Bug 31478 - GDB crashes when corrupted debuginfo
Summary: GDB crashes when corrupted debuginfo
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: symtab (show other bugs)
Version: 14.1
: P2 normal
Target Milestone: 15.1
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks: 29366
  Show dependency treegraph
 
Reported: 2024-03-12 19:38 UTC by Dāvis Mosāns
Modified: 2024-09-24 08:50 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed: 2024-03-14 00:00:00


Attachments
crash backtrace (30.39 KB, text/plain)
2024-03-12 19:38 UTC, Dāvis Mosāns
Details
Crashing debuginfo (3.11 MB, application/octet-stream)
2024-03-13 10:12 UTC, Dāvis Mosāns
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dāvis Mosāns 2024-03-12 19:38:17 UTC
Created attachment 15401 [details]
crash backtrace

While trying to debug a program with GDB, it was downloading debug symbols (`debuginfod enabled`), then I ran out of disk space and this probably corrupted those because now every time I try to debug it crashes gdb.

```
$ gdb program
Reading symbols from program...
Reading symbols from ~/.cache/debuginfod_client/xxx/debuginfo...
(gdb) run
Starting program: program


Fatal signal: Segmentation fault
----- Backtrace -----


Fatal signal: Segmentation fault
----- Backtrace -----


Fatal signal: Segmentation fault
----- Backtrace -----
0x649e00abd3cb ???
0x649e00bd9e2d ???
0x649e00bda02b ???
0x7b693565a76f ???
0x649e00bbe766 ???
0x649e00bbf06f ???
0x649e00bbf4e5 ???
0x649e00fd8843 ???
0x649e00b9d954 ???
0x649e00bc301b ???
0x649e00bd35ad ???
0x649e00b508dc ???
0x7b69356ae6ae ???
0x649e00bcdc72 ???
0x649e00b508dc ???
0x7b69356ae6ae ???
0x649e00bcd3c1 ???
0x649e00fc3aeb ???
'gdb program' terminated by signal SIGSEGV (Address boundary error)
```

```
Thread 1 (Thread 0x7b69160006c0 (LWP 1036253)):
#0  0x0000649e00fc4947 in backtrace_free_locked.part.0.lto_priv.0 (state=0x7b69366fa000, addr=0x7b692809cf70, size=26) at ../libbacktrace/../../libbacktrace/mmap.c:92
#1  0x0000649e00ffe666 in backtrace_free_locked (size=<optimized out>, addr=<optimized out>, state=<optimized out>) at ../libbacktrace/../../libbacktrace/mmap.c:226
#2  backtrace_free.isra.0 (state=0x7b69366fa000, addr=0x7b692809cf70, size=26, data=<optimized out>, error_callback=<optimized out>) at ../libbacktrace/../../libbacktrace/mmap.c:233
#3  0x0000649e00fc4eb6 in elf_try_debugfile (state=state@entry=0x7b69366fa000, prefix=prefix@entry=0x7b6928060f80 "/usr/bin/gdb", prefix_len=prefix_len@entry=9, prefix2=prefix2@entry=0x649e010be634 ".debug/", prefix2_len=prefix2_len@entry=7, debuglink_name=debuglink_name@entry=0x7b69280a3400 "gdb.debug", error_callback=0x649e00abb990 <libbacktrace_error(void*, char const*, int)>, data=0x0) at ../libbacktrace/../../libbacktrace/elf.c:941
#4  0x0000649e00fc5186 in elf_find_debugfile_by_debuglink (state=state@entry=0x7b69366fa000, filename=<optimized out>, filename@entry=0x649e010be7b5 "/proc/self/exe", debuglink_name=debuglink_name@entry=0x7b69280a3400 "gdb.debug", error_callback=error_callback@entry=0x649e00abb990 <libbacktrace_error(void*, char const*, int)>, data=data@entry=0x0) at ../libbacktrace/../../libbacktrace/elf.c:1038
#5  0x0000649e00fc8ee6 in elf_open_debugfile_by_debuglink (data=0x0, error_callback=0x649e00abb990 <libbacktrace_error(void*, char const*, int)>, debuglink_crc=1073138330, debuglink_name=0x7b69280a3400 "gdb.debug", filename=0x649e010be7b5 "/proc/self/exe", state=0x7b69366fa000) at ../libbacktrace/../../libbacktrace/elf.c:1075
#6  elf_add (state=0x7b69366fa000, filename=filename@entry=0x649e010be7b5 "/proc/self/exe", descriptor=22, memory=memory@entry=0x0, memory_size=memory_size@entry=0, base_address=110629777797120, error_callback=0x649e00abb990 <libbacktrace_error(void*, char const*, int)>, data=0x0, fileline_fn=0x7b68c0001fe0, found_sym=0x7b68c0002110, found_dwarf=0x7b68c0001fd8, fileline_entry=0x0, exe=0, debuginfo=0, with_buildid_data=0x0, with_buildid_size=0) at ../libbacktrace/../../libbacktrace/elf.c:4461
