Bug 442888
| Summary: | gdb terminates with a segfault when stepping though a test application | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Steve <sfernand> | ||||||||
| Component: | gdb | Assignee: | Jan Kratochvil <jan.kratochvil> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||||
| Severity: | medium | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | 4.6 | CC: | alanm, ebachalo, marcobillpeter, pmuller, tao | ||||||||
| Target Milestone: | rc | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: |
* Debugging code compiled by the default C compiler of RHEL-4 (gcc) could cause a GDB segmentation fault if a SYMBOL_LOCATION_BATON was undefined. The updated GDB writes an error message and continues to run. Such code can be debugged correctly by using the alternative RHEL-4 C compiler gcc4.
|
Story Points: | --- | ||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2009-05-18 20:33:29 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | |||||||||||
| Bug Blocks: | 409961 | ||||||||||
| Attachments: |
|
||||||||||
Created attachment 302740 [details]
core file generated by rhel4.6 gdb (gdb-6.3.0.0)
Created attachment 302741 [details]
core file generated by upstream gdb (gdb-6.7.1)
Created attachment 302742 [details]
debug information extracted from the application
output of the following commands:
$ readelf -a <executable used to generate core>
$ readelf -w <executable used to generate core>
$ gdb <executable used to generate core>
.....
<get to the point just before the segmentation fault occurs>
.....
(gdb) maintenance check-symtabs
.....
(gdb) maintenance info symtabs
As it is no longer reproducible with current GCCs and it would be nice to check how it is fixed upstream I would prefer some core file I could use for a better analysis. The core file must be accompanied with its binary + sources. Both provided core files are for custom built binaries so I cannot use them in any way (without disassembling the code by hand). The core file marked as: core file generated by rhel4.6 gdb (gdb-6.3.0.0) is for a custom build: Core was generated by `/home/watayasu/rpm/BUILD/gdb-6.3/gdb/gdb ./TestDriver_DBG'. and it was verified it is not matching either rhel4u4 or rhel4u6 Red Hat binary. Please either supply also the whole directory /home/watayasu/rpm/BUILD/gdb-6.3 or provide a core file from some Red Hat supplied /usr/bin/gdb. I could try to undo the patch for GCC and it would be better reproducible from your system, thanks. This GDB version should no longer crash: http://people.redhat.com/jkratoch/rh442888/ and the patch was applied upstream: http://sourceware.org/ml/gdb-patches/2008-04/msg00628.html http://sourceware.org/ml/gdb-cvs/2008-05/msg00051.html Still GDB will still not provide a correct debug info as it will just print: Could not find the frame base for ... Because it is wrongly generated by GCC there. Have you tried `gcc4' instead? This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?". Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: * Debugging code compiled by the default C compiler of RHEL-4 (gcc) could cause a GDB segmentation fault if a SYMBOL_LOCATION_BATON was undefined. The updated GDB writes an error message and continues to run. Such code can be debugged correctly by using the alternative RHEL-4 C compiler gcc4. The Release note text has been updated. New Contents: * Debugging code compiled by the default C compiler of RHEL-4 (gcc) could cause a GDB segmentation fault if the debugging information incorrectly references a frame base which is not being defined by this debugging information. The updated GDB writes an error message and continues to run. Such code can be debugged correctly by using the alternative RHEL-4 C compiler gcc4. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1015.html |
