core dump linux x64

Moderator: Little Muk

Post Reply
User avatar
Simple
Posts: 8678
Joined: 28 Sep 2011, 10:46
ник с it-ru.de: верифицирован
Location: Питер - Ганновер

core dump linux x64

Post by Simple »

Есть тут такие спецы? Где-то стек переписывается, как определить, где косяк?
Is this your homework, Larry? (c)
sena
Posts: 14770
Joined: 20 Sep 2011, 21:38
ник с it-ru.de: верифицирован

Re: core dump linux x64

Post by sena »

Ну я спец и шо? Дебагить надо.
User avatar
Simple
Posts: 8678
Joined: 28 Sep 2011, 10:46
ник с it-ru.de: верифицирован
Location: Питер - Ганновер

Re: core dump linux x64

Post by Simple »

Так это понятно, вопрос - что делать.
Например, есть стектрейс:

Code: Select all

(gdb) bt
#0  0x00007f3ce340466a in ?? ()
#1  0x00007f3ce25b0d0e in boost::log::v2_mt_posix::core::open_record(boost::log::v2_mt_posix::attribute_set const&) ()
   from /root/a4_r32473_install_linux64/Libraries/libboost_log.so.1.55.0
#2  0x00007f3ce1afaa58 in boost::log::v2_mt_posix::sources::basic_logger<char, boost::log::v2_mt_posix::sources::severity_logger_mt<boost::log::v2_mt_posix::trivial::severity_level>, boost::log::v2_mt_posix::sources::multi_thread_model<boost::log::v2_mt_posix::aux::light_rw_mutex> >::open_record_unlocked<boost::parameter::aux::tagged_argument<boost::log::v2_mt_posix::keywords::tag::severity, boost::log::v2_mt_posix::trivial::severity_level const> > (this=0x532d238) at /root/boost_1_55_0/boost/log/sources/basic_logger.hpp:259
#3  0x00007f3ce1afa6a5 in boost::log::v2_mt_posix::sources::basic_severity_logger<boost::log::v2_mt_posix::sources::basic_logger<char, boost::log::v2_mt_posix::sources::severity_logger_mt<boost::log::v2_mt_posix::trivial::severity_level>, boost::log::v2_mt_posix::sources::multi_thread_model<boost::log::v2_mt_posix::aux::light_rw_mutex> >, boost::log::v2_mt_posix::trivial::severity_level>::open_record_unlocked<boost::parameter::aux::tagged_argument<boost::log::v2_mt_posix::keywords::tag::severity, boost::log::v2_mt_posix::trivial::severity_level const> > (this=0x532d238, 
    args=...) at /root/boost_1_55_0/boost/log/sources/severity_feature.hpp:253
#4  0x00007f3ce1afa354 in boost::log::v2_mt_posix::sources::basic_composite_logger<char, boost::log::v2_mt_posix::sources::severity_logger_mt<boost::log::v2_mt_posix::trivial::severity_level>, boost::log::v2_mt_posix::sources::multi_thread_model<boost::log::v2_mt_posix::aux::light_rw_mutex>, boost::log::v2_mt_posix::sources::features<boost::log::v2_mt_posix::sources::severity<boost::log::v2_mt_posix::trivial::severity_level>, void, void, void, void, void, void, void, void, void> >::open_record<boost::parameter::aux::tagged_argument<boost::log::v2_mt_posix::keywords::tag::severity, boost::log::v2_mt_posix::trivial::severity_level const> > (this=0x532d238, args=...)
    at /root/boost_1_55_0/boost/log/sources/basic_logger.hpp:459
#5  0x00007f3ce1b8f946 in dstra::OptionEntry::~OptionEntry (this=0x7f3ce5552520, __in_chrg=<value optimized out>)
    at /root/distra/dstra-plugin/dstra/src/plugin/model/OptionEntry.cpp:63
#6  0x00007f3ce1ba33c7 in dstra::services::OptionService::AddDefault (this=0x53d8c60)
    at /root/distra/dstra-plugin/dstra/src/plugin/services/OptionService.cpp:101
#7  0x00007f3ce1ba2985 in dstra::services::OptionService::OptionService (this=0x53d8c60)
    at /root/distra/dstra-plugin/dstra/src/plugin/services/OptionService.cpp:23
#8  0x00007f3ce1b7f207 in dstra::DstraPlugin::DstraPlugin (this=0x7f3ce1f1f4e0) at /root/distra/dstra-plugin/dstra/src/plugin/DstraPlugin.cpp:51
#9  0x00007f3ce1b7eef5 in dstra::DstraPlugin::GetInstance () at /root/distra/dstra-plugin/dstra/src/plugin/DstraPlugin.cpp:40
#10 0x00007f3ce1af79df in DstrRegisterPasswordCB (cbfun=0xb8bb90 <DstrMgr_PasswordCB>, userData=0x0)
    at /root/distra/dstra-plugin/dstra/src/api/distributed.cpp:283
#11 0x0000000000b87fe2 in DstrMgr_p::registerCallbacks() ()
#12 0x0000000000b8ddfc in DstrMgr::activatePlugin(gstr_s const*, gstr_s const*) ()
#13 0x0000000000baa733 in DstrSessionCreator::run() ()
#14 0x00007f3cf68bf22c in ?? () from /root/a4_r32473_install_linux64/Libraries/libQtCore.so.4
#15 0x0000003191a07aa1 in start_thread () from /lib64/libpthread.so.0
#16 0x00000031916e8aad in clone () from /lib64/libc.so.6
Во фрейме 0 какая-то каша. Иду на фрейм 1:

