Linux oops stack 分析
#include <linux/init.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <asm/div64.h>
#include <linux/sched.h>
MODULE_LICENSE("Dual BSD/GPL");
int L3(int p)
{
int *a = NULL;
printk("in Level 3, p=%x", p);
dump_stack();
*a = 100;
return 0;
}
int L2(int p)
{
int s=0x22;
printk("In L2 s=%x p=%x\n", s,p);
L3(0x100);
return 0;
}
int L1(int p1,int p2)
{
int s1=0x11, s2=0x1111;
printk("In L1 ,s1=%x s2=%x p1=%x p2=%x\n",s1,s2,p1,p2);
L2(2);
return 0;
}
int init_module(void)
{
printk("init Module \n");
L1(0x0,0x1);
return 0;
}
void cleanup_module(void)
{
// test();
printk("into cleanup_module.\n");
}
////////////////////////////
init Module
In L1 ,s1=11 s2=1111 p1=0 p2=1
In L2 s=22 p=2
in Level 3, p=100 [<c0405876>] dump_trace+0x69/0x1af
[<c04059d4>] show_trace_log_lvl+0x18/0x2c
[<c0405f83>] show_trace+0xf/0x11
[<c0406080>] dump_stack+0x15/0x17
[<d0865029>] L3+0x18/0x27 [drv]
[<d086505d>] L2+0x25/0x2b [drv]
[<d0865094>] L1+0x31/0x37 [drv]
[<d08650b5>] init_module+0x1b/0x22 [drv]
[<c043b02d>] sys_init_module+0x17db/0x1974
[<c0404027>] syscall_call+0x7/0xb
DWARF2 unwinder stuck at syscall_call+0x7/0xb
Leftover inexact backtrace:
=======================
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
printing eip:
d086502b
*pde = 00000000
Oops: 0002 [#1]
SMP
last sysfs file: /devices/pci0000:00/0000:00:10.0/host0/target0:0:0/0:0:0:0/vendor
Modules linked in: drv(U) autofs4 hidp rfcomm l2cap bluetooth vmblock(U) vmmemctl(U) sunrpc ipv6 freq_table vmhgfs(U) dm_multipath video sbs i2c_ec button battery ac parport_pc lp parport snd_ens1371 gameport snd_rawmidi floppy snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss pcnet32 sg pcspkr snd_mixer_oss vmxnet(U) snd_pcm i2c_piix4 mii i2c_core snd_timer snd soundcore snd_page_alloc ide_cd cdrom serio_raw dm_snapshot dm_zero dm_mirror dm_mod mptspi mptscsih mptbase scsi_transport_spi sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
CPU: 0
EIP: 0060:[<d086502b>] Tainted: P VLI
EFLAGS: 00010246 (2.6.18-1.2798.fc6 #1)
EIP is at L3+0x1a/0x27 [drv]
eax: 00000000 ebx: d0865580 ecx: ca75a66c edx: 00000046
esi: ca75a400 edi: ca75a690 ebp: ca75a66c esp: ca691e94
ds: 007b es: 007b ss: 0068
Process insmod (pid: 2344, ti=ca691000 task=ca64c3f0 task.ti=ca691000)
Stack: d08650d2 00000100 d086505d d08650e3 00000022 00000002 d0865094 d08650f4
00000011 00001111 00000000 00000001 d08650b5 d0865115 c043b02d d08655c8
c0623e21 d086558c d08facc0 ca691f64 ca75e224 d0865580 00000000 00000000
Call Trace:
[<d086505d>] L2+0x25/0x2b [drv]
[<d0865094>] L1+0x31/0x37 [drv]
[<d08650b5>] init_module+0x1b/0x22 [drv]
[<c043b02d>] sys_init_module+0x17db/0x1974
[<c0404027>] syscall_call+0x7/0xb
DWARF2 unwinder stuck at syscall_call+0x7/0xb
Leftover inexact backtrace:
=======================
Code: 83 ec 04 c7 04 24 bc 50 86 d0 e8 9e c5 bb ef 58 c3 83 ec 08 89 44 24 04 c7 04 24 d2 50 86 d0 e8 89 c5 bb ef e8 42 10 ba ef 31 c0 <c7> 05 00 00 00 00 64 00 00 00 5a 59 c3 83 ec 0c 89 44 24 08 c7
EIP: [<d086502b>] L3+0x1a/0x27 [drv] SS:ESP 0068:ca691e94
分析:
Stack TOP:
d08650d2 <L3->a>
00000100 <L3->p>
d086505d <EIP : L2 function address >
d08650e3 <EBP>
00000022 <L2->s>
00000002 <L2->p>
d0865094<EIP : L1 function address>
d08650f4<EBP>
00000011<L1->s1>
00001111<L1->s2>
00000000<L1->p1>
00000001<L1->p2>
d08650b5<EIP: init_module function address)
d0865115<EBP>
c043b02d d08655c8
压栈顺序: 函数参数,局部变量,EBP,EIP.
函数参数的顺序默认为:从右到左。(__cdecl)
局部变量:后声明的先入栈。
