Chinaunix

标题: 请教一个Arm Linux的Crash分析，正确吗？ [打印本页]

---

作者: fire_vr    时间: 2015-07-17 22:15
标题: 请教一个Arm Linux的Crash分析，正确吗？
这是我们产品的一个难复现的crash。我们使用的CPU是ARM A5。从Crash上看，访问一个地址空间出错了，出错的PC指针在sps_bam_lock，r0寄存器是00000001，
而sps_bam_lock的声明为：
static struct sps_bam *sps_bam_lock(struct sps_pipe *pipe)
我是否能判断出，调用sps_bam_lock时，因为r0寄存器是00000001，说明是传入的参数pipe有问题，应该查一下调用sps_bam_lock的函数传入的参数是否正常？
请问我这样分析正确吗？
谢谢！

1. <1>[ 1104.184342] Unable to handle kernel paging request at virtual address 2f7365e7
   
2. <1>[ 1104.190721] pgd = c0004000
   
3. <1>[ 1104.193407] [2f7365e7] *pgd=00000000
   
4. <0>[ 1104.196978] Internal error: Oops: 805 [#1] PREEMPT ARM
   
5. <4>[ 1104.202105] Modules linked in:
   
6. <4>[ 1104.205127] CPU: 0    Not tainted  (3.4.91-9cb1a4ba22_5742a3546f #1)
   
7. <4>[ 1104.211475] PC is at sps_bam_lock+0x88/0x18c
   
8. <4>[ 1104.215717] LR is at sps_register_event+0x1ec/0x310
   
9. <4>[ 1104.220601] pc : [<c04b7180>]    lr : [<c04b930c>]    psr: 20000193
   
10. <4>[ 1104.220601] sp : cce79b50  ip : cce79bc8  fp : cce79bc4
    
11. <4>[ 1104.232046] r10: 00000000  r9 : cf1e6000  r8 : 00000000
    
12. <4>[ 1104.237265] r7 : cce3a000  r6 : cce3a000  r5 : c0b0e4d4  r4 : 2f736563
    
13. <4>[ 1104.243766] r3 : 20000193  r2 : 00000001  r1 : c0b0e4d4  r0 : 00000001
    
14. <4>[ 1104.250266] Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
    
15. <4>[ 1104.257652] Control: 10c5387d  Table: 4ede4059  DAC: 00000015
    
16. <0>[ 1104.263390] Process kworker/u:10 (pid: 2565, stack limit = 0xcce782e8)
    
17. <0>[ 1104.269891] Stack: (0xcce79b50 to 0xcce7a000)
    
18. <0>[ 1104.274225] 9b40:                                     00000000 cce79b76 00000000 00000000
    
19. <0>[ 1104.282404] 9b60: 00000800 00000000 0000000a 00000000 cce73230 313087d0 c09c183c c00187d0
    
20. <0>[ 1104.290553] 9b80: c09c183c 0000000a 0000000a 001ccc80 00000001 c001f7ec cce79bd4 cce79ba8
    
21. <0>[ 1104.298733] 9ba0: c0953458 00000000 cce79bcc cce3a000 c0b0e4d4 c0b0ddd0 cce79c3c cce79bc8
    
22. <0>[ 1104.306882] 9bc0: c04b930c c04b7104 c001cd84 c040f47c cce79bfc cce79be0 c040f47c c040f408
    
23. <0>[ 1104.315031] 9be0: 124ec974 00000101 04000000 c04134d8 cce79c3c cce79c00 c04134d8 c040f408
    
24. <0>[ 1104.323210] 9c00: 124ec974 00000101 cce79c6c cce79c18 c0410834 cf1e7320 cf1e735c 00000000
    
25. <0>[ 1104.331359] 9c20: 00000084 ce651200 c04183ac c0b0ddd0 cce79c5c cce79c40 c04a66b0 c04b912c
    
26. <0>[ 1104.339508] 9c40: ce651200 00000005 00000000 00000084 cce79c74 cce79c60 c0448078 c04a6644
    
27. <0>[ 1104.347687] 9c60: 00000000 ce5866c0 cce79cac cce79c78 c0448160 c0448020 30322031 00000080
    
28. <0>[ 1104.355836] 9c80: 30312031 c001cdc4 cce79cac ce9bac00 ce5866c0 cf1e6018 00000084 00000000
    
29. <0>[ 1104.363985] 9ca0: cce79ccc cce79cb0 c041c1e4 c044809c c041c15c 00000100 cce78000 c0970794
    
30. <0>[ 1104.372165] 9cc0: cce79d74 cce79cd0 c0415ad8 c041c168 a0000193 ce9bac00 00000089 c0435be0
    
31. <0>[ 1104.380314] 9ce0: cce79d1c cce79cf0 c0435be0 c0648670 00000000 ce665908 c0a2f7a0 00000100
    
32. <0>[ 1104.388463] 9d00: c09a70a0 60000193 c0a2f7a0 00000000 cce79d2c cce79d20 c0435c90 c0435ad0
    
