目前问题为:内核出现coredump 需要分析coredump, 根据堆栈分析为内核唤醒内核进程/线程的时候,在内核太发生缺页中断触发panic
目前可以参考以前的以下文章:copy_from_user以及缺页中断 缺页中断分析
根据crash 我们可以拿到函数调用栈也就是栈地址,但是栈数据怎么获取呢? 其分布是怎样的呢? 函数出入的参数是怎样的呢?
有如下命令
bt -f /* 打印函数栈数据 */
/* 函数栈内自底向上,自右向左存储数据。
1.右下角为第一个数据:返回到 上一级函数的继续执行地址。
2.左下角为第二个数据,当前函数的栈底地址,返回时使用。
*/
X86-64有16个64位寄存器,分别是:
%rax,%rbx,%rcx,%rdx,%esi,%edi,%rbp,%rsp,%r8,%r9,%r10,%r11,%r12,%r13,%r14,%r15。
其中:
- %rax 作为函数返回值使用。
- %rsp 栈指针寄存器,指向栈顶
- %rdi,%rsi,%rdx,%rcx,%r8,%r9 用作函数参数,依次对应第1参数,第2参数。。。
- %rbx,%rbp,%r12,%r13,%14,%15 用作数据存储,遵循被调用者使用规则,简单说就是随便用,调用子函数之前要备份它,以防他被修改
- %r10,%r11 用作数据存储,遵循调用者使用规则,简单说就是使用之前要先保存原值
根据分析 :
static int
select_task_rq_fair(struct rq *rq, struct task_struct *p, int sd_flag, int wake_flags)其中 函数调用的第二栈地址为0xffff8810792b9a40 也许是错的只能慢慢整了
详细结果如下:
其中:sd_flag = 0; wake_flags = 1
第一个参数:
struct rq ffff88107fc73480 -x
struct rq {
lock = {
raw_lock = {
slock = 0x821081f
}
},
nr_running = 0x0,
cpu_load = {0x132, 0x99, 0x4d, 0x27, 0x14},
last_load_update_tick = 0x10019e92e,
skip_clock_update = 0x0,
load = {
weight = 0x0,
inv_weight = 0x0
},
nr_load_updates = 0x1e7de7,
nr_switches = 0x63517,
cfs = {
load = {
weight = 0x0,
inv_weight = 0x0
},
nr_running = 0x0,
exec_clock = 0x0,
min_vruntime = 0xd64aeb9f6,
tasks_timeline = {
rb_node = 0x0
},
rb_leftmost = 0x0,
tasks = {
next = 0xffff88107fc73520,
prev = 0xffff88107fc73520
},
balance_iterator = 0x0,
curr = 0x0,
next = 0x0,
last = 0x0,
skip = 0x0,
nr_spread_over = 0x0,
rq = 0xffff88107fc73480,
on_list = 0x1,
leaf_cfs_rq_list = {
next = 0xffff88107fc73c70,
prev = 0xffff8810362b0d88
},
tg = 0xffffffff81a9f6f0 <root_task_group>,
task_weight = 0x0,
h_load = 0x3c3,
load_avg = 0x0,
load_period = 0x0,
load_stamp = 0x1,
load_last = 0x0,
load_unacc_exec_time = 0x42b221936,
load_contribution = 0x0
},
rt = {
active = {
bitmap = {0x0, 0x1000000000},
queue = {{
next = 0xffff88107fc735d8,
prev = 0xffff88107fc735d8
}, {
next = 0xffff88107fc735e8,
prev = 0xffff88107fc735e8
}, {
next = 0xffff88107fc735f8,
prev = 0xffff88107fc735f8
}, {
next = 0xffff88107fc73608,
prev = 0xffff88107fc73608
}, {
next = 0xffff88107fc73618,
prev = 0xffff88107fc73618
}, {
next = 0xffff88107fc73628,
prev = 0xffff88107fc73628
}, {
next = 0xffff88107fc73638,
prev = 0xffff88107fc73638
}, {
next = 0xffff88107fc73648,
prev = 0xffff88107fc73648
}, {
next = 0xffff88107fc73658,
prev = 0xffff88107fc73658
}, {
next = 0xffff88107fc73668,
prev = 0xffff88107fc73668
}, {
next = 0xffff88107fc73678,
prev = 0xffff88107fc73678
}, {
next = 0xffff88107fc73688,
prev = 0xffff88107fc73688
}, {
next = 0xffff88107fc73698,
prev = 0xffff88107fc73698
}, {
next = 0xffff88107fc736a8,
prev = 0xffff88107fc736a8
}, {
next = 0xffff88107fc736b8,
prev = 0xffff88107fc736b8
}, {
next = 0xffff88107fc736c8,
prev = 0xffff88107fc736c8
}, {
next = 0xffff88107fc736d8,
prev = 0xffff88107fc736d8
}, {
next = 0xffff88107fc736e8,
prev = 0xffff88107fc736e8
}, {
next = 0xffff88107fc736f8,
prev = 0xffff88107fc736f8
}, {
next = 0xffff88107fc73708,
prev = 0xffff88107fc73708
}, {
next = 0xffff88107fc73718,
prev = 0xffff88107fc73718
}, {
next = 0xffff88107fc73728,
prev = 0xffff88107fc73728
}, {
next = 0xffff88107fc73738,
prev = 0xffff88107fc73738
}, {
next = 0xffff88107fc73748,
prev = 0xffff88107fc73748
}, {
next = 0xffff88107fc73758,
prev = 0xffff88107fc73758
}, {
next = 0xffff88107fc73768,
prev = 0xffff88107fc73768
}, {
next = 0xffff88107fc73778,
prev = 0xffff88107fc73778
}, {
next = 0xffff88107fc73788,
prev = 0xffff88107fc73788
}, {
next = 0xffff88107fc73798,
prev = 0xffff88107fc73798
}, {
next = 0xffff88107fc737a8,
prev = 0xffff88107fc737a8
}, {
next = 0xffff88107fc737b8,
prev = 0xffff88107fc737b8
}, {
next = 0xffff88107fc737c8,
prev = 0xffff88107fc737c8
}, {
