Bug 19829 - gdb crashes with PT and reverse next
Summary: gdb crashes with PT and reverse next
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: 7.11
: P2 normal
Target Milestone: 7.11.1
Assignee: Markus Metzger
Depends on:
Reported: 2016-03-16 14:53 UTC by Andi Kleen
Modified: 2016-03-17 11:32 UTC (History)
2 users (show)

See Also:
Last reconfirmed:


Note You need to log in before you can comment on or make changes to this bug.
Description Andi Kleen 2016-03-16 14:53:08 UTC
On reverse-next

Core was generated by `gdb --args /home/ak/hle/obj-perf/perf report --branch-history --stdio'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  get_frame_type (frame=0x0) at frame.c:2458
(gdb) p frame
$1 = (struct frame_info *) 0x0
(gdb) l
2453    }
2455    enum frame_type
2456    get_frame_type (struct frame_info *frame)
2457    {
2458      if (frame->unwind == NULL)
2459        /* Initialize the frame's unwinder because that's what
2460           provides the frame's type.  */
2461        frame_unwind_find_by_frame (frame, &frame->prologue_cache);
2462      return frame->unwind->type;
(gdb) bt
#0  get_frame_type (frame=0x0) at frame.c:2458
#1  skip_artificial_frames (frame=0x0) at frame.c:434
#2  0x00000000006b12f1 in frame_unwind_caller_id (next_frame=<optimized out>) at frame.c:501
#3  0x00000000005c5676 in process_event_stop_test (ecs=ecs@entry=0x7ffc8bdca820) at infrun.c:6620
#4  0x00000000005c6d16 in handle_inferior_event_1 (ecs=0x7ffc8bdca820) at infrun.c:4939
#5  handle_inferior_event (ecs=ecs@entry=0x7ffc8bdca820) at infrun.c:5362
#6  0x00000000005c9043 in fetch_inferior_event (client_data=<optimized out>) at infrun.c:3922
#7  0x00000000005e0fc8 in inferior_event_handler (event_type=<optimized out>, client_data=<optimized out>) at inf-loop.c:44
#8  0x00000000005df3cd in gdb_wait_for_event (block=block@entry=0) at event-loop.c:834
#9  0x00000000005df5e0 in gdb_do_one_event () at event-loop.c:298
#10 0x00000000005df68e in start_event_loop () at event-loop.c:347
#11 0x00000000005d92e3 in captured_command_loop (data=data@entry=0x0) at main.c:318
Comment 1 Markus Metzger 2016-03-17 07:37:31 UTC
This was fixed on master by 33b4777ca1b7b456af8201b98eda27d1b272cbab.  I'm backporting the fix to the 7.11 branch.
Comment 2 cvs-commit@gcc.gnu.org 2016-03-17 10:49:47 UTC
The gdb-7.11-branch branch has been updated by Markus Metzger <mmetzger@sourceware.org>:


commit 2ef34d11f61d79dcb152713aa059051d8cd3295d
Author: Markus Metzger <markus.t.metzger@intel.com>
Date:   Fri Feb 5 09:32:53 2016 +0100

    btrace: fix PR gdb/19829
    This is a backport of
    33b4777ca1b7 btrace, frame: fix crash in get_frame_type
    a038fa3e14a4 stack: check frame_unwind_caller_id
    2f3ef606b912 frame: add skip_tailcall_frames
    In skip_artificial_frames we repeatedly call get_prev_frame_always until we get
    a non-inline and non-tailcall frame assuming that there must be such a frame
    For record targets, however, we may have a frame chain that consists only of
    artificial frames.  This leads to a crash in get_frame_type when dereferencing a
    NULL frame pointer.
    Change skip_artificial_frames and skip_tailcall_frames to return NULL in such a
    case and modify each caller to cope with a NULL return.
    In frame_unwind_caller_pc and frame_unwind_caller_arch, we simply assert that
    the returned value is not NULL.  Their caller was supposed to check
    frame_unwind_caller_id before calling those functions.
    In other cases, we thrown an error.
    In infcmd further move the skip_tailcall_frames call to the forward-stepping
    case since we don't need a frame for reverse execution and we don't want to fail
    because of that.  Reverse-finish does make sense for a tailcall frame.
    	* frame.h (skip_tailcall_frames): New.
    	* infcmd.c (finish_command): Call skip_tailcall_frames.
    	* frame.c (skip_artificial_frames): Return NULL if only artificial frames
    	are found.  Update comment.
    	(frame_pop): Call skip_tailcall_frames.
    	(frame_unwind_caller_id): Handle NULL return.
    	(frame_unwind_caller_pc, frame_unwind_caller_arch): Assert that
    	skip_artificial_frames does not return NULL.
    	(frame_pop): Add an error if only tailcall frames are found.
    	* infcmd.c (finish_command): Move skip_tailcall_frames call into forward-
    	execution case.  Add an error if only tailcall frames are found.
    	* stack.c (frame_info): Check frame_unwind_caller_id.
    	* gdb.btrace/tailcall-only.exp: New.
    	* gdb.btrace/tailcall-only.c: New.
    	* gdb.btrace/x86_64-tailcall-only.S: New.
    	* gdb.btrace/i686-tailcall-only.S: New.
Comment 3 Markus Metzger 2016-03-17 11:32:17 UTC
Fixed by 2ef34d11f61d btrace: fix PR gdb/19829.