33. <0>[ 1104.396642] 9d20: cce79d4c c002bf74 cce79d4c cce79d38 c002bf74 00000001 00000001 00000000
    
34. <0>[ 1104.404791] 9d40: cce79d8c fffc0001 c002c89c ce9b92c0 cce78000 c0970794 00000084 00000000
    
35. <0>[ 1104.412940] 9d60: 00000089 00000000 cce79db4 cce79d78 c00b7904 c0414a2c cf24f654 00000000
    
36. <0>[ 1104.421119] 9d80: cce2b780 00000000 cce79e08 c0970794 ce913580 c094c07c cce79e6c 00000000
    
37. <0>[ 1104.429268] 9da0: 00000089 00000000 cce79dcc cce79db8 c00b7b74 c00b7878 c0970794 00000000
    
38. <0>[ 1104.437448] 9dc0: cce79de4 cce79dd0 c00ba6f0 c00b7b1c c00ba634 00000084 cce79dfc cce79de8
    
39. <0>[ 1104.445597] 9de0: c00b7200 c00ba640 000002a9 00000084 cce79e14 cce79e00 c000f68c c00b71dc
    
40. <0>[ 1104.453746] 9e00: fa003000 cce79e38 cce79e34 cce79e18 c0008504 c000f628 c06302a8 c034eb9c
    
41. <0>[ 1104.461925] 9e20: a0000113 ffffffff cce79e8c cce79e38 c06467c0 c00084c8 c095f3a8 00000000
    
42. <0>[ 1104.470074] 9e40: cce79e60 00000000 00000000 cce79e90 c0b0afe4 c0350d64 00000000 00000089
    
43. <0>[ 1104.478223] 9e60: 00000000 cce79e8c cce79e60 cce79e80 c06302a8 c034eb9c a0000113 ffffffff
    
44. <0>[ 1104.486403] 9e80: cce79eb4 cce79e90 c034ecf4 c034eb88 cf00df4c cf111bb0 c0b0afe4 cce3b680
    
45. <0>[ 1104.494551] 9ea0: c09940f8 ce651000 cce79ec4 cce79eb8 c0350504 c034ec90 cce79ef4 cce79ec8
    
46. <0>[ 1104.502700] 9ec0: c035000c c03504e8 c07808d0 c0a6fbe8 c0b0afe4 00000000 c0a6fbe8 ce651000
    
47. <0>[ 1104.510880] 9ee0: 00000000 00000000 cce79f1c cce79ef8 c0351390 c034ff04 ceb6e764 00000000
    
48. <0>[ 1104.519029] 9f00: c0a6fbe8 ce651000 00000000 00000000 cce79f2c cce79f20 c0352504 c03512f0
    
49. <0>[ 1104.527178] 9f20: cce79f54 cce79f30 c042f8fc c03524bc cce2b440 cce2b080 cce79f54 cce2b080
    
50. <0>[ 1104.535357] 9f40: ceb6e764 c0a6fbe8 cce79f8c cce79f58 c0074c40 c042f880 c0a6fbe8 cce78000
    
51. <0>[ 1104.543506] 9f60: cce2b094 cce2b080 c0a6fbe8 cce78000 cce2b094 c0a6fbe8 00000089 c0a6fbe8
    
52. <0>[ 1104.551655] 9f80: cce79fbc cce79f90 c007507c c00749dc 00000000 cf083ef4 cce2b080 c0074e98
    
53. <0>[ 1104.559835] 9fa0: 00000013 00000000 00000000 00000000 cce79ff4 cce79fc0 c007a5fc c0074ea4
    
54. <0>[ 1104.567983] 9fc0: cf083ef4 00000000 cce2b080 00000000 cce79fd0 cce79fd0 00000000 cf083ef4
    
55. <0>[ 1104.576132] 9fe0: c007a560 c000f770 00000000 cce79ff8 c000f770 c007a56c 00000000 00000000
    
56. <4>[ 1104.584342] [<c04b7180>] (sps_bam_lock+0x88/0x18c) from [<c04b930c>] (sps_register_event+0x1ec/0x310)
    
57. <4>[ 1104.593529] [<c04b930c>] (sps_register_event+0x1ec/0x310) from [<c04a66b0>] (usb_bam_register_wake_cb+0x78/0xe0)
    
58. <4>[ 1104.603662] [<c04a66b0>] (usb_bam_register_wake_cb+0x78/0xe0) from [<c0448078>] (gbam_suspend+0x64/0x7c)
    
59. <4>[ 1104.613123] [<c0448078>] (gbam_suspend+0x64/0x7c) from [<c0448160>] (frmnet_suspend+0xd0/0x244)
    
60. <4>[ 1104.621821] [<c0448160>] (frmnet_suspend+0xd0/0x244) from [<c041c1e4>] (composite_suspend+0x88/0xe8)
    
61. <4>[ 1104.630947] [<c041c1e4>] (composite_suspend+0x88/0xe8) from [<c0415ad8>] (msm_udc_irq+0x10b8/0x118c)
    
62. <4>[ 1104.640042] [<c0415ad8>] (msm_udc_irq+0x10b8/0x118c) from [<c00b7904>] (handle_irq_event_percpu+0x98/0x2a4)
    
