Kernel panic Information Analysis Method

Baizu: objdump-D *. O to get the disassembly code. Objdump-S *. O is compiled with C source code, which requires that the previous compilation contains debug information (-g ).
//////////////////////////////////////// //////////////////////////////////////// ////////////////////////////////////

Oops: 0000 [#1] preempt SMP
Modules linked in: capidrv kernelcapi ISDN slhc IPv6
Loop dm_multipath snd_ens1371 gameport snd_rawmidi snd_ac97_codec
Ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
Snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer SND
Parport_pc floppy parport pcnet32 soundcore MII pcspkr snd_page_alloc
AC i2c_piix4 i2c_core button Power_Supply sr_mod sg cdrom ata_piix
Libata dm_snapshot dm_zero dm_mirror dm_mod buslogic sd_mod scsi_mod
Ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd
PID: 1726, COMM: kstopmachine not tainted (2.6.24-rc3-module #2)
EIP: 0060: [<c04e53d6>] eflags: 00010092 CPU: 0
EIP is at list_del + 0xa/0x61
Eax: e0c3cc04 EBX: 00000020 ECx: 0000000e edX: dec62000
ESI: df6e8f08 EDI: 000006bf EBP: dec62fb4 ESP: dec62fa4
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process kstopmachine (PID: 1726, Ti = dec62000
Task = df8d2d40 task. Ti = dec62000)
STACK: 000006bf dec62fb4 c04276c7 00000020 dec62fbc
C044ab4c dec62fd0 c010936c
Df6e8f08 c04532b4 00000000 dec62fe0 c043deb0
C043de75 00000000 00000000
C0405cdf df6e8eb4 00000000 00000000 00000000
00000000 00000000
Call trace:
[<C0406081>] show_trace_log_lvl + 0x1a/0x2f
[<C0406131>] show_stack_log_lvl + 0x9b/0xa3
[<C04061dc>] show_registers + 0xa3/0x1df
[<C0406437>] Die + 0x11f/0x200
[<C0613cba>] do_page_fault + 0x533/0 x61a
[<C06123ea>] error_code + 0x72/0x78
[<C044ab4c>] _ unlink_module + 0xb/0xf
[<C01_36c>] do_stop + 0xb8/0x108
[<C043deb0>] kthread + 0x3b/0x63
[<C0405cdf>] kernel_thread_helper + 0x7/0x10
======================================
Code: 6B C0 E8 2E 7E F6 FF E8 D1 16 F2 FF B8 01 00
00 E8 AA 1C F4 FF 89 D8 83 C4 10 5B 5d C3 90 90 55 89 E5 53 83 EC
0C 8B 48 04 <8B> 11 39 C2 74 18 89 54 24 08 89 44 24 04 C7 04 24 be 32
6b C0
EIP: [<c04e53d6>] list_del + 0xa/0x61 ss: ESP 0068: dec62fa4
Note: kstopmachine [1726] exited with preempt_count 1
1. Have self-compiled vmlinux: Use GDB
Enable the complie with debug info option during compilation.
Note:
EIP is at list_del + 0xa/0x61
This tells us that the list_del function is as large as 0x61, while oops occurs at 0xa. Let's take a look at where list_del starts:
# Grep list_del/boot/system. map-2.6.24-rc3-module
C10e5234 t plist_del
C10e53cc t list_del
C120feb6 t klist_del
C12d6d34 R _ ksymtab_list_del
C12dadfc R _ ksymtab_klist_del
C12e1abd R _ kstrtab_list_del
C12e9d03 R _ kstrtab_klist_del
So we know that the EIP value when oops occurs is:
C10e53cc + 0xa = c10e53d6
Use GDB to view the information:
# GDB/home/ARC/build/linux-2.6/vmlinux
(GDB) B * 0xc10e53d6
Breakpoint 1 at 0xc10e53d6: File
// Usr/src/linux-2.6.24-rc3/lib/list_debug.c, line 64.
Look, GDB will tell you which file and line are there.
GDB can also do the following:
# GDB sources/linux-2.6.24/vmlinux
(GDB) L * do_fork + 0x1f
0xc102b7ac is in do_fork (kernel/fork. C: 1385 ).
1380
1381 static int fork_traceflag (unsigned clone_flags)
1382 {
1383 if (clone_flags & clone_untraced)
1384 return 0;
1385 else if (clone_flags & clone_vfork ){
1386 if (current-> ptrace & pt_trace_vfork)
1387 return ptrace_event_vfork;
1388} else if (clone_flags & csignal )! = Sigchld ){
1389 if (current-> ptrace & pt_trace_clone)
(GDB)
You can also know the line number directly.
Or:
(GDB) L * (0xffffffff8023eaf0 + 0xff)/* add an offset to the address of the error function */

