bring over users page from the wiki

[ikiwiki.git] / docs / user / DebugKernelCrashDumps.mdwn

# Debug the DragonFly kernel 



This chapter should give you an introduction how to obtain a crash dump after a kernel panic and how to extract useful information for the developers out of the dump.


[[!toc levels=3 ]]
***Contributed by Matthias Schmidt***



## Configure your system 

Normally a crash dump is saved in your swap partition after a crash.  If you reboot your machine the next time the dump is extracted by [savecore(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#savecore&section8) from the partition and stored into `/var/crash`.  Due to the fact that `/var` is a relatively small partition it could be possible that the dump isn't saved, because the dump size is larger than the remaining size.



To circumvent this problem you can change the default settings in `/etc/rc.conf`:



[[!table  data="""
| `dumpdev` | Indicates the device (usually a swap partition) to which a crash dump should be written in the event of a system crash. 
 `dumpdir` | savecore(8) will save that crash dump and a copy of the kernel to the directory specified by the dumpdir variable.  The default value is /var/crash.  You can set this to another directory on another partition with more space available to safely obtain the dump. |
"""]]

If you are unsure about your swap partition device, use [swapinfo(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#swapinfo&section8) or look into `/etc/fstab` :

    

    # swapinfo 
    Device          1K-blocks     Used    Avail Capacity  Type
    /dev/ad0s1b       1048448        0  1048448     0%    Interleaved

    # cat /etc/fstab | grep swap
    /dev/ad0s1b             none            swap    sw              0       0


### Enable debugging options in your kernel config 

If you don't know how to configure a custom kernel, look into [Configuring the DragonFly Kernel](kernelconfig.html).  You have to add the following lines to compile your kernel with debugging symbols:

    

    makeoptions     DEBUG=-g                #Build kernel with gdb(1) debug symbols


If you want additional support for the interactive kernel debugger [ddb(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#ddb&section4) and invariant debugging, also add these lines:

    

    # Debugging for Development
    options         DDB
    options         DDB_TRACE
    options         INVARIANTS



## How does a crash look like? 



Easy answer:  Your system stopped working.  Complicated one:  Your system occurred a [panic(9)](http://leaf.dragonflybsd.org/cgi/web-man?command#panic&section9) and drops into [ddb(4)](http://leaf.dragonflybsd.org/cgi/web-man?command=ddb&section=4), the interactive kernel debugger.

The output while seeing a crash might look this:

    

    Fatal trap 12: page fault while in kernel mode
    fault virtual address   = 0xd0686f55
    fault code              = supervisor read, page not present
    instruction pointer     = 0x8:0xc02ddb9a
    stack pointer           = 0x10:0xcec0fb18
    frame pointer           = 0x10:0xcec0fb18
    code segment            = base 0x0, limit 0xfffff, type 0x1b
                            = DPL 0, pres 1, def32 1, gran 1
    processor eflags        # interrupt enabled, resume, IOPL  0
    current process         = 50725 (sysctl)
    current thread          = pri 6

    panic: from debugger


Before your machine reboots a crash dump is saved into your swap partition (if you have one and don't disabled crash dumps).  Writing the dump to disk takes some time depending on your machine and the amount of RAM installed.  This might look like this:

    

    dumping to dev #ad/0x20001, blockno 1049088
    dump 511 510 509 508 507 506 505 
    [...]
    26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 succeeded

Now your machine reboots, checks its file system and finally extracts the crash dump from the swap partition to your `dumpdir` (see `rc.conf` setting above).  If your `/var` partition is to small, you'll see an error similar to the following:

    

    savecore: reboot after panic: from debugger
    savecore: no dump, not enough free space on device (231420 available, need 541840)


If this happens, you have to extract the crash dump yourselves.  See next Section how to do this.

### Extract a crash dump manually 

You can use [savecore(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#savecore&section8) to copy your currently running kernel and the associated crash dump to a particular directory you have to specify (we use `/usr/crash` here in the example):

    

    # mkdir -p /usr/crash
    # chmod 700 /usr/crash
    # savecore /usr/crash/
    [...]



This will take some time dependent on the speed of your machine.  See the man page of savecore(8) for more available options.

