论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2015-02-02 19:14 |只看该作者 |倒序浏览

本帖最后由 king_208 于 2015-02-02 19:29 编辑

Hi all，
最近在调试一个kernel slub崩溃的问题（Kernel 3.10），开了slub_debug=F，
得到下面的打印，fp=0xffffffe0，这点会导致后面在get_freelist的时候kernel崩溃，
有没有什么办法可以查到这个fp为什么会变成0xffffffe0？
目前我只能想到三种可能性：
1. 别人访问越界，正好把这个值给改了
2. 自己释放完后又去把这个值给改了
3. 0xc12da200的内容没有错，是上一个object的fp不应该指向0xc12da200

但是不管哪种，我该怎么去debug呢？
实在是木有办法了，求大神相助！！！
Thanks！

[  877.688842] =============================================================================
[  877.697052] BUG kmalloc-512 (Not tainted): Freechain corrupt
[  877.702728] -----------------------------------------------------------------------------
[  877.702728]
[  877.712402] Disabling lock debugging due to kernel taint
[  877.717712] INFO: Slab 0xc0025b40 objects=8 used=6 fp=0xc12da200 flags=0x0081
[  877.724853] INFO: Object 0xc12da200 @offset=512 fp=0xffffffe0
[  877.724853]
[  877.732086] Bytes b4 c12da1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  877.740875] Object c12da200: e0 ff ff ff 04 a2 2d c1 04 a2 2d c1 64 22 31 c0  ......-...-.d"1.
[  877.749481] Object c12da210: 01 00 00 00 ad 4e ad de ff ff ff ff ff ff ff ff  .....N..........
[  877.758117] Object c12da220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  877.766723] Object c12da230: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  ................
[  877.775360] Object c12da240: ad 4e ad de ff ff ff ff ff ff ff ff 00 00 00 00  .N..............
[  877.783966] Object c12da250: 00 00 00 00 01 00 00 00 ad 4e ad de ff ff ff ff  .........N......
[  877.792602] Object c12da260: ff ff ff ff 64 a2 2d c1 64 a2 2d c1 01 00 00 00  ....d.-.d.-.....
[  877.801208] Object c12da270: ad 4e ad de ff ff ff ff ff ff ff ff 7c a2 2d c1  .N..........|.-.
[  877.809844] Object c12da280: 7c a2 2d c1 01 00 00 00 ad 4e ad de ff ff ff ff  |.-......N......
[  877.818450] Object c12da290: ff ff ff ff 94 a2 2d c1 94 a2 2d c1 00 00 00 00  ......-...-.....
[  877.827056] Object c12da2a0: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00  ................
[  877.835693] Object c12da2b0: ad 4e ad de ff ff ff ff ff ff ff ff bc a2 2d c1  .N............-.
[  877.844299] Object c12da2c0: bc a2 2d c1 00 00 00 00 00 00 00 00 a8 a2 2d c1  ..-...........-.
[  877.852935] Object c12da2d0: 01 00 00 00 01 00 00 00 ad 4e ad de ff ff ff ff  .........N......
[  877.861541] Object c12da2e0: ff ff ff ff e4 a2 2d c1 e4 a2 2d c1 00 00 00 00  ......-...-.....
[  877.870178] Object c12da2f0: 00 00 00 00 d0 a2 2d c1 00 00 00 00 32 00 00 00  ......-.....2...
[  877.878784] Object c12da300: b8 0b 00 00 00 00 00 00 01 00 00 00 01 00 00 00  ................
[  877.887420] Object c12da310: ad 4e ad de ff ff ff ff ff ff ff ff 00 00 00 00  .N..............
[  877.896026] Object c12da320: 00 00 00 00 24 a3 2d c1 24 a3 2d c1 00 00 00 00  ....$.-.$.-.....
[  877.904663] Object c12da330: 00 00 00 00 34 a3 2d c1 34 a3 2d c1 00 00 00 00  ....4.-.4.-.....
[  877.913269] Object c12da340: 00 00 00 00 00 00 00 00 00 00 00 00 6c 17 3c c0  ............l.<.
[  877.921874] Object c12da350: 00 a2 2d c1 54 a3 2d c1 54 a3 2d c1 00 00 00 00  ..-.T.-.T.-.....
[  877.930511] Object c12da360: 00 00 00 00 00 20 00 00 00 00 00 00 00 00 dd c0  ..... ..........
[  877.939117] Object c12da370: 00 00 dd c0 01 00 00 00 ad 4e ad de ff ff ff ff  .........N......
[  877.947753] Object c12da380: ff ff ff ff 84 a3 2d c1 84 a3 2d c1 80 25 00 00  ......-...-..%..
[  877.956359] Object c12da390: 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  877.964996] Object c12da3a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  877.973602] Object c12da3b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  877.982238] Object c12da3c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  877.990844] Object c12da3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  877.999450] Object c12da3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  878.008087] Object c12da3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  878.016693] CPU: 0 PID: 2193 Comm: kworker/0:3 Tainted: G B       3.10.33 #730
[  878.024291] Workqueue: events release_one_tty
[  878.028686] [<c01146ac>] (unwind_backtrace+0x0/0x100) from [<c0112490>] (show_stack+0x20/0x24)
[  878.037322] [<c0112490>] (show_stack+0x20/0x24) from [<c052e094>] (dump_stack+0x24/0x2

