gdb : address range mappings

Question

I am analyzing this core dump

   Program received signal SIGABRT, Aborted.
    0xb7fff424 in __kernel_vsyscall ()
    (gdb) where
    #0  0xb7fff424 in __kernel_vsyscall ()
    #1  0x0050cd71 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
    #2  0x0050e64a in abort () at abort.c:92
    #3  0x08083b3b in ?? ()
    #4  0x08095461 in ?? ()
    #5  0x0808bdea in ?? ()
    #6  0x0808c4e2 in ?? ()
    #7  0x080b683b in ?? ()
    #8  0x0805d845 in ?? ()
    #9  0x08083eb6 in ?? ()
    #10 0x08061402 in ?? ()
    #11 0x004f8cc6 in __libc_start_main (main=0x805f390, argc=15, ubp_av=0xbfffef64, init=0x825e220, fini=0x825e210, 
        rtld_fini=0x4cb220 <_dl_fini>, stack_end=0xbfffef5c) at libc-start.c:226
    #12 0x0804e5d1 in ?? ()

I'm not able to know which function ?? maps to OR for instance #10 0x08061402 in?? () #10 0x08061402 in?? () falls in which address range...

Please help me debug this.

Answer 1

Your program has no debugging symbols. Recompile it with -g . Make sure you haven't stripped your executable, eg by passing -s to the linker.

Answer 2

Even though @user794080 didn't say so, it appears exceedingly likely that his program is a 32-bit linux executable.

There are two possible reasons (I can think of) for symbols from main executable (and all symbols in the stack trace in the range [0x08040000,0x08100000) are from the main executable) not to show up.

1. The main executable has in fact been stripped (this is the same as ninjalj's answer), and often happens when '-s' is passed into the linker, perhaps inadvertently.
2. The executable has been compiled with a new(er) GCC, but is being debugged by an old(er) GDB, which chokes on some newer dwarf construct (there should be a warning from GDB about that).

Answer 3

To know what libraries are mapped into the application, record a pid of you program, stopped in gdb and run in other console

cat /proc/$pid/maps

wher $pid is the pid of stopped process. Format of the maps file is described at http://linux.die.net/man/5/proc - starting from "/proc/[number]/maps A file containing the currently mapped memory regions and their access permissions."

Also, if your OS don't use a ASLR (address space layout randomization) or it is disabled for your program, you can use

ldd ./program

to list linked libraries and their memory ranges. But if ASLR is turned on, you will be not able to get real memory mapping ranges info, as it will change for each run of program. But even then you will know, what libraries are linked in dynamically and install a debuginfo for them.

Answer 4

The stack might be corrupted. The "??" can happen if the return address on the stack has been overwritten by, for example, a buffer overflow.