#7  0x0000649e00fcb13e in phdr_callback (info=info@entry=0x7b68c0002040, size=size@entry=64, pdata=pdata@entry=0x7b68c0002120) at ../libbacktrace/../../libbacktrace/elf.c:4848
#8  0x00007b6935771868 in __GI___dl_iterate_phdr (callback=0x649e00fcb0c0 <phdr_callback(dl_phdr_info*, size_t, void*)>, data=0x7b68c0002120) at dl-iteratephdr.c:74
#9  0x0000649e00fcaec8 in backtrace_initialize (fileline_fn=<synthetic pointer>, data=<optimized out>, error_callback=0x649e00abb990 <libbacktrace_error(void*, char const*, int)>, descriptor=22, filename=<optimized out>, state=0x7b69366fa000) at ../libbacktrace/../../libbacktrace/elf.c:4892
#10 fileline_initialize (data=<optimized out>, error_callback=0x649e00abb990 <libbacktrace_error(void*, char const*, int)>, state=0x7b69366fa000) at ../libbacktrace/../../libbacktrace/fileline.c:261
#11 backtrace_pcinfo (data=<optimized out>, error_callback=0x649e00abb990 <libbacktrace_error(void*, char const*, int)>, callback=<optimized out>, pc=<optimized out>, state=0x7b69366fa000) at ../libbacktrace/../../libbacktrace/fileline.c:295
#12 unwind (context=<optimized out>, vdata=0x7b68c0002420) at ../libbacktrace/../../libbacktrace/backtrace.c:91
#13 0x00007b69363a336d in _Unwind_Backtrace (trace=0x649e00fcac60 <unwind(_Unwind_Context*, void*)>, trace_argument=0x7b68c0002420) at /usr/src/debug/gcc/gcc/libgcc/unwind.inc:309
#14 0x0000649e00ffe5d4 in backtrace_full.constprop.0.isra.0 (state=0x7b69366fa000, data=0x0, error_callback=<optimized out>, callback=<optimized out>, skip=0) at ../libbacktrace/../../libbacktrace/backtrace.c:127
#15 0x0000649e00abd3cc in gdb_internal_backtrace_1 () at ../../gdb/bt-utils.c:122
#16 gdb_internal_backtrace () at ../../gdb/bt-utils.c:168
#17 gdb_internal_backtrace () at ../../gdb/bt-utils.c:154
#18 0x0000649e00bd9e2e in handle_fatal_signal (sig=sig@entry=11) at ../../gdb/event-top.c:889
#19 0x0000649e00bda02c in handle_sigsegv (sig=11) at ../../gdb/event-top.c:962
#20 <signal handler called>
#21 0x0000649e00bbe766 in cooked_indexer::scan_attributes (this=this@entry=0x7b6915fff220, scanning_per_cu=scanning_per_cu@entry=0x649e02729d10, reader=reader@entry=0x7b68c01246d0, watermark_ptr=0x7b68e9dfca28 "", info_ptr=0x7b68e9dfca28 "", abbrev=0x0, name=0x7b6915fff110, linkage_name=0x7b6915fff108, flags=0x7b6915fff0e7, sibling_offset=0x0, parent_entry=0x7b6915fff0f0, maybe_defer=0x7b6915fff100, for_specification=true) at ../../gdb/dwarf2/read.c:16193
#22 0x0000649e00bbf070 in cooked_indexer::scan_attributes (this=this@entry=0x7b6915fff220, scanning_per_cu=<optimized out>, reader=reader@entry=0x7b6915fff260, watermark_ptr=<optimized out>, info_ptr=0x7b68e9ccc3aa "\r", abbrev=abbrev@entry=0x7b68c00706f0, name=<optimized out>, linkage_name=<optimized out>, flags=<optimized out>, sibling_offset=<optimized out>, parent_entry=<optimized out>, maybe_defer=<optimized out>, for_specification=<optimized out>) at ../../gdb/dwarf2/read.c:16374
#23 0x0000649e00bbf4e6 in cooked_indexer::index_dies (this=<optimized out>, reader=0x7b6915fff260, info_ptr=<optimized out>, parent_entry=0x0, fully=false) at ../../gdb/dwarf2/read.c:16528
#24 0x0000649e00fd8844 in cooked_indexer::make_index (reader=0x7b6915fff260, this=0x7b6915fff220) at ../../gdb/dwarf2/read.c:16651
#25 cooked_indexer::make_index(cutu_reader*) [clone .constprop.0] (this=0x7b6915fff220, reader=0x7b6915fff260) at ../../gdb/dwarf2/read.c:16645
#26 0x0000649e00b9d955 in process_psymtab_comp_unit (storage=0x7b6915fff1f0, per_objfile=<optimized out>, this_cu=0x649e02729d10) at ../../gdb/dwarf2/read.c:4851
#27 operator() (__closure=0x649e12737e80, iter=std::unique_ptr<dwarf2_per_cu_data> = {...}, end=std::unique_ptr<dwarf2_per_cu_data> = {...}) at ../../gdb/dwarf2/read.c:5144
