SlideShare a Scribd company logo

Debugging linux kernel tools and techniques

Satpal Parmar
Satpal Parmar

Debugging linux kernel tools and techniques

Technology
1 of 19
Download to read offline
Linux Kernel Debugging quot;Oopsquot;, Now What? Ross Mikosh & James Washer Linux Technology Center
Outline Types of Problems Tools Error and Debug Messages Handling Failures Kernel Investigation Handling a System Crash Oops Analysis Example LKCD/Lcrash More Information Linux Technology Center
Tools Debuggers gdb kdb others? Built-In Oops data upon a panic/crash Dump Facility Linux® Kernel Crash Dump - lkcd Linux Trace Toolkit ltt Custom Kernel Instrumentation dprobes Special console functions Magic SysReq key Linux Technology Center
Error/Debug Messages System error logs /var/log/* dmesg Syslog Console Application or Module debug level Linux Technology Center
Handling Failures System Crash Collect and analyze oops/panic data Collect and analyze dump with lkcd System Hang Use Magic SysReq key NMI invoking a dump using lkcd S/390 - invoke a stand-alone dump Linux Technology Center
Kernel Investigation Debuggers Gdb and /proc/kcore Remote kernel debugging - gdb & serial connection Kdb Lcrash on running system Adding printk's in the kernel Programming a debug module or a new /proc file Appropriate for customer/production environment ? Linux Technology Center
Handling a System Crash Occurs when a critical system failure is detected Kernel routines call die() Attempts to report/record system state Information is limited Better to have an entire system memory dump LKCD project on SourceForge Thorough analysis and investigation can be done Linux Technology Center
Panic/Oops Analysis Steps Collect oops output, System.map, /proc/ksyms, vmlinux, /proc/modules Use ksymoops to interpret oops Instructions is /usr/src/linux/Documentation/oops-tracing.txt Ksymoops(8) man page Be Careful... Brief analysis Ksymoops disassembles the code section The EIP points to the failing instruction The call trace section shows how you got there Caution: Noise on the stack? How to find failing line of code? Linux Technology Center
Oops Example Unable to handle kernel NULL pointer dereference at virtual address 00000000 c2483069 <--- EIP (Instruction Pointer or Program Counter) *pde = 00000000 Oops: 0000 CPU: 0 EIP: 0010:[ipv6:__insmod_ipv6_O/lib/modules/2.4.10-4GB/kernel/net/ipv6 ipv6+-472895383/96] EFLAGS: 00010283 eax: db591f98 ebx: de2aeb60 ecx: de2aeb80 edx: c2483060 esi: 00000c00 edi: d41d0000 ebp: db591f5c esp: db591f4c ds: 0018 es: 0018 ss: 0018 Process cat (pid: 1986, stackpage=db591000) Stack: c012ca65 000001f0 ffffffea 00000000 00001000 c014e878 d41d0000 db591f98 00000000 00000c00 db591f94 00000000 de2aeb60 ffffffea 00000000 00001000 deae6f40 00000000 00000000 00000000 c01324d6 de2aeb60 0804db50 00001000 Call Trace: [__alloc_pages+65/452] [proc_file_read+204/420] [sys_read+146/200] [system_call+51/64] Code: a1 00 00 00 00 50 68 10 31 48 c2 e8 67 38 c9 fd 31 c0 89 ec
Ksymoops output Using defaults from ksymoops -t elf32-i386 -a i386 Code; 00000000 Before first symbol 00000000 <_EIP>: Code; 00000000 Before first symbol 0: a1 00 00 00 00 mov 0x0,%eax Code; 00000004 Before first symbol 5: 50 push %eax Code; 00000006 Before first symbol 6: 68 10 31 48 c2 push $0xc2483110 Code; 0000000a Before first symbol b: e8 67 38 c9 fd call fdc93877 <_EIP+0xfdc93877> fdc93876 <END_OF_CODE+1e1fa3d8/????> Code; 00000010 Before first symbol 10: 31 c0 xor %eax,%eax Code; 00000012 Before first symbol 12: 89 ec mov %ebp,%esp Linux Technology Center
