How to Debug Linux Core Dumps with dmesg, addr2line, gdb, and strace
This guide explains how to enable core dumps on Linux, examine the generated core file, and pinpoint the exact source line that caused a crash using dmesg, addr2line, gdb, and strace, with step‑by‑step commands and example code.
Why Core Dumps Matter
When a program crashes on Linux, the operating system can write a core dump file that captures the process memory, register state, stack pointer, and call stack. Analyzing this file lets developers locate the exact instruction that caused the fault, even when no log is available.
Enabling Core Dumps
Before a core file is generated, the limit must be lifted: ulimit -c unlimited After recompiling with debugging symbols ( -g), a crash will produce a file such as core.1989.
Sample Crash Program
#include<stdio.h>
int main(){
int *p=NULL;
*p=0; // deliberate null‑pointer dereference
printf("bad
");
return 0;
}Compile and run:
g++ -g main.cpp -o a.out
./a.out
# Segmentation fault (core dumped)
ls
# a.out core.1989 main.cppMethod 1: dmesg + addr2line
Use dmesg to find the faulting address, then translate it to a source line with addr2line:
# dmesg | grep a.out
[212.330289] a.out[1946]: segfault at 0 ip 0000000000400571 sp 00007ffdf0aafbb0 error 6 in a.out[400000+1000]
# addr2line -e a.out 0000000000400571
/root/c++/main.cpp:6The address 0x400571 maps to line 6, where the null pointer is dereferenced.
Method 2: gdb Directly on the Core File
Load the executable and core file into gdb:
# gdb a.out core.1989
Reading symbols from /root/c++/a.out...done.
#0 0x0000000000400571 in main () at main.cpp:6
6 *p=0;
(gdb) bt
#0 0x0000000000400571 in main () at main.cpp:6The bt (backtrace) command shows the exact line that caused the fault without re‑executing the program.
Method 3: strace + addr2line
stracerecords system calls and signals. Run the program under strace and note the SIGSEGV address:
# strace -i ./a.out
[00007f79d3573847] munmap(0x7f79d3772000, 31038) = 0
[0000000000400571] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
# addr2line -e a.out 0000000000400571
/root/c++/main.cpp:6This also maps the faulting address to the source line.
Takeaway
Linux developers can quickly diagnose crashes by enabling core dumps and using a combination of dmesg, addr2line, gdb, or strace. These tools reveal the offending instruction and stack context, turning opaque segmentation faults into actionable information.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.