Debugging Core Dump Files on Linux - A Detailed Guide
This guide explains how to enable, generate, and debug core dumps in Linux using tools like GDB, Valgrind, and Crash Utility to analyze core dumps
CORE
·
Join the DZone community and get the full member experience.
Join For FreeCore dumps play a key roll role in debugging programs that exit abnormally. They preserve a state of a program at failure, and with them, programmers can view and identify causes of failures. In this article, a walkthrough is taken through a step-by-step exercise of enabling, creating, and checking out core dumps in Linux and touches on high-end tools and techniques for debugging sophisticated failures, and enables quick diagnoses and resolution.
1. Enabling Core Dumps in Linux
Check and Set ulimit
-
Check for current value for core dumps:
Shellulimit -cOutput:
Shell0A value of
0informs us that core dumps have been disabled.. -
Enable core dumps temporarily:
Shellulimit -c unlimitedCheck again:
Shellulimit -cOutput:
Shellunlimited -
To make it persistent, add the following in
/etc/security/limits.conf:Shell* soft core unlimited * hard core unlimited -
Configure location for core dumps:
Shellsudo sysctl -w kernel.core_pattern=/var/dumps/core.%e.%p-
%e: Program name -
%p: Process ID
-
-
Make it persistent: Add the following in
/etc/sysctl.conf:Shellkernel.core_pattern=/var/dumps/core.%e.%pReload configuration:
Shellsudo sysctl -p
2. Generate Core Dumps for Testing
C Program to cause Segfault
Create a testing program:
#include <stdio.h>
int main() {
int *ptr = NULL; // Null pointer
*ptr = 1; // Segmentation fault
return 0;
}Make a build of it:
gcc -g -o crash_test crash_test.cExecute the program:
./crash_testOutput:
Segmentation fault (core dumped)Check for location of the core dump:
ls /var/dumpsExample:
core.crash_test.123453. Analyze with GDB
Load the Core Dump
gdb ./crash_test /var/dumps/core.crash_test.12345Basic Analysis
Get Backtrace
btOutput:
#0 0x0000000000401132 in main () at crash_test.c:4
4 *ptr = 1;The backtrace identifies that the crash happened at line 4.
Examine Variables
info localsOutput:
ptr = (int *) 0x0The variable ptr is a null pointer, and a segmentation fault is confirmed.
Disassemble the Code
disassemble mainOutput:
Dump of assembler code for function main:
0x000000000040112a <+0>: mov %rsp,%rbp
0x000000000040112d <+3>: movl $0x0,-0x4(%rbp)
0x0000000000401134 <+10>: movl $0x1,(%rax)Displays actual assembly instruction at location of crash.
Check Registers
info registersOutput:
rax 0x0 0
rbx 0x0 0
rcx 0x0 0Register rax is 0, showing the null pointer dereference.
4. Debugging Multithreaded Applications
Check Threads
info threadsOutput:
Id Target Id Frame
* 1 Thread 0x7f64c56 (LWP 12345) "crash_test" main () at crash_test.c:4Switch to a Specific Thread
thread 1Get Backtrace for All Threads
thread apply all bt5. Using Advanced Tools
Valgrind – Analysis of Memory Issue
valgrind --tool=memcheck ./crash_testOutput:
Invalid write of size 4
at 0x401132: main (crash_test.c:4)
Address 0x0 is not stack'd, malloc'd or (recently) free'dConfirms an invalid access in memory.
ELFutils for Symbol Inspection
eu-readelf -a /var/dumps/core.crash_test.12345Output:
Program Headers:
LOAD 0x000000 0x004000 0x004000 0x1234 bytes
Displays sections and symbol information in the core file.
Crash Utility for Kernel Dumps
sudo crash /usr/lib/debug/vmlinux /var/crash/coreUse for kernel-space core dumps.
Generate Core Dumps for Running Processes
gcore <PID>6. Debugging Specific Issues
Segmentation Faults
info frame
x/16xw $spCheck near stack pointer in memory.
Heap Corruption
Check for heap corruption with Valgrind or AddressSanitizer:
gcc -fsanitize=address -g -o crash_test crash_test.c
./crash_testShared Libraries Mismatch
info shared
ldd ./crash_testCheck shared libraries loaded in a proper manner.
7. Best Practices for Core Dump Debugging
- Save Symbols Independently: Deploy stripped binaries for production and store debug symbols in a secure manner.
- Automate Dump: Employ systemd-coredump for efficient dump management.
- Analyze Logs: Enable full application logs for tracking run-time faults.
- Redact Sensitive Information: Remove sensitive information in shared core dumps.
- Test in Debugging: Employ debug build with full symbols for in-depth debugging.
8. Conclusion
Debugging a core dump in Linux is a logical progression and utilizes tools such as GDB, Valgrind, and Crash Utility. By careful examination of backtraces, state of memory, and register values, developers can pinpoint root causes and remedy them in no time. Best practices will yield more efficient diagnostics and rapid resolution for production-critical environments.
Opinions expressed by DZone contributors are their own.
Comments