Description of problem: A customer reports that single stepping through their test application (which, they are unwilling to provide the source code for) using gdb causes gdb to terminate with a segfault. Version-Release number of selected component (if applicable): - Occurs on both rhel4.6 gdb (gdb-6.3.0.0) and upstream gdb (gdb-6.7.1). - Application compiled with gcc-3-4-6-9 How reproducible: 100% reproducible with the customer's test application. Steps to Reproduce: ------------------------------------------------------------------------- [root@RHEL4U4 drv]# ldd ./TestDriver_DBG linux-gate.so.1 => (0xa000000000000000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x2000000000044000) libnsl.so.1 => /lib/libnsl.so.1 (0x2000000000078000) libdl.so.2 => /lib/libdl.so.2 (0x20000000000b4000) libHCLIB_001000.so => /root/test/info/lib/libHCLIB_001000.so (0x20000000000d0000) libHCLIB_002000.so => /root/test/info/lib/libHCLIB_002000.so (0x20000000000e8000) libHCLIB_003000.so => /root/test/info/lib/libHCLIB_003000.so (0x2000000000100000) libHCLIB_004000.so => /root/test/info/lib/libHCLIB_004000.so (0x2000000000114000) libHCLIB_005000.so => /root/test/info/lib/libHCLIB_005000.so (0x2000000000154000) libHCCOM_100200.so => /root/test/info/lib/libHCCOM_100200.so (0x200000000016c000) libHCCOM_100300.so => /root/test/info/lib/libHCCOM_100300.so (0x2000000000180000) libHCCOM_100400.so => /root/test/info/lib/libHCCOM_100400.so (0x2000000000194000) libHCCOM_100500.so => /root/test/info/lib/libHCCOM_100500.so (0x20000000001ac000) libHCCOM_100600.so => /root/test/info/lib/libHCCOM_100600.so (0x20000000001c8000) libHCCOM_100700.so => /root/test/info/lib/libHCCOM_100700.so (0x20000000001dc000) libHCCOM_100800.so => /root/test/info/lib/libHCCOM_100800.so (0x20000000001f0000) libHCCOM_100900.so => /root/test/info/lib/libHCCOM_100900.so (0x2000000000204000) libHCCOM_101000.so => /root/test/info/lib/libHCCOM_101000.so (0x200000000021c000) libesupCCLSconapi.so => /root/test/info/lib/libesupCCLSconapi.so (0x2000000000230000) libPConverter.so => /root/test/info/lib/libPConverter.so (0x2000000000244000) libicv.so.1 => /root/test/info/lib/libicv.so.1 (0x2000000000258000) libesuppmem.so => /root/test/info/lib/libesuppmem.so (0x20000000002b0000) libesuppmsg.so => /root/test/info/lib/libesuppmsg.so (0x2000000000330000) libesupplog.so => /root/test/info/lib/libesupplog.so (0x200000000035c000) libOM.so => /root/test/info/lib/libOM.so (0x20000000003a0000) libOMcn.so => /root/test/info/lib/libOMcn.so (0x2000000000794000) libOMir.so => /root/test/info/lib/libOMir.so (0x20000000007c0000) libc.so.6.1 => /lib/tls/libc.so.6.1 (0x2000000000824000) /lib/ld-linux-ia64.so.2 (0x2000000000000000) libOMuty.so => /root/test/info/lib/libOMuty.so (0x2000000000a94000) libOMsocket.so => /root/test/info/lib/libOMsocket.so (0x2000000000ab8000) [root@RHEL4U4 drv]# gdb ./TestDriver_DBG GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "ia64-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) b 125 Breakpoint 1 at 0x4000000000004122: file TestDriver.c, line 125. (gdb) b 151 Breakpoint 2 at 0x4000000000004450: file TestDriver.c, line 151. (gdb) run Starting program: /root/test/info/drv/TestDriver_DBG Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0xa000000000000000 [Thread debugging using libthread_db enabled] [New Thread 2305843009224777856 (LWP 3391)] DBGPRT [p0000003391][t02305843009224777856][s02]: TestDriver.c 88 単体テストドライバ開始 DBGPRT [p0000003391][t02305843009224777856][s02]: TestDriver.c 450 メモリテーブル開始処理が異常終了しました。 [Switching to Thread 2305843009224777856 (LWP 3391)] Breakpoint 1, main () at TestDriver.c:125 125 if (RC_OK != Ret) (gdb) set Ret=0 (gdb) c Continuing. 1.取引ログ 2.トレースログ 3.性能ログ 4.ユーザログ [入力]出力ログ指定->1 [入力]呼び出し回数->1 ############# RcvTime 0x60000fffffffb240 Breakpoint 2, main () at TestDriver.c:152 152 HCCOM_100901_TrhLogGet( (gdb) s HCCOM_100901_TrhLogGet (p_InAdpHdr=0x60000ffffffee1d0, p_InAdpInf=0x60000ffffffee3d0 "", p_InUsrInf=0x60000ffffffee450, p_InDenbun=0x60000ffffffee850 "", p_OutAdpHdr=0x60000ffffffee1d0, p_OutAdpInf=0x60000ffffffee3d0 "", Segmentation fault ------------------------------------------------------------------------- Actual results: gdb terminates with a segfault. Expected results: gdb should not terminate with a segfault and instead execute the 'step' command successfully. Additional info: ------------------------------------------------------------------------- The customer suspects the problem is same as http://gcc.gnu.org/bugzilla/show_bug.cgi?id=19124 I am attaching the following files: - core.4582_gdb6-3-0-0.bz2 core file generated by rhel4.6 gdb (gdb-6.3.0.0) - core.4842_gdb6-7-1.bz2: core file generated by upstream gdb (gdb-6.7.1) - logfile output of the following commands: $ readelf -a <executable used to generate core> $ readelf -w <executable used to generate core> $ gdb <executable used to generate core> ..... <get to the point just before the segmentation fault occurs> ..... (gdb) maintenance check-symtabs ..... (gdb) maintenance info symtabs This is the bt from the attached core: # gdb /usr/bin/gdb /root/mmatsuya/core.4582_gdb6-3-0-0 <snip> Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0xa000000000000000 Core was generated by `/home/watayasu/rpm/BUILD/gdb-6.3/gdb/gdb ./TestDriver_DBG'. Program terminated with signal 11, Segmentation fault. #0 dwarf_expr_frame_base (baton=0x60000fffffffa0e0, start=0x60000fffffffa0c0, length=0x60000fffffffa0c8) at ../../gdb/dwarf2loc.c:174 174 *start = symbaton->data; (gdb) bt #0 dwarf_expr_frame_base (baton=0x60000fffffffa0e0, start=0x60000fffffffa0c0, length=0x60000fffffffa0c8) at ../../gdb/dwarf2loc.c:174 #1 0x4000000000322590 in execute_stack_op (ctx=0x60000000008f9350, op_ptr=0x60000000006ad14e "�", op_end=0x60000000006ad14e "�") at ../../gdb/dwarf2expr.c:465 #2 0x400000000026ee60 in dwarf2_evaluate_loc_desc (var=0x6000000001bc3bc0, frame=0x600000000008d0c0, data=0x60000000006ad14a "\221��\006�", size=53582, objfile=Variable "objfile" is not available.) at ../../gdb/dwarf2loc.c:222 #3 0x400000000026fe30 in loclist_read_variable (symbol=0x6000000001bc3bc0, frame=0x600000000008d0c0) at ../../gdb/dwarf2loc.c:526 #4 0x4000000000147fe0 in read_var_value (var=0x6000000001bc3bc0, frame=0x600000000008d0c0) at ../../gdb/findvar.c:560 #5 0x40000000001ca070 in print_frame_args (func=Variable "func" is not available.) at ../../gdb/stack.c:347 #6 0x40000000001ca3c0 in print_args_stub (args=0x60000fffffffa500) at ../../gdb/stack.c:402 #7 0x4000000000064f50 in do_catch_errors (uiout=0x60000000000b3a10, data=0x60000fffffffa480) at ../../gdb/top.c:524 #8 0x4000000000064c00 in catcher (func=Cannot access memory at address 0x8) at ../../gdb/top.c:431 #9 0x4000000000064ff0 in catch_errors (func=@0x40000000004d23c0: 0x40000000001ca330 <print_args_stub>, func_args=0x60000fffffffa500, errstring=0x400000000049e6e8 "", mask=6) at ../../gdb/top.c:536 #10 0x40000000001cb250 in print_frame_info (fi=0x600000000008d0c0, print_level=Variable "print_level" is not available.) at ../../gdb/stack.c:654 #11 0x40000000001cbbd0 in print_stack_frame_stub (args=0x60000fffffffa8e0) at ../../gdb/stack.c:135 #12 0x4000000000064f50 in do_catch_errors (uiout=0x60000000000b3a10, data=0x60000fffffffa8c0) at ../../gdb/top.c:524 #13 0x4000000000064c00 in catcher (func=Cannot access memory at address 0x8) at ../../gdb/top.c:431 #14 0x4000000000064ff0 in catch_errors (func=@0x40000000004d2390: 0x40000000001cbb80 <print_stack_frame_stub>, func_args=0x60000fffffffa8e0, errstring=0x400000000049e6e8 "", mask=6) at ../../gdb/top.c:536 #15 0x40000000001c9710 in print_stack_frame (fi=0x600000000008d0c0, print_level=0, print_what=SRC_AND_LOC) at ../../gdb/stack.c:156 #16 0x40000000001b9340 in normal_stop () at ../../gdb/infrun.c:3228 #17 0x40000000001c3840 in proceed (addr=6917529027641418032, siggnal=TARGET_SIGNAL_DEFAULT, step=-22184) at ../../gdb/infrun.c:826 #18 0x40000000001b0f70 in step_1 (skip_subroutines=229200, single_inst=229184, count_string=Cannot access memory at address 0x1) at ../../gdb/infcmd.c:689 #19 0x40000000000e34e0 in do_cfunc (c=Variable "c" is not available.) at ../../gdb/cli/cli-decode.c:57 #20 0x40000000000e80d0 in cmd_func (cmd=0x600000000007cc70, args=0x0, from_tty=1) at ../../gdb/cli/cli-decode.c:1599 #21 0x4000000000065940 in execute_command (p=Cannot access memory at address 0x0) at ../../gdb/top.c:733 #22 0x40000000001dcd90 in command_handler (command=0x6000000000055000 "s") at ../../gdb/event-top.c:500 #23 0x40000000001dde20 in command_line_handler (rl=0x600000000026f1c0 "�[\f") at ../../gdb/event-top.c:799 #24 0x40000000003f4500 in rl_callback_read_char () at ../../readline/callback.c:123 #25 0x40000000001dbaa0 in rl_callback_read_char_wrapper (client_data=0x40000000001dcab0) at ../../gdb/event-top.c:166 #26 0x40000000001dcab0 in stdin_event_handler (error=0, client_data=0x0) at ../../gdb/event-top.c:416 #27 0x40000000001da3b0 in handle_file_event (event_file_desc=1) at ../../gdb/event-loop.c:721 #28 0x40000000001d94b0 in process_event () at ../../gdb/event-loop.c:334 #29 0x40000000001daab0 in gdb_do_one_event (data=0x60000000000b5160) at ../../gdb/event-loop.c:371 #30 0x4000000000064f50 in do_catch_errors (uiout=0x60000000000b3a10, data=0x60000fffffffad30) at ../../gdb/top.c:524 #31 0x4000000000064c00 in catcher (func=Cannot access memory at address 0x8) at ../../gdb/top.c:431 #32 0x4000000000064ff0 in catch_errors (func=0x2000000000041168, func_args=0x0, errstring=0x400000000049e6e8 "", mask=6) at ../../gdb/top.c:536 #33 0x4000000000109930 in tui_command_loop (data=0x60000000000360b8) at ../../gdb/tui/tui-interp.c:150 #34 0x40000000001d43d0 in current_interp_command_loop () at ../../gdb/interps.c:277 #35 0x400000000004da40 in captured_command_loop (data=0x4000000000064f50) at ../../gdb/main.c:91 ------------------------------------------------------------------------- The customer cannot provide the reproducer. But, they can test this problem upon the request from us. Please let me know if you need any additional information. regards, - steve