63. <4>[ 1104.649748] [<c00b7904>] (handle_irq_event_percpu+0x98/0x2a4) from [<c00b7b74>] (handle_irq_event+0x64/0x84)
    
64. <4>[ 1104.659575] [<c00b7b74>] (handle_irq_event+0x64/0x84) from [<c00ba6f0>] (handle_fasteoi_irq+0xbc/0x120)
    
65. <4>[ 1104.668945] [<c00ba6f0>] (handle_fasteoi_irq+0xbc/0x120) from [<c00b7200>] (generic_handle_irq+0x30/0x40)
    
66. <4>[ 1104.678498] [<c00b7200>] (generic_handle_irq+0x30/0x40) from [<c000f68c>] (handle_IRQ+0x70/0x94)
    
67. <4>[ 1104.687257] [<c000f68c>] (handle_IRQ+0x70/0x94) from [<c0008504>] (gic_handle_irq+0x48/0x60)
    
68. <4>[ 1104.695681] [<c0008504>] (gic_handle_irq+0x48/0x60) from [<c06467c0>] (__irq_svc+0x40/0x70)
    
69. <4>[ 1104.703982] Exception stack(0xcce79e38 to 0xcce79e80)
    
70. <4>[ 1104.709018] 9e20:                                                       c095f3a8 00000000
    
71. <4>[ 1104.717198] 9e40: cce79e60 00000000 00000000 cce79e90 c0b0afe4 c0350d64 00000000 00000089
    
72. <4>[ 1104.725377] 9e60: 00000000 cce79e8c cce79e60 cce79e80 c06302a8 c034eb9c a0000113 ffffffff
    
73. <4>[ 1104.733526] [<c06467c0>] (__irq_svc+0x40/0x70) from [<c034eb9c>] (next_device+0x20/0x24)
    
74. <4>[ 1104.741614] [<c034eb9c>] (next_device+0x20/0x24) from [<c034ecf4>] (bus_for_each_dev+0x70/0xa0)
    
75. <4>[ 1104.750282] [<c034ecf4>] (bus_for_each_dev+0x70/0xa0) from [<c0350504>] (driver_attach+0x28/0x30)
    
76. <4>[ 1104.759133] [<c0350504>] (driver_attach+0x28/0x30) from [<c035000c>] (bus_add_driver+0x114/0x284)
    
77. <4>[ 1104.767983] [<c035000c>] (bus_add_driver+0x114/0x284) from [<c0351390>] (driver_register+0xac/0x130)
    
78. <4>[ 1104.777109] [<c0351390>] (driver_register+0xac/0x130) from [<c0352504>] (platform_driver_register+0x54/0x68)
    
79. <4>[ 1104.786906] [<c0352504>] (platform_driver_register+0x54/0x68) from [<c042f8fc>] (grmnet_ctrl_smd_connect_w+0x88/0x1a4)
    
80. <4>[ 1104.797588] [<c042f8fc>] (grmnet_ctrl_smd_connect_w+0x88/0x1a4) from [<c0074c40>] (process_one_work+0x270/0x48c)
    
81. <4>[ 1104.807752] [<c0074c40>] (process_one_work+0x270/0x48c) from [<c007507c>] (worker_thread+0x1e4/0x328)
    
82. <4>[ 1104.816938] [<c007507c>] (worker_thread+0x1e4/0x328) from [<c007a5fc>] (kthread+0x9c/0xac)
    
83. <4>[ 1104.825179] [<c007a5fc>] (kthread+0x9c/0xac) from [<c000f770>] (kernel_thread_exit+0x0/0x8)
    
84. <0>[ 1104.833511] Code: ea000038 e10f3000 f10c0080 e3a00001 (e5843084)
    
85. <4>[ 1104.839584] ---[ end trace 789270b509b5af8e ]---
    
86. <0>[ 1104.844193] Kernel panic - not syncing: Fatal exception in interrupt
    
87. <0>[ 1104.950404] Rebooting in 5 seconds..
    
88. <5>[ 1109.946222] Going down for restart now

复制代码

---

作者: 九阳神功爱喝茶    时间: 2015-07-21 18:59
<0>[ 1104.196978] Internal error: Oops: 805 [#1] PREEMPT ARM
是不是空指针问题，新手同样关注这个问题lol

---

作者: asuka2001    时间: 2015-07-23 14:49
<1>[ 1104.184342] Unable to handle kernel paging request at virtual address 2f7365e7
......
<4>[ 1104.237265] r7 : cce3a000  r6 : cce3a000  r5 : c0b0e4d4  r4 : 2f736563
......

没有源码, 不过从 panic可以看出来应该是访问了非法地址, 看起来可能和 r4里的值有关,  r4应该是查询到的某个 struct的指针, 解引用某个成员时需要访问 2f7365e7!

熟悉的话, 反汇编一下查查 sps_bam_lock+0x88/0x18c看就明白了! 为什么会取到 r4里的地址!

---

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)

Powered by Discuz! X3.2