From bc55732c55a0c854f6e3c3cc40efd603907ecdcb Mon Sep 17 00:00:00 2001 From: johannst Date: Tue, 15 Mar 2022 17:05:22 +0000 Subject: deploy: 33d74c3b33394769a2040ff451fbfdfd58e9bf92 --- linux/coredump.html | 297 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 297 insertions(+) create mode 100644 linux/coredump.html (limited to 'linux/coredump.html') diff --git a/linux/coredump.html b/linux/coredump.html new file mode 100644 index 0000000..9e03ff4 --- /dev/null +++ b/linux/coredump.html @@ -0,0 +1,297 @@ + + + + + + coredump - Notes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + + + +
+
+

core(5)

+

There are multiple requirements that must be satisfied that coredumps are +being generated, a full list can be found in core(5).

+

An important one is to configure the soft resource limit RLMIT_CORE +(typically as unlimited during debugging). +In a typical bash/zsh this can be done as

+
ulimit -Sc unlimited
+
+

Naming of coredump files

+

There are two important kernel configs to control the naming:

+
/proc/sys/kernel/core_pattern
+    <pattern>    => Specifies a name pattern for the coredump file. This can
+                    include certain FORMAT specifier.
+    |<cmdline>   => Coredump is pipe through stdin to the user space process
+                    specified by the cmdline, this can also contain FORMAT specifier.
+
+  FORMAT specifier (full list, see core(5)):
+    %E      Pathname of the executable ('/' replaced by '!').
+    %p      PID of the dumping process in its pid namespace.
+    %P      PID of the dumping process in the initial pid namespace.
+    %u      Real UID of dumping process.
+    %s      Signal number causing the dump.
+
+
+/proc/sys/kernel/core_uses_pid
+    1  => Append ".<pid>" suffic to the coredump file name
+          (pid of the dumping process).
+    0  => Do not append the suffix.
+
+

Control which segments are dumped

+

Each process has a coredump filter defined in /proc/<pid>/coredump_filter +which specifies which memory segments are being dumped. +Filters are preseved across fork/exec calls and hence child processes inherit +the parents filters.

+

The filter is a bitmask where 1 indicates to dump the given type.

+
From core(5):
+  bit 0  Dump anonymous private mappings.
+  bit 1  Dump anonymous shared mappings.
+  bit 2  Dump file-backed private mappings.
+  bit 3  Dump file-backed shared mappings.
+  bit 4  Dump ELF headers.
+  bit 5  Dump private huge pages.
+  bit 6  Dump shared huge pages.
+  bit 7  Dump private DAX pages.
+  bit 8  Dump shared DAX pages.
+
+Default filter 0x33.
+
+

Some examples out there

+

coredumpctl (systemd)

+
# List available coredumps.
+coredumpctl list
+    TIME                             PID  UID  GID SIG     COREFILE EXE               SIZE
+    ...
+    Fri 2022-03-11 12:10:48 CET     6363 1000 1000 SIGSEGV present  /usr/bin/sleep   18.1K
+
+# Get detailed info on specific coredump.
+coredumpctl info 6363
+
+# Debug specific coredump.
+coredumpctl debug 6363
+
+# Dump specific coredump to file.
+coredumpctl dump 6363 -o <file>
+
+

apport (ubuntu)

+

Known crash report locations:

+
    +
  • /var/crash
    • +
+

To get to the raw coredump, crash reports can be unpacked as:

+
apport-unpack <crash_repot> <dest_dir>
+
+

The coredump resides under <dest_dir>/CoreDump.

+ +
+ + +
+
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3