gdb crash with procinfo command

[zTrix]

gdb version 7.6.2, peda latest version.

I used peda to debug https://30c3ctf.aachen.ccc.de/static/bigdata.tar.gz

I just typed

start
procinfo

and gdb crashed with coredump backtrace below

gdb-peda$ bt
#0  0x00007fbe73077319 in raise () from /usr/lib/libc.so.6
#1  0x00007fbe73078718 in abort () from /usr/lib/libc.so.6
#2  0x0000000000624f96 in ?? ()
#3  0x0000000000627265 in ?? ()
#4  0x00000000006272b9 in internal_verror ()
#5  0x0000000000627352 in internal_error ()
#6  0x000000000056dcec in ?? ()
#7  0x00000000005580ff in ?? ()
#8  0x000000000062394a in execute_command ()
#9  0x00000000004cf7e3 in ?? ()
#10 0x00007fbe73916849 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#11 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#12 0x00007fbe73916499 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#13 0x00007fbe73916562 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#14 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#15 0x00007fbe738a6c0d in function_call () from /usr/lib/libpython2.7.so.1.0
#16 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#17 0x00007fbe73912d70 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#18 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#19 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#20 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#21 0x00007fbe7389144d in instancemethod_call () from /usr/lib/libpython2.7.so.1.0
#22 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#23 0x00007fbe738d71f7 in slot_tp_call () from /usr/lib/libpython2.7.so.1.0
#24 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#25 0x00007fbe739129f1 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#26 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#27 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#28 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#29 0x00007fbe73912d70 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#30 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#31 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#32 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#33 0x00007fbe7389144d in instancemethod_call () from /usr/lib/libpython2.7.so.1.0
#34 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#35 0x00007fbe73883383 in PyObject_CallMethodObjArgs () from /usr/lib/libpython2.7.so.1.0
#36 0x00000000004d33ab in ?? ()
#37 0x000000000062394a in execute_command ()
#38 0x00000000004cf7e3 in ?? ()
#39 0x00007fbe73916849 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#40 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#41 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#42 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#43 0x00007fbe7389144d in instancemethod_call () from /usr/lib/libpython2.7.so.1.0
#44 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#45 0x00007fbe73883383 in PyObject_CallMethodObjArgs () from /usr/lib/libpython2.7.so.1.0
#46 0x00000000004d33ab in ?? ()
#47 0x000000000062394a in execute_command ()
#48 0x0000000000579451 in ?? ()
#49 0x00000000005798cc in ?? ()
#50 0x00007fbe747c447e in rl_callback_read_char () from /usr/lib/libreadline.so.6
#51 0x00000000005794b9 in ?? ()
#52 0x0000000000578223 in ?? ()
#53 0x0000000000578537 in gdb_do_one_event ()
#54 0x0000000000578757 in start_event_loop ()
#55 0x0000000000572313 in ?? ()
#56 0x0000000000570c5a in catch_errors ()
#57 0x0000000000573086 in ?? ()
#58 0x0000000000570c5a in catch_errors ()
#59 0x00000000005734a4 in gdb_main ()
#60 0x000000000045194e in main ()
#61 0x00007fbe73063b05 in __libc_start_main () from /usr/lib/libc.so.6
#62 0x000000000045197c in _start ()

Any idea what caused the problem and how to fix it? Thanks.

[longld]

Could you provide more info about running environment:

• Linux distro & version?
• gdb from prebuilt binary package or compiled from source?
• only procinfo or other commands also cause crash?

[zTrix]

• I'm using Archlinux uname -a prints 3.12.6-1-ARCH #1 SMP PREEMPT Fri Dec 20 19:39:00 CET 2013 x86_64 GNU/Linux
• gdb is from prebuilt binary package installed by pacman package manager
• not only procinfo, I tried some other commands, such as vmmap, elfheader, they also cause similar core dump.

If you can provide some info on how to setup debugging env, I think I can provide some help on this issue.

[longld]

Looks like a bug of GDB (older versions are affected too) when it cannot insert breakpoint then calls to "info program" which is used by peda.get_status(). Workaround: try to run the program once or run outside then attach in gdb.

Here are steps to reproduce the crash without peda:

$ gdb -n -q /bin/cat
(gdb) tbreak *0xdeadbeef
Temporary breakpoint 1 at 0xdeadbeef
(gdb) r
Starting program: /bin/cat
Warning:
Cannot insert breakpoint 1.
Error accessing memory address 0xdeadbeef: Input/output error.

(gdb) info prog
/build/buildd/gdb-7.4-2012.04/gdb/thread.c:613: internal-error: is_thread_state: Assertion `tp' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Quit this debugging session? (y or n) y

[zTrix]

I tried your reproduce steps in my environment(Archlinux gdb-7.6.2), it has the same output. So we can report this issue to gdb?

[longld]

I think so, but I leave it to you :)

[zTrix]

submitted to gdb bugzilla, thanks very much for your investigation.