Code: Select all

(gdb) info frame
Stack level 1, frame at 0x7f3ce5552350:
 rip = 0x7f3ce25b0d0e in boost::log::v2_mt_posix::core::open_record(boost::log::v2_mt_posix::attribute_set const&); saved rip 0x7f3ce1afaa58
 called by frame at 0x7f3ce55523a0, caller of frame at 0x7f3ce5552290
 Arglist at 0x7f3ce5552288, args: 
 Locals at 0x7f3ce5552288, Previous frame's sp is 0x7f3ce5552350
 Saved registers:
  rbx at 0x7f3ce5552318, rbp at 0x7f3ce5552320, r12 at 0x7f3ce5552328, r13 at 0x7f3ce5552330, r14 at 0x7f3ce5552338, r15 at 0x7f3ce5552340,
  rip at 0x7f3ce5552348

Code: Select all

(gdb) disas
Dump of assembler code for function _ZN5boost3log11v2_mt_posix4core11open_recordERKNS1_13attribute_setE:
   0x00007f3ce25b0c90 <+0>:	push   r15
   0x00007f3ce25b0c92 <+2>:	push   r14
   0x00007f3ce25b0c94 <+4>:	push   r13
   0x00007f3ce25b0c96 <+6>:	mov    r13,rdi
   0x00007f3ce25b0c99 <+9>:	push   r12
   0x00007f3ce25b0c9b <+11>:	push   rbp
   0x00007f3ce25b0c9c <+12>:	push   rbx
   0x00007f3ce25b0c9d <+13>:	mov    rbx,rdx
   0x00007f3ce25b0ca0 <+16>:	sub    rsp,0x88
   0x00007f3ce25b0ca7 <+23>:	mov    rbp,QWORD PTR [rsi]
   0x00007f3ce25b0caa <+26>:	movzx  eax,BYTE PTR [rbp+0x78]
   0x00007f3ce25b0cae <+30>:	test   al,al
   0x00007f3ce25b0cb0 <+32>:	je     0x7f3ce25b0e80 <boost::log::v2_mt_posix::core::open_record(boost::log::v2_mt_posix::attribute_set const&)+496>
   0x00007f3ce25b0cb6 <+38>:	lea    r12,[rbp+0x68]
   0x00007f3ce25b0cba <+42>:	mov    rdi,r12
   0x00007f3ce25b0cbd <+45>:	call   0x7f3ce25a5bd8 <_ZN5boost6detail12get_tss_dataEPKv@plt>
   0x00007f3ce25b0cc2 <+50>:	test   rax,rax
   0x00007f3ce25b0cc5 <+53>:	mov    r14,rax
   0x00007f3ce25b0cc8 <+56>:	je     0x7f3ce25b0ec8 <boost::log::v2_mt_posix::core::open_record(boost::log::v2_mt_posix::attribute_set const&)+568>
   0x00007f3ce25b0cce <+62>:	mov    rdi,rbp
   0x00007f3ce25b0cd1 <+65>:	call   0x7f3ce25a5b48 <pthread_rwlock_rdlock@plt>
   0x00007f3ce25b0cd6 <+70>:	movzx  eax,BYTE PTR [rbp+0x78]
   0x00007f3ce25b0cda <+74>:	test   al,al
   0x00007f3ce25b0cdc <+76>:	je     0x7f3ce25b0eb8 <boost::log::v2_mt_posix::core::open_record(boost::log::v2_mt_posix::attribute_set const&)+552>
   0x00007f3ce25b0ce2 <+82>:	lea    r15,[rsp+0x60]
   0x00007f3ce25b0ce7 <+87>:	lea    rcx,[rbp+0x60]
   0x00007f3ce25b0ceb <+91>:	mov    r8d,0x8
   0x00007f3ce25b0cf1 <+97>:	mov    rdx,r14
   0x00007f3ce25b0cf4 <+100>:	mov    rsi,rbx
   0x00007f3ce25b0cf7 <+103>:	mov    rdi,r15
   0x00007f3ce25b0cfa <+106>:	call   0x7f3ce25a44b8 <_ZN5boost3log11v2_mt_posix19attribute_value_setC1ERKNS1_13attribute_setES5_S5_m@plt>
   0x00007f3ce25b0cff <+111>:	mov    rax,QWORD PTR [rbp+0x80]
   0x00007f3ce25b0d06 <+118>:	mov    rsi,r15
   0x00007f3ce25b0d09 <+121>:	mov    rdi,rax
   0x00007f3ce25b0d0c <+124>:	call   QWORD PTR [rax]
=> 0x00007f3ce25b0d0e <+126>:	test   al,al
   0x00007f3ce25b0d10 <+128>:	je     0x7f3ce25b0eb0 <boost::log::v2_mt_posix::core::open_record(boost::log::v2_mt_posix::attribute_set const&)+544>
   0x00007f3ce25b0d16 <+134>:	mov    QWORD PTR [rsp+0x30],0x0
   0x00007f3ce25b0d1f <+143>:	mov    QWORD PTR [rsp+0x58],r15
   0x00007f3ce25b0d24 <+148>:	mov    r14,QWORD PTR [rbp+0x40]
   0x00007f3ce25b0d28 <+152>:	mov    rbx,QWORD PTR [rbp+0x38]
   0x00007f3ce25b0d2c <+156>:	cmp    r14,rbx
   0x00007f3ce25b0d2f <+159>:	je     0x7f3ce25b0f00 <boost::log::v2_mt_posix::core::open_record(boost::log::v2_mt_posix::attribute_set const&)+624>
   0x00007f3ce25b0d35 <+165>:	mov    r12,r14
   0x00007f3ce25b0d38 <+168>:	lea    rax,[rsp+0x30]
   0x00007f3ce25b0d3d <+173>:	mov    rsi,r15
   0x00007f3ce25b0d40 <+176>:	sub    r12,rbx
Судя по стрелке, крэш из-за call по левому адресу.
А дальше что?
Заранее благодарю.
Is this your homework, Larry? (c)
sena
Posts: 14770
Joined: 20 Sep 2011, 21:38
ник с it-ru.de: верифицирован