#28 0x0000649e00bc301c in operator() (__closure=<optimized out>) at ../../gdb/../gdbsupport/parallel-for.h:273
#29 std::__invoke_impl<std::pair<std::unique_ptr<cooked_index_shard>, std::vector<gdb_exception> >, gdb::parallel_for_each<__gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, dwarf2_build_psymtabs_hard(dwarf2_per_objfile*)::<lambda(iter_type, iter_type)> >(unsigned int, __gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, __gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, dwarf2_build_psymtabs_hard(dwarf2_per_objfile*)::<lambda(iter_type, iter_type)>, function_view<long unsigned int(__gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >)>)::<lambda()>&> (__f=...) at /usr/include/c++/13.2.1/bits/invoke.h:61
#30 std::__invoke_r<std::pair<std::unique_ptr<cooked_index_shard>, std::vector<gdb_exception> >, gdb::parallel_for_each<__gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, dwarf2_build_psymtabs_hard(dwarf2_per_objfile*)::<lambda(iter_type, iter_type)> >(unsigned int, __gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, __gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, dwarf2_build_psymtabs_hard(dwarf2_per_objfile*)::<lambda(iter_type, iter_type)>, function_view<long unsigned int(__gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >)>)::<lambda()>&> (__fn=...) at /usr/include/c++/13.2.1/bits/invoke.h:116
#31 std::_Function_handler<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > >(), gdb::parallel_for_each<__gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, dwarf2_build_psymtabs_hard(dwarf2_per_objfile*)::<lambda(iter_type, iter_type)> >(unsigned int, __gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, __gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >, dwarf2_build_psymtabs_hard(dwarf2_per_objfile*)::<lambda(iter_type, iter_type)>, function_view<long unsigned int(__gnu_cxx::__normal_iterator<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter>*, std::vector<std::unique_ptr<dwarf2_per_cu_data, dwarf2_per_cu_data_deleter> > >)>)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/13.2.1/bits/std_function.h:291
#32 0x0000649e00bd35ae in std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::operator()() const (this=<optimized out>) at /usr/include/c++/13.2.1/bits/std_function.h:591
#33 std::__invoke_impl<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > >, std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&>(std::__invoke_other, std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&) (__f=...) at /usr/include/c++/13.2.1/bits/invoke.h:61
#34 std::__invoke_r<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > >, std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&>(std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&) (__fn=...) at /usr/include/c++/13.2.1/bits/invoke.h:116
#35 std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run()::{lambda()#1}::operator()() const (__closure=<optimized out>) at /usr/include/c++/13.2.1/future:1492
#36 std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run()::{lambda()#1}, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >::operator()() const (this=<optimized out>) at /usr/include/c++/13.2.1/future:1409
#37 std::__invoke_impl<std::unique_ptr<std::__future_base::_Result<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run()::{lambda()#1}, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >&>(std::__invoke_other, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run()::{lambda()#1}, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >&) (__f=...) at /usr/include/c++/13.2.1/bits/invoke.h:61
