[svlug] Where do I start debugging core dumps?

Dan Mashal dan.mashal at gmail.com
Wed Oct 31 18:03:55 PST 2012


Don't try to debug core dumps unless you are deving.

Easier way to approach this:

Take a look at /var/log/messages

Try disabling selinux

Try recompiling from source with different configure flags.

Exactly what software are you referring to that is core dumping? There
could be a million reasons why something is core dumping and another
million things to check as to why.

Dan

On Wed, Oct 31, 2012 at 4:43 PM, Marco Walther <marco at sonic.net> wrote:

>  On 10/31/2012 03:09 PM, Robert Freiberger wrote:
>
> Hello,
>
>  I'm researching steps how to debug core dumps but running into issues
> that I'm not from a developer background. From my days in the Windows
> world, I would find a host that is in a panic state, take the memory dump,
> use the Microsoft tool Windbg and find which driver or application caused
> it. In most cases it was decently accurate but of course you needed the
> proper libraries to work. Also Microsoft somewhat locked down the Windbg
> tool so you could only view 75% of the information, their in house tool was
> full featured. But this gave me more details that what the logs could
> provide.
>
>  On the Linux side, I want to continue my searching when I find a host
> with a core dump but lacking the knowledge. So far I know searching logs
> but looking tutorials about core dumps, seems like without understanding
> gdb, I'm missing critical information.
>
>  If I find the host crashed from /var/logs then a core dump was created
> from dmesg, but how to I find the specific process that crashed so I can
> ove to strace or other tools?
>
> There are two different dumps for Linux. Core dumps usually refer to a
> per-process dump when a process exits unexpectedly. There is also a kernel
> crash dump, which might get triggered when the kernel falls over.
>
> For the kernel level setup, one reference would be
> https://help.ubuntu.com/12.04/serverguide/kernel-crash-dump.html
>
> The per-process dumps don't need extra software but it might need extra
> configuration. On my laptop, the `ulimit -c' is normally set to 0,
> preventing the writing of dumps. So you might have to change that at
> whatever level you want;-)
>
> marcow at feather4:/tmp$ ulimit -c unlimited
> marcow at feather4:/tmp$ cat foo.c
> int main() {
>   char *ptr = 0;
>
>   *ptr = 4;
> }
> marcow at feather4:/tmp$ gcc foo.c
> marcow at feather4:/tmp$ ./a.out
> Segmentation fault (core dumped)
> marcow at feather4:/tmp$ strings core | head -10
> CORE
> CORE
> a.out
> ./a.out
> CORE
> CORE
> ////////////////
> /lib64/ld-linux-x86-64.so.2
> __gmon_start__
> libc.so.6
>
> The strings|head command should give you the name of the executable which
> was responsible for the core. But it might not help you much more. gdb is
> probably the better way to find out more.
>
> I hope that helps a bit.
>
> Thanks,
> -- Marco
>
>  If there is a reference to a tutorial or book from the system
> administrator point of view that would be great. :)
>
>  Thanks,
> Robert
>
>  --
> Robert Freiberger
> 510-936-1210
>
>
> _______________________________________________
> svlug mailing listsvlug at lists.svlug.orghttp://lists.svlug.org/lists/listinfo/svlug
>
>
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20121031/873ab681/attachment.htm


More information about the svlug mailing list