This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
[Bug gdb/24094] New: Segfault when reading a debug info generated with -flto

From: "marxin.liska at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: gdb-prs at sourceware dot org
Date: Tue, 15 Jan 2019 17:02:59 +0000
Subject: [Bug gdb/24094] New: Segfault when reading a debug info generated with -flto
Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=24094

            Bug ID: 24094
           Summary: Segfault when reading a debug info generated with
                    -flto
           Product: gdb
           Version: 8.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: marxin.liska at gmail dot com
  Target Milestone: ---

The binary is ccplus1 built with proofiledbootstrap and -flto:
http://www.ucw.cz/~hubicka/cc1plus.gz

When using ASAN, I see following error:
./gdb-8.2.1/gdb/gdb /tmp/cc1plus
warning: Found custom handler for signal 7 (Bus error) preinstalled.
warning: Found custom handler for signal 8 (Floating point exception)
preinstalled.
warning: Found custom handler for signal 11 (Segmentation fault) preinstalled.
Some signal dispositions inherited from the environment (SIG_DFL/SIG_IGN)
won't be propagated to spawned programs.
Python Exception <type 'exceptions.ImportError'> No module named gdb: 
./gdb-8.2.1/gdb/gdb: warning: 
Could not load the Python gdb module from `/usr/local/share/gdb/python'.
Limited Python support is available from the _gdb module.
Suggest passing --data-directory=/path/to/gdb/data-directory.

GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from
/tmp/cc1plus...=================================================================
==18432==ERROR: AddressSanitizer: heap-use-after-free on address 0x621010621cc0
at pc 0x000000e154a1 bp 0x7fffffffbc40 sp 0x7fffffffbc38
READ of size 1 at 0x621010621cc0 thread T0
    #0 0xe154a0 in typename_concat
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:22261
    #1 0xdaed7a in partial_die_full_name
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8775
    #2 0xdaf0d6 in add_partial_symbol
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8792
    #3 0xdb042f in add_partial_subprogram
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:9050
    #4 0xdade6f in scan_partial_symbols
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8567
    #5 0xdafd0f in add_partial_namespace
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8980
    #6 0xdae0b8 in scan_partial_symbols
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8601
    #7 0xdaa06b in process_psymtab_comp_unit_reader
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:7954
    #8 0xda81c0 in init_cutu_and_read_dies
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:7585
    #9 0xdaab09 in process_psymtab_comp_unit
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8038
    #10 0xdad055 in dwarf2_build_psymtabs_hard
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8400
    #11 0xd9fbd5 in dwarf2_build_psymtabs(objfile*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:6230
    #12 0xa05fa1 in read_psyms
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/elfread.c:1314
    #13 0x10f77c1 in require_partial_symbols(objfile*, int)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/psymtab.c:89
    #14 0x1231e57 in read_symbols
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:817
    #15 0x1233544 in syms_from_objfile_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:996
    #16 0x12337c6 in syms_from_objfile
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1012
    #17 0x123433c in symbol_file_add_with_addrs
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1119
    #18 0x1234d39 in symbol_file_add_from_bfd(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1203
    #19 0x1234eee in symbol_file_add(char const*, enum_flags<symfile_add_flag>,
std::vector<other_sections, std::allocator<other_sections> >*,
enum_flags<objfile_flag>)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1216
    #20 0x12352b2 in symbol_file_add_main_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1240
    #21 0x12350b0 in symbol_file_add_main(char const*,
enum_flags<symfile_add_flag>)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1231
    #22 0x101f570 in symbol_file_add_main_adapter
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:403
    #23 0x101f327 in catch_command_errors
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:379
    #24 0x102150b in captured_main_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1041
    #25 0x1021f0a in captured_main
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1147
    #26 0x10220f0 in gdb_main(captured_main_args*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1173
    #27 0x786ac5 in main /home/marxin/Programming/gdb/gdb-8.2.1/gdb/gdb.c:32
    #28 0x7ffff5bc3fea in __libc_start_main ../csu/libc-start.c:308
    #29 0x7868d9 in _start
(/home/marxin/Programming/gdb/gdb-8.2.1/gdb/gdb+0x7868d9)

