We Keep Coding

gdb remote debugging: symbol addresses in local file not relocated

The following workflow worked for me at one point, and then it suddenly stopped working. I'd like to figure out why and get it to work again.
on the host, build binary for target system with debug information
send the stripped version of the binary to the target system
on the target, run the binary with gdbserver :6006 mybinary args...
on the host, run gdb-multiarch mybinary. This is the unstripped version. It shows that it loaded symbols from the local binary.
At the gdb prompt, run target remote <ip_of_target>:6006
Then, if I say b main, it inserts a breakpoint at an unrelocated address like 0x621730, which is the offset of the main function in the local binary, whereas it should be added on top of the VM address the remote binary is loaded at (0x5555555000 in this case.) Obviously the unrelocated address doesn't work.
So step 6 was working at one point. I don't know what I'm doing now differently to make the relocation no longer work. Help would be appreciated.
Version of gdbserver and that of host gdb are both Ubuntu 8.1.1-0ubuntu1. The remote system is aarch64.

So step 6 was working at one point. I don't know what I'm doing now differently to make the relocation no longer work.
I suspect that you have upgraded your toolchain, and that your upgraded toolchain produces a Position-Independent Executable mybinary by default, where the old toolchain didn't.
Try adding -no-pie to the link line of mybinary.
Obviously the unrelocated address doesn't work.
Actually, this does work for local debugging -- GDB is smart enough to realize that the code got loaded at a different address:
gdb -q a.out
Reading symbols from a.out...
(gdb) b main
Breakpoint 1 at 0x112d: file t.c, line 1. <<< Note: unrelocated address
(gdb) run
Starting program: /tmp/a.out
Breakpoint 1, main () at t.c:1
1 int main() {return 0; }
(gdb) p/x $pc
$1 = 0x55555555512d <<< Note: breakpoint worked.
It's possible that remote debugging doesn't work, although this worked fine for me using GDB-10.0:
strip a.out -o b.out
gdbserver :6006 ./b.out
Process ./b.out created; pid = 239653
Listening on port 6006
... in another window:
gdb -q ./a.out
Reading symbols from ./a.out...
(gdb) target remote :6006
Remote debugging using :6006
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to access files locally instead.
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
Reading symbols from target:/lib64/ld-linux-x86-64.so.2...
Reading symbols from /usr/lib/debug/.build-id/a8/97a1105e21dd270bd418fe58c441700a6d8ec5.debug...
0x00007ffff7fe4940 in _start () from target:/lib64/ld-linux-x86-64.so.2
(gdb) b main
Breakpoint 1 at 0x55555555512d: file t.c, line 1.

how to debug the coredump file produced by spawn-fcgi?

my coredump file is produced by the shell command sudo spawn-fcgi fcgi-bin -a 0.0.0.0 -p 8089 &, fcgi-bin is compiled by the c++ command g++ -g fcgiMain.cpp fcgiEnv.cpp -o fcgi-bin etc. to deploy with nginx ,as we know that debug coredump file with the command gdb ./test_bin test_coredump,but now i have two bin program spawn-fcgi and "fcgi-bin",if i use the command gdb ./spawn-fcgi coredump and bt to look at the stack ,then it will look like this picture
so anybody can tell me how to deal with this coredump file ,thanks a lot!

There are two separate executables at play here: spawn-fcgi and fcgi-bin. The former execs the latter.
In the GDB output, you can see that the core was produced by fcgi-bin. Therefore, that's the executable you want to give to GDB:
gdb fcgi-bin coredump

How find find offset of a function using gdb?

I have a shared object file that has DWARF info. I want to find the offset of a function. My stack trace is in the format mangledFuncName + 0x123. I want to find the line of code for the corresponding frame. Ideally I'd like to build some sort of mapping between all offsets of a .so file and the filename/linenumber for the offset/range of offsets. Is this possible to do with gdb?

I want to find the offset of a function.
readelf -Ws foo.so | egrep ' function\W'
For example:
readelf -Ws /lib/x86_64-linux-gnu/libc.so.6 | egrep ' open\W'
1782: 00000000000eb430 294 FUNC WEAK DEFAULT 14 open##GLIBC_2.2.5
The value of open is 0xeb430
My stack trace is in the format mangledFuncName + 0x123. I want to find the line of code for the corresponding frame
The easiest solution is to compute actual address (add 0x123 to the address of mangledFuncName extracted above), and use addr2line -fe foo.so $addr
For example, mapping open+0x123 to source file/line yields:
addr2line -fe /lib/x86_64-linux-gnu/libc.so.6 0xeb483
__libc_open64
/build/glibc-oCLvUT/glibc-2.29/io/../sysdeps/unix/sysv/linux/open64.c:48 (discriminator 1)

gdb <so or file loading so>
(gdb) b main
(gdb) run
(gdb) p youfun
(gdb) info line *(0xabcdef+0xab)
(gdb) list *(0xabcdef+0xab)
(gdb) info symbol 0xabcdef
(gdb) b *(0xabcdef+0xab)
line 2 and 3 are there to make the .so file load.
It is not needed if you have the debug info loaded already
(file or as gdb argument).
line 4 will show the address of the function
replace 0xabcdef with the address of the function and 0xab with the offset

How to get a coredump from `abrt`

I'm running Fedora 23, and just recently discovered that abrt handles the coredumps from my crashed application, and places all kind of stuff in /var/spool/abrt/ccpp-date-pid. Is there a command to fetch a coredump from abrt, without manually copying it from the indicated folder? Or could I have abrt feed the coredump to gdb, and also load the binary?
I would prefer not to change /proc/sys/kernel/core_pattern.
I'm thinking somehting along the lines of:
$ cc -g -o foo main.c
$ ./foo
segmentation fault (core dumped)
$ abrt-magic d55ba08dd0535a223d4a7...
(gdb) # time to do post mortem debugging...
Where of course abrt-magic would be replaced with some command

Not quite what you want, but you can use abrt-cli list to list the ids and abrt-cli info -d on a given id to get the backtrace. You need to configure abrtd to save info for non-package dumps with:
sed -i 's/ProcessUnpackaged = no/ProcessUnpackaged = yes/' /etc/abrt/abrt-action-save-package-data.conf
You can also get an "old-fashioned" core dump in the usual current directory of the process, if the ulimit -c value allows it, by setting
MakeCompatCore = yes
in config file /etc/abrt/plugins/CCpp.conf.

How to map $eip in gdb to output of objdump -d?

I have an incomplete stacktrace which stops at a known library (linux i686 architecture). In order to ascertain the function last called, I am trying to map $eip as output by gdb, to an address within a file generated by "objdump -d library.so".
I thought I might be able to use the From address output from "info shared" within gdb, along with the $eip to calculate an offset, which I could then translate to an offset from the disassembly text section of the objdump -d output?
Not sure if this approach is sensible, but trying it in a simple test harness app with a shared library does not give me an address within the right function.
Any help much appreciated.

I thought I might be able to use the From address output from "info shared" within gdb, along with the $eip to calculate an offset, which I could then translate to an offset from the disassembly text section of the objdump -d output?
Yes, that is exactly what you need to do.
The From address in GDB display tells you where .text section of the shared library was located.
The readelf -S foo.so | grep '\.text' will tell you offset of .text in the foo.so itself. Subtract one from the other, and you get the relocation for that shared library (it will be page-aligned).
Now take the $eip from GDB, subtract relocation, and you'll get an address that will match output of nm and objdump for foo.so.
However, GDB will have already completed all of the above steps internally. If it wasn't able to deduce which function $eip ended up in, you shouldn't expect that performing these steps manually will produce any better result.