[ 878.045440] [<c052e094>] (dump_stack+0x24/0x2

from [<c01cff6c>] (print_trailer+0x1e4/0x1ec)
[  878.053985] [<c01cff6c>] (print_trailer+0x1e4/0x1ec) from [<c01d0d34>] (on_freelist+0xd0/0x260)
[  878.062713] [<c01d0d34>] (on_freelist+0xd0/0x260) from [<c052ccb4>] (free_debug_processing+0x2d8/0x2ec)
[  878.072113] [<c052ccb4>] (free_debug_processing+0x2d8/0x2ec) from [<c052d440>] (__slab_free+0x48/0x3d0)
[  878.081542] [<c052d440>] (__slab_free+0x48/0x3d0) from [<c01d2af4>] (kfree+0x1a8/0x1d

[ 878.089538] [<c01d2af4>] (kfree+0x1a8/0x1d

from [<c0307e94>] (tty_device_create_release+0x18/0x1c)
[  878.098693] [<c0307e94>] (tty_device_create_release+0x18/0x1c) from [<c032e530>] (device_release+0x6c/0xa0)
[  878.108459] [<c032e530>] (device_release+0x6c/0xa0) from [<c02d1438>] (kobject_release+0x68/0x7c)
[  878.117370] [<c02d1438>] (kobject_release+0x68/0x7c) from [<c02d14b4>] (kobject_put+0x68/0x70)
[  878.125976] [<c02d14b4>] (kobject_put+0x68/0x70) from [<c032e884>] (put_device+0x24/0x2

[ 878.134185] [<c032e884>] (put_device+0x24/0x2

from [<c03092a0>] (free_tty_struct+0x2c/0x4c)
[  878.142730] [<c03092a0>] (free_tty_struct+0x2c/0x4c) from [<c030935c>] (release_one_tty+0x9c/0xa0)
[  878.151733] [<c030935c>] (release_one_tty+0x9c/0xa0) from [<c013b780>] (process_one_work+0x260/0x444)
[  878.160980] [<c013b780>] (process_one_work+0x260/0x444) from [<c013c6e8>] (worker_thread+0x26c/0x3f4)
[  878.170196] [<c013c6e8>] (worker_thread+0x26c/0x3f4) from [<c01422d8>] (kthread+0xc0/0xc4)
[  878.178497] [<c01422d8>] (kthread+0xc0/0xc4) from [<c010eac8>] (ret_from_fork+0x14/0x20)
[  878.186584] =============================================================================
[  878.194793] BUG kmalloc-512 (Tainted: G B    ): Wrong object count. Counter is 6 but counted were 7
[  878.204345] -----------------------------------------------------------------------------
[  878.204345]
[  878.214019] INFO: Slab 0xc0025b40 objects=8 used=6 fp=0xc12da200 flags=0x0081
[  878.221160] CPU: 0 PID: 2193 Comm: kworker/0:3 Tainted: G B       3.10.33 #730
[  878.228729] Workqueue: events release_one_tty
[  878.233123] [<c01146ac>] (unwind_backtrace+0x0/0x100) from [<c0112490>] (show_stack+0x20/0x24)
[  878.241760] [<c0112490>] (show_stack+0x20/0x24) from [<c052e094>] (dump_stack+0x24/0x2

