This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
[Bug python/11914] Multiple call to inferior function can leed tosegfault
- From: "joachim.protze at zih dot tu-dresden.de"<sourceware-bugzilla at sourceware dot org>
- To: gdb-prs at sourceware dot org
- Date: Tue, 19 Jul 2011 15:26:50 +0000
- Subject: [Bug python/11914] Multiple call to inferior function can leed tosegfault
- Auto-submitted: auto-generated
- References: <bug-11914-4717@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=11914
Joachim Protze <joachim.protze at zih dot tu-dresden.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Last reconfirmed| |2011.07.19 15:26:15
Resolution|WORKSFORME |
Ever Confirmed|0 |1
--- Comment #3 from Joachim Protze <joachim.protze at zih dot tu-dresden.de> 2011-07-19 15:26:15 UTC ---
I have no idea, what patches are applied for Fedora release (can u tell me the
git? repositories?). In my eyes, gdb is not a special Fedora product. When the
bug is fixed there, it is fine for Fedora, but the fix should go back to trunk.
In the current gdb-cvs trunk the bug still exists.
I just checked out the current cvs version and tried my testcase again. My
current system is Ubuntu/natty. As you can see below, the outer gdb is the
distros gdb, the inner gdb is the one from cvs.
----
As mentioned in my initial posting, i tried this also on a machine with ia64
cores (and SUSE SLES10SP3 with SGI ProPack 6SP6).
There i just got a surprising result while running the test with current cvs
version:
(gdb) source pptest.py
(gdb) python
>for i in range(10000):
> gdb.execute("info locals", False, True)
>end
[Inferior 1 (process 115483) exited with code 01]
(gdb)
where the last (gdb) prompt is of the outer gdb instance. This behaviour is
reproducable on this machine. As the inner gdb instanc dies quiet, i get no
backtrace.
When i run the "info locals" manually and press the return-key, after about
40-50 executions of "info locals" i get the segfault - the backtrace is listed
below.
For me it seems like the rollback of fast repeated function calls from inferior
fails and overwrites gdb-own datastructures - this is not reproducible when i
hit the return key after each execution of "info locals".
------------- backtrace on the Ubuntu/x86_64 machine ---------------
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/jprotze/.root/usr/bin/gdb...done.
(gdb) r
Starting program: /home/jprotze/.root/usr/bin/gdb a.out
[Thread debugging using libthread_db enabled]
GNU gdb (GDB) 7.2.91.20110718-cvs
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/jprotze/workdir/pptest/a.out...done.
(gdb) b 26
Breakpoint 1 at 0x400518: file pptest.c, line 26.
(gdb) r
Starting program: /home/jprotze/workdir/pptest/a.out
Breakpoint 1, main (argc=1, argv=0x7fffffffe228) at pptest.c:26
26 f=5;
(gdb) python
>for i in range(10000):
> gdb.execute("info locals", False, True)
>end
(gdb) source pptest.py
(gdb) python
>for i in range(10000):
> gdb.execute("info locals", False, True)
>end
Program received signal SIGSEGV, Segmentation fault.
0x0000000000510f37 in regcache_cooked_read (regcache=0xef3770, regnum=6,
buf=0xef3970 "") at regcache.c:693
693 gdb_assert (regnum < regcache->descr->nr_cooked_registers);
(gdb) bt
#0 0x0000000000510f37 in regcache_cooked_read (regcache=0xef3770, regnum=6,
buf=0xef3970 "") at regcache.c:693
#1 0x00000000005ea7b0 in sentinel_frame_prev_register (this_frame=0xef03b0,
this_prologue_cache=<value optimized out>, regnum=6) at sentinel-frame.c:65
#2 0x000000000046177f in frame_unwind_register_value (frame=0xef03b0,
regnum=6) at frame.c:953
#3 0x0000000000461a29 in frame_register_unwind (frame=<value optimized out>,
regnum=<value optimized out>, optimizedp=0x7fffffffd48c,
unavailablep=0x7fffffffd488, lvalp=0x7fffffffd3ac, addrp=0x7fffffffd3a0,
realnump=0x7fffffffd3a8, bufferp=0xddee20 "") at frame.c:859
#4 0x0000000000462edc in get_frame_register_bytes (frame=0xef0470,
regnum=<value optimized out>, offset=<value optimized out>, len=8,
myaddr=<value optimized out>, optimizedp=0x7fffffffd48c,
unavailablep=0x7fffffffd488) at frame.c:1140
#5 0x000000000050f6bb in value_from_register (type=0xdeaef0, regnum=6,
frame=0xef0470) at findvar.c:658
