[Crash-utility] segv in crash-5.0.0
Dave Anderson
anderson at redhat.com
Mon Feb 1 22:26:49 UTC 2010
----- "Bob Montgomery" <bob.montgomery at hp.com> wrote:
> I accidentally tried to dump a struct from a bogus pointer while using
> crash-5.0.0 on x86-64.
>
> In crash-4.1.1, the result was:
> crash> struct bnx2 0xffffc90006b000cf
> struct bnx2 struct: invalid kernel virtual address: ffffc90006b000cf
> type: "gdb_readmem_callback"
> Cannot access memory at address 0xffffc90006b000cf
> crash>
>
> On crash-5.0.0, the result was:
> crash-5.0> struct bnx2 0xffffc90006b000cf
> struct bnx2 struct: invalid kernel virtual address: ffffc90006b000cf
> type: "gdb_readmem_callback"
> *** glibc detected *** crash-5.0: double free or corruption (!prev):
> 0x0000000006f94e60 ***
> gdb called without error_hook: Cannot access memory at address
> 0xffffc90006b000cf
> <segmentation violation in gdb>
>
> [[ Here the process hung, and I had to kill -9 it ]]
>
>
> While running crash-5.0.0 under gdb, I tried some non-struct accesses of
> the location first:
> crash> rd 0xffffc90006b000cf 10
> rd: invalid kernel virtual address: ffffc90006b000cf type: "64-bit KVADDR"
> crash> x/xg 0xffffc90006b000cf
> 0xffffc90006b000cf: gdb: invalid kernel virtual address:
> ffffc90006b000cf type: "gdb_readmem_callback"
> Cannot access memory at address 0xffffc90006b000cf
> gdb: gdb request failed: x/xg
> crash>
>
> But with the struct access:
>
> crash> struct bnx2 0xffffc90006b000cf
> struct bnx2 struct: invalid kernel virtual address: ffffc90006b000cf type: "gdb_readmem_callback"
> gdb called without error_hook: Cannot access memory at address 0xffffc90006b000cf
> *** glibc detected *** /home/bobm/Crash/crash-5.0.0/crash: double free
> or corruption (!prev): 0x0000000007144210 ***
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007fd3c65781af in ?? () from /lib/libgcc_s.so.1
> (gdb)
> (gdb) bt
> #0 0x00007fd3c65781af in ?? () from /lib/libgcc_s.so.1
> #1 0x00007fd3c6578a7b in _Unwind_Backtrace () from /lib/libgcc_s.so.1
> #2 0x00007fd3cda735ae in backtrace () from /lib/libc.so.6
> #3 0x00007fd3cda013bc in __libc_message () from /lib/libc.so.6
> #4 0x00007fd3cda06948 in malloc_printerr () from /lib/libc.so.6
> #5 0x00007fd3cda08a56 in free () from /lib/libc.so.6
> #6 0x000000000058807a in parse_exp_in_context (stringptr=0x7fffb04cdc20,
> block=<value optimized out>, comma=<value optimized out>,
> void_context_p=32723, out_subexp=0x7fffb04cdba0) at parse.c:1101
> #7 0x0000001d06b000cf in ?? ()
> #8 0x0000000000000000 in ?? ()
>
> Enough to go on? Already known?
Not already known...
But I can reproduce it (at least with some bogus addresses) -- I'll take
a look at it tomorrow...
Thanks,
Dave
More information about the Crash-utility
mailing list