GDB 调试coredump

举例：NTP coredump

1. ps查看ntp的进程号

 1842 admin     1560 S    /usr/sbin/ntpd -n -p cn.ntp.org.cn -p edu.ntp.org.cn

2. 先gdb attach到ntp进程，然后手动生成一个coredump文件

./gdb attach 1842

dlopen failed on 'libthread_db.so.1' - File not found
GDB will not be able to debug pthreads.

GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "mips-linux"...
attach: No such file or directory.
Attaching to process 1842
Reading symbols from /bin/busybox...(no debugging symbols found)...done.
0x7743f5dc in ?? ()
(gdb) generate-core-file 
Saved corefile core.1842
(gdb) q
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /bin/busybox, process 1842
在/tmp目录下会看到生成了core.1842 文件

 

通过

./gdb ntpd core.1842 

dlopen failed on 'libthread_db.so.1' - File not found
GDB will not be able to debug pthreads.

GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "mips-linux"...
(no debugging symbols found)

warning: core file may not match specified executable file.
Core was generated by `/bin/busybox'.
[New process 1842]
#0  0x7743f5dc in ?? ()
(gdb) info file 
Symbols from "/usr/sbin/ntpd".
Local core dump file:
        `/tmp/core.1842', file type elf32-tradbigmips.
        0x00400000 - 0x00471000 is load1
        0x00481000 - 0x00482000 is load2
        0x00482000 - 0x00483000 is load3
        0x00a07000 - 0x00a0a000 is load4
        0x77432000 - 0x7748b000 is load5
        0x7749a000 - 0x7749b000 is load6
        0x7749b000 - 0x7749c000 is load7
        0x7749c000 - 0x774a1000 is load8
        0x774a1000 - 0x774b4000 is load9
        0x774c3000 - 0x774c4000 is load10
        0x774c4000 - 0x774c5000 is load11
        0x774c5000 - 0x774dc000 is load12
        0x774eb000 - 0x774ec000 is load13
        0x774ec000 - 0x774f2000 is load14
        0x77502000 - 0x77503000 is load15
        0x77503000 - 0x77514000 is load16
        0x77514000 - 0x7751b000 is load17
        0x77529000 - 0x7752a000 is load18
        0x7752a000 - 0x7752b000 is load19
        0x7752b000 - 0x7752c000 is load20
        0x7752c000 - 0x7752d000 is load21
        0x7fb29000 - 0x7fb4a000 is load22
        0x7fff7000 - 0x7fff8000 is load23
Local exec file:
        `/usr/sbin/ntpd', file type elf32-tradbigmips.
        Entry point: 0x404fd0

(gdb) bt
#0  0x7743f5dc in ?? () // 地址对应info file中的load5
warning: GDB can't find the start of the function at 0x7743f5dc.

    GDB is unable to find the start of the function at 0x7743f5dc
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
    This problem is most likely caused by an invalid program counter or
stack pointer.
    However, if you think GDB should simply search farther back
from 0x7743f5dc for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.
#1  0x7743f5dc in ?? ()
warning: GDB can't find the start of the function at 0x7743f5db.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) 

(gdb) shell cat /proc/1842/maps
00400000-00471000 r-xp 00000000 1f:02 1305       /bin/busybox //load1
00481000-00482000 rw-p 00071000 1f:02 1305       /bin/busybox
00482000-00483000 rwxp 00000000 00:00 0 
00a07000-00a0a000 rwxp 00000000 00:00 0          [heap]
77432000-7748b000 r-xp 00000000 1f:03 274        /lib/libuClibc-0.9.33.2.so // load5
7748b000-7749a000 ---p 00000000 00:00 0 
7749a000-7749b000 r--p 00058000 1f:03 274        /lib/libuClibc-0.9.33.2.so
7749b000-7749c000 rw-p 00059000 1f:03 274        /lib/libuClibc-0.9.33.2.so
7749c000-774a1000 rw-p 00000000 00:00 0 
774a1000-774b4000 r-xp 00000000 1f:02 1744       /lib/libgcc_s.so.1
774b4000-774c3000 ---p 00000000 00:00 0 
774c3000-774c4000 r--p 00012000 1f:02 1744       /lib/libgcc_s.so.1
774c4000-774c5000 rw-p 00013000 1f:02 1744       /lib/libgcc_s.so.1
774c5000-774dc000 r-xp 00000000 1f:02 1825       /lib/libm-0.9.33.2.so
774dc000-774eb000 ---p 00000000 00:00 0 
774eb000-774ec000 rw-p 00016000 1f:02 1825       /lib/libm-0.9.33.2.so
774ec000-774f2000 r-xp 00000000 1f:02 2160       /lib/libcrypt-0.9.33.2.so
774f2000-77502000 ---p 00000000 00:00 0 
77502000-77503000 rw-p 00006000 1f:02 2160       /lib/libcrypt-0.9.33.2.so
77503000-77514000 rw-p 00000000 00:00 0 
77514000-7751b000 r-xp 00000000 1f:02 2189       /lib/ld-uClibc-0.9.33.2.so
77529000-7752a000 rw-p 00000000 00:00 0 
7752a000-7752b000 r--p 00006000 1f:02 2189       /lib/ld-uClibc-0.9.33.2.so
7752b000-7752c000 rw-p 00007000 1f:02 2189       /lib/ld-uClibc-0.9.33.2.so
7752c000-7752d000 rw-p 00000000 00:00 0 
7fb29000-7fb4a000 rwxp 00000000 00:00 0          [stack]
7fff7000-7fff8000 r-xp 00000000 00:00 0          [vdso

可以看到load5为 /lib/libuClibc-0.9.33.2.so

将带-g的/lib/libuClibc-0.9.33.2.so导入，再次bt就可以看到调用关系