A brief analysis of using coredump technology to trace the cause of process crashes in Linux

Recently, a problem occurred in the project. The server-side program would suddenly crash and exit. We used coredump technology to find the cause of the crash, that is, to determine which function was being executed when the process exited and its status.

If coredump is enabled on the system, or more precisely, if coredump is enabled on the current shell environment, when the program in the current shell environment crashes and exits, the memory state of the process stack at that time will be written to the core file. Use gdb to view the status of the stack saved in this core file, gdb a.out core. (For more information about coredump and shell, please refer to my other blog "Using dotnet-dump to find the reason why .net core 3.0 occupies 100% of the CPU", and for gdb, please refer to "Use and Summary of gdb Debugging Commands")

The default location of the core file is the location of the executable file, and the default name is core. Its location and name can be set. My settings are:

mkdir /home/corefile 
echo "/home/corefile/core-%e-%p-%t" > /proc/sys/kernel/core_pattern

In this way, the generated core file will be placed in the /home/corefile directory, and the core file name will appear in the form of core-%e-%p-%t, where %e represents the name of the executable file, %p represents the process, and %t represents the time when the core file was generated (note that it is Unix time).

Here is a routine that can cause a coredump:

The crossed lines are where the coredump will occur. After execution, the following files will be generated in the /home/corefile directory:

[root@localhostwin7]# ls /home/corefile/ 

a.out is the executable file name, 5082 is the PID, and 1490760381 is the Unix time when the file was generated. Put the a.out and core files in a directory and use the command:

gdb a.out core-a.out-5082-1490760381

Enter gdb and use the backtrace command to view the memory status of the stack when the process exits, as shown below:

It can be seen that when the process exits, the last function executed is the square function. ————————————————

Summarize

The above is what I introduced to you about using coredump technology to trace the cause of process crash under Linux. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time!