20150430 调试分析之 根据内核报错信息栈信息分析错误

20150430 调试分析之 根据内核报错信息栈信息分析错误

2015-04-30 Lover雪儿


还是沿用上篇文章的程序,继续研究内核报错信息

文章地址:http://www.cnblogs.com/lihaiyan/p/4470353.html

错误驱动源文件:

加载错误驱动程序

 1 root@EasyARM-iMX257 /mnt/nfs/module/37_debug_err_led# echo 1 > /dev/errdule/37_debug_err_led# echo 1 > /dev/err_led_dev 
 2 le kernel paging request at virtual address 43fac060
 3 pgd = c3b8c000
 4 [43fac060] *pgd=00000000
 5 Internal error: Oops: 5 [#1] PREEMPT
 6 Modules linked in: err_led gpio
 7 CPU: 0    Not tainted  (2.6.31-207-g7286c01 #694)
 8 PC is at key_open+0x18/0x54 [err_led]
 9 LR is at key_open+0x10/0x54 [err_led]
10 pc : [<bf006128>]    lr : [<bf006120>]    psr: 60000013
11 sp : c3bc1e70  ip : c04666e6  fp : 00095c98
12 r10: c31441e0  r9 : c3bc0000  r8 : c317a250
13 r7 : 00000000  r6 : c3a536a0  r5 : 000000  r2 : 00000000  r1 : 43facfff  r0 : 43fac000
14 Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
15 Control: 00000015
16 Process sh (pid: 1793, stack limit = 0xc3bc0270)
17 Stack0b 00000000 
18 1e80: c3a7ef40 c31441e0 c317a250 00000000 c00bb7fc c380f0a0 c33c0b58 c00b66b4 
19 1ea0: c3bc1ef8 c31441e0 c3861e60 c3bc1ef0 c3387000 00020242 c33c0b58 c00b76d4 
20 1ec0: 00000000 c38 c00c4288 00000000 000001b6 
21 1e0000000 c380f0a0 c33c0b58 b89cf420: 00000000 c00c5698 c3830820 fffffff7 be9ad704 c00c5d34 c3bc1f84 00020242 
22 1f40: 000001b6 c31441e0 c381b980 00000003 c380f0a0 c33c0b58 00000000 00020241 
23 1f0029f24 c3387000 00000003 00095c00000 000001b6 000932ac 00000001 00000005 c0029f24 c3bc0000 
24 1fa0: 40138000 c0029da0 000001b6 000932ac 000932ac 00020241 000001b6 00000000 
25 1fc0: 000001b6 000932ac 00000001 00000005 00000000 000933f8 40138000 00095c98 
26 1f00d11e0 60000010 000932ac 00000000 00000000 
27 [<bf006128>] (key_open+0x18/0x54 [err_led]) from [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4)
28 [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4) from [<c00b66b4>] (__dentry_open+0x18c/0x2ac)
29 [<cx2ac) from [<c00b76d4>] (nameida4>] (nameidata_to_filp+0x44/0x5c) from [<c00c4288>] (do_filp_open+0x3e4/0x7e8)
30 [<c00c4288>] (do_filp_open+0x3e4/0x7e8) from [<c00b6444>] (do_sys_open+0x5c/0x114)
31 [<c00b6444>] (do_sys_open+0x5c/0x114) from [<c0029da0>] (ret_fast_syscall+0x0/0x2c)
32 Code: e24dd004 eb41085c e59f1030 e59f0030 (e5113f9f) 
33 ---[ end trace 01db7cfdfa76251c ]---
34 process '100' (pid 1793) exited. Scheduli811, tty '': '/sbin/getty -L ttymxc0 115200 vt100'
35 
36 arm-none-linux-gnueabi-gcc (GCC) 4.1.2
37 root filesystem buil0700
38 Freescale Semiconductor, Inc.

