14:[["$","$L132",null,{"props":{"lessonContent":{"components":[{"type":"SlateHTML","content":{"html":"

In this lesson, we will learn how to navigate through a normal kernel dump using crash.

Loading the core dump

","comp_id":"zqBcafZ82A6RNM1_bcCf4"},"hash":0},{"type":"Columns","mode":"edit","content":{"comps":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"We’ve manually crashed a normally running kernel to collect a dump for this exercise (by echoing `c` to `sysreq-trigger`, as described in the “Overview and Required Tools” lesson).","mdHtml":"

We’ve manually crashed a normally running kernel to collect a dump for this exercise (by echoing c to sysreq-trigger, as described in the “Overview and Required Tools” lesson).

\n","cursorPosition":{"line":0,"ch":0}},"hash":"1","width":"80"},{"type":"DrawIOWidget","content":{"path":"/api/collection/10370001/5564235307810816/page/5048887257071616/image/6427766862643200?page_type=collection_lesson","caption":"","editorImagePath":"/api/collection/10370001/5564235307810816/page/5048887257071616/image/6142193950261248?page_type=collection_lesson","version":2,"height":81,"width":81,"editorGCSImagePath":"educative-us-central1/uc/v5/10370001/collections/5564235307810816/rev-23/pages/5048887257071616/images/6142193950261248-2023-03-27T09:28:41.346466","slidesEnabled":true,"isSlides":false,"slidesCaption":[],"redirectionUrl":"","borderColor":"#ffffff","slidesId":""},"hash":2,"width":"20"}],"comp_id":"p5wlewTEH1yXyTqoNdTG4"},"iteration":5,"hash":1,"children":[{"text":""}],"status":"normal","contentID":"4LkOV32txBFVbZVh146tO","saveVersion":1},{"type":"EditorCode","mode":"edit","content":{"version":"1.0","comp_id":"efCIRuvihkO3vQeA4lLjz","language":"plainText","content":"crash dump.202112280237 ../KSym/vmlinux-5.10.0-10-amd64"},"iteration":0,"hash":2,"children":[{"text":""}],"status":"normal","contentID":"QpmxEY7qfS0K_5GqJtB72"},{"type":"SlateHTML","content":{"html":"

Note: The loading process of the core dump may take some time.

The above command will output the following to the terminal:

","comp_id":"kYpqHcANQcpSB_oY35RuM"},"hash":4},{"type":"LazyLoadPlaceholder","content":{"actualType":"MxGraphWidget","widgetIndex":4,"contentRevision":36,"pageId":"5048887257071616","height":921,"width":1871,"slidesCount":0}},{"type":"SlateHTML","content":{"html":"

Identifying the current thread

We can see the current thread from the process ID that led to the crash with the following command:

","comp_id":"BGZIDu-D7iperkLbeC0sM"},"hash":7},{"type":"EditorCode","mode":"edit","content":{"version":"1.0","comp_id":"SRMv6vRHd_dRBwI6f4xd-","language":"plainText","content":"bt"},"iteration":0,"hash":6,"children":[{"text":""}],"status":"normal","contentID":"K2Ui1VBbeSade41wjquqx"},{"type":"SlateHTML","content":{"html":"

The above command will output the following to the terminal:

","comp_id":"o3a9-kB41Ii0v0Gp0qmJH"},"hash":10},{"type":"LazyLoadPlaceholder","content":{"actualType":"MxGraphWidget","widgetIndex":8,"contentRevision":36,"pageId":"5048887257071616","height":771,"width":1881,"slidesCount":0}},{"type":"SlateHTML","content":{"html":"

Note: User space addresses are not available in the kernel dump.

","comp_id":"G35rGyWpN8UHcRaZZEVlw"},"hash":12},{"type":"EditorCode","mode":"edit","content":{"version":"1.0","comp_id":"SKa45Uo9G5mtv_sCJ6qrN","language":"plainText","content":"sym 00007f1ddc1f0f33\nsym ffffffff9047f24d"},"iteration":0,"hash":10,"children":[{"text":""}],"status":"normal","contentID":"Q7v-olDijUq-9_0IRtbg9"},{"type":"SlateHTML","content":{"html":"

The sym command interconverts between symbols and their virtual addresses.