#6 0x000000000050fb83 in address_from_register (type=<value optimized out>,
regnum=<value optimized out>, frame=<value optimized out>) at findvar.c:684
#7 0x00000000006257d0 in execute_stack_op (ctx=0xeed5f0, op_ptr=0xde6eac "q",
op_end=0xde6eac "q") at dwarf2expr.c:591
#8 0x00000000006260bd in dwarf_expr_eval (ctx=0xeed5f0, addr=<value optimized
out>, len=<value optimized out>) at dwarf2expr.c:258
#9 0x0000000000625717 in execute_stack_op (ctx=0xeed5f0, op_ptr=0xde116d
"\nc", op_end=0xde116d "\nc") at dwarf2expr.c:619
#10 0x00000000006260bd in dwarf_expr_eval (ctx=0xeed5f0, addr=<value optimized
out>, len=<value optimized out>) at dwarf2expr.c:258
#11 0x00000000005b808d in dwarf2_evaluate_loc_desc_full (type=0xde2e20,
frame=0xef0470, data=0xde116b "\221h\nc", size=2, per_cu=0xde11e0,
byte_offset=0)
at dwarf2loc.c:1112
#12 0x00000000005341a9 in print_variable_and_value (name=0xde1162 "b",
var=0xded660, frame=0xef0470, stream=0xe5d0c0, indent=0) at ./printcmd.c:1960
#13 0x000000000055be84 in do_print_variable_and_value (print_name=<value
optimized out>, sym=<value optimized out>, cb_data=0x7fffffffd8c0) at
stack.c:1621
#14 0x000000000055cf44 in iterate_over_block_locals (block=0xdedb80,
cb=0x55be70 <do_print_variable_and_value>, cb_data=0x7fffffffd8c0) at
stack.c:1521
#15 iterate_over_block_local_vars (block=0xdedb80, cb=0x55be70
<do_print_variable_and_value>, cb_data=0x7fffffffd8c0) at stack.c:1591
#16 0x000000000055cffd in print_frame_local_vars (frame=0xef0470,
num_tabs=<value optimized out>, stream=0xe5d0c0) at stack.c:1653
#17 0x0000000000457c88 in execute_command (p=0xeaf2ab "", from_tty=0) at
top.c:428
#18 0x0000000000457d65 in execute_command_to_string (p=0xeaf2a0 "info locals",
from_tty=0) at top.c:502
#19 0x00000000004dddf4 in execute_gdb_command (self=<value optimized out>,
args=<value optimized out>, kw=<value optimized out>) at ./python/python.c:381
#20 0x00007ffff6ee6630 in PyEval_EvalFrameEx () from
/usr/lib/libpython2.7.so.1.0
#21 0x00007ffff6ee827d in PyEval_EvalCodeEx () from
/usr/lib/libpython2.7.so.1.0
#22 0x00007ffff6ee8392 in PyEval_EvalCode () from /usr/lib/libpython2.7.so.1.0
#23 0x00007ffff6f0a1dc in PyRun_StringFlags () from
/usr/lib/libpython2.7.so.1.0
#24 0x00007ffff6f0acdd in PyRun_SimpleStringFlags () from
/usr/lib/libpython2.7.so.1.0
#25 0x00000000004de7ed in eval_python_from_control_command (cmd=<value
optimized out>) at ./python/python.c:182
#26 0x00000000004c4aeb in execute_control_command (cmd=0xddedc0) at
./cli/cli-script.c:568
#27 0x00000000004de6dd in python_command (arg=0x0, from_tty=<value optimized
out>) at ./python/python.c:216
#28 0x0000000000457c88 in execute_command (p=0xad4157 "xecute(\"info locals\",
False, True)", from_tty=1) at top.c:428
#29 0x0000000000568b08 in command_handler (command=0xad4150 "") at
event-top.c:499
#30 0x00000000005695cc in command_line_handler (rl=<value optimized out>) at
event-top.c:704
#31 0x00000000006382d7 in rl_callback_read_char () at callback.c:205
#32 0x0000000000568b79 in rl_callback_read_char_wrapper (client_data=<value
optimized out>) at event-top.c:177
#33 0x0000000000567668 in process_event () at event-loop.c:402
#34 0x000000000056826e in gdb_do_one_event (data=<value optimized out>) at
event-loop.c:467
#35 0x0000000000562abb in catch_errors (func=0x568020 <gdb_do_one_event>,
func_args=0x0, errstring=0x6f2667 "", mask=<value optimized out>)
at exceptions.c:521
#36 0x00000000004d5ce0 in tui_command_loop (data=<value optimized out>) at
./tui/tui-interp.c:172
#37 0x000000000044f369 in captured_command_loop (data=<value optimized out>) at
./main.c:228
#38 0x0000000000562abb in catch_errors (func=0x44f360 <captured_command_loop>,
func_args=0x0, errstring=0x6f2667 "", mask=<value optimized out>)
at exceptions.c:521
#39 0x000000000045017e in captured_main (data=<value optimized out>) at
./main.c:936
---Type <return> to continue, or q <return> to quit---
#40 0x0000000000562abb in catch_errors (func=0x44f530 <captured_main>,
func_args=0x7fffffffe120, errstring=0x6f2667 "", mask=<value optimized out>)
at exceptions.c:521
#41 0x0000000000450414 in gdb_main (args=<value optimized out>) at ./main.c:945
#42 0x000000000044f29e in main (argc=<value optimized out>, argv=<value