 

1.根据错误信息确定出PC指针地址,查到再/proc/kallsyms 它属于的函数

PC = bf006128;

1 root@EasyARM-iMX257 /mnt/nfs/module/37_debug_err_led# cat /proc/kallsyms > kallsyms.txt
2 
3 在kallsyms .txt中查找bf006128
4 结果如下:
5 28487 bf006110 t key_open [err_led]
6 28488 bf006110 t $a   [err_led]
7 28489 bf006154 t $d   [err_led]
8 28490 bf006164 t $a   [err_led]
9 28491 bf006248 t $d   [err_led]

 

很显然,bf006128的地址属于也key_open函数


2.反汇编,

 1  84 00000110 <key_open>:
 2  85  110:   e52de004    str lr, [sp, #-4]!
 3  86  114:   e59f0038    ldr r0, [pc, #56]   ; 154 <.text+0x154>
 4  87  118:   e24dd004    sub sp, sp, #4  ; 0x4
 5  88  11c:   ebfffffe    bl  0 <printk>
 6  89  120:   e59f1030    ldr r1, [pc, #48]   ; 158 <.text+0x158>
 7  90  124:   e59f0030    ldr r0, [pc, #48]   ; 15c <.text+0x15c>
 8  91  128:   e5113f9f    ldr r3, [r1, #-3999]   //出错位置,从这儿开始,把栈信息全部从下开始打印
 9  92  12c:   e3c33007    bic r3, r3, #7  ; 0x7
10  93  130:   e5013f9f    str r3, [r1, #-3999]
11  94  134:   e5112f9f    ldr r2, [r1, #-3999]
12 ****************************
13  187769 c00bb7fc <chrdev_open>:
14  187770 c00bb7fc:   e92d45f0    stmdb   sp!, {r4, r5, r6, r7, r8, sl, lr}   栈为7个
15  187771 c00bb800:   e24dd00c    sub sp, sp, #12 ; 0xc7+3 = 10
16 ****************************
17  183387 c00b76d0:   ebfffb94    bl  c00b6528 <__dentry_open>
18  183388 c00b76d4:   e1a04000    mov r4, r0
19  183389 c00b76d8:   ea000000    b   c00b76e0 <nameidata_to_filp+0x50>
20 ****************************
21  182202 c00b6528 <__dentry_open>:
22  182203 c00b6528:   e92d45f0    stmdb   sp!, {r4, r5, r6, r7, r8, sl, lr}  栈为7个
23  182204 c00b652c:   e282c001    add ip, r2, #1  ; 0x1
24  182205 c00b6530:   e20cc003    and ip, ip, #3  ; 0x3
25  182206 c00b6534:   e38cc01c    orr ip, ip, #28 ; 0x1c
26  182207 c00b6538:   e24dd004    sub sp, sp, #4  ; 0x4    栈为8个
27  182208 c00b653c:   e59d7020    ldr r7, [sp, #32]
28 ****************************
29  198284 c00c5694:   e12fff3c    blx ip
30  198285 c00c5698:   e59f3054    ldr r3, [pc, #84]   ; c00c56f4 <.text+0x9c6f4>
31  198286 c00c569c:   e1500003    cmp r0, r3
32  182208 c00b653c:   e59d7020    ldr r7, [sp, #32]
33 ****************************
34  198708 c00c5d24:   e1a00004    mov r0, r4
35  198709 c00c5d28:   e1a0100c    mov r1, ip
36  198710 c00c5d2c:   e1a02006    mov r2, r6
37  198711 c00c5d30:   ebfffe4d    bl  c00c566c <vfs_ioctl>
38  198712 c00c5d34:   eaffffb8    b   c00c5c1c <do_vfs_ioctl+0x430>
39  198713 c00c5d38:   e3e0500d    mvn r5, #13 ; 0xd
40 ****************************
41  198273 c00c566c <vfs_ioctl>:
42  198274 c00c566c:   e92d4070    stmdb   sp!, {r4, r5, r6, lr}
43  198275 c00c5670:   e5903010    ldr r3, [r0, #16]
44  198276 c00c5674:   e1a04000    mov r4, r0
45 ****************************
46  198373 c00c57ec <do_vfs_ioctl>:
47  198374 c00c57ec:   e92d4370    stmdb   sp!, {r4, r5, r6, r8, r9, lr}  栈为6个
48  198375 c00c57f0:   e1a0c002    mov ip, r2
49  198376 c00c57f4:   e59f2588    ldr r2, [pc, #1416] ; c00c5d84 <.text+0x9cd84>
50  198377 c00c57f8:   e24dd040    sub sp, sp, #64 ; 0x40  栈为16个
51  198378 c00c57fc:   e15c0002    cmp ip, r2
52 ****************************
53   32805 c0029da0 <ret_fast_syscall>:
54   32806 c0029da0:   e321f093    msr CPSR_c, #147    ; 0x93
55   32807 c0029da4:   e5991000    ldr r1, [r9]
56   32808 c0029da8:   e31100ff    tst r1, #255    ; 0xff
57   32809 c0029dac:   1a000006    bne c0029dcc <fast_work_pending>
58   32810 c0029db0:   e59d1048    ldr r1, [sp, #72]
59   32811 c0029db4:   e5bde044    ldr lr, [sp, #68]!
60   32812 c0029db8:   e16ff001    msr SPSR_fsxc, r1
61   32813 c0029dbc:   e95d7ffe    ldmdb   sp, {r1, r2, r3, r4, r5, r6, r7, r8, r9,sl, fp, ip, sp, lr}^
62 
63   32918 c0029f24 <sys_call_table>:
64   32919 c0029f24:   c0055348    andgt   r5, r5, r8, asr #6
65   32920 c0029f28:   c004ab8c    andgt   sl, r4, ip, lsl #23
66   32921 c0029f2c:   c002a50c    andgt   sl, r2, ip, lsl #10
67   32922 c0029f30:   c00b8cd0    ldrgtd  r8, [fp], -r0
68   32923 c0029f34:   c00b8d38    andgt   r8, fp, r8, lsr sp

