1 问题:
我编译了一个开源sip代码,可以确定的是,在nuc980dk61yc、nuc97251y上都可以跑的正常程序,
但在该开发板(NUC97261Y)上运行,报错bus error;
此文记录了 解决该问题的过程
我手里有一个972开发板(参考https://item.taobao.com/item.htm?spm=a21n57.1.0.0.680b523c5VMC8Q&id=725614464020&ns=1&abbucket=5#detail)
我编译了一个开源sip代码,可以确定的是,在nuc980dk61yc、nuc97251y上都可以跑的正常程序,
在nuc980dk61yc和nuc97251y的环境运行正常:
但是, 在该开发板(NUC97261Y)上运行,报错bus error
我尝试过重新裁剪内核。但是无济于事,还有很多能想到的可能都没有解决:
2.跟踪
strace 跟踪该程序进行查看:log如下:
Log :
execve("/uac", ["/uac"], 0xbeb7eeb0 /* 7 vars */) = 0
readlinkat(AT_FDCWD, "/proc/self/exe", "/uac", 4096) = 4
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f18000
open("/lib//libosip2.so.4", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=51244, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\370;\0\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 118784, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6ee6000
mmap2(0xb6ee6000, 48252, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6ee6000
mmap2(0xb6f02000, 1048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xc000) = 0xb6f02000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libeXosip2.so.4", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=303008, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\360~\0\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 471040, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e73000
mmap2(0xb6e73000, 291208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6e73000
mmap2(0xb6eca000, 11148, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x47000) = 0xb6eca000
mmap2(0xb6ecd000, 99804, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6ecd000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libpthread.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=94000, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\260C\0\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 114688, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e57000
mmap2(0xb6e57000, 67104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6e57000
mmap2(0xb6e6f000, 4124, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10000) = 0xb6e6f000
mmap2(0xb6e71000, 4328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6e71000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libosipparser2.so.4", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=117840, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0Th\0\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 184320, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e2a000
mmap2(0xb6e2a000, 112492, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6e2a000
mmap2(0xb6e56000, 2056, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1c000) = 0xb6e56000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libc.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=583552, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0-\1\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 745472, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6d74000
mmap2(0xb6d74000, 578232, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6d74000
mmap2(0xb6e11000, 4864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x8d000) = 0xb6e11000
mmap2(0xb6e13000, 91416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6e13000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libosipparser2.so.4", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=117840, ...}) = 0
close(3) = 0
open("/lib//libc.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=583552, ...}) = 0
close(3) = 0
open("/lib//libssl.so.1.0.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=313108, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0l\361\0\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 380928, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6d17000
mmap2(0xb6d17000, 291236, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6d17000
mmap2(0xb6d6e000, 21196, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x47000) = 0xb6d6e000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libosip2.so.4", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=51244, ...}) = 0
close(3) = 0
open("/lib//libosipparser2.so.4", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=117840, ...}) = 0
close(3) = 0
open("/lib//libc.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=583552, ...}) = 0
close(3) = 0
open("/lib//ld-uClibc.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=32496, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0H\21\0\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 98304, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6cff000
mmap2(0xb6cff000, 24287, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6cff000
mmap2(0xb6d15000, 4104, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) = 0xb6d15000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libdl.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=13220, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\20\v\0\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 49152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f0b000
mmap2(0xb6f0b000, 8468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6f0b000
mmap2(0xb6f15000, 4120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0xb6f15000
close(3) = 0
munmap(0xb6f17000, 4096) = 0
open("/lib//libc.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=583552, ...}) = 0
close(3) = 0
open("/lib//libc.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=583552, ...}) = 0
close(3) = 0
stat("/lib/ld-uClibc.so.0", {st_mode=S_IFREG|0755, st_size=32496, ...}) = 0
open("/lib//libcrypto.so.1.0.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=1310720, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\200\312\3\0004\0\0\0"..., 4096) = 4096
mmap2(NULL, 1417216, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6ba5000
mmap2(0xb6ba5000, 1259316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6ba5000
mmap2(0xb6ce8000, 83280, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x133000) = 0xb6ce8000
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0xb6cfc550} ---
+++ killed by SIGBUS +++
Bus error
3.分析
strace结果得出:
1. 程序在执行时加载了一些必需的共享库,如libc、libssl等。这部分加载流程正常。
2. 当加载libcrypto.so.1.0.0这个共享库时,mmap调用返回了物理地址0xb6ba5000,这部分映射 seeming ok.
3. 但是后面程序crash出错了,错误号是BUS_ADRERR,也就是非法的物理地址访问错误。
4. 信号来源地址si_addr是0xb6cfc550,这地址正好处于之前映射libcrypto.so.1.0.0区间内。
综上,分析原因如下:
libcrypto.so.1.0.0这个共享库中的某个代码块,内存使用或访问出现问题,试图访问了一个无效或非法的内存地址0xb6cfc550。
这导致触发了BUS错误信号,最终程序异常崩溃。
所以本次crash的原因很可能是libcrypto.so.1.0.0中的一个bug,引起的内存非法访问错误。
4.解决措施
重新更换一个库文件libcrypto.so.1.0.0,就解决了该问题。