www/ddb.html - diff

Return to ddb.html CVS log

Up to [local] / www

Diff for /www/ddb.html between version 1.16 and 1.17

version 1.16, 2016/11/19 13:15:10

version 1.17, 2017/02/06 17:24:32

Line 123

<h3>How do I gather further information from a kernel crash?</h3>

A typical kernel crash on OpenBSD might look like this:

(things to watch for are marked with bold font)

kernel: page fault trap, code=0

Line 131

Line 130

ddb>

</pre></blockquote>

The first command to run from the <tt>ddb></tt> prompt is <tt>trace</tt>

This crash happened at offset <tt>0x263</tt> in the function <tt>_pf_route</tt>.

(see <a href="http://man.openbsd.org/ddb">ddb(4)</a> for details):

The first command to run from the

<a href="http://man.openbsd.org/ddb">ddb(4)</a> prompt is <tt>trace</tt>:

ddb> trace

_pf_route(e28cb7e4,e28bc978,2,1fad,d0b8b120) at _pf_route+0x263

Line 157

Line 159

do the following:

Find the source file where the crashing function is defined in.

Find the source file where the crashing function is defined.

In this example, that would be <tt>pf_route()</tt> in <tt>sys/net/pf.c</tt>.

In this example, that would be <tt>pf_route()</tt> in <tt>/sys/net/pf.c</tt>.

Recompile that source file with debug information:

Use <a href="http://man.openbsd.org/objdump">objdump(1)</a> to get the

# cd /usr/src/sys/arch/$(uname -m)/compile/GENERIC

# rm obj/pf.o

# DEBUG=-g make pf.o

</pre></blockquote>

Then use <a href="http://man.openbsd.org/objdump">objdump(1)</a> to get the

disassembly:

# objdump --line --disassemble --reloc obj/pf.o >pf.dis

$ cd /sys/arch/$(uname -m)/compile/GENERIC

$ objdump -dlr obj/pf.o >/tmp/pf.dis

</pre></blockquote>

In the output, grep for the function name:

# grep "<_pf_route>:" pf.dis

$ grep "<_pf_route>:" /tmp/pf.dis

00007d88 <_pf_route>:

</pre></blockquote>

Take this first hex number and add the offset from the <tt>Stopped at</tt> line:

Take this first hex number <tt>7d88</tt> and add the offset <tt>0x263</tt> from

<tt>0x7d88 + 0x263 == 0x7feb</tt>.

the <tt>Stopped at</tt> line:

$ printf '%x\n' $((0x7d88 + 0x263))

7feb

</pre></blockquote>

Scroll down to that line (the assembler instruction should match the one

quoted in the <tt>Stopped at</tt> line), then up to the nearest C line number:

# more pf.dis

$ more /tmp/pf.dis

/usr/src/sys/arch/i386/compile/GENERIC/../../../../net/pf.c:3872

/sys/net/pf.c:3872

7fe7: 0f b7 43 02 movzwl 0x2(%ebx),%eax

7feb: 8b 57 40 mov 0x40(%edi),%edx

7fee: 39 d0 cmp %edx,%eax

Line 200

Line 199

So, it's precisely line <tt>3872</tt> of <tt>pf.c</tt> that crashes:

# cat -n pf.c | head -n 3872 | tail -n 1

$ nl -ba /sys/net/pf.c | sed -n 3872p

3872 if ((u_int16_t)ip->ip_len <= ifp->if_mtu) {

</pre></blockquote>

Note that the kernel that produced the crash output and the object file

The kernel that produced the crash output and the object file for objdump must

for objdump must be compiled from the exact same source file, otherwise

be compiled from the exact same source file, otherwise the offsets won't match.

the offsets won't match.

If you provide both the ddb trace output and the relevant objdump section,