","comp_id":"0HsJqwTwZz_0FPHp9N6sf"},"hash":14},{"type":"DrawIOWidget","mode":"edit","content":{"path":"/api/collection/10370001/5564235307810816/page/5048887257071616/image/6244365191348224?page_type=collection_lesson","caption":"","editorImagePath":"/api/collection/10370001/5564235307810816/page/5048887257071616/image/5409356524027904?page_type=collection_lesson","version":1,"height":220.6199999999999,"width":1941,"comp_id":"m_0X_8wcPBoRECQj_1K1M"},"iteration":0,"hash":12,"children":[{"text":""}],"contentID":"lvy-rM-D6yEjear4axsuS","saveVersion":2,"status":"normal"},{"type":"SlateHTML","content":{"html":"

Seeking help

The tool ...

","comp_id":"FN50STOpXWW6tU9lsXj4S"},"hash":16}],"summary":{"titleUpdated":true,"description":"Learn how to navigate a normal kernel dump.","title":"Examine Normal Kernel Dumps"},"content":[{"type":"SlateHTML","content":{"html":"

In this lesson, we will learn how to navigate through a normal kernel dump using crash.

Loading the core dump

We’ve manually crashed a normally running kernel to collect a dump for this exercise (by echoing c to sysreq-trigger, as described in the “Overview and Required Tools” lesson).

Note: The loading process of the core dump may take some time.

The above command will output the following to the terminal:

Identifying the current thread

We can see the current thread from the process ID that led to the crash with the following command:

The above command will output the following to the terminal:

Note: User space addresses are not available in the kernel dump.

The sym command interconverts between symbols and their virtual addresses.

Seeking help

The tool ...

","comp_id":"FN50STOpXWW6tU9lsXj4S"},"hash":16}],"darkModeContent":[{"type":"SlateHTML","content":{"html":"

In this lesson, we will learn how to navigate through a normal kernel dump using crash.

Loading the core dump

We’ve manually crashed a normally running kernel to collect a dump for this exercise (by echoing c to sysreq-trigger, as described in the “Overview and Required Tools” lesson).

Note: The loading process of the core dump may take some time.

The above command will output the following to the terminal:

Identifying the current thread

We can see the current thread from the process ID that led to the crash with the following command:

The above command will output the following to the terminal:

Note: User space addresses are not available in the kernel dump.

The sym command interconverts between symbols and their virtual addresses.

Seeking help

The tool ...

