20150430 调试分析之 根据内核报错信息栈信息分析错误

20150430 调试分析之 根据内核报错信息栈信息分析错误

2015-04-30 Lover雪儿

还是沿用上篇文章的程序,继续研究内核报错信息

文章地址:http://www.cnblogs.com/lihaiyan/p/4470353.html

错误驱动源文件:

加载错误驱动程序

 1 [email protected] /mnt/nfs/module/37_debug_err_led# echo 1 > /dev/errdule/37_debug_err_led# echo 1 > /dev/err_led_dev
 2 le kernel paging request at virtual address 43fac060
 3 pgd = c3b8c000
 4 [43fac060] *pgd=00000000
 5 Internal error: Oops: 5 [#1] PREEMPT
 6 Modules linked in: err_led gpio
 7 CPU: 0    Not tainted  (2.6.31-207-g7286c01 #694)
 8 PC is at key_open+0x18/0x54 [err_led]
 9 LR is at key_open+0x10/0x54 [err_led]
10 pc : [<bf006128>]    lr : [<bf006120>]    psr: 60000013
11 sp : c3bc1e70  ip : c04666e6  fp : 00095c98
12 r10: c31441e0  r9 : c3bc0000  r8 : c317a250
13 r7 : 00000000  r6 : c3a536a0  r5 : 000000  r2 : 00000000  r1 : 43facfff  r0 : 43fac000
14 Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
15 Control: 00000015
16 Process sh (pid: 1793, stack limit = 0xc3bc0270)
17 Stack0b 00000000
18 1e80: c3a7ef40 c31441e0 c317a250 00000000 c00bb7fc c380f0a0 c33c0b58 c00b66b4
19 1ea0: c3bc1ef8 c31441e0 c3861e60 c3bc1ef0 c3387000 00020242 c33c0b58 c00b76d4
20 1ec0: 00000000 c38 c00c4288 00000000 000001b6
21 1e0000000 c380f0a0 c33c0b58 b89cf420: 00000000 c00c5698 c3830820 fffffff7 be9ad704 c00c5d34 c3bc1f84 00020242
22 1f40: 000001b6 c31441e0 c381b980 00000003 c380f0a0 c33c0b58 00000000 00020241
23 1f0029f24 c3387000 00000003 00095c00000 000001b6 000932ac 00000001 00000005 c0029f24 c3bc0000
24 1fa0: 40138000 c0029da0 000001b6 000932ac 000932ac 00020241 000001b6 00000000
25 1fc0: 000001b6 000932ac 00000001 00000005 00000000 000933f8 40138000 00095c98
26 1f00d11e0 60000010 000932ac 00000000 00000000
27 [<bf006128>] (key_open+0x18/0x54 [err_led]) from [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4)
28 [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4) from [<c00b66b4>] (__dentry_open+0x18c/0x2ac)
29 [<cx2ac) from [<c00b76d4>] (nameida4>] (nameidata_to_filp+0x44/0x5c) from [<c00c4288>] (do_filp_open+0x3e4/0x7e8)
30 [<c00c4288>] (do_filp_open+0x3e4/0x7e8) from [<c00b6444>] (do_sys_open+0x5c/0x114)
31 [<c00b6444>] (do_sys_open+0x5c/0x114) from [<c0029da0>] (ret_fast_syscall+0x0/0x2c)
32 Code: e24dd004 eb41085c e59f1030 e59f0030 (e5113f9f)
33 ---[ end trace 01db7cfdfa76251c ]---
34 process ‘100‘ (pid 1793) exited. Scheduli811, tty ‘‘: ‘/sbin/getty -L ttymxc0 115200 vt100‘
35
36 arm-none-linux-gnueabi-gcc (GCC) 4.1.2
37 root filesystem buil0700
38 Freescale Semiconductor, Inc.