0x621010621cc0 is located 3008 bytes inside of 4064-byte region
[0x621010621100,0x6210106220e0)
freed by thread T0 here:
    #0 0x7ffff70fab50 in __interceptor_free (/usr/lib64/libasan.so.5+0xebb50)
    #1 0x81212d in xfree<void> common/common-utils.h:60
    #2 0x176b8e6 in call_freefun obstack.c:103
    #3 0x176c31f in _obstack_free obstack.c:280
    #4 0x812ac1 in auto_obstack::~auto_obstack()
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/gdb_obstack.h:101
    #5 0xe24953 in dwarf2_cu::~dwarf2_cu()
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:24937
    #6 0xe4cb89 in std::default_delete<dwarf2_cu>::operator()(dwarf2_cu*) const
/usr/include/c++/8/bits/unique_ptr.h:81
    #7 0xe43757 in std::unique_ptr<dwarf2_cu, std::default_delete<dwarf2_cu>
>::~unique_ptr() /usr/include/c++/8/bits/unique_ptr.h:274
    #8 0xda830b in init_cutu_and_read_dies
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:7594
    #9 0xdaab09 in process_psymtab_comp_unit
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8038
    #10 0xdad055 in dwarf2_build_psymtabs_hard
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8400
    #11 0xd9fbd5 in dwarf2_build_psymtabs(objfile*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:6230
    #12 0xa05fa1 in read_psyms
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/elfread.c:1314
    #13 0x10f77c1 in require_partial_symbols(objfile*, int)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/psymtab.c:89
    #14 0x1231e57 in read_symbols
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:817
    #15 0x1233544 in syms_from_objfile_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:996
    #16 0x12337c6 in syms_from_objfile
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1012
    #17 0x123433c in symbol_file_add_with_addrs
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1119
    #18 0x1234d39 in symbol_file_add_from_bfd(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1203
    #19 0x1234eee in symbol_file_add(char const*, enum_flags<symfile_add_flag>,
std::vector<other_sections, std::allocator<other_sections> >*,
enum_flags<objfile_flag>)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1216
    #20 0x12352b2 in symbol_file_add_main_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1240
    #21 0x12350b0 in symbol_file_add_main(char const*,
enum_flags<symfile_add_flag>)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1231
    #22 0x101f570 in symbol_file_add_main_adapter
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:403
    #23 0x101f327 in catch_command_errors
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:379
    #24 0x102150b in captured_main_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1041
    #25 0x1021f0a in captured_main
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1147
    #26 0x10220f0 in gdb_main(captured_main_args*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1173
    #27 0x786ac5 in main /home/marxin/Programming/gdb/gdb-8.2.1/gdb/gdb.c:32
    #28 0x7ffff5bc3fea in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7ffff70faed0 in malloc (/usr/lib64/libasan.so.5+0xebed0)
    #1 0xc7e153 in xmalloc common/common-utils.c:44
    #2 0x176b7ee in call_chunkfun obstack.c:94
    #3 0x176beed in _obstack_newchunk obstack.c:206
    #4 0xb7b62c in allocate_on_obstack::operator new(unsigned long, obstack*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/gdb_obstack.h:117
    #5 0xdfafa5 in load_partial_dies
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:18288
    #6 0xdaa031 in process_psymtab_comp_unit_reader
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:7952
    #7 0xda81c0 in init_cutu_and_read_dies
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:7585
    #8 0xdaab09 in process_psymtab_comp_unit
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8038
    #9 0xdad055 in dwarf2_build_psymtabs_hard
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:8400
    #10 0xd9fbd5 in dwarf2_build_psymtabs(objfile*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:6230
    #11 0xa05fa1 in read_psyms
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/elfread.c:1314
    #12 0x10f77c1 in require_partial_symbols(objfile*, int)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/psymtab.c:89
    #13 0x1231e57 in read_symbols
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:817
    #14 0x1233544 in syms_from_objfile_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:996
    #15 0x12337c6 in syms_from_objfile
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1012
    #16 0x123433c in symbol_file_add_with_addrs
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1119
    #17 0x1234d39 in symbol_file_add_from_bfd(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1203
    #18 0x1234eee in symbol_file_add(char const*, enum_flags<symfile_add_flag>,
std::vector<other_sections, std::allocator<other_sections> >*,
enum_flags<objfile_flag>)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1216
    #19 0x12352b2 in symbol_file_add_main_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1240
    #20 0x12350b0 in symbol_file_add_main(char const*,
enum_flags<symfile_add_flag>)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/symfile.c:1231
    #21 0x101f570 in symbol_file_add_main_adapter
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:403
    #22 0x101f327 in catch_command_errors
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:379
    #23 0x102150b in captured_main_1
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1041
    #24 0x1021f0a in captured_main
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1147
    #25 0x10220f0 in gdb_main(captured_main_args*)
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/main.c:1173
    #26 0x786ac5 in main /home/marxin/Programming/gdb/gdb-8.2.1/gdb/gdb.c:32
    #27 0x7ffff5bc3fea in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free
/home/marxin/Programming/gdb/gdb-8.2.1/gdb/dwarf2read.c:22261 in
typename_concat
Shadow bytes around the buggy address:
  0x0c42820bc340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c42820bc390: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
  0x0c42820bc3a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc3b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc3c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42820bc3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==18432==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Follow-Ups:
- [Bug gdb/24094] Segfault when reading a debug info generated with -flto
  - From: marxin.liska at gmail dot com
- [Bug gdb/24094] Segfault when reading a debug info generated with -flto
  - From: fweimer at redhat dot com
- [Bug gdb/24094] Segfault when reading a debug info generated with -flto
  - From: hubicka at gcc dot gnu.org
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]