how to debug- for Sharing Code and Text.

TEXT 31

how to debug

Guest on 4th February 2023 01:21:45 PM

Here is a brief look at how to debug from the screen
dump that occurs when the kernel panics..
Suppose the kernel dump provides an EIP address of
0xC8865270
Inspect /var/log/messages looking for where the driver
was last loaded. Suppose you find:
IA 5515: Alloc buffers is at c886235c
Then you know that the fault occurred at offset
0xc886235c
- 0xC8865270
==========
2f14
from ia_alloc_buffers
Now open the file atm.map and find
0x00000308 ia_alloc_buffers
This tells you the fault occured at offset....
0x00000308
+ 2f14
==========
321c
from the start of the module.
Now sort the map file by address and locate the relative
address of the fault...
36 0x00002ff4 ia_host_rx_intr
37 0x000032e0 ia_recv5u
This indicates that the fault occured in ia_host_rx_intr
since the fault address is greater than 0x00002ff4 but
less than 0x000032e0.
Finally find the relative address within ia_host_rx_intr
by subtracting:
0x321c
- 2ff4
======
0x228
To find the faulting instruction add -S to the CFLAGS in
the makefile, touch ia_rfred.c (which contains ia_host_rx_intr)
and run make. This creates ia_rfred.s. Now run
as -A ia_rfred.s > ia_rfred.lst
or
as -alh ia_..
creating an assembler listing.
Locate the start of the offending function in the listing:
959 .type ia_host_rx_intr,@function
960 ia_host_rx_intr:
961 0a90 55 pushl %ebp
962 0a91 57 pushl %edi
Here we see that it is at offset 0xa90 in the module
Add
0x0a90 The offset of ia_host_rx_intr
+0x0228 The offset of the fault relative to ia_host_rx_intr
=======
0xcb8 The offset of the fault relative to the start of the module
Find offset 0xcb8 in the listing
1133 0ca5 E8FCFFFF call ia5515_getvcc
1133 FF
1134 0caa 83C410 addl $16, %esp
1135 0cad 837C2414 cmpl $64, 20(%esp)
1135 40
1136 0cb2 761B jbe .L2251
1137 0cb4 8B442428 movl 40(%esp), %eax
1138 0cb8 8378081F cmpl $31, 8(%eax)
1139 0cbc 7E15 jle .L2239
The code string shown there 8378081F should match that at the bottom
of the original dump screen. Finally map that code back to
the source and hopefully figure out what the problem was.
ia5515_getvcc(rx_buf->desc->vci & R_VC_MASK, &vcc);
if ((len > 64) && (vcc->vci > 31))
/* (softc->vcctab[vcc->vci].r_ipaddr == 0)) */
{
/* softc->vcctab[vcc->vci].l_ipaddr = ia_ipfromvcc(vcc); */
ia5515_ips(softc, vcc, skb, 1);
}
if (vcc != NULL)
{
if ((len > 64) && (vcc->vci > 31))
Here some diagnostic code had been improperly inserted before
the check for null vcc and the attempt to dereference the
vcc pointer in 0cb8 8378081F cmpl $31, 8(%eax) caused
the fault.

Raw Paste

Here is a brief look at how to debug from the screen
dump that occurs when the kernel panics..

Suppose the kernel dump provides an EIP address of

0xC8865270

Inspect /var/log/messages looking for where the driver
was last loaded.  Suppose you find:

IA 5515: Alloc buffers is at c886235c

Then you know that the fault occurred at offset

0xc886235c
 - 0xC8865270
   ==========
         2f14

from ia_alloc_buffers

Now open the file atm.map and find

0x00000308                ia_alloc_buffers

This tells you the fault occured at offset....

0x00000308
  +     2f14
  ==========
        321c

from the start of the module.

Now sort the map file by address and locate the relative
address of the fault...

36  0x00002ff4                ia_host_rx_intr
    37  0x000032e0                ia_recv5u

This indicates that the fault occured in  ia_host_rx_intr
since the fault address is greater than 0x00002ff4 but
less than 0x000032e0.

Finally find the relative address within ia_host_rx_intr
by subtracting:

0x321c
 - 2ff4
 ======
  0x228

To find the faulting instruction add -S to the CFLAGS in
the makefile, touch ia_rfred.c (which contains  ia_host_rx_intr)
and run make.  This creates ia_rfred.s.  Now run

as -A ia_rfred.s > ia_rfred.lst
  or
  as -alh ia_..

creating an assembler listing.

Locate the start of the offending function in the listing:

959                    .type  ia_host_rx_intr,@function
 960                 ia_host_rx_intr:
 961 0a90 55            pushl %ebp
 962 0a91 57            pushl %edi

Here we see that it is at offset 0xa90 in the module

Add

0x0a90     The offset of ia_host_rx_intr
 +0x0228     The offset of the fault relative to ia_host_rx_intr
 =======
   0xcb8      The offset of the fault relative to the start of the module

Find offset 0xcb8 in the listing

1133 0ca5 E8FCFFFF     call  ia5515_getvcc
 1133      FF
 1134 0caa 83C410       addl  $16, %esp
 1135 0cad 837C2414     cmpl  $64, 20(%esp)
 1135      40
 1136 0cb2 761B         jbe   .L2251
 1137 0cb4 8B442428     movl  40(%esp), %eax
 1138 0cb8 8378081F     cmpl  $31, 8(%eax)
 1139 0cbc 7E15         jle   .L2239

The code string shown there  8378081F should match that at the bottom
of the original dump screen.  Finally map that code back to
the source and hopefully figure out what the problem was.

ia5515_getvcc(rx_buf->desc->vci & R_VC_MASK, &vcc);
      if ((len > 64) && (vcc->vci > 31))
              /*  (softc->vcctab[vcc->vci].r_ipaddr == 0)) */
      {
         /*  softc->vcctab[vcc->vci].l_ipaddr = ia_ipfromvcc(vcc); */
             ia5515_ips(softc, vcc, skb, 1);
      }

if (vcc != NULL)
      {
         if ((len > 64) && (vcc->vci > 31))

Here some diagnostic code had been improperly inserted before
the check for null vcc and the attempt to dereference the
vcc pointer in   0cb8 8378081F     cmpl  $31, 8(%eax) caused
the fault.