Gain insights into debugging Linux process and kernel failures using GDB and crash utility. Delve into memory dump analysis, identifying issues like memory leaks, CPU spikes, and deadlocks.

Accelerated Linux Core Dump Analysis Second Edition.png

support.tar.gz

Challenge

Exercise

Linux_core_dump_analysis_notebook

Live Linux_core_dump_analysis_notebook

Final_Linux_core_dump_analysis_notebook-copy

It’s essential to examine core dumps to diagnose any non-trivial hangs or crashes due to a user process or the kernel faults. Most people have no training in dealing with core dumps, so the causes of most crashes remain undiagnosed.

This course starts with debugging core dumps. You will learn how to debug the Linux process and kernel failures (using the GDB debugger and the crash utility), browse core memory dumps, identify corruption, memory leaks, CPU spikes, halted threads, deadlocks and wait chains, among other things.

Instead of taking a theoretical route, you will focus on hands-on lessons on a variety of memory analysis patterns found in 64-bit core memory dumps from the x64 architecture. You will follow the novel pattern-oriented diagnostic analysis approach that considerably helps with the analysis. Moreover, the course will provide you with problematic applications and the associated core dumps, along with brief descriptions of relevant patterns and some frequently asked questions.

Accelerated Linux Core Dump Analysis

The names of the usual 32-bit CPU registers, such as EAX, are extended to 64-bit versions, such as RAX. Most of the registers are traditionally specialized, such as ALU, counter, and memory copy registers. Although, now they all can be used as general-purpose registers. 

There is, of course, a stack pointer, RSP, and, additionally, a frame pointer, RBP, that is used to address local variables and saved parameters. It can be used for backtrace reconstruction.

Getting Started

Fundamentals of Core Dump Analysis

Using GDB With Multi-Threaded Applications

Null Pointer Patterns and External Debugging Information

Spiking Threads

Heap Corruption

Stack Corruption and Overflow

Active Threads

Runtime Exceptions and Execution Residues

Heap Errors

Deadlocks

Post-processing

Kernel Dump Analysis with Crash

Wrapping Up

Appendix

Overview of the x64 Disassembly

CPU registers