 

根据栈地址分析汇编代码

 1 1e80: c3a7ef40 c31441e0 c317a250 00000000 c00bb7fc c380f0a0 c33c0b58 c00b66b4 
 2                                    <chrdev_open>sp r4    r5       r6
 3 1ea0: c3bc1ef8 c31441e0 c3861e60 c3bc1ef0 c3387000 00020242 c33c0b58 c00b76d4
 4         r7       r8       sl      lr                            caller'sp返回地址
 5 1ec0: 00000000 c38 c00c4288 00000000 000001b6 
 6   __dentry_open's 向后数8个
 7 1e0000000 c380f0a0 c33c0b58 b89cf420: 00000000 c00c5698 c3830820 
 8                                                vfs_ioctl向后数4个为返回地址
 9 fffffff7 be9ad704 c00c5d34 c3bc1f84 00020242  
10                   do_vfs_ioctl'sp 向后数22个为返回地址
11 1f40: 000001b6 c31441e0 c381b980 00000003 c380f0a0 c33c0b58 00000000 00020241 
12 1f0029f24 c3387000 00000003 00095c00000 000001b6 000932ac 00000001 00000005 c0029f24 c3bc0000 
13                                                                             sys_call_table
14 1fa0: 40138000 c0029da0 000001b6 000932ac 000932ac 00020241 000001b6 00000000 
15                 ret_fast_syscall向后数14个
16 1fc0: 000001b6 000932ac 00000001 00000005 00000000 000933f8 40138000 00095c98 
17 1fd0: c00d11e0 60000010 000932ac 00000000 00000000 
18 [<bf006128>] (key_open+0x18/0x54 [err_led]) from [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4)
19 [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4) from [<c00b66b4>] (__dentry_open+0x18c/0x2ac)
20 [<cx2ac) from [<c00b76d4>] (nameida4>] (nameidata_to_filp+0x44/0x5c) from [<c00c4288>] (do_filp_open+0x3e4/0x7e8)
21 [<c00c4288>] (do_filp_open+0x3e4/0x7e8) from [<c00b6444>] (do_sys_open+0x5c/0x114)
22 [<c00b6444>] (do_sys_open+0x5c/0x114) from [<c0029da0>] (ret_fast_syscall+0x0/0x2c)

 

回溯信息

 

1 [<bf006128>] (key_open+0x18/0x54 [err_led]) from [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4)
2 [<c00bb9d0>] (chrdev_open+0x1d4/0x1f4) from [<c00b66b4>] (__dentry_open+0x18c/0x2ac)
3 [<cx2ac) from [<c00b76d4>] (nameida4>] (nameidata_to_filp+0x44/0x5c) from [<c00c4288>] (do_filp_open+0x3e4/0x7e8)
4 [<c00c4288>] (do_filp_open+0x3e4/0x7e8) from [<c00b6444>] (do_sys_open+0x5c/0x114)
5 [<c00b6444>] (do_sys_open+0x5c/0x114) from [<c0029da0>] (ret_fast_syscall+0x0/0x2c)
6 Code: e24dd004 eb41085c e59f1030 e59f0030 (e5113f9f) 

 

 

 

从上面的错误代码中发现代码调用顺序为:

key_open < ---- chrdev_open < --- do_filp_open < --- do_sys_open < --- ret_fast_syscall

 

你可能感兴趣的:(调试)