.
Then it does some more work; including eventually calling target_read,
which calls QUIT.  If the C-c arrives at exactly the right moment,
it triggers the failure.

#1  0x000000000074315e in target_read (ops=0x3b84890, 
    object=TARGET_OBJECT_STACK_MEMORY, annex=0x0, buf=0x3e89fc0 "", 
    offset=140737479962640, len=8) at ../../archer/gdb/target.c:2027
#2  0x0000000000742a9e in target_read_stack (memaddr=140737479962640, myaddr=
    0x3e89fc0 "", len=8) at ../../archer/gdb/target.c:1785
#3  0x000000000079e592 in read_stack (memaddr=140737479962640, myaddr=
    0x3e89fc0 "", len=8) at ../../archer/gdb/corefile.c:233
#4  0x00000000006bf20e in read_value_memory (val=0x3e42c00, 
    embedded_offset=0, stack=1, memaddr=140737479962640, buffer=0x3e89fc0 "", 
    length=8) at ../../archer/gdb/valops.c:1140
#5  0x00000000006bec15 in value_fetch_lazy (val=0x3e42c00)
    at ../../archer/gdb/valops.c:1022
#6  0x00000000006aed06 in value_entirely_available (value=0x3e42c00)
    at ../../archer/gdb/value.c:348
#7  0x0000000000818e29 in frame_register_unwind (frame=0x3bf7ec0, regnum=6, 
    optimizedp=0x7fffffb7517c, unavailablep=0x7fffffb75178, lvalp=
    0x7fffffb75168, addrp=0x7fffffb75170, realnump=0x7fffffb7516c, bufferp=
    0x7fffffb751c0 "ʠ\370\003\006") at ../../archer/gdb/frame.c:863
#8  0x00000000008190b3 in frame_unwind_register (frame=0x3bf7ec0, regnum=6, 
    buf=0x7fffffb751c0 "ʠ\370\003\006") at ../../archer/gdb/frame.c:912
#9  0x000000000081912d in get_frame_register (frame=0x3bf8d10, regnum=6, buf=
    0x7fffffb751c0 "ʠ\370\003\006") at ../../archer/gdb/frame.c:926
#10 0x00000000007ab399 in read_reg (baton=0x3bf8d10, reg=6)
    at ../../archer/gdb/dwarf2-frame.c:299
#11 0x00000000007ad205 in dwarf2_frame_cache (this_frame=0x3bf8d10, 
    this_cache=0x3bf8d28) at ../../archer/gdb/dwarf2-frame.c:1090
Comment 3 Jan Kratochvil 2012-08-05 19:51:56 UTC 
Re: RFC: one approach to fixing PR 14100
http://sourceware.org/ml/gdb-patches/2012-08/msg00117.html
Comment 4 Tom Tromey 2012-08-06 19:22:36 UTC 
Fixed.
Comment 5 Sourceware Commits 2017-08-11 08:35:28 UTC 
The master branch has been updated by Yao Qi <qiyao@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=be7d3cd5f13196dd070978aa48c2832c351c25b6

commit be7d3cd5f13196dd070978aa48c2832c351c25b6
Author: Yao Qi <yao.qi@linaro.org>
Date:   Fri Aug 11 09:30:02 2017 +0100

    Reset *THIS_CACHE in frame_unwind_try_unwinder in case of exception
    
    It is required that unwinder->sniffer should set *this_cache to NULL if
    the unwinder is not applicable or exception is thrown, so
    78ac5f831692f70b841044961069e50d4ba6a76f adds clear_pointer_cleanup to set
    *this_cache to NULL in case of exception in order to fix PR 14100.
    https://sourceware.org/ml/gdb-patches/2012-08/msg00075.html
    
    This patch removes that clear_pointer_cleanup, and catch all exception in
    the caller of unwinder->sniffer.  In case of exception, reset *this_case.
    
    gdb:
    
    2017-08-11  Yao Qi  <yao.qi@linaro.org>
    
    	* dwarf2-frame.c (clear_pointer_cleanup): Remove.
    	(dwarf2_frame_cache): Remove reset_cache_cleanup.
    	(dwarf2_frame_cache):
    	* frame-unwind.c (frame_unwind_try_unwinder): Catch
    	RETURN_MASK_ALL and set *this_case to NULL.
    	* frame-unwind.h: Update comments.