A typical kernel crash on OpenBSD might look like this: - (things to watch for are marked with bold font)
! The first command to run from the ddb> prompt is trace ! (see ddb(4) for details):kernel: page fault trap, code=0 --- 123,128 ---- *************** *** 131,139 **** ddb>
! This crash happened at offset 0x263 in the function _pf_route. +ddb> trace _pf_route(e28cb7e4,e28bc978,2,1fad,d0b8b120) at _pf_route+0x263 --- 130,141 ---- ddb>
+ The first command to run from the + ddb(4) prompt is trace: +
ddb> trace _pf_route(e28cb7e4,e28bc978,2,1fad,d0b8b120) at _pf_route+0x263 *************** *** 157,196 **** do the following:! Find the source file where the crashing function is defined in. ! In this example, that would be pf_route() in sys/net/pf.c. ! Recompile that source file with debug information: ! !
! ! Then use objdump(1) to get the disassembly:! # cd /usr/src/sys/arch/$(uname -m)/compile/GENERIC ! # rm obj/pf.o ! # DEBUG=-g make pf.o !In the output, grep for the function name:! # objdump --line --disassemble --reloc obj/pf.o >pf.dis! Take this first hex number and add the offset from the Stopped at line: ! 0x7d88 + 0x263 == 0x7feb. !! # grep "<_pf_route>:" pf.dis 00007d88 <_pf_route>:Scroll down to that line (the assembler instruction should match the one quoted in the Stopped at line), then up to the nearest C line number:
! # more pf.dis ! /usr/src/sys/arch/i386/compile/GENERIC/../../../../net/pf.c:3872 7fe7: 0f b7 43 02 movzwl 0x2(%ebx),%eax 7feb: 8b 57 40 mov 0x40(%edi),%edx 7fee: 39 d0 cmp %edx,%eax --- 159,195 ---- do the following:! Find the source file where the crashing function is defined. ! In this example, that would be pf_route() in /sys/net/pf.c. ! Use objdump(1) to get the disassembly:
In the output, grep for the function name:! $ cd /sys/arch/$(uname -m)/compile/GENERIC ! $ objdump -dlr obj/pf.o >/tmp/pf.dis! Take this first hex number 7d88 and add the offset 0x263 from ! the Stopped at line: !! $ grep "<_pf_route>:" /tmp/pf.dis 00007d88 <_pf_route>:! Scroll down to that line (the assembler instruction should match the one quoted in the Stopped at line), then up to the nearest C line number:! $ printf '%x\n' $((0x7d88 + 0x263)) ! 7feb !! $ more /tmp/pf.dis ! /sys/net/pf.c:3872 7fe7: 0f b7 43 02 movzwl 0x2(%ebx),%eax 7feb: 8b 57 40 mov 0x40(%edi),%edx 7fee: 39 d0 cmp %edx,%eax *************** *** 200,212 **** So, it's precisely line 3872 of pf.c that crashes:! Note that the kernel that produced the crash output and the object file ! for objdump must be compiled from the exact same source file, otherwise ! the offsets won't match.! # cat -n pf.c | head -n 3872 | tail -n 1 ! 3872 if ((u_int16_t)ip->ip_len <= ifp->if_mtu) {If you provide both the ddb trace output and the relevant objdump section, --- 199,210 ---- So, it's precisely line 3872 of pf.c that crashes:
! The kernel that produced the crash output and the object file for objdump must ! be compiled from the exact same source file, otherwise the offsets won't match.! $ nl -ba /sys/net/pf.c | sed -n 3872p ! 3872 if ((u_int16_t)ip->ip_len <= ifp->if_mtu) {If you provide both the ddb trace output and the relevant objdump section,