网友通过本文主要向大家介绍了linux coredump,core dump,coredump是什么,gdb core dump,core dump文件等相关知识,希望对您有所帮助,也希望大家支持linkedu.com www.linkedu.com
关于Linux的core dump
core dump简介
core dump就是在进程crash时把包括内存在内的现场保留下来,以备故障分析。 但有时候,进程crash了却没有输出core,因为有一些因素会影响输出还是不输出core文件。 常见的一个coredump开关是ulimit -c,它限制允许输出的coredump文件的最大size,如果要输出的core文件大小超过这个值将不输出core文件。
ulimit -c的输出为0,代表关闭core dump输出。
[root@srdsdevapp69 ~]# ulimit -c0
设置ulimit -c unlimited,将不对core文件大小做限制
[root@srdsdevapp69 ~]# ulimit -c unlimited[root@srdsdevapp69 ~]# ulimit -cunlimited
这样设置的ulimit值只在当前会话中有效,重开一个终端起进程是不受影响的。
ulimit -c只是众多影响core输出因素中的一个,其它因素可以参考man。
$ man core...There are various circumstances in which a core dump file is not produced:* The process does not have permission to write the core file. (By default the core file is called core, and is created in the current working directory. See below for details on naming.) Writing the core file will fail if the directory in which it is to be created is non-writable, or if a file with the same name exists and is not writable or is not a regular file (e.g., it is a directory or a symbolic link).* A (writable, regular) file with the same name as would be used for the core dump already exists, but there is more than one hard link to that file.* The file system where the core dump file would be created is full; or has run out of inodes; or is mounted read-only; or the user has reached their quota for the file system.* The directory in which the core dump file is to be created does not exist.* The RLIMIT_CORE (core file size) or RLIMIT_FSIZE (file size) resource limits for the process are set to zero; see getrlimit(2) and the documentation of the shell’s ulimit command (limit in csh(1)).* The binary being executed by the process does not have read permission enabled.* The process is executing a set-user-ID (set-group-ID) program that is owned by a user (group) other than the real user (group) ID of the process. (However, see the description of the prctl(2) PR_SET_DUMPABLE operation, and the description of the /proc/sys/fs/suid_dumpable file in proc(5).)
其实还漏了一个,进程可以捕获那些本来会出core的信号,然后自己来处理,比如MySQL就是这么干的。
abrtd
RHEL/CentOS下默认开启abrtd进行故障现场记录(包括生成coredump)和故障报告
此时abrtd进程是启动的,
[root@srdsdevapp69 ~]# service abrtd statusabrtd (pid 8711) is running...
core文件的生成位置被重定向到了abrt-hook-ccpp
[root@srdsdevapp69 ~]# cat /proc/sys/kernel/core_pattern|/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e
测试coredump
生成以下产生coredump的程序,并执行。
testcoredump.c:
int main(){ return 1/0;} 编译并执行
$gcc testcoredump.c -o testcoredump$./testcoredump
查看系统日志,中途临时产生了core文件,但最后又被删掉了。
$tail -f /var/log/messages...Dec 8 09:54:44 srdsdevapp69 kernel: testcoredump[4028] trap divide error ip:400489 sp:7fff5a54b200 error:0 in testcoredump[400000+1000]Dec 8 09:54:44 srdsdevapp69 abrtd: Directory 'ccpp-2016-12-08-09:54:44-4028' creation detectedDec 8 09:54:44 srdsdevapp69 abrt[4029]: Saved core dump of pid 4028 (/root/testcoredump) to /var/spool/abrt/ccpp-2016-12-08-09:54:44-4028 (184320 bytes)Dec 8 09:54:44 srdsdevapp69 abrtd: Executable '/root/testcoredump' doesn't belong to any packageDec 8 09:54:44 srdsdevapp69 abrtd: 'post-create' on '/var/spool/abrt/ccpp-2016-12-08-09:54:44-4028' exited with 1Dec 8 09:54:44 srdsdevapp69 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2016-12-08-09:54:44-4028, deleting
abrtd默认只保留软件包里的程序产生的core文件,修改下面的参数可以让其记录所有程序的core文件。