Bug 16957

Summary: gdb segfaults when loading symbols in C++11-enabled application
Product: gdb Reporter: Georg Rudoy <0xd34df00d>
Component: c++Assignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED FIXED    
Severity: normal CC: bap.fayol, gbenson, keiths, pedro
Priority: P2    
Version: 7.7   
Target Milestone: 7.10   
Host: Target:
Build: Last reconfirmed:
Attachments: Somewhat minimal reproducing example.

Description Georg Rudoy 2014-05-17 17:49:33 UTC 
Created attachment 7607 [details]
Somewhat minimal reproducing example.

gdb-7.7.{0,1} segfaults for me when trying to debug my application. Debugging gdb with gdb shows this trace inside gdb (only top 19 lines are shown, next thousands of them are the same, I'd guess an infinite recursion):

(gdb) run ./main
Starting program: /usr/bin/gdb ./main
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
GNU gdb (Gentoo 7.7.1 p1) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./main...
Program received signal SIGSEGV, Segmentation fault.
d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb790) at ./cp-demangle.c:4721
4721    ./cp-demangle.c: Нет такого файла или каталога.
(gdb) bt
#0  d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb790) at ./cp-demangle.c:4721
#1  0x00000000007172c5 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=<optimized out>) at ./cp-demangle.c:4517
#2  0x0000000000717fae in d_print_comp (dpi=0x7fffffffac00, options=259, dc=0x7fffffffb610) at ./cp-demangle.c:4730
#3  0x00000000007182c6 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb628) at ./cp-demangle.c:4911
#4  0x000000000071b4cf in d_print_function_type (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, mods=0x0, dc=0x7fffffffb640) at ./cp-demangle.c:5605
#5  0x0000000000717432 in d_print_comp (dpi=0x7fffffffac00, options=259, dc=0x7fffffffb640) at ./cp-demangle.c:4796
#6  0x00000000007182c6 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb658) at ./cp-demangle.c:4911
#7  0x0000000000717241 in d_print_comp (dpi=0x7fffffffac00, options=259, dc=0x7fffffffb670) at ./cp-demangle.c:4481
#8  0x00000000007182c6 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb688) at ./cp-demangle.c:4911
#9  0x00000000007190f2 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb580) at ./cp-demangle.c:4923
#10 0x0000000000717241 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb6a0) at ./cp-demangle.c:4481
#11 0x0000000000719d14 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb700) at ./cp-demangle.c:4781
#12 0x000000000071a2a5 in d_print_comp (dpi=0x7fffffffac00, options=259, dc=0x7fffffffb718) at ./cp-demangle.c:4422
#13 0x0000000000717099 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb778) at ./cp-demangle.c:4312
#14 0x0000000000717fae in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb790) at ./cp-demangle.c:4730
#15 0x00000000007172c5 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=<optimized out>) at ./cp-demangle.c:4517
#16 0x0000000000717fae in d_print_comp (dpi=0x7fffffffac00, options=259, dc=0x7fffffffb610) at ./cp-demangle.c:4730
#17 0x00000000007182c6 in d_print_comp (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, dc=0x7fffffffb628) at ./cp-demangle.c:4911
#18 0x000000000071b4cf in d_print_function_type (dpi=dpi@entry=0x7fffffffac00, options=options@entry=259, mods=0x0, dc=0x7fffffffb640) at ./cp-demangle.c:5605

Unfortunately, I am not able to provide a small enough minimal reproducing example, only the included archive reproduces the crash for me. In order to build it one needs Qt4, building is like (assuming gcc 4.8 or newer):

g++ -std=c++11 -I /usr/include/qt4/ -I /usr/include/qt4/QtCore/ -I /usr/include/qt4/QtSql/ -L/usr/lib/qt4 -lQtCore -lQtSql -O0 -g -ggdb main.cpp -o main

or

clang++ -std=c++11 -I /usr/include/qt4/ -I /usr/include/qt4/QtCore/ -I /usr/include/qt4/QtSql/ -DQ_COMPILER_INITIALIZER_LISTS -L/usr/lib/qt4 -lQtCore -lQtSql -O0 -g -ggdb main.cpp -o main
Comment 1 Keith Seitz 2014-05-17 18:56:54 UTC 
Looks like another demangler crash. Uncertain if it exactly c++/16752, but it could be the same bug(s). Can you try the patch referenced in that bug?
Comment 2 Georg Rudoy 2014-05-17 19:09:43 UTC 
(In reply to Keith Seitz from comment #1)
> Looks like another demangler crash. Uncertain if it exactly c++/16752, but
> it could be the same bug(s). Can you try the patch referenced in that bug?