### Upload the crash dump 

If you don't have the ability or skills to debug are crash yourselves, please upload the complete content of your crash directory to a public available location (HTTP, FTP web space or your leaf account) and send a detailed bug report to the bugs@dragonflybsd.org list.  If its possible please tar and compress (gzip, bzip2) the directory to save disk space and bandwith.



## Debug the crash dump with kgdb 

The [kgdb(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#kgdb&section1) utility is a debugger based on gdb(1) that allows debugging of kernel core files.

### kgdb extesions 

To get some handy helper command execute the following command before starting kgdb:

    

    source /usr/src/test/debug/gdb.kernel

This gives you several new commands like kldstat (displays all loaded modules) or psx (displays all running processes).

Start kgdb as follows:

    

    # cd /usr/crash
    # ls -l
    -rw-r--r--  1 root  wheel     2B Jan  7 17:07 bounds
    -rw-r--r--  1 root  wheel    17M Jan  7 17:08 kernel.0
    -rw-------  1 root  wheel   512M Jan  7 17:08 vmcore.0
    # kgdb kernel.0 vmcore.0


kgdb(1) will show you the panic message after start.  The first thing to do is to obtain a ***backtrace*** with the ***bt*** command:

    

    Unread portion of the kernel message buffer:

    

    

    Fatal trap 12: page fault while in kernel mode
    fault virtual address   = 0xd0686f55
    fault code              = supervisor read, page not present
    instruction pointer     = 0x8:0xc02ddb9a
    stack pointer           = 0x10:0xcec0fb18
    frame pointer           = 0x10:0xcec0fb18
    code segment            = base 0x0, limit 0xfffff, type 0x1b
    current process         = 50725 (sysctl)
    current thread          = pri 6 

    panic: from debugger

    

    

    Fatal trap 3: breakpoint instruction fault while in kernel mode
    instruction pointer     = 0x8:0xc03136a4
    stack pointer           = 0x10:0xcec0f92c
    frame pointer           = 0x10:0xcec0f934
    code segment            = base 0x0, limit 0xfffff, type 0x1b
                            = DPL 0, pres 1, def32 1, gran 1
    processor eflags        # interrupt enabled, IOPL  0
    current process         = 50725 (sysctl)
    current thread          = pri 6 
    

    panic: from debugger
    Uptime: 3h57m22s

    

    dumping to dev #ad/0x20001, blockno 1049088
    dump 511 510 509 508 507 506 505 504 503 502 501 500 499 498 
    [...]
    40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 

    