/proc/ksyms Output Memory Addr Symbol [Module Name] c2483060 test_read_proc [test] c2483000 __insmod_test_O/home/ross/prog/test.o_M3 [test] c2483110 __insmod_test_S.rodata_L68 [test] c2483060 __insmod_test_S.text_L176 [test] c2483080 foo [test] de79c340 ip6_frag_mem [ipv6] de783d00 addrconf_del_ifaddr [ipv6] de78a5bc ipv6_packet_init [ipv6] de78fd70 ipv6_sock_mc_drop [ipv6] de781ee4 ip6_call_ra_chain [ipv6] EIP of c2483069 is within the routine test_read_proc in module [test] Next, disassemble the module test.o and find the instruction with the offset 9 (EIP) - (Base addr of routine) c2483069 - c2483060 = 9 Linux Technology Center
Failing Line of Code Excerpt from quot;objdump -D test.o quot; test.o: file format elf32-i386 Disassembly of section .text: 00000000 <test_read_proc>: 0: 55 push %ebp 1: 89 e5 mov %esp,%ebp 3: 83 ec 08 sub $0x8,%esp 6: 83 c4 f8 add $0xfffffff8,%esp 9: a1 00 00 00 00 mov 0x0,%eax e: 50 push %eax f: 68 00 00 00 00 push $0x0 C Source Code int test_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *data) { int *ptr; ptr=0; printk(quot;%dnquot;,*ptr); return 0; } Linux Technology Center
LKCD System Dump Prework (don't wait until you've had an event) Apply kernel patches Configure dump device Dedicated device vs. swap device See tutorial for specific steps Dump invocation Call to panic() Magic SysReq 'c' key Can be nondisruptive NMI (Non maskable interrupt) Analysis preparation Copy dump to filesystem Collect System.map, Kerntypes Linux Technology Center
Lcrash Tool Use lcrash to analyze Interactive command oriented tool Can run on a quot;livequot; system Useful subcommands report Display system summary, dmesg log, task list, and stack trace of failing task bt -f Display back trace of a task task -f Display tasks/processes at the time of the dump print structure statement print (*((struct task_struct *)0xtask_addr)) Linux Technology Center
Dump Analysis Sample output of quot;btquot; (backtrace) STACK TRACE FOR TASK: 0xc02fc000 (swapper) 0 dump_execute+110 [0xc01bc6ae] 1 dump_execute+93 [0xc01bc69d] 2 panic+144 [0xc0112b80] 3 handle_sysrq+187 [0xc018b1fb] <-- dump invoked 4 handle_scancode+376 [0xc0189ac4] 5 handle_kbd_event+264 [0xc018aaf4] 6 keyboard_interrupt+23 [0xc018ab5f] 7 handle_IRQ_event+75 [0xc01084bf] 8 do_IRQ+161 [0xc01086a1] 9 do_IRQ+161 [0xc01086a1] Linux Technology Center
Dump Analysis (continued) Excerpt from quot;reportquot; lcrash command... shows dmesg log ..... <6>SysRq: <0>Kernel panic: sysrq <0>In interrupt handler - not syncing <4>dump: Dumping to device 0x805 [sd(8,5)] on CPU 0 <4>Dump compression value is 0x0 ... <4>Writing dump header ... <4>Writing dump pages ... Linux Technology Center
For More Information IBM Global Services Linux Support Line Howto/Usage and Defect Support http://ibm.com/linux/support Linux Device Drivers, 2nd Edition, Alessandro Rubini and Jonathan Corbet, O'Reilly Publishers LKCD - Linux Kernel Crash Dump http://lkcd.sourceforge.net/ Dprobes http://oss.software.ibm.com/developer/opensource/linux/ projects/dprobes/ Linux Trace Toolkit http://www.opersys.com/LTT/index.html Linux Technology Center
More Information Magic SysReq - /usr/src/linux/Documentation/sysrq.txt User Mode Linux http://user-mode-linux.sourceforge.net/ IKD - Integrated Kernel Debugger ftp://ftp.kernel.org/pub/linux/kernel/people/andrea/ikd/ KGDB - Remote gdb via serial connection http://kgdb.sourceforge.net/ KDB - Built-in Kernel Debugger http://oss.sgi.com/projects/kdb/ Linux Technology Center
Acknowledgments This work represents the view of the authors and does not necessarily represent the view of IBM. The IBM logo is a registered trademark of International Business Machines Corporation in the United States and/or other countries. Linux is a registered trademark of Linus Torvalds. Other company, product, or service names may be trademarks or service marks of others. Linux Technology Center

