{"id":11242,"date":"2015-05-17T11:36:33","date_gmt":"2015-05-17T15:36:33","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=11242"},"modified":"2015-05-17T11:36:33","modified_gmt":"2015-05-17T15:36:33","slug":"debugging-launchd","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/05\/17\/debugging-launchd\/","title":{"rendered":"Debugging launchd"},"content":{"rendered":"<p><a href=\"http:\/\/blog.wuntee.sexy\/osx\/kernel\/debugging\/2015\/05\/11\/debugging-launchd\/\">wuntee.sexy<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=9547937\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"http:\/\/blog.wuntee.sexy\/osx\/kernel\/debugging\/2015\/05\/11\/debugging-launchd\/\"><p>The reason I had an interest in debugging <code>launchd<\/code> is because I had been able to trigger some crashes. <code>launchd<\/code> is like <code>init<\/code> for linux; the kernel spawns it as PID 1 and every process is executed under it. When <code>launchd<\/code> crashes, the kernel panics, and your machine reboots with the &ldquo;there was a problem, press any key to continue&rdquo; screen. User-land triggering kernel bugs is obviously interested due to the trust boundary crossed.<\/p>\n<p>[&#8230;]<\/p>\n<p>From everything I had read about other <code>launchd<\/code> crashes, there <em>should<\/em> be a crashdump file like any other process, however from the <code>launchd<\/code> re-write, I can only assume Apple had disabled that feature. In turn, you get a semi-useful <code>\/usr\/bin\/sample<\/code> output located in the <code>\/var\/log\/com.apple.xpc.launchd\/<\/code> directory. Although this gives a bit more information than the kernel panic, I still am leaps and bounds away from finding the root cause of these crashes.<\/p>\n<p>[&#8230;]<\/p>\n<p>My next thought was to move to kernel debugging, and try and catch the crash before it jumped into the kernel. [&#8230;] When dealing with kernel crashes, having to reboot and re-attach every time became quite annoying, so I found myself using the flags that waited for the debugger upon panic.<\/p>\n<p>[&#8230;]<\/p>\n<p>I ran a simple dtrace script to perform a stacktrace on <code>launchd<\/code> upon it crashing, redirecting the output to a file (this can be done as a one-liner) [&#8230;] And voila! I now had a specific location, within <code>launchd<\/code>, of where this crash is occurring. That being said, it was still quite hard backtracing to understand exactly why the crash occurred.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>wuntee.sexy (via Hacker News): The reason I had an interest in debugging launchd is because I had been able to trigger some crashes. launchd is like init for linux; the kernel spawns it as PID 1 and every process is executed under it. When launchd crashes, the kernel panics, and your machine reboots with the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[56,323,845,500,317,30,903,71,48],"class_list":["post-11242","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-debugging","tag-dtrace","tag-kernel","tag-launchd","tag-lldb","tag-mac","tag-mac-os-x-10-10-yosemite","tag-programming","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=11242"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11242\/revisions"}],"predecessor-version":[{"id":11243,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11242\/revisions\/11243"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=11242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=11242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=11242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}