next = 0xffff88107fc737d8,
prev = 0xffff88107fc737d8
}, {
next = 0xffff88107fc737e8,
prev = 0xffff88107fc737e8
}, {
next = 0xffff88107fc737f8,
prev = 0xffff88107fc737f8
}, {
next = 0xffff88107fc73808,
prev = 0xffff88107fc73808
}, {
next = 0xffff88107fc73818,
prev = 0xffff88107fc73818
}, {
next = 0xffff88107fc73828,
prev = 0xffff88107fc73828
}, {
next = 0xffff88107fc73838,
prev = 0xffff88107fc73838
}, {
next = 0xffff88107fc73848,
prev = 0xffff88107fc73848
}, {
next = 0xffff88107fc73858,
prev = 0xffff88107fc73858
}, {
next = 0xffff88107fc73868,
prev = 0xffff88107fc73868
}, {
next = 0xffff88107fc73878,
prev = 0xffff88107fc73878
}, {
next = 0xffff88107fc73888,
prev = 0xffff88107fc73888
}, {
next = 0xffff88107fc73898,
prev = 0xffff88107fc73898
}, {
next = 0xffff88107fc738a8,
prev = 0xffff88107fc738a8
}, {
next = 0xffff88107fc738b8,
prev = 0xffff88107fc738b8
}, {
next = 0xffff88107fc738c8,
prev = 0xffff88107fc738c8
}, {
next = 0xffff88107fc738d8,
prev = 0xffff88107fc738d8
}, {
next = 0xffff88107fc738e8,
prev = 0xffff88107fc738e8
}, {
next = 0xffff88107fc738f8,
prev = 0xffff88107fc738f8
}, {
next = 0xffff88107fc73908,
prev = 0xffff88107fc73908
}, {
next = 0xffff88107fc73918,
prev = 0xffff88107fc73918
}, {
next = 0xffff88107fc73928,
prev = 0xffff88107fc73928
}, {
next = 0xffff88107fc73938,
prev = 0xffff88107fc73938
}, {
next = 0xffff88107fc73948,
prev = 0xffff88107fc73948
}, {
next = 0xffff88107fc73958,
prev = 0xffff88107fc73958
}, {
next = 0xffff88107fc73968,
prev = 0xffff88107fc73968
}, {
next = 0xffff88107fc73978,
prev = 0xffff88107fc73978
}, {
next = 0xffff88107fc73988,
prev = 0xffff88107fc73988
}, {
next = 0xffff88107fc73998,
prev = 0xffff88107fc73998
}, {
next = 0xffff88107fc739a8,
prev = 0xffff88107fc739a8
}, {
next = 0xffff88107fc739b8,
prev = 0xffff88107fc739b8
}, {
next = 0xffff88107fc739c8,
prev = 0xffff88107fc739c8
}, {
next = 0xffff88107fc739d8,
prev = 0xffff88107fc739d8
}, {
next = 0xffff88107fc739e8,
prev = 0xffff88107fc739e8
}, {
next = 0xffff88107fc739f8,
prev = 0xffff88107fc739f8
}, {
next = 0xffff88107fc73a08,
prev = 0xffff88107fc73a08
}, {
next = 0xffff88107fc73a18,
prev = 0xffff88107fc73a18
}, {
next = 0xffff88107fc73a28,
prev = 0xffff88107fc73a28
}, {
next = 0xffff88107fc73a38,
prev = 0xffff88107fc73a38
}, {
next = 0xffff88107fc73a48,
prev = 0xffff88107fc73a48
}, {
next = 0xffff88107fc73a58,
prev = 0xffff88107fc73a58
}, {
next = 0xffff88107fc73a68,
prev = 0xffff88107fc73a68
}, {
next = 0xffff88107fc73a78,
prev = 0xffff88107fc73a78
}, {
next = 0xffff88107fc73a88,
prev = 0xffff88107fc73a88
}, {
next = 0xffff88107fc73a98,
prev = 0xffff88107fc73a98
}, {
next = 0xffff88107fc73aa8,
prev = 0xffff88107fc73aa8
}, {
next = 0xffff88107fc73ab8,
prev = 0xffff88107fc73ab8
}, {
next = 0xffff88107fc73ac8,
prev = 0xffff88107fc73ac8
}, {
next = 0xffff88107fc73ad8,
prev = 0xffff88107fc73ad8
}, {
next = 0xffff88107fc73ae8,
prev = 0xffff88107fc73ae8
}, {
next = 0xffff88107fc73af8,
prev = 0xffff88107fc73af8
}, {
next = 0xffff88107fc73b08,
prev = 0xffff88107fc73b08
}, {
next = 0xffff88107fc73b18,
prev = 0xffff88107fc73b18
}, {
next = 0xffff88107fc73b28,
prev = 0xffff88107fc73b28
}, {
next = 0xffff88107fc73b38,
prev = 0xffff88107fc73b38
}, {
next = 0xffff88107fc73b48,
prev = 0xffff88107fc73b48
}, {
next = 0xffff88107fc73b58,
prev = 0xffff88107fc73b58
}, {
next = 0xffff88107fc73b68,
prev = 0xffff88107fc73b68
}, {
next = 0xffff88107fc73b78,
prev = 0xffff88107fc73b78
}, {
next = 0xffff88107fc73b88,
prev = 0xffff88107fc73b88
}, {
next = 0xffff88107fc73b98,
prev = 0xffff88107fc73b98
}, {
next = 0xffff88107fc73ba8,
prev = 0xffff88107fc73ba8
}, {
next = 0xffff88107fc73bb8,
prev = 0xffff88107fc73bb8
}, {
next = 0xffff88107fc73bc8,
