-
Notifications
You must be signed in to change notification settings - Fork 451
Resolving a kernel backtrace
Saeed Noursalehi edited this page Oct 4, 2018
·
1 revision
Here are the steps to get a useful callstack when your kext causes a kernel panic:
-
Open Console, click on System Reports, find the panic report with the correct timestamp
-
Find the start/end addresses of PrjFSKext (the final two values here):
Kernel Extensions in backtrace:
io.gvfs.PrjFSKext(0.1)[4A277DBB-F95C-3267-9A5A-4570EC932348]@0xffffff7f9f941000->0xffffff7f9f945fff
- In the backtrace, find the return addresses that fall within the range of PrjFSKext's addresses:
Backtrace (CPU 1), Frame : Return Address
0xffffff921b6ba960 : 0xffffff801a06b6f6
0xffffff921b6ba9b0 : 0xffffff801a196f54
0xffffff921b6ba9f0 : 0xffffff801a188c39
0xffffff921b6baa70 : 0xffffff801a01d190
0xffffff921b6baa90 : 0xffffff801a06b1cc
0xffffff921b6babc0 : 0xffffff801a06af4c
0xffffff921b6bac20 : 0xffffff801a188e21
0xffffff921b6bada0 : 0xffffff801a01d190
0xffffff921b6badc0 : 0xffffff801a1472e0
0xffffff921b6baeb0 : 0xffffff7f9f9423fc <-- these two
0xffffff921b6baed0 : 0xffffff7f9f941c67 <-- addresses are ours
0xffffff921b6bb380 : 0xffffff801a4f95d4
0xffffff921b6bb3e0 : 0xffffff801a27eb3c
0xffffff921b6bb6d0 : 0xffffff801a281782
0xffffff921b6bbcd0 : 0xffffff801a283e7f
0xffffff921b6bbee0 : 0xffffff801a283d50
0xffffff921b6bbf40 : 0xffffff801a60da48
0xffffff921b6bbfa0 : 0xffffff801a01d976
- In a bash terminal, run the following command:
atos -o <path to PrjFSKext> -l <start address> <list of addresses to resolve>
For the specific example above and my PrjFSKextpath:
atos -o ~/Repos/VFSForGit/BuildOutput/ProjFS.Mac/Native/Build/Products/Debug/debug.PrjFSKext.kext/Contents/MacOS/PrjFSKext -l 0xffffff7f9f941000 0xffffff7f9f9423fc 0xffffff7f9f941c67