838793 – libudev debuginfo in Rawhide contains faulty DWARF sections

Bug 838793 - libudev debuginfo in Rawhide contains faulty DWARF sections

Summary: libudev debuginfo in Rawhide contains faulty DWARF sections

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	systemd
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	systemd-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-10 07:47 UTC by Richard W.M. Jones
Modified:	2012-07-16 15:26 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-07-10 09:57:29 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Richard W.M. Jones 2012-07-10 07:47:59 UTC

Description of problem:

Valgrind gives strange internal errors when used to debug an
empty program linked to libvirt on Rawhide.

### unhandled dwarf2 abbrev form code 0x1f21
--31554-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--31554-- si_code=1;  Faulting address: 0x5667000;  sp: 0x403093038

valgrind: the 'impossible' happened:
   Killed by fatal signal
==31554==    at 0x380C4690: read_leb128 (readdwarf.c:221)
==31554==    by 0x380C4726: read_leb128U (readdwarf.c:247)
==31554==    by 0x380C6E24: vgModuleLocal_read_debuginfo_dwarf3 (readdwarf.c:956)
==31554==    by 0x38079FC8: vgModuleLocal_read_elf_debug_info (readelf.c:2522)
==31554==    by 0x38073129: vgPlain_di_notify_mmap (debuginfo.c:610)
==31554==    by 0x38094048: vgModuleLocal_generic_PRE_sys_mmap (syswrap-generic.c:2072)
==31554==    by 0x380BB3BA: vgSysWrap_amd64_linux_sys_mmap_before (syswrap-amd64-linux.c:996)
==31554==    by 0x38090D88: vgPlain_client_syscall (syswrap-main.c:1382)
==31554==    by 0x3808DA8F: handle_syscall (scheduler.c:929)
==31554==    by 0x3808EBE8: vgPlain_scheduler (scheduler.c:1151)
==31554==    by 0x3809E789: run_a_thread_NORETURN (syswrap-linux.c:98)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==31554==    at 0x3FC2217A4A: mmap (syscall-template.S:81)
==31554==    by 0x3FC22068FB: _dl_map_object_from_fd (dl-load.c:1344)
==31554==    by 0x3FC22083E2: _dl_map_object (dl-load.c:2359)
==31554==    by 0x3FC220CD01: openaux (dl-deps.c:63)
==31554==    by 0x3FC220EDE5: _dl_catch_error (dl-error.c:177)
==31554==    by 0x3FC220D3E1: _dl_map_object_deps (dl-deps.c:256)
==31554==    by 0x3FC220377B: dl_main (rtld.c:1834)
==31554==    by 0x3FC22152DA: _dl_sysdep_start (dl-sysdep.c:242)
==31554==    by 0x3FC2204FC1: _dl_start (rtld.c:336)
==31554==    by 0x3FC2201597: ??? (in /usr/lib64/ld-2.16.so)

Version-Release number of selected component (if applicable):

valgrind-3.7.0-4.fc18.x86_64
gcc-4.7.1-1.fc18.x86_64
glibc-2.16-2.fc18.x86_64
glibc-2.16-2.fc18.i686
libvirt-0.9.13-1.fc18.x86_64

How reproducible:

100% for me

Steps to Reproduce:

$ cat test.c 
#include <stdio.h>

int
main ()
{
  printf ("hello, world\n");
  return 0;
}

$ gcc test.c -o test -lvirt
$ valgrind ./test
[ internal errors as above ]

To be fair, this might not be libvirt but one of the many
libraries used by libvirt:

$ ldd ./test
	linux-vdso.so.1 =>  (0x00007fff6a1ff000)
	libvirt.so.0 => /lib64/libvirt.so.0 (0x0000003fdb200000)
	libc.so.6 => /lib64/libc.so.6 (0x0000003fc2600000)
	libcap-ng.so.0 => /lib64/libcap-ng.so.0 (0x0000003fd7e00000)
	libyajl.so.2 => /lib64/libyajl.so.2 (0x0000003fd5200000)
	libnl.so.1 => /lib64/libnl.so.1 (0x0000003fd8600000)
	libaudit.so.1 => /lib64/libaudit.so.1 (0x0000003fd4600000)
	libdevmapper.so.1.02 => /lib64/libdevmapper.so.1.02 (0x0000003fd1200000)
	librt.so.1 => /lib64/librt.so.1 (0x0000003fc3600000)
	libnuma.so.1 => /lib64/libnuma.so.1 (0x0000003fd5a00000)
	libavahi-common.so.3 => /lib64/libavahi-common.so.3 (0x0000003fd9e00000)
	libavahi-client.so.3 => /lib64/libavahi-client.so.3 (0x0000003fd9200000)
	libgnutls.so.26 => /lib64/libgnutls.so.26 (0x0000003fd5e00000)
	libgcrypt.so.11 => /lib64/libgcrypt.so.11 (0x0000003fcce00000)
	libsasl2.so.2 => /lib64/libsasl2.so.2 (0x0000003fd3a00000)
	libssh2.so.1 => /lib64/libssh2.so.1 (0x0000003fd9600000)
	libcurl.so.4 => /lib64/libcurl.so.4 (0x0000003fd9a00000)
	libwsman.so.1 => /lib64/libwsman.so.1 (0x0000003fdaa00000)
	libwsman_client.so.1 => /lib64/libwsman_client.so.1 (0x0000003fda200000)
	libwsman_curl_client_transport.so.1 => /lib64/libwsman_curl_client_transport.so.1 (0x0000003fdae00000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003fc3e00000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003fc3200000)
	libutil.so.1 => /lib64/libutil.so.1 (0x0000003fd3600000)
	libxml2.so.2 => /lib64/libxml2.so.2 (0x0000003fc7200000)
	libdl.so.2 => /lib64/libdl.so.2 (0x0000003fc2e00000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003fc4a00000)
	/lib64/ld-linux-x86-64.so.2 (0x0000003fc2200000)
	libm.so.6 => /lib64/libm.so.6 (0x0000003fc2a00000)
	libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003fc9600000)
	libudev.so.1 => /lib64/libudev.so.1 (0x0000003fd2e00000)
	libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x0000003fc7600000)
	libtasn1.so.3 => /lib64/libtasn1.so.3 (0x0000003fd6e00000)
	libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x0000003fcd200000)
	libz.so.1 => /lib64/libz.so.1 (0x0000003fc3a00000)
	libp11-kit.so.0 => /lib64/libp11-kit.so.0 (0x0000003fd4200000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003fc4200000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003fc9e00000)
	libssl.so.10 => /lib64/libssl.so.10 (0x0000003fd3e00000)
	libcrypto.so.10 => /lib64/libcrypto.so.10 (0x0000003fd2600000)
	libidn.so.11 => /lib64/libidn.so.11 (0x0000003fd8e00000)
	liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x0000003fd6600000)
	libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x0000003fd6a00000)
	libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x0000003fd0600000)
	libkrb5.so.3 => /lib64/libkrb5.so.3 (0x0000003fd1a00000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x0000003fd0e00000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003fcc600000)
	libssl3.so => /lib64/libssl3.so (0x0000003fcfa00000)
	libsmime3.so => /lib64/libsmime3.so (0x0000003fcf600000)
	libnss3.so => /lib64/libnss3.so (0x0000003fcf200000)
	libnssutil3.so => /lib64/libnssutil3.so (0x0000003fcea00000)
	libplds4.so => /lib64/libplds4.so (0x0000003fcda00000)
	libplc4.so => /lib64/libplc4.so (0x0000003fcba00000)
	libnspr4.so => /lib64/libnspr4.so (0x0000003fcaa00000)
	libfreebl3.so => /lib64/libfreebl3.so (0x0000003fca600000)
	libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x0000003fd1e00000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003fd2200000)

Comment 1 Richard W.M. Jones 2012-07-10 08:03:01 UTC

Reassigning to valgrind since I can make this happen using
-ldevmapper:

$ gcc test.c -o test -ldevmapper
$ valgrind ./test
[...]
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
--32366-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--32366-- si_code=1;  Faulting address: 0x538C000;  sp: 0x403093038

valgrind: the 'impossible' happened:
   Killed by fatal signal
[...]

