Differences

This shows you the differences between two versions of the page.

--- code:debugging [2015/11/11 17:28] – phil
+++ code:debugging [2020/03/29 12:32] (current) – external edit 127.0.0.1
@@ Line 74: / Line 74: @@
 (gdb) core-file /proc/kcore
 </code>
+====== Enable Core-Dumps ======
+If running a segfaulting program with ''gdb'' directly is not possible or not
+feasible, enabling core-dumps and analyzing the dump later may be an option.
+First, enable core dumps by setting maximum dump file size to something larger
+than zero (or, as shown here, unlimited):
+<code>
+$ ulimit -c unlimited
+</code>
+Dump output is controlled via ''sysctl'' settings //kernel.core_pattern// and
+//kernel.core_uses_pid//. The latter causes //.PID// appendix in whatever the
+//further specified and is in fact a bit outdated since //kernel.core_pattern//
+//supports format specifiers. These are:
+| %<NUL>   | '%' is dropped |
+| %%       | output one '%' |
+| %p       | pid |
+| %P       | global pid (init PID namespace) |
+| %i       | tid |
+| %I       | global tid (init PID namespace) |
+| %u       | uid (in initial user namespace) |
+| %g       | gid (in initial user namespace) |
+| %d       | dump mode, matches PR_SET_DUMPABLE and /proc/sys/fs/suid_dumpable |
+| %s       | signal number |
+| %t       | UNIX time of dump |
+| %h       | hostname |
+| %e       | executable filename (may be shortened) |
+| %E       | executable path |
+| %<OTHER> | both are dropped |
+It is highly advisable to change //kernel.core_pattern// from its default of
+//core// because the segfaulting process may not be allowed to write to its
+current working directory (or it is not known). So better set an absolute path,
+such as ///tmp/core.%p// but keep security considerations in mind, dump files
+may contain sensitive data!
 ====== Links ======
   * http://elinux.org/Ftrace
@@ Line 79: / Line 116: @@
   * https://kgdb.wiki.kernel.org/index.php/Main_Page
   * https://kernel.org/pub/linux/kernel/people/jwessel/kdb/usingKDB.html#quickKDBserial