Address ranges reserved by gdb?

Question

I have a program that mmaps memory at higher addresses using MAP_FIXED at TASK_SIZE - PAGE_SIZE.

This program runs fine if I execute it, but if I run it with gdb, it segfaults just after the mmap. Also at this point, the gdb state seems to be completely corrupted and it appears that the execution reaches an address range filled with 0's (could be from the new mappings just created).

Does gdb use this address range in the running process? Have I cleared out some of gdb's state? Is this address range documented somewhere?

Following is my call to mmap and the address calculation -

#define TASK_SIZE64 (0x800000000000UL - 4096)
#define TASK_SIZE TASK_SIZE64
#define PAGE_OFFSET (void*)TASK_SIZE
...
char *load_address = PAGE_OFFSET - file_size_aligned;
if(load_address != mmap(load_address, file_size_aligned, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0)){
    err("Failed to allocate memory for raw_binary with: %d\n", errno);
    return -1;
}

file_size_aligned comes to a PAGE_SIZE. This is one of the allocations. There is one more that starts from load_address and allocates few more pages backwards (with PROT_READ and PROT_WRITE only).

Answer 1

Does gdb use this address range in the running process?

No.

Have I cleared out some of gdb's state?

No.

Is this address range documented somewhere?

Possibly in kernel sources.

Your program makes invalid assumptions about available address space, and "blows itself up" when run with ASLR turned off (which GDB does by default).

You can confirm this by running your program outside GDB, but with ASLR disabled. It should also crash. Try one of these:

# echo 0 > /proc/sys/kernel/randomize_va_space

or

setarch $(uname -m) -R /path/to/exe

You can also confirm that your program will run under GDB if you enable ASLR:

gdb /path/to/exe
(gdb) set disable-randomization off
(gdb) run