| version 1.17, 2017/02/06 17:24:32 |
version 1.18, 2017/02/06 18:55:43 |
|
|
| |
|
| <blockquote><pre> |
<blockquote><pre> |
| kernel: page fault trap, code=0 |
kernel: page fault trap, code=0 |
| Stopped at <b>_pf_route+0x263</b>: mov 0x40(%edi),%edx |
Stopped at <b>pf_route+0x263</b>: mov 0x40(%edi),%edx |
| ddb> |
ddb> |
| </pre></blockquote> |
</pre></blockquote> |
| |
|
| This crash happened at offset <tt>0x263</tt> in the function <tt>_pf_route</tt>. |
This crash happened at offset <tt>0x263</tt> in the function <tt>pf_route</tt>. |
| |
|
| <p> |
<p> |
| The first command to run from the |
The first command to run from the |
|
|
| |
|
| <blockquote><pre> |
<blockquote><pre> |
| ddb> <b>trace</b> |
ddb> <b>trace</b> |
| <b>_pf_route</b>(e28cb7e4,e28bc978,2,1fad,d0b8b120) at <b>_pf_route+0x263</b> |
<b>pf_route</b>(e28cb7e4,e28bc978,2,1fad,d0b8b120) at <b>pf_route+0x263</b> |
| _pf_test(2,1f4ad,e28cb7e4,b4c1) at _pf_test+0x706 |
pf_test(2,1f4ad,e28cb7e4,b4c1) at pf_test+0x706 |
| _pf_route(e28cbb00,e28bc978,2,d0a65440,d0b8b120) at _pf_route+0x207 |
pf_route(e28cbb00,e28bc978,2,d0a65440,d0b8b120) at pf_route+0x207 |
| _pf_test(2,d0a65440,e28cbb00,d023c282) at _pf_test+0x706 |
pf_test(2,d0a65440,e28cbb00,d023c282) at pf_test+0x706 |
| _ip_output(d0b6a200,0,0,0,0) at _ip_output+0xb67 |
ip_output(d0b6a200,0,0,0,0) at ip_output+0xb67 |
| _icmp_send(d0b6a200,0,1,a012) at _icmp_send+0x57 |
icmp_send(d0b6a200,0,1,a012) at icmp_send+0x57 |
| _icmp_reflect(d0b6a200,0,1,0,3) at _icmp_reflect+0x26b |
icmp_reflect(d0b6a200,0,1,0,3) at icmp_reflect+0x26b |
| _icmp_input(d0b6a200,14,0,0,d0b6a200) at _icmp_input+0x42c |
icmp_input(d0b6a200,14,0,0,d0b6a200) at icmp_input+0x42c |
| _ipv4_input(d0b6a200,e289f140,d0a489e0,e289f140) at _ipv4_input+0x6eb |
ipv4_input(d0b6a200,e289f140,d0a489e0,e289f140) at ipv4_input+0x6eb |
| _ipintr(10,10,e289f140,e289f140,e28cbd38) at _ipintr+0x8d |
ipintr(10,10,e289f140,e289f140,e28cbd38) at ipintr+0x8d |
| Bad frame pointer: 0xe28cbcac |
Bad frame pointer: 0xe28cbcac |
| ddb> |
ddb> |
| </pre></blockquote> |
</pre></blockquote> |
|
|
| In the output, grep for the function name: |
In the output, grep for the function name: |
| |
|
| <blockquote><pre> |
<blockquote><pre> |
| $ <b>grep "<_pf_route>:" /tmp/pf.dis</b> |
$ <b>grep "<pf_route>:" /tmp/pf.dis</b> |
| 0000<b>7d88</b> <_pf_route>: |
0000<b>7d88</b> <pf_route>: |
| </pre></blockquote> |
</pre></blockquote> |
| |
|
| Take this first hex number <tt>7d88</tt> and add the offset <tt>0x263</tt> from |
Take this first hex number <tt>7d88</tt> and add the offset <tt>0x263</tt> from |
|
|
| 7feb |
7feb |
| </pre></blockquote> |
</pre></blockquote> |
| |
|
| Scroll down to that line (the assembler instruction should match the one |
Scroll down to the line <tt>7feb</tt>. |
| quoted in the <tt>Stopped at</tt> line), then up to the nearest C line number: |
The assembler instruction should match the one quoted in the <tt>Stopped at</tt> |
| |
line. |
| |
Then scroll up to the nearest C line number: |
| |
|
| <blockquote><pre> |
<blockquote><pre> |
| $ <b>more /tmp/pf.dis</b> |
$ <b>more /tmp/pf.dis</b> |
| /sys/net/pf.c:<b>3872</b> |
/sys/net/pf.c:<b>3872</b> |
| 7fe7: 0f b7 43 02 movzwl 0x2(%ebx),%eax |
7fe7: 0f b7 43 02 movzwl 0x2(%ebx),%eax |
| <b>7feb</b>: 8b 57 40 mov 0x40(%edi),%edx |
<b>7feb</b>: 8b 57 40 <b>mov 0x40(%edi),%edx</b> |
| 7fee: 39 d0 cmp %edx,%eax |
7fee: 39 d0 cmp %edx,%eax |
| 7ff0: 0f 87 92 00 00 00 ja 8088 <_pf_route+0x300> |
7ff0: 0f 87 92 00 00 00 ja 8088 <pf_route+0x300> |
| </pre></blockquote> |
</pre></blockquote> |
| |
|
| So, it's precisely line <tt>3872</tt> of <tt>pf.c</tt> that crashes: |
So, it's precisely line <tt>3872</tt> of <tt>pf.c</tt> that crashes: |
![[BACK]](/icons/back.gif){kind=icon}
Return to ddb.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www