prev = 0xffff88107fc73bc8
}, {
next = 0xffff88107fc73bd8,
prev = 0xffff88107fc73bd8
}, {
next = 0xffff88107fc73be8,
prev = 0xffff88107fc73be8
}, {
next = 0xffff88107fc73bf8,
prev = 0xffff88107fc73bf8
}, {
next = 0xffff88107fc73c08,
prev = 0xffff88107fc73c08
}}
},
rt_nr_running = 0x0,
highest_prio = {
curr = 0x64,
next = 0x64
},
rt_nr_migratory = 0x0,
rt_nr_total = 0x0,
overloaded = 0x0,
pushable_tasks = {
node_list = {
next = 0xffff88107fc73c40,
prev = 0xffff88107fc73c40
}
},
rt_throttled = 0x0,
rt_time = 0x0,
rt_runtime = 0x389fd980,
rt_runtime_lock = {
raw_lock = {
slock = 0x1f801f8
}
}
},
leaf_cfs_rq_list = {
next = 0xffff88103af91b88,
prev = 0xffff88107fc73570
},
nr_uninterruptible = 0x0,
curr = 0xffff8810796c0d20,
idle = 0xffff8810796c0d20,
stop = 0xffff881079567620,
next_balance = 0x10019e930,
prev_mm = 0x0,
clock = 0x1d06193af03,
clock_task = 0x1d06193af03,
nr_iowait = {
counter = 0x0
},
rd = 0xffff8820792bc000,
sd = 0xffff88107fc6f240,
cpu_power = 0x400,
idle_at_tick = 0x0,
post_schedule = 0x0,
active_balance = 0x0,
push_cpu = 0x7,
active_balance_work = {
list = {
next = 0xffff88107fc73cf0,
prev = 0xffff88107fc73cf0
},
fn = 0xffffffff81043b54 <active_load_balance_cpu_stop>,
arg = 0xffff88107fc73480,
done = 0x0
},
cpu = 0x3,
online = 0x1,
avg_load_per_task = 0x1e1,
rt_avg = 0x1,
age_stamp = 0x1d06176c900,
idle_stamp = 0x1d06193aaa6,
avg_idle = 0x8b80d,
calc_load_update = 0x10019f230,
calc_load_active = 0x0,
hrtick_csd_pending = 0x0,
hrtick_csd = {
list = {
next = 0x0,
prev = 0x0
},
func = 0xffffffff8103e71c <__hrtick_start>,
info = 0xffff88107fc73480,
flags = 0x0,
priv = 0x0
},
hrtick_timer = {
node = {
node = {
rb_parent_color = 0xffff88107fc73d88,
rb_right = 0x0,
rb_left = 0x0
},
expires = {
tv64 = 0x0
}
},
_softexpires = {
tv64 = 0x0
},
function = 0xffffffff8103d264 <hrtick>,
base = 0xffff88107fc0fac8,
state = 0x0
}
}View Code
第二参数:
struct task_struct ffff8810792b9a40 -x
struct task_struct {
state = 0x100,
stack = 0xffff8810360ea000,
usage = {
counter = 0x2
},
flags = 0x402040,
ptrace = 0x0,
lock_depth = 0xffffffff,
prio = 0x78,
static_prio = 0x78,
normal_prio = 0x78,
rt_priority = 0x0,
sched_class = 0xffffffff81602c30 <fair_sched_class>,
se = {
load = {
weight = 0x400,
inv_weight = 0x400000
},
run_node = {
rb_parent_color = 0x1,
rb_right = 0x0,
rb_left = 0x0
},
group_node = {
next = 0xffff8810792b9aa0,
prev = 0xffff8810792b9aa0
},
on_rq = 0x0,
exec_start = 0x1d06193aaa6,
sum_exec_runtime = 0xa2f02e4,
vruntime = 0xffffffffff49d69d,
prev_sum_exec_runtime = 0xa2e609d,
nr_migrations = 0x2,
parent = 0xffff88103e840a00,
cfs_rq = 0xffff88103af91b00,
my_q = 0x0
},
rt = {
run_list = {
next = 0xffff8810792b9af8,
prev = 0xffff8810792b9af8
},
timeout = 0x0,
time_slice = 0x3e8,
nr_cpus_allowed = 0x1,
back = 0x0
},
fpu_counter = 0x1,
policy = 0x0,
cpus_allowed = {
bits = {0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
},
sched_info = {
pcount = 0x4fdf,
run_delay = 0x749c3d6,
last_arrival = 0x1d06193085f,
last_queued = 0x0
},
tasks = {
next = 0xffff882077945698,
prev = 0xffff8810792214f8
},
pushable_tasks = {
prio = 0x8c,
prio_list = {
next = 0xffff8810792b9ba0,
prev = 0xffff8810792b9ba0
},
node_list = {
next = 0xffff8810792b9bb0,
prev = 0xffff8810792b9bb0
}
},
mm = 0xffff8820779b5780,
active_mm = 0xffff8820779b5780,
brk_randomized = 0x0,
rss_stat = {
events = 0xd,
count = {0x5, 0x0, 0x0}
},
exit_state = 0x0,
exit_code = 0x0,
exit_signal = 0xffffffff,
pdeath_signal = 0x0,
personality = 0x0,
did_exec = 0x0,
in_execve = 0x0,
in_iowait = 0x0,
sched_reset_on_fork = 0x0,
pid = 0x188d,
tgid = 0x1803,
real_parent = 0xffff8810792213b0,
parent = 0xffff8810792213b0,
children = {
next = 0xffff8810792b9c18,
prev = 0xffff8810792b9c18