1.根据错误信息确定出PC指针地址,查到再/proc/kallsyms 它属于的函数

PC = bf006128;

1 [email protected] /mnt/nfs/module/37_debug_err_led# cat /proc/kallsyms > kallsyms.txt
2
3 在kallsyms .txt中查找bf006128
4 结果如下:
5 28487 bf006110 t key_open [err_led]
6 28488 bf006110 t $a   [err_led]
7 28489 bf006154 t $d   [err_led]
8 28490 bf006164 t $a   [err_led]
9 28491 bf006248 t $d   [err_led]

很显然,bf006128的地址属于也key_open函数

2.反汇编,

 1  84 00000110 <key_open>:
 2  85  110:   e52de004    str lr, [sp, #-4]!
 3  86  114:   e59f0038    ldr r0, [pc, #56]   ; 154 <.text+0x154>
 4  87  118:   e24dd004    sub sp, sp, #4  ; 0x4
 5  88  11c:   ebfffffe    bl  0 <printk>
 6  89  120:   e59f1030    ldr r1, [pc, #48]   ; 158 <.text+0x158>
 7  90  124:   e59f0030    ldr r0, [pc, #48]   ; 15c <.text+0x15c>
 8  91  128:   e5113f9f    ldr r3, [r1, #-3999]   //出错位置,从这儿开始,把栈信息全部从下开始打印
 9  92  12c:   e3c33007    bic r3, r3, #7  ; 0x7
10  93  130:   e5013f9f    str r3, [r1, #-3999]
11  94  134:   e5112f9f    ldr r2, [r1, #-3999]
12 ****************************
13  187769 c00bb7fc <chrdev_open>:
14  187770 c00bb7fc:   e92d45f0    stmdb   sp!, {r4, r5, r6, r7, r8, sl, lr}   栈为7个
15  187771 c00bb800:   e24dd00c    sub sp, sp, #12 ; 0xc       栈 7+3 = 10
16 ****************************
17  183387 c00b76d0:   ebfffb94    bl  c00b6528 <__dentry_open>
18  183388 c00b76d4:   e1a04000    mov r4, r0
19  183389 c00b76d8:   ea000000    b   c00b76e0 <nameidata_to_filp+0x50>
20 ****************************
21  182202 c00b6528 <__dentry_open>:
22  182203 c00b6528:   e92d45f0    stmdb   sp!, {r4, r5, r6, r7, r8, sl, lr}  栈为7个
23  182204 c00b652c:   e282c001    add ip, r2, #1  ; 0x1
24  182205 c00b6530:   e20cc003    and ip, ip, #3  ; 0x3
25  182206 c00b6534:   e38cc01c    orr ip, ip, #28 ; 0x1c
26  182207 c00b6538:   e24dd004    sub sp, sp, #4  ; 0x4    栈为8个
27  182208 c00b653c:   e59d7020    ldr r7, [sp, #32]
28 ****************************
29  198284 c00c5694:   e12fff3c    blx ip
30  198285 c00c5698:   e59f3054    ldr r3, [pc, #84]   ; c00c56f4 <.text+0x9c6f4>
31  198286 c00c569c:   e1500003    cmp r0, r3
32  182208 c00b653c:   e59d7020    ldr r7, [sp, #32]
33 ****************************
34  198708 c00c5d24:   e1a00004    mov r0, r4
35  198709 c00c5d28:   e1a0100c    mov r1, ip
36  198710 c00c5d2c:   e1a02006    mov r2, r6
37  198711 c00c5d30:   ebfffe4d    bl  c00c566c <vfs_ioctl>
38  198712 c00c5d34:   eaffffb8    b   c00c5c1c <do_vfs_ioctl+0x430>
39  198713 c00c5d38:   e3e0500d    mvn r5, #13 ; 0xd
40 ****************************
41  198273 c00c566c <vfs_ioctl>:
42  198274 c00c566c:   e92d4070    stmdb   sp!, {r4, r5, r6, lr}
43  198275 c00c5670:   e5903010    ldr r3, [r0, #16]
44  198276 c00c5674:   e1a04000    mov r4, r0
45 ****************************
46  198373 c00c57ec <do_vfs_ioctl>:
47  198374 c00c57ec:   e92d4370    stmdb   sp!, {r4, r5, r6, r8, r9, lr}  栈为6个
48  198375 c00c57f0:   e1a0c002    mov ip, r2
49  198376 c00c57f4:   e59f2588    ldr r2, [pc, #1416] ; c00c5d84 <.text+0x9cd84>
50  198377 c00c57f8:   e24dd040    sub sp, sp, #64 ; 0x40  栈为16个
51  198378 c00c57fc:   e15c0002    cmp ip, r2
52 ****************************
53   32805 c0029da0 <ret_fast_syscall>:
54   32806 c0029da0:   e321f093    msr CPSR_c, #147    ; 0x93
55   32807 c0029da4:   e5991000    ldr r1, [r9]
56   32808 c0029da8:   e31100ff    tst r1, #255    ; 0xff
57   32809 c0029dac:   1a000006    bne c0029dcc <fast_work_pending>
58   32810 c0029db0:   e59d1048    ldr r1, [sp, #72]
59   32811 c0029db4:   e5bde044    ldr lr, [sp, #68]!
60   32812 c0029db8:   e16ff001    msr SPSR_fsxc, r1
61   32813 c0029dbc:   e95d7ffe    ldmdb   sp, {r1, r2, r3, r4, r5, r6, r7, r8, r9,sl, fp, ip, sp, lr}^
62
63   32918 c0029f24 <sys_call_table>:
64   32919 c0029f24:   c0055348    andgt   r5, r5, r8, asr #6
65   32920 c0029f28:   c004ab8c    andgt   sl, r4, ip, lsl #23
66   32921 c0029f2c:   c002a50c    andgt   sl, r2, ip, lsl #10
67   32922 c0029f30:   c00b8cd0    ldrgtd  r8, [fp], -r0
68   32923 c0029f34:   c00b8d38    andgt   r8, fp, r8, lsr sp

