How to debug kernel panic on MAC OS Catalina, as Catalina is on Read-only File system.

Facing kernel panic on accessing "Offline" attribute of SMB protocol in our custom kext. How to debug these kernel panics on MAC OS Catalina.

The debugging kernel extension steps are not supported for Catalina because of Read-only file system. Also kext with IOKit.framework does not load on MAC OS 10.14.x with error


There is no "/Volumes/KernelDebugKit/mach_kernel" as per the documentation https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KEXTConcept/KEXTConceptDebugger/debug_tutorial.html#//apple_ref/doc/uid/20002367-CHDIHFDI,

gdb -arch i386 /Volumes/KernelDebugKit/mach_kernel 

Unable to create PanicDumps directory to collect panic through kdump daemon under '/' volume, as Catalina is read-only file system

Ref: https://developer.apple.com/library/archive/technotes/tn2004/tn2118.html


Unable to load kexts with IOKit framework references with errors on MAC OS 10.14 to debug:

  • The super class vtable '__ZTV9IOService' for vtable '__ZTV23com_microfocus_cisiokit' is out of date. Make sure your kext has been built against the correct headers.
  • The super class vtable '__ZTV12IOUserClient' for vtable '__ZTV8cisiokit' is out of date. Make sure your kext has been built against the correct headers.

  • Is there any documentation that specifies how to debug kernel panic on mac os catalina with read-only file system set up?


    Note: Disabling SIP also does not work.


    Thanks in advance.

    Replies

    I don't know the answers for sure but some things you can try:


    • After disabling SIP, remounting / as read-write so you can copy the new kernel into /System/Library/Kernels with something like "mount -u -w /", which worked for me
    • Regarding the second error, it loks like the SDK you're using is different from the OS you're trying to install the extension into. Double checkin your build settings for your kext, and perhaps some verbose output from kextutil would help. Try adding -v 6 to the command line.


    Neal

    Thank you, after diabling SIP and mounting with "sudo mount -uw /" worked. I was able to collect kernel debug core for further analysis and fixed my crash issue.

    For second error, I had to use older Xcode 9.4.1 in order to support MAC OS 10.14.x OS.

    Here, is the link that I followed,


    https://forums.developer.apple.com/thread/123207