},
sibling = {
next = 0xffff8810792b9c28,
prev = 0xffff8810792b9c28
},
group_leader = 0xffff8820779420d0,
ptraced = {
next = 0xffff8810792b9c40,
prev = 0xffff8810792b9c40
},
ptrace_entry = {
next = 0xffff8810792b9c50,
prev = 0xffff8810792b9c50
},
pids = {{
node = {
next = 0x0,
pprev = 0xffff88103f06b208
},
pid = 0xffff88103f06b200
}, {
node = {
next = 0xffff8810792215e8,
pprev = 0xffff88103f04cb10
},
pid = 0xffff88103f04cb00
}, {
node = {
next = 0xffff881079221600,
pprev = 0xffff88103f04cb18
},
pid = 0xffff88103f04cb00
}},
thread_group = {
next = 0xffff88103f3bde48,
prev = 0xffff88103f3beb68
},
vfork_done = 0x0,
set_child_tid = 0x0,
clear_child_tid = 0x7f6f900019d0,
utime = 0x1c,
stime = 0x43,
utimescaled = 0x1c,
stimescaled = 0x43,
gtime = 0x0,
prev_utime = 0x0,
prev_stime = 0x0,
nvcsw = 0x4fdf,
nivcsw = 0x0,
start_time = {
tv_sec = 0x2b,
tv_nsec = 0x787e451
},
real_start_time = {
tv_sec = 0x2b,
tv_nsec = 0x787e451
},
min_flt = 0x35,
maj_flt = 0x8,
cputime_expires = {
utime = 0x0,
stime = 0x0,
sum_exec_runtime = 0x0
},
cpu_timers = {{
next = 0xffff8810792b9d60,
prev = 0xffff8810792b9d60
}, {
next = 0xffff8810792b9d70,
prev = 0xffff8810792b9d70
}, {
next = 0xffff8810792b9d80,
prev = 0xffff8810792b9d80
}},
real_cred = 0xffff88203eb7bec0,
cred = 0xffff88203eb7bec0,
replacement_session_keyring = 0x0,
comm = "wafd\000\000\000\000\000\000\000\000\000\000\000",
link_count = 0x0,
total_link_count = 0x0,
sysvsem = {
undo_list = 0xffff882077d3e440
},
thread = {
tls_array = {{
{
{
a = 0x0,
b = 0x0
},
{
limit0 = 0x0,
base0 = 0x0,
base1 = 0x0,
type = 0x0,
s = 0x0,
dpl = 0x0,
p = 0x0,
limit = 0x0,
avl = 0x0,
l = 0x0,
d = 0x0,
g = 0x0,
base2 = 0x0
}
}
}, {
{
{
a = 0x0,
b = 0x0
},
{
limit0 = 0x0,
base0 = 0x0,
base1 = 0x0,
type = 0x0,
s = 0x0,
dpl = 0x0,
p = 0x0,
limit = 0x0,
avl = 0x0,
l = 0x0,
d = 0x0,
g = 0x0,
base2 = 0x0
}
}
}, {
{
{
a = 0x0,
b = 0x0
},
{
limit0 = 0x0,
base0 = 0x0,
base1 = 0x0,
type = 0x0,
s = 0x0,
dpl = 0x0,
p = 0x0,
limit = 0x0,
avl = 0x0,
l = 0x0,
d = 0x0,
g = 0x0,
base2 = 0x0
}
}
}},
sp0 = 0xffff8810360ec000,
sp = 0xffff8810360ebcf8,
usersp = 0x7f6f8fff0620,
es = 0x0,
ds = 0x0,
fsindex = 0x0,
gsindex = 0x0,
fs = 0x7f6f90001700,
gs = 0x0,
ptrace_bps = {0x0, 0x0, 0x0, 0x0},
debugreg6 = 0x0,
ptrace_dr7 = 0x0,
cr2 = 0x0,
trap_no = 0x0,
error_code = 0x0,
fpu = {
state = 0xffff88103ad82080
},
io_bitmap_ptr = 0x0,
iopl = 0x0,
io_bitmap_max = 0x0
},
fs = 0xffff882077b2d240,
files = 0xffff882077973f40,
nsproxy = 0xffffffff81972490 <init_nsproxy>,
signal = 0xffff88203c03cc00,
sighand = 0xffff88207797a940,
blocked = {
sig = {0xfffffffe7ffbfa37}
},
real_blocked = {
sig = {0x0}
},
saved_sigmask = {
sig = {0x0}
},
pending = {
list = {
next = 0xffff8810792b9eb8,
prev = 0xffff8810792b9eb8
},
signal = {
sig = {0x0}
}
},
sas_ss_sp = 0x0,
sas_ss_size = 0x0,
notifier = 0x0,
notifier_data = 0x0,
notifier_mask = 0x0,
audit_context = 0x0,
seccomp = {
mode = 0x0
},
parent_exec_id = 0x8,
self_exec_id = 0x8,
alloc_lock = {
{
rlock = {
raw_lock = {
slock = 0x20002
}
}
}
},
irqaction = 0x0,
pi_lock = {
raw_lock = {
slock = 0x0
}
},
pi_waiters = {
node_list = {
next = 0xffff8810792b9f20,
prev = 0xffff8810792b9f20
}
},
pi_blocked_on = 0x0,
journal_info = 0x0,
bio_list = 0x0,
plug = 0x0,
reclaim_state = 0x0,
backing_dev_info = 0x0,
io_context = 0xffff88103ac966c0,
ptrace_message = 0x0,
last_siginfo = 0x0,
ioac = {
rchar = 0xffa3,
wchar = 0x1000b,
syscr = 0x9d7,
syscw = 0xf38,
read_bytes = 0x24000,
write_bytes = 0x0,
cancelled_write_bytes = 0x0
},
acct_rss_mem1 = 0x109ba098f,
acct_vm_mem1 = 0x32aac4109c,
acct_timexpd = 0x5f,
mems_allowed = {
bits = {0x3}
},
mems_allowed_change_disable = 0x0,
cpuset_mem_spread_rotor = 0x0,
