This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
ASAN crash regression [Re: [PATCH 2/2] move the demangled_names_hash into the per-BFD]
- From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- To: Tom Tromey <tromey at redhat dot com>
- Cc: Pedro Alves <palves at redhat dot com>, gdb-patches at sourceware dot org
- Date: Sun, 15 Jun 2014 09:42:38 +0200
- Subject: ASAN crash regression [Re: [PATCH 2/2] move the demangled_names_hash into the per-BFD]
- Authentication-results: sourceware.org; auth=none
- References: <1376512619-3211-1-git-send-email-tromey at redhat dot com> <1376512619-3211-3-git-send-email-tromey at redhat dot com> <521CEA9F dot 9070003 at redhat dot com> <87li24khkn dot fsf at fleche dot redhat dot com>
On Mon, 07 Oct 2013 21:27:04 +0200, Tom Tromey wrote:
> >> * objfiles.c (free_objfile_per_bfd_storage): Delete the
> >> demangled_names_hash.
> >> (free_objfile): Don't delete the demangled_names_hash.
> >> * objfiles.h (struct objfile_per_bfd_storage)
> >> <demangled_names_hash>: New field.
> >> (struct objfile) <demangled_names_hash>: Move to
> >> objfile_per_bfd_storage.
> >> * symfile.c (reread_symbols): Don't delete the
> >> demangled_names_hash.
> >> * symtab.c (create_demangled_names_hash): Update.
> >> (symbol_set_names): Update.
>
> Pedro> Looks fine to me.
>
> I'm checking this in now.
84a1243b15122dfe6414a4f9bdd82096b37bc625 is the first bad commit
commit 84a1243b15122dfe6414a4f9bdd82096b37bc625
Author: Tom Tromey <tromey@redhat.com>
Date: Mon Oct 7 19:40:38 2013 +0000
move the demangled_names_hash into the per-BFD
./configure ... -fsanitize=address
echo 'void f(){}main(){}'|gcc -x c++ - -g;ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./gdb -batch a.out -ex 'file a.out'
==2077== ERROR: AddressSanitizer: heap-use-after-free on address 0x606200145eb0 at pc 0x7f4e28c4e947 bp 0x7fffb2e2c920 sp 0x7fffb2e2c8e0
READ of size 4 at 0x606200145eb0 thread T0
#0 0x7f4e28c4e946 in __interceptor_strcmp /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_interceptors.cc:399
#1 0x9c274e in eq_demangled_name_entry /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:612
#2 0x1f6e4dc in htab_find_slot_with_hash /home/jkratoch/redhat/gdb-clean-f20/libiberty/./hashtab.c:660
#3 0x1f6e81d in htab_find_slot /home/jkratoch/redhat/gdb-clean-f20/libiberty/./hashtab.c:704
#4 0x9c3992 in symbol_set_names /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:860
#5 0xb82fc9 in new_symbol_full /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:17696
#6 0xb5a90c in read_func_scope /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:11193
#7 0xb49918 in process_die /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:8165
#8 0xb4d245 in read_file_scope /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:9042
#9 0xb498e8 in process_die /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:8158
#10 0xb48577 in process_full_comp_unit /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7941
#11 0xb459aa in process_queue /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7481
#12 0xb2a790 in dw2_do_instantiate_symtab /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:2641
#13 0xb46055 in psymtab_to_symtab_1 /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7570
#14 0xb451ad in dwarf2_read_symtab /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7350
#15 0x9dc416 in psymtab_to_symtab /home/jkratoch/redhat/gdb-clean-f20/gdb/psymtab.c:779
#16 0x9dafea in lookup_symbol_aux_psymtabs /home/jkratoch/redhat/gdb-clean-f20/gdb/psymtab.c:513
#17 0x9c759e in lookup_symbol_aux_quick /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1767
#18 0x9c78d0 in lookup_symbol_global_iterator_cb /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1873
#19 0xaf308f in default_iterate_over_objfiles_in_search_order /home/jkratoch/redhat/gdb-clean-f20/gdb/objfiles.c:1491
#20 0xa8834f in gdbarch_iterate_over_objfiles_in_search_order /home/jkratoch/redhat/gdb-clean-f20/gdb/gdbarch.c:4307
#21 0x9c7b12 in lookup_symbol_global /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1904
#22 0xd00050 in lookup_symbol_file /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:636
#23 0xcfeca0 in cp_lookup_symbol_in_namespace /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:255
#24 0xcfffad in lookup_namespace_scope /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:601
#25 0xcfebfb in cp_lookup_symbol_nonlocal /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:234
#26 0x9c6a69 in lookup_symbol_aux /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1488
#27 0x9c5ccc in lookup_symbol_in_language /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1334
#28 0x9c5d82 in lookup_symbol /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1349
#29 0x9ea09a in set_initial_language /home/jkratoch/redhat/gdb-clean-f20/gdb/symfile.c:1702
#30 0x9e86d3 in symbol_file_add_main_1 /home/jkratoch/redhat/gdb-clean-f20/gdb/symfile.c:1329
#31 0x9e9fc3 in symbol_file_command /home/jkratoch/redhat/gdb-clean-f20/gdb/symfile.c:1669
#32 0xae4323 in file_command /home/jkratoch/redhat/gdb-clean-f20/gdb/exec.c:329
#33 0x7f131e in do_cfunc /home/jkratoch/redhat/gdb-clean-f20/gdb/./cli/cli-decode.c:107
#34 0x7f8d3e in cmd_func /home/jkratoch/redhat/gdb-clean-f20/gdb/./cli/cli-decode.c:1886
#35 0xcc7cc6 in execute_command /home/jkratoch/redhat/gdb-clean-f20/gdb/top.c:461
#36 0xa4e258 in catch_command_errors /home/jkratoch/redhat/gdb-clean-f20/gdb/exceptions.c:551
#37 0xa5a2f3 in captured_main /home/jkratoch/redhat/gdb-clean-f20/gdb/main.c:1073
#38 0xa4e03d in catch_errors /home/jkratoch/redhat/gdb-clean-f20/gdb/exceptions.c:524
#39 0xa5a3a6 in gdb_main /home/jkratoch/redhat/gdb-clean-f20/gdb/main.c:1105
#40 0x49307e in main /home/jkratoch/redhat/gdb-clean-f20/gdb/gdb.c:33
#41 0x3721e21d64 in __libc_start_main (/lib64/libc.so.6+0x3721e21d64)
#42 0x492e48 in _start (/home/jkratoch/redhat/gdb-clean-f20/gdb/gdb+0x492e48)
0x606200145eb0 is located 2992 bytes inside of 4064-byte region [0x606200145300,0x6062001462e0)
freed by thread T0 here:
#0 0x7f4e28c550f9 in __interceptor_free /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:61
#1 0xd53840 in xfree /home/jkratoch/redhat/gdb-clean-f20/gdb/./common/common-utils.c:108
#2 0x3721e84857 in obstack_free (/lib64/libc.so.6+0x3721e84857)
previously allocated by thread T0 here:
#0 0x7f4e28c55219 in __interceptor_malloc /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:71
#1 0xd536f7 in xmalloc /home/jkratoch/redhat/gdb-clean-f20/gdb/./common/common-utils.c:51
#2 0x3721e8477d in __GI__obstack_newchunk (/lib64/libc.so.6+0x3721e8477d)
SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_interceptors.cc:399 __interceptor_strcmp
Shadow bytes around the buggy address:
0x0c0cc0020b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020b90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020ba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020bb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020bc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c0cc0020bd0: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd
0x0c0cc0020be0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020c10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c0cc0020c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==2077== ABORTING