optimized out>) at gdb.c:35
(gdb)
------------- backtrace on the SLES/ia64 machine ---------------
#0 0x4000000000097b81 in frame_unwind_pc_if_available (this_frame=Cannot
access memory at address 0x254
) at frame.c:625
#1 0x4000000000098100 in frame_unwind_pc (this_frame=0x21c) at frame.c:701
#2 0x4000000000098540 in get_frame_address_in_block
(this_frame=0x60000000002d2e30) at frame.c:1988
#3 0x4000000000098af0 in get_frame_address_in_block_if_available
(this_frame=Cannot access memory at address 0x254
) at frame.c:2050
#4 0x40000000001e2530 in get_frame_block (frame=0x60000000002d2e30,
addr_in_block=0x0) at blockframe.c:65
#5 0x40000000003c0540 in dwarf_expr_frame_base (baton=0x607ffffffee96660,
start=0x607ffffffee96648, length=0x607ffffffee96650) at dwarf2loc.c:180
#6 0x40000000004d24f0 in execute_stack_op (ctx=0x60000000002e47e0,
op_ptr=0x600000000023222a "\bc", op_end=0x600000000023222a "\bc") at
dwarf2expr.c:618
#7 0x40000000004d3910 in dwarf_expr_eval (ctx=0x60000000002e47e0,
addr=0x6000000000232228 "\221P\bc", len=2) at dwarf2expr.c:258
#8 0x40000000003beac0 in dwarf2_evaluate_loc_desc_full
(type=0x600000000005beb8, frame=0x21c, data=Cannot access memory at address
0xa000000100010b20
) at dwarf2loc.c:1112
#9 0x4000000000216ce0 in read_var_value (var=0x600000000023c870,
frame=0x60000000002d2e30) at findvar.c:555
#10 0x400000000026eed0 in print_variable_and_value (name=0x21c <Address 0x21c
out of bounds>, var=0x600000000023c870, frame=0x60000000002d2e30, stream=Cannot
access memory at address 0x254
) at ./printcmd.c:1960
#11 0x40000000002dbe50 in do_print_variable_and_value
(print_name=0x600000000023221f "b", sym=0x600000000023c870,
cb_data=0x607ffffffee967f0) at stack.c:1621
#12 0x40000000002d9180 in iterate_over_block_locals (cb_data=<optimized out>,
cb=<optimized out>, b=<optimized out>) at stack.c:1521
#13 iterate_over_block_local_vars (block=0x600000000023cd90,
cb=@0x40000000008b5290: 0x40000000002dbe00 <do_print_variable_and_value>,
cb_data=0x607ffffffee967d8) at stack.c:1591
#14 0x40000000002dbc20 in print_frame_local_vars (frame=0x60000000002d2e30,
num_tabs=<optimized out>, stream=0x60000000001cd220) at stack.c:1653
#15 0x40000000001490a0 in do_cfunc (c=<optimized out>, args=0x0, from_tty=1) at
./cli/cli-decode.c:67
#16 0x40000000001493c0 in cmd_func (cmd=0x60000000000f4cb0, args=0x0,
from_tty=1) at ./cli/cli-decode.c:1777
#17 0x4000000000087850 in execute_command (p=0x60000000000a9f5c "", from_tty=1)
at top.c:428
#18 0x40000000002f7710 in command_handler (command=0x60000000000a9f50 "info
locals ") at event-top.c:499
#19 0x40000000002f9790 in command_line_handler (rl=0x60000000002378b0 "\001")
at event-top.c:710
#20 0x4000000000501ac0 in rl_callback_read_char () at callback.c:205
#21 0x40000000002f7870 in rl_callback_read_char_wrapper
(client_data=0x40000000002f86a0) at event-top.c:177
#22 0x40000000002f86a0 in stdin_event_handler (error=0, client_data=0x0) at
event-top.c:434
#23 0x40000000002f6ac0 in handle_file_event (data=...) at event-loop.c:831
#24 0x40000000002f4080 in process_event () at event-loop.c:402
#25 0x40000000002f6900 in gdb_do_one_event (data=0x0) at event-loop.c:467
#26 0x40000000002e8bf0 in catch_errors (func=0x21c, func_args=0x0,
errstring=0x21c <Address 0x21c out of bounds>, mask=6) at exceptions.c:521
#27 0x400000000017f500 in tui_command_loop (data=0x607ffffffee968a0) at
./tui/tui-interp.c:172
#28 0x40000000002ea100 in current_interp_command_loop () at interps.c:291
#29 0x400000000006f210 in captured_command_loop (data=0x40000000002e8bf0) at
./main.c:228
#30 0x40000000002e8bf0 in catch_errors (func=0x21c,
func_args=0x40000000002e8bf0, errstring=0x21c <Address 0x21c out of bounds>,
mask=6) at exceptions.c:521
#31 0x40000000000701a0 in captured_main (data=<optimized out>) at ./main.c:936
#32 0x40000000002e8bf0 in catch_errors (func=0x21c,
func_args=0x60000000000857a8, errstring=0x21c <Address 0x21c out of bounds>,
mask=6) at exceptions.c:521
#33 0x400000000006ece0 in gdb_main (args=0x607ffffffee969a0) at ./main.c:945
#34 0x400000000006ec60 in main (argc=2, argv=0x607ffffffee96c58) at gdb.c:35
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.