cpuset_slab_spread_rotor = 0x0,
cgroups = 0xffffffff81aea2a0 <init_css_set>,
cg_list = {
next = 0xffff8810792b9fe8,
prev = 0xffff8810792b9fe8
},
robust_list = 0x7f6f900019e0,
compat_robust_list = 0x0,
pi_state_list = {
next = 0xffff8810792ba008,
prev = 0xffff8810792ba008
},
pi_state_cache = 0x0,
perf_event_ctxp = {0x0, 0x0},
perf_event_mutex = {
count = {
counter = 0x1
},
wait_lock = {
{
rlock = {
raw_lock = {
slock = 0x0
}
}
}
},
wait_list = {
next = 0xffff8810792ba038,
prev = 0xffff8810792ba038
},
owner = 0x0
},
perf_event_list = {
next = 0xffff8810792ba050,
prev = 0xffff8810792ba050
},
mempolicy = 0x0,
il_next = 0x1,
pref_node_fork = 0x0,
fs_excl = {
counter = 0x0
},
rcu = {
next = 0x0,
func = 0x0
},
splice_pipe = 0x0,
delays = 0xffff881079555f50,
dirties = {
events = 0x0,
period = 0x0,
shift = 0x0,
lock = {
{
rlock = {
raw_lock = {
slock = 0x0
}
}
}
}
},
timer_slack_ns = 0xc350,
default_timer_slack_ns = 0xc350,
scm_work_list = 0x0,
ptrace_bp_refcnt = {
counter = 0x1
}
}View Code
crash> l *0xffffffff810451b9
0xffffffff810451b9 is in select_task_rq_fair (kernel/sched_fair.c:1676).
1671 kernel/sched_fair.c: No such file or directory.
crash> l *(select_task_rq_fair+115)
0xffffffff810451b9 is in select_task_rq_fair (kernel/sched_fair.c:1676).
1671 in kernel/sched_fair.c
貌似gs 指向的是per_cpu 变量q
gs寄存器在x86平台上主要用于记录per cpu变量的base address,我们可以使用kmem -o命令来查看这个基地址:
crash> kmem -o
PER-CPU OFFSET VALUES:
CPU 0: ffff88107fc00000
CPU 1: ffff88107fc20000
CPU 2: ffff88107fc40000
CPU 3: ffff88107fc60000
CPU 4: ffff88107fc80000
CPU 5: ffff88107fca0000
CPU 6: ffff88107fcc0000
CPU 7: ffff88107fce0000
CPU 8: ffff88207fc00000
CPU 9: ffff88207fc20000
CPU 10: ffff88207fc40000
CPU 11: ffff88207fc60000
CPU 12: ffff88207fc80000
CPU 13: ffff88207fca0000
CPU 14: ffff88207fcc0000
CPU 15: ffff88207fce0000
CPU 16: ffff88107fd00000
CPU 17: ffff88107fd20000
CPU 18: ffff88107fd40000
CPU 19: ffff88107fd60000
CPU 20: ffff88107fd80000
CPU 21: ffff88107fda0000
CPU 22: ffff88107fdc0000
CPU 23: ffff88107fde0000
CPU 24: ffff88207fd00000
CPU 25: ffff88207fd20000
CPU 26: ffff88207fd40000
CPU 27: ffff88207fd60000
CPU 28: ffff88207fd80000
CPU 29: ffff88207fda0000
CPU 30: ffff88207fdc0000
CPU 31: ffff88207fde0000View Code
CPU 9: ffff88207fc20000
src/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1663
0xffffffff81045163 <select_task_rq_fair+29>: mov %gs:0xdbe0,%eax
0xffffffff8104516b <select_task_rq_fair+37>: mov %eax,-0x38(%rbp)crash> eval ffff88207fc20000 + 0xdbe0
hexadecimal: ffff88207fc2dbe0
decimal: 18446612271896648672 (-131801812902944)
octal: 1777774202017760555740
binary: 1111111111111111100010000010000001111111110000101101101111100000rd ffff88207fc2dbe0
ffff88207fc2dbe0: 0000000000000009 ........值为9 确实是cpu 9
int cpu = smp_processor_id();
int prev_cpu = task_cpu(p);
对于perv_cpu 值为3:
struct task_struct ffff8810792b9a40
struct task_struct {
state = 256,
stack = 0xffff8810360ea000,
usage = {
counter = 2
},
flags = 4202560,
---
}
struct thread_info 0xffff8810360ea000
struct thread_info {
task = 0xffff8810792b9a40,
exec_domain = 0xffffffff8196ed80 <default_exec_domain>,
flags = 0,
status = 0,
cpu = 3,
preempt_count = 0,
addr_limit = {
seg = 140737488351232
},
restart_block = {
fn = 0xffffffff81057218 <do_no_restart_syscall>,
{
futex = {
uaddr = 0x0,
val = 0,
flags = 0,
bitset = 0,
time = 0,
uaddr2 = 0x0
},
nanosleep = {
index = 0,
rmtp = 0x0,
compat_rmtp = 0x0,
expires = 0
},
poll = {
ufds = 0x0,
nfds = 0,
has_timeout = 0,
tv_sec = 0,
tv_nsec = 0
}
}
},
sysenter_return = 0x0,
uaccess_err = 0
}
> dis -rl 0xffffffff810451b9
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1661
0xffffffff81045146 <select_task_rq_fair>: push %rbp
