How To: read a CentOS / RHEL core dump file
How can you read a core dump file?
From wikipedia: In computing, a core dump (in Unix parlance), memory dump, or system dump consists of the recorded state of the working memory of a computer program at a specific time, generally when the program has terminated abnormally (crashed). In practice, other key pieces of program state are usually dumped at the same time, including the processor registers, which may include the program counter and stack pointer, memory management information, and other processor and operating system flags and information. Core dumps are often used to assist in diagnosing and debugging errors in computer programs.
The term “core dump”, “memory dump”, or just “dump” has become jargon to indicate any storing of a large amount of raw data for further examination.
Unfortunately, once in a while a Linux server may freeze or ‘get stuck’ and when you check /var/log/messages you see that a dump file (vmcore) has been created.
In order to read that file, follow the next steps:
1. Identify your kernel version:
[root@geek-kb ~]# uname -r 2.6.32-71.29.1.el6.x86_64
2. Find the relevant debug-info package by running:
[root@geek-kb ~]# yum provides kernel-debuginfo-2.6.32
manually look for kernel-debuginfo-2.6.32-71.29.1.el6.x86_64
3. Find the current kernel-debuginfo package which is installed and remove it:
[root@geek-kb ~]# rpm -qa |grep ^kernel ; yum remove kernel-debuginfo-<version>
4. Install the correct version of kernel-debuginfo package:
[root@geek-kb ~]# yum install kernel-debuginfo-2.6.32-71.29.1.el6.x86_64
5. Now we’ll locate the newly created vmlinux file with the correct version:
[root@geek-kb ~]# updatedb ; locate vmlinux
6. Now we can read the crash dump by running ‘crash’:
[root@geek-kb ~]# crash /usr/lib/debug/lib/modules/2.6.32-71.29.1.el6.x86_64/vmlinux /var/crash/127.0.0.1-2013-07-31-01\:33\:32/vmcore
No Comments Yet