","comp_id":"FN50STOpXWW6tU9lsXj4S"},"hash":16}]},"isPreviewLesson":false,"pageType":"collection_lesson","aiCoachVideoUrl":"https://youtu.be/kgl8y9J3O6c","collectionDetailsSSR":{"title":"Accelerated Linux Core Dump Analysis","summary":"It’s essential to examine core dumps to diagnose any non-trivial hangs or crashes due to a user process or the kernel faults. Most people have no training in dealing with core dumps, so the causes of most crashes remain undiagnosed.\n\nThis course starts with debugging core dumps. You will learn how to debug the Linux process and kernel failures (using the GDB debugger and the crash utility), browse core memory dumps, identify corruption, memory leaks, CPU spikes, halted threads, deadlocks and wait chains, among other things.\n\nInstead of taking a theoretical route, you will focus on hands-on lessons on a variety of memory analysis patterns found in 64-bit core memory dumps from the x64 architecture. You will follow the novel pattern-oriented diagnostic analysis approach that considerably helps with the analysis. Moreover, the course will provide you with problematic applications and the associated core dumps, along with brief descriptions of relevant patterns and some frequently asked questions.","details":"","clos":["A working knowledge of how to collect core dumps","A hands-on knowledge on how to diagnose crashes/hangs via core dump analysis","The ability to apply pattern-oriented analysis on 64-bit core dumps on x86 architecture","A familiarity with debugging to diagnose common faults","The ability to use GDB debugger to analyze Linux process core dump","An understanding of using the crash utility to analyze Linux kernel core dumps"],"arabic_available":false,"page_tags":{"5214594166947840":"Core Dump,Debugging,Memory Dump","6664009465462784":"GDB,Linux,Debugging","6104754928746496":"Core Dumps,Linux,GDB","5148078847295488":"GDB,Linux,C++","6740986251706368":"","5341456058810368":"","6138850929278976":"Memory,Core Dumps,Linux","4591506366660608":"Exceptions,Segmentation Fault,Linux GDB","5645776872538112":"Threads,Linux,Operating System","6084122778271744":"Linux,Assembly,GDB","6363131705556992":"","5271674886291456":"","5874004455325696":"","6358431467831296":"","4676645083938816":"","5003303452147712":"","5726845588209664":"","5017838242234368":"","6208907181031424":"","5048887257071616":"","4953824959135744":"","6719861573287936":"","5015498441359360":"","4515900430745600":"","6168702428381184":"","6363981614153728":"","4755141751734272":"","5653751452401664":"","6549807795011584":"","4869654840868864":"","6114766262632448":"","6107885163773952":"","4994805935636480":"","6298188420218880":"","6158028772737024":"","5162038674587648":"","5879534788542464":"","5109899952652288":"","5283779656810496":"","6022390081650688":"","6292066464432128":"","4923988861517824":"","5804354326233088":"","5426798984953856":"","4713208892096512":"","5281678019002368":"","5306061605306368":"","5213432146296832":"","6354627270541312":"","5440908009144320":"","4850725077385216":"","5733423161540608":"","5924039958986752":"","5532316384624640":"","6362401101578240":"","6364698426736640":"","5231457883914240":"","5944347091795968":"","6562157608304640":"cpu registers,x64 disassembly","4728034639478784":"","6425770619305984":"","5626320699260928":""},"collection_toc_is_enabled":true,"page_count":null,"docker":{"container":{"file":{"name":"support.tar.gz","size":3967},"imageName":"author-10370001-collection-5564235307810816-rev-18-container-6579538132992000-support","buildStatus":"SUCCESS","buildStatusUrl":"https://www.educative.io/api/author/10370001/collection/5564235307810816/containers/6579538132992000/build/status","buildLogUrl":"https://www.educative.io/api/author/10370001/collection/5564235307810816/containers/6579538132992000/build/log","metadata":{"sizeInBytes":3967},"id":-1,"tarballDownloadUrl":"https://www.educative.io/api/author/10370001/collection/5564235307810816/containers/6579538132992000/download","rebuildImageUrl":"https://www.educative.io/api/author/10370001/collection/5564235307810816/containers/6579538132992000/rebuild","track":false},"envs":[],"jobs":[{"key":"zSAEWTbYN_nE6X_zrHLSA","jobType":"Live","name":"Challenge","inputFileName":"foo","runScript":"cd /usercode && clear","ports":"8080","startScript":"cd /usercode && clear","https":true,"runInLiveContainer":true,"forceRelaunchOnRun":true},{"key":"ANWW-cM1tfwtraAG-pKaX","jobType":"Default","name":"Exercise","inputFileName":"main.c","runScript":"gcc main.c -pthread -static -o App && ./App","ports":"8080","startScript":"clear","https":true,"runInLiveContainer":false},{"key":"LhlhRm6o3e6eSrRkRS3UJ","jobType":"Live","name":"Linux_core_dump_analysis_notebook","inputFileName":"foo","runScript":"cd /usr/local/notebooks && nohup jupyter notebook Linux_core_dump_analysis.ipynb --allow-root --no-browser","ports":"3300","startScript":"echo \"Jupyter\"","runInLiveContainer":true,"forceRelaunchOnRun":false,"forceRelaunchOnCompChange":false},{"key":"Kw3EPFw0U-WfxHvp2JmKS","jobType":"Live","name":"Live Linux_core_dump_analysis_notebook","inputFileName":"foo","runScript":"cd /jupyter-gdb-kernel/notebooks/ && nohup jupyter notebook Linux_core_dump_analysis.ipynb --allow-root --no-browser","ports":"3300","startScript":"echo \"Jupyter\"","runInLiveContainer":true},{"key":"JE8p7Qau9T11G_Nnu3tYJ","jobType":"Live","name":"Final_Linux_core_dump_analysis_notebook-copy","inputFileName":"foo","runScript":"ls","ports":"3300","startScript":"source /usercode/script.sh","runInLiveContainer":true,"forceRelaunchOnRun":false,"forceRelaunchOnCompChange":true}],"testRunners":[],"version":3,"loaded":true},"discounted_price":29,"cover_image_id":5342402622259200,"cover_image_metadata":"{\"width\":1024,\"height\":512,\"sizeInBytes\":62112,\"name\":\"Accelerated Linux Core Dump Analysis Second Edition.png\"}","cover_image_serving_url":"/v2api/collection/10370001/5564235307810816/image/5342402622259200","tags":["Linux","Core Dump","Analysis Patterns","GDB"],"intro_video_url":"","intro_video_thumbnail_url":null,"aggregated_widget_stats":{"projects":0,"MarkdownEditor":18,"codeExerciseCount":0,"codeRunnableCount":24,"codeSnippetCount":202,"illustrations":235,"MxGraphWidget":156,"TerminalWidget":2,"Code":16,"assessments":0,"SlateHTML":456,"EditorCode":184,"Quiz":12,"Table":0,"WebpackBin":22,"DrawIOWidget":64,"SpoilerEditor":2,"StructuredQuiz":1,"LiveApp":0,"Image":0,"Columns":15,"CanvasAnimation":0,"cloudlabs":0},"default_themes":{"code_themes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}}},"api_keys":{"api_keys":[]},"skills":["Debugging","Bash"],"testimonials":[],"licensing":null,"target_audience":"advanced","author_id":"10370001","collection_id":"5564235307810816","approval_status":3005,"price":29,"is_private":false,"path_type":"regular","organization_id":null,"is_mini":false,"is_priced":true,"brief_summary":"Gain insights into debugging Linux process and kernel failures using GDB and crash utility. Delve into memory dump analysis, identifying issues like memory leaks, CPU spikes, and deadlocks.","approval_update_time":"2023-10-03T06:25:06.548Z","rating_visibility":true,"update_last_published_on_homepage":true,"show_developed_by":true,"udata_files":[],"CodeThemes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"collection_type":"collection","adaptive_learning_mode":false,"HLOs_to_toc":{},"is_guide":false,"read_time":54000,"allow_logged_out_executions":false,"unique_live_widget_urls":false,"metadata_status":101,"palified_version":null},"pageSummarySSR":{"title":"Examine Normal Kernel Dumps","description":"Learn how to navigate a normal kernel dump.","discourse_page_url":"https://discuss.educative.io/tag/examine-normal-kernel-dumps__kernel-dump-analysis-with-crash__accelerated-linux-core-dump-analysis?open=true&ctag=accelerated-linux-core-dump-analysis__dmitry-vostokov&cslug=accelerated-linux-core-dump-analysis&pslug=examine-normal-kernel-dumps"},"adaptiveLearningConfigConstantSSR":0,"enableLessonPageLockedBannerV2":true,"allowAllLessonPreview":false,"lockedBannerStatsSSR":{"b2cTrialStats":{"is_b2c_trial_active":true,"b2c_trial_active_duration":7,"b2c_trial_categories":"$133"},"b2cStatus":100,"learnerTags":"$134","workStats":1590,"interviewWorksStats":93,"inL2cStarterPack":false,"l2cWorkStats":44,"enableL2cStarterPackPaymentWidget":"false"},"pageTocSSR":"$135","authorId":"10370001","collectionId":"5564235307810816","pageId":"5048887257071616","isCollectionPageLockedCachingEnabled":true,"aceFeatureFlags":{"enableAceEditor":true,"enableAceEditorForAnswers":true},"meta":{"type":["Article","TechArticle"],"title":"Examine