#38 std::__invoke_r<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run()::{lambda()#1}, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >&>(std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run()::{lambda()#1}, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >&) (__fn=...) at /usr/include/c++/13.2.1/bits/invoke.h:116
#39 std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > >, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run()::{lambda()#1}, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > > >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/13.2.1/bits/std_function.h:291
#40 0x0000649e00b508dd in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const (this=<optimized out>) at /usr/include/c++/13.2.1/bits/std_function.h:591
#41 std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) (this=0x649e0288b100, __f=<optimized out>, __did_set=0x7b6915fff42f) at /usr/include/c++/13.2.1/future:589
#42 0x00007b69356ae6af in __pthread_once_slow (once_control=0x649e0288b118, init_routine=0x7b69358e0230 <std::__once_proxy()>) at pthread_once.c:116
#43 0x0000649e00bcdc73 in __gthread_once (__func=<optimized out>, __once=0x649e0288b118) at /usr/include/c++/13.2.1/x86_64-pc-linux-gnu/bits/gthr-default.h:700
#44 std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) (__f=@0x7b6915fff450: (void (std::__future_base::_State_baseV2::*)(class std::__future_base::_State_baseV2 * const, class std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter>()> *, bool *)) 0x649e00b508b0 <std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>, __once=...) at /usr/include/c++/13.2.1/mutex:907
#45 std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) (__ignore_failure=false, __res=..., this=0x649e0288b100) at /usr/include/c++/13.2.1/future:428
#46 std::__future_base::_Task_state<std::function<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::_M_run() (this=0x649e0288b100) at /usr/include/c++/13.2.1/future:1494
#47 std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>::operator()() (this=<optimized out>) at /usr/include/c++/13.2.1/future:1628
#48 std::__invoke_impl<void, std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&>(std::__invoke_other, std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&) (__f=...) at /usr/include/c++/13.2.1/bits/invoke.h:61
#49 std::__invoke_r<void, std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&>(std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>&) (__fn=...) at /usr/include/c++/13.2.1/bits/invoke.h:111
#50 std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}::operator()() const (__closure=<optimized out>) at /usr/include/c++/13.2.1/future:1491
#51 std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}, void>::operator()() const (this=0x7b6915fff5e0) at /usr/include/c++/13.2.1/future:1432
#52 std::__invoke_impl<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}, void>&>(std::__invoke_other, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}, void>&) (__f=...) at /usr/include/c++/13.2.1/bits/invoke.h:61
#53 std::__invoke_r<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}, void>&>(std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}, void>&) (__fn=...) at /usr/include/c++/13.2.1/bits/invoke.h:116
#54 std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}, void> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/13.2.1/bits/std_function.h:291
#55 0x0000649e00b508dd in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const (this=<optimized out>) at /usr/include/c++/13.2.1/bits/std_function.h:591
#56 std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) (this=0x649e03c09bf0, __f=<optimized out>, __did_set=0x7b6915fff58f) at /usr/include/c++/13.2.1/future:589
#57 0x00007b69356ae6af in __pthread_once_slow (once_control=0x649e03c09c08, init_routine=0x7b69358e0230 <std::__once_proxy()>) at pthread_once.c:116