0xffffffff81045147 <select_task_rq_fair+1>: mov %rsp,%rbp
0xffffffff8104514a <select_task_rq_fair+4>: push %r15
0xffffffff8104514c <select_task_rq_fair+6>: push %r14
0xffffffff8104514e <select_task_rq_fair+8>: push %r13
0xffffffff81045150 <select_task_rq_fair+10>: push %r12
0xffffffff81045152 <select_task_rq_fair+12>: push %rbx
0xffffffff81045153 <select_task_rq_fair+13>: mov %rsi,%rbx
0xffffffff81045156 <select_task_rq_fair+16>: sub $0x88,%rsp
0xffffffff8104515d <select_task_rq_fair+23>: mov %edx,-0x34(%rbp)
0xffffffff81045160 <select_task_rq_fair+26>: mov %ecx,-0x40(%rbp)
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1663
0xffffffff81045163 <select_task_rq_fair+29>: mov %gs:0xdbe0,%eax
0xffffffff8104516b <select_task_rq_fair+37>: mov %eax,-0x38(%rbp)
rc/core/kernel/linux/build/linux-2.6.39/include/linux/sched.h: 2501
0xffffffff8104516e <select_task_rq_fair+40>: mov 0x8(%rsi),%rax
src/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1670
0xffffffff81045172 <select_task_rq_fair+44>: and $0x10,%edx
0xffffffff81045175 <select_task_rq_fair+47>: mov %edx,-0x68(%rbp)
src/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1664
0xffffffff81045178 <select_task_rq_fair+50>: mov 0x18(%rax),%eax
0xffffffff8104517b <select_task_rq_fair+53>: mov %eax,-0x48(%rbp)
src/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1670
0xffffffff8104517e <select_task_rq_fair+56>: je 0xffffffff81045199 <select_task_rq_fair+83>
rc/core/kernel/linux/build/linux-2.6.39/arch/x86/include/asm/bitops.h: 319
0xffffffff81045180 <select_task_rq_fair+58>: mov -0x38(%rbp),%edx
0xffffffff81045183 <select_task_rq_fair+61>: bt %edx,0xe8(%rsi)
0xffffffff8104518a <select_task_rq_fair+68>: sbb %eax,%eax
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1664
0xffffffff8104518c <select_task_rq_fair+70>: cmp $0x1,%eax
0xffffffff8104518f <select_task_rq_fair+73>: mov -0x48(%rbp),%r14d
0xffffffff81045193 <select_task_rq_fair+77>: sbb %edx,%edx
0xffffffff81045195 <select_task_rq_fair+79>: inc %edx
0xffffffff81045197 <select_task_rq_fair+81>: jmp 0xffffffff8104519f <select_task_rq_fair+89>
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1663
0xffffffff81045199 <select_task_rq_fair+83>: mov -0x38(%rbp),%r14d
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1666
0xffffffff8104519d <select_task_rq_fair+87>: xor %edx,%edx
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1676
0xffffffff8104519f <select_task_rq_fair+89>: movslq -0x38(%rbp),%rax
0xffffffff810451a3 <select_task_rq_fair+93>: mov $0x13480,%r10
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1667
0xffffffff810451aa <select_task_rq_fair+100>: mov $0x1,%r8d
rc/core/kernel/linux/build/linux-2.6.39/kernel/sched_fair.c: 1676
0xffffffff810451b0 <select_task_rq_fair+106>: xor %r13d,%r13d
0xffffffff810451b3 <select_task_rq_fair+109>: xor %r12d,%r12d
0xffffffff810451b6 <select_task_rq_fair+112>: mov %r14d,%ecx
0xffffffff810451b9 <select_task_rq_fair+115>: mov -0x7e62bd10(,%rax,8),%rax从上述看到结果是: 从cpu 3 切换到cpu9 然后访问per_cpu 变量的rcu 结构; 但是没有使用rcu_lock
目前认为是rcu 使用出错吧
PS:task 查看当前进程或指定进程task_struct和thread_info的信息
kmen 查看当时系统内存使用信息
files命令
files pid 打印指定进程所打开的文件信息
crash > set 进程id /* 连接需要调试的进程 */
crash> mod -s memdisk /* 导入模块memdisk的符号表 */
crash> mod -s memcon /* 导入模块memcon的符号表 */
Irq
irq [[[index ...] | -u] | -d | -b]
显示中断编号的所有信息
Irq 不加参数,则显示所有的中断
Irq index 显示中断编号为index的所有信息
Irq –u 仅仅显示正在使用的中断
Foreach
foreach [[pid | taskp | name | [kernel | user]] ...] command [flag] [argument]
跟C#中的foreach类似,为多任务准备的。它根据参数指定的任务中去查找command相关的内容。任务可以用pid、taskp、name来指定。如果未指定,则搜索所有的任务。形如:
Foreach bash task 表示搜索任务bash中的task相关数据。
Vtop
vtop [-c [pid | taskp]] [-u|-k] address ...
显示用户或内核虚拟内存所对应的物理内存。其中-u和-k分别表示用户空间和内核空间。
Ptov
ptov address ...