Comment 2 Richard W.M. Jones 2012-07-10 08:04:25 UTC

Smallest reproducer seems to be -ludev:

$ cat test.c
#include <stdio.h>

int
main ()
{
  printf ("hello, world\n");
  return 0;
}

$ gcc test.c -o test -ludev
$ valgrind ./test
[...]
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f21
### unhandled dwarf2 abbrev form code 0x1f20
--32419-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--32419-- si_code=1;  Faulting address: 0x4CED000;  sp: 0x403093038

valgrind: the 'impossible' happened:
   Killed by fatal signal
[...]

Comment 3 Richard W.M. Jones 2012-07-10 09:12:45 UTC

Stack trace from upstream valgrind:

#0  read_leb128 (data=0x402ef6000 <Address 0x402ef6000 out of bounds>, 
    length_return=0x4031bffec, sign=0) at m_debuginfo/readdwarf.c:221
#1  0x00000000380d1e87 in read_leb128U (data=data@entry=0x4031c00a8)
    at m_debuginfo/readdwarf.c:247
#2  0x00000000380d4585 in lookup_abbrev (acode=9924, 
    p=0x402ef6000 <Address 0x402ef6000 out of bounds>)
    at m_debuginfo/readdwarf.c:956
#3  read_unitinfo_dwarf2 (debugstr_img=0x0, 
    debugabbrev_img=0x402e7d54a "\001\r", unitblock_img=<optimized out>, 
    ui=0x4031c00e0) at m_debuginfo/readdwarf.c:1048
#4  vgModuleLocal_read_debuginfo_dwarf3 (di=di@entry=0x4026dfa70, 
    debug_info_img=debug_info_img@entry=0x402e43f7c " ", 
    debug_info_sz=debug_info_sz@entry=234958, 
    debug_types_img=debug_types_img@entry=0x0, 
    debug_types_sz=debug_types_sz@entry=0, 
    debug_abbv_img=debug_abbv_img@entry=0x402e7d54a "\001\r", 
    debug_abbv_sz=debug_abbv_sz@entry=25772, 
    debug_line_img=debug_line_img@entry=0x402e839f6 "H\003", 
    debug_line_sz=debug_line_sz@entry=53274, 
    debug_str_img=debug_str_img@entry=0x0, debug_str_sz=debug_str_sz@entry=0)
    at m_debuginfo/readdwarf.c:1220
#5  0x000000003808522e in vgModuleLocal_read_elf_debug_info (
    di=di@entry=0x4026dfa70) at m_debuginfo/readelf.c:2523
#6  0x000000003807e43a in di_notify_ACHIEVE_ACCEPT_STATE (di=0x4026dfa70)
    at m_debuginfo/debuginfo.c:611
#7  vgPlain_di_notify_mmap (a=a@entry=274122989568, 
    allow_SkFileV=allow_SkFileV@entry=0 '\000', use_fd=use_fd@entry=7)
    at m_debuginfo/debuginfo.c:918
#8  0x000000003809f969 in vgModuleLocal_generic_PRE_sys_mmap (tid=tid@entry=1, 
    arg1=274122989568, arg2=8192, arg3=3, arg4=2066, arg5=7, arg6=57344)
    at m_syswrap/syswrap-generic.c:2066
#9  0x00000000380c8505 in vgSysWrap_amd64_linux_sys_mmap_before (tid=1, 
    layout=0x4031c0dc0, arrghs=0x394ad480, status=0x394ad4c8, 
    flags=<optimized out>) at m_syswrap/syswrap-amd64-linux.c:1012
#10 0x000000003809c4b6 in vgPlain_client_syscall (tid=tid@entry=1, 
    trc=trc@entry=73) at m_syswrap/syswrap-main.c:1451
#11 0x00000000380991d0 in handle_syscall (tid=tid@entry=1, trc=73)
    at m_scheduler/scheduler.c:1057
#12 0x000000003809a747 in vgPlain_scheduler (tid=tid@entry=1)
    at m_scheduler/scheduler.c:1335
#13 0x00000000380aa23a in thread_wrapper (tidW=1)
    at m_syswrap/syswrap-linux.c:103
#14 run_a_thread_NORETURN (tidW=1) at m_syswrap/syswrap-linux.c:156
#15 0x0000000000000000 in ?? ()

Comment 4 Richard W.M. Jones 2012-07-10 09:17:01 UTC

Actually I get some warnings from gdb too, so I would say
that it's likely to be the udev library itself which is
broken.