#58 0x0000649e00bcd3c2 in __gthread_once (__func=<optimized out>, __once=<optimized out>) at /usr/include/c++/13.2.1/x86_64-pc-linux-gnu/bits/gthr-default.h:700
#59 std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) (__f=@0x7b6915fff5b0: (void (std::__future_base::_State_baseV2::*)(class std::__future_base::_State_baseV2 * const, class std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter>()> *, bool *)) 0x649e00b508b0 <std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>, __once=...) at /usr/include/c++/13.2.1/mutex:907
#60 std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) (__ignore_failure=false, __res=..., this=<optimized out>) at /usr/include/c++/13.2.1/future:428
#61 std::__future_base::_Task_state<std::packaged_task<std::pair<std::unique_ptr<cooked_index_shard, std::default_delete<cooked_index_shard> >, std::vector<gdb_exception, std::allocator<gdb_exception> > > ()>, std::allocator<int>, void ()>::_M_run() (this=0x649e03c09bf0) at /usr/include/c++/13.2.1/future:1494
#62 0x0000649e00fc3aec in std::packaged_task<void ()>::operator()() (this=0x7b6915fff670) at /usr/include/c++/13.2.1/future:1628
#63 gdb::thread_pool::thread_function (this=0x649e022f2910) at ../gdbsupport/../../gdbsupport/thread-pool.cc:242
#64 0x00007b69358e1943 in std::execute_native_thread_routine (__p=0x649e023758a0) at /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104
#65 0x00007b69356a955a in start_thread (arg=<optimized out>) at pthread_create.c:447
#66 0x00007b6935726a3c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
```

```
Dump of assembler code for function backtrace_free_locked.part.0.lto_priv.0:
   0x0000649e00fc4910 <+0>:     endbr64
   0x0000649e00fc4914 <+4>:     mov    r11,QWORD PTR [rdi+0x40]
   0x0000649e00fc4918 <+8>:     test   r11,r11
   0x0000649e00fc491b <+11>:    je     0x649e00fc49c1 <backtrace_free_locked.part.0.lto_priv.0+177>
   0x0000649e00fc4921 <+17>:    mov    rax,QWORD PTR [r11]
   0x0000649e00fc4924 <+20>:    xor    ecx,ecx
   0x0000649e00fc4926 <+22>:    lea    r10,[rdi+0x40]
   0x0000649e00fc492a <+26>:    mov    r8,r11
   0x0000649e00fc492d <+29>:    add    rcx,0x1
   0x0000649e00fc4931 <+33>:    test   rax,rax
   0x0000649e00fc4934 <+36>:    je     0x649e00fc49a8 <backtrace_free_locked.part.0.lto_priv.0+152>
   0x0000649e00fc4936 <+38>:    push   rbx
   0x0000649e00fc4937 <+39>:    nop    WORD PTR [rax+rax*1+0x0]
   0x0000649e00fc4940 <+48>:    mov    r9,QWORD PTR [r10]
   0x0000649e00fc4943 <+51>:    mov    rbx,QWORD PTR [r9+0x8]
=> 0x0000649e00fc4947 <+55>:    cmp    QWORD PTR [rax+0x8],rbx
   0x0000649e00fc494b <+59>:    jb     0x649e00fc4988 <backtrace_free_locked.part.0.lto_priv.0+120>
   0x0000649e00fc494d <+61>:    mov    r8,rax
```

```
rax            0x6e69622f7273752f  7955998172649846063
rbx            0xe80               3712
rcx            0x2                 2
rdx            0x1a                26
rsi            0x7b692809cf70      135691573514096
rdi            0x7b69366fa000      135691815067648
rbp            0x1a                0x1a
rsp            0x7b68c00014e0      0x7b68c00014e0
r8             0x7b692809cf70      135691573514096
r9             0x7b69280a6180      135691573551488
r10            0x7b69366fa040      135691815067712
r11            0x7b69280a6180      135691573551488
r12            0x7b692809cf70      135691573514096
r13            0x7                 7
r14            0x10                16
r15            0x19                25
rip            0x649e00fc4947      0x649e00fc4947 <backtrace_free_locked.part.0.lto_priv.0+55>
eflags         0x10202             [ IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
fs_base        0x7b69160006c0      135691270883008
gs_base        0x0                 0
```

```
(gdb) x $rax+0x8
0x6e69622f72737537:     Cannot access memory at address 0x6e69622f72737537
```

