Solaris process crashed debug 範例
DEV901 /export/spare/cts>coreadm -e process
coreadm�G�z������ root �~������ -[giedu] �ﶵ 必須用root
DEV901 /export/spare/cts>su -
Password:
#Sun Microsystems Inc. SunOS 5.8 Generic Patch December 2002
DEV901 />coreadm -e process
DEV901 />exit
DEV901 /export/spare/cts>vi crashed.c
"crashed.c" 10 ��, 139 �Ӧr��
#include
int main(int argc, char* argv[])
{
int *a=0;
printf("start...\n");
printf("%s",a); crashed 的地方
return 0;
}
~
~
"crashed.c" 10 ��, 148 �Ӧr��
-g參數確保pstack 可以查出問題所在
DEV901 /export/spare/cts>cc -o crashed crashed.c –g
ELF的檔案類型
DEV901 /export/spare/cts>file crashed
crashed: ELF 32-�줸 MSB �i���� SPARC ���� 1, �ʺA�s��, �����h DEV901 /export/spare/cts>./crashed
start...
Segmentation Fault (core dumped) 產生core file了
DEV901 /export/spare/cts>coreadm
�����֤��ɮϼˡG/var/core/core.%f.%p
init �֤��ɮϼˡGcore.%f
�����֤߶ɦL�Gdisabled
�C�ӳB�z�֤߶ɦL�Genabled 確認會產生core file
���� setid �֤߶ɦL�Gdisabled
�C�ӳB�z setid �֤߶ɦL�Gdisabled
�����֤߶ɦL�O���Gdisabled
DEV901 /export/spare/cts>cat /etc/coreadm.conf
#
# coreadm.conf
#
# Parameters for system core file configuration.
# Do NOT edit this file by hand -- use coreadm(1) instead.
#
COREADM_GLOB_PATTERN=/var/core/core.%f.%p
COREADM_INIT_PATTERN=core.%f 產生core file檔名
COREADM_GLOB_ENABLED=no
COREADM_PROC_ENABLED=yes 確認會產生core file
COREADM_GLOB_SETID_ENABLED=no
COREADM_PROC_SETID_ENABLED=no
COREADM_GLOB_LOG_ENABLED=no
DEV901 /export/spare/cts>ls -l core.crashed
-rw------- 1 cts staff 80360 11�� 9 11:16 core.crashed
DEV901 /export/spare/cts>pstack core.crashed
core 'core.crashed' of 23061: ./crashed
這個位置發生core dump
ff2b3218 strlen (0, ffbefad0, 0, ff33f789, 0, 10702) + 80
ff308188 printf (10700, ff340284, ff343a54, 0, 22318, ff29bc20) + f4
000106a8 main (1, ffbefb54, ffbefb5c, 20800, 0, 0) + 30
00010650 _start (0, 0, 0, 0, 0, 0) + 108
DEV901 /export/spare/cts>pmap core.crashed
core 'core.crashed' of 23061: ./crashed
00010000 8K read/exec /export/spare/cts/crashed
00020000 8K read/write/exec /export/spare/cts/crashed
相對於symbol table的位置,應該在FF280000之後
FF280000 688K read/exec /usr/lib/libc.so.1
FF33C000 32K read/write/exec /usr/lib/libc.so.1
FF380000 8K read/write/exec /usr/lib/libdl.so.1
FF390000 8K read/exec /usr/platform/sun4u-us3/lib/libc_psr.so.1
FF3A0000 176K read/exec /usr/lib/ld.so.1
FF3DC000 8K read/write/exec /usr/lib/ld.so.1
FF3DE000 8K read/write/exec /usr/lib/ld.so.1
FFBEE000 8K read/write/exec [ stack ]
total 952K
DEV901 /export/spare/cts>elfdump -s /usr/lib/libc.so.1 | grep strlen
[1965] 0x00033198 0x000000f0 FUNC GLOB D 30 .text strlen
[723] 0x00000000 0x00000000 FILE LOCL D 0 ABS strlen.s
[2129] 0x0007c6b4 0x0000002c FUNC LOCL D 0 .text mini_strlen
[4677] 0x00033198 0x000000f0 FUNC GLOB D 0 .text strlen
0xFF280000 + 0x00033198 + 80 = 0xFF2b3218
從上面可以看到,strlen crashed的位置是如何被找出來的。從pstack可以得到0xFF2b3218,透過pmap找出symbol table中,crashed的base address應該落於0xFF280000(屬於libc.so.1),因為libc.so.1以及./crashed都是ELF檔案,所以用elfdump找出其中的symbol位置,最後發現在0x0033198。而因為pstack有再記載crashed address是位在其base address所在symbol再+0x80之偏移量,所以算出這樣結果。(也就是global strlen()是發生問題所在,但並不表示他有BUG)
2010年11月9日 星期二
Solaris process crashed debug 範例
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言