Hi all,
I am attempting to symbolize a kernel panic.
My standard technique involves loading the symbol-rich version of the correct kernel and the correct build of my kext (“correct” being defined as UUIDs matching those in the panic log), telling lldb the slide of the kernel and the load address of the kext, and then disassembling the machine code near a return address and finding the predeceasing callq instruction.
In this panic log, however, there appears to be no mention of a kernel slide. The panic log is roughly:
panic(cpu 0 caller 0xffffff80002c4dd5): "Double fault at 0xffffff7f807e86e2, registers:\n" "CR0: 0x000000008001003b, CR2: 0xffffff802469fe78, CR3: 0x0000000000100000, CR4: 0x00000000000606e0\n" "RAX: 0xffffff80246a0578, RBX: 0x0000000000000000, RCX: 0x0000000000000001, RDX: 0x0000000000000000\n" "RSP: 0xffffff802469fe80, RBP: 0xffffff80246a0330, RSI: 0xffffff8005e47f10, RDI: 0x0000000000000001\n" "R8: 0xffffff801bdd8000, R9: 0xffffff80246a055c, R10: 0xffffff80246a0558, R11: 0xad5d9ee775b369f0\n" "R12: 0xffffff8003e39248, R13: 0x0000000000000001, R14: 0xffffff8007f44020, R15: 0x0000000000000000\n" "RFL: 0x0000000000010282, RIP: 0xffffff7f807e86e2, CS: 0x0000000000000008, SS: 0x0000000000000010\n" "Error code: 0x0000000000000000\n"@/SourceCache/xnu/xnu-1699.32.7/osfmk/i386/trap_native.c:278 < snip: backtrace, with my kext > Darwin Kernel Version 11.4.2: Thu Aug 23 16:25:48 PDT 2012; root:xnu-1699.32.7~1/RELEASE_X86_64 Kernel UUID: FF3BB088-60A4-349C-92EA-CA649C698CE5 System model name: VMware7,1 (440BX Desktop Reference Platform)
Some observations:
1) Where it says “Double fault at 0xffffff7f807e86e2” — that pointer is within the range of my kext where it was loaded at the time of the panic. 1) The kernel debug kit for 10.7.5 (couldn’t find 11G63 on the developer portal, so I used 11G56) was published before Apple switched from gdb to lldb. Not sure what kind of an issue that represents.
So, two questions:
1) Can I use lldb even though the KDK was intended for use with gdb? 2) Is there a way to symbolize a panic log without the kext slide?
Thanks, - Andrew Keller
|