gdb "Core was generated by" truncated to 80 characters

Simon Marchi simark@simark.ca
Tue May 26 14:09:39 GMT 2020


On 2020-05-26 7:07 a.m., Jonny Grant wrote:
> [Not sure if this got through to bug-gdb@gnu.org  so resending]

gdb@sourceware.org is the right place.

> Hello
> 
> Just noticed my command line args of a core file are truncated, so it's hard to reproduce the crash as I don't know what the core was generated from.
> 
> "Core was generated by" truncated to 80 characters in the below example.
> 
> May I ask, is this a limitation of the kernel dump or gdb? When i use 'strings' I see the core does contain the full command line.

You see the name of the process as dumped by the kernel, which truncates it at
a certain length.  Here's the corresponding code in the kernel, where you see it
limited at 80 characters:

https://elixir.bootlin.com/linux/v5.6.14/source/include/uapi/linux/elfcore.h#L79

You can inspect the note with eu-readelf:

$ eu-readelf -a ./core
...
  CORE                 136  PRPSINFO
    state: 0, sname: R, zomb: 0, nice: 0, flag: 0x0000000000400600
    uid: 1000, gid: 1000, pid: 4049460, ppid: 3612973, pgrp: 4049460
    sid: 3612973
    fname: signal
    psargs: ./signal myverylonglonglongmyverylonglonglongmyverylonglonglongmyverylonglonglo
...

The complete "command line" you see with strings comes from the fact that
the argument array (argv) is present somewhere in memory.  So if you are
able to backtrace all the way to main, you might be able to print argc and
argv and deduce the command line.  Even if you aren't able to do that, you
could still do a bit of forensic to find out where the argv array is located
and get the information.

Simon


More information about the Gdb mailing list