276

What are all the things I will need to check while analyzing a core dump file?

Please tell me from scratch.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Dew
  • 2,993
  • 5
  • 17
  • 7
  • 1
    Can you describe what your problem is. What command is giving trouble? Maybe reference the chapter from the doc: http://sourceware.org/gdb/download/onlinedocs/gdb/index.html – rene Feb 25 '11 at 09:37

2 Answers2

405

You just need a binary (with debugging symbols included) that is identical to the one that generated the core dump file. Then you can run gdb path/to/the/binary path/to/the/core/dump/file to debug it.

When it starts up, you can use bt (for backtrace) to get a stack trace from the time of the crash. In the backtrace, each function invocation is given a number. You can use frame number (replacing number with the corresponding number in the stack trace) to select a particular stack frame.

You can then use list to see code around that function, and info locals to see the local variables. You can also use print name_of_variable (replacing "name_of_variable" with a variable name) to see its value.

Typing help within GDB will give you a prompt that will let you see additional commands.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Michael Aaron Safyan
  • 93,612
  • 16
  • 138
  • 200
  • 5
    Its possible to run `gdb path/to/the/binary path/to/the/core` when coredumped app is not compiled with `-g` flag, but `path/to/the/binary` is same version app, but with -g flag? – Galimov Albert Nov 18 '12 at 10:45
  • 2
    I tried the `bt` command, but it says `no stack`. The core file is large (`ulimit -c unlimited`). What could I be missing? – Eric O. Lebigot Feb 05 '13 at 03:42
  • 8
    @EOL, you might missed the binary as the first argument, and only provided coredump file. – solotim Apr 08 '13 at 07:47
  • 2
    What if I have no glue what binary produced a core dump? Can I investigate with the `strings` command which binary I need to debug it? – math Feb 12 '14 at 15:54
  • 30
    Oh I can run `file core.86234` and it states which command was used. – math Feb 12 '14 at 15:55
  • How can I debug a core file (generated on target) on host? How can I give the path of source files on host? – Mubin Icyer Jul 24 '20 at 14:00
137

Steps to debug coredump using GDB:

Some generic help:

gdb start GDB, with no debugging les

gdb program begin debugging program

gdb program core debug coredump core produced by program

gdb --help describe command line options

  1. First of all, find the directory where the corefile is generated.

  2. Then use ls -ltr command in the directory to find the latest generated corefile.

  3. To load the corefile use

    gdb binary path of corefile

    This will load the corefile.

  4. Then you can get the information using the bt command.

    For a detailed backtrace use bt full.

  5. To print the variables, use print variable-name or p variable-name

  6. To get any help on GDB, use the help option or use apropos search-topic

  7. Use frame frame-number to go to the desired frame number.

  8. Use up n and down n commands to select frame n frames up and select frame n frames down respectively.

  9. To stop GDB, use quit or q.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Mayank
  • 2,150
  • 1
  • 15
  • 13
  • 1- First of all find the directory where the corefile is generated. How to locate this, not able to find the location. Thanks – akD Apr 19 '17 at 13:55
  • 1
    Refer these URLs for core dump location : https://unix.stackexchange.com/questions/192716/how-to-set-the-core-dump-file-location-and-name http://stackoverflow.com/questions/2065912/core-dumped-but-core-file-is-not-in-current-directory – Mayank Apr 21 '17 at 06:20
  • 2
    What do you mean by *"with no debugging les"*? – Peter Mortensen Dec 02 '19 at 11:12
  • This is a great explanation but could you explain how we could analyze core dump(Generated from nondebuggable binary)? – Cracken Dec 19 '19 at 09:31
  • 7
    I learnt `bt full` here ;) – Rick Mar 18 '20 at 12:47