Re: core dump linux x64

Post by sena »

А ничо дальше, читать, анализировать, дебагить, логить, эксперементировать.

Для начала воспроизветсти надо. Если невоспроизводим - жопа.

Ещё можешь опцию mudflap посмотреть
User avatar
Simple
Posts: 8678
Joined: 28 Sep 2011, 10:46
ник с it-ru.de: верифицирован
Location: Питер - Ганновер

Re: core dump linux x64

Post by Simple »

Спасибо, посмотрю.
Я пробовал gcc поновее и Address Sanitizer, но он не работает в таком сетапе: я пишу плагин к большому блэкбоксу.
Is this your homework, Larry? (c)
roma
Posts: 5512
Joined: 26 Sep 2011, 12:39

Re: core dump linux x64

Post by roma »

0x00007f3ce25b0cff <+111>: mov rax,QWORD PTR [rbp+0x80]
0x00007f3ce25b0d06 <+118>: mov rsi,r15
0x00007f3ce25b0d09 <+121>: mov rdi,rax
0x00007f3ce25b0d0c <+124>: call QWORD PTR [rax]

Так адрес вызываемой функции берётся из стека (скорее всего параметр так передаётся).
Проверяй параметры при вызове основной функции. Поставь бреакпоинт перед call QWORD PTR [rax],
посмотри что там в [rax], что там в QWORD PTR [rbp+0x80], откуда он берётся ...
sena
Posts: 14770
Joined: 20 Sep 2011, 21:38
ник с it-ru.de: верифицирован

Re: core dump linux x64

Post by sena »

Воспроизвести можешь или нет? Если можешь, то всё найдёшь.
User avatar
Simple
Posts: 8678
Joined: 28 Sep 2011, 10:46
ник с it-ru.de: верифицирован
Location: Питер - Ганновер

Re: core dump linux x64

Post by Simple »

спасибо, ребята.
Is this your homework, Larry? (c)
Post Reply