[Bug tui/25283] New: ASan errors when using "layout next"

simark at simark dot ca sourceware-bugzilla@sourceware.org
Sun Dec 15 21:10:00 GMT 2019


https://sourceware.org/bugzilla/show_bug.cgi?id=25283

            Bug ID: 25283
           Summary: ASan errors when using "layout next"
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: tui
          Assignee: unassigned at sourceware dot org
          Reporter: simark at simark dot ca
  Target Milestone: ---

I stumbled on an ASan crash, I suppose due to the recent TUI changes.  There
are two ways of triggering the crash, that give two different backtraces, but I
think they are due to the same root cause.

(1)

$ ./gdb --data-directory=data-directory -batch -ex "layout next"

Gives the following report:

=================================================================
==2775682==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x608000009a20
in thread T0:
  object passed to delete has wrong type:
  size of the allocated type:   88 bytes;
  size of the deallocated type: 24 bytes.
    #0 0x7fdd205cd07e in operator delete(void*, unsigned long)
/build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177
    #1 0x5615d035f00d in
std::default_delete<tui_layout_base>::operator()(tui_layout_base*) const
/usr/include/c++/9.2.0/bits/unique_ptr.h:81
    #2 0x5615d035e328 in std::unique_ptr<tui_layout_base,
std::default_delete<tui_layout_base> >::~unique_ptr()
/usr/include/c++/9.2.0/bits/unique_ptr.h:284
    #3 0x7fdd1f5fb6a6 in __run_exit_handlers (/usr/lib/libc.so.6+0x3e6a6)
    #4 0x7fdd1f5fb85d in __GI_exit (/usr/lib/libc.so.6+0x3e85d)
    #5 0x5615d02a72ac in quit_force(int*, int)
/home/simark/src/binutils-gdb/gdb/top.c:1766
    #6 0x5615cfad429a in captured_main_1
/home/simark/src/binutils-gdb/gdb/main.c:1183
    #7 0x5615cfad4814 in captured_main
/home/simark/src/binutils-gdb/gdb/main.c:1192
    #8 0x5615cfad48a9 in gdb_main(captured_main_args*)
/home/simark/src/binutils-gdb/gdb/main.c:1217
    #9 0x5615cef1d9cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #10 0x7fdd1f5e4152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)
    #11 0x5615cef1d79d in _start
(/home/simark/build/binutils-gdb/gdb/gdb+0x11fb79d)

0x608000009a20 is located 0 bytes inside of 88-byte region
[0x608000009a20,0x608000009a78)
allocated by thread T0 here:
    #0 0x7fdd205cb8f8 in operator new(unsigned long)
/build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:104
    #1 0x5615d0358906 in tui_layout_split::clone() const
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:515
    #2 0x5615d035660e in show_layout
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:90
    #3 0x5615d03567db in tui_set_layout(tui_layout_type)
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:116
    #4 0x5615d038af4f in tui_enable()
/home/simark/src/binutils-gdb/gdb/tui/tui.c:481
    #5 0x5615d0356eb2 in tui_layout_command
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:286
    #6 0x5615cf30169b in do_const_cfunc
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:107
    #7 0x5615cf309859 in cmd_func(cmd_list_element*, char const*, int)
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:1952
    #8 0x5615d02a3455 in execute_command(char const*, int)
/home/simark/src/binutils-gdb/gdb/top.c:652
    #9 0x5615cfad1026 in catch_command_errors
/home/simark/src/binutils-gdb/gdb/main.c:400
    #10 0x5615cfad41f2 in captured_main_1
/home/simark/src/binutils-gdb/gdb/main.c:1167
    #11 0x5615cfad4814 in captured_main
/home/simark/src/binutils-gdb/gdb/main.c:1192
    #12 0x5615cfad48a9 in gdb_main(captured_main_args*)
/home/simark/src/binutils-gdb/gdb/main.c:1217
    #13 0x5615cef1d9cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #14 0x7fdd1f5e4152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)

SUMMARY: AddressSanitizer: new-delete-type-mismatch
/build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177 in operator
delete(void*, unsigned long)
==2775682==HINT: if you don't care about these errors you may set
ASAN_OPTIONS=new_delete_type_mismatch=0
==2775682==ABORTING

(2)

Just start GDB with:

$ ./gdb --data-directory=data-directory

Then type "layout next" twice (type "layout next" and press enter twice).  It
gives the following report:

=================================================================
==2776313==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x608000009aa0
in thread T0:
  object passed to delete has wrong type:
  size of the allocated type:   88 bytes;
  size of the deallocated type: 24 bytes.
    #0 0x7f28f66e607e in operator delete(void*, unsigned long)
/build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177
    #1 0x55e816cdb00d in
std::default_delete<tui_layout_base>::operator()(tui_layout_base*) const
/usr/include/c++/9.2.0/bits/unique_ptr.h:81
    #2 0x55e816cdb142 in std::unique_ptr<tui_layout_base,
std::default_delete<tui_layout_base> >::reset(tui_layout_base*)
/usr/include/c++/9.2.0/bits/unique_ptr.h:394
    #3 0x55e816cda3a5 in std::unique_ptr<tui_layout_base,
std::default_delete<tui_layout_base>
>::operator=(std::unique_ptr<tui_layout_base,
std::default_delete<tui_layout_base> >&&)
/usr/include/c++/9.2.0/bits/unique_ptr.h:299
    #4 0x55e816cd2622 in show_layout
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:90
    #5 0x55e816cd27db in tui_set_layout(tui_layout_type)
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:116
    #6 0x55e816cd2ebc in tui_layout_command
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:287
    #7 0x55e815c7d69b in do_const_cfunc
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:107
    #8 0x55e815c85859 in cmd_func(cmd_list_element*, char const*, int)
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:1952
    #9 0x55e816c1f455 in execute_command(char const*, int)
/home/simark/src/binutils-gdb/gdb/top.c:652
    #10 0x55e816041ee1 in command_handler(char const*)
/home/simark/src/binutils-gdb/gdb/event-top.c:587
    #11 0x55e816042804 in command_line_handler(std::unique_ptr<char,
gdb::xfree_deleter<char> >&&) /home/simark/src/binutils-gdb/gdb/event-top.c:772
    #12 0x55e816040a85 in gdb_rl_callback_handler
/home/simark/src/binutils-gdb/gdb/event-top.c:218
    #13 0x55e816eeb9a5 in rl_callback_read_char
/home/simark/src/binutils-gdb/readline/readline/callback.c:281
    #14 0x55e8160405df in gdb_rl_callback_read_char_wrapper_noexcept
/home/simark/src/binutils-gdb/gdb/event-top.c:176
    #15 0x55e8160407e3 in gdb_rl_callback_read_char_wrapper
/home/simark/src/binutils-gdb/gdb/event-top.c:193
    #16 0x55e816041a88 in stdin_event_handler(int, void*)
/home/simark/src/binutils-gdb/gdb/event-top.c:515
    #17 0x55e81603c1e5 in handle_file_event
/home/simark/src/binutils-gdb/gdb/event-loop.c:731
    #18 0x55e81603ca7d in gdb_wait_for_event
/home/simark/src/binutils-gdb/gdb/event-loop.c:857
    #19 0x55e81603a8aa in gdb_do_one_event()
/home/simark/src/binutils-gdb/gdb/event-loop.c:346
    #20 0x55e81603a8d9 in start_event_loop()
/home/simark/src/binutils-gdb/gdb/event-loop.c:370
    #21 0x55e81644ce94 in captured_command_loop
/home/simark/src/binutils-gdb/gdb/main.c:359
    #22 0x55e816450819 in captured_main
/home/simark/src/binutils-gdb/gdb/main.c:1202
    #23 0x55e8164508a9 in gdb_main(captured_main_args*)
/home/simark/src/binutils-gdb/gdb/main.c:1217
    #24 0x55e8158999cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #25 0x7f28f56fd152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)
    #26 0x55e81589979d in _start
(/home/simark/build/binutils-gdb/gdb/gdb+0x11fb79d)

0x608000009aa0 is located 0 bytes inside of 88-byte region
[0x608000009aa0,0x608000009af8)
allocated by thread T0 here:
    #0 0x7f28f66e48f8 in operator new(unsigned long)
/build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:104
    #1 0x55e816cd4906 in tui_layout_split::clone() const
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:515
    #2 0x55e816cd260e in show_layout
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:90
    #3 0x55e816cd27db in tui_set_layout(tui_layout_type)
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:116
    #4 0x55e816d06f4f in tui_enable()
/home/simark/src/binutils-gdb/gdb/tui/tui.c:481
    #5 0x55e816cd2eb2 in tui_layout_command
/home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:286
    #6 0x55e815c7d69b in do_const_cfunc
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:107
    #7 0x55e815c85859 in cmd_func(cmd_list_element*, char const*, int)
/home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:1952
    #8 0x55e816c1f455 in execute_command(char const*, int)
/home/simark/src/binutils-gdb/gdb/top.c:652
    #9 0x55e816041ee1 in command_handler(char const*)
/home/simark/src/binutils-gdb/gdb/event-top.c:587
    #10 0x55e816042804 in command_line_handler(std::unique_ptr<char,
gdb::xfree_deleter<char> >&&) /home/simark/src/binutils-gdb/gdb/event-top.c:772
    #11 0x55e816040a85 in gdb_rl_callback_handler
/home/simark/src/binutils-gdb/gdb/event-top.c:218
    #12 0x55e816eeb9a5 in rl_callback_read_char
/home/simark/src/binutils-gdb/readline/readline/callback.c:281
    #13 0x55e8160405df in gdb_rl_callback_read_char_wrapper_noexcept
/home/simark/src/binutils-gdb/gdb/event-top.c:176
    #14 0x55e8160407e3 in gdb_rl_callback_read_char_wrapper
/home/simark/src/binutils-gdb/gdb/event-top.c:193
    #15 0x55e816041a88 in stdin_event_handler(int, void*)
/home/simark/src/binutils-gdb/gdb/event-top.c:515
    #16 0x55e81603c1e5 in handle_file_event
/home/simark/src/binutils-gdb/gdb/event-loop.c:731
    #17 0x55e81603ca7d in gdb_wait_for_event
/home/simark/src/binutils-gdb/gdb/event-loop.c:857
    #18 0x55e81603a8aa in gdb_do_one_event()
/home/simark/src/binutils-gdb/gdb/event-loop.c:346
    #19 0x55e81603a8d9 in start_event_loop()
/home/simark/src/binutils-gdb/gdb/event-loop.c:370
    #20 0x55e81644ce94 in captured_command_loop
/home/simark/src/binutils-gdb/gdb/main.c:359
    #21 0x55e816450819 in captured_main
/home/simark/src/binutils-gdb/gdb/main.c:1202
    #22 0x55e8164508a9 in gdb_main(captured_main_args*)
/home/simark/src/binutils-gdb/gdb/main.c:1217
    #23 0x55e8158999cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #24 0x7f28f56fd152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)

SUMMARY: AddressSanitizer: new-delete-type-mismatch
/build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177 in operator
delete(void*, unsigned long)
==2776313==HINT: if you don't care about these errors you may set
ASAN_OPTIONS=new_delete_type_mismatch=0
==2776313==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Gdb-prs mailing list