I can workaround this crash by disabling `debuginfod` or deleting `~/.cache/debuginfod_client`

This crash was with gcc 13.2.1 20230801

I don't really know how to reproduce it but basically you need corrupted debuginfo files.

Maybe can try repeat this with limited disk space for debuginfo.
Comment 1 Dāvis Mosāns 2024-03-12 20:00:27 UTC
Opps I wrote gcc, but I meant gdb 14.2
Comment 2 Aaron Merey 2024-03-12 22:40:56 UTC
libdebuginfod or one of its dependencies might be mishandling or not checking for ENOMEM or some other error.  

This may be difficult to reproduce.  Do you have an environment set up where 'gdb program' with debuginfod enabled reliably crashes when ~/.cache/debuginfod_client is removed?

On the gdb side it looks like the crash happens when attempting to dereference a NULL abbrev_info ptr in cooked_indexer::scan_attributes.  gdb should instead return early from this function when this ptr is NULL.
Comment 3 Dāvis Mosāns 2024-03-13 10:12:11 UTC
Created attachment 15402 [details]
Crashing debuginfo

(In reply to Aaron Merey from comment #2)
> This may be difficult to reproduce.  Do you have an environment set up where
> 'gdb program' with debuginfod enabled reliably crashes when
> ~/.cache/debuginfod_client is removed?

No it doesn't crash if I remove `~/.cache/debuginfod_client` because issue is purely with some corrupted file there.

I now narrowed it down to ~/.cache/debuginfod_client/c0b747f77ce7222a94ecae5e362d140fb5432461/debuginfo
(attached here)

I'm not sure if you can reproduce crash since it probably depends on exact program/libraries but you can try using Arch Linux, copying given debuginfo file and then running
> DEBUGINFOD_URLS=https://debuginfod.archlinux.org gdb konsole -ex "set debuginfod enabled on" -ex "run"

konsole is from KDE (pacman -S konsole)
Comment 4 Tom Tromey 2024-03-13 15:49:21 UTC
IMO there's probably two bugs here: debuginfod should
delete files in cases like this, but also the DWARF
scanner shouldn't crash.
Comment 5 Dāvis Mosāns 2024-03-13 18:53:55 UTC
I have some other corrupted files aswell but those don't crash gdb.
It just outputs bunch of

> Dwarf Error: wrong version in compilation unit header (is 0, should be 2, 3, 4 or 5) [in module ~/.cache/debuginfod_client/xxx/debuginfo]
Comment 6 Tom Tromey 2024-03-13 19:30:59 UTC
(In reply to Dāvis Mosāns from comment #5)
> I have some other corrupted files aswell but those don't crash gdb.
> It just outputs bunch of
> 
> > Dwarf Error: wrong version in compilation unit header (is 0, should be 2, 3, 4 or 5) [in module ~/.cache/debuginfod_client/xxx/debuginfo]

This is fine unless gdb is incorrect in saying so.
The main thing with corrupted files is not to crash or
have bad behavior.  Ignoring the damage and continuing on
is what should happen.
Comment 7 Aaron Merey 2024-03-13 20:20:43 UTC
I posted a gdb patch to fix this crash: https://sourceware.org/pipermail/gdb-patches/2024-March/207250.html

I also filed an elfutils bug for this issue: https://sourceware.org/bugzilla/show_bug.cgi?id=31480
Comment 8 Dāvis Mosāns 2024-03-13 21:49:23 UTC
Awesome!

But note it wasn't due to low RAM but due to running out of disk space. That could be classified as bug since probably shouldn't leave half-written files on disk.
Comment 9 Simon Marchi 2024-03-14 01:25:55 UTC
I'm on Arch too, I was able to reproduce the crash with the following steps:

 - install the kstatusnotifieritem package version 6.0.0-2
 - copy the attached debuginfo file at ~/.cache/debuginfod_client/c0b747f77ce7222a94ecae5e362d140fb5432461/debuginfo
 - run `gdb /usr/lib/libKF6StatusNotifierItem.so.6.0.0` and answer yes when asked if I want to use debuginfod

I guess that it should be possible to reproduce on other distros too by downloading the package [1] and extracting the so file.

[1] https://archive.archlinux.org/packages/k/kstatusnotifieritem/kstatusnotifieritem-6.0.0-2-x86_64.pkg.tar.zst
Comment 10 Tom Tromey 2024-03-14 13:10:52 UTC
(In reply to Simon Marchi from comment #9)

> I guess that it should be possible to reproduce on other distros too by
> downloading the package [1] and extracting the so file.

For me just running gdb on the file was enough.
Comment 11 Sourceware Commits 2024-08-23 20:22:00 UTC
The master branch has been updated by Aaron Merey <amerey@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa35682ce5937c9fb9d936a29ef260b9916c8487

commit aa35682ce5937c9fb9d936a29ef260b9916c8487
Author: Aaron Merey <amerey@redhat.com>
Date:   Wed Mar 13 16:18:27 2024 -0400

    gdb/dwarf2: Check for null abbrev_info ptr
    
    A corrupt debuginfo file can result in a null abbrev_info pointer
    being passed to cooked_indexer::scan_attributes.  This pointer
    is set to nullptr by peek_die_abbrev when an abbrev of 0 is found.
    
