Date: Wed, 8 Dec 2004 18:12:12 +0000 (GMT) From: Robert Watson <rwatson@freebsd.org> To: David Gilbert <dgilbert@dclg.ca> Cc: freebsd-stable@freebsd.org Subject: Re: crashdumps not working Message-ID: <Pine.NEB.3.96L.1041208175120.98791T-100000@fledge.watson.org> In-Reply-To: <16823.14725.330609.631687@canoe.dclg.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Dec 2004, David Gilbert wrote:
> >>>>> "Robert" == Robert Watson <rwatson@freebsd.org> writes:
>
> Robert> This is a NULL pointer dereference; you can use addr2line or
> Robert> gdb on your kernel.debug to turn it into a line number even
> Robert> without a core. That might well be worth doing, as we might
> Robert> be able to debug that even without getting dumping working on
> Robert> the box.
>
> If I had an address and a debug kernel, how is this done?
There are at least three ways you can do this, depending on the amount of
information you have, and what you're trying to find out. Suppose you get
a fault and the trap shows the instruction pointer is 0xc052fb46. You can
use:
(1) addr2line(1) converts an address and a executable with debugging
information to a line number. Assuming your kernel and source are
properly in sync, etc, you can do:
% addr2line --exe=kernel.debug 0xc052fb46
../../../kern/subr_prf.c:297
(2) gdb(1) can be used on the debugging kernel, and can often return more
useful context information. For example:
% gdb kernel.debug
...
This GDB was configured as "i386-marcel-freebsd"...
(gdb) l *0xc052fb46
0xc052fb46 is in printf (../../../kern/subr_prf.c:297).
292 consintr = 0;
293 va_start(ap, fmt);
294 pca.tty = NULL;
295 pca.flags = TOCONS | TOLOG;
296 pca.pri = -1;
297 retval = kvprintf(fmt, putchar, &pca, 10, ap);
298 va_end(ap);
299 if (!panicstr)
300 msgbuftrigger = 1;
301 consintr = savintr; /* reenable interrupts */
gdb is a little more savvy about telling you about macros, inlines,
etc, and gives you a bit of line context, so I've found it very
helpful.
(3) If you don't have debugging symbols, you can often identify at least
the function that nm(1), you can run nm on the binary, and then search
down through the sumbols until you find the closest address match
before the address. I.e.:
% nm kernel.debug | more
...
c06f9f80 d print_message
c067caf0 T printcpuinfo
c052fb38 T printf
c0523104 T printf_uuid
c05019f4 T prison_check
So the pointer is between printf() and printf_uuid().
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1041208175120.98791T-100000>