linux module crash分析

一、根据moudle ko文件解析出错行

# insmod khttp.ko
[   47.885272] blk_dequeue_request: 2 callbacks suppressed
[   47.961228] khttp  sysfs init begin v4
[   47.974411] khttp:khttp installed success
[   48.012894] khttp:Connecting to ..
[   48.094931] khttp:connect success
[   48.183118] upload file /data/01.jpg:read 534(1024), i_size=80079 pos 80079
[   48.210747] khttp:khttp upload time 213ms
[   81.673136] BUG: unable to handle kernel paging request at ffff888007fe0000
[   81.677413] IP: get_one_line+0x22/0xd0 [khttp]
[   81.677917] PGD 295a067 P4D 295a067 PUD 295b067 PMD 295d067 PTE 0
[   81.678808] Oops: 0000 [#1] SMP NOPTI
[   81.679269] Modules linked in: khttp(+)
[   81.680010] CPU: 0 PID: 1102 Comm: insmod Not tainted 4.14.186+ #152
[   81.680399] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[   81.681129] task: ffff8880067d3100 task.stack: ffffc90000168000
[   81.681545] RIP: 0010:get_one_line+0x22/0xd0 [khttp]
[   81.681844] RSP: 0018:ffffc9000016bb40 EFLAGS: 00000282
[   81.682203] RAX: ffff888007fe0000 RBX: 00000000fffc2786 RCX: ffffc9000016bbb0
[   81.682630] RDX: 00000000fe0c8ee5 RSI: ffffc9000016bbb0 RDI: ffffc9000016bbb8
[   81.683360] RBP: ffffc9000016bb50 R08: 0000000000000000 R09: 0000000000000000
[   81.683776] R10: 000000000000000a R11: f000000000000000 R12: ffffffffa0006040
[   81.684171] R13: ffff8880067e19a0 R14: 0000000000000001 R15: ffffc9000016bea8
[   81.684655] FS:  00007f1e89b576a0(0000) GS:ffff888007c00000(0000) knlGS:0000000000000000
[   81.685134] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   81.685485] CR2: ffff888007fe0000 CR3: 000000000621c000 CR4: 00000000000006f0
[   81.685994] Call Trace:
[   81.687483]  get_sanitized_hdr+0x68/0x130 [khttp]
……
[   81.699639] ---[ end trace 12007d79ee8c7d5e ]---

IP: get_one_line+0x22/0xd0 [khttp]表示出错位置在get_one_line函数中偏移0x22处，get_one_line整个函数的大小为0xd0

1，从ko文件中确定get_one_line函数的起始地址
root@linux:/home/gsf/run-kernel/linux-4.14.186/fs/http_kernel_new# nm -C khttp.o
可得到：
0000000000001c30 t base64enc
0000000000000690 t get_one_line

2，计算IP指针指向的位置
get_one_line函数起始地址+偏移量 = 0000000000000690 + 0x22 = 0x6b2

3，解析对应的代码行
root@linux:/home/gsf/run-kernel/linux-4.14.186/http_kernel_new# addr2line 6b2 -e khttp.o -C
可得到：
/home/gsf/run-kernel/linux-4.14.186/http_kernel_new/khttp_download.c:79
 

二、根据vmlinux文件解析出错行

[    5.364169]-(5)[833:thermal_manager]------------[ cut here ]------------
[    5.364176]-(5)[833:thermal_manager]Kernel BUG at 00000000e0dd6afd [verbose debug info unavailable]
[    5.364183]-(5)[833:thermal_manager]Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[    5.364191]-(5)[833:thermal_manager]disable aee kernel api
[    5.364193]-(5)[833:thermal_manager]Kernel Offset: 0x382800000 from 0xffffff8008000000
[    5.364201]-(5)[833:thermal_manager]PHYS_OFFSET: 0xffffffe700000000
[    5.364205]-(5)[833:thermal_manager]Modules linked in: bt_drv ffffff8388717000           (null) 172032 0 (O) conninfra ffffff83886ab000           (null) 344064 0 (O) fpsgo ffffff83885df000           (null) 815104 0 (PO)
[    5.365235]-(5)[833:thermal_manager]CPU: 5 PID: 833 Comm: thermal_manager Tainted: P S      W  O    4.14.186+ #10
[    5.365239]-(5)[833:thermal_manager]Hardware name: MT6877V/TZA (DT)
[    5.365244]-(5)[833:thermal_manager]task: 0000000005a55c5a task.stack: 00000000ec7df34d
[    5.365256]-(5)[833:thermal_manager]pc : wmt_cl_set_cur_state+0x68/0x94
[    5.365262]-(5)[833:thermal_manager]lr : wmt_cl_set_cur_state+0x68/0x94

pc : wmt_cl_set_cur_state+0x68/0x94表示出错位置在wmt_cl_set_cur_state函数中偏移0x38处，整个函数的大小为0xd0

1，从vmlinux文件中确定wmt_cl_set_cur_state函数的起始地址

geshifei@bf-rmnj-03:~/work/mainline/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin$ ./aarch64-linux-android-gcc-nm -C vmlinux |grep wmt_cl_set_cur_state
可得到：
ffffff8008cd6cd0 t wmt_cl_set_cur_state$0b1e2bfac082e6d3544cef6c089badb4
ffffff800941d9c8 t wmt_cl_set_cur_state$0b1e2bfac082e6d3544cef6c089badb4.cfi_jt
ffffff800a3e7c68 d wmt_cl_set_cur_state.descriptor
ffffff800a3e7c90 d wmt_cl_set_cur_state.descriptor.171
所以wmt_cl_set_cur_state的地址为0xffffff8008cd6cd0.

2，计算PC指针指向的位置
函数起始地址+偏移量 = 0xffffff8008cd6cd0 + 0x48 = 0xFFFFFF8008CD6D18

3，解析对应的代码行
geshifei@bf-rmnj-03:~/work/mainline/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin$ ./aarch64-linux-android-addr2line -e vmlinux 0xFFFFFF8008CD6D18 -C
可得到：
/home/ubuntu/codingci/tools/jenkins_home/workspace/1395474-cci-27663216-260203/kernel-4.14/drivers/misc/mediatek/thermal/common/thermal_zones/mtk_ts_wmt.c:791