segv in crash-5.0.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I accidentally tried to dump a struct from a bogus pointer while using
crash-5.0.0 on x86-64.

In crash-4.1.1, the result was:
crash> struct bnx2 0xffffc90006b000cf
struct bnx2 struct: invalid kernel virtual address: ffffc90006b000cf
type: "gdb_readmem_callback"
Cannot access memory at address 0xffffc90006b000cf
crash> 

On crash-5.0.0, the result was:
crash-5.0> struct bnx2 0xffffc90006b000cf
struct bnx2 struct: invalid kernel virtual address: ffffc90006b000cf
type: "gdb_readmem_callback"
*** glibc detected *** crash-5.0: double free or corruption (!prev):
0x0000000006f94e60 ***
gdb called without error_hook: Cannot access memory at address
0xffffc90006b000cf
   <segmentation violation in gdb>

[[ Here the process hung, and I had to kill -9 it ]]


While running crash-5.0.0 under gdb, I tried some non-struct accesses of
the location first:
crash> rd 0xffffc90006b000cf 10
rd: invalid kernel virtual address: ffffc90006b000cf  type: "64-bit
KVADDR"
crash> x/xg 0xffffc90006b000cf
0xffffc90006b000cf:     gdb: invalid kernel virtual address:
ffffc90006b000cf  type: "gdb_readmem_callback"
Cannot access memory at address 0xffffc90006b000cf
gdb: gdb request failed: x/xg
crash>

But with the struct access:

crash> struct bnx2 0xffffc90006b000cf
struct bnx2 struct: invalid kernel virtual address: ffffc90006b000cf
type: "gdb_readmem_callback"
gdb called without error_hook: Cannot access memory at address
0xffffc90006b000cf
*** glibc detected *** /home/bobm/Crash/crash-5.0.0/crash: double free
or corruption (!prev): 0x0000000007144210 ***

Program received signal SIGSEGV, Segmentation fault.
0x00007fd3c65781af in ?? () from /lib/libgcc_s.so.1
(gdb)
(gdb) bt
#0  0x00007fd3c65781af in ?? () from /lib/libgcc_s.so.1
#1  0x00007fd3c6578a7b in _Unwind_Backtrace () from /lib/libgcc_s.so.1
#2  0x00007fd3cda735ae in backtrace () from /lib/libc.so.6
#3  0x00007fd3cda013bc in __libc_message () from /lib/libc.so.6
#4  0x00007fd3cda06948 in malloc_printerr () from /lib/libc.so.6
#5  0x00007fd3cda08a56 in free () from /lib/libc.so.6
#6  0x000000000058807a in parse_exp_in_context
(stringptr=0x7fffb04cdc20,
    block=<value optimized out>, comma=<value optimized out>,
    void_context_p=32723, out_subexp=0x7fffb04cdba0) at parse.c:1101
#7  0x0000001d06b000cf in ?? ()
#8  0x0000000000000000 in ?? ()

Enough to go on?  Already known?

Thanks,
Bob Montgomery

--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility
[Index of Archives]     [Fedora Development]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]

 

Powered by Linux