I am trying to debug the Linux kernel, specifically the bluetooth kernel module. I want to step through the code in net/bluetooth/l2cap_core.c
- Host machine: linux mint 18.3 (running in VM).
- Target machine: raspberry pi 3b+
I compiled the kernel with debugging symbols on the host machine, using cross-compile tools. Loaded the kernel on the pi, it boots just fine, and I can see my target symbol l2cap_parse_conf_rsp in /proc/kallsyms
# grep l2cap_parse_conf_rsp /proc/kallsyms
bf2b67c4 t l2cap_parse_conf_rsp [bluetooth]
I set the breakpoint in KDB.
kdb> bp l2cap_parse_conf_rsp
Instruction(i) BP #0 at 0xbf2a77c4 ([bluetooth]l2cap_parse_conf_rsp)
is enabled addr at 00000000bf2a77c4, hardtype=0 installed=0
kdb> go
I send a bluetooth packet, and cause the breakpoint to trigger. Once we drop into KDB shell, I switch to KGDB mode.
#
Entering kdb (current=0xda4aa8e0, pid 201) due to Breakpoint @ 0xbf2a77c4
kdb>kgdb
Entering please attach debugger or use $D#44+ or $3#33
On the host machine where I compiled the kernel, I run gdb-multiarch ./vmlinux. I load the symbol address using lx-symbols. The symbols appears to have loaded correctly:
(gdb) info symbol l2cap_parse_conf_rsp
__UNIQUE_ID_alias38 + 43 in section .modinfo of /home/alex/pi/linux/drivers/bluetooth/btusb.ko
__this_module + 172 in section .gnu.linkonce.this_module of /home/alex/pi/linux/drivers/net/wireless/broadcom/brcm80211/brcmutil/brcmutil.ko
l2cap_parse_conf_rsp in section .text.unlikely of /home/alex/pi/linux/net/bluetooth/bluetooth.ko
__UNIQUE_ID_maximum_substreams19 + 14 in section .modinfo of /home/alex/pi/linux/sound/core/snd-pcm.ko
trace_event_define_fields_cfg80211_ready_on_channel + 204 in section .init.text of /home/alex/pi/linux/net/wireless/cfg80211.ko
__ksymtab_snd_unregister_oss_device + 4 in section __ksymtab of /home/alex/pi/linux/sound/core/snd.ko
__UNIQUE_ID_vermagic8 + 46 in section .modinfo of /home/alex/pi/linux/net/rfkill/rfkill.ko
____versions + 588 in section __versions of /home/alex/pi/linux/drivers/char/broadcom/bcm2835-gpiomem.ko
____versions + 724 in section __versions of /home/alex/pi/linux/drivers/regulator/fixed.ko
____versions + 560 in section __versions of /home/alex/pi/linux/drivers/uio/uio_pdrv_genirq.ko
ipv6_addr_label_rtnl_register + 76 in section .init.text of /home/alex/pi/linux/net/ipv6/ipv6.ko
(gdb)
I can even see the source code:
(gdb) list l2cap_parse_conf_rsp
3516 return ptr - data;
3517 }
3518
3519 static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
3520 void *data, u16 *result)
3521 {
3522 struct l2cap_conf_req *req = data;
3523 void *ptr = req->data;
3524 int type, olen;
3525 unsigned long val;
However, gdb isn't able to pull in that information when I step through the code. For example, when I print the backtrace, the current function shows as ??
(gdb) bt
#0 0xbf2ae7c4 in ?? ()
#1 0xbf299a14 in l2cap_config_rsp (data=<optimized out>, cmd_len=<optimized out>, cmd=<optimized out>, conn=<optimized out>)
at net/bluetooth/l2cap_core.c:4176
#2 0xbf29ad90 in l2cap_recv_acldata (hcon=<optimized out>, skb=0xd856a240, flags=<optimized out>) at net/bluetooth/l2cap_core.c:7567
#3 0xbf26f9cc in hci_acldata_packet (skb=<optimized out>, hdev=<optimized out>) at net/bluetooth/hci_core.c:4018
#4 hci_rx_work (work=0xda4b5760) at net/bluetooth/hci_core.c:4194
#5 0xc0037f54 in process_one_work (worker=0xd7c10c00, work=0xda4b5760) at kernel/workqueue.c:2096
#6 0xc0038344 in worker_thread (__worker=0xda5d2ae0) at kernel/workqueue.c:2230
#7 0xc003dcc4 in kthread (_create=0xd8995340) at kernel/kthread.c:211
#8 0xc000fba8 in ret_from_fork () at arch/arm/kernel/entry-common.S:118
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
What am I missing? How can I tell GDB that address 0xbf2ae7c4 corresponds to symbol l2cap_parse_conf_rsp?