Recommended

Linux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisLinux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisPaul V. Novarese
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoCMacpaul Lin
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
Kernel Debugging & Profiling
Kernel Debugging & ProfilingKernel Debugging & Profiling
Kernel Debugging & ProfilingAnil Kumar Pugalia
 
Kernel crashdump
Kernel crashdumpKernel crashdump
Kernel crashdumpAdrien Mahieux
 
Launch the First Process in Linux System
Launch the First Process in Linux SystemLaunch the First Process in Linux System
Launch the First Process in Linux SystemJian-Hong Pan
 

Recommended

Linux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisLinux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisPaul V. Novarese
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoCMacpaul Lin
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
Kernel Debugging & Profiling
Kernel Debugging & ProfilingKernel Debugging & Profiling
Kernel Debugging & ProfilingAnil Kumar Pugalia
 
Kernel crashdump
Kernel crashdumpKernel crashdump
Kernel crashdumpAdrien Mahieux
 
Launch the First Process in Linux System
Launch the First Process in Linux SystemLaunch the First Process in Linux System
Launch the First Process in Linux SystemJian-Hong Pan
 
Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingTushar B Kute
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototypingYan Vugenfirer
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver艾鍗科技
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debuggingHao-Ran Liu
 
Linux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKBLinux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKBshimosawa
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmertxe Information Technologies Pvt Ltd
 
Linux Kernel Tour
Linux Kernel TourLinux Kernel Tour
Linux Kernel Toursamrat das
 
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernelAdrian Huang
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
Linux Kernel - Virtual File System
Linux Kernel - Virtual File SystemLinux Kernel - Virtual File System
Linux Kernel - Virtual File SystemAdrian Huang
 
BeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsBeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsGlobalLogic Ukraine
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)RuggedBoardGroup
 
Kdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisBuland Singh
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers Emertxe Information Technologies Pvt Ltd
 
Linux Kernel Image
Linux Kernel ImageLinux Kernel Image
Linux Kernel Image艾鍗科技
 
Linux boot process – explained
Linux boot process – explainedLinux boot process – explained
Linux boot process – explainedLinuxConcept
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesChris Simmonds
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugginglibfetion
 
reference_guide_Kernel_Crash_Dump_Analysis
reference_guide_Kernel_Crash_Dump_Analysisreference_guide_Kernel_Crash_Dump_Analysis
reference_guide_Kernel_Crash_Dump_AnalysisBuland Singh
 
Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisAnne Nicolas
 

More Related Content

What's hot

Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingTushar B Kute
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototypingYan Vugenfirer
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver艾鍗科技
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debuggingHao-Ran Liu
 
Linux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKBLinux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKBshimosawa
 
Linux Kernel Tour
Linux Kernel TourLinux Kernel Tour
Linux Kernel Toursamrat das
 
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernelAdrian Huang
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
Linux Kernel - Virtual File System
Linux Kernel - Virtual File SystemLinux Kernel - Virtual File System
Linux Kernel - Virtual File SystemAdrian Huang
 
BeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsBeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsGlobalLogic Ukraine
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)RuggedBoardGroup
 
Kdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisBuland Singh
 
Linux Kernel Image
Linux Kernel ImageLinux Kernel Image
Linux Kernel Image艾鍗科技
 
Linux boot process – explained
Linux boot process – explainedLinux boot process – explained
Linux boot process – explainedLinuxConcept
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesChris Simmonds
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugginglibfetion
 

What's hot (20)

Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module Programming
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugging
 
Linux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKBLinux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKB
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
 
Linux Kernel Tour
Linux Kernel TourLinux Kernel Tour
Linux Kernel Tour
 
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernel
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
 
Linux Kernel - Virtual File System
Linux Kernel - Virtual File SystemLinux Kernel - Virtual File System
Linux Kernel - Virtual File System
 
BeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsBeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream Components
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)
 
Kdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysis
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
 
Linux Kernel Image
Linux Kernel ImageLinux Kernel Image
Linux Kernel Image
 
Linux boot process – explained
Linux boot process – explainedLinux boot process – explained
Linux boot process – explained
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot images
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugging
 

Viewers also liked

reference_guide_Kernel_Crash_Dump_Analysis
reference_guide_Kernel_Crash_Dump_Analysisreference_guide_Kernel_Crash_Dump_Analysis
reference_guide_Kernel_Crash_Dump_AnalysisBuland Singh
 
Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisAnne Nicolas
 
Linux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshopLinux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshopLubomir Rintel
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversSatpal Parmar
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackBoden Russell
 
Linux io-stack-diagram v1.0
Linux io-stack-diagram v1.0Linux io-stack-diagram v1.0
Linux io-stack-diagram v1.0bsd free
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesAnne Nicolas
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUKernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUAnne Nicolas
 