2. There is no self-compiled vmlinux: Tips
If you see an oops on lkml or Bugzilla and you cannot reproduce it yourself, you can only disassemble the rows starting with "Code. In this way, you can try to locate
Source code.
Note: The Code in Oops: line will enclose the first instruction that causes oops, that is, the first byte of the EIP value, in angle brackets. However, some
The system structure (for example, the common x86) commands are not long (different commands may have different lengths), so we need to constantly try (trial-and-error ).
Linus usually uses a small program, such:
Const char array [] = "\ xnn ...";
Int main (INT argc, char * argv [])
Detailed source reference: http://www.itqun.net/content-detail/274662.html
Persons );{
Printf ("% P \ n", array );
* (Int *) 0 = 0;
}

E.g./* {* // * Note that array ranges from array [0] to array [64] These 65 elements, of which the error code <8B>
= Arry [43] */
# Include <stdio. h>
# Include <stdlib. h>


Const char array []
= "\ X6b \ xc0 \ xe8 \ x2e \ x7e \ xf6 \ xFF\ Xe8 \ XD1 \ x16 \ xf2 \ xFF \ xb8 \ x01\ X00 \ x00 \ x00 \ xe8 \ xAA \ x1c \ xf4\ XFF \ x89 \ xd8 \ x83 \ xc4 \ x10 \ x5b\ X5d \ xc3 \ x90 \ x90 \ x90 \ x55 \ x89\ Xe5 \ x53 \ x83 \ xec \ x0c \ x8b \ x48\ X04 \ x8b \ X11 \ x39 \ xc2 \ x74 \ X18\ X89 \ x54 \ x24 \ x08 \ x89 \ x44 \ x24\ X04 \ xc7 \ x04 \ x24 \ xbe \ x32 \ x6b\ Xc0 ";
Int main (INT argc, char * argv [])
{
Printf ("% P \ n", array );
* (Int *) 0 = 0;
}
/*}}}*/



Compile with GCC-G and run it in GDB:

[Arc @ dhcp-cbjs05-218-251 ~] $ GDB hello
Gnu gdb fedora (6.8-1. fc9)
Copyright (c) 2008 Free Software Foundation, Inc.
License gplv3 +: gnu gpl Version 3 or later
<[Url] http://gnu.org/licenses/gpl. Html [/url]>
This is free software: You are free to change and
Redistribute it.
There is no warranty, to the extent permitted by law.
Type "show copying"
And "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu "...
(No debugging symbols found)
(GDB) r
Starting program:/home/ARC/Hello
0x80484e0

Program received signal SIGSEGV, segmentation fault.

Note: At this time, we can disassemble the address 0x80484e0:

(GDB) disassemble 0x80484e0
Dump of worker er code for Function Array:
0x080484e0 <array + 0>: imul $0xffffffe8, % eax, % eax
0x080484e3 <array + 3>: jle, PN 0x80484dc <__dso_handle + 20>
0x080484e6 <array + 6>: ljmp * <internal disassembler error>
0x080484e8 <array + 8>: rcll (% Esi)
0x080484ea <array + 10>: repnz (bad)
0x080484ec <array + 12>: mov $0x1, % eax
0x080484f1 <array + 17>: Call 0x7f8a1a0
0x080484f6 <array + 22>: mov % EBX, % eax
0x080484f8 <array + 24>: add $0x10, % ESP
0x080484fb <array + 27>: Pop % EBX
0x080484fc <array + 28>: Pop % EBP
0x080484fd <array + 29>: Ret
0x080484fe <array + 30>: NOP
0x080484ff <array + 31>: NOP
0x08048500 <array + 32>: NOP
0x08048501 <array + 33>: Push % EBP
0x08048502 <array + 34>: mov % ESP, % EBP
0x08048504 <array + 36>: Push % EBX
0x08048505 <array + 37>: Sub $ 0xc, % ESP
0x08048508 <array + 40>: mov 0x4 (% eax), % ECx
0x0804850b <array + 43>: mov (% ECx), % edX
0x0804850d <array + 45>: CMP % eax, % edX
0x0804850f <array + 47>: je 0x8048529
0x08048511 <array + 49>: mov % edX, 0x8 (% ESP)
0x08048515 <array + 53>: mov % eax, 0x4 (% ESP)
0x08048519 <array + 57>: movl $ 0xc06b32be, (% ESP)
0x08048520 <array + 64>: Add % ah, 0xa70
End of worker er dump.
(GDB)

OK. Now you know that the wrong command is array [43], that is, mov.
(% ECx), % edX, that is, (% ECx) points to an errorMemory Address.

Supplement:

To better match the assembly code with the C code, the kbuild subsystem of the Linux Kernel provides the function that any c file can be compiled into an assembly file separately. For example:

Make path/to/The/sourcefile. s

For example, if I want to compile kernel/sched. c into an assembly, then:

Make kernel/sched. S v = 1

Or:

Make kernel/sched. lst v = 1


In addition, the./scripts/decodecode file in the kernel source code directoryIt is used to decode Oops:

./Scripts/decodecode <oops.txt