该命令与vtop相反。把物理内存转换成虚拟内存。
Set
set [pid | taskp | [-c cpu] | -p] | [crash_variable [setting]] | -v
1、设置要显示的内容,内容一般以进程为单位。
Set pid 设置当前的内容为pid所代表的进程
Set taskp 设置当前的内容为十六制表示的taskp任务的内容
Set –p 设置当前的内容为panic任务的内容
Set -v 显示crash当前的内部变量
Set 不带参数,表示显示当前任务的内容
2、同时set命令也可以设置当前crash的内部变量
Set scroll on表示开启滚动条。
具体的内部变量可以通过set –v命令获得,也可以通过help set来查看帮助。
Ascii
把一个十六进制表示的字符串转化成ascii表示的字符串
Ascii 不带参数则显示ascii码表
Ascii number number所代表的ascii字符串
Struct
struct struct_name[.member[,member]][-o][-l offset][-rfu] [address | symbol]
[count | -c count]
显示结构体的具体内容(下面只介绍常用的,具体的可通过命令help struct查询)
注:如果crash关键字与name所表示的结构体名称不冲突,可以省略struct关键字。
Struct name 显示name所表示的结构体的具体结构
Struct name.member 显示name所表示的结构体中的member成员
Struct name –o 显示name所表示的结构体的具体结构,同时也显示每个成员的偏移量
注:如果crash关键字与name所表示的结构体名称不冲突,可以省略struct关键字。
Union
union union_name[.member[,member]] [-o][-l offset][-rfu] [address | symbol]
[count | -c count]
显示联合体的具体内容,用法与struct一致。
*
它是一个快捷键,用来取代struct和union。
Struct page == *page
Struct page == *page
P
p [-x|-d][-u] expression
Print的缩写,打印表达式的值。表达式可以为变量,也可以为结构体。
通过命令alias可以查看命令缩写的列表。
Px expression == p –x expression 以十六进制显示expression的值
Pd expression == p –d expression 以十进制显示expression的值
不加参数的print,则根据set设置来显示打印信息。
Whatis
whatis [struct | union | typedef | symbol]
搜索数据或者类型的信息
参数可以是结构体的名称、联合体的名称、宏的名称或内核的符号。
Sym
sym [-l] | [-M] | [-m module] | [-p|-n] | [-q string] | [symbol | vaddr]
把一个标志符转换到它所对应的虚拟地址,或者把虚拟地址转换为它所对应的标志符。
Sym –l 列出所有的标志符及虚拟地址
Sym –M 列出模块标志符的集合
Sym –m module name 列表模块name的虚拟地址
Sym vaddr 显示虚拟地址addr所代表的标志
Sym symbol 显示symbol标志符所表示的虚拟地址
Sym –q string 搜索所有包含string的标志符及虚拟地址
Dis
dis [-r][-l][-u][-b [num]] [address | symbol | (expression)] [count]
disassemble的缩写。把一个命令或者函数分解成汇编代码。
Dis symbol
Dis –l symbol
Bt
bt [-a|-g|-r|-t|-T|-l|-e|-E|-f|-F|-o|-O] [-R ref] [-I ip] [-S sp] [pid | task]
跟踪堆栈的信息。
Bt 无参数则显示当前任务的堆栈信息
Bt –a 以任务为单位,显示每个任务的堆栈信息
Bt –t 显示当前任务的堆栈中所有的文本标识符
Bt –f 显示当前任务的所有堆栈数据,通过用来检查每个函数的参数传递
Dev
dev [-i | -p]
显示数据关联着的块设备分配,包括端口使用、内存使用及PCI设备数据
Dev –I 显示I/O端口使用情况
Dev –p 显示PCI设备数据
Files
files [-l | -d dentry] | [-R reference] [pid | taskp]
显示某任务的打开文件的信息
Files 显示当前任务下所有打开文件的信息
File –l 显示被服务器锁住的文件的信息
Irq
irq [[[index ...] | -u] | -d | -b]
显示中断编号的所有信息
Irq 不加参数,则显示所有的中断
Irq index 显示中断编号为index的所有信息
Irq –u 仅仅显示正在使用的中断
Foreach
foreach [[pid | taskp | name | [kernel | user]] ...] command [flag] [argument]
跟C#中的foreach类似,为多任务准备的。它根据参数指定的任务中去查找command相关的内容。任务可以用pid、taskp、name来指定。如果未指定,则搜索所有的任务。形如:
Foreach bash task 表示搜索任务bash中的task相关数据。
当command为{bt,vm,task,files,net,set,sig,vtop}时,显示的内容与命令中的命令类似,只是加了foreach则显示所有任务,而不是单条任务。形如:
Foreach files 显示所有任务打开的文件
Runq
无参数。显示每个CPU运行队列中的任务。
Alias
alias [alias] [command string]
创建给定的命令的别名,如果未指定参数,则显示创建好的别名列表。
Command string可以是带各种参数的命令。
Mount
mount [-f] [-i] [-n pid|task] [vfsmount|superblock|devname|dirname|inode]
显示挂载的相关信息
Mount 不加参数,则显示所有已挂载的文件系统
Mount –f 显示每个挂载文件系统中已经打开的文件
Mount –I 显示每个挂载文件系统中的dirty inodes
Search
search [-s start] [ -[kKV] | -u | -p ] [-e end | -l length] [-m mask] -[cwh] value ...
搜索在给定范围的用户、内核虚拟内存或者物理内存。如果不指定-l length或-e end,则搜索虚拟内存或者物理内存的结尾。内存地址以十六进制表示。
-u 如果未指定start,则从当前任务的用户内存搜索指定的value
-k 如果未指定start,则从当前任务的内核内存搜索指定的value
-p 如果未指定start,则从当前任务的物理内存搜索指定的value
-c 后面则指定要搜索的字符串,这个搜索中很有用。
Vm
vm [-p | -v | -m | [-R reference] | [-f vm_flags]] [pid | taskp] ...
显示任务的基本虚拟内存信息。
-p 显示虚拟内存及转换后的物理内存信息
Net
net [-a] [[-s | -S] [-R ref] [pid | taskp]] [-n addr]
显示各种网络相关的数据
-a 显示ARP cache
-s 显示指定任务的网络信息
-S 与-s相似,但是显示的信息更为详细
该命令与foreach配合使用,能加快定位的速度。
Vtop
vtop [-c [pid | taskp]] [-u|-k] address ...
显示用户或内核虚拟内存所对应的物理内存。其中-u和-k分别表示用户空间和内核空间。
Ptov
ptov address ...
该命令与vtop相反。把物理内存转换成虚拟内存。
Btop
btop address ...
把一个十六进制表示的地址转换成它的分页号。
Ptob
ptob page_number ...