The one in https://gcc.gnu.org/ml/gcc-patches/2014-05/msg00404.html ? I'll try, but that'll take some time.

In the meanwhile I've run the mangled strings from the test cases via c++filt, and nothing got stuck or crashed. Does it make sense or help a bit?
Comment 3 Keith Seitz 2014-05-17 19:21:41 UTC 
Yes, that looks like the patch.

If c++filt came pre-installed by your system, you're not likely to trigger the bug -- it is almost certainly using a different libiberty than the one bundled into gdb-binutils, but passing the system c++filt is very good supporting evidence to suggest that you're running into the same bug.

Give the patch a try. (or just checkout gdb repo or download a snapshot)
Comment 4 Georg Rudoy 2014-05-17 19:24:14 UTC 
Yes, that's c++filt that came with system binutils package.

Now I'm slightly confused. That's the patch for gdb then? If so, that's good, as I was going to recompile gcc/binutils.
Comment 5 Keith Seitz 2014-05-17 19:26:58 UTC 
GCC is considered the master repository for libiberty. gdb-binutils contains a copy. So all you need to do is rebuild gdb.
Comment 6 Georg Rudoy 2014-05-17 20:01:10 UTC 
Great, thanks for the explanation!

The patch didn't work, though. gdb still crashes with exactly the same backtrace.
Comment 7 Gary Benson 2014-05-19 09:41:26 UTC 
Georg, could you please rebuild GDB with this patch: http://tinyurl.com/k2c6mw4
It will catch the crash and print the offending symbol.
Comment 8 Gary Benson 2014-05-19 09:43:40 UTC 
Georg, alternatively can you supply more of the backtrace of a crash?  I need to see the mangled symbol name.  http://gbenson.net/?p=422 shows an example, frames 9-12 have the mangled symbol mangled=0x7ffffac19ea0 "_Z1-Av23*;cG~Wo2Vu"
Comment 9 Georg Rudoy 2014-05-19 12:53:05 UTC 
(In reply to Gary Benson from comment #8)
> Georg, alternatively can you supply more of the backtrace of a crash?  I
> need to see the mangled symbol name.  http://gbenson.net/?p=422 shows an
> example, frames 9-12 have the mangled symbol mangled=0x7ffffac19ea0
> "_Z1-Av23*;cG~Wo2Vu"

Thanks, that's much faster than rebuilding with a patch. The line in backtrace containing d_demangle_callback:

#69765 0x000000000071e518 in d_demangle_callback (mangled=<optimized out>, mangled@entry=0xe01eb4 "_Z7ZipWithI7QStringS0_5QListZN4oral6detail16AdaptCreateTableI7AccountEES0_RKNS3_16CachedFieldsDataEEUlRKS0_SA_E_ET1_IDTclfp1_cvT__EcvT0__EEEERKT1_ISC_ERKT1_ISD_ET2_", options=259, callback=callback@entry=0x716e70 <d_growable_string_callback_adapter>, opaque=opaque@entry=0x7fffffffd550) at ./cp-demangle.c:5890
Comment 10 Gary Benson 2014-05-19 14:04:33 UTC 
Confirmed and filed as:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61233
Comment 11 Pedro Alves 2014-05-27 12:10:35 UTC 
gcc/demangler patch sent: https://gcc.gnu.org/ml/gcc-patches/2014-05/msg02279.html
Comment 12 Pedro Alves 2015-11-30 11:50:52 UTC 
Fixed, both master and 7.10 branch (IOW, fix will be part of 7.10.1)
Comment 13 Pedro Alves 2015-11-30 11:51:13 UTC 
Closing.
Comment 14 yaoltreza 2021-10-21 06:49:19 UTC Comment hidden (spam)