What Is a Good Way to Dump a Linux Core File from Inside a Process

What is a good way to dump a Linux core file from inside a process?

Google has a library for generating coredumps from inside a running process called google-coredumper. This should ignore ulimit and other mechanisms.

The documentation for the call that generates the core file is here. According to the documentation, it seems that it is feasible to generate a core file in a signal handler, though it is not guaranteed to always work.

How do I analyze a program's core dump file with GDB when it has command-line parameters?

You can use the core with GDB in many ways, but passing parameters which is to be passed to the executable to GDB is not the way to use the core file. This could also be the reason you got that error. You can use the core file in the following ways:

gdb <executable> <core-file> or gdb <executable> -c <core-file> or

gdb <executable>
...
(gdb) core <core-file>

When using the core file you don't have to pass arguments. The crash scenario is shown in GDB (checked with GDB version 7.1 on Ubuntu).

For example:

$ ./crash -p param1 -o param2
Segmentation fault (core dumped)
$ gdb ./crash core
GNU gdb (GDB) 7.1-ubuntu
...
Core was generated by `./crash -p param1 -o param2'. <<<<< See this line shows crash scenario
Program terminated with signal 11, Segmentation fault.
#0  __strlen_ia32 () at ../sysdeps/i386/i686/multiarch/../../i586/strlen.S:99
99    ../sysdeps/i386/i686/multiarch/../../i586/strlen.S: No such file or directory.
    in ../sysdeps/i386/i686/multiarch/../../i586/strlen.S
(gdb)

If you want to pass parameters to the executable to be debugged in GDB, use --args.

For example:

$ gdb --args ./crash -p param1 -o param2
GNU gdb (GDB) 7.1-ubuntu
...
(gdb) r
Starting program: /home/@@@@/crash -p param1 -o param2

Program received signal SIGSEGV, Segmentation fault.
__strlen_ia32 () at ../sysdeps/i386/i686/multiarch/../../i586/strlen.S:99
99    ../sysdeps/i386/i686/multiarch/../../i586/strlen.S: No such file or directory.
    in ../sysdeps/i386/i686/multiarch/../../i586/strlen.S
(gdb)

Man pages will be helpful to see other GDB options.

Most useful commands are:

  • bt (backtrace)
  • info locals (show values of local variables)
  • info registers (show values of CPU registers)
  • frame X (change to stack frame X)
  • up and down (navigate in the stack frame (call chain))

Is a core dump executable by itself?

In older unix variants it was the default to include the text as well as data in the core dump but it was also given in the a.out format and not ELF. Today's default behavior (in Linux for sure, not 100% sure about BSD variants, Solaris etc.) is to have the core dump in ELF format without the text sections but that behavior can be changed.

However, a core dump cannot be executed directly in any case without some help. The reason for that is that there are two things missing from a simple core file. One is the entry point, the other is code to restore the CPU state to the state at or just before the dump occurred (by default also the text sections are missing).

In AIX there used to be a utility called undump but I have no idea what happened to it. It doesn't exist in any standard Linux distribution I know of. As mentioned above (@WumpusQ) there's also an attempt at a similar project for Linux mentioned in above comments, however this project is not complete and doesn't restore the CPU state to the original state. It is, however, still good enough in some specific debugging cases.

It is also worth mentioning that there exist other ELF formatted files that cannot be executes as well which are not core files. Such as object files (compiler output) and .so (shared object) files. Those require a linking stage before being run to resolve external addresses.

Dumping only stack trace in linux core dumps

You can set /proc/$PID/coredump_filter to 0x10.

See http://man7.org/linux/man-pages/man5/core.5.html

How to make linux core dump file being over written each time?

Core pattern is the way you control the names of the core. (Not sure why you aren't using it)

This pattern will overwrite the core files in pwd The name will always be "core"

echo core% > /proc/sys/kernel/core_pattern


Related Topics

Why Does This Code Crash with Address Randomization On

Doesn't Sh Support Process Substitution <(...)

Colors with Unix Command "Watch"

How to Read a .Properties File Which Contains Keys That Have a Period Character Using Shell Script

Allocate Writable Memory in the .Text Section

Zero Length Read from File

How to Get a List of All Valid Ip Addresses in a Local Network

How to Clear the Line Number in Vim When Copying

Escape Double Quote in Grep

How to Send Data to Local Clipboard from a Remote Ssh Session

How to Perform Grep Operation on All Files in a Directory

How to Show Line Number When Executing Bash Script

Using Grep to Search for a String That Has a Dot in It

Control Mouse by Writing to /Dev/Input/Mice

Using 'Find' to Return Filenames Without Extension

How to Programmatically Create Videos

Why Is Dd with the 'Direct' (O_Direct) Flag So Dramatically Faster

How to Tell If a File Is Older Than 30 Minutes from /Bin/Sh


Leave a reply



Submit