Coredump.gz is the (compressed) memory accessible by the program that crashed. It is a binary file. Coredumps are a treasure trove, with all sorts of private data to be mined.
Coredumps can be viewed by running 'gdb':
gdb --core=mycoredump
Of course, you will still need the debug packages associated with this core.
You can, then, generate a stacktrace by:
(gdb) bt
to generate a stacktrace of the current thread -- without parameter resolution --, or
(gdb) thread apply all bt full
to generate a stacktrace of all threads in the coredump, with parameter resolution.
stacktrace and full stacktraces show the control flow within a program. For Python, the top of the stacktrace shows the oldest call, with the most recent at the bottom; for pretty much everything else, the top is the most recent call, and the bottom the oldest.
A full stacktrace will not only show the flow, but also the parameter's values. This is where we usually find private data -- for example, say you see a function called "validatePassword" with a parameter called "Password", and a value of "MySecretPassword"...
Stacktraces are usually only helpful if the debug packages are installed (so that the stack frames can be resolved into something we can easily read). Analysis of a stacktrace will require one to have the sources that were used to build this specific program instance.
Thanks for your interest in the Ubuntu error tracker project.
As of Precise 12.04, this behavior and workflow changed. As I discovered in Bug #993450 “Apport fails to submit bug report”, by default apport no longer opens a bug report (and it is awkward but not impossible to get it to do so).
Apport never created bug reports post-release. When a release is still in development you can use apport to file Launchpad bugs (and error reports).
In a final released version of Ubuntu we now show error dialogs. This is a great improvement from a program "going away" without any feedback and the user being left wondering what just happened.
The statistics from the data collected when people choose to send these reports show up on http://errors.ubuntu.com.
I'm left with this question: how does a user learn what the status of the problem is? The blueprint now has this requirement
The user should have some way to check back on the status of their crash report; e.g. have some report ID they can look at to see statistics and/or any associated bug #. E.g. provide a serial number at time of filing that they can load via a web page later on.
I'm going to remove that. That was never the intent. The user interface is careful not to make promises about getting any feedback on the report.
These are not bug reports.
Our intent is to reduce the amount of time it takes for developers to find the most pressing issues, collect the needed information to fix them, and get the fixes to users.
We've solved the problem of finding the most pressing issues. That's the front page of http://errors.ubuntu.com.
Collecting the needed information quickly, and without involving a long feedback loop with users who are experiencing the problem is addressed in foundations-q-bucketing-improvements. The plan is to allow developers to hook into the information collection process server-side. If I need /var/log/syslog but it's not already provided, I just change a setting on http://errors.ubuntu.com and the next person who experiences the error automatically adds it to the data they're sending.
Getting fixes to users quickly is addressed in foundations-q-updates-from-crash-reports. When users submit an error report and that error has already been fixed and released, a dialog will come up asking if they would like to upgrade to the version of the software which fixes the problem they just experienced.
And how does a developer get into the game? Going to https://daisy.ubuntu.com just provides an "Incorrect Content-Type" error message.
http://daisy.ubuntu.com is not intended to be used by humans. It's there for the error reporting daemon (whoopsie) to send reports to.
It would be absolutely wonderful for other people to get involved. I'm currently the only one hacking on this full-time.
There are four parts to the system.
- Apport, which provides the desktop user interface.
- Whoopsie, which takes reports (and core dumps) created by Apport and shovels them into the error tracker server, Daisy.
- Daisy, which collects reports from Whoopsie and processes them. This is the heart of the service. It's what turns the core files into retraced reports and generates the statistics you see on http://errors.ubuntu.com.
- Errors, which is a Django-based website providing both a human readable view of the data and a RESTful API for working with it.
There is a slightly out-of-date set of scripts under the setup/ directory in lp:daisy that should give you some idea of how the pieces fit together. I've been working on juju charms to replace this. The goal is a single command to deploy the entire infrastructure in the cloud for testing and development.
You can find my email address on Launchpad if you have further development questions.
More info:
Best Answer
In case if you don't want to install a bunch of sub-dependencies for
apport-retracetool, you can unpack apport format into separate files and to use onlyCoreDumpdump withgdbas usual.apport-unpack systemGeneratedCrashReportPath.crash yourNewUnpackDirectoryHerecd yourNewUnpackDirectoryHere/gdb `cat ExecutablePath` CoreDump(pay attention to tildes here!)bt(output actual back-trace)Note:
apport-unpackwill sometimes crash itself on unpack operation (apport seems broken all around... xD), but your CoreDump and other files will be there, just ignore it and delete all .crash files in/var/crashafter you move them elsewhere in order to allow system to output new crash reports from same apps there.