OpenStack for Beginners
OpenStack for BeginnersOpenStack for Beginners
OpenStack for BeginnersJesse Proudman
 
Linux Kernel Input: mouse, teclado, joystick
Linux Kernel Input: mouse, teclado, joystickLinux Kernel Input: mouse, teclado, joystick
Linux Kernel Input: mouse, teclado, joystickMarcos Paulo de Souza
 
Systemtap
SystemtapSystemtap
SystemtapFeng Yu
 
LAS16-403 - GDB Linux Kernel Awareness
LAS16-403 - GDB Linux Kernel Awareness LAS16-403 - GDB Linux Kernel Awareness
LAS16-403 - GDB Linux Kernel Awareness Peter Griffin
 
Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...
Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...
Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...Anne Nicolas
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009James Morris
 
Kernel Recipes 2013 - ARM support in the Linux kernel
Kernel Recipes 2013 - ARM support in the Linux kernelKernel Recipes 2013 - ARM support in the Linux kernel
Kernel Recipes 2013 - ARM support in the Linux kernelAnne Nicolas
 
TCP protocol flow control
TCP protocol flow control TCP protocol flow control
TCP protocol flow control anuragjagetiya
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingStephan Cadene
 

Viewers also liked (20)

reference_guide_Kernel_Crash_Dump_Analysis
reference_guide_Kernel_Crash_Dump_Analysisreference_guide_Kernel_Crash_Dump_Analysis
reference_guide_Kernel_Crash_Dump_Analysis
 
Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysis
 
Linux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshopLinux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshop
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device Drivers
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracing
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
 
Linux io-stack-diagram v1.0
Linux io-stack-diagram v1.0Linux io-stack-diagram v1.0
Linux io-stack-diagram v1.0
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologies
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUKernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
 
OpenStack for Beginners
OpenStack for BeginnersOpenStack for Beginners
OpenStack for Beginners
 
Linux Kernel Input: mouse, teclado, joystick
Linux Kernel Input: mouse, teclado, joystickLinux Kernel Input: mouse, teclado, joystick
Linux Kernel Input: mouse, teclado, joystick
 
Systemtap
SystemtapSystemtap
Systemtap
 
LAS16-403 - GDB Linux Kernel Awareness
LAS16-403 - GDB Linux Kernel Awareness LAS16-403 - GDB Linux Kernel Awareness
LAS16-403 - GDB Linux Kernel Awareness
 
Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...
Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...
Kernel Recipes 2014 - The Linux Kernel, how fast it is developed and how we s...
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
 
Linux introduction
Linux introductionLinux introduction
Linux introduction
 
Kernel Recipes 2013 - ARM support in the Linux kernel
Kernel Recipes 2013 - ARM support in the Linux kernelKernel Recipes 2013 - ARM support in the Linux kernel
Kernel Recipes 2013 - ARM support in the Linux kernel
 
Basic socket programming
Basic socket programmingBasic socket programming
Basic socket programming
 
TCP protocol flow control
TCP protocol flow control TCP protocol flow control
TCP protocol flow control
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development Training
 

Similar to Debugging linux kernel tools and techniques

Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Jagadisha Maiya
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightLinaro
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Yulia Tsisyk
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기Ji Hun Kim
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Pluginsamiable_indian
 
The true story_of_hello_world
The true story_of_hello_worldThe true story_of_hello_world
The true story_of_hello_worldfantasy zheng
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-optJeff Larkin
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesDmitry Vostokov
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linuxAjin Abraham
 
How Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protectionsHow Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protectionsJonathan Salwan
 
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...David Beazley (Dabeaz LLC)
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbgArno Huetter
 
Stability issues of user space
Stability issues of user spaceStability issues of user space
Stability issues of user space晓东 杜
 
Swug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainathSwug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainathDennis Chung
 
Reverse engineering20151112
Reverse engineering20151112Reverse engineering20151112
Reverse engineering20151112Bordeaux I
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenLex Yu
 
Finding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyFinding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
 

Similar to Debugging linux kernel tools and techniques (20)

Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with Coresight
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
The true story_of_hello_world
The true story_of_hello_worldThe true story_of_hello_world
The true story_of_hello_world
 
The Spectre of Meltdowns
The Spectre of MeltdownsThe Spectre of Meltdowns
The Spectre of Meltdowns
 
Audit
AuditAudit
Audit
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-opt
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linux
 
How Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protectionsHow Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protections
 
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Valgrind
ValgrindValgrind
Valgrind
 
Stability issues of user space
Stability issues of user spaceStability issues of user space
Stability issues of user space
 
