[Crash-utility] Getting dissassembly from .o or .ko file
Dave Anderson
anderson at redhat.com
Thu Feb 14 20:35:45 UTC 2013
----- Original Message -----
>
> Hello,
>
> I have a kernel panic that prints a backtrace, but no kernel dump.
> The lines in the backtrace has the usual format:
>
> [<addr1>] ? func1+num1/num2 [module1]
>
> I understand that num1 is the address offset from the beginning of
> func1. What is num2?
The num2 value is the size in bytes of the whole function.
>
> I tried to narrow down the location in func1() by doing the following
> steps:
>
> loaded file1.o file into gdb and issued a "disassemble func1".
> The disassembled version of func1, the lines pertaining to function
> calls in func1() has the following format:
>
> ...............callq num3 <func1+num4> <====
>
> And NOT the following format I am used to:
>
> .................callq <addr2> <func2>
> (func2 is a function called from within func1)
>
> My question is related to line marked with <====
>
> - Looking closely as the values of num3 and num4, the instruction
> seems to point to a location somewhere in func1 itself, and not the
> called function- func2. I must be reading the instruction wrong? How
> does one interpret the "calls" instruction.
No, you are reading the instruction correctly. (unresolved)
> - I understand I can't get something like addr2 in the line marked
> with <==== as the object file is not linked to the kernel. However,
> is there any way or tools I can use so the function name shows up in
> the the line <====. That would make it easier for me to understand
> the disassembled code.
>
> Using gdb on the kernel module (*.ko) did not make a difference in
> the disassemble output.
You might try the "list" command to show "what's around" a particular
address.
Taking this simple example, if you want to know what function is being
called from nfs_cache_destroy+9:
(gdb) disass nfs_cache_destroy
Dump of assembler code for function nfs_cache_destroy:
0x0000000000016750 <+0>: callq 0x16755 <nfs_cache_destroy+5>
0x0000000000016755 <+5>: push %rbp
0x0000000000016756 <+6>: mov %rsp,%rbp
0x0000000000016759 <+9>: callq 0x1675e <nfs_cache_destroy+14>
0x000000000001675e <+14>: pop %rbp
0x000000000001675f <+15>: retq
End of assembler dump.
(gdb)
Pass the address that is performing the callq to the list
command like this:
(gdb) list *0x0000000000016759
0x16759 is in nfs_cache_destroy (fs/nfs/cache_lib.c:164).
159 sunrpc_init_cache_detail(cd);
160 }
161
162 void nfs_cache_destroy(struct cache_detail *cd)
163 {
164 sunrpc_destroy_cache_detail(cd);
165 }
(gdb)
And it's obvious in this case that it's calling sunrpc_destroy_cache_detail().
Dave
More information about the Crash-utility
mailing list