"GNU gdb (GDB) 7.0-ubuntu\n" "Copyright (C) 2009 Free Software Foundation, Inc.\n" The crash is not 100% reproducible, but as at the same time there are "double free" messages sometimes too, I think this is to be expected. Program received signal SIGSEGV, Segmentation fault. free_command_lines (lptr=0x9a6b708) at /tmp/gdb-7.0/gdb/cli/cli-script.c:1227 1227 if (l->body_count > 0) (gdb) p l $1 = (struct command_line *) 0x6168732f (gdb) p *l Cannot access memory at address 0x6168732f (gdb) bt full #0 free_command_lines (lptr=0x9a6b708) at /tmp/gdb-7.0/gdb/cli/cli-script.c:1227 l = 0x6168732f next = 0x9a6b6e0 blist = 0x97dc858 i = <value optimized out> #1 0x0811bafd in delete_breakpoint (bpt=0x9a6b6e0) at /tmp/gdb-7.0/gdb/breakpoint.c:8005 b = 0x0 __PRETTY_FUNCTION__ = "delete_breakpoint" #2 0x08093855 in do_my_cleanups (pmy_chain=0x8382850, old_chain=0x0) at /tmp/gdb-7.0/gdb/utils.c:391 ptr = 0x97dc858 #3 0x08140db0 in print_command_1 ( exp=0xbfe77505 "(void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)", inspect=0, voidprint=<value optimized out>) at /tmp/gdb-7.0/gdb/printcmd.c:940 expr = 0xa27dd78 old_chain = 0x0 format = <value optimized out> val = 0xa27df68 cleanup = 1 #4 0x080928f2 in execute_command (p=0xbfe7757a ")", from_tty=1) at /tmp/gdb-7.0/gdb/top.c:453 arg = 0xbfe77505 "(void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)" c = 0x9037610 flang = <value optimized out> warned = 0 line = 0xbfe77500 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)" #5 0x0816abb2 in catch_exception (uiout=0x904d958, func=0x80ea980 <do_captured_execute_command>, func_args=0xbfe775b4, mask=6) at /tmp/gdb-7.0/gdb/exceptions.c:462 exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0} #6 0x080ea90e in safe_execute_command (data=0x0, command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)") at /tmp/gdb-7.0/gdb/cli/cli-interp.c:130 e = {reason = -1075350056, error = 134821996, message = 0x90c1980 "8\374\n\t\260,\t\b"} args = { command = 0xbfe77500 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)", from_tty = 1} #7 cli_interpreter_exec (data=0x0, command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)") at /tmp/gdb-7.0/gdb/cli/cli-interp.c:110 old_stream = <value optimized out> #8 0x0816ad1a in interp_exec (interp=0x904d9c0, d1a in interp_exec (interp=0x904d9c0, command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)") at /tmp/gdb-7.0/gdb/interps.c:326 No locals. #9 0x080ef756 in mi_cmd_interpreter_exec (command=0x82bc96a "-interpreter-exec", argv=0xbfe77684, argc=2) at /tmp/gdb-7.0/gdb/mi/mi-interp.c:206 e = {reason = 0, error = 3219617352, message = 0x809666f "\311\303\353\r\220\220\220\220\220\220\220\220\220\220\220\220\220U\211\345WVS\203\354\034\213u\f\213]\b\213}\020\200>\n\017\204\365\001"} interp_to_use = 0x904d9c0 i = 1 old_chain = 0x90afc38 #10 0x080f02b1 in captured_mi_execute_command (uiout=0x904e0b8, data=0x90c19b8) at /tmp/gdb-7.0/gdb/mi/mi-main.c:1232 argv = {0x82a3148 "console", 0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)"} cleanup = 0x0 #11 0x0816abb2 in catch_exception (uiout=0x904e0b8, func=0x80f0070 <captured_mi_execute_command>, func_args=0x90c19b8, mask=6) at /tmp/gdb-7.0/gdb/exceptions.c:462 exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0} #12 0x080efd38 in mi_execute_command ( cmd=0xa223b88 "41call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)", from_tty=1) at /tmp/gdb-7.0/gdb/mi/mi-main.c:1288 result = {reason = 4961420, error = 5882912, message = 0x7e <Address 0x7e out of bounds>} previous_ptid = {pid = 27808, lwp = 27808, tid = 0} command = <value optimized out> #13 0x080eecb6 in mi_execute_command_wrapper ( cmd=0xa223b88 "41call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)") at /tmp/gdb-7.0/gdb/mi/mi-interp.c:251 No locals. #14 0x0816ff89 in handle_file_event (data=...) at /tmp/gdb-7.0/gdb/event-loop.c:812 file_ptr = 0x909e928 mask = <value optimized out> error_mask_returned = 0 #15 0x0816f7cb in process_event () at /tmp/gdb-7.0/gdb/event-loop.c:394 event_ptr = <value optimized out> proc = 0x816ff10 <handle_file_event> data = {ptr = 0x0, integer = 0} #16 0x081704c6 in gdb_do_one_event (data=0x0) at /tmp/gdb-7.0/gdb/event-loop.c:447 event_source_head = 0 current = 3 #17 0x0816a993 in catch_errors (func=0x81703e0 <gdb_do_one_event>, func_args=0x0, errstring=0x82b3b14 "", mask=6) at /tmp/gdb-7.0/gdb/exceptions.c:510 val = 0 exception = {reason = 0, error = GDB_NO_ERROR, message = 0x0} #18 0x0816fecc in start_event_loop () at /tmp/gdb-7.0/gdb/event-loop.c:483 gdb_result = 161920776 d1a in interp_exec (interp=0x904d9c0, command_str=0x90f13f0 "call (void*)dlopen(\"/home/berlin/[[some]].so\", 0x00002)") at /tmp/gdb-7.0/gdb/interps.c:326 No locals. /home/berlin/[[some]].so is a real name, pointing do a valid, loadable shared object
I am raising Severity to "critical". Injection of code into the inferior is badly affected. After reading some of our own bugreports I have the impression that the bug might already have been present in 6.8 but far less prominent.
