Hi Martin, [ppc64] SEGV in ppc64_elf_get_synthetic_symtab reading a separate debug file https://sourceware.org/bugzilla/show_bug.cgi?id=17968 Martin Sebor 2015-02-16 00:42:58 CET # The problem appears to be due to the change to gdb/elfread.c introduced in the commit below: # # commit 63524580f8372e38a6a62fd875a4252068c31150 # # Author: Jan Kratochvil # # Date: Sun Apr 17 18:38:46 2011 +0000 # # gdb/ # # Fix convert_code_addr_to_desc_addr for ppc64 files after eu-strip. # # * elfread.c (elf_symfile_read): New variable synth_abfd, pass it to # # bfd_get_synthetic_symtab. https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=63524580f8372e38a6a62fd875a4252068c31150 I find the patch of mine above right even for object files and your patch only avoided hitting the stale memory reference by disabling proper .opd parsing. Valgrind on F-21 x86_64 host showed me more clear what is the problem: Reading symbols from /home/jkratoch/t/cordic.ko...Reading symbols from /home/jkratoch/t/cordic.ko.debug...================================================================= ==22763==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120000461c8 at pc 0x150cdbd bp 0x7fffffffc7e0 sp 0x7fffffffc7d0 READ of size 8 at 0x6120000461c8 thread T0 #0 0x150cdbc in ppc64_elf_get_synthetic_symtab /home/jkratoch/redhat/gdb-test-asan/bfd/elf64-ppc.c:3282 #1 0x8c5274 in elf_read_minimal_symbols /home/jkratoch/redhat/gdb-test-asan/gdb/elfread.c:1205 #2 0x8c55e7 in elf_symfile_read /home/jkratoch/redhat/gdb-test-asan/gdb/elfread.c:1268 [...] 0x6120000461c8 is located 264 bytes inside of 288-byte region [0x6120000460c0,0x6120000461e0) freed by thread T0 here: #0 0x7ffff715454f in __interceptor_free (/lib64/libasan.so.1+0x5754f) #1 0xde9cde in xfree common/common-utils.c:98 #2 0x9a04f7 in do_my_cleanups common/cleanups.c:155 #3 0x9a05d3 in do_cleanups common/cleanups.c:177 #4 0x8c538a in elf_read_minimal_symbols /home/jkratoch/redhat/gdb-test-asan/gdb/elfread.c:1229 #5 0x8c55e7 in elf_symfile_read /home/jkratoch/redhat/gdb-test-asan/gdb/elfread.c:1268 [...] previously allocated by thread T0 here: #0 0x7ffff71547c7 in malloc (/lib64/libasan.so.1+0x577c7) #1 0xde9b95 in xmalloc common/common-utils.c:41 #2 0x8c4da2 in elf_read_minimal_symbols /home/jkratoch/redhat/gdb-test-asan/gdb/elfread.c:1147 #3 0x8c55e7 in elf_symfile_read /home/jkratoch/redhat/gdb-test-asan/gdb/elfread.c:1268 [...] SUMMARY: AddressSanitizer: heap-use-after-free /home/jkratoch/redhat/gdb-test-asan/bfd/elf64-ppc.c:3282 ppc64_elf_get_synthetic_symtab [...] ==22763==ABORTING A similar case a few lines later I have fixed in 2010 by: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=3f1eff0a2c7f0e7078f011f55b8e7f710aae0cc2 Your testcase may be fine although it does not reproduce the crash on x86_64 host. Therefore attaching the binaries themselves to make the crash more reproducible. Although... my testcase does not always reproduce it but at least a bit: * GDB without ppc64 target (even as a secondary one) is reported as "untested" * ASAN-built GDB with ppc64 target always crashes (and PASSes with this fix) * unpatched non-ASAN-built GDB with ppc64 target crashes from commandline * unpatched non-ASAN-built GDB with ppc64 target PASSes from runtest (?) Jan On Wed, 18 Feb 2015 00:40:02 +0100, Martin Sebor wrote: > diff --git a/gdb/ChangeLog b/gdb/ChangeLog > index 0bd0792..288ec7d 100644 > --- a/gdb/ChangeLog > +++ b/gdb/ChangeLog > @@ -1,3 +1,9 @@ > +2015-02-16 Martin Sebor > + > + PR gdb/17968 > + * elread.c (elf_symfile_read): Use synth_abfd only for shared and elfread > + executable objects (but not relocatable files). > + > 2015-02-13 Doug Evans > > * cp-namespace.c (cp_basic_lookup_symbol): Rename parameter > diff --git a/gdb/elfread.c b/gdb/elfread.c > index 65c63f0..b1074e0 100644 > --- a/gdb/elfread.c > +++ b/gdb/elfread.c > @@ -1183,19 +1183,22 @@ elf_read_minimal_symbols (struct objfile *objfile, int symfile_flags, > elf_rel_plt_read (objfile, dyn_symbol_table); > } > > - /* Contrary to binutils --strip-debug/--only-keep-debug the strip command from > - elfutils (eu-strip) moves even the .symtab section into the .debug file. > + /* Both the Binutils strip command and the Elfutils eu-strip command > + remove the .symtab section from executables or dynamic object files > + (but not from reloacatable object files like Linux kernel modules) relocatable > + and move it into the .debug file. > > bfd_get_synthetic_symtab on ppc64 for each function descriptor ELF symbol > 'name' creates a new BSF_SYNTHETIC ELF symbol '.name' with its code > - address. But with eu-strip files bfd_get_synthetic_symtab would fail to > - read the code address from .opd while it reads the .symtab section from > - a separate debug info file as the .opd section is SHT_NOBITS there. > + address. But with stripped files without the .symtab section > + bfd_get_synthetic_symtab would fail to read the code address from .opd > + while it reads the .symtab section from a separate debug info file as > + the .opd section is SHT_NOBITS there. > > With SYNTH_ABFD the .opd section will be read from the original > backlinked binary where it is valid. */ > > - if (objfile->separate_debug_objfile_backlink) > +if (abfd->flags & (EXEC_P | DYNAMIC) && objfile->separate_debug_objfile_backlink) missing/removed indentation > synth_abfd = objfile->separate_debug_objfile_backlink->obfd; > else > synth_abfd = abfd; [...] > +if { [# Copy debug info from the relocatable file into a separate .dbg file. > + verify "objcopy --only-keep-debug $binfile.bu $binfile.bu.dbg"] && > + [# Strip debug (and other unneeded) sections from the relocatable > + # file. > + verify "strip --strip-debug --strip-unneeded $binfile.bu"] && > + [# Insert the .gnu_debuglink section into the relocatable file > + # pointing at the separate .dbg file. > + verify "objcopy --add-gnu-debuglink $binfile.bu.dbg $binfile.bu"]} { I haven't tried that but lib/gdb.exp contains gdb_gnu_strip_debug(), would not it be applicable here? Jan