[ 878.249877] [<c052e094>] (dump_stack+0x24/0x2

from [<c01d0c5c>] (slab_err+0x84/0x8c)
[  878.257812] [<c01d0c5c>] (slab_err+0x84/0x8c) from [<c01d0e60>] (on_freelist+0x1fc/0x260)
[  878.265991] [<c01d0e60>] (on_freelist+0x1fc/0x260) from [<c052ccb4>] (free_debug_processing+0x2d8/0x2ec)
[  878.275512] [<c052ccb4>] (free_debug_processing+0x2d8/0x2ec) from [<c052d440>] (__slab_free+0x48/0x3d0)
[  878.284912] [<c052d440>] (__slab_free+0x48/0x3d0) from [<c01d2af4>] (kfree+0x1a8/0x1d

[ 878.292938] [<c01d2af4>] (kfree+0x1a8/0x1d

from [<c0307e94>] (tty_device_create_release+0x18/0x1c)
[  878.302093] [<c0307e94>] (tty_device_create_release+0x18/0x1c) from [<c032e530>] (device_release+0x6c/0xa0)
[  878.311859] [<c032e530>] (device_release+0x6c/0xa0) from [<c02d1438>] (kobject_release+0x68/0x7c)
[  878.320739] [<c02d1438>] (kobject_release+0x68/0x7c) from [<c02d14b4>] (kobject_put+0x68/0x70)
[  878.329376] [<c02d14b4>] (kobject_put+0x68/0x70) from [<c032e884>] (put_device+0x24/0x28)
[  878.337585] [<c032e884>] (put_device+0x24/0x28) from [<c03092a0>] (free_tty_struct+0x2c/0x4c)
[  878.346130] [<c03092a0>] (free_tty_struct+0x2c/0x4c) from [<c030935c>] (release_one_tty+0x9c/0xa0)
[  878.355102] [<c030935c>] (release_one_tty+0x9c/0xa0) from [<c013b780>] (process_one_work+0x260/0x444)
[  878.364349] [<c013b780>] (process_one_work+0x260/0x444) from [<c013c6e8>] (worker_thread+0x26c/0x3f4)
[  878.373565] [<c013c6e8>] (worker_thread+0x26c/0x3f4) from [<c01422d8>] (kthread+0xc0/0xc4)
[  878.381866] [<c01422d8>] (kthread+0xc0/0xc4) from [<c010eac8>] (ret_from_fork+0x14/0x20)
[  878.389953] FIX kmalloc-512: Object count adjusted.
[  878.407714] file system registered
[  878.480987] initialize 1 instances
[  878.504669] Initialized 1 portsandroid_usb gadget: Mass Storage Function, version: 2009/09/11
[  878.542327] android_usb gadget: Number of LUNs=1
[  878.547637]  lun0: LUN: removable file: (no medium)
[  878.572143] android_usb gadget: android_usb ready
[  878.581573] mv-udc mv-udc: usb vbus is off
[  878.587219] #### android_bind_enabled_functions 1908, f->name = mbim, start
[  878.594848] mbim_handle_function_bind_config MAC: 00:00:00:00:00:00
[  878.602508] android_usb gadget: using random self ethernet address
[  878.609436] android_usb gadget: using random host ethernet address
[  878.629760] usbnet0: MAC 86:44:b6:2e:37:a8
[  878.634490] usbnet0: HOST MAC 26:86:b0:6f:a9:fb
[  878.639831] super speed IN/ep1in OUT/ep1out NOTIFY/ep2in

objects, Object