Swug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainathSwug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainath
 
Reverse engineering20151112
Reverse engineering20151112Reverse engineering20151112
Reverse engineering20151112
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_Tizen
 
Finding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyFinding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated Disassembly
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Debugging linux kernel tools and techniques

  • 1. Linux Kernel Debugging quot;Oopsquot;, Now What? Ross Mikosh & James Washer Linux Technology Center
  • 2. Outline Types of Problems Tools Error and Debug Messages Handling Failures Kernel Investigation Handling a System Crash Oops Analysis Example LKCD/Lcrash More Information Linux Technology Center
  • 3. Tools Debuggers gdb kdb others? Built-In Oops data upon a panic/crash Dump Facility Linux® Kernel Crash Dump - lkcd Linux Trace Toolkit ltt Custom Kernel Instrumentation dprobes Special console functions Magic SysReq key Linux Technology Center
  • 4. Error/Debug Messages System error logs /var/log/* dmesg Syslog Console Application or Module debug level Linux Technology Center
  • 5. Handling Failures System Crash Collect and analyze oops/panic data Collect and analyze dump with lkcd System Hang Use Magic SysReq key NMI invoking a dump using lkcd S/390 - invoke a stand-alone dump Linux Technology Center
  • 6. Kernel Investigation Debuggers Gdb and /proc/kcore Remote kernel debugging - gdb & serial connection Kdb Lcrash on running system Adding printk's in the kernel Programming a debug module or a new /proc file Appropriate for customer/production environment ? Linux Technology Center
  • 7. Handling a System Crash Occurs when a critical system failure is detected Kernel routines call die() Attempts to report/record system state Information is limited Better to have an entire system memory dump LKCD project on SourceForge Thorough analysis and investigation can be done Linux Technology Center
  • 8. Panic/Oops Analysis Steps Collect oops output, System.map, /proc/ksyms, vmlinux, /proc/modules Use ksymoops to interpret oops Instructions is /usr/src/linux/Documentation/oops-tracing.txt Ksymoops(8) man page Be Careful... Brief analysis Ksymoops disassembles the code section The EIP points to the failing instruction The call trace section shows how you got there Caution: Noise on the stack? How to find failing line of code? Linux Technology Center
  • 9. Oops Example Unable to handle kernel NULL pointer dereference at virtual address 00000000 c2483069 <--- EIP (Instruction Pointer or Program Counter) *pde = 00000000 Oops: 0000 CPU: 0 EIP: 0010:[ipv6:__insmod_ipv6_O/lib/modules/2.4.10-4GB/kernel/net/ipv6 ipv6+-472895383/96] EFLAGS: 00010283 eax: db591f98 ebx: de2aeb60 ecx: de2aeb80 edx: c2483060 esi: 00000c00 edi: d41d0000 ebp: db591f5c esp: db591f4c ds: 0018 es: 0018 ss: 0018 Process cat (pid: 1986, stackpage=db591000) Stack: c012ca65 000001f0 ffffffea 00000000 00001000 c014e878 d41d0000 db591f98 00000000 00000c00 db591f94 00000000 de2aeb60 ffffffea 00000000 00001000 deae6f40 00000000 00000000 00000000 c01324d6 de2aeb60 0804db50 00001000 Call Trace: [__alloc_pages+65/452] [proc_file_read+204/420] [sys_read+146/200] [system_call+51/64] Code: a1 00 00 00 00 50 68 10 31 48 c2 e8 67 38 c9 fd 31 c0 89 ec
  • 10. Ksymoops output Using defaults from ksymoops -t elf32-i386 -a i386 Code; 00000000 Before first symbol 00000000 <_EIP>: Code; 00000000 Before first symbol 0: a1 00 00 00 00 mov 0x0,%eax Code; 00000004 Before first symbol 5: 50 push %eax Code; 00000006 Before first symbol 6: 68 10 31 48 c2 push $0xc2483110 Code; 0000000a Before first symbol b: e8 67 38 c9 fd call fdc93877 <_EIP+0xfdc93877> fdc93876 <END_OF_CODE+1e1fa3d8/????> Code; 00000010 Before first symbol 10: 31 c0 xor %eax,%eax Code; 00000012 Before first symbol 12: 89 ec mov %ebp,%esp Linux Technology Center
