===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/ddb.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -c -r1.19 -r1.20
*** www/ddb.html 2017/06/26 17:18:57 1.19
--- www/ddb.html 2018/09/05 14:27:12 1.20
***************
*** 83,99 ****
Under some circumstances, you may lose the very first message of a panic,
stating the reason for the panic.
!
ddb> show panic
0: kernel: page fault trap, code=0
ddb>
!
Note for SMP systems
You should get a trace from each processor as part of your report:
!
ddb{0}> trace
pool_get(d05e7c20,0,dab19ef8,d0169414,80) at pool_get+0x226
fxp_add_rfabuf(d0a62000,d3c12b00,dab19f10,dab19f10) at fxp_add_rfabuf+0xa5
--- 83,99 ----
Under some circumstances, you may lose the very first message of a panic,
stating the reason for the panic.
!
ddb> show panic
0: kernel: page fault trap, code=0
ddb>
!
Note for SMP systems
You should get a trace from each processor as part of your report:
!
ddb{0}> trace
pool_get(d05e7c20,0,dab19ef8,d0169414,80) at pool_get+0x226
fxp_add_rfabuf(d0a62000,d3c12b00,dab19f10,dab19f10) at fxp_add_rfabuf+0xa5
***************
*** 115,121 ****
--- interrupt ---
idle_loop+0x21:
ddb{1}>
!
Repeat the machine ddbcpu x followed by trace for each
processor in your machine.
--- 115,121 ----
--- interrupt ---
idle_loop+0x21:
ddb{1}>
!
Repeat the machine ddbcpu x followed by trace for each
processor in your machine.
***************
*** 124,134 ****
A typical kernel crash on OpenBSD might look like this:
!
kernel: page fault trap, code=0
Stopped at pf_route+0x263: mov 0x40(%edi),%edx
ddb>
!
This crash happened at offset 0x263 in the function pf_route.
--- 124,134 ----
A typical kernel crash on OpenBSD might look like this:
!
kernel: page fault trap, code=0
Stopped at pf_route+0x263: mov 0x40(%edi),%edx
ddb>
!
This crash happened at offset 0x263 in the function pf_route.
***************
*** 136,142 ****
The first command to run from the
ddb(4) prompt is trace:
!
ddb> trace
pf_route(e28cb7e4,e28bc978,2,1fad,d0b8b120) at pf_route+0x263
pf_test(2,1f4ad,e28cb7e4,b4c1) at pf_test+0x706
--- 136,142 ----
The first command to run from the
ddb(4) prompt is trace:
!
ddb> trace
pf_route(e28cb7e4,e28bc978,2,1fad,d0b8b120) at pf_route+0x263
pf_test(2,1f4ad,e28cb7e4,b4c1) at pf_test+0x706
***************
*** 150,156 ****
ipintr(10,10,e289f140,e289f140,e28cbd38) at ipintr+0x8d
Bad frame pointer: 0xe28cbcac
ddb>
!
This tells us what function calls lead to the crash.
--- 150,156 ----
ipintr(10,10,e289f140,e289f140,e28cbd38) at ipintr+0x8d
Bad frame pointer: 0xe28cbcac
ddb>
!
This tells us what function calls lead to the crash.
***************
*** 164,209 ****
Use objdump(1) to get the
disassembly:
!
$ cd /sys/arch/$(uname -m)/compile/GENERIC
$ objdump -dlr obj/pf.o >/tmp/pf.dis
!
In the output, grep for the function name:
!
$ grep "<pf_route>:" /tmp/pf.dis
00007d88 <pf_route>:
!
Take this first hex number 7d88 and add the offset 0x263 from
the Stopped at line:
!
$ printf '%x\n' $((0x7d88 + 0x263))
7feb
!
Scroll down to the line 7feb.
The assembler instruction should match the one quoted in the Stopped at
line.
Then scroll up to the nearest C line number:
!
$ more /tmp/pf.dis
/sys/net/pf.c:3872
7fe7: 0f b7 43 02 movzwl 0x2(%ebx),%eax
7feb: 8b 57 40 mov 0x40(%edi),%edx
7fee: 39 d0 cmp %edx,%eax
7ff0: 0f 87 92 00 00 00 ja 8088 <pf_route+0x300>
!
So, it's precisely line 3872 of pf.c that crashes:
!
$ nl -ba /sys/net/pf.c | sed -n 3872p
3872 if ((u_int16_t)ip->ip_len <= ifp->if_mtu) {
!
The kernel that produced the crash output and the object file for objdump must
be compiled from the exact same source file, otherwise the offsets won't match.
--- 164,209 ----
Use objdump(1) to get the
disassembly:
!
$ cd /sys/arch/$(uname -m)/compile/GENERIC
$ objdump -dlr obj/pf.o >/tmp/pf.dis
!
In the output, grep for the function name:
!
$ grep "<pf_route>:" /tmp/pf.dis
00007d88 <pf_route>:
!
Take this first hex number 7d88 and add the offset 0x263 from
the Stopped at line:
!
$ printf '%x\n' $((0x7d88 + 0x263))
7feb
!
Scroll down to the line 7feb.
The assembler instruction should match the one quoted in the Stopped at
line.
Then scroll up to the nearest C line number:
!
$ more /tmp/pf.dis
/sys/net/pf.c:3872
7fe7: 0f b7 43 02 movzwl 0x2(%ebx),%eax
7feb: 8b 57 40 mov 0x40(%edi),%edx
7fee: 39 d0 cmp %edx,%eax
7ff0: 0f 87 92 00 00 00 ja 8088 <pf_route+0x300>
!
So, it's precisely line 3872 of pf.c that crashes:
!
$ nl -ba /sys/net/pf.c | sed -n 3872p
3872 if ((u_int16_t)ip->ip_len <= ifp->if_mtu) {
!
The kernel that produced the crash output and the object file for objdump must
be compiled from the exact same source file, otherwise the offsets won't match.