    GNU gdb 6.2.1
    Copyright 2004 Free Software Foundation, Inc.
    GDB is free software, covered by the GNU General Public License, and you are
    welcome to change it and/or distribute copies of it under certain conditions.
    Type "show copying" to see the conditions.
    There is absolutely no warranty for GDB.  Type "show warranty" for details.
    This GDB was configured as "i386-dragonfly".
    (kgdb) bt
    #0  dumpsys () at thread.h:83
    #1  0xc01c4e1b in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:375
    #2  0xc01c4f3c in panic (fmt=Variable "fmt" is not available.
    ) at /usr/src/sys/kern/kern_shutdown.c:800
    #3  0xc0149be5 in db_panic (addr=Could not find the frame base for "db_panic".
    ) at /usr/src/sys/ddb/db_command.c:447
    #4  0xc014a250 in db_command_loop () at /usr/src/sys/ddb/db_command.c:343
    #5  0xc014c7bc in db_trap (type#12, code0) at /usr/src/sys/ddb/db_trap.c:71
    #6  0xc03137f7 in kdb_trap (type#12, code0, regs=0xcec0fad0) at /usr/src/sys/platform/pc32/i386/db_interface.c:148
    #7  0xc032384b in trap_fatal (frame#0xcec0fad0, evaVariable "eva" is not available.
    ) at /usr/src/sys/platform/pc32/i386/trap.c:1091
    #8  0xc03239b0 in trap_pfault (frame#0xcec0fad0, usermode0, eva=3496505173)
        at /usr/src/sys/platform/pc32/i386/trap.c:997
    #9  0xc03241a0 in trap (frame=0xcec0fad0) at /usr/src/sys/platform/pc32/i386/trap.c:680
    #10 0xc0314506 in calltrap () at /usr/src/sys/platform/pc32/i386/exception.s:783
    #11 0xc02ddb9a in strlen (str=0xd0686f55 <Address 0xd0686f55 out of bounds>) at /usr/src/sys/libkern/strlen.c:41
    #12 0xc02c2153 in sysctl_vm_zone (oidp#0xc03b42a0, arg10x0, arg2=0, req=0xcec0fc08) at /usr/src/sys/vm/vm_zone.c:447
    #13 0xc01cf935 in sysctl_root (oidp=Variable "oidp" is not available.
    ) at /usr/src/sys/kern/kern_sysctl.c:1193
    #14 0xc01cfa27 in userland_sysctl (name#0xcec0fc90, namelen2, old=0x0, oldlenp=0xbfbfe8f0, inkernel=0, new=0x0, 
        newlen#0, retval0xcec0fc8c) at /usr/src/sys/kern/kern_sysctl.c:1268
    #15 0xc01cfc28 in sys___sysctl (uap=0xcec0fcf0) at /usr/src/sys/kern/kern_sysctl.c:1211
    #16 0xc0323ccb in syscall2 (frame=0xcec0fd40) at /usr/src/sys/platform/pc32/i386/trap.c:1339
    #17 0xc03145a5 in Xint0x80_syscall () at /usr/src/sys/platform/pc32/i386/exception.s:872
    #18 0x08055d38 in ?? ()
    #19 0xbfbfe86c in ?? ()
    #20 0x0000002f in ?? ()
    #21 0x00000000 in ?? ()
    #22 0x00000000 in ?? ()
    #23 0x00000000 in ?? ()
    #24 0x00000000 in ?? ()
    #25 0x13c4b000 in ?? ()
    #26 0x00000001 in ?? ()
    #27 0xc03c2bf8 in intr_info_ary ()
    #28 0xcec0f8d4 in ?? ()    
    #29 0xcec0f8c4 in ?? ()
    #30 0xc8076300 in ?? ()
    #31 0xc01cac5a in lwkt_preempt (ntd#0x2, critpriCannot access memory at address 0xbfbfe8a4
    ) at /usr/src/sys/kern/lwkt_thread.c:893
    Previous frame inner to this frame (corrupt stack?)



kgdb(1) gives you the ability to look into specific frames, display variable content and obtain the source code (if your kernel was compiled with -g):

    

    (kgdb) f 13
    #13 0xc01cf935 in sysctl_root (oidp=Variable "oidp" is not available.
    ) at /usr/src/sys/kern/kern_sysctl.c:1193
    1193                    error = oid->oid_handler(oid, oid->oid_arg1, oid->oid_arg2,
    (kgdb) l
    1188
    1189            if ((oid->oid_kind & CTLTYPE) # CTLTYPE_NODE)
    1190                    error = oid->oid_handler(oid, (int *)arg1 + indx, arg2 - indx,
    1191                        req);
    1192            else
    1193                    error = oid->oid_handler(oid, oid->oid_arg1, oid->oid_arg2,
    1194                        req);
    1195            return (error);
    1196    }
    1197
    (kgdb) p *oid
    $1 # {oid_parent  0xc03cbda8, oid_link = {sle_next = 0x0}, oid_number = 283, oid_kind = -2147483645, oid_arg1 = 0x0, 
      oid_arg2 # 0, oid_name  0xc03616ad "zone", oid_handler = 0xc02c20fa <sysctl_vm_zone>, oid_fmt = 0xc036a56f "A", 
      oid_refcnt # 0, oid_descr  0xc036906a "Zone Info"}



## Further Information 

To get more information about how to use a debugger, look here:


* [Man page of kgdb(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#kgdb&section1)


* [Man page of gdb(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#gdb&section1)


* [How to retrieve symbols from kernel modules](http://leaf.dragonflybsd.org/mailarchive/kernel/2005-11/msg00065.html)


* [FreeBSD Developers Handbook](http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/book.html#KERNELDEBUG)


* [GDB Manual](http://sourceware.org/gdb/documentation/)


* [Debug tutorial from Greg Lehey](http://www.lemis.com/grog/Papers/Debug-tutorial/tutorial.pdf)