crashdumps not working

Robert Watson rwatson at freebsd.org
Wed Dec 8 10:14:46 PST 2004 

On Wed, 8 Dec 2004, David Gilbert wrote:

> >>>>> "Robert" == Robert Watson <rwatson at freebsd.org> writes:
> 
> Robert> This is a NULL pointer dereference; you can use addr2line or
> Robert> gdb on your kernel.debug to turn it into a line number even
> Robert> without a core.  That might well be worth doing, as we might
> Robert> be able to debug that even without getting dumping working on
> Robert> the box.
> 
> If I had an address and a debug kernel, how is this done? 

There are at least three ways you can do this, depending on the amount of
information you have, and what you're trying to find out.  Suppose you get
a fault and the trap shows the instruction pointer is 0xc052fb46.  You can
use: 

(1) addr2line(1) converts an address and a executable with debugging
    information to a line number.  Assuming your kernel and source are
    properly in sync, etc, you can do:

        % addr2line --exe=kernel.debug 0xc052fb46
        ../../../kern/subr_prf.c:297

(2) gdb(1) can be used on the debugging kernel, and can often return more
    useful context information.  For example:

    % gdb kernel.debug
    ...
    This GDB was configured as "i386-marcel-freebsd"...
    (gdb) l *0xc052fb46
    0xc052fb46 is in printf (../../../kern/subr_prf.c:297).
    292             consintr = 0;
    293             va_start(ap, fmt);
    294             pca.tty = NULL;
    295             pca.flags = TOCONS | TOLOG;
    296             pca.pri = -1;
    297             retval = kvprintf(fmt, putchar, &pca, 10, ap);
    298             va_end(ap);
    299             if (!panicstr)
    300                     msgbuftrigger = 1;
    301             consintr = savintr;             /* reenable interrupts */

    gdb is a little more savvy about telling you about macros, inlines,
    etc, and gives you a bit of line context, so I've found it very
    helpful. 

(3) If you don't have debugging symbols, you can often identify at least
    the function that nm(1), you can run nm on the binary, and then search
    down through the sumbols until you find the closest address match
    before the address.  I.e.:

    % nm kernel.debug | more
    ...
    c06f9f80 d print_message
    c067caf0 T printcpuinfo
    c052fb38 T printf
    c0523104 T printf_uuid
    c05019f4 T prison_check

    So the pointer is between printf() and printf_uuid().

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Principal Research Scientist, McAfee Research

More information about the freebsd-stable mailing list