Normal Kernel Dumps","name":"Accelerated Linux Core Dump Analysis","description":"Learn how to navigate a normal kernel dump.","image":"https://educative.io/api/collection/10370001/5564235307810816/image/5342402622259200.png","isAccessibleForFree":false,"keywords":"$134","provider":"Educative","publisher":"Educative","id":"courses/accelerated-linux-core-dump-analysis/examine-normal-kernel-dumps","author":"Educative","educationalLevel":"advanced","noIndex":true,"isForcedNoIndex":true,"noFollow":false,"redirectInfo":{"isDeletedCollectionPageRedirectable":false},"page_titles":{"6084122778271744":"What Is This Course About?","5214594166947840":"Collecting User Process Core Dumps","6664009465462784":"GDB: An Overview","6104754928746496":"Use GDB with a Multi-Threaded Application I","5148078847295488":"Detect NULL Pointer Exceptions Due to Data","6740986251706368":"Detect NULL Pointer Exceptions Due to Code","6363131705556992":"Identify Spiking Threads","5271674886291456":"Identify Heap Corruption","6363981614153728":"Identify Stack Corruption","6358431467831296":"Identify Runtime Exceptions and Execution Residues","6168702428381184":"Conclusion","4676645083938816":"Identify Heap Leaks","5003303452147712":"Identify Heap Contention Errors","5726845588209664":"Identify Deadlocks","6208907181031424":"Examine Problematic Kernel Dumps","5048887257071616":"Examine Normal Kernel Dumps","4953824959135744":"FAQs","6138850929278976":"Virtual Memory and Memory Dumps","5874004455325696":"Identify Active Threads","5341456058810368":"The NULL Pointer (Data and Code) Analysis Patterns","5015498441359360":"Spiking Thread Analysis Pattern","4755141751734272":"Dynamic Memory Corruption Pattern","5653751452401664":"Local Buffer Overflow (User Space) and Stack Overflow Patterns","6549807795011584":"Divide-by-Zero Pattern","4869654840868864":"Patterns Analysis","4923988861517824":"Overview and Required Tools","6114766262632448":"Critical Region Pattern","4591506366660608":"Exceptions","5645776872538112":"The Role of Threads","5017838242234368":"Dump Memory for Post-Processing","6719861573287936":"Pattern-Oriented Diagnostic Analysis","4515900430745600":"Use External Debugging Information","6107885163773952":"Quiz: Using GDB With Multi-Threaded Applications","4994805935636480":"Quiz: NULL Pointer Patterns and External Debugging Information","6298188420218880":"Quiz: Spiking Threads","6158028772737024":"Quiz: Heap Corruption","5162038674587648":"Quiz: Stack Corruption and Overflow","5879534788542464":"Quiz: Active Threads","5109899952652288":"Quiz: Runtime Exceptions and Execution Residues","5283779656810496":"Quiz: Heap Errors","6022390081650688":"Quiz: Deadlocks","6292066464432128":"Quiz: Post-processing","5804354326233088":"Identify Spiking Kernel Threads","5426798984953856":"Identify Kernel Stack Overflow and Boundaries","4713208892096512":"Examine Problems With Kernel Threads","5281678019002368":null,"5306061605306368":null,"5213432146296832":null,"6354627270541312":null,"5440908009144320":null,"4850725077385216":null,"5733423161540608":"Quiz: Fundamentals of Core Dump Analysis","5924039958986752":"Core Dump Analysis Challenge","5532316384624640":"Quiz: Kernel Dump Analysis with Crash","6362401101578240":null,"6364698426736640":"Identify Stack Overflow","5231457883914240":null,"5944347091795968":null,"6562157608304640":"Overview of the x64 Disassembly","4728034639478784":"Use GDB with a Multi-Threaded Application II","6425770619305984":"How to Install GDB and Crash on a Local Device","5626320699260928":"More Analysis Patterns: Paratext and Lateral Damage"},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"deleted_course_lesson_redirect":{"author_id":null,"collection_id":null,"page_id":null,"redirect_url_slug":null},"metadata_status":101,"additional_course_alternatives":[]},"requestUrl":"/courses/accelerated-linux-core-dump-analysis/examine-normal-kernel-dumps","requestUrlInfo":{"authorId":10370001,"collectionId":5564235307810816,"pageId":5048887257071616,"courseUrlSlug":"accelerated-linux-core-dump-analysis","pageUrlSlug":"examine-normal-kernel-dumps"},"isExternalContent":false}}],[["$","script",null,{"id":"generate-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$136"}}],false,"$undefined"]]