根据栈地址分析汇编代码

 1 1e80: c3a7ef40 c31441e0 c317a250 00000000 c00bb7fc c380f0a0 c33c0b58 c00b66b4
 2                                    <chrdev_open>sp r4    r5       r6
 3 1ea0: c3bc1ef8 c31441e0 c3861e60 c3bc1ef0 c3387000 00020242 c33c0b58 c00b76d4
 4         r7       r8       sl      lr                            caller‘sp返回地址
 5 1ec0: 00000000 c38 c00c4288 00000000 000001b6
 6   __dentry_open‘s 向后数8个
 7 1e0000000 c380f0a0 c33c0b58 b89cf420: 00000000 c00c5698 c3830820
 8                                                vfs_ioctl向后数4个为返回地址
 9 fffffff7 be9ad704 c00c5d34 c3bc1f84 00020242
10                   do_vfs_ioctl‘sp 向后数22个为返回地址
11 1f40: 000001b6 c31441e0 c381b980 00000003 c380f0a0 c33c0b58 00000000 00020241
12 1f0029f24 c3387000 00000003 00095c00000 000001b6 000932ac 00000001 00000005 c0029f24 c3bc0000
13                                                                             sys_call_table
14 1fa0: 40138000 c0029da0 000001b6 000932ac 000932ac 00020241 000001b6 00000000
15                 ret_fast_syscall向后数14个
16 1fc0: 000001b6 000932ac 00000001 00000005 00000000 000933f8 40138000 00095c98
17 1fd0: c00d11e0 60000010 000932ac 00000000 00000000
18 [<bf006128>] (key_open+0x18/0x54 [err_led]) from [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4)
19 [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4) from [<c00b66b4>] (__dentry_open+0x18c/0x2ac)
20 [<cx2ac) from [<c00b76d4>] (nameida4>] (nameidata_to_filp+0x44/0x5c) from [<c00c4288>] (do_filp_open+0x3e4/0x7e8)
21 [<c00c4288>] (do_filp_open+0x3e4/0x7e8) from [<c00b6444>] (do_sys_open+0x5c/0x114)
22 [<c00b6444>] (do_sys_open+0x5c/0x114) from [<c0029da0>] (ret_fast_syscall+0x0/0x2c)

回溯信息

1 [<bf006128>] (key_open+0x18/0x54 [err_led]) from [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4)
2 [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4) from [<c00b66b4>] (__dentry_open+0x18c/0x2ac)
3 [<cx2ac) from [<c00b76d4>] (nameida4>] (nameidata_to_filp+0x44/0x5c) from [<c00c4288>] (do_filp_open+0x3e4/0x7e8)
4 [<c00c4288>] (do_filp_open+0x3e4/0x7e8) from [<c00b6444>] (do_sys_open+0x5c/0x114)
5 [<c00b6444>] (do_sys_open+0x5c/0x114) from [<c0029da0>] (ret_fast_syscall+0x0/0x2c)
6 Code: e24dd004 eb41085c e59f1030 e59f0030 (e5113f9f)