(gdb) run
Starting program: /tmp/test 
Error while reading shared library symbols for /lib64/libudev.so.1:
Dwarf Error: Cannot handle DW_FORM_<unknown> in DWARF reader [in module /usr/lib/debug/usr/lib64/libudev.so.1.0.2.debug]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
hello, world
[Inferior 1 (process 32290) exited normally]
(gdb) quit

Comment 5 Jakub Jelinek 2012-07-10 09:57:29 UTC

Please see http://fedoraproject.org/wiki/Features/DwarfCompressor
Valgrind support is in the works: https://bugs.kde.org/show_bug.cgi?id=302901
GDB support is written, but might take a few days till it will hit Fedora 18.

Comment 6 Paul Howarth 2012-07-10 10:00:02 UTC

Runs OK on my 32-bit Rawhide VM with systemd-186:

# valgrind ./test
==11826== Memcheck, a memory error detector
==11826== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11826== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==11826== Command: ./test
==11826== 
hello, world
==11826== 
==11826== HEAP SUMMARY:
==11826==     in use at exit: 0 bytes in 0 blocks
==11826==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==11826== 
==11826== All heap blocks were freed -- no leaks are possible
==11826== 
==11826== For counts of detected and suppressed errors, rerun with: -v
==11826== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

# rpm -q gcc glibc systemd valgrind
gcc-4.7.1-1.fc18.i686
glibc-2.16-2.fc18.i686
systemd-186-1.fc18.i686
valgrind-3.7.0-4.fc18.i686

Comment 7 Richard W.M. Jones 2012-07-10 10:01:48 UTC

(In reply to comment #6)
> Runs OK on my 32-bit Rawhide VM with systemd-186:
> 
> # valgrind ./test
> ==11826== Memcheck, a memory error detector
> ==11826== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
> ==11826== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
> ==11826== Command: ./test
> ==11826== 
> hello, world
> ==11826== 
> ==11826== HEAP SUMMARY:
> ==11826==     in use at exit: 0 bytes in 0 blocks
> ==11826==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
> ==11826== 
> ==11826== All heap blocks were freed -- no leaks are possible
> ==11826== 
> ==11826== For counts of detected and suppressed errors, rerun with: -v
> ==11826== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
> 
> # rpm -q gcc glibc systemd valgrind
> gcc-4.7.1-1.fc18.i686
> glibc-2.16-2.fc18.i686
> systemd-186-1.fc18.i686
> valgrind-3.7.0-4.fc18.i686

You have to install systemd-debuginfo to see the problem.

Comment 8 Jan Kratochvil 2012-07-16 15:26:35 UTC

(In reply to comment #4)
> Dwarf Error: Cannot handle DW_FORM_<unknown> in DWARF reader

You did not state GDB version.
It should be fixed since gdb-7.4.50.20120703-11.fc18.

* Fri Jul 06 2012 Jan Kratochvil <jan.kratochvil>
 - 7.4.50.20120703-11.fc18
 - [archer-tromey-dwz-multifile-rebase] Fix DWARF files reading (Tom Tromey).

That Bug date suggests it is after this fix but I do not have it reproducible now, please file a GDB component Bug otherwise:

systemd-debuginfo-186-2.fc18.x86_64
gdb-7.4.50.20120703-12.fc18.x86_64

gdb -readnow /lib64/libudev.so.1
Reading symbols from /usr/lib64/libudev.so.1...Reading symbols from /usr/lib/debug/usr/lib64/libudev.so.1.0.2.debug...expanding to full symbols...done.
expanding to full symbols...done.

Note You need to log in before you can comment on or make changes to this bug.

berrange
clalancette
dodji
dougsland
itamar
jakub
jan.kratochvil
jforbes
johannbg
jyang
laine
libvirt-maint
lnykryn
metherid
meyering
mjw
msekleta
notting
plautrba
systemd-maint
veillard
virt-maint