  • 11. /proc/ksyms Output Memory Addr Symbol [Module Name] c2483060 test_read_proc [test] c2483000 __insmod_test_O/home/ross/prog/test.o_M3 [test] c2483110 __insmod_test_S.rodata_L68 [test] c2483060 __insmod_test_S.text_L176 [test] c2483080 foo [test] de79c340 ip6_frag_mem [ipv6] de783d00 addrconf_del_ifaddr [ipv6] de78a5bc ipv6_packet_init [ipv6] de78fd70 ipv6_sock_mc_drop [ipv6] de781ee4 ip6_call_ra_chain [ipv6] EIP of c2483069 is within the routine test_read_proc in module [test] Next, disassemble the module test.o and find the instruction with the offset 9 (EIP) - (Base addr of routine) c2483069 - c2483060 = 9 Linux Technology Center
  • 12. Failing Line of Code Excerpt from quot;objdump -D test.o quot; test.o: file format elf32-i386 Disassembly of section .text: 00000000 <test_read_proc>: 0: 55 push %ebp 1: 89 e5 mov %esp,%ebp 3: 83 ec 08 sub $0x8,%esp 6: 83 c4 f8 add $0xfffffff8,%esp 9: a1 00 00 00 00 mov 0x0,%eax e: 50 push %eax f: 68 00 00 00 00 push $0x0 C Source Code int test_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *data) { int *ptr; ptr=0; printk(quot;%dnquot;,*ptr); return 0; } Linux Technology Center
  • 13. LKCD System Dump Prework (don't wait until you've had an event) Apply kernel patches Configure dump device Dedicated device vs. swap device See tutorial for specific steps Dump invocation Call to panic() Magic SysReq 'c' key Can be nondisruptive NMI (Non maskable interrupt) Analysis preparation Copy dump to filesystem Collect System.map, Kerntypes Linux Technology Center
  • 14. Lcrash Tool Use lcrash to analyze Interactive command oriented tool Can run on a quot;livequot; system Useful subcommands report Display system summary, dmesg log, task list, and stack trace of failing task bt -f Display back trace of a task task -f Display tasks/processes at the time of the dump print structure statement print (*((struct task_struct *)0xtask_addr)) Linux Technology Center
  • 15. Dump Analysis Sample output of quot;btquot; (backtrace) STACK TRACE FOR TASK: 0xc02fc000 (swapper) 0 dump_execute+110 [0xc01bc6ae] 1 dump_execute+93 [0xc01bc69d] 2 panic+144 [0xc0112b80] 3 handle_sysrq+187 [0xc018b1fb] <-- dump invoked 4 handle_scancode+376 [0xc0189ac4] 5 handle_kbd_event+264 [0xc018aaf4] 6 keyboard_interrupt+23 [0xc018ab5f] 7 handle_IRQ_event+75 [0xc01084bf] 8 do_IRQ+161 [0xc01086a1] 9 do_IRQ+161 [0xc01086a1] Linux Technology Center
  • 16. Dump Analysis (continued) Excerpt from quot;reportquot; lcrash command... shows dmesg log ..... <6>SysRq: <0>Kernel panic: sysrq <0>In interrupt handler - not syncing <4>dump: Dumping to device 0x805 [sd(8,5)] on CPU 0 <4>Dump compression value is 0x0 ... <4>Writing dump header ... <4>Writing dump pages ... Linux Technology Center
  • 17. For More Information IBM Global Services Linux Support Line Howto/Usage and Defect Support http://ibm.com/linux/support Linux Device Drivers, 2nd Edition, Alessandro Rubini and Jonathan Corbet, O'Reilly Publishers LKCD - Linux Kernel Crash Dump http://lkcd.sourceforge.net/ Dprobes http://oss.software.ibm.com/developer/opensource/linux/ projects/dprobes/ Linux Trace Toolkit http://www.opersys.com/LTT/index.html Linux Technology Center
  • 18. More Information Magic SysReq - /usr/src/linux/Documentation/sysrq.txt User Mode Linux http://user-mode-linux.sourceforge.net/ IKD - Integrated Kernel Debugger ftp://ftp.kernel.org/pub/linux/kernel/people/andrea/ikd/ KGDB - Remote gdb via serial connection http://kgdb.sourceforge.net/ KDB - Built-in Kernel Debugger http://oss.sgi.com/projects/kdb/ Linux Technology Center
  • 19. Acknowledgments This work represents the view of the authors and does not necessarily represent the view of IBM. The IBM logo is a registered trademark of International Business Machines Corporation in the United States and/or other countries. Linux is a registered trademark of Linus Torvalds. Other company, product, or service names may be trademarks or service marks of others. Linux Technology Center