    There is no check for whether the abbrev pointer is null and
    SIGSEGV occurs when attempting to dereference the pointer.
    
    An abbrev of 0 normally indicates that the corresponding DIE is a
    null entry, but scan_attributes expects a non-null DIE.
    
    Fix this by throwing an error in cooked_indexer::scan_attributes
    when peek_die_abbrev returns a nullptr in order to avoid
    scan_attributes calling itself with a null abbrev.
    
    Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31478
    Co-authored-by: Tom de Vries <tdevries@suse.de>
    Approved-By: Tom Tromey <tom@tromey.com>
Comment 12 Tom Tromey 2024-08-24 19:15:29 UTC
I think this is fixed now.
Comment 13 Sourceware Commits 2024-09-24 08:50:38 UTC
The master branch has been updated by Tom de Vries <vries@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6848938272157eb6532c189d6fcebec9d2dc33e8

commit 6848938272157eb6532c189d6fcebec9d2dc33e8
Author: Tom de Vries <tdevries@suse.de>
Date:   Tue Sep 24 10:50:44 2024 +0200

    [gdb/symtab] Fix segfault on invalid debug info
    
    While looking at PR symtab/31478 (a problem in the cooked indexer with invalid
    dwarf) it occurred to me that I could trigger a similar problem using:
    ...
      Compilation Unit @ offset 0xb2:
       Length:        0x1f (32-bit)
       Version:       4
       Abbrev Offset: 0x6c
       Pointer Size:  8
     <0><bd>: Abbrev Number: 1 (DW_TAG_compile_unit)
        <be>   DW_AT_language    : 2        (non-ANSI C)
     <1><bf>: Abbrev Number: 2 (DW_TAG_subprogram)
        <c0>   DW_AT_low_pc      : 0x4004a7
        <c8>   DW_AT_high_pc     : 0x4004b2
        <d0>   DW_AT_specification: <0xd5>
     <1><d4>: Abbrev Number: 0
      Compilation Unit @ offset 0xd5:
       Length:        0x7 (32-bit)
       Version:       4
       Abbrev Offset: 0x7f
       Pointer Size:  8
    ...
    and indeed I get:
    ...
    $ gdb -q -batch outputs/gdb.dwarf2/dw2-inter-cu-error-2/dw2-inter-cu-error-2
    
    Fatal signal: Segmentation fault
    ...
    
    The problem is that we're calling prepare_one_comp_unit with cu == nullptr and
    comp_unit_die == nullptr here in cooked_indexer::ensure_cu_exists:
    ...
          cutu_reader new_reader (per_cu, per_objfile, nullptr, nullptr, false,
                                  m_index_storage->get_abbrev_cache ());
    
          prepare_one_comp_unit (new_reader.cu, new_reader.comp_unit_die,
                                 language_minimal);
    ...
    
    Fix this by bailing out for various types of dummy CUs:
    ...
          if (new_reader.dummy_p || new_reader.comp_unit_die == nullptr
              || !new_reader.comp_unit_die->has_children)
            return nullptr;
    ...
    
    Also make sure in scan_attributes that this triggers a dwarf error:
    ...
    $ gdb -q -batch dw2-inter-cu-error-2
    DWARF Error: cannot follow reference to DIE at 0xd5 \
      [in module dw2-inter-cu-error-2]
    ...
    
    With target board readnow, the test-case triggers an assertion failure in
    follow_die_offset, so fix this by throwing the same dwarf error.
    
    While we're at it, make the other check for dummy CUs in
    cooked_indexer::ensure_cu_exists more robust by adding an intermediate test
    for comp_unit_die:
    ...
    -  if (result->dummy_p || !result->comp_unit_die->has_children)
    +  if (result->dummy_p || result->comp_unit_die == nullptr
    +      || !result->comp_unit_die->has_children)
         return nullptr;
    ...
    
    Tested on x86_64-linux.
    
    Approved-By: Tom Tromey <tom@tromey.com>