Where are my core dumps?
cat /proc/sys/kernel/core_pattern
Put core dumps in a directory:
mkdir /coredumps
chmod 0777 /coredumps
echo '/coredumps/core.%e.%p' | tee /proc/sys/kernel/core_pattern
Still no dumps :-(
ulimit -c unlimited
If dumps are piped to systemd-coredump, you can examine them using
coredumpctl.
| List dumps | coredumpctl |
| Debug the last dump | coredumpctl gdb |
| Extract the last dump | coredumpctl dump -o core |
# Without these, gdb is hardly usable:
set pagination off
set confirm off
set print pretty on
# Save history:
set history save on
set history filename ~/.gdb-history
set history size 10000
| Run | r |
| Continue | c |
| Breakpoint at function | b FUNC |
| Breakpoint at address | b *0xdeadbeef |
| List breakpoints | i b |
| Disable breakpoint | dis N |
| Enable breakpoint | en N |
| Delete breakpoint | d N |
| Call stack | bt |
| Call stack: all threads | thread apply all bt |
| Go to frame | f N |
| Switch to thread | t N |
| Disassemble | disas FUNC |
| Step over line | n |
| Step over instruction | si |
| Step out of frame | fin |
Hint: put this in your ~/.gdbinit and use bta as a shortcut:
define bta
thread apply all backtrace
end
| Disassemble 5 instructions | x/5i 0xdeadbeef |
| Print a 64-bit address | x/1xg 0xdeadbeef |
| Print a 32-bit address | x/1xw 0xdeadbeef |
| Print anything | p sa->__sigaction_handler.sa_handler |
| Describe a type | ptype struct sigaction |
| Describe a type with offsets | ptype /o struct sigaction |
| Disassemble all code sections | objdump -d /proc/self/exe |
| Disassemble a single section | objdump -d -j .init /proc/self/exe |
| Display the section contents | objdump -s -j .data /proc/self/exe |
Hint: put this in your ~/.gdbinit:
define xxd
dump binary memory /tmp/dump.bin $arg0 ((char *)$arg0)+$arg1
shell xxd -groupsize 1 /tmp/dump.bin
shell rm -f /tmp/dump.bin
end
You can then use xxd ADDR LEN to display, in my opinion, the best formatting
for memory dumps:
(gdb) xxd main 24
00000000: f3 0f 1e fa 41 57 41 89 ff bf 05 00 00 00 41 56 ....AWA.......AV
00000010: 49 89 f6 41 55 41 54 55 I..AUATU
If your distribution provides a Debuginfod server, use it! For example, see Arch, Debian, Fedora. In ~/.gdbinit, add
set debuginfod enabled on
This is just me being a baby duck. In ~/.gdbinit:
set disassembly-flavor intel
With objdump:
objdump -Mintel -d /proc/self/exe
My blog. Feel free to contribute or contact me.