Bug 713471

Summary: add2line crashes [@ elf_find_function]
Product: [Fedora] Fedora Reporter: Matěj Cepl <mcepl>
Component: binutilsAssignee: Nick Clifton <nickc>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jakub, mcepl, nickc
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-16 12:32:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Matěj Cepl 2011-06-15 13:56:01 UTC 
Description of problem:
When trying to parse Xorg server backtraces (e.g., see https://bugzilla.redhat.com/show_bug.cgi?id=712540#c10) I am running addr2line to get line of the code corresponding to the particular address. Quite often I make addr2line. I can make it fail even on the command line. E.g.,

addr2line -fe /usr/lib/debug/lib64/libc.so.6.debug 0x12dff1


Version-Release number of selected component (if applicable):
glibc-2.14-2.x86_64
binutils-2.21.51.0.6-2.fc15.x86_64

How reproducible:
100%

Steps to Reproduce:
1. see above
2.
3.
  
Actual results:
add2line crashes

Expected results:
it shouldn't ... my command could be stupid, I may ask to get some nonsense, but addr2line should kick me out decently.

Additional info:
bradford:xorg-backtrace-analyze (master) $ gdb addr2line core.20409 
GNU gdb (GDB) Fedora (7.2.90.20110525-38.fc15)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/addr2line...Reading symbols from /usr/lib/debug/usr/bin/addr2line.debug...done.
done.
[New LWP 20409]
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/f2/12ba7404a98cda360ceebbf48489793f13e407
Core was generated by `addr2line -fe /usr/lib/debug/lib64/libc.so.6.debug 0x12dff1'.
Program terminated with signal 11, Segmentation fault.
#0  elf_find_function (abfd=0x1a28060, section=0x1a2b288, symbols=0x0, 
    offset=1110801, filename_ptr=0x0, functionname_ptr=0x605e10) at elf.c:7475
7475	  for (p = symbols; *p != NULL; p++)
(gdb) backtrace
#0  elf_find_function (abfd=0x1a28060, section=0x1a2b288, symbols=0x0, 
    offset=1110801, filename_ptr=0x0, functionname_ptr=0x605e10) at elf.c:7475
#1  0x00000036958648b2 in _bfd_elf_find_nearest_line (abfd=0x1a28060, 
    section=0x1a2b288, symbols=0x0, offset=1110801, 
    filename_ptr=<optimized out>, functionname_ptr=0x605e10, line_ptr=0x605e18)
    at elf.c:7555
#2  0x0000000000402610 in find_address_in_section (section=<optimized out>, 
    abfd=<optimized out>, data=<optimized out>) at addr2line.c:167
#3  find_address_in_section (abfd=<optimized out>, section=<optimized out>, 
    data=<optimized out>) at addr2line.c:147
#4  0x000000369583fddc in bfd_map_over_sections (abfd=0x1a28060, 
    operation=0x4025b0 <find_address_in_section>, user_storage=0x0)
    at section.c:1277
#5  0x0000000000402266 in translate_addresses (section=0x0, abfd=0x1a28060)
    at addr2line.c:233
#6  process_file (target=<optimized out>, section_name=<optimized out>, 
    file_name=<optimized out>) at addr2line.c:344
#7  main (argc=4, argv=0x7fffeccbee88) at addr2line.c:450
(gdb) thread all apply backtrace
No symbol "all" in current context.
(gdb)
Comment 1 Nick Clifton 2011-06-15 15:53:50 UTC 
Hi Matej,

  Please could you upload a full testcase for me to reproduce this problem ?  Ie please provide a binary file and a command line that runs addr2line on this binary and then seg-faults.

Cheers
  Nick
Comment 2 Matěj Cepl 2011-06-16 09:41:13 UTC 
(In reply to comment #1)
>   Please could you upload a full testcase for me to reproduce this problem ? 
> Ie please provide a binary file and a command line that runs addr2line on this
> binary and then seg-faults.

See the command line in the comment 0:

addr2line -fe /usr/lib/debug/lib64/libc.so.6.debug 0x12dff1

and the version of the debug file is

$ rpm -qf /usr/lib/debug/lib64/libc.so.6.debug
glibc-debuginfo-2.14-2.x86_64
$

Doesn't it answer your questions?
Comment 3 Nick Clifton 2011-06-16 12:32:14 UTC 
Hi Matej,

  Doh.  Sorry - my brain was not working yesterday.

  Anyway I have found and fixed the bug.  Please try out binutils-2.21.52.0.1-3.fc16 and let me know if you have any problems.

  (The bug was that the libc.so.6.debug file does not contain a symbol table, but the code to convert an address to a function name was assuming that the symbol table was present).

Cheers
  Nick