[svlug] Where do I start debugging core dumps?

Marco Walther marco at sonic.net
Wed Oct 31 15:43:40 PST 2012


On 10/31/2012 03:09 PM, Robert Freiberger wrote:
> Hello,
>
> I'm researching steps how to debug core dumps but running into issues 
> that I'm not from a developer background. From my days in the Windows 
> world, I would find a host that is in a panic state, take the memory 
> dump, use the Microsoft tool Windbg and find which driver or 
> application caused it. In most cases it was decently accurate but of 
> course you needed the proper libraries to work. Also Microsoft 
> somewhat locked down the Windbg tool so you could only view 75% of the 
> information, their in house tool was full featured. But this gave me 
> more details that what the logs could provide.
>
> On the Linux side, I want to continue my searching when I find a host 
> with a core dump but lacking the knowledge. So far I know searching 
> logs but looking tutorials about core dumps, seems like without 
> understanding gdb, I'm missing critical information.
>
> If I find the host crashed from /var/logs then a core dump was created 
> from dmesg, but how to I find the specific process that crashed so I 
> can ove to strace or other tools?
There are two different dumps for Linux. Core dumps usually refer to a 
per-process dump when a process exits unexpectedly. There is also a 
kernel crash dump, which might get triggered when the kernel falls over.

For the kernel level setup, one reference would be
https://help.ubuntu.com/12.04/serverguide/kernel-crash-dump.html

The per-process dumps don't need extra software but it might need extra 
configuration. On my laptop, the `ulimit -c' is normally set to 0, 
preventing the writing of dumps. So you might have to change that at 
whatever level you want;-)

marcow at feather4:/tmp$ ulimit -c unlimited
marcow at feather4:/tmp$ cat foo.c
int main() {
   char *ptr = 0;

   *ptr = 4;
}
marcow at feather4:/tmp$ gcc foo.c
marcow at feather4:/tmp$ ./a.out
Segmentation fault (core dumped)
marcow at feather4:/tmp$ strings core | head -10
CORE
CORE
a.out
./a.out
CORE
CORE
////////////////
/lib64/ld-linux-x86-64.so.2
__gmon_start__
libc.so.6

The strings|head command should give you the name of the executable 
which was responsible for the core. But it might not help you much more. 
gdb is probably the better way to find out more.

I hope that helps a bit.

Thanks,
-- Marco

> If there is a reference to a tutorial or book from the system 
> administrator point of view that would be great. :)
>
> Thanks,
> Robert
>
> -- 
> Robert Freiberger
> 510-936-1210
>
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20121031/0eb8b0a8/attachment.htm


More information about the svlug mailing list