该命令与btop相反,是把一个分页号转换成地址。
Sig
sig [[-l] | [-s sigset]] | [-g] [pid | taskp] ...
显示一个或者多个任务的signal-handling数据
-l 列出信息的编号及名字
-g 显示指定任务线程组中所有的signal-handling数据
Waitq
waitq [ symbol ] | [ struct.member struct_addr ] | [ address ]
列出在等待队列中的所有任务。参数可以指定队列的名称、内存地址等。
Pte
pte contents ...
把一个十六进制表示的页表项转换为物理页地址和页的位设置
Swap
无参数。显示已经配置好的交换设备的信息。
Wr
wr [-u|-k|-p] [-8|-16|-32|-64] [address|symbol] value
根据参数指定的写内存。在定位系统出错的地方时,一般不使用该命令。
Eval
eval [-b][-l] (expression) | value
计算表达式的值,及把计算结果或者值显示为16、10、8和2进制。表达式可以有运算符,包括加减乘除移位等。
-b 统计2进制位数为1的索引编号。
List
list [[-o] offset] [-e end] [-s struct[.member[,member]]] [-H] start
显示链表的内容
Mach
mach [-cm]
显示机器的一些信息,如CPU主频等。
-c 显示每个CPU的结构体信息
-m 显示物理内存每段的映射
Log
log [-m]
显示内核的日志,以时间的先后顺序排列
-m 在每个消息前添加该消息的日志等级
Sys
sys [-c [name|number]] config
显示特殊系统的数据。不指定参数,则显示crash启动时打印的系统数据。
-c [name|number] 如果不指定参数,则显示所有的系统调用。否则搜索指定的系统调用。
Config 显示内核的配置。不过必须把CONFIG_IKCONFIG编进内核
Rd
rd [-dDsSupxmf][-8|-16|-32|-64][-o offs][-e addr] [address|symbol] [count]
显示指定内存的内容。缺少的输出格式是十六进制输出
-d 以十进制方式输出
-D 以十进制无符号输出
-8 只输出最后8位
-16 只输出最后16位
-32 只输出最后32位
-64 只输出最后64位
-o offs 开始地址的偏移量
-e addr 显示内存,直到到过地址addr为止
Address 开始的内存地址,以十六进制表示
Symbol 开始地址的标识符
Count 按多少位显示内存地址。如addr=1234,count=8,则显示34 12
Task
task [-R member[,member]] [pid | taskp] ...
显示指定内容或者进程的task_struct的内容。不指定参数则显示当前内容的task_struct的内容。
Pid 进程的pid
Taskp 十六进制表示的task_struct指针。
-R member
Extend
extend [shared-object ...] | [-u [shared-object ...]]
动态装载或卸载crash额外的动态链接库。
Repeat
repeat [-seconds] command
每隔seconds重复一次命令command,无限期的执行下去。
Timer
无参数。按时间的先后顺序显示定时器队列的数据。
Gdb
gdb command ...
用GDB执行命令command。View Code
PS:
顺便把 公司以前的内核 段错误给改了
<1>[217758.819517] BUG: unable to handle kernel NULL pointer dereference at
0000000000000068
<1>[217758.819533] IP: [<ffffffff81547714>] ip6_dst_lookup_tail+0x34/0xb5
<4>[217758.819552] PGD 11a74d067 PUD 11aae6067 PMD 0
<0>[217758.819564] Oops: 0000 [#1] SMP
<0>[217758.819572] last sysfs file: /sys/devices/system/cpu/online
<4>[217758.819581] CPU 1
<4>[217758.819585] Modules linked in: ixgbe igb virtio_net e1000 e1000e
<4>[217758.819604]
<4>[217758.819612] Pid: 14975, comm: python Not tainted
2.6.39-gentoo-r3-wafg2-33331 #18 NSFocus 1U/1U
<4>[217758.819625] RIP: 0010:[<ffffffff81547714>] [<ffffffff81547714>]
ip6_dst_lookup_tail+0x34/0xb5
<4>[217758.819642] RSP: 0000:ffff88013fc837c0 EFLAGS: 00010206
<4>[217758.819649] RAX: 0000000000000000 RBX: ffff88013fc83808 RCX:
0000000000000009
<4>[217758.819657] RDX: ffff880139e5c000 RSI: 0000000000000000 RDI:
ffffffff81553364
<4>[217758.819665] RBP: ffff88013fc837f0 R08: 0000000000000000 R09:
ffffffff8198f998
<4>[217758.819673] R10: 00000000af99f324 R11: 00000000ff000002 R12:
ffffffff81b05040
<4>[217758.819682] R13: ffff88013fc83860 R14: ffff88013a781d00 R15:
ffff88013fc83910
<4>[217758.819692] FS: 00007ffd377ae700(0000) GS:ffff88013fc80000(0000)
knlGS:0000000000000000
<4>[217758.819701] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[217758.819709] CR2: 0000000000000068 CR3: 000000010ee9d000 CR4:
00000000000006e0
<4>[217758.819718] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
<4>[217758.819726] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
<4>[217758.819736] Process python (pid: 14975, threadinfo ffff8800a94d6000,
task ffff8800b2abf7f0)
<0>[217758.819743] Stack:
<4>[217758.819749] ffff880100000000 000000148103c71e ffff88013fc83860
ffff88013a781d00
<4>[217758.819764] 0000000000000000 ffff8800b287e800 ffff88013fc83830
ffffffff815478dc
<4>[217758.819779] 0000000000000286 0000000000000000 ffff88013a781d00
正好是 偏移0x68 对应error
http代理服务器(3-4-7层代理)-网络事件库公共组件、内核kernel驱动 摄像头驱动 tcpip网络协议栈、netfilter、bridge 好像看过!!!!
但行好事 莫问前程
--身高体重180的胖子
