Archive for the ‘gdb’ Category

android: coredump: analyze core file with gdb

October 27, 2015

In android: coredump; how to make kernel dump core file after some process crashes, we discuss how to get core file of a process after it native crashes. In this post, we discuss how to analyze the core file with gdb.

run gdb and setup environment

  • star gdb
  • $ cd ~/android_source/
    $ ./prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin//aarch64-linux-android-gdb
    GNU gdb (GDB) 7.7
    Copyright (C) 2014 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "--host=x86_64-linux-gnu --target=aarch64-elf-linux".
    Type "show configuration" for configuration details.
    For bug reporting instructions, please see:
    <http://source.android.com/source/report-bugs.html>.
    Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.
    For help, type "help".
    Type "apropos word" to search for commands related to "word".
    
  • setup file
  • (gdb) file out/target/product/${project}/symbols/system/bin/coredumptest
    Reading symbols from symbols/system/bin/coredumptest...done.
    
  • setup dynamic library search path
  • (gdb) set solib-search-path out/target/product/${project}/symbols/system/lib64/
    
  • setup core-file
  • (gdb) core-file 20948.coredumptest.18446744073709551615.core
    [New LWP 20948]
    warning: Could not load shared library symbols for 4 libraries, e.g. /system/bin/linker64.
    Use the "info sharedlibrary" command to see the complete listing.
    Do you need "set solib-search-path" or "set sysroot"?
    Program terminated with signal SIGSEGV, Segmentation fault.
    #0  strlen () at bionic/libc/arch-arm64/generic/bionic/strlen.S:71
    warning: Source file is more recent than executable.
    71              ldp     data1, data2, [src], #16
    

    dump stack of the crashing thread

  • Use backtrace(bt) command to get callback
  • (gdb) bt
    #0  strlen () at bionic/libc/arch-arm64/generic/bionic/strlen.S:71
    #1  0x0000005595326f00 in strlen (s=0x0) at bionic/libc/include/string.h:239
    #2  test4 () at frameworks/native/services/coredumptest/CoredumpTest.cpp:11
    #3  0x0000005595326f88 in test3 () at frameworks/native/services/coredumptest/CoredumpTest.cpp:20
    #4  0x0000005595327010 in test2 () at frameworks/native/services/coredumptest/CoredumpTest.cpp:29
    #5  0x0000005595327098 in test1 () at frameworks/native/services/coredumptest/CoredumpTest.cpp:38
    #6  0x0000005595326d7c in main () at frameworks/native/services/coredumptest/CoredumpTest.cpp:56
    
  • The gdb call stack satisfies the code flow of the native crash in coredumptest
  • int test4()
    {
        int ret = strlen(NULL);
        ......
        return ret;
    }
    
    int test3()
    {
        int ret = test4() + 3;
        ......
        return ret;
    }
    
    int test2()
    {
        int ret = test3() + 2;
        ......
        return ret;
    }
    
    int test1()
    {
        int ret = test2() + 1;
        ......
        return ret;
    }
    
    int main()
    {
        ......
        int n = test1();
        ......
        return 0;
    }
    

    dump registers of the crashing thread
    Use info command to get the values of all registers

    (gdb) info registers
    x0             0x0      0
    x1             0x0      0
    x2             0x7fcbe33358     548881511256
    x3             0xa      10
    x4             0x1      1
    x5             0x0      0
    x6             0xb      11
    x7             0x0      0
    x8             0xa4     164
    x9             0x0      0
    x10            0x7fcbe32f88     548881510280
    x11            0x101010101010101        72340172838076673
    x12            0x1      1
    x13            0x1e     30
    x14            0x7faa6560f0     548319617264
    x15            0x7faa656100     548319617280
    x16            0x5595338fb8     367575404472
    x17            0x7faa597424     548318835748
    x18            0x0      0
    x19            0xffffffffffffffff       -1
    x20            0x7fcbe33348     548881511240
    x21            0x1      1
    x22            0x5595326d50     367575330128
    x23            0x0      0
    x24            0x0      0
    x25            0x0      0
    x26            0x0      0
    x27            0x0      0
    x28            0x0      0
    x29            0x7fcbe33220     548881510944
    x30            0x5595326f00     367575330560
    sp             0x7fcbe33220     0x7fcbe33220
    pc             0x7faa597434     0x7faa597434 <strlen+16>
    cpsr           0x40000000       1073741824
    fpsr           0x0      0
    fpcr           0x0      0
    

    dump memory near the stack of the crashing thread

    (gdb) x/100x 0x7fcbe33220
    0x7fcbe33220:   0xcbe33240      0x0000007f      0x95326f88      0x00000055
    0x7fcbe33230:   0xffffffff      0xffffffff      0xcbe33348      0x0000007f
    0x7fcbe33240:   0xcbe33260      0x0000007f      0x95327010      0x00000055
    0x7fcbe33250:   0xffffffff      0xffffffff      0xaa63e198      0x0000007f
    0x7fcbe33260:   0xcbe33280      0x0000007f      0x95327098      0x00000055
    0x7fcbe33270:   0xffffffff      0xffffffff      0xaa596468      0x0000007f
    0x7fcbe33280:   0xcbe332a0      0x0000007f      0x95326d7c      0x00000055
    0x7fcbe33290:   0xffffffff      0xffffffff      0x95326d50      0x00000055
    0x7fcbe332a0:   0xcbe332d0      0x0000007f      0xaa596478      0x0000007f
    0x7fcbe332b0:   0xcbe33358      0x0000007f      0x00000000      0x00000000
    0x7fcbe332c0:   0xffffffff      0xffffffff      0xffffffff      0xffffffff
    0x7fcbe332d0:   0xcbe33300      0x0000007f      0x95326e90      0x00000055
    0x7fcbe332e0:   0x00000000      0x00000000      0x00000000      0x00000000
    0x7fcbe332f0:   0x00000000      0x00000000      0x00000000      0x00000000
    0x7fcbe33300:   0x00000000      0x00000000      0xaa63f610      0x0000007f
    0x7fcbe33310:   0x00000000      0x00000000      0xcbe33340      0x0000007f
    0x7fcbe33320:   0x00000000      0x00000000      0x95338ce0      0x00000055
    0x7fcbe33330:   0x95338cf0      0x00000055      0x95338d00      0x00000055
    0x7fcbe33340:   0x00000001      0x00000000      0xcbe33a3a      0x0000007f
    0x7fcbe33350:   0x00000000      0x00000000      0xcbe33a4d      0x0000007f
    0x7fcbe33360:   0xcbe33a62      0x0000007f      0xcbe33a8e      0x0000007f
    0x7fcbe33370:   0xcbe33aa1      0x0000007f      0xcbe33d67      0x0000007f
    0x7fcbe33380:   0xcbe33da4      0x0000007f      0xcbe33dbd      0x0000007f
    0x7fcbe33390:   0xcbe33ddf      0x0000007f      0xcbe33dfe      0x0000007f
    0x7fcbe333a0:   0xcbe33e13      0x0000007f      0xcbe33e3d      0x0000007f
    

    conclusion
    In this post, we demonstrate how to run and setup gdb to load corefile. We also demonstrate basic gdb commands to show call stacks, registers, and some memory contents.

    Advertisements

    %d bloggers like this: