Difference between revisions of "Disassembling the kernel"
(Created) |
(No difference)
|
Latest revision as of 10:36, 22 August 2008
This page describes how to obtain sufficient disassembling of your kernel when reporting a new BUG caught on a self-compiled kernel.
The objdump
utility[edit]
The main utility used to do it is the objdump
one. Most of the time it's enough just to run
# objdump -dr <the-binary-file-to-dump> > <the-output-file>
and the disassembled binary will be obtained.
Most often you'd need to provide the dump of the vmlinux
file like this:
# objdump -dr vmlinux-<kernel-version> > vmlinux.decoded
We'll need the vmlinux.decoded
file in this case.
Some hints that can be get from the kernel BUG report[edit]
Let's look at how a BUG report can look (in the dmesg
output)
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000044 printing eip: c05d575b *pde = 00000000 Oops: 0000 [#1] SMP Modules linked in: ... ... Call Trace: [<c0429ea3>] local_bh_enable+0x95/0xa4 ... [<c05bc1ba>] net_rx_action+0x8f/0x185 [<c05b1aa9>] kernel_sendmsg+0x2f/0x3d [<d0a7e24f>] xs_send_kvec+0x92/0x9a [sunrpc] [<c048e3bc>] destroy_inode+0x24/0x33 [<d0a7e38e>] xs_sendpages+0x82/0x128 [sunrpc] ... [<d0a80732>] rpc_async_schedule+0x0/0x8 [sunrpc] [<c0433d6a>] run_workqueue+0x78/0xf5 [<c0433de7>] worker_thread+0x0/0xdc ... [<c04371fb>] kthread+0x0/0x55 [<c0405913>] kernel_thread_helper+0x7/0x10 ======================= ... EIP: [<c05d575b>] ip_route_output_slow+0x40/0x6fa SS:ESP 0068:cf73bbbc
I've thrown away some unneeded info, so as you can see some function names in the stack trace are accompanied with the [sunrpc]
string. This is a module name, in you traces you can see some other modules. So, when you disassembled the vmlinux
file and attached this to the BUG report, very likely we'll ask you to disassemble the modules, that are seen in the stack trace, so you'd have to run the
# objdump -dr /lib/modules/<version>/<path>/<module-name>.ko > <module-name>.decoded
command and attach this module dump as well. Note, that the string
EIP: [<c05d575b>] ip_route_output_slow+0x40/0x6fa SS:ESP 0068:cf73bbbc
also contains the function name, that can also belong to some module.