I can not reproduce this problem on a trivial test case. Andre, could you perhaps provide more detailed instructions? Note: if you link with -lmcheck, or set MALLOC_CHECK_=2, the intermittent crash should become deterministic (if it is due to double free). I can however make gdb-cvs crash on a trivial related example by executing: cat t.c int main() { return 0; } cat foo.c int foo() { return 42; } gcc -g t.c -ldl && gcc -g -fPIC -shared -o foo.so foo.c gdb64-cvs -nx ./a.out GNU gdb (GDB) 7.0.50.20091109-cvs ... Reading symbols from /tmp/gdb-pr10886/a.out...done. (gdb) b main Breakpoint 1 at 0x40048c: file t.c, line 1. (gdb) r Starting program: /tmp/gdb-pr10886/a.out Breakpoint 1, main () at t.c:1 1 int main() { return 0; } (gdb) print dlopen("./foo.so", 2) $1 = 6295632 (gdb) b foo Breakpoint 2 at 0x7ffff76794f0: file foo.c, line 1. (gdb) c Continuing. Program exited normally. (gdb) r Starting program: /tmp/gdb-pr10886/a.out Breakpoint 1, main () at t.c:1 1 int main() { return 0; } (gdb) info b Num Type Disp Enb Address What 1 breakpoint keep y 0x000000000040048c in main at t.c:1 breakpoint already hit 1 time Segmentation fault (core dumped) The crash is here: (gdb) bt #0 lookup_minimal_symbol_by_pc_section_1 (pc=140737344148720, section=0xd21390, want_trampoline=<value optimized out>) at ../../src/gdb/minsyms.c:488 #1 0x00000000004ff3e9 in find_pc_sect_symtab (pc=140737344148720, section=0xd21390) at ../../src/gdb/symtab.c:2071 #2 0x00000000004fd117 in blockvector_for_pc_sect (pc=140737344148720, section=0xd21390, pblock=0x7fff5d7d9df0, symtab=0x0) at ../../src/gdb/block.c:106 #3 0x00000000004fd140 in block_for_pc_sect (pc=140737344148720, section=0xd21390) at ../../src/gdb/block.c:182 #4 0x00000000004cd9f9 in find_pc_sect_function (pc=140737344148720, section=0xd21390) at ../../src/gdb/blockframe.c:139 #5 0x00000000004d428d in print_breakpoint_location (b=0xcdf2d0, loc=0xcb6300, loc_number=<value optimized out>, last_loc=0x7fff5d7da038, print_address_bits=<value optimized out>, allflag=0) at ../../src/gdb/breakpoint.c:3836 #6 print_one_breakpoint_location (b=0xcdf2d0, loc=0xcb6300, loc_number=<value optimized out>, last_loc=0x7fff5d7da038, print_address_bits=<value optimized out>, allflag=0) at ../../src/gdb/breakpoint.c:4053 #7 0x00000000004d4910 in print_one_breakpoint (b=0x7ffff76794f0, last_loc=0x0, print_address_bits=64, allflag=0) at ../../src/gdb/breakpoint.c:4225 #8 0x00000000004d4bf4 in breakpoint_1 (bnum=-1, allflag=0) at ../../src/gdb/breakpoint.c:4403 #9 0x000000000045cb3a in execute_command (p=0xa62a06 "", from_tty=1) at ../../src/gdb/top.c:453 ...
I guess that's not relevant anymore. Resolving as 'obsolete'