内核调试技巧--kernel panic

举个kernel-panic的例子

[ 2590.185432] Unable to handle kernel paging request at virtual address 00100110

[ 2590.192874] pgd = c0004000
[ 2590.192881] [00100110] *pgd=00000000
[ 2590.192891] Internal error: Oops: 17 [#1] PREEMPT SMP
[ 2590.192897] last sysfs file: /sys/devices/virtual/timed_output/vibrator/enable
[ 2590.192905] Modules linked in:
[ 2590.192916] CPU: 1    Tainted: G        W    (2.6.39.4-05422-g9d29c5e-dirty #96)
[ 2590.192935] PC is at handle_unpin+0x1c/0x1ac
[ 2590.192957] LR is at __mutex_lock_slowpath+0x2e8/0x324
[ 2590.192966] pc : [<c0246e7c>]    lr : [<c0522238>]    psr: 40000013
[ 2590.192971] sp : da961e88  ip : 22222222  fp : ed469c54
[ 2590.192978] r10: ed291e00  r9 : ed291fc8  r8 : da960000
[ 2590.192985] r7 : 00000000  r6 : 00100100  r5 : dfe89434  r4 : ed461a60
[ 2590.192993] r3 : da960000  r2 : da961e80  r1 : 22222222  r0 : da961e58
[ 2590.193002] Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[ 2590.193011] Control: 10c5387d  Table: 2d25804a  DAC: 00000015
[ 2590.193018]
[ 2590.193020] PC: 0xc0246dfc:
[ 2590.193024] 6dfc  ebf8ee9a e1a0200d e3c23d7f e59f1044 e3c3303f e59f0040 e593200c e2822fbb
[ 2590.193040] 6e1c  eb0b65ae ea000003 1a000002 e1a00004 eb000e98 ea000000 e3a08000 e1a00008
[ 2590.193056] 6e3c  e28dd014 e8bd8ff0 c063581c c0549310 c0742e04 c06357e2 c05492fc c06355e3
[ 2590.193072] 6e5c  c0717a7c e92d40f7 e1a04000 e5900008 e1a06001 e1a07002 e2800034 eb0b6efc
[ 2590.193087] 6e7c  e5965010 e2863010 e3550000 1a00000f e1a00004 eb000533 e1a0200d e3c23d7f
[ 2590.193103] 6e9c  e59f1150 e3c3303f e59f214c e593300c e5933230 e58d6000 e2833fbb eb00b93a
[ 2590.193119] 6ebc  e5940008 e2800034 eb0b6bc1 ea000047 e5d6204b e3520001 0a000002 e59f011c
[ 2590.193135] 6edc  e3a0106a ebf80c07 f57ff05f e1932f9f e2422001 e1831f92 e3310000 1afffffa

