Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Core Dump Reports


  • Please log in to reply
29 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 6,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:06 PM

Posted 27 January 2016 - 02:38 PM

This Thread was created when mremski said he would take a look if I posted the info. from this Post:

 http://www.bleepingcomputer.com/forums/t/603277/swap-would-you-swap-it-for-nothing/page-2#entry3919186

 

But of course all are welcome to add.

mremski QUOTE:  Crashes should wind up with indications in /var/log/messages (you'll have to sudo to look at it probably)

Not sure how to "sudo" to this file, I tried but could not.  I tried opening with Kate also with no luck.  This is my weak area, Finding Files and editing.  I browsed in File Manager and did not see "/var/log/messages"

 

I also don't see any Core Dump file in Home.

output of the dmesg command would also have indications.

Do you want the whole output of dmesg, it is quite big and has no dates or time stamps.

 

Here is the man -k core output but doesn't look like I ran it right:

 

man -k core
core (5)             - core dump file
corelist (1)         - a commandline frontend to Module::CoreList
Dpkg::Control::FieldsCore (3) - manage (list of official) control fields
Dpkg::Control::HashCore (3) - parse and manipulate a block of RFC822-like fields
gcore (1)            - Generate a core file of a running program
sane-cardscan (5)    - SANE backend for Corex CardScan usb scanners
 
I also saw this for Core Dumps reports: https://wiki.ubuntu.com/Apport

There are probably some things over in /proc or /sys related to core files (do man -k core or apropos core to get an idea).

Not sure about this quote above either.

 
I was looking at .xsession-errors and see some stuff in there that don't look good, does this matter?  This is just one, they look like this:
 
X Error: BadWindow (invalid Window parameter) 3
  Major opcode: 20 (X_GetProperty)
  Resource id:  0x5a0004a
 
And this first part of another Warning that was at the bottom of the list:
 
[WARNING:flash/platform/pepper/pep_module.cpp(63)] SANDBOXED
[4124:4124:0127/142443:ERROR:gles2_cmd_decoder.cc(13874)] [.Compositor-0x1186fd41b6e0]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
 

I don't think that was of much help but not in any hurry.  I've had similar issues before so it would be nice to know exactly what has happened.

 

Thanks pcpunk


Edited by pcpunk, 27 January 2016 - 03:54 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:06:06 PM

Posted 27 January 2016 - 02:43 PM

Not sure about most of that....

 

But for /var/log/messages do:

sudo less /var/log/messages

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#3 Al1000

Al1000

  • Global Moderator
  • 7,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:06 PM

Posted 27 January 2016 - 02:51 PM

Is this a file that Mint has?

I'm on Kubuntu just now, but there is no file (or directory) called "messages" in /var/log.
 
al@my-desktop-pc:/var/log$ ls
alternatives.log    bootstrap.log  dmesg.4.gz       kern.log.2.gz             syslog       ufw.log.2.gz
alternatives.log.1  btmp           dpkg.log         kern.log.3.gz             syslog.1     ufw.log.3.gz
apport.log          btmp.1         dpkg.log.1       kern.log.4.gz             syslog.2.gz  ufw.log.4.gz
apport.log.1        ConsoleKit     faillog          lastlog                   syslog.3.gz  unattended-upgrades
apt                 cups           fontconfig.log   lightdm                   syslog.4.gz  upstart
auth.log            dist-upgrade   fsck             nvidia-prime-upstart.log  syslog.5.gz  wtmp
auth.log.1          dmesg          gpu-manager.log  pm-powersave.log          syslog.6.gz  wtmp.1
auth.log.2.gz       dmesg.0        hp               pm-powersave.log.1        syslog.7.gz  Xorg.0.log
auth.log.3.gz       dmesg.1.gz     installer        prime-offload.log         udev         Xorg.0.log.old
auth.log.4.gz       dmesg.2.gz     kern.log         prime-supported.log       ufw.log
boot.log            dmesg.3.gz     kern.log.1       samba                     ufw.log.1


#4 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:06 PM

Posted 27 January 2016 - 03:57 PM

Yes, Mint: /var/log/messages: No such file or directory

 
Thanks!

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#5 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 AM

Posted 27 January 2016 - 04:17 PM

If it's of assistance, MX-15 Fusion which I just installed five days ago, has a file /var/log/messages.

 

Of the other nine (9) distros I have on this laptop, none other has a file /var/log/messages.

 

:wizardball: Wizard



#6 mremski

mremski

  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:06:06 PM

Posted 27 January 2016 - 04:51 PM

Sorry, /var/log/messages is also known as /var/log/syslog :)  /var/log/messages is more of a "BSD-ism" (FreeBSD, OpenBSD, etc).  Basically "the system log" or "syslog".  My fault.

 

"sudo":  Sorry, that was me using shorthand for "you may need to be root to look at the file", "sudo less /var/log/syslog" would work or "sudo cat /var/log/syslog".

 

X Error: BadWindow (invalid Window parameter) 3
  Major opcode: 20 (X_GetProperty)
  Resource id:  0x5a0004a
This is basically the X server saying somebody tried to get the property of a Window but the value passed for the Window is invalid.  Hard to say exactly what it relates to but likely not fatal.
 
[WARNING:flash/platform/pepper/pep_module.cpp(63)] SANDBOXED
[4124:4124:0127/142443:ERROR:gles2_cmd_decoder.cc(13874)] [.Compositor-0x1186fd41b6e0]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
This one is more interesting.  Obviously coming from Chrome/Chromium (really the Flash component of it), something called glCreateAndConsumeTexture and passed a bad name.  Could be something trying to exploit one of the recent Adobe Flash vulnerabilities (the SANDBOXED message is interesting), hard to say.
 