从上面的错误代码中发现代码调用顺序为:

key_open < ---- chrdev_open < --- do_filp_open < --- do_sys_open < --- ret_fast_syscall

时间: 2024-09-26 13:38:18

20150430 调试分析之 根据内核报错信息栈信息分析错误的相关文章

20150430 调试分析之 根据内核报错信息PC指针分析错误

20150430 调试分析之 根据内核报错信息PC指针分析错误 2015-04-30 Lover雪儿 大家写驱动的时候不知道有没有发现,当我们驱动写错了,发生内核奔溃时,会打印一大堆的报错信息, 如果再返回我们的程序中一行一行代码的检查,既耗费时间,并且有些逻辑上的错误,我们是很难看的出来的, 那我们能不能再这一大堆的报错信息中发现问题的所在呢? 此处我们来模拟一个错误,还是沿用上一篇文章中的驱动代码err_led.c的驱动程序中的代码修改错误,当然大家用其他的驱动代码做测试也可以. 博客地址:

windows 无法分析或处理 pass 报错问题汇总

日光月华 发表于 2015-2-9 22:02:42 https://www.itsk.com/thread-346404-1-1.html 系统封装失败遇到windows 无法分析或处理 pass [specialize] 的无人参与应答文件报错,此问题现在做一个汇总,未曾测试,如有错误和不正确的地方请反馈 1.错误产生原因:即按照过去封装XP的方法,先启用管理员帐户,然后禁用新建账户,注销以管理员账户登录,右键管理删除新建账户,                              再删

优化内核报错及解决方法

#optimizecat >>/etc/sysctl.conf<<EOF/proc/sys/net/core/rmem_default=8388608/proc/sys/net/core/rmem_max=8388608/proc/sys/net/core/wmem_default=16777216/proc/sys/net/core/wmem_max=16777216EOFsysctl -p 执行以上语句后,就报错. [[email protected] ~]# sysctl -

修改SELinux配置参数,重启后出现内核报错

今天下午,一台文件服务器重启之后.从其他主机上就不能FTP到这台文件服务器了.检查发现是SELinux的问题.同事把/etc/selinux/config中的参数SELINUXTYPE=targeted改成disabled之后,重启主机不成功,出现报错信息: Unable to load SELinux  Policy.  Machine is in enforcing Mode. Halting now. Kenel panic - not syncing :  Attempted to ki

Xcode6编译SDWebImage报错解决方法(SDWebImageDownloaderOperation.m错误)

报错:Use of undeclared identifier '_executing' / '_finished': 解决方法: 在SDWebImageDownloaderOperation类的实现中(@implementation里)添加: 1 @synthesize executing = _executing; 2 @synthesize finished = _finished; 即可.

ALERT日志中常见监听相关报错之二:ORA-3136错误的排查

近期在多个大型系统中遇到此问题,一般来说如果客户端未反映异常的话可以忽略的. 如果是客户端登陆时遇到ORA-12170: TNS:Connect timeout occurred,可以参考 http://blog.csdn.net/haibusuanyun/article/details/14517211#t12 ############### 参考MOS文档有: Troubleshooting Guide for TNS-12535 or ORA-12535 or ORA-12170 Erro

IE下 iframe子页面document.documentElement报错问题(未指明的错误。)

测试环境:IE8  jquery1.11.1 问题描述: 如果使用了<iframe>,并且在iframe页面中用到了jquery,那么在加载iframe页面时会报错.(未指明的错误) 经过排查,错误来自红色部分 "focus": function( elem ) {    return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) &&am

友善210开发板编译内核报错处理

首先说明我的宿主机环境:Fedora20 64位,开发板是友善Smart210(S5PV210——Cotex-A8)!!!马上入题! 按照开发板的用户手册来编译内核,一直报这个错误:/opt/FriendlyARM/toolschain/4.5.1/lib/gcc/arm-none-linux-gnueabi/4.5.1/../../../../arm-none-linux-gnueabi/bin/as:error while loading shared libraries: libz.so.

linux 内核报错解决

insmod: ERROR: could not insert module pf_ring.ko: File exists报该错误的时候说明linux内核已经加载了该文件. [[email protected] kernel]# rmmod pf_ringrmmod: ERROR: Module pf_ring is in use by: ixgbe说明pf_ring 已经在万兆网卡驱动上调用了. [[email protected] kernel]# rmmod ixgbe[[email p