[ 2590.193154] LR: 0xc05221b8:
[ 2590.193158] 21b8  e59f00b0 e3a010fd ebed81a9 eaffffb8 e1a0200d e1a00004 e3c26d7f e1a0100d
[ 2590.193173] 21d8  e3c6603f e1a02006 ebee1fd9 e594300c e5846014 e1530007 03a03000 05843000
[ 2590.193189] 21f8  f57ff05f e3a03000 e2844004 e5843000 f57ff04f e320f004 e121f005 e1a0100d
[ 2590.193205] 2218  e3c13d7f e3c3303f e5933000 e3130002 0a000000 ebfffd23 e1a0000d ebee206f
[ 2590.193221] 2238  e1a0200d e3c23d7f e3c3303f e5932004 e2422001 e5832004 e5933000 e3130002
[ 2590.193237] 2258  0a000000 ebfffd17 e28dd014 e8bd8ff0 c0747a48 c0963090 c06190d9 e92d4ff0
[ 2590.193253] 2278  e24dd014 e1a0100d e1a04000 e3c13d7f e3c3303f e5932004 e593600c e2822001
[ 2590.193269] 2298  e5832004 e59f2388 e5922000 e3520000 1a00000e e5933004 e3c3333f e3c330ff
[ 2590.193285]
[ 2590.193287] SP: 0xda961e08:
[ 2590.193291] 1e08  edc60000 0000000f dd894cb8 0000025a 60000013 00000001 00000003 3532205b
[ 2590.193307] 1e28  322e3938 0000040f 00000007 00100100 00000000 c0046730 da961e58 22222222
[ 2590.193323] 1e48  da961e80 da960000 ed461a60 dfe89434 00100100 00000000 da960000 ed291fc8
[ 2590.193339] 1e68  ed291e00 ed469c54 22222222 da961e88 c0522238 c0246e7c 40000013 ffffffff
[ 2590.193354] 1e88  ed461a60 00100100 00000000 dfe89420 dfe89434 ed461a60 da961f00 c024710c
[ 2590.193370] 1ea8  dfdc87a0 00000002 edc2d80c edc2d80c 00000001 dfe89420 ed469c00 c0243f78
[ 2590.193386] 1ec8  ed469c00 ed469c48 00000000 d8c6cda0 d35806c0 edc2d80c edc2d80c c003fc60
[ 2590.193402] 1ee8  c003fc60 c003e9a0 00000003 00000002 ed469c48 ed291e00 dfe89420 d8c6cda0
[ 2590.193418]
[ 2590.193420] FP: 0xed469bd4:
[ 2590.193424] 9bd4  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 2590.193439] 9bf4  00000000 00000000 00000000 ed464000 00000000 ed469c08 ed469c08 00000000
[ 2590.193455] 9c14  00000000 c07181e8 00000000 00000002 00000001 00000000 c05491d0 ed6dd404
[ 2590.193470] 9c34  ed6dd404 0fb00001 00000001 ed469a00 ed461a60 ed469c00 00000000 ed18c460
[ 2590.193486] 9c54  00000001 00000000 00000000 ed469c60 ed469c60 00000000 00000000 ed469c54
[ 2590.193501] 9c74  d8c11ca0 00000000 00000000 ed463740 ed469c00 00000001 ed18c460 00000001
[ 2590.193516] 9c94  00000000 00000000 ed469c9c ed469c9c 00000000 00000000 ed469c90 d8c11a80
[ 2590.193532] 9cb4  00000000 00000000 ed4636e0 ed469c00 00000002 ed18c460 00000001 00000000
[ 2590.193548]
[ 2590.193550] R0: 0xda961dd8:
[ 2590.193554] 1dd8  c0747a54 c0747a54 da961df4 c05216fc 00000060 00000001 00000001 c00838c8
[ 2590.193569] 1df8  22222222 c0747a54 a92fb7e9 00000143 edc60000 0000000f dd894cb8 0000025a
[ 2590.193585] 1e18  60000013 00000001 00000003 3532205b 322e3938 0000040f 00000007 00100100
[ 2590.193600] 1e38  00000000 c0046730 da961e58 22222222 da961e80 da960000 ed461a60 dfe89434
[ 2590.193616] 1e58  00100100 00000000 da960000 ed291fc8 ed291e00 ed469c54 22222222 da961e88

[ 2590.193632] 1e78  c0522238 c0246e7c 40000013 ffffffff ed461a60 00100100 00000000 dfe89420

[ 2590.193647] 1e98  dfe89434 ed461a60 da961f00 c024710c dfdc87a0 00000002 edc2d80c edc2d80c

............................

[ 2590.194777] [<c0246e7c>] (handle_unpin+0x1c/0x1ac) from [<c024710c>] (nvmap_unpin+0x84/0xbc)
[ 2590.194793] [<c024710c>] (nvmap_unpin+0x84/0xbc) from [<c0243f78>] (tegra_dc_ext_flip_worker+0x33c/0x39c)
[ 2590.194822] [<c0243f78>] (tegra_dc_ext_flip_worker+0x33c/0x39c) from [<c0094b98>] (process_one_work+0x254/0x3b0)
[ 2590.194840] [<c0094b98>] (process_one_work+0x254/0x3b0) from [<c00950d8>] (worker_thread+0x228/0x3e8)
[ 2590.194861] [<c00950d8>] (worker_thread+0x228/0x3e8) from [<c009aa84>] (kthread+0x80/0x88)
[ 2590.194884] [<c009aa84>] (kthread+0x80/0x88) from [<c0047698>] (kernel_thread_exit+0x0/0x8)
[ 2590.194898] Code: e1a06001 e1a07002 e2800034 eb0b6efc (e5965010)

当pc在handle_unpin+0x1c的时候，往下运行出现了严重的错误，所以就出现了panic。

1.利用arm-linux-gnueabi-objdump -D vmlinux > kernel_dump.txt 查看handle_unpin+0x1c位置的汇编代码。

2.要么利用 arm-linux-gnueabi-gdb vmlinux

(gdb) l *handle_unpin+0x1c
0xc0246e7c is in handle_unpin (/home/*****/nvmap.c:99).
94            struct nvmap_handle *h, int free_vm)
95    {
96        int ret = 0;
97        nvmap_mru_lock(client->share);
98    
99        if (atomic_read(&h->pin) == 0) {
100            nvmap_err(client, "%s unpinning unpinned handle %p\n",
101                  current->group_leader->comm, h);
102            nvmap_mru_unlock(client->share);
103            return 0;

gdb都精确的定位到第99行了。

根据Unable to handle kernel paging request at virtual address 00100110

handle_unpin函数中的h指针为错误指针。剩下的精力就是放在什么时候，在什么地方这个值被修改了，为什么被修改了。