Valgrind seems to be unable to load a 64-bit executable with a large data section built with gcc on linux if the '-mcmodel=medium' option is specified. All symbols in messages from valgrind show as '???' and running 'valgrind -v' shows the error "ELF section outside all mapped regions". Removing the 'mcmodel' option fixes the issue, but is not always possible as it may be needed in some configurations.

The issue seems to happen if there is a read-only LOAD section in the ELF program headers.

I am building using gcc 4.8.2 on RHEL 6.4 and testing using valgrind 3.11.0.


Reproducible: Always

Steps to Reproduce:
$ cat >test.cpp <<END
#include <stdlib.h>
int main(int argc, char **argv) {
    static const char data[1024 * 1024] = {0};
    malloc(1024);
    return 0;
}
END

$ gcc -m64 -mcmodel=medium test.cpp -o test

$ valgrind --leak-check=full ./test
$ ../temp/opt/bb/lib64/bin/valgrind --leak-check=full ./test
==27562== Memcheck, a memory error detector
==27562== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==27562== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==27562== Command: ./test
...
==27562== HEAP SUMMARY:
==27562==     in use at exit: 1,024 bytes in 1 blocks
==27562==   total heap usage: 1 allocs, 0 frees, 1,024 bytes allocated
==27562== 
==27562== 1,024 bytes in 1 blocks are definitely lost in loss record 1 of 1
==27562==    at 0x4A05BED: malloc (vg_replace_malloc.c:299)
==27562==    by 0x400588: ??? (in ./test)
==27562==    by 0x3EA821ED5C: (below main) (in /lib64/libc-2.12.so)
==27562== 
==27562== LEAK SUMMARY:
==27562==    definitely lost: 1,024 bytes in 1 blocks
==27562==    indirectly lost: 0 bytes in 0 blocks
==27562==      possibly lost: 0 bytes in 0 blocks
==27562==    still reachable: 0 bytes in 0 blocks
==27562==         suppressed: 0 bytes in 0 blocks
==27562== 
==27562== For counts of detected and suppressed errors, rerun with: -v
==27562== Use --track-origins=yes to see where uninitialised values come from
==27562== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)

$ valgrind --leak-check=full -v ./test
==29881== Memcheck, a memory error detector
==29881== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==29881== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==29881== Command: ./test
==29881== 
--29881-- Valgrind options:
--29881--    --leak-check=full
--29881--    -v
--29881-- Contents of /proc/version:
--29881--   Linux version 2.6.32-358.41.1.el6.x86_64 (mockbuild@x86-029.build.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Mon Apr 21 15:58:42 EDT 2014
--29881-- 
--29881-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-rdtscp-sse3-avx
--29881-- Page sizes: currently 4096, max supported 4096
--29881-- Valgrind library directory: /usr/lib64/valgrind
--29881-- Reading syms from ./test
--29881-- ELF section outside all mapped regions


Actual Results:  
valgrind shows ??? instead of 'main' in the call stack, and shows the error "ELF section outside all mapped regions" while reading my executable

Expected Results:  
Should show 'main' in the call stack.

=== gcc version info ===
$ gcc -v
Using built-in specs.
COLLECT_GCC=/opt/rh/devtoolset-2/root/usr/bin/gcc
COLLECT_LTO_WRAPPER=/opt/rh/devtoolset-2/root/usr/libexec/gcc/x86_64-redhat-linux/4.8.2/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/opt/rh/devtoolset-2/root/usr --mandir=/opt/rh/devtoolset-2/root/usr/share/man --infodir=/opt/rh/devtoolset-2/root/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --enable-languages=c,c++,fortran,lto --enable-plugin --with-linker-hash-style=gnu --enable-initfini-array --disable-libgcj --with-isl=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/isl-install --with-cloog=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/cloog-install --with-mpc=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/mpc-install --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.8.2 20140120 (Red Hat 4.8.2-15) (GCC) 


=== readelf dump of program headers ===
$ readelf -l test

Elf file type is EXEC (Executable file)
Entry point 0x400410
There are 9 program headers, starting at offset 64

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  PHDR           0x0000000000000040 0x0000000000400040 0x0000000000400040
                 0x00000000000001f8 0x00000000000001f8  R E    8
  INTERP         0x0000000000000238 0x0000000000400238 0x0000000000400238
                 0x000000000000001c 0x000000000000001c  R      1
      [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
  LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000
                 0x00000000000006cc 0x00000000000006cc  R E    200000
  LOAD           0x00000000000006d0 0x00000000006006d0 0x00000000006006d0
                 0x000000000000021c 0x0000000000000220  RW     200000
  LOAD           0x00000000000008f0 0x00000000008008f0 0x00000000008008f0
                 0x0000000000100010 0x0000000000100010  R      200000
  DYNAMIC        0x00000000000006e8 0x00000000006006e8 0x00000000006006e8
                 0x00000000000001d0 0x00000000000001d0  RW     8
  NOTE           0x0000000000000254 0x0000000000400254 0x0000000000400254
                 0x0000000000000044 0x0000000000000044  R      4
  GNU_EH_FRAME   0x00000000000005f8 0x00000000004005f8 0x00000000004005f8
                 0x000000000000002c 0x000000000000002c  R      4
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     10

 Section to Segment mapping:
  Segment Sections...
   00     
   01     .interp 
   02     .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 
   03     .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss 
   04     .lrodata 
   05     .dynamic 
   06     .note.ABI-tag .note.gnu.build-id 
   07     .eh_frame_hdr 
   08     

=== valgrind trace of program header loading ===
$ valgrind --trace-symtab=yes ./test
==52969== Memcheck, a memory error detector
==52969== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==52969== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==52969== Command: ./test
==52969== 

------ start ELF OBJECT -------------------------------------------------------
------ name = ./test

Un-de-overlapped _DebugInfoMappings:
  [0]    avma 0x400000              size 4096        foff 0           rx -- --
  [1]    avma 0x600000              size 4096        foff 0           -- rw --

De-overlapped DebugInfoMappings:
  [0]    avma 0x400000              size 4096        foff 0           rx -- --
  [1]    avma 0x600000              size 4096        foff 0           -- rw --

Checking that there are no remaining overlaps.
Check successful.
------ Basic facts about the object ------
object:  n_oimage 1055514
phdr:    ioff 64 nent 9 ent_szB 56
shdr:    ioff 1051248 nent 31 ent_szB 64
rx_map:  avma 0x400000   size 4096  foff 0
rw_map:  avma 0x600000   size 4096  foff 0
shdr:    string table at 1050969

------ Examining the program headers ------
PT_LOAD[2]: p_vaddr 0x400000 (prev 0x0)
PT_LOAD[2]:   p_offset 0, p_filesz 1740, perms r-x
PT_LOAD[2]:   acquired as rx, bias 0x0
PT_LOAD[3]: p_vaddr 0x6006d0 (prev 0x400000)
PT_LOAD[3]:   p_offset 1744, p_filesz 540, perms rw-
PT_LOAD[3]:   acquired as rw, bias 0x0
PT_LOAD[4]: p_vaddr 0x8008f0 (prev 0x6006d0)
PT_LOAD[4]:   p_offset 2288, p_filesz 1048592, perms r--

------ ELF reading failed ------

------ name = ./test
------ end ELF OBJECT -------------------------------------------------------