You ran man -k core just fine.  Basically you said "man, tell me what you know about core";  does simple pattern matching and returns a list of man pages that have "core" in them.  You could then do "man corelist" to get the man page for the corelist command. :)
 
If you do "dmesg" look for something like "segmentation fault", that would be a crash.
 
If you're running Ubuntu (or derivative) and some of the RedHat variants there is the Apport to consider.  That link you provided is a good description;  any serious application crash would pop a dialog up, similar to what Windows does.  If you haven't seen those you're likely not seeing hard crashes of anything.
 
core files would not be in your Home directory, they'll probably be in /var/crash.

FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#7 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:06 PM

Posted 27 January 2016 - 07:21 PM

Thanks mremski, in Windows now and gotta go.  Will post back tomorrow.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#8 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:06:06 PM

Posted 28 January 2016 - 09:09 AM

 

Sorry, /var/log/messages is also known as /var/log/syslog :)  /var/log/messages is more of a "BSD-ism" (FreeBSD, OpenBSD, etc).  Basically "the system log" or "syslog".  My fault.

 

 

Its also a Red Hat thing. Or at least where I work its a Red Hat thing.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#9 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:06 PM

Posted 28 January 2016 - 12:32 PM

This only posted today's logs:         sudo cat /var/log/syslog 

 
This only posted today's logs also: sudo less /var/log/syslog
 
I also browsed to the files manually and see the same thing of course.  Is it just configured to only save the current days log?
 
Will do dmesg next, and take a closer look, although, there are no dates provided.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#10 mremski

mremski

  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:06:06 PM

Posted 28 January 2016 - 01:43 PM

if you do "ls -ltr /var/syslog*" you will probably see more than one, but only one will be named syslog, the others are probably syslog.N.gz where 1<= N <=???  The ones in .gz are from the last time it was "rotated".  Basically, when it gets to be a certain size, a new one is started, the previous one is renamed and compressed.  the ".1" is the first previous, ".2" the next older, ".3" older than ".2".  Most systems will keep about 4 before they delete them.  

 

dmesg will typically show "from this boot".


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#11 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:06 PM

Posted 28 January 2016 - 03:26 PM

I tried looking at those also with no success, but will use that command now: syslog.N.gz 

 

Just tried:  ls -ltr /var/syslog*

ls: cannot access /var/syslog*: No such file or directory
 
How can I open the .gz files?

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#12 mremski

mremski

  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:06:06 PM

Posted 28 January 2016 - 04:13 PM

 

I tried looking at those also with no success, but will use that command now: syslog.N.gz 

 

Just tried:  ls -ltr /var/syslog*

ls: cannot access /var/syslog*: No such file or directory
 
How can I open the .gz files?

 

"sudo"  and I screwed it up:  /var/log/syslog* not /var/syslog*.

 

"sudo ls -ltr /var/log/syslog*"

 

the gunzip command should unzip *.gz files, so you would need to do "sudo gunzip /var/log/syslog.1.gz"

Then "sudo cat /var/log/syslog.1"


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#13 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:06:06 PM

Posted 28 January 2016 - 04:17 PM

 

the gunzip command should unzip *.gz files, so you would need to do "sudo gunzip /var/log/syslog.1.gz"

Then "sudo cat /var/log/syslog.1"

 

You can also use "zless" to look at .gz files. No need to unzip them.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#14 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 AM

Posted 28 January 2016 - 05:58 PM

@pcpunk:

 

Friend punk, you may find it easier to view some of these in order on your File Manager, see below -

 

UOkgM1k.png

 

This from Wily Werewolf MATE - you can see the current syslog highlighted, and mine goes as far as syslog.7.gz (pointer), dates back to 12 January. Doubleclicking the archive, you can then doubleclick the content to view in your Text Editor.

 

Also depending on how you have your Timeshift set up? The below is from Vinux (for the visually challenged) I installed  a few days ago. I set up on my external HDD a partition called TimeVinux to store Timeshift data.

 

oSBOGTv.png

 

If you follow the path to the snapshots, you can see I have stopped at log. I can then right-click log, open as Administrator, and proceed to syslog, which I can open in a Text Editor.

 

Did you ever establish the date-time stamp on the screenshot you posted about when the crash was occurring?

 

:wizardball: Wizard



#15 Al1000

Al1000

  • Global Moderator
  • 7,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:06 PM

Posted 29 January 2016 - 03:58 AM

Obviously coming from Chrome/Chromium (really the Flash component of it), something called glCreateAndConsumeTexture and passed a bad name. Could be something trying to exploit one of the recent Adobe Flash vulnerabilities (the SANDBOXED message is interesting), hard to say.


I've seen messages like this before from Chrome/Chromium. Starting chromium-browser from the terminal, browsing to vimeo.com and clicking on a video, I get this:
[2553:2553:0129/085209:ERROR:gles2_cmd_decoder.cc(13874)] [.Compositor-0x3faeb99ca2c0]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[2553:2553:0129/085209:ERROR:gles2_cmd_decoder.cc(7613)] [.Compositor-0x3faeb99ca2c0]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[WARNING:flash/platform/pepper/pep_module.cpp(63)] SANDBOXED
Vector smash protection is enabled.
Similarly to pcpunk's error message, this one says something about a "mailbox" and "SANDBOXED" too. I take the "sandboxed" message to mean that pepper-flash player (which is what Chrome and Chromium should be using nowadays as opposed to Adobe) is sandboxed.

Edited by Al1000, 29 January 2016 - 04:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users